3642
Comment:
|
4619
|
Deletions are marked like this. | Additions are marked like this. |
Line 14: | Line 14: |
= Schema File = | |
Line 36: | Line 37: |
# should probably be unique | # should probably not be unique, collisions not impossible # multiple values allowed? not sure |
Line 40: | Line 42: |
# probably optional because we have a bunch of accounts that don't have this information | |
Line 45: | Line 48: |
SINGLE-VALUE | |
Line 49: | Line 53: |
# probably mandatory, can be set to a generic value | |
Line 54: | Line 59: |
SINGLE-VALUE | |
Line 58: | Line 64: |
# probably mandatory, defaults to False | |
Line 62: | Line 69: |
SINGLE-VALUE | |
Line 66: | Line 74: |
# Gender # XXX Do we really want to collect this? # Student number |
# Student number / UWA Person ID attributetype (uccMemberAttribute:4 NAME 'uccUWAPersonID' DESC 'UWA Person ID (student/staff number)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{8} # 8 digit NumericString UNIQUE ) |
Line 71: | Line 81: |
# probably unique | # probably enforce unique values # probably allow multiple values e.g. staff number and student number |
Line 75: | Line 86: |
attributetype (uccMemberAttribute:5 NAME 'uccGuildMember' DESC 'UWA Guild of Undergraduates Financial Member' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 # boolean EQUALITY booleanMatch SINGLE-VALUE ) |
|
Line 82: | Line 99: |
MUST (uccAccountRenewed $ uccLifeMember) # if this is a structural class, the MUST attributes need to be calculated at object creation time - cpu-ldap can do this for us in ucc-adduser MAY (uccMemberTLA $ uccAccountCreated) |
MUST (uccAccountRenewed $ uccLifeMember) # if this is a structural class, the MUST attributes need to be calculated at object creation time - cpu-ldap can do this for us in ucc-adduser, needs some testing before deployment MAY (uccMemberTLA $ uccAccountCreated $ uccUWAPersonID $ uccGuildMember ) |
Line 85: | Line 102: |
# Gender # XXX Do we really want to collect this? # probably optional |
|
Line 92: | Line 113: |
== Comments == Put your comments here. [DAA] |
It probably makes more sense to store member information in our LDAP directory rather than in some crappy SQL ORM thing (see: memberdb).
To do this, we need a structured schema to allow us to store the information we want. The current LDAP schema already uses the inetOrgPerson and posixAccount classes, and these provide a useful base (name, email address, account name). We can use these classes to store some of the data we are interested in (such as homePostalAddress, birthday, and rfc822Mailbox), but some of the other data requires us to define our own classes.
LDAP already contains some custom UCC classes for Dispense - MIFARE attributes are stored in a uccDispenseAccount objectClass (not shown below, see /services/ldap/ucc.schema)
When designing a schema, it is important to consider:
- attribute type
- search indexes
- security/ACLs
Only the attribute type is set in the schema; the others are defined in slapd.conf.
Schema File
# UCC's LDAP OID is 1.3.6.1.4.8324.3.2.1.1 objectIdentifier uccLDAP 1.3.6.1.4.8324.3.2.1.1 # LDAP attributes are in 8324.3.2.1.1.1 objectIdentifier uccAttributeType uccLDAP:1 objectIdentifier uccMemberAttribute uccAttributeType:2 # LDAP objectTypes are in 8324.3.2.1.1.2 objectIdentifier uccObjectType uccLDAP:2 #### # UCC member attributes # UCC TLA # maximum length of 6 attributetype (uccMemberAttribute:1 NAME 'uccMemberTLA' DESC 'UCC member three-letter acronym' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{6} # DirectoryString (unicode) - THIS HAS CHANGED AND WILL REQUIRE A DATABASE REBUILD BEFORE IMPLEMENTATION ) # should probably not be unique, collisions not impossible # multiple values allowed? not sure # ACL: writeable by committee, readable by all # Date account created - datetime # probably optional because we have a bunch of accounts that don't have this information attributetype (uccMemberAttribute:2 NAME 'uccAccountCreated' DESC 'Date of UCC account creation' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 # generalizedTime EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SINGLE-VALUE ) # ACL: writeable by wheel, readable to user and committee # Date account last renewed - datetime # probably mandatory, can be set to a generic value attributetype (uccMemberAttribute:2 NAME 'uccAccountRenewed' DESC 'Date UCC account last renewed' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 # generalizedTime EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SINGLE-VALUE ) # ACL: writeable by wheel and committee, readable to user # Life membership status - boolean # probably mandatory, defaults to False attributetype (uccMemberAttribute:3 NAME 'uccLifeMember' DESC 'UCC life membership status' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 # boolean EQUALITY booleanMatch SINGLE-VALUE ) # ACL: writeable by committee, readable to all? or just wheel/committee/user? # indexes: exact match # Student number / UWA Person ID attributetype (uccMemberAttribute:4 NAME 'uccUWAPersonID' DESC 'UWA Person ID (student/staff number)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{8} # 8 digit NumericString UNIQUE ) # ACL: writeable by user, perhaps with some restrictions, readable to committee # probably enforce unique values # probably allow multiple values e.g. staff number and student number # indexes: exact match # Guild member attributetype (uccMemberAttribute:5 NAME 'uccGuildMember' DESC 'UWA Guild of Undergraduates Financial Member' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 # boolean EQUALITY booleanMatch SINGLE-VALUE ) # ACL: writeable by user, perhaps with some restrictions, readable to committee # indexes: exact match # UCC member object objectlass ( uccObjectType:2 NAME 'uccMember' DESC 'UCC member' AUXILIARY # or possibly STRUCTURAL and subclass inetOrgPerson? MUST (uccAccountRenewed $ uccLifeMember) # if this is a structural class, the MUST attributes need to be calculated at object creation time - cpu-ldap can do this for us in ucc-adduser, needs some testing before deployment MAY (uccMemberTLA $ uccAccountCreated $ uccUWAPersonID $ uccGuildMember ) ) # Gender # XXX Do we really want to collect this? # probably optional # inetOrgPerson contains the following fields: # birthday: date of birth # homePostalAddress: semester address # rfc822Mailbox: alternate email address
Comments
Put your comments here. [DAA]