Figure A–3 shows a Directory Information Tree (DIT) view of the sample organization data.
VIS and ESG (provider organizations)
DEF, a shared organization subordinate to the VIS provider organization
SESTA, a full organization subordinate to the VIS provider organization
ugldapbasedn - This parameter represents the root suffix.
o=business - A node that contains all businesses in the directory.
o=SharedDomainsRoot - A node needed to contain the domains used by shared organizations.
In this Directory Information Tree, shared organizations subordinate to different service provider organizations can use the same shared domain. This can be done because both the provider organizations have nodes under the SharedDomainsRoot node.
o=ESGDomainsRoot and o=VISDomainsRoot - These nodes contain any full organizations that are subordinate to the ESG and VIS provider organizations.
Each provider organization that manages full organizations must have a node at this level (under the root suffix).
Multiple full organizations, each with its own domain, can exist under ESGDomainsRoot or VISDomainsRoot.
o=siroe.com - The shared domain. It is used by the shared organization, DEF.
o=VIS and o=ESG - These provider organization nodes contain any shared organizations subordinate to the VIS and ESG provider organizations.
For example, the shared organization, DEF, is subordinate to the VIS provider organization.
o=SESTA - The full organization. It has its own domain, sesta.com.
o=DEF - The shared organization. It uses the domain siroe.com.
ou=people - The standard LDAP organization unit required for containing users.
Some user DNs in the sample organization file shown in Figure A–3 are as follows:
For the user named user1_def, who belongs to the DEF organization:
dn: uid=user1_def,ou=People,o=DEF,o=VIS,o=siroe.com, o=SharedDomainsRoot,o=Business,ugldapbasedn
For the user named user1, who belongs to the SESTA organization:
dn: uid=user1,ou=People,o=SESTA,o=VISDomainsRoot, o=Business,ugldapbasedn