Find the answer to your Linux question:
Results 1 to 5 of 5
I planning to use a directory server (the new redhat directory server) on my network for authenticating on the web-, mail- and fileserver. the webserver also serves homedirectories. when reading ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Feb 2005
    Location
    Lomm - Netherlands
    Posts
    80

    LDAP is giving me a headache (schema drawing)


    I planning to use a directory server (the new redhat directory server) on my network for authenticating on the web-, mail- and fileserver.
    the webserver also serves homedirectories.

    when reading the docs, I see there are two possibillities of setting up the tree. (both are possible, both are plausible). (dn= dc=, dc= OR dn= o=, c=)

    Then ... I don't know. I can use users, companies and powerusers for the next level and use web, mail, fileserv, homespace as group or the other way around....
    who can give me more advice about this? (about 75 users)


    DN= DC=example, DC=nl or DN= O=example, C=nl
    OU=web ou=mail ou=fileserv ou=homespace or ou=users ou=comanies ou=powerusers

  2. #2
    Linux Enthusiast scientica's Avatar
    Join Date
    Sep 2003
    Location
    South- or "Mid-" Sweden
    Posts
    742
    for my machine I've used "dc=zeus" as by BASE_DN. My understanding is that you can have what ever you like, by I'd recomend just "dc=server_name" unless you got a domain, then you should have "dc=sld,dc=tld" if your domain is "sld.tld".
    Regards Scienitca (registered user #335819 - http://counter.li.org )
    --
    A master is nothing more than a student who knows something of which he can teach to other students.

  3. #3
    Just Joined!
    Join Date
    Feb 2005
    Location
    Lomm - Netherlands
    Posts
    80
    We have multiple domains, allthough ony one is used for this network. So our base_dn = dc=example,dc=nl
    we have a few groups and have a few services.
    should we place the groups on the next level or the services?

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Enthusiast scientica's Avatar
    Join Date
    Sep 2003
    Location
    South- or "Mid-" Sweden
    Posts
    742
    Well, it seems (unless I've missunderstood you) you're basically choosing way of organizing them, either by their "group" or by their "service"(their access to the services).

    I'm thinking, which would be giving the lesser head ace, ie, which is easiest to handle, now and in the future with many times the people and services/groups.
    I think I'd ask myself these questions: (no specific order)
    • How many people belong to multiple groups/services?
    • Are the services "subordinates" of groups? (or are the groups sorted under a service? (eg group A deals with the code behind the web, and group B deals with it's design/graphics on the web and some other service -- or does every one under the service "web" do all the web related stuff (possibly with subgroups under them, but the design part of them are "restricted to the web" service, and not doing work for other services)))
    • Which service "feels" best - that is, which is the one that you for some reason direcly feel like, "hmm, just ouf the blue I felt ist made most sence to do it in groups as it's more 'sane'/'effectuve' to have it sorted in groups as the design team is working in both service A and B -- or it's easier to handle permissions with peeople sorted under services, ie, when Johnny A designs something for the web he'll log on with his web context/DN and inherit the web services rights"
    • Would a hybrid be possible? Can groups and services co-exist? (eg, one could have a "Design" group which does all deisgn, and a "Web" service/"group" where all web-specific stuff go - one could imagine setting things up so that the design only get access to a design sub-section of the web-stuff, while every one in web inherits access to all of the web-stuff)
    • What does the victims think about the organization? (eg, the people doing the work on the floor, what's their reallity, how to they work, how do they think the work effectivly?) -- listening to the users can give good clues to a good setup. The alternative is/could be to make things transparent to them, eg, they just log on and do what they're supposed to do with out any clue as to how things are organized under the hood (might not be possible, I can't think of anything that works 100% transparent, or really always "just works")

    ... wonder if the above is of any help or just confusing things..
    Regards Scienitca (registered user #335819 - http://counter.li.org )
    --
    A master is nothing more than a student who knows something of which he can teach to other students.

  6. #5
    Just Joined!
    Join Date
    Feb 2005
    Location
    Lomm - Netherlands
    Posts
    80
    I think I got it. please correct me if i'm wrong.

    1 webserver/ mysql server, 1 mailserver, 1 fileserver (fileserv1+2), 1 authentication server (and /home/<users>)

    fileserver serves 2 directories; 1 for users, 1 for companies

    4 users in powerusers
    7 users in companies
    64 users in users

    powerusers have 30MB web(space), 2 mail(boxes 10MB), 100MB homespce, access fileserv1
    companies have 100MB web(space), 10 mail(boxes 10MB), 250MB homespace, access fileserv2
    users have 20MB web(space), 1 mail(box 10MB), access fileserv1

    first level: DN=dc=example,dc=nl

    o=web / ou=users ou=companies ou=powerusers
    o=mail / ou=users ou=companies ou=powerusers
    o=fileserv1 / ou=users ou=powerusers
    o=fileserv2 / ou=companies
    o=homespace / ou=companies ou=powerusers

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •