[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Advice regarding ldap (building my tree)

On 10/01/12 20:12 +0100, Mik J wrote:
 De : Dan White <dwhite@olp.net>

 I personally prefer breaking up my DIT by function, rather than by
 company organization, e.g.:


 Then, if I need to restrict an ldap search to one or more
 organizations, I do so by placing an identifying attribute within the
 user's entry, and find them with a filter.

 Filters are generally a more flexible way to organize your users than
 a base.

Hello Dan,I've started to think about your way to implement this and I've
notice that having a uid that looks like an email address is mandatory to
achieve what I want. Right now my uids don't look like an email address
but more like one_letter+family name Because you use emails as uids and
you do filtering based on regex applied to emails, do you need groups ?

I maintain ldap groups to store unix group membership, and for ACL

I do not typically use groups for user authentication and authorization.

Dan White