Re: scenarios for Directory Synchronization

[Alan Wong <wong@vancouver.osiware.bc.ca>]

Hi,

>|   >Obviously, if a user has more that one e-mail accounts then he/she will
>|   >be represented twice in the global directory. 
>|
> No, this is not obvious, and certainly undesirable.  In a global
> context, I want to be able to find a single entry for a user in a
> directory, and send mail to them.  I do not want to be faced with two
> entries with similar names and have to choose.  What criteria could I
> as a remote user base that judgement on?
> 
> In simple synchronisation scenarios, having two email accounts does
> lead to two entries in the DIT.  This is because the DIT structure is
> force by the LAN and post office distribution.  
> 
> In most organisations this leads to a false DIT structure that does
> not really represent the organisation in the way they want to be
> seen.  
> 
> With more complex synchronisation management tools it is possible to
> overlay details of the two accounts into one entry.  This means you
> decide in advance how you want your DIT to look from an organisational
> perspective. The synchronisation tools can then overlay the LAN
> details onto the DIT defined, deciding on a per user basis, which one
> email address to publish, or both.  This allows both LAN systems to be
> represented, but joint users to only be visible once.
> 
> This is certainly the way I've approached synchronisation in the
> systems I've been involved in.  Decide the DIT structure first, map the
> data onto it second.  This also facilitates easier integration with
> non-LAN systems such as telephone numbers for personnel databases.

Certainly, DIT structure will be decided first and data mapping happens
onto it. I feel that we are only discussing on the approach for data 
mapping. Also, DIT structure will be (rather should be) of /C/O/OU/CN type
PLUS some more structures involving Locality. 

Regarding data mapping, I proposed "Rule Based Mapping" for most of the
E-mail users who have, only, one account as a normal case (of course,
without notice of users with two e-mail account, two DNs will be 
generated). For Two email account users, There can be exception 
handling i.e. "Treating them seperately" on a case to case basis. 
Such accounts can become part of exception handling by NOT 
Synchronising them through normal synchronisation mechanism. 
This will require LESS administration overheads for maintaining
Directory. In this scheme, same DN mapping with two mail boxes is done as
exception handling. Certainly, in this scheme, a lot of pressure comes on
defining "Rules". We need to be very flexible and friendly mechanisms
of defining "Rules". This is a major challenge. However, solutions are 
available.

I feel that, in synchronisation mechanisms having same DN mapping for
two different mail boxes, administration overheads will be high. In this
case, DNs are administered by an administrator for every e-mail user !!!!
Also, Is this a normal scenario ????

Thanks and regards,

Praveen