Access Control Considerations; Naming Entries - Red Hat DIRECTORY SERVER 8.1 - DEPLOYMENT Deployment Manual

Hide thumbs Also See for DIRECTORY SERVER 8.1 - DEPLOYMENT:

Command reference manual (372 pages)

Configuration and command reference (292 pages)

Reference (228 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

page of 164

/ 164
Contents
Table of Contents
Bookmarks

Table of Contents

Naming Entries

Figure 4.9. Extended Branching for Example ISP

Both the enterprise and the hosting organization design their data hierarchies based on information

that is not likely to change often.

4.2.2.4. Access Control Considerations

Introducing a hierarchy into the directory tree can be used to enable certain types of access control.

As with replication, it is easier to group similar entries and then administer them from a single branch.

It is also possible to enable the distribution of administration through a hierarchical directory tree. For

example, to give an administrator from the marketing department access to the marketing entries

and an administrator from the sales department access to the sales entries, design the directory tree

according to those divisions.

Access controls can be based on the directory content rather than the directory tree. The filtered

mechanism can define a single access control rule stating that a directory entry has access to all

entries containing a particular attribute value. For example, set an ACI filter that gives the sales

administrator access to all the entries containing the attribute value ou=Sales.

However, ACI filters can be difficult to manage. Decide which method of access control is best suited

to the directory: organizational branching in the directory tree hierarchy, ACI filters, or a combination of

the two.

4.2.3. Naming Entries

After designing the hierarchy of the directory tree, decide which attributes to use when naming the

entries within the structure. Generally, names are created by choosing one or more of the attribute

values to form a relative distinguished name (RDN). The RDN is a single component within the

DN. This is the very first component shown, so the attribute used for that component is the naming

attribute, because it sets the unique name for the entry. The attributes to use depends on the type of

entry being named.

The entry names should adhere to the following rules:

Table of Contents

Need help?

Do you have a question about the DIRECTORY SERVER 8.1 - DEPLOYMENT and is the answer not in the manual?

Access Control Considerations; Naming Entries - Red Hat DIRECTORY SERVER 8.1 - DEPLOYMENT Deployment Manual

Naming Entries

4.2.2.4. Access Control Considerations

Need help?

Questions and answers

Related Manuals for Red Hat DIRECTORY SERVER 8.1 - DEPLOYMENT

Related Content for Red Hat DIRECTORY SERVER 8.1 - DEPLOYMENT

Table of Contents