Annotated edit history of
LDAPBestPractices version 1, including all changes.
View license author blame.
| Rev |
Author |
# |
Line |
| 1 |
PerryLorier |
1 |
!!!Basedn |
| |
|
2 |
If you have a domain name that you legally own then use it broken up with dc's as your basedn. eg: if example.com is your domain, your basedn is "dc=example,dc=com". Windows ActiveDirectory uses this convention. One of the advantages of using this convention is it makes it easy to guess what your basedn will be, and to do referals. |
| |
|
3 |
|
| |
|
4 |
!!!Configuration |
| |
|
5 |
Keep schemacheck on, you'll save yourself some headaches in the future. |
| |
|
6 |
|
| |
|
7 |
!!!Example tree |
| |
|
8 |
dc=example,dc=com |
| |
|
9 |
ou=Users |
| |
|
10 |
uid=perry |
| |
|
11 |
uid=daniel |
| |
|
12 |
uid=craig |
| |
|
13 |
ou=Groups |
| |
|
14 |
uid=users |
| |
|
15 |
uid=admins |
| |
|
16 |
|
| |
|
17 |
Configure ldap to use [SSL] where possible, preferably over ldaps. Beware that by default people can bind anonymously and browse your tree, so consider in your ACL's anonymous users. |
| |
|
18 |
|
| |
|
19 |
Consider creating users for services that need to be able to bind to the tree, such as mail. |
| |
|
20 |
|
| |
|
21 |
todo: discuss schemas |
| |
|
22 |
|
| |
|
23 |
---- |
| |
|
24 |
|
| |
|
25 |
Part of CategoryBestPractices |
