I work as a sysadmin in a company and i am required to Deploy openLDAP. I have read a lot of materials but i really can't figure out where to start.
First about the company:
Services:
- Email: every user gets an email account such as [email protected] and an email alias/forwarder of the format [email protected] or sometimes [First-letter-of-first-name][email protected]
- Jabber: every user gets a jabber account of format [email protected]. In some cases this becomes firstname.lastname if names collide.
- Trac and Redmine: Every use gets accounts for trac and redmine which are usually his first name.
- A timetrex login as firstname or first.lastname.
- A machine login, firstname.
- Membership to mailing lists such as [email protected], [email protected], [email protected] and etc.
- A MediaWiki account, again of the same format as email alias/forwarder.
- A ssh account on one of deployment server of the same format as email alias/forwarder.
What i think i should do: I should use inetOrgPerson and create custom scheme for our organization. What i am unsure is how can i manage so many different logins and how will respect software know which login to use. I have written a custom scheme that can store following information:
- Full name
- Phone
- Cell
- Address
- City
- Country
- Department
- Joined on
Will anyone point me to the right direction? i have wasted a lot of time searching over it but couldnt come up with anything... Really appreciate you taking time and reading the question.
You really don't need to build a custom schema for this. We accomplished 1-3, and 5-8 using just inetOrgPerson and posixAccount with a little bit of Trac custom schema (downloaded from the web) thrown in.
There are two big problems with learning how to deploy an LDAP directory:
My advice is to start small, use existing schemas, and integrate things one step at a time. It is reasonably easy to add information to the directory, or layer new objectClasses on top of entities. It only gets hard when you want to move or delete information from the directory.
Use a mostly flat organizational scheme, too, or you will go insane.
Good luck, I promise it is easier than it looks.