[Date Prev][Date Next] [Chronological] [Thread] [Top]

Best way to manage multiple accounts



This is a common issue I'm sure, and I'm looking for suggestions.

We have a group people, Tim, Bob, and Phil. Each person has at least one
account. In addition, Bob and Phil need access to some applications that
need special usernames or passwords, and so they need more than one entry in
LDAP. (My thoughts at least.)

What is the best way to arrange this?

I'm thinking that we need one subtree that is The Person (like Bob and his
contact information). We can then have another subtree for The Accounts (a
simpleSecurityObject probably). So perhaps something like:

ou=People,root
ou=Accounts,root

Now since we have to support multiple applications, should we further extend
this?

ou=App1,ou=Accounts,root
ou=App2,ou=Accounts,root
ou=App3,ou=Accounts,root

How do you solve this problem?

Also, I want to be able to view cn=bobemail,ou=App3,ou=Accounts,root and say
"This belongs to uid=bob,ou=People,root" easily. Is there a standard way to
point all of my accounts to a single "I own this" entry somewhere like
ou=People?

This is more of a design question than a technical one, but I'm open to
responses both about the design and technical nature of this issue.