# Top-level structure of the LDAP hierarchy

dn: dc=example,dc=com
objectclass: top
objectclass: dcObject
objectclass: organization
dc: example
o: Example Corporation

dn: ou=People,dc=example,dc=com
objectclass: top
objectclass: organizationalUnit
ou: People

dn: ou=Groups,dc=example,dc=com
objectclass: top
objectclass: organizationalUnit
ou: Groups

# Users.

# Note that passwords are cleartext here, but an LDAP will allow safer ways like using hashes.

# The master user has all privileges: handy during development.

dn: uid=master,ou=People,dc=example,dc=com
objectclass: top
objectclass: uidObject
objectclass: person
uid: master
cn: Master Admin
sn: Admin
userPassword: master

# This admin user has rights to all admin roles: in this case functional admin and technical admin.

dn: uid=admin,ou=People,dc=example,dc=com
objectclass: top
objectclass: uidObject
objectclass: person
uid: admin
cn: Admin Nonymous
sn: Admin
userPassword: admin

# A standard user of your system.

dn: uid=member,ou=People,dc=example,dc=com
objectclass: top
objectclass: uidObject
objectclass: person
uid: member
cn: Marcel Ember
sn: Member
userPassword: member

# Groups. 
# Assigning somebody to one or more groups will allow you to do role-based authorization in an application.

dn: cn=NormalUser,ou=Groups,dc=example,dc=com
objectclass: top
objectclass: groupOfNames
cn: NormalUser
description: the group of regular users
member: uid=normaluser,ou=People,dc=example,dc=com
member: uid=master,ou=People,dc=example,dc=com

dn: cn=FunctionalAdmin,ou=Groups,dc=example,dc=com
objectclass: top
objectclass: groupOfNames
cn: FunctionalAdmin
description: the role to manage certificates (the RPKI engine)
member: uid=admin,ou=People,dc=example,dc=com
member: uid=master,ou=People,dc=example,dc=com

dn: cn=TechnicalAdmin,ou=Groups,dc=example,dc=com
objectclass: top
objectclass: groupOfNames
cn: TechnicalAdmin
description: the role to manage resources
member: uid=admin,ou=People,dc=example,dc=com
member: uid=master,ou=People,dc=example,dc=com