I would create a suffix with something like "o=isp", then create
"o=k12.pa.us", "o=abc.org", "o=<primarydomain>", etc under that. Create
ou=people, ou=groups, etc under each, and set up admin groups, aci's,
etc to allow each to be managed separately, allow appropriate views by
users, etc.
Search o=isp as your base to see all entries, or o=<primarydomain>,o=isp
to see individual ones. (Note I say <primarydomain> instead of <domain>
because some organizations have more than one domain associated with
them - you don't have to define a branch for each domain you use -
organize things by how you want to manage them and restrict views, etc).
There is really no need to use the dc=k12,dc=pa,dc=us style tree - in
fact, in most cases I've set up, that was actually a bad choice. Sun
uses o=internet as a base under which to put a full dc tree (in their
5.x messaging software), but even they are moving away from that,
because it doesn't work very well in a lot of cases (though it works a
lot better than st=pa,c=us type trees). If you really want to use a
domain based tree, build it under something like o=internet. (i.e.
dc=k12,dc=pa,dc=us,o=internet, etc) so there is a common root.
- Jeff
Kevin Myer wrote:
On initial configuration and later in the management console, you specify or use
a "User directory subtree". For a single organization, this may be easy to
setup, but for ourselves, we manage directory entries for a variety of
.k12.pa.us, .org, and .net domains. So whats the best way of creating a view
that encompasses all of those? Is it possible to use a blank subtree, so that
when I search for a user from within the management application, I can find
them all, regardless of the domain components used? Or are there better ways
to handle this?
Thanks,
Kevin
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users