Hi everyone.
Is there any disadvantage using a single dc?
I mean, I work at a small company and I'm setting up a small ldap repository, for me is enough to use just a "dc=my_company".
But slapd says something about less performance.
I think this warning is just about large repositories using just a single dc, what seems to be a bad setup, but I'm not sure.
[]'s Alexander
AlexanDER Franca wrote:
Is there any disadvantage using a single dc?
I mean, I work at a small company and I'm setting up a small ldap repository, for me is enough to use just a "dc=my_company".
dc-style DNs are meant to be mapped to DNS domain names. Note that DNS names does not allow an underscore. Since there wasn't a globally unique name space established this is the way to go to create DNs which are registered to your company like DNS domain names.
So I have registered stroeder.com. So it's suitable for me to use dc=stroeder,dc=com or whatever below of that.
You could also just use "o=My company name".
But slapd says something about less performance.
Uuuh? Where did you read this? Please post the exact message and where you found it. I suspect it's just a message caused by a missing DB_CONFIG file.
Ciao, Michael.
Michael Ströder writes:
AlexanDER Franca wrote:
Is there any disadvantage using a single dc?
I mean, I work at a small company and I'm setting up a small ldap repository, for me is enough to use just a "dc=my_company".
dc-style DNs are meant to be mapped to DNS domain names.
Note that DNS names does not allow an underscore. Since there wasn't a globally unique name space established this is the way to go to create DNs which are registered to your company like DNS domain names.
...and the reason to prefer a globally unique namespace is that it may avoid future grief in your use of LDAP. E.g. LDAP server can cooperate. Set up referrals to each other so if you search in a DN "outside" your own server, the client gets a referral to a server which might hold that DN. Or they can replicate part of each others' contents. Or you might move your LDAP data to someone hosting LDAP for you, along with data for other organizations.
So I have registered stroeder.com. So it's suitable for me to use dc=stroeder,dc=com or whatever below of that.
You could also just use "o=My company name".
...note that the "dc" attribute name is short for "domainComponent", while "o" is short for "organizationName". See the core LDAP schema in RFC 4519. Not that LDAP knows or cares, only its users do.
openldap-technical@openldap.org
-
AlexanDER Franca -
Hallvard B Furuseth -
Michael Ströder