LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices



Reply
 
Search this Thread
Old 07-08-2008, 03:52 AM   #1
haydenyoung
LQ Newbie
 
Registered: Nov 2004
Location: Perth, WA, Australia
Distribution: Ubuntu Dapper Drake, CentOS4
Posts: 13

Rep: Reputation: 0
LDAP for managing different types of users - Best Practices


Hi all

I currently have an openLdap server set up as my primary *nix account storage and authentication system (I know, I should be using kerberos, that's the next step) using Ubuntu Server 8.04. I'm also using ldap to authenticate users for my bugzilla, mediawiki, svn and joomla apps.

I use the smbldap tools to create and modify internal staff so that staff members can access their central home directory and shared nfs export. Other users are managed through the php ldapadmin console.

Currently, I have three *nix groups set up;

* internal - staff and other internal company users
* external - contractors and suppliers who need access to bugzilla, svn, etc
* customers - the customers we service


Internal users also have access to other things such as NFS exports, while external and customer groups can only use our online apps.

Also users are stored in ou=People,dc=mycompanyname,dc=com, and I group users based on their *nix group. However, what I'm wondering is whether I should be using a organizational unit (ou) child, e.g.;

dc=mycompanyname,dc=com
|-ou=People
|--ou=Customers
|--ou=Staff
|--ou=Suppliers

As there seems no point to storing external and customers groups as *nix groups because they will never have access to the server's filesystem.

Additionally, it is likely that Customers and Suppliers can be stored using the Address Book Entry schema as it seems to capture all the information we require.

I'm probably going to go with this new plan and am really just looking for validation that I'm on the right track. If I'm not on the right track what should I be doing to improve the structure of my ldap server?

Any help much appreciated.
 
  


Reply

Tags
ldap, linux, nfs, openldap, ubuntu


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Managing Users hybernate20 Linux - Security 1 04-11-2006 07:32 PM
Managing user Accounts with Group Policies, LDAP AdamSBS Linux - Software 2 08-24-2005 09:10 PM
Managing user accounts in LDAP AdamSBS Linux - Enterprise 3 08-24-2005 09:42 AM
managing users alcek2004 Linux - Newbie 2 09-20-2004 10:43 AM
What's the rundown for managing users? colabus Linux - Newbie 1 05-11-2004 08:24 PM


All times are GMT -5. The time now is 10:54 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration