The SPA can create, modify, and delete the following types of organizations that are subordinate to the SPA’s provider organization:
The provider organization, full organization, and shared organization are described in the sections that follow.
A provider organization is a node in the LDAP directory that logically contains full organizations and shared organizations. The provider organization node has attributes that allow the SPA to manage subordinate organizations.
In the LDAP directory, a provider organization must be located under a mail domain. For an example, see Sample Service-Provider Organization Data, later in this appendix.
A provider organization cannot contain user entries. Instead, users are provisioned in the organizations created under the provider organization.
A provider organization stores directory information about the organizations created under it. For example:
Whether the provider organization can contain shared organizations, full organizations, or both
Domain names that can be used by the shared organizations created under this provider organization
The types and number of Class-of-Services packages available to the organizations created under this provider organization
The organization designated to be the home of the SPA for the provider organization.
A full organization has the following characteristics:
It is subordinate to the provider organization and is created by the SPA.
Users can be provisioned in a full organization.
In the example shown in Figure A–1, user2 belongs to the sesta.com domain and has a mail address of user2@sesta.com.
As a full organization, it has its own domain that no other organization can share, and it has its own unique namespace.
In the example shown in Figure A–1, the full organization, SESTA, has the domain name sesta.com.
A shared organization has the following characteristics:
It is subordinate to the provider organization and is created by the SPA.
Users can be provisioned in a shared organization.
In the example shown in Figure A–1, user5 belongs to the siroe.com domain and has a mail address of user5@siroe.com.
It uses one or more of the shared domain names from the list provided by the provider organization.
In the example shown in Figure A–1, the shared organization DEF uses the domain name siroe.com.
Other shared organizations can share the domain name used by this organization.
In the example shown in Figure A–1, both the DEF and HIJ organizations belong to the siroe.com domain.
A shared organization does not have a unique namespace.