Thank you for answers...

Michael: We didn't know about it... We need such a structure as each of our employees has an account but does not always have access to all our services (and there really are many), so we prefered spliting everything in different OUs.

Quanah: To be honest, we have no LDAP expert in our technical team, so if you have some time to explain how to set it up in a good way, we would be very glad.

Thank you,
Best regards,

2015-04-09 21:20 GMT+04:00 Michael Ströder <michael@stroeder.com>:
Poul Etto wrote:
As we store a lot of information in our LDAP server, we are looking to
simplify and optimize our LDAP strucutre.

Actually we have plenty OUs (like people and vpn shown hereunder) and lot
of fields are duplicate (same fields with same content in different OUs).
As this is not optimum and makes us push any change for a user into all
concerned OUs, we woul like to use aliasing to avoid duplicating entries:

There are entry aliases which are somewhat problematic though.

But why do you have such tree structure?

BTW: Using 'extensibleObject' disables schema checking. This is bad practice.

Ciao, Michael.