Ah ,I wasn't aware I can make it that... Grainular (sp?). I may have a misunderstanding, but I think that since I'm doing virtual domains that I can't have my primary domain at the very time (IE: dc=domain, dc=com) and that I have to use the o=,c= method -- otherwise Postfix won't trickle down to find the correct domain.
And thanks Robert for the links! I'll check them out! Kenny > -----Original Message----- > From: Paul K�lle [mailto:[EMAIL PROTECTED] > Sent: Wednesday, June 15, 2005 2:42 PM > To: [email protected] > Subject: Re: [gentoo-server] LDAP virtual server question > > Kenny Mann wrote: > > I'm planning on implementing LDAP (just to play -- I've > done the same > > in MySQL already) I'd like to do virtual hosting, which > would involve > > Apache and Postfix. > > For now, I'm researching the Postfix stuff. > > I have 'Deploying OpenLDAP by Tom Jackiewicz' and an > O'Reilly one as > > well, but they don't explain it in enough detai lthat I > understand it. > > I'm thinking I need to make the top container an > organization and add > > domains below that, but not 100% certain of how. > You can make a DIT of your own taste. There are now rules, > just conventions. The most common are o=<myorg>,c=<two letter > country code> and > dc=<firstdomaincomponent>,dc=<seconddomaincomponent>,dc=<tld> > and if you wish to have multiple TLDs in one tree add a > pseudo root like dc=dot. Your DIT can be (mostly) flat ore > nested and that will greatly influence the flexibility and > design of your server. Let me give you two > examples: > > 1. Nested > > dc=dot > |-dc=com,dc=dot > |-dc=net,dc=dot > |-domain=mydomain,dc=net,dc=dot > |-cn=user1,domain=mydomain,... > > As you can see, part of the information is held by the > structure itself, that is, if you like to move an user from > domain1 to domain2 you need to delete the DN with all its > attributes and possible subbranches (which might be painful), > and readd to another branch (this is slow as well, but won't > happen often normally). You can search for this user simply > by a filter like: > > (&(objectClass=posixAccount)(cn=user1)) > > 2. Flat > > dc=domaininfo,dc=myorg,dc=whatever > |-ou=domainusers,dc=domaininfo,... > |-cn=user1,ou=domainusers,... > |-cn=user2,ou=domainusers,... > |-cn=user3,ou=... > > In this case, the information to which specific domain a user > belongs is held in the entry itself like so: > > cn=user1+domain=mydomain.org,ou=domainusers,dc=myorg,dc=whatever > objectClass: posixAccount > objectClass: domain > domain: mydomain.org > cn: user1 > ... > ... > > Note the multivalued RDN to uniquely identify users and allow > the same username in different domains. The search filter > would look like: > > (&(objectClass=posixAccount)(cn=user1)(domain=mydomain.org)) > > > The question I have is can someone point me a direction as > to where I > > can learn the structure and meanings of the dc, ou, etc so I can > > figure out the layout of the DIT? > Get yourself a schema browser (gq, a gtk app, is nice) or > read the schema files in the /etc/openldap/schema directory. > > hth > Paul > > > > -- > [email protected] mailing list > > -- [email protected] mailing list
