0

I'm looking for an optimal design for a new OpenLDAP infrastructure. I read the following answers(s) but it did not answer what I was looking for.

Active Directory OU design for <500 users, 4 locations

I understand there may be many ways this could be done but I'm looking for someone with experience who can recommend an optimal design.

Here are the requirements -- - 2 offices in US, 5 offices in EU and 2 offices in Asia.
- Sales, marketing, technology, support teams - 3rd party service providers who need access to our applications. - Service accounts such for bind from applications authenticating against LDAP - jira/email/wiki etc

There will be groups for each of the business functions for email lists and access to respective applications. I suppose these will be 'groups' while the users will be in OU's?

As detailed answer as it can be appreciated! I'd be happy to improve the question for more clarity if there is any ambuiguity in the question

Community
  • 1
Chida
  • 2,491
  • 1
  • 17
  • 29
  • What are your requirements? Are you talking about the physical layout or the logical design? Are you already running an Active Directory as most companies do for their Windows desktop support, MS Exchange etc. and do you really need a second directory? How strong is your requirement for OpenLDAP or would another directory work as well? Do you have datacenters on each continent serving multiple offices? Or should each location be able to keep on running independently? Is the directory going to be centrally managed or do you need to delegate responsibilities to local/regional support teams? – HBruijn Sep 06 '14 at 09:17
  • We are not running any directory service. What I need is the LDAP structure from a OU / Groups for the users in multiple locations across functions – Chida Sep 06 '14 at 16:28

1 Answers1

1

Rule 1: Don't make the mistake of modelling your DIT against your organization. Organizations change. DITs are rather hard to change once in place.

Just have users, applications, roles or groups, locations, etc., and use attributes and aliases to map between them.

Remember for example that any specific user may move to another office; may acquire and shed roles; may also become a customer and/or a vendor; ...

user207421
  • 1,010
  • 6
  • 16
  • I liked your answer however wish it was more detailed. Are you saying, I do OU's for users, applications and create groups for sales, marketing etc? – Chida Sep 12 '14 at 04:10