Re: scenarios for Directory Synchronization

[Alan Wong <wong@vancouver.osiware.bc.ca>]

I have just tuned into this thread. Does any one have the complete
thread they could forward to me? 

Thanks

Lawrence C. Hutson, Consultant
HCI International                  

In message <950615121237.20206c9a@hss.hns.com> you write:
>Hi,
>
>>|   >Obviously, if a user has more that one e-mail accounts then he/she will
>>|   >be represented twice in the global directory. 
>>|
>> No, this is not obvious, and certainly undesirable.  In a global
>> context, I want to be able to find a single entry for a user in a
>> directory, and send mail to them.  I do not want to be faced with two
>> entries with similar names and have to choose.  What criteria could I
>> as a remote user base that judgement on?
>> 
>> In simple synchronisation scenarios, having two email accounts does
>> lead to two entries in the DIT.  This is because the DIT structure is
>> force by the LAN and post office distribution.  
>> 
>> In most organisations this leads to a false DIT structure that does
>> not really represent the organisation in the way they want to be
>> seen.  
>> 
>> With more complex synchronisation management tools it is possible to
>> overlay details of the two accounts into one entry.  This means you
>> decide in advance how you want your DIT to look from an organisational
>> perspective. The synchronisation tools can then overlay the LAN
>> details onto the DIT defined, deciding on a per user basis, which one
>> email address to publish, or both.  This allows both LAN systems to be
>> represented, but joint users to only be visible once.
>> 
>> This is certainly the way I've approached synchronisation in the
>> systems I've been involved in.  Decide the DIT structure first, map the
>> data onto it second.  This also facilitates easier integration with
>> non-LAN systems such as telephone numbers for personnel databases.
>
>Certainly, DIT structure will be decided first and data mapping happens
>onto it. I feel that we are only discussing on the approach for data 
>mapping. Also, DIT structure will be (rather should be) of /C/O/OU/CN type
>PLUS some more structures involving Locality. 
>
>Regarding data mapping, I proposed "Rule Based Mapping" for most of the
>E-mail users who have, only, one account as a normal case (of course,
>without notice of users with two e-mail account, two DNs will be 
>generated). For Two email account users, There can be exception 
>handling i.e. "Treating them seperately" on a case to case basis. 
>Such accounts can become part of exception handling by NOT 
>Synchronising them through normal synchronisation mechanism. 
>This will require LESS administration overheads for maintaining
>Directory. In this scheme, same DN mapping with two mail boxes is done as
>exception handling. Certainly, in this scheme, a lot of pressure comes on
>defining "Rules". We need to be very flexible and friendly mechanisms
>of defining "Rules". This is a major challenge. However, solutions are 
>available.
>
>I feel that, in synchronisation mechanisms having same DN mapping for
>two different mail boxes, administration overheads will be high. In this
>case, DNs are administered by an administrator for every e-mail user !!!!
>Also, Is this a normal scenario ????
>
>Thanks and regards,
>
>Praveen
>