I plan to have a place in my directory to hold all of the unprivileged and unmanaged users for hosted websites.
I don't know if I should put them in ou=Users, a sub ou I could call "ou=Unmanaged Users,ou=Users" per the recommendations of Microsoft, or if I will be using a parallel ou called ou=Unmanaged. I could also just put the managed and unmanaged users in ou=Users, but I don't like the idea of the name space clashes.
I am running a slapd in a all Linux environment so group policy will not come into play, but I don't want the unmanaged users to be able to query outside of their ou and I prefer if they couldn't query each other's password hashes.
[link] [comments]