[Date Prev][Date Next] [Chronological] [Thread] [Top]

ldap design - pls comment


After much advice from all helpful folks here, I've managed to come out with
an initial design.

1. I'm thinking of designing my name space design as shown below. Any
advice/comment is greatly appreciated.

dn: dc=company, dc=com
objectclass: dcobject
dc: company

dn: ou=departments,dc=company,dc=com
objectclass: organizationalunit
ou: departments

dn: ou=people,dc=company,dc=com
objectclass: organizationalunit
ou: people

dn: o=departmentName1, ou=departments,dc=company,dc=com
objectclass: organization
o: departmentName1

dn: o=departmentName2, ou=departments,dc=company,dc=com
objectclass: organization
o: departmentName2

dn: uid=username1,ou=people,dc=company,dc=com
objectclass: organizationalperson
objectclass: inetorgperson
uid: username1
cn: username1
o: depepartmenName1

dn: uid=username2,ou=people,dc=company,dc=com
objectclass: organizationalperson
objectclass: inetorgperson
uid: username2
cn: username2
o: depepartmenName2

2. Is sub-dividing departments and users using ou=people and ou=departments
recommended and the usual practice? Can I do without it or it's better to

3. Is there any hierarchy between o and ou. I always thought that o should
be higher hierarchy than ou (i.e dn:
ou=department,o=department,dc=company,dc=com). Is this true? Any problem
using "dn: ou=department,o=department,dc=company,dc=com"? What is difference
for the following DNs design? Which is the recommended design pls?
dn: o=departmentname, ou=departments, dc=company,dc=com or
dn: ou=departmentname, o=departments, dc=company,dc=com or
dn: cn=departmentname, ou=department, dc=company,dc=com or
dn: cn=departmentname, o=department, dc=company,dc=com or

Many thanks for your time and advice.

Best Regards.