Comparison of Sun Java System LDAP Schema Modes for Communications Suite Products

Schema Version 1 Mode Background Information

 The chief characteristic of Schema version 1 mode is its association with the use of two DITs, a Domain Component tree (DC tree) and an Organization tree. A DIT is a logical view of the relationship between domain, user and group LDAP entries, and implies how the information can be located.

Figure 1–1 Schema Version 1 Two DIT Layout

This is a logical layout of a Schema version 1 mode two
DIT LDAP structure. It does not reflect the physical layout of the LDAP directory.

For Schema version 1 mode, the domain information is carried exclusively on the DC tree. The user and group information is all carried in the Organization tree. The domain nodes on the Organization tree are just place holders and don't carry functional attributes

The server software finds the distinguished name (DN) of the Organization tree domain by reading the value of the inetDomainBaseDN attribute in the DC tree domain node. The system uses this DN to search the LDAP for the Organization tree domain node, under which the domain's users and groups reside.

Domain nodes that function as aliases can be created in two different ways, with or without their own routing and access information. The alias domains that contain no routing and access information of their own reference another DC tree domain node, and use that node's routing and access control information. The alias domains, more properly called index nodes, containing their own routing and access control information, reference an Organization tree domain node. For more information about Schema version 1 aliases, see How Alias Domains Are Handled In Schema Version 1 Mode.

The two tree layout illustrated in Figure 1–1, shows how the LDAP entries are logically structured. In the figure, arrows from the DC tree show how the nodes in the DC tree point to the domain nodes in the Organization tree. Furthermore, it shows an alias domain node in the DC tree, siroe. This node carries its own routing and access control information, while still pointing to the canonical domain, If it did not contain its own routing and access control information, it would point to the DC tree domain where the routing and access control information it's using resides, sesta.

In the earlier versions of Calendar Server and Messaging Server, each product provided its own provisioning and administration utilities based on Schema version 1 mode. In addition, Messaging Server offered the iPlanet Delegated Administrator GUI for provisioning and administration in the Schema version 1 environment, as well as an Administration Server GUI that was separately installable.