Having users duplicated is a problem for password reset, as someone has just pointed out to me...so then how do you setup your LDAP to allow access to one application and not others?
Say I want to allow a user access to Email but not Network...how is your LDAP setup to handle this? Maybe a bad example...I suppose you'd do this with the deliviered schemas...OK but what about access to Email ON and access to a homegrown app OFF? Perhaps using an attribute from a custom schema?
-----Original Message----- From: criderkevin criderkevin@aol.com To: openldap-technical openldap-technical@openldap.org Sent: Wed, Sep 28, 2011 8:44 pm Subject: How do you have LDAP Setup for Apps
I'm learning and testing different ways of configure my LDAP to handle multiple apps. I gave up on groupofnames because I couldn't get searches to pull out the Users in a Group. I have probably 6 or so apps that will use the LDAP. I am leaning towards a simple structure, where each app has it's own branch in the LDAP. My reasoning is: it's easy to configure, may make ACL's easier to setup and manage, it will make searches easier to setup and test, and...why not...after all this isn't a database and duplicated "people" records don't matter. We may end up with 2 synching LDAPS, one for our network and email, and the other for our other apps, simply because the email system requires a very specific structure.
Just curious to hear from the more experienced what they do in their structure to handle multiple apps, and how sound my thinking is.