Solaris ISP Server Directory Structure

Solaris ISP Server requires a specific structure in the directory information tree (DIT), which is created during installation and configuration. Solaris ISP Server host configuration creates two naming contexts, referred to as the Open Systems Interconnection (OSI) tree and the domain component (DC) tree.

Each naming context is defined according to the data you provide during installation. Initially, two naming contexts are created. The OSI naming context is created directly from the distinguished name you provide (for example, o=sun,c=us). If you entered sun.com as your domain, the DC naming context is defined as dc=com, and an entry is made beneath that for dc=sun. The host configuration process also creates the requisite entries.

Portions of the two trees are parallel. This parallel structure facilitates mapping of domain names from a DNS request through the DC tree to the actual content entries in the OSI tree.

OSI Tree Structure

The OSI tree contains the actual entries for Solaris ISP Server, its component services, administrators of those services, and subscribers to the services. The required structure is shown in Figure 3-1.

Figure 3-1 Solaris ISP Server OSI Tree

In the OSI tree, the domain sun.com is represented by the entry with the distinguished name o=sun,c=us. This entry is called the root entry (sometimes the root domain) of the naming context, and represents the Solaris ISP Server customer's business. You specify the root entry during installation of the directory services.

Beneath the root entry are four required organizationalUnit entries:

• Administrators contains entries for Sun^TM Internet Administrator^TM administrators. These entries are created by the product when you create administrators using the GUI.

• People contains entries for subscribers to ISP services. You create entries for your customers, whether at the command line or by using the Deja tool.

• Groups contains entries that group subscriber entries together for access control purposes. You create group entries according to your needs, whether at the command line or by using the Deja tool.

• Services contains entries created for Solaris ISP Server services. You should make entries under this node only when you are integrating a new service.

People, Groups, and Services nodes are required under each domain entry you define. The Administrators node exists only under the root entry.

Figure 3-2 shows a typical set of entries under each organizational unit.

Figure 3-2 OSI Tree Entries

The organizationalUnit entry eng is an example of a domain entry. This might be a corporate customer of the ISP, or anyone who has virtual domain hosting services with the ISP. Domains must have two entries: one here in the OSI tree and another in the DC tree for domain name mapping. See "Creating Domain Entries" for information on creating these two entries properly.

Domains, like the root entry, require certain organizationalUnit entries within them. As shown in Figure 3-3, People, Groups, and Services entries are also required in a domain below the root.

Figure 3-3 Domain Structure in the OSI Tree

When creating a domain entry in the OSI tree, you must also create the entries for People, Groups, and Services. When you configure services for this domain, service entries are made under the Services organizational unit. Subscriber information for this domain forms ispSubscriber entries under the People organization unit.

Administrator entries exist only under the root entry in this version of Solaris ISP Server. These entries are created by Sun Internet Administrator when you specify them through the GUI.

DC Tree Structure

The DC (domain component) tree maps domain name format (for example, sun.com) to the distinguished name of the corresponding entry in the OSI tree. As shown in Figure 3-4, the DC tree is usually relatively flat and simpler than the OSI tree.

Figure 3-4 Solaris ISP Server DC Tree

In Figure 3-4, the entry dc=sun,dc=com maps to the o=sun,c=us entry in the OSI tree. The eng domain here maps to the domain name system (DNS) form eng.sun.com.

For details on how to make the two domain entries, see "Creating Domain Entries".