> In our schema we need to have users who will belong to > multiple groups. These groups are independent groups and do > not have any parent child relationship. So while defining the > ObjectClass for my user i have two options: > > 1) Have an attribute called - isMemberOf and make it of type > distinguishedName. This will be a list of all groups to which > a user belongs. > > 2) Have a multivalued attribute - groupName. > > which option makes more sense. Assume the functionalities > that i need to support are: > 1) Search all users belonging to a group > 2) edit a user to add/remove a group from profile > 3) Delete all the users belonging to a group That's really totally up to you, and what makes sense for you and the apps your LDAP server needs to support. Either way has pros and cons, and you'll need to weigh those and figure out which one works best in your particular situation.
