Directory Design Overview - Red Hat DIRECTORY SERVER 8.1 - DEPLOYMENT Deployment Manual

Chapter 1. Introduction to Directory Services
For example, an entry might be of object class organizationalPerson, indicating that the
entry represents a person within an organization. This object class supports the givenname and
telephoneNumber attributes. The values assigned to these attributes give the name and phone
number of the person represented by the entry.
Directory Server also uses read-only attributes that are calculated by the server. These attributes are
called operational attributes. The administrator can manually set operational attributes that can be
used for access control and other server functions.
1.3.1.1. Performing Queries on Directory Entries
Entries are stored in a hierarchical structure in the directory tree. LDAP supports tools that query the
database for an entry and request all entries below it in the directory tree. The root of this subtree is
called the base distinguished name, or base DN. For example, if performing an LDAP search request
specifying a base DN of ou=people, dc=example,dc=com, then the search operation examines
only the ou=people subtree in the dc=example,dc=com directory tree.
Not all entries are automatically returned in response to an LDAP search, however, because
administrative entries (which have the ldapsubentry object class) are not returned by default with
LDAP searches. Administrative object, for example, can be entries used to define a role or a class of
service. To include these entries in the search response, clients need to search specifically for entries
with the ldapsubentry object class. See
Section 4.3.3, "About Class of Service"
roles and
1.3.2. Distributing Directory Data
When various parts of the directory tree are stored in separate databases, the directory can process
client requests in parallel, which improves performance. The databases can even be located on
different machines to further improve performance.
Distributed data are connected by a special entry in a subtree of the directory, called a database link,
which point to data stored remotely. When a client application requests data from a database link,
the database link retrieves the data from the remote database and returns it to the client. All LDAP
operations attempted below this entry are sent to the remote machine. This method is called chaining.
Chaining is implemented in the server as a plug-in, which is enabled by default.

1.4. Directory Design Overview

Planning the directory service before actual deployment is the most important task to ensure the
success of the directory. The design process involves gathering data about the directory requirements,
such as environment and data sources, users, and the applications that use the directory. This
information is integral to designing an effective directory service because it helps identify the
arrangement and functionality required.
The flexibility of Directory Server means the directory design can be reworked to meet unexpected or
changing requirements, even after the Directory Server is deployed.
1.4.1. Design Process Outline
Chapter 2, Planning the Directory Data
1.
The directory contains data such as user names, telephone numbers, and group details. This
chapter analyzes the various sources of data in the organization and understand their relationship
6
Section 4.3.1, "About Roles"
for more information about class of service.
for more information about