Directory Tree For An International Enterprise; Directory Tree For An Isp - Red Hat DIRECTORY SERVER 8.1 - DEPLOYMENT Deployment Manual

Chapter 4. Designing the Directory Tree

4.5.1. Directory Tree for an International Enterprise

To support an international enterprise, use the Internet domain name as the root point for the directory
tree, then branch the tree immediately below that root point for each country where the enterprise has
operations. Avoid using a country designator as the root point for the directory tree, as mentioned in
Section 4.2.1.1, "Suffix Naming Conventions", especially if the enterprise is international.
Because LDAP places no restrictions on the order of the attributes in the DNs, the c attribute can
represent each country branch:
Figure 4.13. Using the c Attribute to Represent Different Countries
However, some administrators feel that this is stylistically awkward, so instead use the l attribute to
represent different countries:
Figure 4.14. Using the l Attribute to Represent Different Countries

4.5.2. Directory Tree for an ISP

Internet service providers (ISPs) may support multiple enterprises with their directories. ISP should
consider each of the customers as a unique enterprise and design their directory trees accordingly.
For security reasons, each account should be provided a unique directory tree with a unique suffix and
an independent security policy.
An ISP should consider assigning each customer a separate database and storing these databases
on separate servers. Placing each directory tree in its own database allows data to be backed up and
restored for each directory tree without affecting the other customers.
54