[imp] LDAP poll

[Dave Caplinger]

---------------------- multipart/mixed attachment
John Morrissey wrote:

> Personally, I set up all the LDAP trees I manage in this way. However, I've
> encountered a bunch of installations where DNs are in the form cn=Full
> Name,$rootdn or the like.
>
> Also (correct me if I'm wrong), if you generate a DN in the code without
> first performing a search, you're assuming that all users are directly under
> a particular root DN; I would imagine that some organizations break users
> off into different subtrees for logical and/or organizational purposes. For
> example: uid=user1,ou=Engineering,o=BigCorp,c=US and
> uid=user2,ou=Marketing,o=BigCorp,c=US. user1 and user2 are still in the same
> namespace, but for whatever reason, they're split into two separate OUs.

I'll chip in agreement to the first point (i.e. you can't guarantee that
"uid=whatever" is how entries are identified), but as for the second one,
isn't this solved by specifying the more general search base DN (in your
example, use "o=BigCorp,c=US" rather than limiting it to "ou=Engineering"
or some other OU subtree?

- Dave

---------------------- multipart/mixed attachment--