I am fairly new to LDAP in general, so please excuse any syntax errors. I have a radius proxy which will query an LDAP data store to determine if a user has access to a host. I want to reuse the concept of how users are defined:

Ou=users -> defines all users Ou=groups -> defines all groups Ou=groups,cn=groupname -> links the users to the group

With hosts. My problem is that I cannot find any specific formal definition on how this is done (in terms of what each subtree¹s objectClass should be). Has anyone done this, or can point me in the right direction?

All the user/groups based stuff is based on posixGroup, which im pretty sure is unix/linux concept ­ can this be used for what I am trying to do with hosts?

Basic architecutre: Ou=hosts -> defines a host Ou=hostGroups -> defines a group name (organizationlUnit?) Ou=hostGroups,cn=hostGroupName -> this will link what hosts are in the group

Thanks for any help.