[Date Prev][Date Next]
Re: Glueing together backend databases - meta, glue or chain?
On Tue, Jul 17, 2012 at 7:42 PM, Gavin Henry <firstname.lastname@example.org> wrote:
> What lives under ou=CompanyA etc? User accounts? Something we do for
> this to keep the DIT level shallow, is to keep all user accounts in
> ou=Users and filter based on o=CompanyA which is an attribute on that
> user entry. Then you can use slapo-dynlist to create company groups
Each backend (or 1 if I keep everything together on the master) has
indeed an ou=People (or Users, doesn't matters)
with PosixAccount and an ou=groups (using rfc2307bis to combine
posixGroup and groupOfNames)
Indeed, I want the DIT level to be kept shallow. Maybe I can try
something with slapo-dynlist,
as I will use the overlay to create dynamic groups with memberURL anyway.
> Not sure what ACLs you've got or the overall function of your
> directory server to advise a new DIT.
For the moment I have no special ACL's.
In the end, my goal is to provide an integrated directory service, for
three affiliated companies.
Primary goal for Linux authentication/authorization, puppet node
configs, netgroups, sudo and ssh....
Secondary goal app data or users.
Not easy if you want the directory to be perfect ;-)
Thx a lot for the very useful responses!