Below is the
DIT (
Directory Information Tree) setup that I have found to be the most flexible for large
LDAP trees.
[root]
|-dc=com
|--dc=willeke,dc=com
(Root of All Normal Activity)
|---ou=groups,dc=willeke,dc=com
(All groups without eDirectory Privileges)
|---ou=idm,dc=willeke,dc=com
(All IDM components)
|---ou=people,dc=willeke,dc=com
(All user type accounts without Directory Privileges)
|---ou=esc,dc=willeke,dc=com
(All groups and users with elevated Directory Privileges)
|---dc=svr,dc=willeke,dc=com
(All Server related Entries)
|---ou=Applications,dc=willeke,dc=com
(All Applications Administration Would Be done here)
(Typically groups or elevated privileges needed for App Administration)
There might be more information for this subject on one of the following: