Antw: Regarding LDAP structure

["Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>]

"If there is one thing that never changes, it's change"

I cannot give a general recommendation other than thinking of all the possible changes over the lifetime of your tree before starting. For example people can change their names, people may change departments, working groups, roles, etc. You can end up with two people having the same name.

I would not have believed it, but we had one case where two different people had the same name, the same date of birth and the same address...

Regards,
Ulrich

>>> Joshua Riffle <jriffle@apu.edu> schrieb am 13.03.2014 um 17:18 in Nachricht
<CACmOZFqjSpgsDiH2cpPdy8SYxhwyvL_YgsGCYaHJBwnGOS02oA@mail.gmail.com>:
> I'm aware this may not be the best mailing list to discuss something as
> generalized as best practices for LDAP structuring within OpenLDAP, but
> would anyone be able to direct me to a mailing list that would be better
> suited for this kind of conversation?
> 
> I'm looking for any or all of these kinds of communications within a
> mailing list:
> 
>    - Designing a person, account, group LDAP tree directory that would be
>    scalable and flexible enough to grow to large sizes (millions) and still
>    have a grip on best practices for identity management on an enterprise
>    level.
>    - Specifically for an educational institution if I can share the aches
>    and pains of other directory owners with similar problems.
>    - I also am trying to prove / disprove the use of having a person
>    directory object with multiple child account objects as good or bad
>    architecture and understand why. I've never seen this discussed in 
> practice.
>    - Good and bad ways to relate tree objects with each other. I only know
>    of parent / child tree relationships or more "softly" by using DN's 
> within
>    an attribute like the group-member relationship.
> 
> 
> Joshua Riffle
> Software Engineer
> *Azusa Pacific University*