[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
OU Structure
Hi,
I am designing the layout of a LDAP directory and have
been looking through the various howtos for samba, nss
etc.
I was planning to have a hierarchical structure for
the OU's in my directory to allow certain user
accounts to be managed by technicians whilst other
more important accounts to be only manageable by the
sysadmin.
I was planning to have all the users in the
organisation within different OU's below ou=People eg:
ou=People
ou=sysadmins
uid=mrx
uid=mry
ou=sales
uid=mra
uid=mrb
ou=office
uid=mrn
uid=mro
That way I could delegate management of the sales team
to another member of staff.
All the howtos I have read however work around all the
user accounts being in a single ou. Samba, for example
lets you specify a single prefix for user account
creation (eg ou=People,dc=example,dc=com)
My questions are:
Am I trying to do the impossible?
Should I stick with the convention and have all my
users in a single ou?
If they are all in a single ou, can I still delegate
things like password changing for certain groups?
I have tested apache LDAP auth, and that works fine
with users in 'sub' ou's. I just want to get it
correct from the start - it makes life so much easier
;)
I am hoping I can create a unified database for
authing Apache and Samba to begin with, and then
migrate other services over time.
TIA
Graham
___________________________________________________________
Yahoo! Messenger - Communicate instantly..."Ping"
your friends today! Download Messenger Now
http://uk.messenger.yahoo.com/download/index.html