[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: wasted space?

"Kevin J. Menard, Jr." wrote:

>    And has anyone set up entries for a variety of services?  I'm trying to come
>    up with the best way to have one entry per user, but all that one entry to
>    have IMAP/POP, SMTP, HTTP, and FTP access.  For instance, I was thinking an
>    attribute called "service" and then add all these values.  I figure that
>    would require me to write a new schema file though.  But I thought this way,
>    I could just look up per "service" for each user and see if he should be
>    granted ftp access or allowed to send/receive mail.

It depends on the way your client programs let you specify the
search filters, and what type of configurabiliy you want to provide.
if you have just a medium amount of people on your server, mostly
sharing the same users, you'd want to do it on a per-user basis. If
the amount of services you provide differs greatly, i prefer the
per-service setup. You might want to split this in users that
actually exist on the system, end virtual users. Think of email
addresses and pop accounts. The number of email addresses you have
is likely to be much larger that the number of pop accounts. Apart
from that, a pop account can be mapped to a virtual user. ftp access
however, is mostly directly linked to a real uid on the system.

My guess would be to have per-service trees, and let entries have an
owner attribute if they need to. The owner can then point to a real
user entry.

>    I was also hoping to do this for more than one domain, so should I adopt a
>    naming conventions in slap everyone in ou = users, o = blah?  Or should I
>    have a users ou per domain?  I figured the former would be quicker for
>    searches and lookups and what not (at least for software where you configure
>    a base search).

If you have a ou per domain, it seems to me that it is much easier
to give people write access to their own domain (or subdomains), and
(if you want) the per domain options you want the mta to use..

i find this subject particularly interesting, as i am still working
an the ldap implementation howto, and i still need some more
knowlegde of a real life ldap setup, that has all the components you
would ever need, so if you get some interesting knowhow somewhere,
please let me know.



1A First Alternative rolek@alt001.com    www.alt001.com
Linvision BV         rolek@linvision.com (www|devel).linvision.com