Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

LDAP Groups

LDAP Groups

LDAP Groups

I'm a newbie with LDAP but kind of getting thrown in. We're using OpenLDAP. Trying to wrap my head around the best practices for designing my directory(s).

We have 4 or 5 apps that we want to use LDAP with. Each of these apps we've been maintaining security inside the apps for years, now we want to migrate. Most have User and Group security, and this is where I'm stuck on how to design the LDAP to fit:

- should we have 1 LDAP generic fit for all apps, or is it better to setup separate LDAPs for each app? (there are different admins maintaining security for each app)...or is it best to have multiple branches? It seem to me with the varying requirements by each app that a seperate LDAP for each would make sense, and in order to provide easy access to the LDAPs for lower level admins to maintain, a seperate server would be easiest...(?) Perhaps with the admin thing I'm missing something with just having the right client tool to allow access to some areas (branches) but not all (???).

Basically I'm trying to decide Multiple LDAPS, or One. One Branch, or Many...

- how to setup the Groups? Our LDAP will containt Employees, some have access to some apps, and others do not. How to best setup this access? I am struggling also with Groups. Inside our apps we have security groups to control access...I'm not sure if LDAP should be used to control Groups or if this is best left to the App. If in LDAP, how (sample LDIF?) do we add a Group then add users?

First of a few questions I think...and I appreciate any advice...



Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close