[Date Prev][Date Next] [Chronological] [Thread] [Top]

DIT structure advice


My primary goal with an openldap directory is to store information
to manage people authentification and autorisation to resources on
my local network. But I also feel this directory to be a cool opportunity
to maintain a registry that would include administrative information such
as telephone number.

Here is the DIT structure that I plan to deploy to to do that.

If anyone has a comment or advice I would be grateful !

Summary :
                   |  STAFF=organizationalUnit  |
                  _____| | |  | | |  | | |  -> [ one entry per employee ]
 |  John Doe=inetOrgPerson | -> [administrative data such as tel number]
 | doe=posixAccount |            -> [ uid, password on so on ]


Staff is a branch of people :

# Entry 1: ou=staff,ou=people,dc=example,dc=fr
dn: ou=staff,ou=people,dc=example,dc=fr
objectclass: organizationalUnit
objectclass: top
ou: staff

that contains as many inetOrgPerson as I have people
in staff (here are recorded administrative data such as
telephone number and so on) :

# Entry 12: uid=doe,ou=staff,ou=people,dc=example,dc=fr
dn: sn=doe,ou=staff,ou=people,dc=example,dc=fr
sn: doe
cn: john doe
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson

Each "inetOrgPerson" may also have a "posixAccount" child
that record information usable to access resources :

dn: uid=doe,sn=doe,ou=staff,ou=people,dc=example,dc=fr
cn:  john doe
gidnumber: 1800
homedirectory: /home/doe
loginshell: /bin/tcsh
objectclass: account
objectclass: posixAccount
objectclass: top
objectclass: shadowAccount
uid: doe
uidnumber: 510
userpassword: {SSHA}***********************