diff options
author | Jonas Smedegaard <dr@jones.dk> | 2008-10-26 23:43:33 +0100 |
---|---|---|
committer | Jonas Smedegaard <dr@jones.dk> | 2008-10-26 23:43:33 +0100 |
commit | b4342963abdf233484d2b7e35deb1a954d3ae263 (patch) | |
tree | c7e78d4877f4d3c4e6d044c20a3598aa09299f91 /ldap | |
parent | 424da2513779d64e753a58fd43132a5166c2e945 (diff) |
Add ldap DIT README.
Diffstat (limited to 'ldap')
-rw-r--r-- | ldap/README.dit | 85 |
1 files changed, 85 insertions, 0 deletions
diff --git a/ldap/README.dit b/ldap/README.dit new file mode 100644 index 0000000..6077a57 --- /dev/null +++ b/ldap/README.dit @@ -0,0 +1,85 @@ +Directory Information Trees +=========================== + +A common misconception of LDAP is that a specific data structure is +required, mandated by the applications interacting with the data. +Such rigid structure is common in SQL databases, but LDAP is +fundamentally different. + +Same object database is used across many applications, and the +applications should not assume a specific structure. + +Best approach is to compose a Directory Information Structure - a "DIT" +- to best reflect the company or organization behind the applications, +and focus on convenient ACL handling and reuse of objects across +applications, rather than letting the applications define the structure. + + +Default Debian DIT +------------------ + +dc=example,dc=com +`-- cn=admin + + +Simple DIT +---------- + +dc=example,dc=com +|-- cn=horde +|-- ou=users +| |--cn=jonas +| |--cn=christian +| `--cn=admin +`-- ou=groups + +Based on <http://wiki.horde.org/NewLDAPHowTo>. + + +App-centric heterogenous DIT +---------------------------- + +dc=example,dc=com +|-- cn=NextFreeUnixId,dc=example,dc=com +|-- ou=DSA +| `-- cn=horde +`-- ou=horde + |-- ou=users + | |--cn=jonas + | |--cn=christian + | `--cn=admin + `-- ou=groups + +Based on <http://wiki.horde.org/ExistingLDAPHowTo>. + + +Org-centric heterogenous DIT +---------------------------- + +dc=example,dc=com +|-- ou=Customers +| `-- cn=Apple +|-- ou=SubSystems +| |-- ou=Horde +| `-- ou=Mail +|-- ou=SAM +| |-- ou=Groups +| |-- ou=Hosts +| |-- ou=Services +| |-- ou=idMap +| |-- ou=Entities +| |-- ou=System +| |-- ou=People +| |--cn=jonas +| `--cn=christian +`-- ou=Access Control + |-- ou=Groups + | `-- ou=Administrators + | |-- cn=Replicants + | |-- cn=SAM + | `-- cn=DSA + `--ou=Entities + `--cn=admin + +Inspired by <http://www.whitemiceconsulting.com/node/54> and the LDAP +presentations at <http://www.whitemiceconsulting.com/node/30>. |