Kenny Mann wrote: > I'm planning on implementing LDAP (just to play -- I've done the same in > MySQL already) > I'd like to do virtual hosting, which would involve Apache and Postfix. > For now, I'm researching the Postfix stuff. > I have 'Deploying OpenLDAP by Tom Jackiewicz' and an O'Reilly one as well, > but they don't explain it in enough detai lthat I understand it. > I'm thinking I need to make the top container an organization and add > domains below that, but not 100% certain of how. You can make a DIT of your own taste. There are now rules, just conventions. The most common are o=<myorg>,c=<two letter country code> and dc=<firstdomaincomponent>,dc=<seconddomaincomponent>,dc=<tld> and if you wish to have multiple TLDs in one tree add a pseudo root like dc=dot. Your DIT can be (mostly) flat ore nested and that will greatly influence the flexibility and design of your server. Let me give you two examples:
1. Nested dc=dot |-dc=com,dc=dot |-dc=net,dc=dot |-domain=mydomain,dc=net,dc=dot |-cn=user1,domain=mydomain,... As you can see, part of the information is held by the structure itself, that is, if you like to move an user from domain1 to domain2 you need to delete the DN with all its attributes and possible subbranches (which might be painful), and readd to another branch (this is slow as well, but won't happen often normally). You can search for this user simply by a filter like: (&(objectClass=posixAccount)(cn=user1)) 2. Flat dc=domaininfo,dc=myorg,dc=whatever |-ou=domainusers,dc=domaininfo,... |-cn=user1,ou=domainusers,... |-cn=user2,ou=domainusers,... |-cn=user3,ou=... In this case, the information to which specific domain a user belongs is held in the entry itself like so: cn=user1+domain=mydomain.org,ou=domainusers,dc=myorg,dc=whatever objectClass: posixAccount objectClass: domain domain: mydomain.org cn: user1 ... ... Note the multivalued RDN to uniquely identify users and allow the same username in different domains. The search filter would look like: (&(objectClass=posixAccount)(cn=user1)(domain=mydomain.org)) > The question I have is can someone point me a direction as to where I can > learn the structure and meanings of the dc, ou, etc so I can figure out the > layout of the DIT? Get yourself a schema browser (gq, a gtk app, is nice) or read the schema files in the /etc/openldap/schema directory. hth Paul -- [email protected] mailing list
