ldap objectclass with "contact type" attribute

Question

Trying to do something with OpenLDAP that should be very simple, just can't seem to find a clear answer. I need to be able to organize any person's contact attributes according to their "type". For example, email would be type 6. So, if I wanted to send an email to all members of my OU, I would choose those that have a type 6 address.

since LDAP attributes are a name, value pair, I don't see how to assign an additional property to a contact address, yet it seems like a common enough problem. Any suggestions?

Answer 1

Attributes in the directory server model are indeed name [optional option] value constructs. To accomplish the task you describe, you could assign another attribute to the entry. RFC2798 defines the employeeType (link) attribute type with a syntax of DirectoryString and an equality matching rule of caseIgnoreMatch. Perhaps this attribute could be used for your purposes. If you assigned the attribute like:

employeeType: type 6

the LDAP client would then find all those employees with a filter like

(&(employeeType=type 6)(objectClass=inetOrgPerson)).

If you had concerns about the matching being caseIgnoreMatch you could specify that the server use caseExactMatch by using an extensible match filter like:

(&(employeeType:caseExactMatch:=type 6)(objectClass=inetOrgPerson))

employeeType is multi-valued, therefore, employees could have more than one employeeType. Any value that is a valid DirectoryString could be assigned to employeeType.