[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OU Structure



Hi Graham,

I am at a similar stage with my LDAP deployment, so I'm not an expert, but...

From the reading I've done (eg Howes, et al, "Understanding and Deploying LDAP Directory Services" and Carter, "LDAP System Administration" - both highly recommended) it sounds like it's a bad idea to structure your people entries in line with your organisational structure. The main reason is admin overhead when people move. It's easier to change an attribute value ( dept=engineering -> dept=sales) on an entry than to change it's DN, particularly if that DN happens to be stored as an attribute in other entries elsewhere in the directory (eg group objects).

However, you should be able to achieve the access control you want with ACLs in slapd.conf, based on the value of an attribute within the entry.

Tim


At 20:27 03/03/2004, you wrote:
I was planning to have all the users in the
organisation within different OU's below ou=People eg:


Tim Seeley
Software Applications Developer
School of Informatics and Engineering, Flinders University
Phone: +61 8 8201 2139    (internal extension: 12139)