Blueprint changed by Ante Karamatić: Whiteboard changed to:
dendrobates: This is a good idea, but I would like to see a community discussion about DIT layout. i.e. the use of dc=example,dc=com, over o=example.com. I have almost always used dc, but not for any good reason. ru: having DIT in any form is very important for corporations. this feature can (in future) replace MS AD ecosystem. koptein: DIT and ldap means not (mail-, directory, or other) domains. dc=example,dc=com is for a domain, also o=example.com is a domain and both aren't very good for a bigger company structure. One example - for better clarification - i use .uk (or .de, nl, ...). If you start with dc=example,dc=uk and your company grow up with another location, say example.br, how can s/o layout this new structure. Same for o=example.uk and o= or ou= or c= ... example.br? Always a new DIT for a new location? The important thing is not the domain (whatever domain), is is the name of the structure, the comany. So for one of the best (L)DAP implementation (NDS or eDirectory) nearly everyone recomends an o=example -- without any com, org, net, uk, br, ... and other locations (or parts of an comypnay like sales, hr, stock, ...) are in the second level in the DIT, like ou=br. LDAP is not only for users and groups, what about computers, DNS, DHCP, Harddisk, Pools, Volumes (LVM), SoftwareRAID-Level, Rights, Clusterconfiguration, Loadbalancing, Routing, RIP, BGP, Applications and many more? Think bigger but start small. ru: 2 koptein - And what to do if we have many companies at one server(s)? just create "o=MyCompany and o=AsteriskCompany and o=AnotherOneCompany"? What is the difference with "dc=MyCompany,dc=com and dc=AsteriskCompany,dc=com and dc=AnotherCompany,dc=com" ? We need some strategy for DIT with many locations / contries / companies. 2 all - From Ubuntu survey - it seems that Ubuntu server are usually used by SOHO, and they do not use Ubuntu as directory server because of lack DIT feature. For me it means that better to have DIT good for SOHO and suitable for big companies. From my point DIT in Ubuntu is most important feature in 9.04 release. ru: is there any work with this blueprint? if not - may be use eBox as official DIT for Ubuntu? or may be Canonical do not want to create any competitor to their proprietary Landscape. Is any ideas? ivoks: let's break away from o=organization and dc=domain,dc=com. Clearly, both are false thinking since, as ru said, this logic doesn't cover more organizations under one 'o' or more domains under one 'dc'. Let's start thinking about server as a top organization. So, instead 'o=Organization Name', let's do 'o=Server Name'. That way we could have lots of organizations and lots of domains on the same server. We should just follow the logic of setup. We setup domain/organization on server - make the server top tree. -- Default LDAP DIT for user and group managment https://blueprints.edge.launchpad.net/ubuntu/+spec/ldap-defaultdit-usergrp-mgmt -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
