About This Architecture

Multi-site LDAP Directory Information Tree (DIT) organizing users, roles, and applications across Belgium and France geographic regions. The hierarchy branches from root dc=pstb_g1,dc=fr into geographic organizational units (ou=BE, ou=FR), then subdivides by site location, personnel type, job function (filiere, metier), and application access groups. Users like uid=prof.dupont inherit role-based attributes (enseignant, IT, etudiant) and are dynamically linked to application access groups (cn=acces-learn, cn=acces-office365) via dashed membership lines. This structure demonstrates best-practice LDAP design for federated identity management across multiple locations, enabling scalable role-based access control (RBAC) and simplified user provisioning. Fork this diagram on Diagrams.so to customize organizational units, add new sites or applications, or export as .drawio/.svg for documentation and compliance audits. The separation of geographic, functional, and application branches allows independent scaling of each dimension without restructuring the entire tree.

People also ask

How should I structure an LDAP directory for multiple geographic sites with role-based access to applications?

This LDAP DIT organizes users hierarchically by geography (ou=BE, ou=FR), location (l=Paris, l=Bruxelles), job function (ou=metier: enseignant, IT, etudiant), and application access groups (cn=acces-learn, cn=acces-office365). Users inherit role attributes and are linked to application groups via membership, enabling scalable RBAC without duplicating user entries.