Lotus Domino Administrator 8 Help - Hierarchical naming for servers and users

INSTALLATION

Hierarchical naming for servers and users
Hierarchical naming is the cornerstone of IBM® Lotus® Domino™ security; therefore planning it is a critical task. Hierarchical names provide unique identifiers for servers and users in a company. When you register new servers and users, the hierarchical names drive their certification, or their level of access to the system, and control whether users and servers in different organizations and organizational units can communicate with each another.

Before you install Domino servers, create a diagram of your company and use the diagram to plan a meaningful name scheme. Then create certifier IDs to implement the name scheme and ensure a secure system.

A hierarchical name scheme uses a tree structure that reflects the actual structure of a company. At the top of the tree is the organization name, which is usually the company name. Below the organization name are organizational units, which you create to suit the structure of the company; you can organize the structure geographically, departmentally, or both.

For example, the Acme company created this diagram for their servers and users:

This image shows the placement of servers in the Acme company.

Looking at Acme's diagram, you can see where they located their servers in the tree. Acme decided to split the company geographically at the first level and create certifier IDs for the East and West organizational units. At the next level down, Acme made its division according to department.

Components of a hierarchical name

A hierarchical name reflects a user's or server's place in the hierarchy and controls whether users and servers in different organizations and organizational units can communicate with each another. A hierarchical name may include these components:

Common name (CN) -- Corresponds to a user's name or a server's name. All names must include a common name component.
Organizational unit (OU) -- Identifies the location of the user or server in the organization. Domino allows for a maximum of four organizational units in a hierarchical name. Organizational units are optional.
Organization (O) -- Identifies the organization to which a user or server belongs. Every name must include an organization component.
Country © --Identifies the country in which the organization exists. The country is optional.

An example of a hierarchical name that uses all of the components is:

Julia Herlihy/Sales/East/Acme/US

Typically a name is entered and displayed in this abbreviated format, but it is stored internally in canonical format, which contains the name and its associated components, as shown below:

CN=Julia Herlihy/OU=Sales/OU=East/O=Acme/C=US.

Note You can use hierarchical naming with wildcards as a way to isolate a group of servers that need to connect to a given Domino server in order to route mail.

For more information, see the topic Connection topologies for mail routing.

See also

Certifier IDs and certificates

Guidepost for deploying Domino

Glossary

Feedback on Help or Product Usability?

Help on Help

All Help Contents

Glossary