I am currently designing a directory and I am wondering which standard object class to choose to store my main offices and departments.
RFC 2256 tells us that "organization" and "organizationalUnit" contents are identical. Same attributes.
Is it a good design idea to use only one of those classes, from an interoperability standpoint ?
Thanks.
Paul
short answer:
typically, organization is used to define your company, and organizationalUnit is used to hold departments and main offices, so use organizationalUnit.
long answer:
again use organizationalUnit, but be careful how many OUs you create.
what organizationalUnits you create really depends on if this is an internal-facing directory or an external-facing directory.
internal-facing directories are typically broken down by administrative areas, so that you can delegate authority for an OU to someone else; and if you are not going to delegate authority at that level, then do not use an OU at that level.
the other reason you use an OU is because you are going to have a replica of the directory at that level - so if you are going to have a federated or replicated server at each main office, again you would create OUs at those levels.
it is best to have as few OUs as possible so you do not have to move people/devices around in the directory tree as they move in and out of departments. so i usually recommend that you stop at physical locations as OUs for internal-facing directories;
external-facing directories, such as for web sites, are different in that you will typically not have geographically dispersed replicas of the tree, other than possibly for redundancy. so then your OUs are typically based on the level of authorization you want to provide in the site, as well as by type of entry. so you'll have ou=Users,ou=Rooms,ou=Devices,ou=Printers, then under ou=Users you might have ou=Marketing (who get almost no access) and ou=TechGeeks (who get complete access) and ou=EveryoneElse (who get standard access).
