[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Referral to single attributes
Hi,
maybe someone has experienced the same problem. Take the following example.
You would like to use one LDAP server (replicated of course) for
multiple Domains. Like
ou=users,ou=department1,dc=company,dc=de
ou=users,ou=department2,dc=company,dc=de
ou=users,ou=maindep,dc=company,dc=de
...
Each department has its own domain, all users are part of maindep, some
of those users are part of dep1 too and some of dep2.
So you have the maindep tree for the general use (uid and password for
things like mail, vpn and a genereal purpose domain) and the smaller
dep1 or dep2 for the use with the workstations of the department. The
uid of a user is always the same across the trees
(uid=mikecharlie,ou=dep1,... = uid=mikecharlie,ou=maindep).
The single departments are responsible for their users (creation and
deletion of accounts in their subtrees).
The maindep-Tree gets managed by IT center staff.
Now every department could work with their domain and users (and only
those) , but all users would have a general "account" for stuff that
doesnt belong to their department alone.
The big problem is the sync of the passwords from subtree to subtree
(dep1 to maindep or dep2 to maindep).
Our users get confused if they have password1 for the login at a
workstation and password2 for mail etc.
But the departments want to have their own domains where they have the
control who is able to login or not, BUT they want to have syncronized
passwords.
Is there a possibility to refer to single attributes?
Like uid=mikecharlie,ou=dep1,dc=company,dc=de -> userPassword -> look at
uid=mikecharlie,ou=maindep,dc=hs-mannheim,dc=de -> userPassword.
Best regards
Flo
--
Mit freundlichen Grüßen
Florian Götz
-----------------------------------------------------------------
Dipl.-Inf. (FH) Florian Götz
Rechenzentrum Hochschule Mannheim
Paul-Wittsack-Straße 10
68163 Mannheim
Tel: 0621/292-6232
EMail: f.goetz@hs-mannheim.de
Internet: http://www.rz.hs-mannheim.de
-----