[Date Prev][Date Next] [Chronological] [Thread] [Top]

where to begin with design?

To: openldap-software@OpenLDAP.org
Subject: where to begin with design?
From: Archive User <archive@xpedite.com>
Date: Mon, 18 Dec 2000 03:55:33 -0500 (EST)

Hiya,

I want to move my current company toward using
ldap for basically every service on the network. 

I would like to use ldap for the following things..

Netscape proxy server auth
Netscape calendar server auth 
Netscape web server auth
Apache web server auth 
VPN server auth (supports ldap). 
Radius server auth 
Sendmail email routing
Corporate address book for outlook,netscape,eudora,horde/imp, and
  a web based interface.
Solaris 2.6, 7, and 8 auth/auto mounting
Linux auth/auto mounting
WinNT 4.0/2000/98 auth 

My biggest headache right now is trying to figure 
out a design for this whole thing.. 

Basically my biggest concern is how to do the 
unix/nt auth so I can have different groups 
of users for classes of machines.. Yet still
maintain single sign on. 

Lets say for arguments sake I have 3 different 
environments in my company (there are more but 
it would get too complex).. 

1. administrative
2. customer service
3. development

I would like to do something like have a customer
service person only access to the customer service
hosts, a development person access to customerservice
and development hosts, and an admin person access to 
all three. Can anyone think of a way to do this 
type of setup with ldap? I have been pulling my hair
out trying to come up with a decent design.. 

Also in some cases some may have proxy access while
another group may not..etc. or maybe there will 
be exceptions in each group as well. 

Should I go for a massive tree structure like.. 

            	company
		  |
address book----proxy---admin--development---customerservice--etc
	|        |       |      |             |                |

with the possiblity of having the same user in each and every 
branch with different info or try to develop some sort of other design?

Groups sound like it might be best but I am stumped on how 
to make it all work.. 

IMHO this is the toughest thing regarding LDAP.. designing 
something that can work for everything and be expanded easily
down the road.

Anyone have any suggestions? I sure could use some.. 

Thanks.. Mike

Follow-Ups:
- Re: where to begin with design?
  - From: <Hugo.van.der.Kooij@caiw.nl>

Prev by Date: Re: cofunsed about authentication methods and tools
Next by Date: LDAP Related
Index(es):
- Chronological
- Thread