[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Schema question

Jatin Nansi wrote:


I am new to using OpenLDAP.

Basically I would like to use an OpenLDAP server as an authentication
/ addressbook server for the network.

For this I was going through the schema definitions as provided
with the default install in etc/openldap/schema.

Now most of the attributes that should go for an addressbook entry
are given in inetorgperson.schema and all authentication related information is given in the nis.schema. So I was thinking about how
to tie both these together. There are 2 approaches I can think of:

1) Create 2 seperate subtrees for Addressbook and authentication(passwd)
information. This information can be tied together with the uid
field present in both the schemas.

AFAIK that's the right way to do it. You include both schemas in the slapd.conf file and create 2 subtrees, i.e. ou=Mail,dc=abc,dc=com (with mail addresses) ou=Users,dc=abc,dc=com (for authentification purposes)

2) Mix all attributes of the 2 schemas together and create a hybrid

That's not a good idea.

What I need to know is: what (if any) is the standard way of doing this, or is this left upto the person implementing the system.
Specially since I would like to use any administrative utilities
(like gq), and it helps if I follow whatever scheme is already
being followed.

Please provide any information you can regarding this, and how you have implemented similar scenarios.

I did it using 2 subtrees,
I read somewhere it should be done this way

Thank you and regards


-- regards Kuba