Tree setup#

Below is the DIT (Directory Information Tree) setup that I have found to be the most flexible for large LDAP trees.

[root]
	|-dc=com
	|--dc=willeke,dc=com
			(Root of All Normal Activity)
	|---ou=groups,dc=willeke,dc=com
			(All groups without eDirectory Privileges)
	|---ou=idm,dc=willeke,dc=com
			(All IDM components)
	|---ou=people,dc=willeke,dc=com
			(All user type accounts without Directory Privileges)
	|---ou=esc,dc=willeke,dc=com
			(All groups and users with elevated Directory Privileges)
	|---dc=svr,dc=willeke,dc=com
			(All Server related Entries)
	|---ou=Applications,dc=willeke,dc=com
			(All Applications Administration Would Be done here)
			(Typically groups or elevated privileges needed for App Administration)

More Information#

There might be more information for this subject on one of the following:

• Directory Information Tree