I'm looking for an optimal design for a new OpenLDAP infrastructure. I read the following answers(s) but it did not answer what I was looking for.
Active Directory OU design for <500 users, 4 locations
I understand there may be many ways this could be done but I'm looking for someone with experience who can recommend an optimal design.
Here are the requirements --
- 2 offices in US, 5 offices in EU and 2 offices in Asia.
- Sales, marketing, technology, support teams
- 3rd party service providers who need access to our applications.
- Service accounts such for bind from applications authenticating against LDAP - jira/email/wiki etc
There will be groups for each of the business functions for email lists and access to respective applications. I suppose these will be 'groups' while the users will be in OU's?
As detailed answer as it can be appreciated! I'd be happy to improve the question for more clarity if there is any ambuiguity in the question
Rule 1: Don't make the mistake of modelling your DIT against your organization. Organizations change. DITs are rather hard to change once in place.
Just have users, applications, roles or groups, locations, etc., and use attributes and aliases to map between them.
Remember for example that any specific user may move to another office; may acquire and shed roles; may also become a customer and/or a vendor; ...