I would recommend using an attribute within the user's object to distinguish, instead of creating more branches in the tree. In my higher-ed environment, I keep all users under ou=people, and then have an "affiliation" attribute that designates whether they are faculty, staff, student, etc, and they may even have multiple of these affiliations. This, for me, is easier to use than trying to parse the DN of a user to determine the role. HTH, -Matt On Mon, 2005-03-07 at 12:33 +0100, Toper wrote: > I'm installed OpenLDAP and I have a flat structure currently: dc=firm,dc=com, from which I have branches People, Group, Aliases etc.. > I have problem how to distinguish between manager and worker. > Is it possible to make this structure > dc=firm,dc=com > ou=sales,dc=firm,dc=com > ou=People,ou=sales,dc=firm,dc=com > in this position place manager > and after that make > ou=worker,ou=People,ou=sales,dc=firm,dc=com > and in this position place workers? > I would like to easy check who is worker and who is manager and give the manager wider rights. > Question, what is the correct tree of LDAP for this situation? > > best regards > Toper > > ---------------------------------------------------------------------- > Portal z najlepsza wyszukiwarka... >>> http://link.interia.pl/f185f > > Matthew J. Smith University of Connecticut ITS This message sent at Mon Mar 7 07:42:45 2005 PGP Key: http://web.uconn.edu/dotmatt/matt.asc
Attachment:
signature.asc
Description: This is a digitally signed message part