[Date Prev][Date Next]
Re: Advice regarding ldap (building my tree)
> De : Mik J <email@example.com>
> À : "firstname.lastname@example.org" <email@example.com>
>> De : Dan White <firstname.lastname@example.org>
>> À : Mik J <email@example.com>
>> On 09/28/12 18:40 +0100, Mik J wrote:
>>> I'm setting up my openldap server and I would like an advice from
>> experimented users.
>>> My domain is dc=mycompany,dc=org
>>> My company will have:
>>> - employees
>>> - clients
>>> - partners
>>> How should I organise my tree ? for example ?
>>> o=MyCompany, dc=mycompany,dc=org
>>> o=Client1, dc=mycompany,dc=org
>>> o=Client2, dc=mycompany,dc=org
>>> o=Partner1, dc=mycompany,dc=org
>>> Or can I group clients ?
>>> o=Client1, ??=Clients, dc=mycompany,dc=org
>>> o=Client2, ??=Clients, dc=mycompany,dc=org
>>> What would be "??" if I want to make a group called Clients ?
>>> Or my approach is not good ?
>>> If someone has advices (or links that describe a real life case)
> I'll be
>> more than happy to read them.
>> I personally prefer breaking up my DIT by function, rather than by
>> company organization, e.g.:
>> Then, if I need to restrict an ldap search to one or more organizations, I
>> do so by placing an identifying attribute within the user's entry, and
>> them with a filter.
>> Filters are generally a more flexible way to organize your users than
>> a base.
> Hello Dan,
> Thank you for your advice. I will consider this option seriously.
> I would also like to hear other people's implementation.
> Have a nice week
Hello Dan,I've started to think about your way to implement this and I've notice that having a uid that looks like an email address is mandatory to achieve what I want. Right now my uids don't look like an email address but more like one_letter+family name
Because you use emails as uids and you do filtering based on regex applied to emails, do you need groups ?