LDAP directory servers store their data hierarchically.
Why break things up into a hierarchy? It is easier in relationships understanding , You may wish to grant permissions to a group of individuals based on the directory structure and Combined with replication, you can tailor the layout of your directory structure to minimize WAN bandwidth utilization.
DN (Distinguish Name) it is The top level of the LDAP directory tree is the base, referred to as the "base DN." A base DN usually takes one of the three forms listed here.
Let's assume I work at a US electronic commerce company called FooBar which is on the Internet at foobar.com
1- o="FooBar, Inc.", c=US (base DN in X.500 format)
O refers to the organization, C refers to company headquarters.
this was the preferred method of specifying your base DN but these days, most companies are (or plan to be) on the Internet. And what with Internet globalization, using a country code in the base DN probably made things more confusing in the end. In time, the X.500 format evolved into the other formats listed below.
Why break things up into a hierarchy? It is easier in relationships understanding , You may wish to grant permissions to a group of individuals based on the directory structure and Combined with replication, you can tailor the layout of your directory structure to minimize WAN bandwidth utilization.
DN (Distinguish Name) it is The top level of the LDAP directory tree is the base, referred to as the "base DN." A base DN usually takes one of the three forms listed here.
Let's assume I work at a US electronic commerce company called FooBar which is on the Internet at foobar.com
1- o="FooBar, Inc.", c=US (base DN in X.500 format)
O refers to the organization, C refers to company headquarters.
this was the preferred method of specifying your base DN but these days, most companies are (or plan to be) on the Internet. And what with Internet globalization, using a country code in the base DN probably made things more confusing in the end. In time, the X.500 format evolved into the other formats listed below.
2- o=foobar.com (base DN derived from the company's Internet presence)
This format is fairly straightforward, using the company's Internet domain name as the base.
3- dc=foobar, dc=com (base DN derived from the company's DNS domain components)
this format is split into DC(domain components): foobar.com becomes dc=foobar, dc=com.
In theory, this could be slightly more versatile, though it's a little harder for end users to remember. And it is the most recommended format.
Underneath your directory's base, you'll want to create containers that logically separate your data. most LDAP directories set these logical separations up as OU entries. OU stands for "Organizational Unit," which in X.500 was used to indicate the functional organization within a company.
LDAP directory tree (not including individual entries) might look like this:
dc=foobar, dc=com
ou=customers
ou=asia
ou=europe
ou=usa
ou=employees
ou=rooms
ou=groups
ou=assets-mgmt
ou=nisgroups
ou=recipes
Individual LDAP records
All entries stored in an LDAP directory have a unique "Distinguished Name" or DN.
* The DN for each LDAP entry is composed of two parts: the Relative Distinguished Name (RDN) and the location within the LDAP directory where the record resides.
The RDN is the portion of your DN that is not related to the directory tree structure. Most items that you'll store in an LDAP directory will have a name, and the name is frequently stored in the cn (Common Name) attribute.
Since nearly everything has a name, most objects you'll store in LDAP will use their cn value as the basis for their RDN.
No comments:
Post a Comment