HP-UX Directory Server 8.1 deployment guide
9 Directory design examples
The design the directory service depends on the size and nature of the enterprise. This chapter
provides a couple of examples of how a directory can be applied within a variety of different
settings. These examples are a starting point for developing a real-life directory service deployment
plan.
9.1 Design example: A local enterprise
Example Corp., an automobile parts manufacturer, is a small company that consists of 500
employees. Example Corp. decides to deploy HP-UX Directory Server to support the
directory-enabled applications it uses.
9.1.1 Local enterprise data design
Example Corp. first decides the type of data it will store in the directory. To do this, Example
Corp. creates a deployment team that performs a site survey to determine how the directory will
be used. The deployment team determines the following:
• Example Corp.'s directory will be used by a messaging server, a web server, a calendar
server, a human resources application, and a white pages application.
• The messaging server performs exact searches on attributes such as uid, mailServerName,
and mailAddress. To improve database performance, Example Corp. will maintain indexes
for these attributes to support searches by the messaging server.
For more information on using indexes, see “Using indexes to improve database
performance”.
• The white pages application frequently searches for user names and phone numbers. The
directory therefore needs to be capable of frequent substring, wildcard, and fuzzy searches,
which return large sets of results. Example Corp. decides to maintain presence, equality,
approximate, and substring indexes for the cn, sn, and givenName attributes and presence,
equality, and substring indexes for the telephoneNumber attribute.
• Example Corp.'s directory maintains user and group information to support an LDAP
server-based intranet deployed throughout the organization. Most of Example Corp.'s user
and group information will be centrally managed by a group of directory administrators.
However, Example Corp. also wants email information to be managed by a separate group
of mail administrators.
• Example Corp. plans to support public key infrastructure (PKI) applications in the future,
such as S/MIME email, so it needs to be prepared to store users' public key certificates in
the directory.
9.1.2 Local enterprise schema design
Example Corp.'s deployment team decides to use the inetOrgPerson object class to represent
the entries in the directory. This object class is appealing because it allows the userCertificate
and uid (userID) attributes, both of which are needed by the applications supported by Example
Corp.'s directory.
Example Corp. also wants to customize the default directory schema. Example Corp. creates the
examplePerson object class to represent employees of Example Corp. It derives this object class
from the inetOrgPerson object class.
The examplePerson object class allows one attribute, the exampleID attribute. This attribute
contains the special employee number assigned to each Example Corp. employee.
In the future, Example Corp. can add new attributes to the examplePerson object class as
needed.
9.1 Design example: A local enterprise 125