[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP structure



On Sunday 08 June 2008 00:32:30 Fred Zinsli wrote:
> Hi everyone
>
> I am completely new to LDAP so I hope my terminology is correct.
>
> I am looking at setting up an LDAP server but I can't find information
> on how I would like it structured.
>
> All of the information I find is based on a single directory tree: ie.
> domain.com and then under that you can have your sub domains.

There is no rule that states that you *have* to do things like this. It is 
merely a convention for default setups.

> But I would like to be able to have multiple domains. domain1.com,
> domain2.com. domain1.co.uk, domain1.com.jp and so on.
>
> Is this at all possible using LDAP?

Of course.

But, what are you actually trying to achieve? Does a domain-specific structure 
actually suit your requirements?

> If it is possible could someone please point me to some information on
> how I can do this. I don't explicitly want the answer given to me as I
> won't learn anything.
>
> Many thanks in advance for your help and patience.

Well, the first question is, what are your requirements?

For example, we host mailboxes for many domains. However, users could have 
aliases in more than one domain. Thus, restricting the directory design based 
on the domain name makes no sense.

Our current structure is something like this:

uid=user@domain,ou=service,cn=virtualisp,o=isp

So, we don't need subordinates, we can place everything in one database - 
o=isp - (if we so desire), or we can split the database at the virtualisp 
level (the most logical place to do so), then at the service level (the next 
most logical place), and finally, all domains served by a specific service in 
a specific virtualisp need to be searched anyway, so there is no point 
splitting the tree any further.

Maybe your requirement is similar to mine. Maybe it is totally different. 
Until you know what your real requirements are, it's a bit difficult to give 
advice.

Regards,
Buchan