On Jan 7, 2007, at 3:59 PM, TomLy wrote:
I'll ask the FDS person we were working with if this is doable. This
wasn't truly implemented in the db schema as it appears there could
only
be one prerequisite. This was set to the cla_done group in almost
every
case (except sysadmin).
In this case, adding attributes to the person's shema isn't the
solution
(as I was thinking previously). This is because it would require a
software layer to check the attribute. One of my thoughts on the new
account system is to have LDAP handle as much as possible to avoid
having to wright a software layer to wrap it.
Well, realistically speaking, it is a little bit of a pain to
implement checking this constraint even in SQL, and I imagine LDAP
just can't do it. I don't see a huge need to be worried about
implementing the constraint in a software layer, because only the
part of the system that adds people to groups will need to worry
about it. It is not as if this is something that absolutely every
directory client will need to do, just something that will need to go
into the administration codebase.
(This is assuming, of course that you choose to implement it the same
way it is implemented in the old account system. I can think of other
ways that /would/ require each and every client to pay attention to
it unless there was LDAP support...)
Best,
-- Elliot
