LDAP layout tips?

arkepp · Posted: Sun Feb 08, 2004 2:34 am Post subject: LDAP layout tips?

Hi,

I'm a newbie when it comes to LDAP: I have openldap up and running happily, the next question if how do I organize my directory.

Currently I only have an adressbrook, which resides under (i'll use regular unix directories to illustrate).
/addressbook (ou=addressbook)

I now want to add some web users (mod_auth_ldap), application users (egroupware) and possibly some mail / system users later.

Would the correct layout be:
/accounts/web_user_1
/accounts/web_user_2
/accounts/web_apps/egroupware_user_1
/accounts/web_apps/egroupware_user_2
/accounts/web_apps/egroupware_user_3
/accounts/web_apps/system_users/mail_user_1
/accounts/web_apps/system_users/mail_user_2

so that i won't have to add a new web_user every time I hadde a mail user (since that user is an employee who should have access anyway).

It seems somewhat clumsy to me, any tips or links?

Thanks in advance,
Arne

axxackall · Posted: Tue Feb 10, 2004 11:29 pm Post subject:

I use LDAP for authenticating users of various web applications. In each application I say precisely what is the base to look for users, and what is the filter.

For example, I have ou=People for all accounts, and then for filtering I have different (and often multiple) employeeType attributes.

The reason I use attributes is that I need users to have multiple types and I am not ready to choose appropriate hierarchy of "ou" yet.

So, consider my advise as a temporary solution until you come with properly designed (and tested!) schema.
_________________
"Lisp is a programmable programming language." - John Foderaro, CACM, September 1991