[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP structure



* Jon Roberts (jon@mentata.com) wrote:


> >On Thu, Jul 17, 2003 at 10:10:44AM -0300, Nei Venturini dos Santos wrote:
> >>    root
> >>     |---enterprise A
> >>     |     |-----sector A
> >>     |     |         |----- person 1
> >>     |     |         |----- person 2
> >>     |     |         |         |--------UserOptions
> >>     |     |         |         |--------Contacts
> >>     |     |         |                          |-----contact 1
> >>     |     |         |                          |-----contact n
> >>     |     |         |----- ...more people...
> >>     |     |-----sector B
> >>     |     |-----enterprise AA
> >>     |                 |-----sector AB
> >>     |---enterprise B
> >>   What do you think about it? A flat structure would be better?
> 
> Andreas wrote:
> >If people and sectors change frequently, you would be better off with a
> >flat structure.
> 
> Another reason for a flat structure: if a person may belong to multiple 
> enterprises/sectors.

I have often wondered about a suitable design for DITs.

One idea I have had, but haven't had a chance to test/deploy, is creating
a flat person branch, where all people located. Here all the details about
the person reside in one place.

The organisational structure is then represented in a different branch,
say orgainsiation, this would then basically be the roles within the
orgainsation.  These would then point to the person in the person branch.

This of course will be problematic from a replciations/partitioning point
of view, since the person branch would have to be replicated... or would
it?  Could it be housed on a top tier server, and when looking up the
details a referal to the top tier is sent to the client, which then
follows the referal.

That way, you are only seeing looked up values crossing the WAN.


Pete
:wq