Hi.
On 08/18/2011 10:46 AM, Olivier wrote:
Hi,
My primary goal with an openldap directory is to store information to manage people authentification and autorisation to resources on my local network. But I also feel this directory to be a cool opportunity to maintain a registry that would include administrative information such as telephone number.
Here is the DIT structure that I plan to deploy to to do that.
If anyone has a comment or advice I would be grateful !
Summary : | ----------------------------- | STAFF=organizationalUnit | ----------------------------- _____| | | | | | | | | -> [ one entry per employee ] | |
| John Doe=inetOrgPerson | -> [administrative data such as tel number]
|
| doe=posixAccount | -> [ uid, password on so on ]
What a reason for split user account data to two objects?
WBR
LDIF :
Staff is a branch of people :
# Entry 1: ou=staff,ou=people,dc=example,dc=fr dn: ou=staff,ou=people,dc=example,dc=fr objectclass: organizationalUnit objectclass: top ou: staff
that contains as many inetOrgPerson as I have people in staff (here are recorded administrative data such as telephone number and so on) :
# Entry 12: uid=doe,ou=staff,ou=people,dc=example,dc=fr dn: sn=doe,ou=staff,ou=people,dc=example,dc=fr sn: doe cn: john doe objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson
Each "inetOrgPerson" may also have a "posixAccount" child that record information usable to access resources :
dn: uid=doe,sn=doe,ou=staff,ou=people,dc=example,dc=fr cn: john doe gidnumber: 1800 homedirectory: /home/doe loginshell: /bin/tcsh objectclass: account objectclass: posixAccount objectclass: top objectclass: shadowAccount uid: doe uidnumber: 510 userpassword: {SSHA}***********************
Olivier