The Directory Information Tree

The role of a directory service is to support the storage and retrieval of data. The entries in an LDAP directory are often visualized as being organized in a tree-like structure. This mirrors the tree model used by most file systems. This is referred to as the directory information tree. Just as a file path uniquely identifies a file within a file system, a directory entry is uniquely identified within the DIT using a distinguished name (DN). A DN identifies the entry by using a comma-separated set of attribute and attribute values. The DN's left-most value is known as the Relative Distinguished Name (RDN). Following this value are subsequent attributes that represent a branch point above the entry. The final, or right-most, attribute represents the conceptual root point of the DIT.

SIMS requires that the data be represented in a combination of primary/secondary tree. The primary tree is the repository of all users and distribution list data and is patterned after an OSI DIT. The secondary tree is the Domain Component tree (DC tree) and mirrors the DNS hierarchy. The DC tree provides the mapping from the DNS name space to the primary namespace where all the users and distribution lists are defined. This mapping is used by message transfer agent for building routing tables and in making message routing decisions.

The root entry of the DIT is defined by the suffix value of the directory server. Hence, the LDAP directory server will have to support multiple suffixes in order for multiple DITs to be created. The Sun Directory Server and Netscape Directory Server support multiple DITs.




Copyright © 1999 Sun Microsystems, Inc. All Rights Reserved.