As mentioned before, the primary tree for SIMS is patterned after an OSI tree and is rooted at o=<orgnization-name>,c=<country-name>. Thus, the suffix for the primary tree has two components. However, this DIT can be created with a single component suffix in which case the primary tree is rooted at c=<country-name>.
In the example illustrated below, we will use a two components suffix. The nodes in bold are the nodes that correspond to a site's organization structure. Each node in the DIT that mirrors the organization is required to have the following organization units:
|
|
organization unit : people |
|
|
organization unit : groups |
|
|
organization unit : services |
User entries are defined so that they are contained within the people organization unit and distribution list entries are defined so that they are contained within the groups organization unit.
In the figure above, the DN for a user entry in engineering organizational unit will have a suffix of ou=people,ou=engineering,o=sun,c=us, preceded by the entries Relative Distinguished Name.
Each one of these containers are directory entries themselves and are comprised of top and organizationalUnit object class (these are defined in the section titled Miscellaneous Object Classes). The directory entry for people container is shown below (groups and services follow the same format):
| dn: ou=People,o=sun,c=us organizationalunit: people objectclass: top objectclass: organizationalUnit |
In FIGURE D-1, the root of the DIT is defined by the suffix o=sun,c=us. This directory entry is comprised of top, organization and domainRelatedObject object classes. The directory entry for the root entry is shown below:
| dn: o=sun,c=us organization: sun objectclass: top objectclass: organization objectclass: domainRelatedObject associateddomain: sun.com |
The value of associatedDomain attribute is the DNS suffix that corresponds to the node in the OSI tree. This is explained further when we talk about the Domain Component tree (secondary DIT).