4.4. Virtual Directory Information Tree Views
4.4.1. About Virtual DIT Views
- A hierarchical directory information tree.
- A flat directory information tree.
Figure 4.14. Examples of a Flat and an Organizationally-Based DIT
nsview) and a filter attribute (
nsviewfilter) that describes the view. After adding the additional attribute, the entries that match the view filter instantly populate the view. The target entries only appear to exist in the view; their true location never changes. Virtual DIT views behave like normal DITs in that a subtree or a one-level search can be performed with the expected results being returned.
Figure 4.15. A Combined DIT Using Views
ou=Salesentry to enable viewing the Sales entries either by location or by product.
Figure 4.16. A DIT with a Virtual DIT View Hierarchy
- The sub-tree
ou=Peoplecontains the real
- The sub-tree
ou=Location Viewsis a view hierarchy.
- The leaf nodes
ou=Mountain Vieweach contain an attribute,
nsviewfilter, which describes the view.These are leaf nodes because they do not contain the real entries. However, when a client application searches these views, it finds
ou=Mountain View. This virtual search space is described by the
nsviewfilterattributes of all ancestor views. A search made from a view returns both entries from the virtual search space and those from the actual search space. This enables the view hierarchies to function as a conventional DIT or change a conventional DIT into a view hierarchy.
4.4.2. Advantages of Using Virtual DIT Views
- Views facilitate the use of a flat namespace for entries, because virtual DIT views provide navigational and managerial support similar to those provided by traditional hierarchies.In addition, whenever there is a change to the DIT, the entries never need to be moved; only the virtual DIT view hierarchies change. Because these hierarchies contain no real entries, they are simple and quick to modify.
- Oversights during deployment planning are less catastrophic with virtual DIT views. If the hierarchy is not developed correctly in the first instance, it can be changed easily and quickly without disrupting the service.
- View hierarchies can be completely revised in minutes and the results instantly realized, significantly reducing the cost of directory maintenance.Changes to a virtual DIT hierarchy are instantly realized. When an organizational change occurs, a new virtual DIT view can be created quickly. The new virtual DIT view can exist at the same time as the old view, thereby facilitating a more gradual changeover for the entries themselves and for the applications that use them. Because an organizational change in the directory is not an all-or-nothing operation, it can be performed over a period of time and without service disruption.
- Using multiple virtual DIT views for navigation and management allows for more flexible use of the directory service.With the functionality provided by virtual DIT views, an organization can use both the old and new methods to organize directory data without any requirement to place entries at certain points in the DIT.
- Virtual DIT view hierarchies can be created as a kind of ready-made query to facilitate the retrieval of commonly-required information.
- Views promote flexibility in working practices and reduce the requirement that directory users create complex search filters, using attribute names and values that they would otherwise have no need to know.The flexibility of having more than one way to view and query directory information allows end users and applications to find what they need intuitively through hierarchical navigation.
4.4.3. Example of Virtual DIT Views
dc=example,dc=comand fits the view description appears in this view, organized by location.
dn: ou=Location Views,dc=example,dc=com objectclass: top objectclass: organizationalUnit objectclass: nsView ou: Location Views description: views categorized by location dn: ou=Sunnyvale,ou=Location Views,dc=example,dc=com objectclass: top objectclass: organizationalUnit objectclass: nsView ou: Sunnyvale nsViewFilter: (l=Sunnyvale) description: views categorized by location dn: ou=Santa Clara,ou=Location Views,dc=example,dc=com objectclass: top objectclass: organizationalUnit objectclass: nsView ou: Santa Clara nsViewFilter: (l=Santa Clara) description: views categorized by location dn: ou=Cupertino,ou=Location Views,dc=example,dc=com objectclass: top objectclass: organizationalUnit objectclass: nsView ou: Cupertino nsViewFilter: (l=Cupertino) description: views categorized by location
ou=Location Views,dc=example,dc=comwould return all entries below
dc=example,dc=comwhich match the filters
(l=Santa Clara), or
(l=Cupertino). Conversely, a one-level search would return no entries other than the child view entries because all qualifying entries reside in the three descendant views.
ou=Location Views,dc=example,dc=comview entry itself does not contain a filter. This feature facilitates hierarchical organization without the requirement to further restrict the entries contained in the view. Any view may omit the filter. Although the example filters are very simple, the filter used can be as complex as necessary.
ou=Location Views,dc=example,dc=comwith the filter value
ou=Location Viewsfirst together with the new filter mentioned above would create a view with all entries with the
organizationobject class. When the descendant views are added that further restrict entries, the entries that now appear in the descendant views are removed from the ancestor views. This demonstrates how virtual DIT views mimic the behavior of traditional DITs.
Entry Bwith both
Sunnyvale(see Figure 4.16, “A DIT with a Virtual DIT View Hierarchy”), add the
Sunnyvalevalue to the location attribute, and the entry appears in both views.
4.4.4. Views and Other Directory Features
dc=example,dc=comdoes not return any entries from the virtual search space; in fact, no virtual-search-space search is performed. Views processing occurs only if the search base is
ou=Location Views. This way, views ensure that the search does not result in entries from both locations. (If it were a conventional DIT, entries from both locations would be returned.)
4.4.5. Effects of Virtual Views on Performance
4.4.6. Compatibility with Existing Applications
- Applications that use the DN of a target entry to navigate up the DIT.This type of application would find that it is navigating up the hierarchy in which the entry physically exists instead of the view hierarchy in which the entry was found. The reason for this is that views make no attempt to disguise the true location of an entry by changing the DN of the entry to conform to the view's hierarchy. This is by design - many applications would not function if the true location of an entry were disguised, such as those applications that rely on the DN to identify a unique entry. This upward navigation by deconstructing a DN is an unusual technique for a client application, but, nonetheless, those clients that do this may not function as intended.
- Applications that use the
numSubordinatesoperational attribute to determine how many entries exist beneath a node.For the nodes in a view, this is currently a count of only those entries that exist in the real search space, ignoring the virtual search space. Consequently, applications may not evaluate the view with a search.