----- Original Message ----- From: "Mike Jackson" <mj@sci.fi>
The scalability problems which you will inevitably encounter will be
a direct result of this poor design.
As a result of this poor design which you have to work with, you are
now placed in the position in which everything else you do is going
to be far from optimal.
Well at the risk of getting seriously off-topic here (and/or turning
this into a flame-war) - this is not necessarily so. Some LDAP
products let you do replication based on search filters - which (for
replication purposes) effectively give you the same flexibility
benefits as the hierarchical structure, but without the
high-maintenance downside inherent to the hierarchical structure. If
the business needs change, you can simply change the filters to meet
them and you're all done. Also, some LDAP server products let you do
something you might consider calling 'cascaded replication' - where
ldap server A replicates to server B, and server B replicates to
server C. This then takes the replication induced load of the single
master server you have. And lastly, some products let you set up
multiple master servers, increasing the availability and scalability
of the 'write' part of LDAP as well. It's just that the product
currently used can't/doesn't. So the position im currently in can just
as easily be viewed as a shortcoming of the product currently used, as
opposed to a fundamental flaw in the layout of the directory.