Directory Information Trees =========================== A common misconception of LDAP is that a specific data structure is required, mandated by the applications interacting with the data. Such rigid structure is common in SQL databases, but LDAP is fundamentally different. Same object database is used across many applications, and the applications should not assume a specific structure. Best approach is to compose a Directory Information Structure - a "DIT" - to best reflect the company or organization behind the applications, and focus on convenient ACL handling and reuse of objects across applications, rather than letting the applications define the structure. Default Debian DIT ------------------ dc=example,dc=com `-- cn=admin Default Skolelinux DIT ---------------------- dc=skole,dc=skolelinux,dc=no |-- ou=Attic |-- ou=Machines |-- ou=People | |-- ou=Machines | | `-- uid=win01$ | |-- cn=Admin | |-- cn=smbadmin | `-- uid=root |-- ou=Pam |-- ou=Domains |-- ou=Group | |-- cn=Admins | |-- cn=jradmins | |-- cn=teachers | |-- cn=students | |-- cn=none | `-- cn=machines |-- ou=Netgroup | |-- cn=all-hosts | |-- cn=server-hosts | |-- cn=ltsp-server-hosts | |-- cn=workstation-hosts | |-- cn=printer-hosts | |-- cn=shutdown-at-night-hosts | `-- cn=fsautoresize-hosts |-- ou=Variables | |-- cn=nextID | `-- cn=capabilities |-- sambaDomainName=SKOLELINUX |-- ou=Automount | |-- ou=auto.master | | `-- cn=/skole | `-- ou=skole | |-- cn=tjener | `-- ou=tjener | `-- cn=home0 |-- cn=dhcp `-- cn=DHCP Config |-- cn=INTERNAL | |-- cn=10.0.2.0 | `-- cn=group1 | |-- cn=ltspserver00 | |-- cn=ltspserver01 | |-- cn=printer00 | |-- cn=printer01 | |-- cn=printer02 | |-- cn=printer03 | |-- cn=static00 | |-- cn=static01 | |-- cn=static02 | `-- cn=static03 `-- cn=THINCLIENTS |-- cn=192.168.0.0 `-- cn=group1 |-- cn=ltsp010 |-- cn=ltsp011 |-- cn=ltsp012 |-- cn=ltsp013 |-- cn=ltsp014 |-- cn=ltsp015 |-- cn=ltsp016 |-- cn=ltsp017 |-- cn=ltsp018 `-- cn=ltsp019 Default CipUX DIT ----------------- ou=example org,dc=example,dc=org |-- cn=cipuxadm |-- ou=CipUX |-- ou=User | `-- uid=username |-- ou=Group | `-- cn=groupname |-- ou=Task |-- ou=CAT |-- ou=Image |-- ou=Machine | `-- uid=win01$ |-- ou=Room |-- ou=HardwareType |-- ou=ImageSlot `-- ou=Configuration Simple DIT ---------- dc=example,dc=com |-- cn=horde |-- ou=users | |--cn=jonas | |--cn=christian | `--cn=admin `-- ou=groups Based on . App-centric heterogenous DIT ---------------------------- dc=example,dc=com |-- cn=NextFreeUnixId,dc=example,dc=com |-- ou=DSA | `-- cn=horde `-- ou=horde |-- ou=users | |--cn=jonas | |--cn=christian | `--cn=admin `-- ou=groups Based on . Org-centric heterogenous DIT ---------------------------- dc=example,dc=com |-- ou=Customers | `-- cn=Apple |-- ou=SubSystems | |-- ou=Horde | `-- ou=Mail |-- ou=SAM | |-- ou=Groups | |-- ou=Hosts | |-- ou=Services | |-- ou=idMap | |-- ou=Entities | |-- ou=System | `-- ou=People | |--cn=jonas | `--cn=christian `-- ou=Access Control |-- ou=Groups | `-- ou=Administrators | |-- cn=Replicants | |-- cn=SAM | `-- cn=DSA `--ou=Entities `--cn=admin Inspired by and the LDAP presentations at .