[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Separate sets of accounts in ldap
Hi,
I am trying to figure out what is the appropriate setup for accounts on an
openldap server.
I have been asked to have one set of accounts for staff on one server and a
different set of accounts for students. The question is, should I run two
separate ldap servers or can I just fit them both in one?
1. Scenario One
dc=ibb,dc=gatech,dc=edu
|->ou=People,dc=ibb,dc=gatech,dc=edu (put staff accounts here)
|->ou=Groups,dc=ibb,dc=gatech,dc=edu (put staff groups here)
|->ou=Hosts,dc=ibb,dc=gatech,dc=edu
...
|->ou=Students,dc=ibb,dc=gatech,dc=edu
|->ou=People,ou=Students,dc=ibb,dc=gatech,dc=edu
|->ou=Groups,ou=Students,dc=ibb,dc=gatech,dc=edu
|->ou=Hosts,ou=Students,dc=ibb,dc=gatech,dc=edu
The problem with this scenario is that computers using:
base dc=ibb,dc=gatech,dc=edu will find accounts for students, which I do
not want.
Also if I use samba with ldap support, then there will be problems if I have
two accounts with the same uid in both tha main ou=People and the
ou=People,ou=Students.
2. Scenario Two
dc=ibb,dc=gatech,dc=edu
|-> ou=Staff,dc=ibb,dc=gatech,dc=edu
| |->ou=People,ou=Staff,dc=ibb,dc=gatech,dc=edu
| |->ou=Groups,ou=Staff,dc=ibb,dc=gatech,dc=edu
| |-> ... etc
|
|-> ou=Students,dc=ibb,dc=gatech,dc=edu
|->ou=People,ou=Students,dc=ibb,dc=gatech,dc=edu
|->ou=Groups,ou=Students,dc=ibb,dc=gatech,dc=edu
|->.... etc
3. Scenario Three
- One ldap server called ldapstaff
dc=ibb,dc=gatech,dc=edu
|->ou=People,dc=ibb,dc=gatech,dc=edu (put staff accounts here)
|->ou=Groups,dc=ibb,dc=gatech,dc=edu (put staff groups here)
|->ou=Hosts,dc=ibb,dc=gatech,dc=edu
- Second ldap server called ldapstudents
dc=ibb,dc=gatech,dc=edu
|->ou=People,dc=ibb,dc=gatech,dc=edu (put student accounts here)
|->ou=Groups,dc=ibb,dc=gatech,dc=edu (put student groups here)
|->ou=Hosts,dc=ibb,dc=gatech,dc=edu
Any other way of doing this I am not thinkging of?
Thanks,
Diego