Sun Internet Mail Server 3.5 Advanced Installation Guide:

Directory Services Considerations

The directory service stores information on mail users, distribution lists, and services. This directory information is stored according to the directory information tree (DIT). The DIT is a hierarchical structure that resembles a tree with one major branch at the top and many branches and sub-branches as you work your way down.
TABLE B-1 outlines the layers that the DIT can contain from top to bottom.

TABLE B-1 Directory Information Tree Layers
Layer Name

Attribute

Mandatory Layer?

Maximum Number of Layers
Comments

Country

c

Yes

One level

If an organization has multiple mail servers that are geographically distributed in multiple countries, the country attribute should reflect one country only, for example, the organization headquarters.

Organization

o

Yes

One layer

None

Organizational
unit

ou

No

No limit

The existence of this organizational unit layer depends on the size of your organization (number of users) and structure of your organization's Domain Name Service (DNS).

People, Groups, and Services

ou

Yes

One layer

Directory information is stored in the form of user entries, group entries (for distribution lists), and service entries (for example, printer). User entries are stored under People, distributions lists are stored under Groups, and service entries are stored under Services.

As implied in TABLE B-1, the country, organization, and people, groups, and services layers of the DIT are fixed. You can configure names or labels for the country and organization layers but not the people, groups, and services layer. You cannot remove the country, organization, and people, groups, and services layers or add an additional layer of those categories. The organizational unit layer, however, is not fixed. Your DIT can have zero, one, two, or more organizational unit layers.

**TABLE B-1** Directory Information Tree Layers
Layer Name	Attribute	Mandatory Layer?	Maximum Number of Layers	Comments
Country	c	Yes	One level	If an organization has multiple mail servers that are geographically distributed in multiple countries, the country attribute should reflect one country only, for example, the organization headquarters.
Organization	o	Yes	One layer	None
Organizational unit	ou	No	No limit	The existence of this organizational unit layer depends on the size of your organization (number of users) and structure of your organization's Domain Name Service (DNS).
People, Groups, and Services	ou	Yes	One layer	Directory information is stored in the form of user entries, group entries (for distribution lists), and service entries (for example, printer). User entries are stored under People, distributions lists are stored under Groups, and service entries are stored under Services.

FIGURE B-1 Directory Information Tree for a Small Organization

FIGURE B-2 Directory Information Tree for a Medium or Large Organization

If an organization is small (1000 or fewer users and mailboxes) and the DNS is composed of only one domain like the Alpha Corporation, then you can implement the entire DIT on one mail server. If your organization is medium or large, the DNS is divided into subdomains like the Bravo Corporation, and you have decided to implement multiple mail servers, then you can implement portions of the DIT or subtrees on each mail server.