Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Andrzejek on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

LDAP Groups

Status
Not open for further replies.

vBean

Programmer
Jun 13, 2003
12
US
I'm a newbie with LDAP but kind of getting thrown in. We're using OpenLDAP. Trying to wrap my head around the best practices for designing my directory(s).

We have 4 or 5 apps that we want to use LDAP with. Each of these apps we've been maintaining security inside the apps for years, now we want to migrate. Most have User and Group security, and this is where I'm stuck on how to design the LDAP to fit:

- should we have 1 LDAP generic fit for all apps, or is it better to setup separate LDAPs for each app? (there are different admins maintaining security for each app)...or is it best to have multiple branches? It seem to me with the varying requirements by each app that a seperate LDAP for each would make sense, and in order to provide easy access to the LDAPs for lower level admins to maintain, a seperate server would be easiest...(?) Perhaps with the admin thing I'm missing something with just having the right client tool to allow access to some areas (branches) but not all (???).

Basically I'm trying to decide Multiple LDAPS, or One. One Branch, or Many...

- how to setup the Groups? Our LDAP will containt Employees, some have access to some apps, and others do not. How to best setup this access? I am struggling also with Groups. Inside our apps we have security groups to control access...I'm not sure if LDAP should be used to control Groups or if this is best left to the App. If in LDAP, how (sample LDIF?) do we add a Group then add users?

First of a few questions I think...and I appreciate any advice...

Kevin

 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top