directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lecharny <>
Subject Re: [Documentation] Partition Concept - Sound OK?
Date Sun, 01 Apr 2007 07:34:02 GMT
Ole Ersoy a écrit :

> Does this sound ok?
> (There's a little HTML in here...)
>             The X500 Partition concept is best illustrated
>             through examples.
>             <br/>
>             <br/>
>             The following list of DNs must be partitions.
>             <ul>
>             <li>DN: ou=system</li>
>             <li>DN: ou=com</li>
>             <li>DN: ou=org</li>
>             </ul>
>             The reason for this is that these Naming Contexts
>             contain a single entry only.

The fact that these DN contains a single entry does not make them 
partitions. And a DN is not a partition, unless it names a partition. 
The partition concept is not linked to the DN, like a name is not linked 
to a human : 'winnie the pooh' is not a human only because it has a 
name... Think of it the other way : you first create the partition, then 
you name it.
A partition is just a container for a tree, and it has a root, which 
name is used to describe the partition, and as we are in the ldap world, 
this name is a DN. This partition name will be the suffix of each 
entry's DN in this partition.

>             <br/>
>             <br/>
>             If a DN is composed of multiple entries, like this:

A DN is not composed of entries, but of RDN. 

>             <br/>
>             <br/>
>             DN: cn=accounts, ou=users, ou=system
>             <br/>
>             <br/>
>             then <i>ou=users, ou=system</i> is a partition if the
> directory service
>             does not allow access to the <i>cn=users</i>

??? I don't see where this cn=users is coming from.

>             entry.
>             <br/>
>             <br/>
>             If the the directory service allows access to the
>             <i>cn=users</i> entry, then the partition is 
> <i>ou=system</i>.
>         <br/>
>             <br/>
>             Thus a partition is the segment of a DN where the
>             directory service denies access to the left most
>             entry.

nope. I think you are mixing key concepts, here. Just think LDAP as a 
forest, with a lot of trees (DIT), each tree having one single big root 
(the suffix). The root is like a tree, but with no leaves. A partition 
is the whole tree, with the root(suffix) that we use to name the 
partition, and all the leaves. A leave can't be a part of more than one 
tree of course.

Last point: during autumn, no gardener will pick the dead leaves on the 
ground ...


View raw message