"If there is one thing that never changes, it's change"
I cannot give a general recommendation other than thinking of all the possible changes over the lifetime of your tree before starting. For example people can change their names, people may change departments, working groups, roles, etc. You can end up with two people having the same name.
I would not have believed it, but we had one case where two different people had the same name, the same date of birth and the same address...
Regards, Ulrich
Joshua Riffle jriffle@apu.edu schrieb am 13.03.2014 um 17:18 in Nachricht
CACmOZFqjSpgsDiH2cpPdy8SYxhwyvL_YgsGCYaHJBwnGOS02oA@mail.gmail.com:
I'm aware this may not be the best mailing list to discuss something as generalized as best practices for LDAP structuring within OpenLDAP, but would anyone be able to direct me to a mailing list that would be better suited for this kind of conversation?
I'm looking for any or all of these kinds of communications within a mailing list:
- Designing a person, account, group LDAP tree directory that would be
scalable and flexible enough to grow to large sizes (millions) and still have a grip on best practices for identity management on an enterprise level.
- Specifically for an educational institution if I can share the aches
and pains of other directory owners with similar problems.
- I also am trying to prove / disprove the use of having a person
directory object with multiple child account objects as good or bad architecture and understand why. I've never seen this discussed in practice.
- Good and bad ways to relate tree objects with each other. I only know
of parent / child tree relationships or more "softly" by using DN's within an attribute like the group-member relationship.
Joshua Riffle Software Engineer *Azusa Pacific University*