|
|
|
LDAP Deployment Considerations / Choosing a Base (DN)
Return to LDAP Resources Home Page.
The top level of the LDAP directory tree is the base, referred to as the "base DN". A base DN usually takes one of the three forms listed here. The examples below assume we are working with iDevelopment, which is on the Internet as iDevelopment.info.
o="idevelopment", c=US
(base DN in X.500 format)
In this example, o=idevelopment. refers to the organization, which in this context should be treated as synonymous with the company name. c=US indicates that the company headquarters is in the US. Once upon a time, this was the preferred method of specifying your base DN. Times and fashions change, though; these days, most companies are (or plan to be) on the Internet. And what with Internet globalization, using a country code in the base DN probably made things more confusing in the end. In time, the X.500 format evolved into the other formats listed below.o=idevelopment.info
This format is fairly straightforward, using the company's Internet domain name as the base. Once you get past the o= portion (which stands for organization), everyone at your company should know where the rest came from. This was, until recently, probably the most common of the currently used formats.dc=idevelopment, dc=info
As with the previous format, this uses the DNS domain name as its basis. But where the other format leaves the domain name intact (and thus human-readable), this format is split into domain components: idevelopment.info becomes dc=idevelopment, dc=info. In theory, this could be slightly more versatile, though it's a little harder for end users to remember. By way of illustration, consider idevelopment.info. When idevelopment.info merges with acme.com, you simply start thinking of "dc=com" as the base DN. Place the new records into your existing directory under dc=acme, dc=com, and you're ready to go. (Of course, this approach doesn't help if idevelopment.info merges with csustan.edu.) This is the format I'd recommend for any new installations. Oh, and if you're planning to use Active Directory, Microsoft has already decided for you that this is the format you wanted.