[Date Prev][Date Next]
Re: Suffix format: "dc=xyz, dc=com" or "dc=xyz.com" ?
The "dc" attribute is defined in RFC2377. It stands for "domain component" of which "dc=xyz.com" is not. Being that I've never tried to use something "dc=xyz.com", I'm not even sure if it would work. But even if it does, there's also the issue of standards and compatibility. There is, first of all, the issue of becoming part of a larger hierarchy. If you never will, that one thing. But then again, if you're setting up an LDAP server for a division if the XYZ Company, you may later find yourself having to rebuild it entirely in order to become part of a corporate wide hierarchy. Another issue, which probably far more critical, is
other commercial, shareware, freeware or opensource software that would be expected
to talk to your LDAP server. If it has to deal with the baseDN or individual entry
DNs -- and most likely it will -- can it deal with "dc=xyz.com" or will it regard
it as an error?
A different option for you to consider is to not use the "dc" attribute at all, and
use the "o" or "organization" attribute in its place. In this case, instead of "o=XYZ Company", you would have "o=xyz.com". It's a very common and well recognized practice. You'll find lots of examples in Mark Wilcox's "Implementing LDAP" (a very good book!) as well as in Netscape documentation. I strongly recommend you consider that alternative.
--On Thursday, December 14, 2000 01:27:36 AM -0500 Paul Duffy <email@example.com> wrote:
Could somebody pro/con the two formats. It seems more logical to myself to use
the later. The former seems to imply two distinct entries.
_ _ _ _ _ _ _ _ _ _
/\_\_\_\_\ /\_\ /\_\_\_\_\_\
/\/_/_/_/_/ /\/_/ \/_/_/_/_/_/ QUIDQUID LATINE DICTUM SIT,
/\/_/__\/_/ __ /\/_/ /\/_/ PROFUNDUM VIDITUR
/\/_/_/_/_/ /\_\ /\/_/ /\/_/
/\/_/ \/_/ /\/_/_/\/_/ /\/_/ (Whatever is said in Latin
\/_/ \/_/ \/_/_/_/_/ \/_/ appears profound)
Description: PGP signature