I am looking at the same problem and I would be grateful for the collective
wisdom of this mailing list. The immediate problem I have is how to compose
a suitable RDN. At the moment I have a people directory with entries like:
cn=Joe Bloggs+empid=xyz, ou=BT labs, o=bt, c=gb
For security I need to store certificates etc in a separate directory but be
able to look up certificates associated with people in the main directory
(using employee id as a common key). If I create the certificate entries as
certid=....,ou=BT labs, o=bt, c=gb
Then it seems to be difficult (impossible) to partition this as a separate
directory, if I do something like:
certid=....,ou=BT labs PKI, o=bt, c=gb
or
certid=....,subou=PKI, ou=BT labs, o=bt, c=gb
then mapping onto a separate directory is easier but the naming seems clumsy
and artificial not to mention that I am now inventing fictional components
of my company.
I guess the general issue here is how do you design the naming scheme if you
need multiple directories within one unit of an organization. Am I (I hope)
missing something obvious or is this really as awkward to do as I've made it
sound?
Cheers,
Ed Oskiewicz
---
B54/76, BT Labs, Martlesham Heath, Ipswich, Suffolk, UK, IP5 7RE
oskiewicz_e_p@bt-web.bt.co.uk, eoskiewi@jungle.bt.co.uk
Tel +44 1473 640896, Fax +44 1473 640929