Grouping Directory Entries - Red Hat DIRECTORY SERVER 8.1 - DEPLOYMENT Deployment Manual

Hide thumbs Also See for DIRECTORY SERVER 8.1 - DEPLOYMENT:

Command reference manual (372 pages)

Configuration and command reference (292 pages)

Reference (228 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

page of 164

/ 164
Contents
Table of Contents
Bookmarks

Table of Contents

Chapter 4. Designing the Directory Tree

In a hosted organization, we also recommend that group entries used for directory administration be

located under the ou=Groups branch.

4.2.3.3. Naming Organization Entries

The organization entry name, like other entry names, must be unique. Using the legal name

of the organization along with other attribute values helps ensure the name is unique, such as

o=example_a+st=Washington, o=ISP,c=US.

Trademarks can also be used, but they are not guaranteed to be unique.

In a hosting environment, include the following attributes in the organization's entry:

• o

• objectClass with values of top and organization

4.2.3.4. Naming Other Kinds of Entries

The directory contains entries that represent many things, such as localities, states, countries,

devices, servers, network information, and other kinds of data.

For these types of entries, use the cn attribute in the RDN if possible. Then, for naming a group entry,

name it something like cn=administrators, dc=example,dc=com.

However, sometimes an entry's object class does not support the commonName attribute. Instead, use

an attribute that is supported by the entry's object class.

There does not have to be any correspondence between the attributes used for the entry's DN and

the attributes actually used in the entry. However, a correspondence between the DN attributes and

attributes used by the entry simplifies administration of the directory tree.

4.3. Grouping Directory Entries

After creating the required entries, group them for ease of administration. The Directory Server

supports several methods for grouping entries and sharing attributes between entries:

• Using roles

• Using class of service

The following sections describe each of these mechanisms in more detail.

4.3.1. About Roles

Roles are an entry grouping mechanism. The directory tree organizes information hierarchically. This

hierarchy is a grouping mechanism, though it is not suited for short-lived, changing organizations.

Roles provide another grouping mechanism for more temporary organizational structures.

Roles unify static and dynamic groups. Static groups create a group entry that contains a list of

members, while dynamic groups filter entries that contain a particular attribute and include them in a

single group.

Each entry assigned to a role contains the nsRole attribute, a computed attribute that specifies all of

the roles to which an entry belongs. A client application can check role membership by searching the

nsRole attribute, which is computed by the directory and is therefore always up-to-date.

Table of Contents

Need help?

Do you have a question about the DIRECTORY SERVER 8.1 - DEPLOYMENT and is the answer not in the manual?

Grouping Directory Entries - Red Hat DIRECTORY SERVER 8.1 - DEPLOYMENT Deployment Manual

4.3. Grouping Directory Entries

Need help?

Questions and answers

Related Manuals for Red Hat DIRECTORY SERVER 8.1 - DEPLOYMENT

Related Content for Red Hat DIRECTORY SERVER 8.1 - DEPLOYMENT

Table of Contents