Please check the status of this specification in Launchpad before editing it. If it is Approved, contact the Assignee or another knowledgeable person before making changes.


The spec describes a default LDAP DIT to manage Users and Groups using an Ubuntu Server.

Release Note


Installing the default openldap package requires a lot of manual steps to get a complete directory infrastructure up and running. Setting up the directory structure requires knowledge about schemas and ldap trees. Let's provide a default DIT to handle the common use case of managing User and Groups with an LDAP infrastructure using Ubuntu Server as the LDAP server.

Use Cases


User and Group management tools are not covered by this specification.


A default layout suitable for user and group management in a unix environment will be provided:

Schemas available by default

DIT layout

Windows networking support

samba can use ldap as backend to store user and machine account information. It uses a samba.schema file available in the samba package.

DIT Layout

The following changes are needed:

Kerberos support

MIT can use ldap as a backend for their kdb. It uses a kerberos.schema file available in the MIT package.

DIT Layout

The following changes are needed:


Openldap 2.4 will be used as the ldap server.

A new package, ubuntu-default-dit, will create the DIT structure outlined above. It will use the cn=config infrastructure to install additional schemas and then create a new db backend to hold the new tree. Editing the slapd configuration shouldn't be needed.

The sambak5pwd overlay will be loaded by default to keep unix, samba and kerberos authentication information synchronised. However the overlay is designed to support Heimdal. Changes may need to be done to support MIT KDB.

Outstanding Issues


BoF agenda and discussion


DefaultLDAPDITForUserGroupMgmt (last edited 2008-08-06 16:15:55 by localhost)