It took a lot of digging to figure out how I should approach choosing a good LDAP directory layout for my house but Michael Donnelly seems to have an answer I like. I created Organizational Units to hold all the people and all the computers. I want to have a few canonical OUs that hold the base records for each of these things then have other OUs that reference them and group by access. I don't know that I have it all figured out right just yet, but phpLDAPadmin makes it simple to move things around. Just make sure to hit the "Purge caches" link if you move stuff on one computer then view it on another.
↧