Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

LDAP Modeling Best Practices

Tags:

sql

database-design

active-directory

ldap

I am very in tune with relational modeling but new to LDAP modeling and am looking for best practices for designing LDAP schemas. Would love to know what are the equivalents of third normal form and other practices in the world of LDAP?

Links to white papers that expand on this subject are greatly appreciated.

like image 850
McGovernTheory Avatar asked Apr 03 '09 15:04

McGovernTheory

3 Answers

Pick a standard schema, such as core, cosine, inetOrgPerson, eduPerson, Java Objects, etc. appropriate for your intended purpose. Most LDAP servers come with a collection of defaults.

Prefer the existing elements, but if you need to extend the schema, prefix with comCompany (your company's domain name, or other unique identifier) to avoid conflicts from future standard elements.

like image 172
Mark Brackett Avatar answered Sep 19 '22 03:09

Mark Brackett

Our experience shows the design of the schema and the DIT is very dependent on the purpose of the of the LDAP server.

For the schema, it is, generally, best to stick with the industry or LDAP server vendor's "standard".

For the structure of the DIT, unless it is for a file and print service (ie Active Directory) or OES (Netware) then generally a "flat" structure scales better.

If it is a large implementation (ie>100k) then groups should be avoided, if possible.

-jim

like image 39
jwilleke Avatar answered Sep 21 '22 03:09

jwilleke

Based on my experience denormalize as much as possible, as the goal, as mentioned earlier, with LDAP is very fast lookup, but that means that the insertion of records may take longer, after a while. It is also important to make certain that you can keep backups of the ldap.

You may want to look at creating various classes though, such as a user, but also have a class for the authorization user, if needed.

Look at what is probably going to be needed. For example, at the university I was at we realized that some people that only tangentially have a relationship with the university will have an LDAP account.

As you scope out what types of users or resources will be in the ldap then it will help you determine how to set people up. For example, if you have one class that is only a username or identifier and a password, and perhaps a certificate, then it would be helpful for flexibility.

If you are going to allow people to log in from their unix account then there are certain classes that must be in the schema.

like image 31
James Black Avatar answered Sep 20 '22 03:09

James Black
Sign in to Comment

Related questions

Where can I find sql statement log in postgresql?
How to select all hours between two dates?
SQLAlchemy filter according to nested keys in JSONB
How to determine if sql table is Temporal?
Pragma in Select request
SQL Server - contains an invalid XML identifier as required by FOR XML;
how to add new line in mysql concat?
Connecting R to postgreSQL database
Postgresql ERROR: operator does not exist: date ~~ unknown
Incorrect syntax near '('. Expecting ID
StartsWith() doesn't translate to Like('abc%') in LINQ
Postgres regex begins with ^ and ends with $ using LIKE
Escaping single quotes in REDSHIFT SQL
Stored Procedure argument "NULL" or "= NULL"
view SQL executed by Jasper report
How to transform rows to columns
Php/ MySql 'Advanced Search' Page
Tricky active record relationships - polymorphic bi-directional self-referential
TSQL command to connect to another server (SQL Server 2005)
Efficient SQL Query/Schema for a Leader Board

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!