Re: Sensible scheme for password information?

[giovanni.baruzzi@allianz-leben.de (Baruzzi Giovanni)]

graaf@iae.nl wrote:

> Hello,
>
> I am looking at moving our password information and possibly later more
> information to LDAP. I have found a password migration tool by Luke
> Howard, and this creates entries for all users like the following:
>
> dn: uid=nfr,ou=People,dc=iae,dc=nl
> uid: nfr
> cn: Network Flight Recorder
> objectClass: top
> objectClass: account
> objectClass: posixAccount
> userPassword: {crypt}*
> loginShell: /bin/csh
> uidNumber: 300
> gidNumber: 300
> homeDirectory: /usr/local/nfr
> gecos: Network Flight Recorder
>
> I am wondering if it is a good idea to put all entries in objectClass
> top. Shouldn't there be only one top object? Is there a standard scheme
> for this information, or does everyone invent their own?
>
> Thanks for your answers.
>
> Best regards,
> Edwin de Graaf
>
> --
> "O Oysters, come and walk with us!" The Walrus did beseech.

Hallo!

please be careful to distinguish the "class-hierarchy" from the "LDAP Tree
Hierarchy".

What you see as ObjectClass REFERS ONLY  the class Hierarchy; every Object
MUST be son of the ObjectClass top.

The Tree Hierarchy is specified by the DN (Distinguished Name), in your
case uid=nfr,ou=People,dc=iae,dc=nl that means an object in the container
People for the company iae in the country Netherlands. This is a perfectly
acceptable tree structure if the organization is not too big.

A more standard structure would be : uid=nfr,ou=People,o=iae,c=nl
o=organization, c=country;
I don't understand why dc is used instead of o,c.

Best regards
Giovanni Baruzzi

begin:vcard 
n:Baruzzi;Giovanni
tel;work:+49-7031-663-1421
x-mozilla-html:FALSE
adr:;;;;;;
version:2.1
email;internet:giovanni.baruzzi@allianz-leben.de
fn:Giovanni Baruzzi
end:vcard