The LDAP naming service uses a default directory information tree (DIT) to store information. The DIT itself is based on an LDAP schema.
The DIT consists of containers of information that are hierarchically structured. The structure follows a standard LDAP schema that is described in RFC 2307 and RFC 4876.
The default structure of the DIT suffices for most network setups to implement LDAP. With the default structure, you only need to determine the following:
The base node distinguished name (DN) of the tree that naming service will search for information about a specific domain. The base node information is managed by the defaultSearchBase attribute.
The scope of search that a naming service lookup functionality should perform. The scope can cover either only one level below the DN, or the entire subtree below the DN. This information is managed by the attribute defaultSearchScope
A DIT can also have a more complicated structure for storing data. For example, data about user accounts can be stored in different parts of the DIT. You should determine how to customize the behavior of the search operation such as the base DN, the scope, and the filters to use that overrides the default search sequence. The customized search sequence information is managed by the attributes serviceSearchDescriptor, attributeMap, and objectclassMap. For a detailed explanation about customizing the search sequence operation, see Service Search Descriptors and Schema Mapping.
Multiple servers can serve a single DIT. In this setup, the subtrees of a DIT might be distributed across multiple servers. Thus, you must further configure LDAP servers to properly redirect client requests to the appropriate LDAP servers which can provide the requested information. The information about how to redirect client requests to the correct server is managed by the followReferrals attribute.
Having a single LDAP server providing all the naming data for a specific domain is the normal and recommended setup. Even in this scenario, however, you can still configure the followReferrals attribute for a useful purpose. With referrals, you can direct clients to read-only replica servers for most of the information requests. Access to a master server to perform read and write operations is provided only exceptionally. With the referral configuration, you prevent the master server from overload.