mail us  |  mail this page

contact us
training  | 
tech stuff  | 

Appendix A - LDAP - Some Notes on Structuring Directories

This note discusses structuring LDAP directories in very general terms. Directory structuring is a horribly contentious subject and books have been written about it. The following notes may help - or there again they may not.

We look at a simple address book example to isolate some general principles - but they could apply equally well to equipment records, catalogues or whatever.

Flat is Good

Directories in general are typically very flat in structure 2 or 3 levels of hierarchy are common - more than that are pretty unusual. While on first glance this seems a little counter intuitive to classic database guys remember LDAP is optimized to power ALONG a level rather than UP and DOWN a hierarchy. That is the whole reason for the powerful indexing methods.

A simple example may suffice to illustrate: When looking at a company and structuring a directory it's pretty obvious the first split is by department. BUT IS IT? The following diagrams show two ways to structure a directory.

LDAP - company directory

DIT 1 makes department an ou entry, DIT 2 makes department an ou attribute of entries under an ou of people. Sounds like a trivial difference.

Now lets look at finding some typical data:

  1. Find all the people in sales:

    1. DIT 1 - Search DN ou=sales,dc=mycompany,dc=com, scope - one level, filter cn=*

    2. DIT 2 - Search DN ou=people,dc=mycompany,dc=com, scope - one level, filter ou=sales

    About the same.

  2. Find all the people in the company:

    1. DIT 1 - Search DN dc=mycompany,dc=com, scope - sub (all levels), filter cn=*

    2. DIT 2 - Search DN ou=people,dc=mycompany,dc=com, scope - one level, filter cn=*

    Structure 2 wins - in speed and simplicity.

Lazy is Good

We'll stick with our structures and perform a simple task: Bill just moved from sales to marketing (a separate corporate department).

  1. DIT 1 - Export Bill's record to an LDIf file, delete it from sales, edit the LDIF file, ldapadd the record to marketing. And hope he does not do this too often.

  2. DIT 2 - modify Bill's ou attribute from sales to marketing.

Wonder who won that round.



Problems, comments, suggestions, corrections (including broken links) or something to add? Please take the time from a busy life to 'mail us' (at top of screen), the webmaster (below) or info-support at zytrax. You will have a warm inner glow for the rest of the day.

Contents

tech info
guides home
intro
contents
1 objectives
big picture
2 concepts
3 ldap objects
quickstart
4 install ldap
5 samples
6 configuration
7 replica & refer
reference
8 ldif
9 protocol
10 ldap api
operations
11 howtos
12 trouble
13 performance
14 ldap tools
security
15 security
appendices
notes & info
ldap resources
rfc's & x.500
glossary
ldap objects
change log

Creative Commons License
This work is licensed under a Creative Commons License.

If you are happy it's OK - but your browser is giving a less than optimal experience on our site. You could, at no charge, upgrade to a W3C STANDARDS COMPLIANT browser such as Firefox

Search

web zytrax.com

Share

Icons made by Icomoon from www.flaticon.com is licensed by CC 3.0 BY
share page via facebook tweet this page

Page

email us Send to a friend feature print this page Display full width page Decrease font size Increase font size

Resources

Systems

FreeBSD
NetBSD
OpenBSD
DragonFlyBSD
Linux.org
Debian Linux

Software

LibreOffice
OpenOffice
Mozilla
GitHub
GNU-Free SW Foundation
get-dns

Organizations

Open Source Initiative
Creative Commons

Misc.

Ibiblio - Library
Open Book Project
Open Directory
Wikipedia

Site

CSS Technology SPF Record Conformant Domain
Copyright © 1994 - 2024 ZyTrax, Inc.
All rights reserved. Legal and Privacy
site by zytrax
hosted by javapipe.com
web-master at zytrax
Page modified: January 20 2022.