De : Dan White <dwhite@olp.net>
I personally prefer breaking up my DIT by function, rather than by
company organization, e.g.:
uid=user1@companydomain1,ou=people,dc=mycompany,dc=org
uid=userx@companydomain2,ou=people,dc=mycompany,dc=org
cn=mygroup,ou=groups,dc=mycompany,dc=org
cn=myalias,ou=aliases,dc=mycompany,dc=org
Then, if I need to restrict an ldap search to one or more
organizations, I do so by placing an identifying attribute within the
user's entry, and find them with a filter.
Filters are generally a more flexible way to organize your users than
a base.