Starting openLDAP

Question

I work as a sysadmin in a company and i am required to Deploy openLDAP. I have read a lot of materials but i really can't figure out where to start.

First about the company:

Services:

Email: every user gets an email account such as firstname.middlename.anothername.lastname@company.com and an email alias/forwarder of the format firstname@company.com or sometimes [First-letter-of-first-name]lastname@compant.com
Jabber: every user gets a jabber account of format firstname@jabber.company.com. In some cases this becomes firstname.lastname if names collide.
Trac and Redmine: Every use gets accounts for trac and redmine which are usually his first name.
A timetrex login as firstname or first.lastname.
A machine login, firstname.
Membership to mailing lists such as all@company.com, management@company.com, accounts@company.com and etc.
A MediaWiki account, again of the same format as email alias/forwarder.
A ssh account on one of deployment server of the same format as email alias/forwarder.

What i think i should do: I should use inetOrgPerson and create custom scheme for our organization. What i am unsure is how can i manage so many different logins and how will respect software know which login to use. I have written a custom scheme that can store following information:

Full name
Phone
Cell
Address
City
Country
Department
Joined on

Will anyone point me to the right direction? i have wasted a lot of time searching over it but couldnt come up with anything... Really appreciate you taking time and reading the question.

Consider reducing the number of distinct user names for login. For example, if you have your own mail server, the login doesn't need to be the email address. Let the people have 1 username for logins, and have all the services lookup ldap for that login and password. — mivk, Mar 25 '16 at 18:41

score 10 · Accepted Answer · answered Jul 27 '09 at 05:49

You really don't need to build a custom schema for this. We accomplished 1-3, and 5-8 using just inetOrgPerson and posixAccount with a little bit of Trac custom schema (downloaded from the web) thrown in.

There are two big problems with learning how to deploy an LDAP directory:

By all appearances, there is some secret magic to determining a good layout for the directory.
There is no secret magic to determining a good layout for the directory.

My advice is to start small, use existing schemas, and integrate things one step at a time. It is reasonably easy to add information to the directory, or layer new objectClasses on top of entities. It only gets hard when you want to move or delete information from the directory.

Use a mostly flat organizational scheme, too, or you will go insane.

Good luck, I promise it is easier than it looks.

+1 Avoid custom schemas if you can, they're just likely to cause someone headaches in future. — theotherreceive, Jul 27 '09 at 07:18
+1 for the answer and for comment(s) on _avoiding_ custom schemas. — asdmin, Jul 27 '09 at 07:40
memberships are better handled with groups, usually. I strongly advocate thinking about a barebone groups layout from the beginning. — Francesco Malvezzi, Oct 22 '15 at 08:47

Starting openLDAP

1 Answers1