summaryrefslogtreecommitdiff
path: root/ldap/README.dit
blob: fcd64c975fb1950daf62aecc46bb7d99dad7a584 (plain)
  1. Directory Information Trees
  2. ===========================
  3. A common misconception of LDAP is that a specific data structure is
  4. required, mandated by the applications interacting with the data.
  5. Such rigid structure is common in SQL databases, but LDAP is
  6. fundamentally different.
  7. Same object database is used across many applications, and the
  8. applications should not assume a specific structure.
  9. Best approach is to compose a Directory Information Structure - a "DIT"
  10. - to best reflect the company or organization behind the applications,
  11. and focus on convenient ACL handling and reuse of objects across
  12. applications, rather than letting the applications define the structure.
  13. Default Debian DIT
  14. ------------------
  15. dc=example,dc=com
  16. `-- cn=admin
  17. Default Skolelinux DIT
  18. ----------------------
  19. dc=skole,dc=skolelinux,dc=no
  20. |-- ou=Attic
  21. |-- ou=Machines
  22. |-- ou=People
  23. | |-- cn=Admin
  24. | |-- cn=smbadmin
  25. | `-- uid=root
  26. |-- ou=Pam
  27. |-- ou=Domains
  28. |-- ou=Group
  29. | |-- cn=Admins
  30. | |-- cn=jradmins
  31. | |-- cn=teachers
  32. | |-- cn=students
  33. | |-- cn=none
  34. | `-- cn=machines
  35. |-- ou=Netgroup
  36. | |-- cn=all-hosts
  37. | |-- cn=server-hosts
  38. | |-- cn=ltsp-server-hosts
  39. | |-- cn=workstation-hosts
  40. | |-- cn=printer-hosts
  41. | |-- cn=shutdown-at-night-hosts
  42. | `-- cn=fsautoresize-hosts
  43. |-- ou=Variables
  44. | |-- cn=nextID
  45. | `-- cn=capabilities
  46. |-- sambaDomainName=SKOLELINUX
  47. |-- ou=Automount
  48. | |-- ou=auto.master
  49. | | `-- cn=/skole
  50. | `-- ou=skole
  51. | |-- cn=tjener
  52. | `-- ou=tjener
  53. | `-- cn=home0
  54. |-- cn=dhcp
  55. `-- cn=DHCP Config
  56. |-- cn=INTERNAL
  57. | |-- cn=10.0.2.0
  58. | `-- cn=group1
  59. | |-- cn=ltspserver00
  60. | |-- cn=ltspserver01
  61. | |-- cn=printer00
  62. | |-- cn=printer01
  63. | |-- cn=printer02
  64. | |-- cn=printer03
  65. | |-- cn=static00
  66. | |-- cn=static01
  67. | |-- cn=static02
  68. | `-- cn=static03
  69. `-- cn=THINCLIENTS
  70. |-- cn=192.168.0.0
  71. `-- cn=group1
  72. |-- cn=ltsp010
  73. |-- cn=ltsp011
  74. |-- cn=ltsp012
  75. |-- cn=ltsp013
  76. |-- cn=ltsp014
  77. |-- cn=ltsp015
  78. |-- cn=ltsp016
  79. |-- cn=ltsp017
  80. |-- cn=ltsp018
  81. `-- cn=ltsp019
  82. Default CipUX DIT
  83. -----------------
  84. ou=example org,dc=example,dc=org
  85. |-- cn=cipuxadm
  86. |-- ou=CipUX
  87. |-- ou=User
  88. | `-- uid=username
  89. |-- ou=Group
  90. | `-- cn=groupname
  91. |-- ou=Task
  92. |-- ou=CAT
  93. |-- ou=Image
  94. |-- ou=Machine
  95. | `-- uid=win01$
  96. |-- ou=Room
  97. |-- ou=HardwareType
  98. |-- ou=ImageSlot
  99. `-- ou=Configuration
  100. Simple DIT
  101. ----------
  102. dc=example,dc=com
  103. |-- cn=horde
  104. |-- ou=users
  105. | |--cn=jonas
  106. | |--cn=christian
  107. | `--cn=admin
  108. `-- ou=groups
  109. Based on <http://wiki.horde.org/NewLDAPHowTo>.
  110. App-centric heterogenous DIT
  111. ----------------------------
  112. dc=example,dc=com
  113. |-- cn=NextFreeUnixId,dc=example,dc=com
  114. |-- ou=DSA
  115. | `-- cn=horde
  116. `-- ou=horde
  117. |-- ou=users
  118. | |--cn=jonas
  119. | |--cn=christian
  120. | `--cn=admin
  121. `-- ou=groups
  122. Based on <http://wiki.horde.org/ExistingLDAPHowTo>.
  123. Org-centric heterogenous DIT
  124. ----------------------------
  125. dc=example,dc=com
  126. |-- ou=Customers
  127. | `-- cn=Apple
  128. |-- ou=SubSystems
  129. | |-- ou=Horde
  130. | `-- ou=Mail
  131. |-- ou=SAM
  132. | |-- ou=Groups
  133. | |-- ou=Hosts
  134. | |-- ou=Services
  135. | |-- ou=idMap
  136. | |-- ou=Entities
  137. | |-- ou=System
  138. | |-- ou=People
  139. | |--cn=jonas
  140. | `--cn=christian
  141. `-- ou=Access Control
  142. |-- ou=Groups
  143. | `-- ou=Administrators
  144. | |-- cn=Replicants
  145. | |-- cn=SAM
  146. | `-- cn=DSA
  147. `--ou=Entities
  148. `--cn=admin
  149. Inspired by <http://www.whitemiceconsulting.com/node/54> and the LDAP
  150. presentations at <http://www.whitemiceconsulting.com/node/30>.