Alex Moen escreveu:
I have been researching and reading a lot of material for quite a while about schema design and planning, and haven't found much pertaining to what I want to do.
We have 50+ servers, serving thousands of customers. I want to migrate those servers to LDAP authentication and authorization, but have not found the proper design for multiple servers and duplicated users. Most references just do the basic "example.com" example and never expand on it from there. Ultimately, I would like to allow my admins to have a single account across multiple servers (kind of "authorization account merging"), but still allot the schema to be "separate" enough that duplicated usernames on different machines, corresponding to different people, still exist.
Are there any really good references out there that do step-by-step walk throughs of the type of schema designing that I am thinking of? Or is it impossible? Or am I just really making too much of this? :)
You shouldn't concern about schema design, there are already lots of schemas for almost everything on the net, unless you have some very specific need.
When you integrate a server with an LDAP database for authentication - say with nss_ldap for example - you "add" those LDAP accounts to the server. So, you still get your local accounts for each server and plus you have the "global" LDAP accounts too. If you want to migrate those customers local accounts to the LDAP database for centralized management, you'll have to deal with dups.
My knowledge with LDAP is very simple and basic, but perhaps someone has a better idea on how to segment your LDAP tree to deal with dups. For the admin accounts, no big deal, you erase from /etc/passwd on each server and re-create once on the LDAP.
Best regards,