> We've been using the organization field as the division within the > company A,B or C
> We've been using the department as the department within the > division. > Typical tree structure that we use in AD and NDS You're certainly not using O and OU in AD. AD uses DNS-federated partitions (DC=example,DC=com) in place of O objects. NDS uses O and OU, though. Anyway, in typical use, O as corporation (fully independent division would qualify as well) and OU as department are perfectly fine. But, as you saw. . . > That's telling me that within imail, everyones in > ou=people.o=mail.ameripride.org folder, thus the division & > department philosophy can no longer be used. Correct? Those are the default locations within an IMail/OpenLDAP system. The locations are not fixed per se: it is possible to automatically have IMail store users in a different container. HOWEVER, the automatic part will only affect the hierarchical location of the users, NOT the O attribute linked to the user objects themselves. This may be thought of a bug in IMail, but ah well. To explain further, IMail _can_ store the user object in OU=B30 Minnetonka accounting, O=AmeriPride Services Inc -- and if you used this as your base DN for searching and didn't filter any further, you'd find the users. But if you tried to search on (O=AmeriPride Services Inc) under that search base, strange as this might seem, you wouldn't find the users, since IMail will continue to hard-assign the O attribute the value O=mail.ameripride.org. Generally speaking, this "broken backlink" is a definite no-no. It can lead to unpredictable search behavior from LDAP clients, and might possibly create non-removable objects depending on the server platform. But if you can strictly police how clients access your server, the technically broken db may do you fine. I wouldn't be too comfortable with it myself, but on the flipside of that, I don't mind making manual adjustments via ldapmodify (such as matching the O value with the O grandparent container, or deleting the O value entirely). --Sandy ------------------------------------ Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.mailmage.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.mailmage.com/products/software/freeutils/exchange2aliases/download/release/ http://www.mailmage.com/products/software/freeutils/ldap2aliases/download/release/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
