Hello all, I am considering redoing our LDAP tree since it's current design is fairly unfortunate. I have read several articles that said that groups should be a general (and broad) as possible, and as a result of that the LDAP tree should be as free of hierarchy as possible. (An ou for people an ou for machines etc, but no ou for Departments). The reasoning seems to be that since the design of LDAP is optimized for reads and not for writes and managing moves between branches is/was a pain.
A lot of said articles seem to be from several years ago and the management tools I have seen seem to make managing more hierarchical trees possible/easy. So I was wondering what the opinions of other users are, do you maybe have suggestions of good articles that are more up to date on this subject? Thanks and best regards, Eli
