*** Welcome to piglix ***

Directory Information Tree


A directory information tree (DIT) is data represented in a hierarchical tree-like structure consisting of the Distinguished Names (DNs) of directory service entries.

Both the X.500 protocols and the (LDAP) use directory information trees as their fundamental data structure.

Typically, an X.500 or LDAP deployment for a single organization will have a directory information tree that consists of two parts:

The top level of a directory information tree frequently represent political and geographic divisions.

The original assumption of X.500 was that all directory servers would be interconnected to form a single, global namespace. The entries at the top level of the tree corresponded to countries, identified by their ISO 3166 two letter country code. The entries subordinate to a country's entry would correspond to states or provinces, and national organizations. The naming system for a particular country was determined by that country's national standards body or telecommunications provider.

A limitation of the original directory information tree structure was the assumption that applications searching for an entry in a particular organization would navigate the directory tree by first browsing to the particular country where that organization was based, then to the region where that organization was based, then locate the entry for the organization itself, and then search within that organization for the entry in question. The desire to support searching more broadly for an individual person when all the particulars of that person's location or organization were not known led to experiments in directory deployment and interconnection, such as the .

Today, most LDAP deployments, and in particular Active Directory deployments, are not interconnected into a single global naming space, and do not use national country codes as the basis for naming. Instead, these deployments follow a directory structure which at the top level mirrors that of the Domain Name System, as described by RFC 2247. For example, the entry for an organization with domain name "example.com" would have a distinguished name of "dc=example, dc=com", and all entries in that organization's directory information tree would contain that distinguished name suffix.

The elements of an organization represented in the directory (e.g., people, roles, or devices) in a DIT may be modeled by a variety of techniques. The determining factors include:


...
Wikipedia

...