[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openldap-technical
Subject:    Re: Advice regarding ldap (building my tree)
From:       Dan White <dwhite () olp ! net>
Date:       2012-09-28 18:34:45
Message-ID: 20120928183445.GD6059 () dan ! olp ! net
[Download RAW message or body]


On 09/28/12  18:40  +0100, Mik J wrote:
>Hello,
>
>I'm setting up my openldap server and I would like an advice from experimented users.
>
>My domain is dc=mycompany,dc=org
>
>
>My company will have:
>- employees
>- clients
>- partners
>
>How should I organise my tree ? for example ?
>o=MyCompany, dc=mycompany,dc=org
>o=Client1, dc=mycompany,dc=org
>o=Client2, dc=mycompany,dc=org
>o=Partner1, dc=mycompany,dc=org
>
>Or can I group clients ?
>o=Client1, ??=Clients, dc=mycompany,dc=org
>o=Client2, ??=Clients, dc=mycompany,dc=org
>What would be "??" if I want to make a group called Clients ?
>
>Or my approach is not good ?
>If someone has advices (or links that describe a real life case) I'll be more than happy to read them.

I personally prefer breaking up my DIT by function, rather than by
company organization, e.g.:

uid=user1(a)companydomain1,ou=people,dc=mycompany,dc=org
uid=userx(a)companydomain2,ou=people,dc=mycompany,dc=org
cn=mygroup,ou=groups,dc=mycompany,dc=org
cn=myalias,ou=aliases,dc=mycompany,dc=org

Then, if I need to restrict an ldap search to one or more organizations, I
do so by placing an identifying attribute within the user's entry, and find
them with a filter.

Filters are generally a more flexible way to organize your users than
a base.

-- 
Dan White



[prev in list] [next in list] [prev in thread] [next in thread]