[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Separate sets of accounts in ldap

To: dijuremo@math.gatech.edu
Subject: Re: Separate sets of accounts in ldap
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Fri, 25 Mar 2005 09:12:32 -0800
Cc: OpenLDAP-software@OpenLDAP.org
In-reply-to: <20050325115216.5971og248w0gko4w@webmail.math.gatech.edu>
References: <20050325115216.5971og248w0gko4w@webmail.math.gatech.edu>

This thread appears more appropriately discussed in a forum
specific to the 'account' applications you are using (or
intend to use), or possibly a general LDAP list.  That is,
in the nature of your questions, it seems that answers would
be the same if you were to replace 'openldap' with 'ldap' in
your post.  See the charter, as well as the FAQ for
suggestions on more appropriate lists.

Kurt


At 08:52 AM 3/25/2005, dijuremo@math.gatech.edu wrote:
>Hi,
>
>I am trying to figure out what is the appropriate setup for accounts on an
>openldap server.
>
>I have been asked to have one set of accounts for staff on one server and a
>different set of accounts for students.  The question is, should I run two
>separate ldap servers or can I just fit them both in one?
>
>1. Scenario One
>
>dc=ibb,dc=gatech,dc=edu
>|->ou=People,dc=ibb,dc=gatech,dc=edu (put staff accounts here)
>|->ou=Groups,dc=ibb,dc=gatech,dc=edu (put staff groups here)
>|->ou=Hosts,dc=ibb,dc=gatech,dc=edu
>...
>|->ou=Students,dc=ibb,dc=gatech,dc=edu
>   |->ou=People,ou=Students,dc=ibb,dc=gatech,dc=edu
>   |->ou=Groups,ou=Students,dc=ibb,dc=gatech,dc=edu
>   |->ou=Hosts,ou=Students,dc=ibb,dc=gatech,dc=edu
>
>The problem with this scenario is that computers using:
>base dc=ibb,dc=gatech,dc=edu  will find accounts for students, which I do
>not want.
>Also if I use samba with ldap support, then there will be problems if I have
>two accounts with the same uid in both tha main ou=People and the
>ou=People,ou=Students.
>
>
>2. Scenario Two
>dc=ibb,dc=gatech,dc=edu
>|-> ou=Staff,dc=ibb,dc=gatech,dc=edu
>|   |->ou=People,ou=Staff,dc=ibb,dc=gatech,dc=edu
>|   |->ou=Groups,ou=Staff,dc=ibb,dc=gatech,dc=edu
>|   |-> ... etc
>|
>|-> ou=Students,dc=ibb,dc=gatech,dc=edu
>    |->ou=People,ou=Students,dc=ibb,dc=gatech,dc=edu
>    |->ou=Groups,ou=Students,dc=ibb,dc=gatech,dc=edu
>    |->.... etc
>
>3. Scenario Three
>   - One ldap server called ldapstaff
>     dc=ibb,dc=gatech,dc=edu
>     |->ou=People,dc=ibb,dc=gatech,dc=edu (put staff accounts here)
>     |->ou=Groups,dc=ibb,dc=gatech,dc=edu (put staff groups here)
>     |->ou=Hosts,dc=ibb,dc=gatech,dc=edu
>   - Second ldap server called ldapstudents
>dc=ibb,dc=gatech,dc=edu
>     |->ou=People,dc=ibb,dc=gatech,dc=edu (put student accounts here)
>     |->ou=Groups,dc=ibb,dc=gatech,dc=edu (put student groups here)
>     |->ou=Hosts,dc=ibb,dc=gatech,dc=edu
>
>Any other way of doing this I am not thinkging of?
>
>Thanks,
>
>Diego

References:
- Separate sets of accounts in ldap
  - From: dijuremo@math.gatech.edu

Prev by Date: Separate sets of accounts in ldap
Next by Date: Re: TLS secure connection to an LDAP server
Index(es):
- Chronological
- Thread