[Date Prev][Date Next]
Re: Advice regarding ldap (building my tree)
> De : Dan White <firstname.lastname@example.org>
> À : Mik J <email@example.com>
> On 09/28/12 18:40 +0100, Mik J wrote:
>> I'm setting up my openldap server and I would like an advice from
> experimented users.
>> My domain is dc=mycompany,dc=org
>> My company will have:
>> - employees
>> - clients
>> - partners
>> How should I organise my tree ? for example ?
>> o=MyCompany, dc=mycompany,dc=org
>> o=Client1, dc=mycompany,dc=org
>> o=Client2, dc=mycompany,dc=org
>> o=Partner1, dc=mycompany,dc=org
>> Or can I group clients ?
>> o=Client1, ??=Clients, dc=mycompany,dc=org
>> o=Client2, ??=Clients, dc=mycompany,dc=org
>> What would be "??" if I want to make a group called Clients ?
>> Or my approach is not good ?
>> If someone has advices (or links that describe a real life case) I'll be
> more than happy to read them.
> I personally prefer breaking up my DIT by function, rather than by
> company organization, e.g.:
> Then, if I need to restrict an ldap search to one or more organizations, I
> do so by placing an identifying attribute within the user's entry, and find
> them with a filter.
> Filters are generally a more flexible way to organize your users than
> a base.
Thank you for your advice. I will consider this option seriously.
I would also like to hear other people's implementation.
Have a nice week