[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: schema design question

To: Theodore Knab <tjk@annapolislinux.org>
Subject: Re: schema design question
From: Adam Williams <awilliam@whitemice.org>
Date: 31 Mar 2002 08:08:54 -0500
Cc: openldap-software@OpenLDAP.org
In-reply-to: <20020330181822.GC18244@annapolislinux.org>
References: <20020330181822.GC18244@annapolislinux.org>

>I was wondering if I will get into trouble using geographical structure
>distinguished name over instead of the others ?
>Currently, I am using:
>dn: o=Washington College,  st=Maryland, c=US
>Rather than using:
>dn: o=Washington College, dc=washcoll, dc=edu

Even though LDAP is hierarchical most LDAP texts advise a reasonably
flat Dit structure,  the reason being that deep trees become rather
unwieldy.  You end up always moving objects.

If you have multiple domains (and they really are seperate) why use a
single tree?  Simple establish a database for each one.

Also, maybe your like us, and we own a bunch of domains but one is our
"real" domain and the others are in a sense just aliases.  What domain
do all your workstations thing they belong to? (When you type
'hostname').  Just use that one.  You can use something like back-meta
to rewrite queries that come in as the other domain.

One should really stick with RFC compliant naming methods ou=,o=,c= or
ou=,dc=,dc= as deviating from standard will ALWAYS bite you in the end. 
I'd go with dc= as that is what M$ clients like best (and you can't
argue with those *^^&@+_ things) and it will let you use genuinely good
techniques such as SRV records to reduce the need to configure thousands
of clients and applications.

>We have multiple domains so I was worried the domain control model will
>cause trouble later.
>Our domains:
>washcollege.edu
>washcoll.edu
>some others ...

References:
- schema design question
  - From: Theodore Knab <tjk@annapolislinux.org>

Prev by Date: Re: supportedSASLMechanims
Next by Date: Re: LDAP tools
Index(es):
- Chronological
- Thread