[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Advice regarding ldap (building my tree)

To: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Subject: Re: Advice regarding ldap (building my tree)
From: Mik J <mikydevel@yahoo.fr>
Date: Mon, 1 Oct 2012 20:12:57 +0100 (BST)
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.fr; s=s1024; t=1349118778; bh=SThoM51N9GclDIjqdkucFiNLvestLeiH6sE1dbUbsS4=; h=X-YMail-OSG:Received:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=nzwgV7P/p2vW97UZlq6IEQ99ntYSFgjUJSr9SJ9NlB5jO0PPADNovtgLWXK41Eg7alqwqaQvQKVO7xBV4d+IsinWU9ILoXMW7YTf0Ff4m7VUQDuxk2zZbWl9XqExGSE+6BTSq7LXZ0nhk/+i8mnF8Y050cvHRcRmAI/Am8ySIUQ=
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.fr; h=X-YMail-OSG:Received:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=xpCRwINhyj3VRLrHoD1bPUc82J33bct97v9j+vQqMfUbZfiQIM06fAcZFRpoOt5IXZnjJwsywDUpc+DbY33NVKzxVxIDmpmt4Yvftat8J7P8jN7XzQKdmCH2nPNrN9zi6O7VRopjnyVPFK5RLjm5Dink3/SxzH8FPTTj8Eihsa0=;
In-reply-to: <1349081102.28558.YahooMailNeo@web28805.mail.ir2.yahoo.com>
References: <5065A4D5.9050902@eurobjects.com> <5065B0C1.5020808@symas.com> <5065D2F1.200@eurobjects.com> <5065DA6C.9050709@symas.com> <1348854050.31759.YahooMailNeo@web28806.mail.ir2.yahoo.com> <20120928183445.GD6059@dan.olp.net> <1349081102.28558.YahooMailNeo@web28805.mail.ir2.yahoo.com>

> De : Mik J <mikydevel@yahoo.fr>

> À : "openldap-technical@openldap.org" <openldap-technical@openldap.org>
> 
>>  De : Dan White <dwhite@olp.net>
> 
>>  À : Mik J <mikydevel@yahoo.fr>
>> 
>>  On 09/28/12 18:40 +0100, Mik J wrote:
>>>  Hello,
>>> 
>>>  I'm setting up my openldap server and I would like an advice from 
>>  experimented users.
>>> 
>>>  My domain is dc=mycompany,dc=org
>>> 
>>> 
>>>  My company will have:
>>>  - employees
>>>  - clients
>>>  - partners
>>> 
>>>  How should I organise my tree ? for example ?
>>>  o=MyCompany, dc=mycompany,dc=org
>>>  o=Client1, dc=mycompany,dc=org
>>>  o=Client2, dc=mycompany,dc=org
>>>  o=Partner1, dc=mycompany,dc=org
>>> 
>>>  Or can I group clients ?
>>>  o=Client1, ??=Clients, dc=mycompany,dc=org
>>>  o=Client2, ??=Clients, dc=mycompany,dc=org
>>>  What would be "??" if I want to make a group called Clients ?
>>> 
>>>  Or my approach is not good ?
>>>  If someone has advices (or links that describe a real life case) 
> I'll be 
>>  more than happy to read them.
>> 
>>  I personally prefer breaking up my DIT by function, rather than by
>>  company organization, e.g.:
>> 
>>  uid=user1@companydomain1,ou=people,dc=mycompany,dc=org
>>  uid=userx@companydomain2,ou=people,dc=mycompany,dc=org
>>  cn=mygroup,ou=groups,dc=mycompany,dc=org
>>  cn=myalias,ou=aliases,dc=mycompany,dc=org
>> 
>>  Then, if I need to restrict an ldap search to one or more organizations, I
>>  do so by placing an identifying attribute within the user's entry, and 
> find
>>  them with a filter.
>> 
>>  Filters are generally a more flexible way to organize your users than
>>  a base.
> 
> 
> Hello Dan,
> Thank you for your advice. I will consider this option seriously.
> I would also like to hear other people's implementation.
> Have a nice week


Hello Dan,I've started to think about your way to implement this and I've notice that having a uid that looks like an email address is mandatory to achieve what I want. Right now my uids don't look like an email address but more like one_letter+family name
Because you use emails as uids and you do filtering based on regex applied to emails, do you need groups ?
Thank you

Follow-Ups:
- Re: Advice regarding ldap (building my tree)
  - From: Dan White <dwhite@olp.net>

References:
- Re: Advice regarding ldap (building my tree)
  - From: Mik J <mikydevel@yahoo.fr>

Prev by Date: ldap_add_ext transactions
Next by Date: recompile openldap with SSL support
Index(es):
- Chronological
- Thread