[Date Prev][Date Next]
Re: Schema question
Jatin Nansi wrote:
I am new to using OpenLDAP.
Basically I would like to use an OpenLDAP server as an authentication
/ addressbook server for the network.
For this I was going through the schema definitions as provided
with the default install in etc/openldap/schema.
Now most of the attributes that should go for an addressbook entry
are given in inetorgperson.schema and all authentication related
information is given in the nis.schema. So I was thinking about how
to tie both these together. There are 2 approaches I can think of:
1) Create 2 seperate subtrees for Addressbook and authentication(passwd)
information. This information can be tied together with the uid
field present in both the schemas.
AFAIK that's the right way to do it.
You include both schemas in the slapd.conf file
and create 2 subtrees,
ou=Mail,dc=abc,dc=com (with mail addresses)
ou=Users,dc=abc,dc=com (for authentification purposes)
2) Mix all attributes of the 2 schemas together and create a hybrid
That's not a good idea.
What I need to know is: what (if any) is the standard way of
doing this, or is this left upto the person implementing the system.
Specially since I would like to use any administrative utilities
(like gq), and it helps if I follow whatever scheme is already
Please provide any information you can regarding this, and how
you have implemented similar scenarios.
I did it using 2 subtrees,
I read somewhere it should be done this way
Thank you and regards