I’ve just started to install my purchased copy of your product and so have just started to look at the NDS intergration. First off, thanks for providing some as many venders do not bother, but the use of See Also is a strange solution as it does not follow any standard methods.
I can see why your developers used this solution and the fixed named ‘Org Role’ object as they remove the need for the Formativ software having its own controlling ‘root’ object in the tree, instead things are infered from the user object.
It maybe better for Formativ to have its own master object that is linked to the GW domain/Post office objects so that it can be found by checking which post office a user is defined in. Once you have found the Formativ object you can then use it to discover who have admin rights etc, without needing the Org role object.
It would also be nice to see the Configuration Object being removed and a user being allowed access to many applet containers directly. At the moment the Configuration Object just seem to be a weak access control point that can be replaced with standard access rights checking – once Formativ had its own control object that lists all the
Applet collections available to it.
As I noted before what you have supplied is still better than most venders so thanks.