[Blueprint ldap-defaultdit-usergrp-mgmt] Default LDAP DIT for user and group managment

.Ru vodarus at gmail.com
Wed Feb 11 10:30:53 GMT 2009


Blueprint changed by .Ru:

Whiteboard changed to:

dendrobates:  This is a good idea, but I would like to see a community
discussion about DIT layout. i.e. the use of dc=example,dc=com, over
o=example.com.  I have almost always used dc, but not for any good
reason.

ru: having DIT in any form is very important for corporations. this
feature can (in future) replace MS AD ecosystem.

koptein: DIT and ldap means not (mail-, directory, or other) domains.
dc=example,dc=com is for a domain, also o=example.com is a domain and
both aren't very good for a bigger company structure.  One example - for
better clarification - i use .uk (or .de, nl, ...).

If you start with dc=example,dc=uk and your company grow up with another location, say example.br, how can s/o layout this new structure. Same for o=example.uk and o= or ou= or c= ...  example.br? Always a new DIT for a new location? The important thing is not the domain (whatever domain), is is the name of the structure, the comany. So for one of the best (L)DAP implementation (NDS or eDirectory) nearly everyone recomends an o=example  -- without any com, org, net, uk, br, ...  and other locations (or parts of an comypnay like sales, hr, stock, ...) are in the second level in the DIT, like ou=br. 
LDAP is not only for users and groups, what about computers, DNS, DHCP, Harddisk, Pools, Volumes (LVM), SoftwareRAID-Level, Rights, Clusterconfiguration, Loadbalancing, Routing, RIP, BGP, Applications and many more? Think bigger but start small.   

ru: 2 koptein - And what to do if we have many companies at one
server(s)? just create "o=MyCompany and o=AsteriskCompany and
o=AnotherOneCompany"? What is the difference with "dc=MyCompany,dc=com
and dc=AsteriskCompany,dc=com and dc=AnotherCompany,dc=com" ? We need
some strategy for DIT with many locations / contries / companies.

2 all - From Ubuntu survey - it seems that Ubuntu server are usually
used by SOHO, and they do not use Ubuntu as directory server because of
lack DIT feature. For me it means that better to have DIT good for SOHO
and suitable for big companies. From my point DIT in Ubuntu is most
important feature in 9.04 release.

-- 
  Default LDAP DIT for user and group managment
  https://blueprints.launchpad.net/ubuntu/+spec/ldap-defaultdit-usergrp-mgmt



More information about the Ubuntu-server-bugs mailing list