LDAP Deployment Considerations / How to Organize the Data in a Directory

LDAP Deployment Considerations / How to Organize the Data in a Directory

Return to LDAP Resources Home Page.

In a UNIX file system, the top level is the root. Beneath the root you have numerous files and directories. As mentioned above, LDAP directories are set up in much the same manner.

Underneath your directory's base, you'll want to create containers that logically separate your data. For historical (X.500) reasons, most LDAP directories set these logical separations up as OU entries. OU stands for "Organizational Unit," which in X.500 was used to indicate the functional organization within a company: sales, finance, et cetera. Current LDAP implementations have kept the ou= naming convention, but break things apart by broad categories like ou=people, ou=groups, ou=devices, ... and so on. Lower level OUs are sometimes used to break categories down further. For example, an LDAP directory tree (not including individual entries) might look like this:

dc=idevelopment, dc=info
        ou=customers
            ou=asia
            ou=europe
            ou=usa
        ou=employees
        ou=rooms
        ou=groups
        ou=assets-mgmt
        ou=nisgroups
        ou=recipes

Last modified on: Tuesday, 26-Jul-2005 20:21:30 EDT
Page Count: 6250