One of the more powerful aspects of eDirectory is its support for context. Because of this, multiple parts of an organization (geographic sites, departments, similar groups) can have a similar structure but be separate.
An example of this is a set of schools, where each school is an OU and each OU contains separate groups for Staff, Students, and Teachers with each group have a set of rights and associations within that site. This works well for uniformity across a range of applications such as web filters, ZENworks rights, NSS folders, etc.
The Filr / Vibe LDAP synchronization code currently takes a lowest-common-denominator approach whereby each short name (CN, etc.) can only exist once and conflicts cause problems. I would like for LDAP sync and the user / group model to support the same complexity as eDirectory and allow for duplicates and the graceful handling thereof.
by: Johnnie O. | over a year ago | Administration
Comments
Same here. Example:
We just spent several days trying to figure out why an eDir group wasn't importing via LDAP sync in Filr. Turns out (BTW, the Filr GUI would show no errors when doing the sync) it's because there was a userid with the same name as the group.
I realize that AD has this limitation but eDir does not. Since only users can authenticate (you cannot login as a group object AFAIK), and since eDir has GUIDs for each object, there's really no reason that Filr shouldn't be able to handle this.