1 files changed, 85 insertions, 0 deletions

diff --git a/ldap/README.dit b/ldap/README.dit
new file mode 100644
index 0000000..6077a57
--- /dev/null
+++ b/ldap/README.dit
@@ -0,0 +1,85 @@
+Directory Information Trees
+===========================
+
+A common misconception of LDAP is that a specific data structure is
+required, mandated by the applications interacting with the data.  
+Such rigid structure is common in SQL databases, but LDAP is
+fundamentally different.
+
+Same object database is used across many applications, and the
+applications should not assume a specific structure.
+
+Best approach is to compose a Directory Information Structure - a "DIT"
+- to best reflect the company or organization behind the applications,
+and focus on convenient ACL handling and reuse of objects across
+applications, rather than letting the applications define the structure.
+
+
+Default Debian DIT
+------------------
+
+dc=example,dc=com
+`-- cn=admin
+
+
+Simple DIT
+----------
+
+dc=example,dc=com
+|-- cn=horde
+|-- ou=users
+|   |--cn=jonas
+|   |--cn=christian
+|   `--cn=admin
+`-- ou=groups
+
+Based on <http://wiki.horde.org/NewLDAPHowTo>.
+
+
+App-centric heterogenous DIT
+----------------------------
+
+dc=example,dc=com
+|-- cn=NextFreeUnixId,dc=example,dc=com
+|-- ou=DSA
+|   `-- cn=horde
+`-- ou=horde
+    |-- ou=users
+    |   |--cn=jonas
+    |   |--cn=christian
+    |   `--cn=admin
+    `-- ou=groups
+
+Based on <http://wiki.horde.org/ExistingLDAPHowTo>.
+
+
+Org-centric heterogenous DIT
+----------------------------
+
+dc=example,dc=com
+|-- ou=Customers
+|   `-- cn=Apple
+|-- ou=SubSystems
+|   |-- ou=Horde
+|   `-- ou=Mail
+|-- ou=SAM
+|   |-- ou=Groups
+|   |-- ou=Hosts
+|   |-- ou=Services
+|   |-- ou=idMap
+|   |-- ou=Entities
+|   |-- ou=System
+|   |-- ou=People
+|       |--cn=jonas
+|       `--cn=christian
+`-- ou=Access Control
+    |-- ou=Groups
+    |   `-- ou=Administrators
+    |       |-- cn=Replicants
+    |       |-- cn=SAM
+    |       `-- cn=DSA
+    `--ou=Entities
+       `--cn=admin
+
+Inspired by <http://www.whitemiceconsulting.com/node/54> and the LDAP
+presentations at <http://www.whitemiceconsulting.com/node/30>.