Re: o and c or dc?

[Andrew Findlay <andrew.findlay@skills-1st.co.uk>]

On Mon, Jan 12, 2004 at 10:47:16PM -0400, Ace Suares wrote:

> I fail to see why your first statement ( The main difference is in how easy it 
> would be for a user to find your directory when they want it. ) would be 
> 'true'.
> 
> Is it easier for anyone to find Grumpy in Fairytailland if I name my directory 
> dc=suares,dc=nl ?
> 
> No, I don't think so.

Quite true. Maybe I did not explain that bit clearly. The point I was
trying to make is that, given typical starting data for a white pages
query, geographic naming at the top of the DIT is more use than
domain-component naming. e.g. if I met Grumpy at a conference I might
remember that he is one of the seven dwarves and lives in Fairyland
so a search of the form

	grumpy, dwarves, fairyland

would probably succeed where the tree has countries at the top,
leading easily to:

	cn=Grumpy,o=Seven Dwarves,c=Fairyland

However, if the tree is DC-based, the search engine would have more
work to do because there is no certain link between country of
residence and domain name. Thus it would be more difficult to find

	cn=Grumpy,dc=fairytales,dc=org

from that starting-point. (I am assuming a globally linked-up DIT
here...) It could probably be done, but there is a risk of having to
try the search on every top-level domain, which would be extremely
inefficient.

> Imagine if I'd follow your scheme to the letter,
> and apart from Fairytailland, I would also like to host ehhh... suares.nl ?

> Then I would end up with:
> 
> 	cn=Ace,associatedDomain=suares.nl,ou=domains,dc=suares,dc=nl
> 
> and then rewrite it to
> 
> 	cn=Ace, dc=suares,dc=nl 
> ?
> 
> but dc=saures,dc=nl already exists (since you inisted on naming the entire DIT 
> dc=suares,dc=nl)

Not a problem, as that does not create a clash - it is just a pointer
to another place in the DIT. In fact I would probably use the O=, C=
form for the white pages stuff, giving you:

	cn=Ace Suares, o=Suares Internet Consultancy, c=NL

or (better):

	cn=Ace Suares, ou=People, o=Suares Internet Consultancy, c=NL

I just chose the DC name form for the root of my tree because there is
an easy way to be certain that it is unique and I will not clash with
someone else later.

> In fact, I made the root node for my server management application something 
> that hardly anyone else ever would want to use: qwidoApp=qwido. 

That is a perfectly valid thing to do if you define your own schema to
match, and if third-party LDAP clients are not expected to search your
DIT. It does mean that if you want to connect two previously separate
instances of your app together then you may have some name clashes to
resolve.

> It would be nice if there was some unique registered number or name, like OID 
> numer from IANA, that could be registered as top level / root node for any 
> project. In that way you'd be pretty sure that no one else would try and 
> randomly choose your root node suffix.

It is not really a good idea to create new stuff at the root
level, as that could hinder interoperability with other LDAP apps
later. The equivalent in OIDs would be to demand that IANA give you
a one-component OID like '.82376' - and they don't do that. OIDs,
like the LDAP DIT, have a hierachical structure so if you go to
IANA for an OID you will get something like .1.3.6.1.4.1.82376 - see
http://www.alvestrand.no/objectid/1.3.6.1.4.1.html for more on this.

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------