[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ldap
Subject:    [ldap] On DIT layout planning
From:       Maykel Moya <moya () infomed ! sld ! cu>
Date:       2005-10-06 1:18:30
Message-ID: 20051006011830.GB10063 () julia ! sld ! cu
[Download RAW message or body]

Don't know is this is On-Topic...

We are close to migrate the mail system I maintain to LDAP. The user
info is currently in a big /etc/passwd.

I've created class 'sldPerson' (structural) to get the main data for
every user of our services. Then I've created other auxiliary classes
for those having other services, for example: virtualMailAccount and
radiusAccount.

I plan to use uid=foo as RDN, every user under dc=my,dc=domain,dc=com
but noted that uid for RDN will reduce my namespace. So I decide to
use mail as RDN, that even adapts to adding other hosted virtual mail
domains.

The problem with mail is that it forces me to have a mail attribute,
and not every sldPerson should have a mail. sldPerson just add a 
little stuff to InetOrgPerson. Now, I'm thinking on use cn as RDN. I
asked some days ago about having cn as RDN, they said it's a common
practice.

Well, the problem with cn is normalization. Lusers that put a 'e'
instead of 'é' will suffer. Besides, people are normally adapted to
type in a login instead of a complete name. Don't know how to solve
this.

In the other hand, I'd like to have accounts of network/system
administrators in the DIT. I'm thinking to have a separate OU for
this, and use posixAccount/posixGroup for accounts. In this OU thoung
a uid as RDN is mandatory.

Well, I hear for comments, criticizes, advices, hints, tips or even a
referral to the correct list.

Regards,
maykel

---
You are currently subscribed to ldap@umich.edu as: [ldap@progressive-comp.com]
To unsubscribe send email to ldap-request@umich.edu with the word UNSUBSCRIBE as the \
SUBJECT of the message.


[prev in list] [next in list] [prev in thread] [next in thread]