Reputation: 35
What is the difference between Organizational Unit and posixGroup in LDAP?
I want to organize my organization with the LDAP protocol. What is the difference between Organizational Unit and posixGroup?
Upvotes: 2
Views: 6795
Answers (1)
Reputation: 355
Organizational Units (OU's) are used to define a hierarchical tree structure to organize entries in a directory (users, computers, groups, etc.). Like Pavel said, posixGroup is an object class for entries that represent a UNIX group.
You'll want to use OU's to organize your LDAP entries. For example:
+ OU=Users,DC=example,DC=com
- CN=Jane Doe,OU=Users,DC=example,DC=com
- CN=John Smith,OU=Users,DC=example,DC=com
+ OU=Groups,DC=example,DC=com
+ OU=DistributionLists,OU=Groups,DC=example,DC=com
- CN=DL_ITNews,OU=DistributionLists,OU=Groups,DC=example,DC=com
+ OU=PosixGroups,OU=Groups,DC=example,DC=com
- CN=GlobalAdmins,OU=PosixGroups,OU=Groups,DC=example,DC=com
- CN=LocalSudoers,OU=PosixGroups,OU=Groups,DC=example,DC=com
+ OU=Computers,DC=example,DC=com
+ OU=Laptops,OU=Computers,DC=example,DC=com
- CN=LaptopA,OU=Laptops,OU=Computers,DC=example,DC=com
- CN=LaptopB,OU=Laptops,OU=Computers,DC=example,DC=com
+ OU=Desktops,OU=Computers,DC=example,DC=com
- CN=DesktopA,OU=Desktops,OU=Computers,DC=example,DC=com
- CN=DesktopB,OU=Desktops,OU=Computers,DC=example,DC=com
This gives us a logical way of maintaining many different types of LDAP entries, and OU's can be "extended" to imply more distinction between similar entries. Here we have two posixGroup entries that have been organized into their own OU PosixGroups that belongs to the parent OU Groups. These groups may have attributes that describe the group or define membership (e.g. Jane Doe may be in the GlobalAdmins group that grants root access to all devices in the Computers OU), but how the posixGroups are used and what rules apply to them are defined by the SysAdmins and the applications that use them. The posixGroups themselves do not supply any inherent organizational structure, unlike OU's.
Upvotes: 3
Related Questions
- OpenLDAP associate existing users to an organization unit (OU)
- Can we use multiple ou's (organizational unit) in Apache LDAP along with Postgresql
- What type of group to choose in OpenLDAP for grouping users
- How do I query an organizational unit for its groups with LDAP?
- Nested posixgroup in OpenLDAP
- Is it possible to allocate one user (entry) below two different OU (Organizational Unit) in OpenLDAP?
- what does objetclass=posixAccount mean in LDAP?
- Are GROUPS and ROLES the same thing in OpenDJ LDAP?
- Link people to organizational Units in a LDAP DIT tree
- LDAP: can an organizational unit be a member of a group?