Hierarchical naming for servers and users

Hierarchical naming is the cornerstone of IBM® Domino® security; therefore planning it is a critical task. Hierarchical names provide unique identifiers for servers and users in a company. When you register new servers and users, the hierarchical names drive their certification, or their level of access to the system, and control whether users and servers in different organizations and organizational units can communicate with each another.

Before you install Domino® servers, create a diagram of your company and use the diagram to plan a meaningful name scheme. Then create certifier IDs to implement the name scheme and ensure a secure system.

A hierarchical name scheme uses a tree structure that reflects the actual structure of a company. At the topmost (first) node of the tree is the organization name, which is usually the company name. After the organization name are organizational units, which you create to suit the structure of the company; you can organize the structure geographically, departmentally, or both.

A hierarchical name reflects a user's or server's place in the hierarchy and controls whether users and servers in different organizations and organizational units can communicate with each another. A hierarchical name may include these components:

  • Common name (CN) -- Corresponds to a user's name or a server's name. All names must include a common name component.
  • Organizational unit (OU) -- Identifies the location of the user or server in the organization. Domino® allows for a maximum of four organizational units in a hierarchical name. Organizational units are optional.
  • Organization (O) -- Identifies the organization to which a user or server belongs. Every name must include an organization component.
  • Country (C) --Identifies the country in which the organization exists. The country is optional.

An example of a hierarchical name that uses all of the components is:

Julia Herlihy/Sales/East/Renovations/US

Typically a name is entered and displayed in this abbreviated format, but it is stored internally in canonical format, which contains the name and its associated components, as shown in the following example:

CN=Julia Herlihy/OU=Sales/OU=East/O=Renovations/C=US
Note: You can use hierarchical naming with wildcards as a way to isolate a group of servers that need to connect to a given Domino® server in order to route mail.