[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Too many default groups in Skolelinux' LDAP schema?

Andreas Schuldei wrote:
* p.carsten@arcor.de (p.carsten@arcor.de) [040315 15:00]:
i found this here. what i did not find was a good reasoning for
having ranges for special groups/users like admins vs normal
users etc.

We've split the user information a bit in ldap. Our teachers have
uidNumbers between 10.000 and 19.999, and the students between
20.000 and 29.000, and there are some special groups that have no
uidNumbers (like mail groups, ..).
We even splitted the storage place of these entrys, students are in
ou=People,ou=edu,... and teachers in ou=People,ou=admin,... I think
this is a very special thing and nobody else ever came to that idea,
but it works here without problems, and it's an easy way to limit
user access to only teachers with fast ldap searches. (there are some
other internal backgrounds for this solution, e.g. that the edu tree
is imported from an "external" (that's a school management software
in lotus domino - we don't want it, but have to live with it)
application and admin is managed internally, ...).
The split of the uidNumbers can be used e.g. to only search students
or only search teachers. But you could use another attribute for this,
e.g. employeeType - which is additionally used to differ between
teachers and other (non-student) people.

I know that we have a very special solution which is maybe not the best,
but we spend a lot of time with the design and creation, and in fact we
underestimated the whole thing...

best regards,
          \\\ ||| ///                               _\=/_
           (  @ @  )                                (o o)
| Markus Schabel      TGM - Die Schule der Technik   www.tgm.ac.at |
| IT-Service          A-1200 Wien, Wexstrasse 19-23  net.tgm.ac.at |
| markus.schabel@tgm.ac.at                   Tel.: +43(1)33126/316 |
| markus.schabel@members.fsf.org             Fax.: +43(1)33126/154 |
| FSF Associate Member #597, Linux User #259595 (counter.li.org)   |
|        oOOo        Yet Another Spam Trap:     oOOo               |
|       (    )    oOOo    yast@tgm.ac.at       (   )     oOOo      |
+--------\  (----(   )--------------------------\ ( -----(   )-----+
          \_)     ) /                            \_)      ) /
                 (_/                                     (_/

Computers are like airconditioners:
  They stop working properly if you open windows.

Reply to: