View Source: LDAPBestPractices - Waikato Linux Users Group

Edit PageHistory Diff Info LikePages

!!!Basedn
If you have a domain name that you legally own then use it broken up with dc's as your basedn. eg: if example.com is your domain, your basedn is "dc=example,dc=com".  Windows ActiveDirectory uses this convention.   One of the advantages of using this convention is it makes it easy to guess what your basedn will be, and to do referals.

!!!Configuration
Keep schemacheck on, you'll save yourself some headaches in the future.

!!!Example tree
 dc=example,dc=com
  ou=Users
   uid=perry
   uid=daniel
   uid=craig
  ou=Groups
   uid=users
   uid=admins

Configure ldap to use [SSL] where possible, preferably over ldaps.  Beware that by default people can bind anonymously and browse your tree, so consider in your ACL's anonymous users.

Consider creating users for services that need to be able to bind to the tree, such as mail.

todo: discuss schemas

----

Part of CategoryBestPractices

One page links to LDAPBestPractices:

BestPractices

Last edited on Sunday, August 22, 2004 2:32:15 pm by PerryLorier

Edit PageHistory Diff Info LikePages