[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Glueing together backend databases - meta, glue or chain?

To: Gavin Henry <ghenry@suretecsystems.com>
Subject: Re: Glueing together backend databases - meta, glue or chain?
From: Pieter Baele <pieter.baele@gmail.com>
Date: Wed, 18 Jul 2012 08:55:45 +0200
Cc: Aaron Richton <richton@nbcs.rutgers.edu>, openldap-technical@openldap.org
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=L7ofl45cWP/ZYG2D4sZ0K/zCvwqflxaWC5qdVP1Ocjk=; b=f9OnZy4RreO9t/VVbLPHUX/Jxk91jAtPJiCW9iG7qGZmnXpzcZj5cFSyNbfXpqX/04 t7nz1PTUsfBeYjQHxWv44DOcz2RDrFW49qmProPU1JxZNhRnGZ9SO8nbiPnUjx5O8bzK ND3fVcELmd7aR72fT1k92/IY+IWu3D78JIgII7cAfBvdPxWDwSFp2aK2uT0vSJX/IjOV rfVQHzWIUDHIzQjTI0aFqeE96x5SyCBFIhPsV9f5f2J1BFbr9H+dhNZ8osCQ3pGpof/w wuihlPMR8wUe9NDtC7DVMcMExYtZIxwPEsrYBfKK+l/HYx+0ZOjDEU45xi1P6XEHC3zi wQzA==
In-reply-to: <CAPcb_GKFw7iW3iN-V-Ktiyy8wef_T8OW6TpL48WPOPVZ1tE4TA@mail.gmail.com>
References: <CADDXySqHUv_g6hun3LzquB_me5K5CrvHG8NC3VCRvSFpAzWBmg@mail.gmail.com> <alpine.SOC.2.02.1207171057500.10485@toolbox.rutgers.edu> <CAPcb_GKFw7iW3iN-V-Ktiyy8wef_T8OW6TpL48WPOPVZ1tE4TA@mail.gmail.com>

On Tue, Jul 17, 2012 at 7:42 PM, Gavin Henry <ghenry@suretecsystems.com> wrote:
>
> What lives under ou=CompanyA etc? User accounts? Something we do for
> this to keep the DIT level shallow, is to keep all user accounts in
> ou=Users and filter based on o=CompanyA which is an attribute on that
> user entry. Then you can use slapo-dynlist to create company groups
> etc.
>

Each backend (or 1 if I keep everything together on the master) has
indeed an ou=People (or Users, doesn't matters)
with PosixAccount and an ou=groups (using rfc2307bis to combine
posixGroup and groupOfNames)

Indeed, I want the DIT level to be kept shallow. Maybe I can try
something with slapo-dynlist,
as I will use the overlay to create dynamic groups with memberURL anyway.

> Not sure what ACLs you've got or the overall function of your
> directory server to advise a new DIT.

For the moment I have no special ACL's.

OT:
In the end, my goal is to provide an integrated directory service, for
three affiliated companies.
Primary goal for Linux authentication/authorization, puppet node
configs, netgroups, sudo and ssh....
Secondary goal app data or users.

Not easy if you want the directory to be perfect ;-)

Thx a lot for the very useful responses!

References:
- Glueing together backend databases - meta, glue or chain?
  - From: Pieter Baele <pieter.baele@gmail.com>
- Re: Glueing together backend databases - meta, glue or chain?
  - From: Aaron Richton <richton@nbcs.rutgers.edu>
- Re: Glueing together backend databases - meta, glue or chain?
  - From: Gavin Henry <ghenry@suretecsystems.com>

Prev by Date: Re: Glueing together backend databases - meta, glue or chain?
Next by Date: Re: syncrepl and attribute order
Index(es):
- Chronological
- Thread