[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Advice regarding ldap (building my tree)
> De : Mik J <mikydevel@yahoo.fr>
> À : "openldap-technical@openldap.org" <openldap-technical@openldap.org>
>
>> De : Dan White <dwhite@olp.net>
>
>> À : Mik J <mikydevel@yahoo.fr>
>>
>> On 09/28/12 18:40 +0100, Mik J wrote:
>>> Hello,
>>>
>>> I'm setting up my openldap server and I would like an advice from
>> experimented users.
>>>
>>> My domain is dc=mycompany,dc=org
>>>
>>>
>>> My company will have:
>>> - employees
>>> - clients
>>> - partners
>>>
>>> How should I organise my tree ? for example ?
>>> o=MyCompany, dc=mycompany,dc=org
>>> o=Client1, dc=mycompany,dc=org
>>> o=Client2, dc=mycompany,dc=org
>>> o=Partner1, dc=mycompany,dc=org
>>>
>>> Or can I group clients ?
>>> o=Client1, ??=Clients, dc=mycompany,dc=org
>>> o=Client2, ??=Clients, dc=mycompany,dc=org
>>> What would be "??" if I want to make a group called Clients ?
>>>
>>> Or my approach is not good ?
>>> If someone has advices (or links that describe a real life case)
> I'll be
>> more than happy to read them.
>>
>> I personally prefer breaking up my DIT by function, rather than by
>> company organization, e.g.:
>>
>> uid=user1@companydomain1,ou=people,dc=mycompany,dc=org
>> uid=userx@companydomain2,ou=people,dc=mycompany,dc=org
>> cn=mygroup,ou=groups,dc=mycompany,dc=org
>> cn=myalias,ou=aliases,dc=mycompany,dc=org
>>
>> Then, if I need to restrict an ldap search to one or more organizations, I
>> do so by placing an identifying attribute within the user's entry, and
> find
>> them with a filter.
>>
>> Filters are generally a more flexible way to organize your users than
>> a base.
>
>
> Hello Dan,
> Thank you for your advice. I will consider this option seriously.
> I would also like to hear other people's implementation.
> Have a nice week
Hello Dan,I've started to think about your way to implement this and I've notice that having a uid that looks like an email address is mandatory to achieve what I want. Right now my uids don't look like an email address but more like one_letter+family name
Because you use emails as uids and you do filtering based on regex applied to emails, do you need groups ?
Thank you