Well, I figure this is a good place to ask about this. In a small LDAP directory, it's easy enough to manage users in a heirarchy like:
uid=username, dc=domain.com, o=Geeks Anonymous, c=CA However, I decided to play a bit, and I created 2000 test users in test.geeksanon.ca... Using the LDAP admin packages gets exceptionally annoying and slow with this layout (I couldn't imagine trying to use a front end for LDAP admin that lists all the users if you had 50,000 in one level). Does anyone here use a more creative heirarchy to keep things in smaller, easy to manage packages? I've thought of changing the DN to have another component such as initials=s where the uid starts with S. So I'd have: uid=slepp, initials=s, dc=geeksanon.ca, o=Geeks Anonymous, c=CA But this will require a bunch of useless entries in the directory for the a-z letters per domain (total of 10). I suppose the tradeoff of 260 entries for faster management makes sense, and the LDAP lookup functions don't care.. But perhaps there is something more elegant? Any suggestions? -- | Stephen "Slepp" Olesen / VE6SLP | Edmonton, Alberta, Canada / (780) 425-4798 | President of Geeks Anonymous + http://www.geeksanon.ca/ +---------------------------------
