afs pts schema?

[Russ Allbery]

Marcus Watts <mdw@umich.edu> writes:

> 	Openldap tracks groups in groups by DN, so changing names
> 		is *real* painful.

The standard solution to this problem for any sort of directory-like
system is to just not use the user-visible name as a DN.  In general,
that's a good idea for a whole bunch of reasons; the properties that users
want in names quite frequently conflict with the properties of a system
unique identifier.

We use machine-generated unique IDs for DNs in our directory of people.
PTS already does something similar by using negative numbers for group
identifiers.

LDAP is good at being able to search and retrieve by things that aren't
the unique identifiers.

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>