> De : Mik J <[email protected]> > À : "[email protected]" <[email protected]> > >> De : Dan White <[email protected]> > >> À : Mik J <[email protected]> >> >> On 09/28/12 18:40 +0100, Mik J wrote: >>> Hello, >>> >>> I'm setting up my openldap server and I would like an advice from >> experimented users. >>> >>> My domain is dc=mycompany,dc=org >>> >>> >>> My company will have: >>> - employees >>> - clients >>> - partners >>> >>> How should I organise my tree ? for example ? >>> o=MyCompany, dc=mycompany,dc=org >>> o=Client1, dc=mycompany,dc=org >>> o=Client2, dc=mycompany,dc=org >>> o=Partner1, dc=mycompany,dc=org >>> >>> Or can I group clients ? >>> o=Client1, ??=Clients, dc=mycompany,dc=org >>> o=Client2, ??=Clients, dc=mycompany,dc=org >>> What would be "??" if I want to make a group called Clients ? >>> >>> Or my approach is not good ? >>> If someone has advices (or links that describe a real life case) > I'll be >> more than happy to read them. >> >> I personally prefer breaking up my DIT by function, rather than by >> company organization, e.g.: >> >> uid=user1@companydomain1,ou=people,dc=mycompany,dc=org >> uid=userx@companydomain2,ou=people,dc=mycompany,dc=org >> cn=mygroup,ou=groups,dc=mycompany,dc=org >> cn=myalias,ou=aliases,dc=mycompany,dc=org >> >> Then, if I need to restrict an ldap search to one or more organizations, I >> do so by placing an identifying attribute within the user's entry, and > find >> them with a filter. >> >> Filters are generally a more flexible way to organize your users than >> a base. > > > Hello Dan, > Thank you for your advice. I will consider this option seriously. > I would also like to hear other people's implementation. > Have a nice week
Hello Dan,I've started to think about your way to implement this and I've notice that having a uid that looks like an email address is mandatory to achieve what I want. Right now my uids don't look like an email address but more like one_letter+family name Because you use emails as uids and you do filtering based on regex applied to emails, do you need groups ? Thank you
