Re: Tree versus group

[Quanah Gibson-Mount <quanah@symas.com>]

--On Thursday, March 28, 2019 11:22 AM +0000 Olivier - <piwako@outlook.fr> 
wrote:

> Hi all,
>
> i have a stupid question but can you check this ?
> When do we need to use LDAP groups versus Tree ?

Generally you're talking about two different things.

The tree is how you organize where entries will live inside the database. 
A group is a reference to entries in your tree.  So you may have something 
like:


dn: dc=mybase,dc=com (root of the database tree)
dn: cn=people,dc=mybase,dc=com (subtree for storing people entries)
dn: cn=groups,dc=mybase,dc=com (subtree for storing group entries)

Then say we have 5 people:

dn: uid=joe,cn=people,dc=mybase,dc=com
dn: uid=jean,cn=people,dc=mybase,dc=com
dn: uid=frank,cn=people,dc=mybase,dc=com
dn: uid=april,cn=people,dc=mybase,dc=com
dn: uid=samantha,cn=people,dc=mybase,c=com

Now, these people may belong to different (and multiple) groups.  For 
example:

dn: cn=staff,cn=groups,dc=mybase,dc=com
member: uid=joe,cn=people,dc=mybase,dc=com
member: uid=jean,cn=people,dc=mybase,dc=com
member: uid=april,cn=people,dc=mybase,dc=com

dn: cn=students,cn=groups,dc=mybase,dc=com
member: uid=frank,cn=people,dc=mybase,dc=com
member: uid=samantha,cn=people,dc=mybase,dc=com

dn: cn=human resources,cn=groups,dc=mybase,dc=com
member: uid=joe,cn=people,dc=mybase,dc=com

dn: cn=faculty,cn=groups,dc=mybase,dc=com
member: uid=jean,cn=people,dc=mybase,dc=com


In the above example:

Joe, Jean, and April are all staff of the organization
Frank and Samantha are students

Joe is in HR
Jean is faculty.

etc.

Hope that helps!

--Quanah



--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>