--On Thursday, March 28, 2019 11:22 AM +0000 Olivier - piwako@outlook.fr wrote:
Hi all,
i have a stupid question but can you check this ? When do we need to use LDAP groups versus Tree ?
Generally you're talking about two different things.
The tree is how you organize where entries will live inside the database. A group is a reference to entries in your tree. So you may have something like:
dn: dc=mybase,dc=com (root of the database tree) dn: cn=people,dc=mybase,dc=com (subtree for storing people entries) dn: cn=groups,dc=mybase,dc=com (subtree for storing group entries)
Then say we have 5 people:
dn: uid=joe,cn=people,dc=mybase,dc=com dn: uid=jean,cn=people,dc=mybase,dc=com dn: uid=frank,cn=people,dc=mybase,dc=com dn: uid=april,cn=people,dc=mybase,dc=com dn: uid=samantha,cn=people,dc=mybase,c=com
Now, these people may belong to different (and multiple) groups. For example:
dn: cn=staff,cn=groups,dc=mybase,dc=com member: uid=joe,cn=people,dc=mybase,dc=com member: uid=jean,cn=people,dc=mybase,dc=com member: uid=april,cn=people,dc=mybase,dc=com
dn: cn=students,cn=groups,dc=mybase,dc=com member: uid=frank,cn=people,dc=mybase,dc=com member: uid=samantha,cn=people,dc=mybase,dc=com
dn: cn=human resources,cn=groups,dc=mybase,dc=com member: uid=joe,cn=people,dc=mybase,dc=com
dn: cn=faculty,cn=groups,dc=mybase,dc=com member: uid=jean,cn=people,dc=mybase,dc=com
In the above example:
Joe, Jean, and April are all staff of the organization Frank and Samantha are students
Joe is in HR Jean is faculty.
etc.
Hope that helps!
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com