[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: planning an ldap db

To: openldap-software@OpenLDAP.org
Subject: Re: planning an ldap db
From: Adam Tauno Williams <adam@morrison-ind.com>
Date: Tue, 15 May 2001 07:15:25 -0400 (EDT)
In-reply-to: <3B00FF8B.3836FD2F@fivetec.com>
References: <3B00FF8B.3836FD2F@fivetec.com>
User-agent: IMP/PHP IMAP webmail program 2.2.1

>time for a newbie question again :) I'm planning an example ldap tree
>for two companies that are in the same LAN. 

I operate an OpenLDAP server for 13 companies on the same LAN/WAN.
 
>Here's the structure I thought first for the tree:
>dc:company1,dc:com -- ou: people
>  |                    |- uid: user1
> ou: groups            |- uid: user2
>And I would do a another db entry for company2. 

You certainly could, but you need to ask yourself if it is worth the bother. 
You can also include references and aliases in your database to tie them
together,  but you need clients that chase such things.  And PAM/NSS may not
like multiple search bases (don't know, never tried).  Since 12 of the companies
here are owned by an "umbrella" company,  I put them all in the same tree,  it
hasn't really caused any problems.  Also I don't like "uid=" DN's, I prefer
"cn=" so that accounts are simply attributes of people, and people without
accounts can exists in the same part of the tree.  But that's just me.

Systems and Network Administrator
Morrison Industries
1825 Monroe Ave NW.
Grand Rapids, MI. 49505

Follow-Ups:
- Re: planning an ldap db
  - From: Peter Peltonen <peter.peltonen@fivetec.com>

References:
- planning an ldap db
  - From: Peter Peltonen <peter.peltonen@fivetec.com>

Prev by Date: rsh & rlogin
Next by Date: Re: NSRoaming w/ OpenLDAP 2.0
Index(es):
- Chronological
- Thread