[Fedora-directory-users] Specifying an all-inclusive User directory subtree?

Jeff Clowser jclowser at unitedmessaging.com
Thu Jul 28 20:56:23 UTC 2005

I would create a suffix with something like "o=isp", then create 
"o=k12.pa.us", "o=abc.org", "o=<primarydomain>", etc under that.  Create 
ou=people, ou=groups, etc under each, and set up admin groups, aci's, 
etc to allow each to be managed separately, allow appropriate views by 
users, etc.

Search o=isp as your base to see all entries, or o=<primarydomain>,o=isp 
to see individual ones.  (Note I say <primarydomain> instead of <domain> 
because some organizations have more than one domain associated with 
them - you don't have to define a branch for each domain you use - 
organize things by how you want to manage them and restrict views, etc).

There is really no need to use the dc=k12,dc=pa,dc=us style tree - in 
fact, in most cases I've set up, that was actually a bad choice.  Sun 
uses o=internet as a base under which to put a full dc tree (in their 
5.x messaging software), but even they are moving away from that, 
because it doesn't work very well in a lot of cases (though it works a 
lot better than st=pa,c=us type trees).  If you really want to use a 
domain based tree, build it under something like o=internet. (i.e. 
dc=k12,dc=pa,dc=us,o=internet, etc) so there is a common root.

 - Jeff

Kevin Myer wrote:

>On initial configuration and later in the management console, you specify or use
>a "User directory subtree".  For a single organization, this may be easy to
>setup, but for ourselves, we manage directory entries for a variety of
>.k12.pa.us, .org, and .net domains.  So whats the best way of creating a view
>that encompasses all of those?  Is it possible to use a blank subtree, so that
>when I search for a user from within the management application, I can find
>them all, regardless of the domain components used?  Or are there better ways
>to handle this?

