4.5. Directory Tree Design Examples

The following sections provide examples of directory trees designed to support a flat hierarchy as well as several examples of more complex hierarchies.

4.5.1. Directory Tree for an International Enterprise

To support an international enterprise, use the Internet domain name as the root point for the directory tree, then branch the tree immediately below that root point for each country where the enterprise has operations. Avoid using a country designator as the root point for the directory tree, as mentioned in Section 4.2.1.1, “Suffix Naming Conventions”, especially if the enterprise is international.
Because LDAP places no restrictions on the order of the attributes in the DNs, the c attribute can represent each country branch:
Using the c Attribute to Represent Different Countries

Figure 4.17. Using the c Attribute to Represent Different Countries

However, some administrators feel that this is stylistically awkward, so instead use the l attribute to represent different countries:
Using the l Attribute to Represent Different Countries

Figure 4.18. Using the l Attribute to Represent Different Countries

4.5.2. Directory Tree for an ISP

Internet service providers (ISPs) may support multiple enterprises with their directories. ISP should consider each of the customers as a unique enterprise and design their directory trees accordingly. For security reasons, each account should be provided a unique directory tree with a unique suffix and an independent security policy.
An ISP should consider assigning each customer a separate database and storing these databases on separate servers. Placing each directory tree in its own database allows data to be backed up and restored for each directory tree without affecting the other customers.
In addition, partitioning helps reduce performance problems caused by disk contention and reduces the number of accounts potentially affected by a disk outage.
Directory tree for Example ISP

Figure 4.19. Directory tree for Example ISP