--On December 4, 2007 5:52:11 PM -0500 Nathan Nobbe quickshiftin@gmail.com wrote:
hello all,
i am working on my first installation of openldap, so please bear with me. i assure you in advance i have been digging through the manual and only resort to the mailing list after exhausting ability to understand how to write the access portion of slapd.conf by reading the administration guide. in particular, if some of the language i use in the email is a bit hazy, im trying my best.
anyway here is the background; i have designed the tree structure as follows beneath the rootdn there are organizationalUnit objects and beneath those there are organizationalPerson objects.
Just on a general note, I'd say this is a fairly poor design decision. Given the way that people often shift organizations, or work for more then one, I've found that putting organizations in their own tree, and then people in their own tree works a lot better, and makes ACLs easier.
In answer to your question, however, you may find that using sets helps with some of what you want to do.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration