I have a namespace design question. I have an OpenLDAP server set up. I am going about designing a professional, robust namespace to support a number of applications, such as phonebook, org chart, POSIX account repository, etc... I am using "Understanding and Deploying LDAP Directory Services" by Howes, Smith and Good as my guiding light.
The book states to design your namespace as a semi-hierarchy with a relatively flat base. That is, to create containers of like objects. This is better than trying to create your organizational layout as the framework of your directory because of re-orgs, etc. Assume the following:
ou=People, o=example, dc=com
ou=IT, o=example, dc=com
ou=IT, ou=Telecommunications, o=example, dc=com
cn=User1, ou=People, o=example, dc=com
cn=User2, ou=People, o=example, dc=com
In this loose example, I have 2 users who are people objects. They belong to ou=People. However, for their departments, they belong the the respective ou for that department. IT has a sub-unit of Telecommunications. User1 belongs to IT. User2 belongs to IT->Telecommunications.
I agree with this design philosophy. I see how it makes administration easier, especially from an OpenLDAP perspective.
Here is my dilemma. I need to move my OpenLDAP structure over to Novell Directory Services. I am being told by admins and by NDS books that the "flat" structure that everyone is recommending (see my example above) is not a good design strategy. NDS wants a pyramid representing the organization, with users belonging to each node, despite the amount of work necessary during a reorg.
I want to design my LDAP namespace the best way possible, but integrate it with NDS. Is there any reason I shouldn't develop along the semi-flat layout for NDS? Does anyone have any references I could check out? I have trolled www.novell.com for info, as well as this list service. I am turning to all of you for help.
Thanks for any replies!