Penguin
Blame: LDAPBestPractices
EditPageHistoryDiffInfoLikePages
Annotated edit history of LDAPBestPractices version 1, including all changes. View license author blame.
Rev Author # Line
1 PerryLorier 1 !!!Basedn
2 If you have a domain name that you legally own then use it broken up with dc's as your basedn. eg: if example.com is your domain, your basedn is "dc=example,dc=com". Windows ActiveDirectory uses this convention. One of the advantages of using this convention is it makes it easy to guess what your basedn will be, and to do referals.
3
4 !!!Configuration
5 Keep schemacheck on, you'll save yourself some headaches in the future.
6
7 !!!Example tree
8 dc=example,dc=com
9 ou=Users
10 uid=perry
11 uid=daniel
12 uid=craig
13 ou=Groups
14 uid=users
15 uid=admins
16
17 Configure ldap to use [SSL] where possible, preferably over ldaps. Beware that by default people can bind anonymously and browse your tree, so consider in your ACL's anonymous users.
18
19 Consider creating users for services that need to be able to bind to the tree, such as mail.
20
21 todo: discuss schemas
22
23 ----
24
25 Part of CategoryBestPractices