Hi all, I'm still a newbie about openLDAP, but I need already to get the right choice in this design phase in order to avoid terrible troubles in the next future :)
*How would you map the following scenario as for DIT and ACL (olc) ?* We have two companies: *wiki.com <http://wiki.com>* and *grape.jp <http://grape.jp>*. # Data set a) *wiki.com <http://wiki.com>* is the one hosting openLDAP and has several user accounts registered into. b) *grape.jp <http://grape.jp>* can create user accounts in the same openLDAP hosted by *wiki.com <http://wiki.com>* # Authorization c) *wiki.com <http://wiki.com> *can see and manage all the user accounts. d) *grape.jp <http://grape.jp>* can manage only user accounts created by itself. I'm thinking at the following configuration: one database called "dn=wiki,dn=com" which requires objects with following schema dn: [email protected] <http://wikitude.com/>,dc=wiki,dc=com objectclass: inetOrgPerson cn: <user1 nickname> givenname: <user1 first name> mail: [email protected] <[email protected]> sn: <user1 surname> userPassword: aNiceEncryptedPassword o:<either wiki.com or grape.jp depending on who has created the user> and then setting a proper ACL (olc) on the attribute '*o*' in order to defined who can access what (but on this side I need still to understand A LOT). My configuration is driven from the fact I need also to integrate Liferay 6.1 which needs to see all the user accounts :-( Let me thank you for having read till here! Any suggestion and/or reference would be highly appreciated. Best Regards, Simone P.s. I was looking also for a good guide/book on Amazon, but everything looks quite outdated...
