[prev in list] [next in list] [prev in thread] [next in thread]
List: openldap-technical
Subject: Re: Advice regarding ldap (building my tree)
From: Dan White <dwhite () olp ! net>
Date: 2012-09-28 18:34:45
Message-ID: 20120928183445.GD6059 () dan ! olp ! net
[Download RAW message or body]
On 09/28/12 18:40 +0100, Mik J wrote:
>Hello,
>
>I'm setting up my openldap server and I would like an advice from experimented users.
>
>My domain is dc=mycompany,dc=org
>
>
>My company will have:
>- employees
>- clients
>- partners
>
>How should I organise my tree ? for example ?
>o=MyCompany, dc=mycompany,dc=org
>o=Client1, dc=mycompany,dc=org
>o=Client2, dc=mycompany,dc=org
>o=Partner1, dc=mycompany,dc=org
>
>Or can I group clients ?
>o=Client1, ??=Clients, dc=mycompany,dc=org
>o=Client2, ??=Clients, dc=mycompany,dc=org
>What would be "??" if I want to make a group called Clients ?
>
>Or my approach is not good ?
>If someone has advices (or links that describe a real life case) I'll be more than happy to read them.
I personally prefer breaking up my DIT by function, rather than by
company organization, e.g.:
uid=user1(a)companydomain1,ou=people,dc=mycompany,dc=org
uid=userx(a)companydomain2,ou=people,dc=mycompany,dc=org
cn=mygroup,ou=groups,dc=mycompany,dc=org
cn=myalias,ou=aliases,dc=mycompany,dc=org
Then, if I need to restrict an ldap search to one or more organizations, I
do so by placing an identifying attribute within the user's entry, and find
them with a filter.
Filters are generally a more flexible way to organize your users than
a base.
--
Dan White
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic