2.6 Designing eDirectory for e-Business

If you use eDirectory for e-Business, whether you are providing a portal for services or sharing data with another business, the recommendations already mentioned in this chapter might not apply to you.

You might want to follow these suggested eDirectory e-business design guidelines instead:

  • Create a tree with a limited number of containers.

    This guideline depends on the applications you use and your implementation of eDirectory. For example, a global deployment of a messaging server might require the more traditional eDirectory design guidelines discussed earlier in this chapter. Or, if you are going to distribute administration of users, you might create a separate Organizational Unit (OU) for each area of administrative responsibility.

  • Maintain at least two partitions.

    Maintain the default partition at the Tree level, and create a partition for the rest of the tree. If you have created separate OUs for administrative purposes, create partitions for each of the OUs.

    If you are splitting the load over multiple servers, consider limiting the number of partitions, but still maintain at least two for backup or disaster recovery.

  • Create at least three replicas of your tree for fault tolerance and load balancing.

    Keep in mind that LDAP does not load balance itself. To balance the load on LDAP, consider using Layer 4 switches.

  • Create a separate tree for e-Business. Limit the network resources, such as servers and printers, included in the tree. Consider creating a tree that contains only User objects.

    You can use NetIQ Identity Manager to link this user tree to your other trees that contain network information. For more information, see the NetIQ Identity Manager 4.0.2.

  • Use auxiliary classes to customize your schema.

    If a customer or application requires a User object that is different from the standard inetOrgPerson, use auxiliary classes to customize your schema. Using auxiliary classes allows application designers to change the attributes used in the class without needing to re-create the tree.

  • Increase LDIF-import performance.

    When the NetIQ Import Conversion Export utility is used, eDirectory indexes each object during the process. This can slow down the LDIF-import process. To increase the LDIF-import performance, suspend all indexes from the attributes of the objects you are creating, use the NetIQ Import Conversion Export utility, then resume indexing the attributes.

  • Implement globally unique common names (CN).

    eDirectory allows the same CN in different containers. However, if you use globally unique CNs, you can perform searches on CN without implementing logic for dealing with multiple replies.