[Date Prev][Date Next] [Chronological] [Thread] [Top]

Newbie, structuring information in LDAP


If this is not the correct place to ask this question please point me in
the right direction.

I'm the administrator of a network with around 1000 users. We're
providing various services for our users, they may get an email account,
a homepage account, a MySQL account, etc. These services are provided to
all users registered on the network. Though some may choose to only use
some of the services provided.

There's also a second class of users, the administrators which in
addition to the above have shell access to some or all of our servers,
some may even have root access.

At the moment information about the users are decentralized for the
various services, which is making it harder than necessary to maintain
and develop the network. Therefore I've decided to look for a better way
to manage our user information and for this purpose LDAP seems to fit
the bill. 

I've been reading all the LDAP material on the net I've been able to get
my hands on. This has left me with some questions:

- For the above setup, what would a good structure be? Should I create
  a single object class which contains all the information or would it
  be better to define a "user" class and a "administrator" class or is
  it possible to append some administrator information to the user
  class. What are the pros and cons of each solution?

- It seems that the structure of LDAP information is pretty static. What
  happens if I discover that I need to add a "last name" attribute to my
  user class after implementing the solution?

- Are there any good resources on LDAP on the net? I've been browsing
  the OpenLDAP site, the LDAP guru site and various articles I've found
  on google.

If the above questions are already (partially) answered somewhere,
please point me there. All responses will be greatly appreciated.

Thank you
- Jacob Atzen