Hi. On 08/18/2011 10:46 AM, Olivier wrote:
Hi, My primary goal with an openldap directory is to store information to manage people authentification and autorisation to resources on my local network. But I also feel this directory to be a cool opportunity to maintain a registry that would include administrative information such as telephone number. Here is the DIT structure that I plan to deploy to to do that. If anyone has a comment or advice I would be grateful !
Summary :
|
-----------------------------
| STAFF=organizationalUnit |
-----------------------------
_____| | | | | | | | | -> [ one entry per employee ]
|
|
-------------------------
| John Doe=inetOrgPerson | -> [administrative data such as tel number]
-------------------------
|
------------------
| doe=posixAccount | -> [ uid, password on so on ]
------------------
What a reason for split user account data to two objects? WBR
LDIF :
Staff is a branch of people :
# Entry 1: ou=staff,ou=people,dc=example,dc=fr
dn: ou=staff,ou=people,dc=example,dc=fr
objectclass: organizationalUnit
objectclass: top
ou: staff
that contains as many inetOrgPerson as I have people
in staff (here are recorded administrative data such as
telephone number and so on) :
# Entry 12: uid=doe,ou=staff,ou=people,dc=example,dc=fr
dn: sn=doe,ou=staff,ou=people,dc=example,dc=fr
sn: doe
cn: john doe
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
Each "inetOrgPerson" may also have a "posixAccount" child
that record information usable to access resources :
dn: uid=doe,sn=doe,ou=staff,ou=people,dc=example,dc=fr
cn: john doe
gidnumber: 1800
homedirectory: /home/doe
loginshell: /bin/tcsh
objectclass: account
objectclass: posixAccount
objectclass: top
objectclass: shadowAccount
uid: doe
uidnumber: 510
userpassword: {SSHA}***********************
---
Olivier