Re: Newbie question: which dn is recommended

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

At 07:01 AM 10/6/99 -0400, Bennett Samowich wrote:
>Greetings,
>
>I'm not sure that I understand the hierarchy of LDAP yet.  Which dn is "recommended" under a business application:
>
>a) dc=<MY-DOMAIN>, dc=<COM>
>  - or -
>b) o=<MY-ORGANIZATION>, c=<COUNTRY>
>
>What is the difference? or why would one be used over the other?

The choice only matters if you ever want to play within a global
context or otherwise share your directory with others.  Just like
domain names for hosts, the name needs to be unique within the
name space.

In the dc style naming, uniqueness is gained by using registerred
domain components to for a DN.  There are no additional fees (over
the registration of your domain name with the domain authority).

In X.500 o,c style naming, uniqueness is gained through registration
of through your national authority.  Most national authorities
charge a fee for registrating an organization.

I generally prefer and recommend DC style naming as it avoid
additional registration.  If you do use X.500 o,c style naming,
REGISTER your DN with the appropriate national authority EVEN IF
you believe your directory will never be connected with other
directories.

A list of authorities is available from Dante:
  http://www.dante.net/np/reg-auth.html

>Side question: any recommended books on implementing a LDAP directory?  (this way I won't have to bother the list with newbie questions)

See our LDAP FAQ for a list of books, websites, and articles featuring
LDAP information.
	http://www.openldap.org/faq/