HP-UX Directory Server 8.1 deployment guide

NOTE:

A common mistake is to assume that the directory is searched based on the attributes used in

the distinguished name. The distinguished name is only a unique identifier for the directory

entry and cannot be used as a search key. Instead, search for entries based on the attribute-data

pairs stored on the entry itself. Thus, if the distinguished name of an entry is uid=bjensen,

ou=People,dc=example,dc=com, then a search for dc=example does not match that entry

unless dc:example has explicitly been added as an attribute in that entry.

4.2.2.3 Replication considerations

During the directory tree design process, consider which entries are being replicated. A natural

way to describe a set of entries to be replicated is to specify the DN at the top of a subtree and

replicate all entries below it. This subtree also corresponds to a database, a directory partition

containing a portion of the directory data.

For example, in an enterprise environment, one method is to organize the directory tree so that

it corresponds to the network names in the enterprise. Network names tend not to change, so

the directory tree structure is stable. Further, using network names to create the top level branches

of the directory tree is useful when using replication to tie together different Directory Servers.

For instance, Example Corp. has three primary networks known as flightdeck.example.com,

tickets.example.com, and hangar.example.com. They initially branch their directory

tree as follows:

Figure 4-6 Initial branching of the directory tree for example corp.

After creating the initial structure of the tree, they create additional branches as follows:

Figure 4-7 Extended branching for example corp.

The Example ISP branches their directory as follows:

44 Designing the directory tree