On Thu, Apr 28, 2011 at 6:54 AM, Marco Pizzoli <marco.pizzoli@gmail.com> wrote: > Hi list, > could someone point me to some resources, in particular usage > examples, about DIT content rules? > The first rule is that there are no rules ;-) there are like 2 major patterns so to speak: the X500 organizational distribution and the DNS-inspired way. You can (in fact you should) mix-match your DIT structure with both if you want and adapt to your own needs. The is no one right way to do it. Many people under-use LDAP. For us LDAP is used for slow-mutating hierarchical information that needs to be centralized, hence the term "directory" is precisely what you should use LDAP for. The data _should_ be organized in complex hierarchical form and not in the stupid People, Computers, etc. hierarchy imposed by stupid pseudo-LDAP technologies such as MS AD, and sorry to say that Samba follows the same mistakes. LDAP is for _a lot_ more that just a flat structure of People and Computers, it is designed to be hierarchically complex, reflecting the true nature of your organization. In the end, this will just translate to LDAP queries which you can easily simplify by working with attributes in the correct way, so no worries about how complex the DIT is. With complex hierarchies you can then even take all your user tables OUT of the SQLs and do some interesting querying and integration with your SQL stuff via the lesser known operational attribute called entryUUID (defined in RFC4530). Yeap, that's right there _is in fact_ a logical primary key in LDAP. I did some pretty interesting work in Venezuela last year through our partner company Corcaribe Tecnología C.A. and wrote a paper that explains all this in detail... BUT the doc is in Spanish. I am attaching the PDF here in case it's of any use to you and/or anyone would care to translate and post a how-to or on a Wiki somewhere. I have the original OpenOffice doc and the drawing in Inkscape SVG if anyone would like to derive some more formal work, Best, -- Alejandro Imass > Thanks in advance > Marco > > > -- > _________________________________________ > Non è forte chi non cade, ma chi cadendo ha la forza di rialzarsi. > Jim Morrison > >
Attachment:
estructura_ldap_opsu_2010.pdf
Description: Adobe PDF document