[Date Prev][Date Next]
tree infrastructure and attribute inherit
I'm playing with openldap 2.1.29 bdb backend. We plan to used in ISP-like
infrastructure with users/dns/mail/apache/ftp information stored in
LDAP. It looks like everything what we need is supported (we have plan
to use powerdns ldap backend, sendmail with storing
aliases/virtusers in ldap , mod-cfg for apache vhost in ldap etc. - for
ftp only dns aliases will be used and one server). Also ldap ACI
(aci) with subtree patch from Peter Marschall is planned.
BTW I made source and binary debian packages for this version of openldap,
it's quick and dirty but working - if someone's interested - contact me.
The question is how should I create tree infrastructure? I mean, that
from one point of view it would be nice to use per-domain infrastructure,
with all domain-related stuff in subtrees.
user1 login,pass,shell etc.
user2 login pass shell etc.
However such infrastructure decentralize per-service installation,
and vice versa - while browsing/setting acls in tree it would
be nice to have per-service infrastructure.
..and so on.
The ideal solution would be to create whatever-like infrastructure,
and have except of it, some one or more trees including some kind
of virtual or grouping objects, which are not in fact objects itself,
but objects, which with change of attributes of this objects, attributes
of related objects in appropriate tree will be also changed.
I mean an object, which inherits almost all (except dn) its attributes
from set of other objects - eg. object "myclient1" which inherits
domainname from dns-domain1, virtual addresses from mail-domain1 and
Openldap probably supports inheriting attributes value for objects from
other objects's attributes, however can someone direct me in appropriate
way to discover it? :)
Please do not include all of this message in responses - it is quite long