On 29-9-2011 2:26, criderkevin@aol.com wrote:
I'm learning and testing different ways of configure my LDAP to handle multiple apps. I gave up on groupofnames because I couldn't get searches to pull out the Users in a Group. I have probably 6 or so apps that will use the LDAP. I am leaning towards a simple structure, where each app has it's own branch in the LDAP. My reasoning is: it's easy to configure, may make ACL's easier to setup and manage, it will make searches easier to setup and test, and...why not...after all this isn't a database and duplicated "people" records don't matter. We may end up with 2 synching LDAPS, one for our network and email, and the other for our other apps, simply because the email system requires a very specific structure.
Just curious to hear from the more experienced what they do in their structure to handle multiple apps, and how sound my thinking is.
To have the same user listed more than once, just because he uses more apps, is against all my believes (and against any directory's as well, I guess): what happens if a user wanted to change their password?
Right now I'm using LDAP for routing inbound email, IMAP authentication, logon on my unix systems and authentication in web apps.
And all of them use the same userID.