Re: How do you have LDAP Setup for Apps

[criderkevin@aol.com]

Having users duplicated is a problem for password reset, as someone has just pointed out to me...so then how do you setup your LDAP to allow access to one application and not others?

Say I want to allow a user access to Email but not Network...how is your LDAP setup to handle this? Maybe a bad example...I suppose you'd do this with the deliviered schemas...OK but what about access to Email ON and access to a homegrown app OFF? Perhaps using an attribute from a custom schema?

-----Original Message-----
From: criderkevin <criderkevin@aol.com>
To: openldap-technical <openldap-technical@openldap.org>
Sent: Wed, Sep 28, 2011 8:44 pm
Subject: How do you have LDAP Setup for Apps

I'm learning and testing different ways of configure my LDAP to handle multiple apps. I gave up on groupofnames because I couldn't get searches to pull out the Users in a Group. I have probably 6 or so apps that will use the LDAP. I am leaning towards a simple structure, where each app has it's own branch in the LDAP. My reasoning is: it's easy to configure, may make ACL's easier to setup and manage, it will make searches easier to setup and test, and...why not...after all this isn't a database and duplicated "people" records don't matter. We may end up with 2 synching LDAPS, one for our network and email, and the other for our other apps, simply because the email system requires a very specific structure.

Just curious to hear from the more experienced what they do in their structure to handle multiple apps, and how sound my thinking is.