[Date Prev][Date Next] [Chronological] [Thread] [Top]

OU Structure



Hi, 

I am designing the layout of a LDAP directory and have
been looking through the various howtos for samba, nss
etc.

I was planning to have a hierarchical structure for
the OU's in my directory to allow certain user
accounts to be managed by technicians whilst other
more important accounts to be only manageable by the
sysadmin.

I was planning to have all the users in the
organisation within different OU's below ou=People eg:

ou=People
        ou=sysadmins
                  uid=mrx
                  uid=mry
        ou=sales
                uid=mra
                uid=mrb
        ou=office
                uid=mrn
                uid=mro

That way I could delegate management of the sales team
to another member of staff.

All the howtos I have read however work around all the
user accounts being in a single ou. Samba, for example
lets you specify a single prefix for user account
creation (eg ou=People,dc=example,dc=com)

My questions are:
Am I trying to do the impossible?

Should I stick with the convention and have all my
users in a single ou?

If they are all in a single ou, can I still delegate
things like password changing for certain groups?

I have tested apache LDAP auth, and that works fine
with users in 'sub' ou's. I just want to get it
correct from the start - it makes life so much easier
;)

I am hoping I can create a unified database for
authing  Apache and Samba to begin with, and then
migrate other services over time.

TIA

Graham



	
	
		
___________________________________________________________
Yahoo! Messenger - Communicate instantly..."Ping" 
your friends today! Download Messenger Now 
http://uk.messenger.yahoo.com/download/index.html