3.2 An Introduction to eDirectory Planning

If you want an efficient and intuitive eDirectory design, you and your organization need to base it on two things:

You and your team should carefully think through the issues and design considerations discussed in Designing Your NetIQ eDirectory Network in the NetIQ eDirectory 8.8 SP8 Administration Guide.

3.2.1 Your Getting-started Lab’s eDirectory Tree

Figure 3-1 illustrates an eDirectory tree like the one you will use in the getting-started lab exercises found in this guide. It also illustrates and explains the basic elements you should consider when designing an eDirectory tree.

NOTE:The IS Organizational Unit object is included for explanatory purposes and is not created in this guide.

Figure 3-1 Your Getting-started Lab’s eDirectory Tree

Reference Letter

Explanation

The Tree object is the top container object in the tree. It usually contains an Organization object (specified in the install by using o=company) that represents your company or organization.

The Organization object is normally the first (and often the only) container object under the Tree object. It is typically named after your organization.

Small organizations keep object management simple by having all other objects, such as users, printers, and servers, directly under the Organization object.

Organizations that are large enough to have departments or other organizational units usually decide to have their tree structure reflect their organizational structure.

As shown in this getting-started lab example, these organizations create Organizational Unit objects (specified during the install by using ou=name) that reflect their departments, divisions, geographical locations, etc., as is logical for their organization.

Sometimes large organizations create multiple Organization objects below the Tree object to represent separate business units or subsidiaries.

Every tree requires an Admin User object. You will log in as Admin to create or import other User objects and to create the rest of your tree structure.

This example shows two Organizational Unit objects at the department level (LAB and IS).

This example also illustrates how Organizational Unit objects can be nested to provide a complex hierarchy if it is necessary to manage the organization.

3.2.2 Your Current Getting-started Lab Tree

The eDirectory tree you have created by installing OES 11 SP2 in your getting-started lab is illustrated by the darker objects in Figure 3-2. The objects that are dimmed are for explanatory purposes and do not exist in your current tree. When you finish with this guide, the upper level organization of your tree will look more like Figure 3-1, except that the IS Organizational Unit shown in that illustration will not be created.

Figure 3-2 Your Current Getting-started Lab Tree

Reference Letter

Explanation

The OES installation process requires that you specify names for the following objects:

  • A1: A Tree object

  • A2: An Organization object

One of the first objects you specify during an initial installation is the Admin user.

The OES installation process can also create Organizational Unit (OU) objects to define a context for the OES 11 SP2 Server object.

All other OU objects that you have planned for your tree must be created after the installation finishes. For example, you will create the PRINTERS and USERS OU objects later in this guide.

The exception to D is that subsequent installations can create additional contexts to contain other OES servers that you install into the tree. For example, you could create a SERVERS OU under the IS OU as illustrated.

3.2.3 Expanding Your Getting-started Lab Tree

The instructions in this guide cover only the installation of an OES 11 SP2 and a virtualized NetWare 6.5 SP8 server in the tree.

If you were to decide to install additional servers in the tree, the processes you would follow could involve some additional planning tasks, as illustrated in Figure 3-3.

Figure 3-3 An Expanded Tree

Reference Letter

Explanation

During subsequent installations into the same tree, you can create new Organizational Unit objects to provide a context for other OES 11 SP2 servers being installed.

If you want to specify other Admin users in the OES 11 SP2 installation parameters, you can do this during the installation. Note, however, that such an Admin would probably not be granted rights to the entire tree, only to the objects under the IS OU. Admin objects like this are often referred to as sub-container admins.