|
⇤ ← Revision 1 as of 2010-09-25 02:53:02
Size: 3393
Comment:
|
Size: 3642
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 34: | Line 34: |
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{6} | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{6} # DirectoryString (unicode) - THIS HAS CHANGED AND WILL REQUIRE A DATABASE REBUILD BEFORE IMPLEMENTATION |
| Line 82: | Line 82: |
| MUST (uccAccountRenewed $ uccLifeMember) | MUST (uccAccountRenewed $ uccLifeMember) # if this is a structural class, the MUST attributes need to be calculated at object creation time - cpu-ldap can do this for us in ucc-adduser |
It probably makes more sense to store member information in our LDAP directory rather than in some crappy SQL ORM thing (see: memberdb).
To do this, we need a structured schema to allow us to store the information we want. The current LDAP schema already uses the inetOrgPerson and posixAccount classes, and these provide a useful base (name, email address, account name). We can use these classes to store some of the data we are interested in (such as homePostalAddress, birthday, and rfc822Mailbox), but some of the other data requires us to define our own classes.
LDAP already contains some custom UCC classes for Dispense - MIFARE attributes are stored in a uccDispenseAccount objectClass (not shown below, see /services/ldap/ucc.schema)
When designing a schema, it is important to consider:
- attribute type
- search indexes
- security/ACLs
Only the attribute type is set in the schema; the others are defined in slapd.conf.
# UCC's LDAP OID is 1.3.6.1.4.8324.3.2.1.1
objectIdentifier uccLDAP 1.3.6.1.4.8324.3.2.1.1
# LDAP attributes are in 8324.3.2.1.1.1
objectIdentifier uccAttributeType uccLDAP:1
objectIdentifier uccMemberAttribute uccAttributeType:2
# LDAP objectTypes are in 8324.3.2.1.1.2
objectIdentifier uccObjectType uccLDAP:2
####
# UCC member attributes
# UCC TLA
# maximum length of 6
attributetype (uccMemberAttribute:1 NAME 'uccMemberTLA'
DESC 'UCC member three-letter acronym'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{6} # DirectoryString (unicode) - THIS HAS CHANGED AND WILL REQUIRE A DATABASE REBUILD BEFORE IMPLEMENTATION
)
# should probably be unique
# ACL: writeable by committee, readable by all
# Date account created - datetime
attributetype (uccMemberAttribute:2 NAME 'uccAccountCreated'
DESC 'Date of UCC account creation'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 # generalizedTime
EQUALITY generalizedTimeMatch
ORDERING generalizedTimeOrderingMatch
)
# ACL: writeable by wheel, readable to user and committee
# Date account last renewed - datetime
attributetype (uccMemberAttribute:2 NAME 'uccAccountRenewed'
DESC 'Date UCC account last renewed'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 # generalizedTime
EQUALITY generalizedTimeMatch
ORDERING generalizedTimeOrderingMatch
)
# ACL: writeable by wheel and committee, readable to user
# Life membership status - boolean
attributetype (uccMemberAttribute:3 NAME 'uccLifeMember'
DESC 'UCC life membership status'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 # boolean
EQUALITY booleanMatch
)
# ACL: writeable by committee, readable to all? or just wheel/committee/user?
# indexes: exact match
# Gender
# XXX Do we really want to collect this?
# Student number
# ACL: writeable by user, perhaps with some restrictions, readable to committee
# probably unique
# indexes: exact match
# Guild member
# ACL: writeable by user, perhaps with some restrictions, readable to committee
# indexes: exact match
# UCC member object
objectlass ( uccObjectType:2 NAME 'uccMember'
DESC 'UCC member'
AUXILIARY # or possibly STRUCTURAL and subclass inetOrgPerson?
MUST (uccAccountRenewed $ uccLifeMember) # if this is a structural class, the MUST attributes need to be calculated at object creation time - cpu-ldap can do this for us in ucc-adduser
MAY (uccMemberTLA $ uccAccountCreated)
)
# inetOrgPerson contains the following fields:
# birthday: date of birth
# homePostalAddress: semester address
# rfc822Mailbox: alternate email address