[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: OU Structure
Hi Graham,
I am at a similar stage with my LDAP deployment, so I'm not an expert, but...
From the reading I've done (eg Howes, et al, "Understanding and Deploying
LDAP Directory Services" and Carter, "LDAP System Administration" - both
highly recommended) it sounds like it's a bad idea to structure your people
entries in line with your organisational structure. The main reason is
admin overhead when people move. It's easier to change an attribute value
( dept=engineering -> dept=sales) on an entry than to change it's DN,
particularly if that DN happens to be stored as an attribute in other
entries elsewhere in the directory (eg group objects).
However, you should be able to achieve the access control you want with
ACLs in slapd.conf, based on the value of an attribute within the entry.
Tim
At 20:27 03/03/2004, you wrote:
I was planning to have all the users in the
organisation within different OU's below ou=People eg:
Tim Seeley
Software Applications Developer
School of Informatics and Engineering, Flinders University
Phone: +61 8 8201 2139 (internal extension: 12139)
- References:
- OU Structure
- From: Graham schildt <graham_schildt@yahoo.co.uk>