Re: Five fundamental questions from a newbie

[Salvador Salanova Fortmann <salvador.salanova@pas.udg.es>]

Hello,

I am working on a very similar subject so I will try to answer these
questions.

> For a small university faculty I am testing OpenLDAP as central
> directory for UNIX accounts, e-mail-aliases, web authentication
> and so on, 

So do I


> 1) The Right dn
> 

I think the right DN is the one which serves your purposes.
In our case we use a dn like this:
dn: dn=x ,ou=department, ou=z , ou=accounts , o=my university

where uid, is a id which is not related to any personal information (not
number , ssn , mail addres , etc) because these can change over time or
error prone on copy (what hapens if the clerck misspells your name and
the you create an email account with that misspelled name ?). So when a
new teacher, student or staff becomes a memeber then he gets a number
which we use as uid, so my uid would be uid=a12345467
 the precedent "a" is for making unix and other OS happy.

In ou=z , z is one of student, teacher, staff.

Personal Information is kept in another subtree like:
dn=x , ou=people , o=my university

The account entry has an attribute which points to the entry which keeps
the personal information.

So we can easily edit personal information, and these entries are very
unlikely to be moved. And people can have multiple accounts which can
easily be added, moved, etc.

> Thanks a lot!
> 
> Marian


Hope this helps you.

Salvador Salanova Fortmann