[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: o and c or dc?



On Mon, Jan 12, 2004 at 01:59:35PM +0100, Geert Reijnders wrote:

> I'm setting up an OpenLDAP server and I found some
> installation/configuration guides on the internet. But there are 2 types
> which you can use for a suffix. You can use o and c (o=test ,c=nl) or dc
> (dc=test, dc=nl). What is the differance between those two or what are
> the advantages of each other.

If your LDAP server will never be connected to any others and will not
be made available on the Internet then it probably does not matter
which scheme you use. I would suggest that you follow the standards
carefully for whichever scheme you choose, to avoid storing up trouble
for the future!

The main difference is in how easy it would be for a user to find your
directory when they want it. If the end-user knows your domain name then
they can use dc-style naming to look up a standard-form entry in DNS
to find your server. This is quick and easy to set up. However, if the
end-user does not know your domain name (and a white-pages directory is
there to help in exactly this case) then dc-style naming does not help
them at all. Names using o= and c= would be more useful in this case, but
making them work requires a level of national index servers that has never
been deployed for LDAP. The original X.500 standards suggested o=...,
c=...  names and provided a server distribution model to support it:
this was deployed widely in 1992, but LDAP has yet to reach that level.

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------