Results 1 to 2 of 2

Thread: LDAP for managing different types of users

  1. #1
    Join Date
    Nov 2007
    Location
    Perth, WA, Australia
    Beans
    12
    Distro
    Ubuntu 8.04 Hardy Heron

    LDAP for managing different types of users

    Hi all

    I currently have an openLdap server set up as my primary *nix account storage and authentication system (I know, I should be using kerberos, that's the next step) using Ubuntu Server 8.04. I'm also using ldap to authenticate users for my bugzilla, mediawiki, svn and joomla apps.

    Currently, I have three *nix groups set up;
    • internal - staff and other internal company users
    • external - contractors and suppliers who need access to bugzilla, svn, etc
    • customers - the customers we service


    Internal users also have access to other things such as NFS exports, while external and customer groups can only use our online apps.

    Also users are stored in ou=People,dc=mycompanyname,dc=com, and I group users based on their *nix group. However, what I'm wondering is whether I should be using a organizational unit child, e.g.;

    dc=mycompanyname,dc=com
    |-ou=People
    |--ou=Customers
    |--ou=Internal
    |--ou=External

    As there seems no point to storing external and customers groups as *nix groups because they will never have access to the server's filesystem.

    Additionally, it is likely that Customers and External can be stored using the Address Book Entry schema as it seems to capture all the information we require.

    I'm probably going to go with this new plan and am really just looking for validation that I'm on the right track. If I'm not on the right track what should I be doing to improve the structure of my ldap server?

    Any help much appreciated.

  2. #2
    Join Date
    Apr 2006
    Location
    Seattle
    Beans
    2,893
    Distro
    Ubuntu Development Release

    Re: LDAP for managing different types of users

    Not a tutorial, so moved appropriately.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •