path: root/ldap/README.dit

Directory Information Trees
===========================

A common misconception of LDAP is that a specific data structure is
required, mandated by the applications interacting with the data.  
Such rigid structure is common in SQL databases, but LDAP is
fundamentally different.

Same object database is used across many applications, and the
applications should not assume a specific structure.

Best approach is to compose a Directory Information Structure - a "DIT"
- to best reflect the company or organization behind the applications,
and focus on convenient ACL handling and reuse of objects across
applications, rather than letting the applications define the structure.


Default Debian DIT
------------------

dc=example,dc=com
`-- cn=admin


Default Skolelinux DIT
----------------------

dc=skole,dc=skolelinux,dc=no
|-- ou=Attic
|-- ou=Machines
|-- ou=People
|   |-- ou=Machines
|   |   `-- uid=win01$
|   |-- cn=Admin
|   |-- cn=smbadmin
|   `-- uid=root
|-- ou=Pam
|-- ou=Domains
|-- ou=Group
|   |-- cn=Admins
|   |-- cn=jradmins
|   |-- cn=teachers
|   |-- cn=students
|   |-- cn=none
|   `-- cn=machines
|-- ou=Netgroup
|   |-- cn=all-hosts
|   |-- cn=server-hosts
|   |-- cn=ltsp-server-hosts
|   |-- cn=workstation-hosts
|   |-- cn=printer-hosts
|   |-- cn=shutdown-at-night-hosts
|   `-- cn=fsautoresize-hosts
|-- ou=Variables
|   |-- cn=nextID
|   `-- cn=capabilities
|-- sambaDomainName=SKOLELINUX
|-- ou=Automount
|   |-- ou=auto.master
|   |   `-- cn=/skole
|   `-- ou=skole
|       |-- cn=tjener
|       `-- ou=tjener
|           `-- cn=home0
|-- cn=dhcp
`-- cn=DHCP Config
    |-- cn=INTERNAL
    |   |-- cn=10.0.2.0
    |   `-- cn=group1
    |       |-- cn=ltspserver00
    |       |-- cn=ltspserver01
    |       |-- cn=printer00
    |       |-- cn=printer01
    |       |-- cn=printer02
    |       |-- cn=printer03
    |       |-- cn=static00
    |       |-- cn=static01
    |       |-- cn=static02
    |       `-- cn=static03
    `-- cn=THINCLIENTS
        |-- cn=192.168.0.0
        `-- cn=group1
            |-- cn=ltsp010
            |-- cn=ltsp011
            |-- cn=ltsp012
            |-- cn=ltsp013
            |-- cn=ltsp014
            |-- cn=ltsp015
            |-- cn=ltsp016
            |-- cn=ltsp017
            |-- cn=ltsp018
            `-- cn=ltsp019


Default CipUX DIT
-----------------

ou=example org,dc=example,dc=org
|-- cn=cipuxadm
|-- ou=CipUX
    |-- ou=User
    |   `-- uid=username
    |-- ou=Group
    |   `-- cn=groupname
    |-- ou=Task
    |-- ou=CAT
    |-- ou=Image
    |-- ou=Machine
    |   `-- uid=win01$
    |-- ou=Room
    |-- ou=HardwareType
    |-- ou=ImageSlot
    `-- ou=Configuration


Simple DIT
----------

dc=example,dc=com
|-- cn=horde
|-- ou=users
|   |--cn=jonas
|   |--cn=christian
|   `--cn=admin
`-- ou=groups

Based on <http://wiki.horde.org/NewLDAPHowTo>.


App-centric heterogenous DIT
----------------------------

dc=example,dc=com
|-- cn=NextFreeUnixId,dc=example,dc=com
|-- ou=DSA
|   `-- cn=horde
`-- ou=horde
    |-- ou=users
    |   |--cn=jonas
    |   |--cn=christian
    |   `--cn=admin
    `-- ou=groups

Based on <http://wiki.horde.org/ExistingLDAPHowTo>.


Org-centric heterogenous DIT
----------------------------

dc=example,dc=com
|-- ou=Customers
|   `-- cn=Apple
|-- ou=SubSystems
|   |-- ou=Horde
|   `-- ou=Mail
|-- ou=SAM
|   |-- ou=Groups
|   |-- ou=Hosts
|   |-- ou=Services
|   |-- ou=idMap
|   |-- ou=Entities
|       |-- ou=System
|       `-- ou=People
|           |--cn=jonas
|           `--cn=christian
`-- ou=Access Control
    |-- ou=Groups
    |   `-- ou=Administrators
    |       |-- cn=Replicants
    |       |-- cn=SAM
    |       `-- cn=DSA
    `--ou=Entities
       `--cn=admin

Inspired by <http://www.whitemiceconsulting.com/node/54> and the LDAP
presentations at <http://www.whitemiceconsulting.com/node/30>.