blob: 6077a576d1025066d51795e6aa88f3aee1f568a0 (
plain)
- Directory Information Trees
- ===========================
- A common misconception of LDAP is that a specific data structure is
- required, mandated by the applications interacting with the data.
- Such rigid structure is common in SQL databases, but LDAP is
- fundamentally different.
- Same object database is used across many applications, and the
- applications should not assume a specific structure.
- Best approach is to compose a Directory Information Structure - a "DIT"
- - to best reflect the company or organization behind the applications,
- and focus on convenient ACL handling and reuse of objects across
- applications, rather than letting the applications define the structure.
- Default Debian DIT
- ------------------
- dc=example,dc=com
- `-- cn=admin
- Simple DIT
- ----------
- dc=example,dc=com
- |-- cn=horde
- |-- ou=users
- | |--cn=jonas
- | |--cn=christian
- | `--cn=admin
- `-- ou=groups
- Based on <http://wiki.horde.org/NewLDAPHowTo>.
- App-centric heterogenous DIT
- ----------------------------
- dc=example,dc=com
- |-- cn=NextFreeUnixId,dc=example,dc=com
- |-- ou=DSA
- | `-- cn=horde
- `-- ou=horde
- |-- ou=users
- | |--cn=jonas
- | |--cn=christian
- | `--cn=admin
- `-- ou=groups
- Based on <http://wiki.horde.org/ExistingLDAPHowTo>.
- Org-centric heterogenous DIT
- ----------------------------
- dc=example,dc=com
- |-- ou=Customers
- | `-- cn=Apple
- |-- ou=SubSystems
- | |-- ou=Horde
- | `-- ou=Mail
- |-- ou=SAM
- | |-- ou=Groups
- | |-- ou=Hosts
- | |-- ou=Services
- | |-- ou=idMap
- | |-- ou=Entities
- | |-- ou=System
- | |-- ou=People
- | |--cn=jonas
- | `--cn=christian
- `-- ou=Access Control
- |-- ou=Groups
- | `-- ou=Administrators
- | |-- cn=Replicants
- | |-- cn=SAM
- | `-- cn=DSA
- `--ou=Entities
- `--cn=admin
- Inspired by <http://www.whitemiceconsulting.com/node/54> and the LDAP
- presentations at <http://www.whitemiceconsulting.com/node/30>.
|