Michael Ströder writes:
AlexanDER Franca wrote:
Is there any disadvantage using a single dc?
I mean, I work at a small company and I'm setting up a small ldap repository, for me is enough to use just a "dc=my_company".
dc-style DNs are meant to be mapped to DNS domain names.
Note that DNS names does not allow an underscore. Since there wasn't a globally unique name space established this is the way to go to create DNs which are registered to your company like DNS domain names.
...and the reason to prefer a globally unique namespace is that it may avoid future grief in your use of LDAP. E.g. LDAP server can cooperate. Set up referrals to each other so if you search in a DN "outside" your own server, the client gets a referral to a server which might hold that DN. Or they can replicate part of each others' contents. Or you might move your LDAP data to someone hosting LDAP for you, along with data for other organizations.
So I have registered stroeder.com. So it's suitable for me to use dc=stroeder,dc=com or whatever below of that.
You could also just use "o=My company name".
...note that the "dc" attribute name is short for "domainComponent", while "o" is short for "organizationName". See the core LDAP schema in RFC 4519. Not that LDAP knows or cares, only its users do.