ldap?
jsf
jfreeman at gmail.com
Mon Nov 22 17:46:00 EST 2004
Does anyone here have serious LDAP-FU?
I run the IT dept. for the NY Botanical Garden (I used to live in
Boston.. that's why I'm on this list!).
Here are some statistics:
there are maybe a dozen divisions
there are approximately 40 departments
some divisions are concatenations of several departments
some divisions can be considered both divisions AND departments in the
same entity because they are only comprised of one 'department' but
the departmental head signs off as 'division head'.
Maybe the way to envision it is that there are divisions and there are
sub-divisions... divisions are either standalone divisions or
divisions may encompass 2 or more sub-divisions...
there are approx. 530 employees, most of whom are users on the network
and most of whom have an email address and an extension
there are approx. 40 servers and 600 workstations... [n] fax machines,
[nn] printers..etc..
there are switches, routers, hubs, other networking equipment..etc.
....
Here are some things i'd like to see as part of our LDAP implementation:
there needs to be a class of people who are admins or managers over
the whole directory.
within each division and sub-division there should be a designated
admin who can, within, his/her division or sub-division, make changes
to the people records in his/her area..
only IT staff should be managing accounts and 'assets' (computers,
printers, switches, etc...)
So... I'm trying to figure out how best to set up the LDAP directory:
the container is: dc=nybg,dc=org
how many org units do you recommend?
ou=assets to contain computers, switches, faxes, printers, etc..
ou= accounts to contain accounts?
ou= divisions to contain just divisions? or divisions and sub-divisions?...
You can see I'm already overwhelmed.. the good news is i'm in the
middle of reading Brian Arkills' book "LDAP Directories Explained"..
but I would still love some advice from those of you who've had to
deploy these things in the real world.
TIA,
J.
p.s. I subscribe to the digest, so please also copy me directly if you would.
Thanks!
J.
More information about the gnhlug-discuss
mailing list