PJ's picture

LDAP DIT structures

On January 1st, 2007 PJ (not verified) says:

There's no rule to DIT structures in any LDAP implementation. Remember that LDAP is an access protocol and has nothing to do with the storing, managing or manipulating of the data. It's merely a method to access that data.

Storing data within your Directory Services (DS) model should be well thought-out. There's no one design-fits-all yet there's something that's quite near it for large enterprises or those companies looking to do identity management/provisioning etc. That's the hub-spoke design with an identity 'vault' at the center with connections (or federation) to disparate systems.

Never use OUs where attributes will do -- no need to divide your user accounts in differing sub-tree searches but rather write your applications to query one sub-tree searching for specific attributes (ie, instead of ou=acct,ou=example,o=org, try searching ou=users,o=org for a specific attribute like dept? why not extend the schema and include this information?

Virtual directories will also shape your thinking around how to design and setup directories as more and more applications will use virtual directory services (and/or federation) for access and control.

I could write a book . . . :)

Reply

Please note that comments may not appear immediately, so there is no need to repost your comment.
The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <pre> <ul> <ol> <li> <dl> <dt> <dd> <i> <b>
  • Lines and paragraphs break automatically.

More information about formatting options

Featured Videos

Linux Journal Live - eBook Readers and DRM

November 14th, 2008 by Shawn Powers in

The November 13, 2008 edition of Linux Journal Live! Shawn Powers and special guest, Linux Journal Author Daniel Bartholomew, talk e-book readers and Daniel's Kindle, DRM, and other goodness.

From the Magazine

December 2008, #176

The Oxford English Dictionary says the word "gadget" is a placeholder name for a technical item whose precise name one can't remember. Like that book-reader thingy from Amazon...what's it called? Spindle, Gindle...Kindle, that's it. Check it out in this month's gadget issue.

Other gadgets covered include the Nokia tablets, the BlackBerry, the Neo FreeRunner, the Dash Express, the Roku Netflix Player, the Kangaroo TV, The TomTom GO 930 and the MooBella Ice Cream System. On the larger hardware front, read the reviews of the Acer Aspire One and the YDL PowerStation. On the software front, check out the articles and columns on memcached, Samba security, Mutt, desktop gadgets, bash and Puppet. To wrap it all up, read Doc's thoughts on Google and the browser platform.

Read this issue

Sign up for our Email Newsletter