search

MI-OSiRIS / aa_services

A repository for all OSiRIS User Level AuthN/AuthZ Services
Apache License 2.0
2 stars 1 forks source link

Figure out the ontological order of ldap entities... #12

Open mgregoro opened 7 years ago

mgregoro commented 7 years ago

ous need to exist first, and must be manually populated.

Other manually populated entries include eduOrgs which need to exist before osirisEduOrganizations.

At least one osirisOrganization will need to exist, we could call it Administrators or something, or maybe create an orphan organization in case we really want to onboard people outside of COmanage, and don't know quite where to put them yet.

I will add to this ticket as I discover more limitations imposed by the schema, but some tweaks may have to be made. It's important that this be constructively constrictive. Every limit must have a reason. Data without a good schema gets ugly fast, but strict schemas hold back progress.

mgregoro commented 7 years ago

LDAP Hierarchy

oaa_ldap_hierarchy

Note: while these OUs definitely need to be created first, it does not indicate which objects need to be stored in those OUs and in what order to create a given entity.