Hi all,

I'm still a newbie about openLDAP, but I need already to get the right choice in this design phase in order to avoid terrible troubles in the next future :)

*How would you map the following scenario as for DIT and ACL (olc) ?* We have two companies: *wiki.com http://wiki.com* and *grape.jp http://grape.jp*.

# Data set a) *wiki.com http://wiki.com* is the one hosting openLDAP and has several user accounts registered into. b) *grape.jp http://grape.jp* can create user accounts in the same openLDAP hosted by *wiki.com http://wiki.com*

# Authorization c) *wiki.com http://wiki.com *can see and manage all the user accounts. d) *grape.jp http://grape.jp* can manage only user accounts created by itself.

I'm thinking at the following configuration: one database called "dn=wiki,dn=com" which requires objects with following schema

dn: mail=user1@wiki.com http://wikitude.com/,dc=wiki,dc=com objectclass: inetOrgPerson cn: <user1 nickname> givenname: <user1 first name> mail: user1@wiki.com test.fromcmdline@wikitude.com sn: <user1 surname> userPassword: aNiceEncryptedPassword o:<either wiki.com or grape.jp depending on who has created the user>

and then setting a proper ACL (olc) on the attribute '*o*' in order to defined who can access what (but on this side I need still to understand A LOT).

My configuration is driven from the fact I need also to integrate Liferay 6.1 which needs to see all the user accounts :-(

Let me thank you for having read till here! Any suggestion and/or reference would be highly appreciated.

Best Regards,

Simone

P.s. I was looking also for a good guide/book on Amazon, but everything looks quite outdated...