[Date Prev][Date Next]
I am designing the layout of a LDAP directory and have
been looking through the various howtos for samba, nss
I was planning to have a hierarchical structure for
the OU's in my directory to allow certain user
accounts to be managed by technicians whilst other
more important accounts to be only manageable by the
I was planning to have all the users in the
organisation within different OU's below ou=People eg:
That way I could delegate management of the sales team
to another member of staff.
All the howtos I have read however work around all the
user accounts being in a single ou. Samba, for example
lets you specify a single prefix for user account
creation (eg ou=People,dc=example,dc=com)
My questions are:
Am I trying to do the impossible?
Should I stick with the convention and have all my
users in a single ou?
If they are all in a single ou, can I still delegate
things like password changing for certain groups?
I have tested apache LDAP auth, and that works fine
with users in 'sub' ou's. I just want to get it
correct from the start - it makes life so much easier
I am hoping I can create a unified database for
authing Apache and Samba to begin with, and then
migrate other services over time.
Yahoo! Messenger - Communicate instantly..."Ping"
your friends today! Download Messenger Now