Re: o and c or dc?

[Ace Suares <ace@suares.nl>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Ace wrote:
> On Mon, Jan 12, 2004 at 03:35:43PM -0400, Ace Suares wrote:
> > > The main difference is in how easy it would be for a user to find your
> > > directory when they want it.

Andrew wrote:
> As a concrete example, suppose suares.nl wants to run a mail service
> for some well-known characters. It obviously has absolute rights to
> use dc=suares,dc=nl and anything underneath, so I would suggest
> starting with ou=mailsystem,dc=suares,dc=nl as the root of the system.
{snip}
> I chose to put
> my customer domains in a subtree called ou=domains,dc=..... and each
> domain has its own data under
>  associatedDomain=<customer DNS name>,ou=domains,dc=....

Thanks for your answer, Andrew !

However... 

I fail to see why your first statement ( The main difference is in how easy it 
would be for a user to find your directory when they want it. ) would be 
'true'.

Is it easier for anyone to find Grumpy in Fairytailland if I name my directory 
dc=suares,dc=nl ?

No, I don't think so.

Imagine if I'd follow your scheme to the letter,
and apart from Fairytailland, I would also like to host ehhh... suares.nl ?

> White pages lookups across the whole customer set are possible using a
> search base of ou=mailsystem,dc=suares,dc=nl but you may prefer to
> alias the entries into things like:
>
> 	cn=Grumpy,dc=fairytales,dc=org
>
> 	or
>
> 	cn=Grumpy,o=Seven Dwarves,c=Fairyland
>

Then I would end up with:

	cn=Ace,associatedDomain=suares.nl,ou=domains,dc=suares,dc=nl

and then rewrite it to

	cn=Ace, dc=suares,dc=nl 
?

but dc=saures,dc=nl already exists (since you inisted on naming the entire DIT 
dc=suares,dc=nl)

Nah.

At this moment, given the circumstances that you want to host multiple 
domains, I see no reason to call the DIT dc=...,dc=...

1. it won't make it easier to find any of the other domains under it
2. it will conflict with your own domain, which you probably want to host too
3. if for some reason my company gets bought by another company, one would 
have to change the DIT to dc=othercompany,dc=com with all the negative side 
effects.

In fact, I made the root node for my server management application something 
that hardly anyone else ever would want to use: qwidoApp=qwido. 

The 'second' level in the tree is analogous to 'ISP', so in the case that 
those ISP's have different names (which would normally be the case) two 
groups who would run my application could easily merge the whole tree or 
'move' branches of the tree over to eachother.

In fact, qwidoApp=qwido makes it easier to exchange data with other QwiDo 
servers.

It would be nice if there was some unique registered number or name, like OID 
numer from IANA, that could be registered as top level / root node for any 
project. In that way you'd be pretty sure that no one else would try and 
randomly choose your root node suffix.

Open for comments.

_Ace



website: http://www.suares.nl * http://www.qwikzite.nl
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)

iD8DBQFAA1w1y7boE8xtIjURAh/jAJ0SMqjDXgWbbSBzBtt2tWj+ztVf6ACfQVlg
ViBsB/8U+S7UWHjDd/PKN7E=
=NTV5
-----END PGP SIGNATURE-----