[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: schema question

To: "R.I.Pienaar" <rip@pinetec.co.za>
Subject: Re: schema question
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Thu, 09 Mar 2000 09:23:02 -0800
Cc: openldap-general@OpenLDAP.org
In-reply-to: <20000307091858.S5184@pinetec.co.za>

At 09:18 AM 3/7/00 +0200, R.I.Pienaar wrote:
>I have a directory schema that contains a root of "o=orgname" and underneath
>there for each of our intnl offices a "dc=domain, o=orgname" with groups and
>people underneath that, I have exim querying this tree for mailbox locations
>etc.

I suggest you use ou (organizational unit) not dc (domain component).
See RFC 2247 and RFC 2377 on appropriate use of dc attribute values
as naming components.

>I want to add a branch in the tree for general services related entries, stuff
>like web server usernames etc, these may also contain mail= atrtibutes etc.
>
>The way I want it is to have two root dn's, one for people related
>information, one for service related info, what would be the best way to do
>this? if I cant have multiple root dn's

I am not sure what you mean by root.  I'll assume you mean the "rootdn"
found in OpenLDAP configurations meaning the special authorization DN
in which access controls are not applied for.  In which case, the answer
is "use multiple authorization DN and setup access controls to allow
them to do what's needed".  For specifics, please see documentation/FAQ
of the implementation you are using and redirect any question of specific
to the implementation to an appropriate forum (ie: not this list).

If you meant root DN as the DN of the entry at root of a subtree,
then the answer is "setup multiple subtrees" as partitions of your
DIT. 

Kurt

References:
- schema question
  - From: "R.I.Pienaar" <rip@pinetec.co.za>

Prev by Date: Re: binary
Next by Date: Re: Serious Newbie Authentication Question
Index(es):
- Chronological
- Thread