test

Sun Java Communications Suite 5 Schema Reference

Schema 2

In Schema 2, the directory can have two types of organization nodes: base and index. Base nodes appear at the root of the directory tree and contain the organization's data (users and groups).

Typically, index nodes for the organization are created if a deployment involves more than one logical grouping of the same physical data. An index node can appear anywhere in the directory.

Moreover, some LDAP administrators need to create a directory structure in which one organization node is placed above another, and the user data exists below both organization nodes. (You might have to do this to maintain the structure of a legacy user directory or to merge an existing user domain with a recently acquired domain.)

If the directory contains multiple index nodes for the organization or nested organization nodes, a user entry can “belong” logically to more than one organization node. An application such as Messaging Server must determine which organization is the canonical one in order to resolve a domain search and correctly identify the user's mailbox.

In this situation, you must decorate all the non-canonical organization entries with the inetCanonicalDomainName attribute, which specifies the domain name of the organization's base node. Its value must be the same as that of the sunPreferredDomain attribute in the organization's base node.

If the inetCanonicalDomainName attribute is missing and there are multiple organization nodes referring to the organization's base node, the mail processes could possibly use the wrong domain name when trying to open users’ mailboxes.

Note that it serves no purpose to decorate the canonical domain entry itself with the inetCanonicalDomainName attribute. If you do, it must have the same value as sunPreferredDomain.

If you want multiple domains to have the same attribute settings, you should not create multiple organization nodes. Instead, add associatedDomain to the organization's base node to specify the DNS domain name aliases. (Add one instance of associatedDomain for each domain name alias.) If the organization's base node is not the canonical domain, then it must contain the sunPreferredDomain attribute.