> De : Dan White <[email protected]> > À : Mik J <[email protected]> > > On 09/28/12 18:40 +0100, Mik J wrote: >> Hello, >> >> I'm setting up my openldap server and I would like an advice from > experimented users. >> >> My domain is dc=mycompany,dc=org >> >> >> My company will have: >> - employees >> - clients >> - partners >> >> How should I organise my tree ? for example ? >> o=MyCompany, dc=mycompany,dc=org >> o=Client1, dc=mycompany,dc=org >> o=Client2, dc=mycompany,dc=org >> o=Partner1, dc=mycompany,dc=org >> >> Or can I group clients ? >> o=Client1, ??=Clients, dc=mycompany,dc=org >> o=Client2, ??=Clients, dc=mycompany,dc=org >> What would be "??" if I want to make a group called Clients ? >> >> Or my approach is not good ? >> If someone has advices (or links that describe a real life case) I'll be > more than happy to read them. > > I personally prefer breaking up my DIT by function, rather than by > company organization, e.g.: > > uid=user1@companydomain1,ou=people,dc=mycompany,dc=org > uid=userx@companydomain2,ou=people,dc=mycompany,dc=org > cn=mygroup,ou=groups,dc=mycompany,dc=org > cn=myalias,ou=aliases,dc=mycompany,dc=org > > Then, if I need to restrict an ldap search to one or more organizations, I > do so by placing an identifying attribute within the user's entry, and find > them with a filter. > > Filters are generally a more flexible way to organize your users than > a base.
Hello Dan, Thank you for your advice. I will consider this option seriously. I would also like to hear other people's implementation. Have a nice week
