[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Glueing together backend databases - meta, glue or chain?

On Tue, Jul 17, 2012 at 7:42 PM, Gavin Henry <ghenry@suretecsystems.com> wrote:
> What lives under ou=CompanyA etc? User accounts? Something we do for
> this to keep the DIT level shallow, is to keep all user accounts in
> ou=Users and filter based on o=CompanyA which is an attribute on that
> user entry. Then you can use slapo-dynlist to create company groups
> etc.

Each backend (or 1 if I keep everything together on the master) has
indeed an ou=People (or Users, doesn't matters)
with PosixAccount and an ou=groups (using rfc2307bis to combine
posixGroup and groupOfNames)

Indeed, I want the DIT level to be kept shallow. Maybe I can try
something with slapo-dynlist,
as I will use the overlay to create dynamic groups with memberURL anyway.

> Not sure what ACLs you've got or the overall function of your
> directory server to advise a new DIT.

For the moment I have no special ACL's.

In the end, my goal is to provide an integrated directory service, for
three affiliated companies.
Primary goal for Linux authentication/authorization, puppet node
configs, netgroups, sudo and ssh....
Secondary goal app data or users.

Not easy if you want the directory to be perfect ;-)

Thx a lot for the very useful responses!