Re: Schema design question

[Adam Williams <awilliam@whitemice.org>]

This is a question for the general LDAP list, not the this one (which is 
specific to issues pertaining to OpenLDAP).

>I am trying to setup the LDAP Server for my company. I would like to have
>following feature:
>  1.. Unix Authentication (NIS PAM)

NIS or PAM?

>  2.. Windows Domain Authentication (Samba)
>  3.. E-Mail (SMTP/POP)
>  4.. Address book
>  5.. Web site Authentication
>  6.. CVS Authentication

We do all that except #6.  You won't need to create any schema,  just the 
data.  Schema exists for all the above.  We use CVS, but the stock CVS 
server doesn't seem to support anything but the stupid password file.

>I was able to install and create initial schema using openldap software.
>Now I want to design the schema for above feature, I looked at following
>documentation
>http://www.tldp.org/HOWTO/LDAP-Implementation-HOWTO/files.html
>This is somewhat old update 2001-03-30. Is updated version of this
>documentation available?

Beats me.

My advice and experience is at -
ftp://ftp.kalamazoolinux.org/pub/pdf/ldapv3.pdf

>By looking at this document I was confused on OU object. Here is my
>question.
>Why do we need to define the different OU object for each application like
>Address book, Users, Email? What is the advantage over this?

Organization.  You could create one awful and entirely flat LDAP data 
store.  Locating anything would get to be a pain with thousands of objects 
of various types at the same level.

>I would like to have the single password for each user.

Ok.

>I would like to have some advice form the experience users

I think I'm experienced.  Specific questions should be asked on the 
general LDAP list.