Michael Ströder writes:
AlexanDER Franca wrote:
> Is there any disadvantage using a single dc?
> I mean, I work at a small company and I'm setting up a small ldap
> repository, for me is enough to use just a "dc=my_company".
dc-style DNs are meant to be mapped to DNS domain names.
Note that DNS
names does not allow an underscore. Since there wasn't a globally unique
name space established this is the way to go to create DNs which are
registered to your company like DNS domain names.
...and the reason to prefer a globally unique namespace is that it may
avoid future grief in your use of LDAP. E.g. LDAP server can cooperate.
Set up referrals to each other so if you search in a DN "outside" your
own server, the client gets a referral to a server which might hold that
DN. Or they can replicate part of each others' contents. Or you might
move your LDAP data to someone hosting LDAP for you, along with data for
So I have registered stroeder.com
. So it's suitable for me to
dc=stroeder,dc=com or whatever below of that.
You could also just use "o=My company name".
...note that the "dc" attribute name is short for "domainComponent",
while "o" is short for "organizationName". See the core LDAP schema
in RFC 4519. Not that LDAP knows or cares, only its users do.