  As you know, LDAP insists on a strict hierarchical structure for directory entries. In FirstClass, this hierarchy can be imposed by assigning organizational units to user groups.
If you aren't using FCDS, organizational units are really just descriptors, and no particular care is required when assigning them to user groups. This all changes when you decide to use FCDS.
If you plan to use FCDS, you must make sure that:
• you assign user groups that fit into your organization's hierarchy to organizational units
Directory entries that only belong to groups not associated with organizational units are placed at the root level of the FirstClass Directory tree.
• you assign organizational unit levels to groups logically and consistently
FCDS builds the tree view from information received on a first-come basis. This means that a subsequent entry with inconsistent hierarchy information will be ignored.
• you list the user groups to which a user or public mail list belongs in the proper hierarchical order, with the highest-level group first.
When you set up privileges for your user groups, be aware of this hierarchical constraint. From the FirstClass server's perspective, the order in which you list groups determines the user's privileges. From the perspective of FCDS, the order determines the Directory tree view. These two purposes have the potential to be in conflict.
Where necessary (for example, if a group doesn't fit into your organization's hierarchy and exists only to confer privileges), you can avoid conflicts by not assigning an organizational unit to this group. Then FCDS will simply ignore this group.
Example
This diagram shows the hierarchical structure of part of Husky Planes' Administration group:
Linda Pringle works in the Library. The user groups to which she belongs are listed in this order on her User Information Form:
All Users
Regular Users
Corporate Information
Library
Corporate Information is associated with an organizational unit that is at a higher level than the organizational unit associated with Library. All Users and Regular Users are ignored by FCDS, so don't need to be associated with organizational units.
The FirstClass Directory root DN is set to
ou=Administration,o=Husky Planes,c=CA
The resulting DN for Linda Pringle is
cn=Linda Pringle,ou=Library,ou=Corporate Information,ou=Administration,o=Husky Planes,c=CA
|