The main points to consider when you develop an LDAP directory structure for you solution are the following:
The directory can be distributed among several instances of Directory Server. The appropriate arrangement for your solution depends on your quality of service requirements and your security requirements. For example, you can create separate Directory Server instances for configuration data and user and group data. You can also create several directory branches for user and group data, such as a branch for employee data and a branch for web-based customers, with each branch established in a separate Directory Server instance.
For each Directory Server instance that holds user and group data, you must specify a base DN suffix. You specify this value when you run the Java ES installer.
For each Directory Server instance that holds user and group data for Java ES communications services (Messaging Server, Calendar Server, andInstant Messaging), you must create a directory tree branch that is configured to support single-sign on access to these services. You create this branch when you run the Messaging Server configuration wizard. You complete the configuration of this branch with the Directory Server Preparation Tool and the Delegated Administrator tool.
The evaluation solution has minimal quality of service and security requirements, and a single Directory Server instance for both configuration data and user and group data satisfies those requirements. The Directory Server instance for the evaluation solution runs on one computer system with the other components.
The evaluation solution uses Java ES communications services, so an LDAP tree branch that supports communications services and single sign-on is needed.
The LDAP directory for the evaluation solution is set up for an imaginary company named Examplecorp. The LDAP base DN for the evaluation solution is o=exanplecorp. You specify this base DN when you run the Java ES installer. The branch you create with the Messaging Server configuration wizard to support communications services is named o=examplecorp.com,o=examplecorp. The branch has a People container (the LDAP DN is ou=people,o=examplecorp.com,o=examlecorp. You add the end user accounts to this People container.
A simplified diagram of the evaluation solution's directory tree is illustrated in Figure 3–1.