Directory Information Trees
===========================
A common misconception of LDAP is that a specific data structure is
required, mandated by the applications interacting with the data.
Such rigid structure is common in SQL databases, but LDAP is
fundamentally different.
Same object database is used across many applications, and the
applications should not assume a specific structure.
Best approach is to compose a Directory Information Structure - a "DIT"
- to best reflect the company or organization behind the applications,
and focus on convenient ACL handling and reuse of objects across
applications, rather than letting the applications define the structure.
Default Debian DIT
------------------
dc=example,dc=com
`-- cn=admin
Default Skolelinux DIT
----------------------
dc=skole,dc=skolelinux,dc=no
|-- ou=Attic
|-- ou=Machines
|-- ou=People
| |-- ou=Machines
| | `-- uid=win01$
| |-- cn=Admin
| |-- cn=smbadmin
| `-- uid=root
|-- ou=Pam
|-- ou=Domains
|-- ou=Group
| |-- cn=Admins
| |-- cn=jradmins
| |-- cn=teachers
| |-- cn=students
| |-- cn=none
| `-- cn=machines
|-- ou=Netgroup
| |-- cn=all-hosts
| |-- cn=server-hosts
| |-- cn=ltsp-server-hosts
| |-- cn=workstation-hosts
| |-- cn=printer-hosts
| |-- cn=shutdown-at-night-hosts
| `-- cn=fsautoresize-hosts
|-- ou=Variables
| |-- cn=nextID
| `-- cn=capabilities
|-- sambaDomainName=SKOLELINUX
|-- ou=Automount
| |-- ou=auto.master
| | `-- cn=/skole
| `-- ou=skole
| |-- cn=tjener
| `-- ou=tjener
| `-- cn=home0
|-- cn=dhcp
`-- cn=DHCP Config
|-- cn=INTERNAL
| |-- cn=10.0.2.0
| `-- cn=group1
| |-- cn=ltspserver00
| |-- cn=ltspserver01
| |-- cn=printer00
| |-- cn=printer01
| |-- cn=printer02
| |-- cn=printer03
| |-- cn=static00
| |-- cn=static01
| |-- cn=static02
| `-- cn=static03
`-- cn=THINCLIENTS
|-- cn=192.168.0.0
`-- cn=group1
|-- cn=ltsp010
|-- cn=ltsp011
|-- cn=ltsp012
|-- cn=ltsp013
|-- cn=ltsp014
|-- cn=ltsp015
|-- cn=ltsp016
|-- cn=ltsp017
|-- cn=ltsp018
`-- cn=ltsp019
Default CipUX DIT
-----------------
ou=example org,dc=example,dc=org
|-- cn=cipuxadm
|-- ou=CipUX
|-- ou=User
| `-- uid=username
|-- ou=Group
| `-- cn=groupname
|-- ou=Task
|-- ou=CAT
|-- ou=Image
|-- ou=Machine
| `-- uid=win01$
|-- ou=Room
|-- ou=HardwareType
|-- ou=ImageSlot
`-- ou=Configuration
Simple DIT
----------
dc=example,dc=com
|-- cn=horde
|-- ou=users
| |--cn=jonas
| |--cn=christian
| `--cn=admin
`-- ou=groups
Based on <http://wiki.horde.org/NewLDAPHowTo>.
App-centric heterogenous DIT
----------------------------
dc=example,dc=com
|-- cn=NextFreeUnixId,dc=example,dc=com
|-- ou=DSA
| `-- cn=horde
`-- ou=horde
|-- ou=users
| |--cn=jonas
| |--cn=christian
| `--cn=admin
`-- ou=groups
Based on <http://wiki.horde.org/ExistingLDAPHowTo>.
Org-centric heterogenous DIT
----------------------------
dc=example,dc=com
|-- ou=Customers
| `-- cn=Apple
|-- ou=SubSystems
| |-- ou=Horde
| `-- ou=Mail
|-- ou=SAM
| |-- ou=Groups
| |-- ou=Hosts
| |-- ou=Services
| |-- ou=idMap
| |-- ou=Entities
| |-- ou=System
| `-- ou=People
| |--cn=jonas
| `--cn=christian
`-- ou=Access Control
|-- ou=Groups
| `-- ou=Administrators
| |-- cn=Replicants
| |-- cn=SAM
| `-- cn=DSA
`--ou=Entities
`--cn=admin
Inspired by <http://www.whitemiceconsulting.com/node/54> and the LDAP
presentations at <http://www.whitemiceconsulting.com/node/30>.