working with views. Except for a few specialized cases, there is no need for directory users to know that views are being used in a Directory Server instance; views appear and behave like conventional DITs.

Certain types of applications may have problems working with a views-enabled directory service. For example:

Applications that use the DN of a target entry to navigate up the DIT.

This type of application would find that it is navigating up the hierarchy in which the entry physically exists instead of the view hierarchy in which the entry was found. The reason for this is that views make no attempt to disguise the true location of an entry by changing the DN of the entry to conform to the view's hierarchy. This is by design - many applications would not function if the true location of an entry were disguised, such as those applications that rely on the DN to identify a unique entry. This upward navigation by deconstructing a DN is an unusual technique for a client application, but, nonetheless, those clients that do this may not function as intended.

Applications that use the numSubordinates operational attribute to determine how many entries exist beneath a node.

For the nodes in a view, this is currently a count of only those entries that exist in the real search space, ignoring the virtual search space. Consequently, applications may not evaluate the view with a search.

4.5Directory tree design examples

The following sections provide examples of directory trees designed to support a flat hierarchy as well as several examples of more complex hierarchies.

4.5.1 Directory tree for an international enterprise

To support an international enterprise, use the Internet domain name as the root point for the directory tree, then branch the tree immediately below that root point for each country where the enterprise has operations. Avoid using a country designator as the root point for the directory tree, as mentioned in “Suffix naming conventions”, especially if the enterprise is international.

Because LDAP places no restrictions on the order of the attributes in the DNs, the c attribute can represent each country branch:

Figure 4-13 Using the c attribute to represent different countries

However, some administrators feel that this is stylistically awkward, so instead use the l attribute to represent different countries:

56 Designing the directory tree