Re: Schema question

[Kuba Leszewski <k.leszewski@ce3.pl>]

Jatin Nansi wrote:

> Hi,
>
> I am new to using OpenLDAP. 
>
> Basically I would like to use an OpenLDAP server as an authentication
> / addressbook server for the network. 
>
> For this I was going through the schema definitions as provided
> with the default install in etc/openldap/schema.
>
> Now most of the attributes that should go for an addressbook entry
> are given in inetorgperson.schema and all authentication related 
> information is given in the nis.schema. So I was thinking about how
> to tie both these together. There are 2 approaches I can think of:
>
> 1) Create 2 seperate subtrees for Addressbook and authentication(passwd)
> information. This information can be tied together with the uid
> field present in both the schemas.



AFAIK that's the right way to do it.
 You include both schemas in the slapd.conf file
and create 2 subtrees,
i.e.
ou=Mail,dc=abc,dc=com (with mail addresses)
ou=Users,dc=abc,dc=com (for authentification purposes)


> 2) Mix all attributes of the 2 schemas together and create a hybrid
> schema. 


That's not a good idea.


> What I need to know is: what (if any) is the standard way of 
> doing this, or is this left upto the person implementing the system.
> Specially since I would like to use any administrative utilities
> (like gq), and it helps if I follow whatever scheme is already
> being followed. 
>
> Please provide any information you can regarding this, and how 
> you have implemented similar scenarios.


I did it using 2 subtrees,
I read somewhere it should be done this way


> Thank you and regards
>
> Jatin



--
regards
Kuba