[Date Prev][Date Next]
LDAP DIT Design
- To: OpenLDAP Technical <firstname.lastname@example.org>
- Subject: LDAP DIT Design
- From: Valentin Bud <email@example.com>
- Date: Mon, 10 Dec 2012 12:20:42 +0200
- Content-disposition: inline
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:subject:message-id:mime-version:content-type :content-disposition:user-agent; bh=ns2pTql+b7yzlg95yGJ3pk09af9V0ID3RXchyIPmtyE=; b=Qa5SwzQg79QrcgbS/60Cnc+aPaWoHzegK6loxcmtLynrvsO/YiyVrT/Ew7LGWNqfgA rhUzJpkPdojXFxlqzRs/S0dymmt7JPMGYEJs5iZLShfiBX0MOLXY331yVIOc3lPzrb10 1kcgVt4h81mQIJIB0Q9WfzRggo8cv7mXdIjY7QAF4izwSR45m8kSMshrawrQHDmupO83 btu1+nebDCqBo+qLxwQObEpwApnG+0OJvn9/uiaNDx13fyHlpPnuYbu61KzJRDr7dqiS zOxT57/jeZNVJYDc/VenGD1NHmjLKYg7WOIBpauVBnRRuhvYlsG21+QBMOpAc8Gqmlm8 8X0g==
- User-agent: Mutt/1.5.21 (2010-09-15)
I am using OpenLDAP for quite some time now, a few months. I have set up a simple
directory following DNS, RFC2247, directory structure,
I use the directory to store POSIX accounts. Now I want to extend the
directory to store application configuration, starting with Postfix
virtual domains and maps. I would also like to store Kerberos principals
in the future.
For now I have three companies I want to use OpenLDAP for. Each of this
companies have part of the above services in their premises and in some
datacenters. I would like to configure replication between the
datacenter and the premise.
Maybe more companies will be added to the mix in the future.
Do you think it would be safe to use an empty suffix "" and go with
RFC2247 structure downwards?
+ - - - - - - - - + - - - - - - - - +
dc=compX + - - - - - - + - - - - - - +
I think this way it would be easy to replicate `dc=compA,dc=com` from
the datacenter servers to the on-premise ones. Also this would keep
things simple (?). Each company would get an `ou` for people and one for
I would also want to add the fact that some directories will also be
used to store Samba ID maps but I guess this makes no difference on how
the directory in structured.
What do you people think about this approach? If some of you have some
information on the topic of DIT Design please share so I can learn more.
Thank you. Cheers and Goodwill,