[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OU Structure

To: openldap-software@OpenLDAP.org
Subject: Re: OU Structure
From: Tim Seeley <tim.seeley@flinders.edu.au>
Date: Thu, 04 Mar 2004 08:57:45 +1030
In-reply-to: <20040303095714.83824.qmail@web25209.mail.ukl.yahoo.com>

Hi Graham,

I am at a similar stage with my LDAP deployment, so I'm not an expert, but...

From the reading I've done (eg Howes, et al, "Understanding and Deploying LDAP Directory Services" and Carter, "LDAP System Administration" - both highly recommended) it sounds like it's a bad idea to structure your people entries in line with your organisational structure. The main reason is admin overhead when people move. It's easier to change an attribute value ( dept=engineering -> dept=sales) on an entry than to change it's DN, particularly if that DN happens to be stored as an attribute in other entries elsewhere in the directory (eg group objects).

However, you should be able to achieve the access control you want with ACLs in slapd.conf, based on the value of an attribute within the entry.

Tim

At 20:27 03/03/2004, you wrote:

I was planning to have all the users in the
organisation within different OU's below ou=People eg:

Tim Seeley
Software Applications Developer
School of Informatics and Engineering, Flinders University
Phone: +61 8 8201 2139    (internal extension: 12139)

Follow-Ups:
- Re: OU Structure
  - From: Adam Williams <awilliam@whitemice.org>

References:
- OU Structure
  - From: Graham schildt <graham_schildt@yahoo.co.uk>

Prev by Date: script MySQL ldap DONE, and some questions
Next by Date: Re: script MySQL ldap DONE, and some questions
Index(es):
- Chronological
- Thread