Grouper Users - Open Discussion List

At 5:31 PM -0600 2/27/07, Tom Barton wrote:
> That seems like a consistent set of settings. But would you rather 
> use brownBRUID as the subject Id? Making an assumption here, but is 
> it a persistent & non-reassignable & non-revocable identifier? That 
> seems perfect as a subject Id - no need to reflect changes in 
> subject Id into membership & privilege lists; membership can be 
> managed even if there's no username assigned to the subject.
>
>
> > searchSubjectByIdentifier filter = brownBRUID (a unique persistent 
> > value assigned to every member of the brown community -- is this a 
> > good choice ? )
>
> I'd consider switching your use of uid and brownBRUID. The later as 
> subject Id, the former as (one of) the identifying attributes 
> searched to identify a subject.

brownBRUID has always been a persistent & non-reassignable & 
non-revocable identifier (and opaque); uid is now (as of a year ago) 
also non-reassignable (altho I believe I can go to the accounts 
office and ask to change my uid value).

I've got to admit, tho, that I'm still not clear about the desired 
properties of searchSubject and searchSubjectByIdentifier ....  how 
does one choose which ldap attributes to use for each of them? Do 
browser users ever see either one? or are they always internal?