Three-Tiered Hierarchy

In this scenario, a company such as an ISP offers services to hundreds or thousands of small businesses, each of which requires its own organization.

The ISP may support millions of end-users requiring mail services. Moreover, the ISP may work with third-party resellers who manage the end-user businesses.

Each day, dozens of new organizations might have to be added to the directory.

In a two-tiered hierarchy, the TLA would have to create all these new organizations.

In a three-tiered hierarchy, management tasks are delegated to a second level of administrators. This second level of delegation can ease the management of a large customer base supported by a large LDAP directory.

To support this hierarchy, Delegated Administrator introduces a new role, the Service Provider Administrator (SPA).

The SPA’s scope of authority lies between that of the Top-Level Administrator (TLA) and the Organization Administrator (OA).

Figure 1–3 shows an example of the administrator roles in a three-tiered hierarchy.

Figure 1–3 Administrator Roles in a Three-Tiered Hierarchy

In a three-tiered hierarchy, the TLA delegates administrative authority to Service Provider Administrators (SPAs). The SPAs can create subordinate organizations for new customers and assign Organization Administrators (OAs) to manage users in those organizations.

If you need multiple organizations that are themselves divided into subgroups or organizations, you can use a three-tiered hierarchy that implements the TLA, SPA, and OA roles.

For information about the SPA role, see Appendix A, Service Provider Administrator and Service Provider Organizations.