On 17 Oct (19:05), Slepp Lukwai wrote: > In a small LDAP directory, it's easy enough to manage users in a heirarchy > like: > > uid=username, dc=domain.com, o=Geeks Anonymous, c=CA > > However, I decided to play a bit, and I created 2000 test users in > test.geeksanon.ca... > > Using the LDAP admin packages gets exceptionally annoying and slow with > this layout (I couldn't imagine trying to use a front end for LDAP admin > that lists all the users if you had 50,000 in one level). > > Does anyone here use a more creative heirarchy to keep things in smaller, > easy to manage packages?
Try to integrate "organizational unit". You could use it to seperate different "types" of entries, like Customer FTP-Accounts with "ou=customer-ftp, dc=accounts, o=foo, c=bar" from internal E-Mail accounts in "ou=mail, dc=accounts, o=foo, c=bar" and so on. I recommend to keep the tree low. Further reading: http://developer.netscape.com/docs/books/macmillan/ldap/ldapbk.html Chapter Schema Design, Data Design. > I've thought of changing the DN to have another component such as > initials=s I'm currently trying to get rid of business meaning in my DNs, much the same like not using the primary key in your relational database for any business rules. E.g. with uid=username and username is the initials of the realname of a person, you will run into trouble if this person marries and decides to change the lastname. I'm using unique integer IDs after that experience. -- Christian Bauer System Services Blue Mars GmbH mailto:[EMAIL PROTECTED] Ebersheimstrasse 5 http://www.bluemars.de/ D-60320 Frankfurt/Main Tel: +49/(0)69/46 99 73-0
