I'm configuring an LDAP Directory with three main purposes:
- UNIX Logins & Groups
- LDAP Logins (and groups)
- Web Based application Logins (and groups)
For now, I've got four organizational units:
ou=accounts (Unix accounts)
ou=people (Accounts for web-based apps, etc.)
ou=ldap (Internal LDAP accounts (read/readwrite/etc.)
ou=groups (All groups)
which has come about because of some recent restructing I've been doing as
I add more features. I'd like to clean this up a bit. Primarily because
ALL groups go under ou=groups, whether its a unix group (PosixGroup), an
LDAP group (groupOfNames), etc.
So I'm wondering if I should do something like this:
uid=<username>,ou=users,ou=unix,dc=domain,dc=net
cn=groupname,ou=groups,ou=unix,dc=domain,dc=net
and the same for ou=ldap and ou=people, or just put groups and users under
the same top level and split based on schema:
uid=<username>,ou=unix,dc=domain,dc=net
cn=<group name>,ou=unix,dc=domain,dc=net
What has worked best for you in the past?
Thanks!
-Matt
