[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Advice regarding ldap (building my tree)



> De : Dan White <dwhite@olp.net>

> À : Mik J <mikydevel@yahoo.fr>
> 
> On 09/28/12 18:40 +0100, Mik J wrote:
>> Hello,
>> 
>> I'm setting up my openldap server and I would like an advice from 
> experimented users.
>> 
>> My domain is dc=mycompany,dc=org
>> 
>> 
>> My company will have:
>> - employees
>> - clients
>> - partners
>> 
>> How should I organise my tree ? for example ?
>> o=MyCompany, dc=mycompany,dc=org
>> o=Client1, dc=mycompany,dc=org
>> o=Client2, dc=mycompany,dc=org
>> o=Partner1, dc=mycompany,dc=org
>> 
>> Or can I group clients ?
>> o=Client1, ??=Clients, dc=mycompany,dc=org
>> o=Client2, ??=Clients, dc=mycompany,dc=org
>> What would be "??" if I want to make a group called Clients ?
>> 
>> Or my approach is not good ?
>> If someone has advices (or links that describe a real life case) I'll be 
> more than happy to read them.
> 
> I personally prefer breaking up my DIT by function, rather than by
> company organization, e.g.:
> 
> uid=user1@companydomain1,ou=people,dc=mycompany,dc=org
> uid=userx@companydomain2,ou=people,dc=mycompany,dc=org
> cn=mygroup,ou=groups,dc=mycompany,dc=org
> cn=myalias,ou=aliases,dc=mycompany,dc=org
> 
> Then, if I need to restrict an ldap search to one or more organizations, I
> do so by placing an identifying attribute within the user's entry, and find
> them with a filter.
> 
> Filters are generally a more flexible way to organize your users than
> a base.


Hello Dan,
Thank you for your advice. I will consider this option seriously.
I would also like to hear other people's implementation.
Have a nice week