!!!Tree setup
Below is the [DIT] ([Directory Information Tree]) setup that I have found to be the most flexible for large [LDAP] trees.
{{{
[root]
	|-dc=com
	|--dc=willeke,dc=com
			(Root of All Normal Activity)
	|---ou=groups,dc=willeke,dc=com
			(All groups without eDirectory Privileges)
	|---ou=idm,dc=willeke,dc=com
			(All IDM components)
	|---ou=people,dc=willeke,dc=com
			(All user type accounts without Directory Privileges)
	|---ou=esc,dc=willeke,dc=com
			(All groups and users with elevated Directory Privileges)
	|---dc=svr,dc=willeke,dc=com
			(All Server related Entries)
	|---ou=Applications,dc=willeke,dc=com
			(All Applications Administration Would Be done here)
			(Typically groups or elevated privileges needed for App Administration)
}}}

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]