An EnterpriseChapter 8 Directory Design Examples 147The examplePerson object class allows one attribute, the exampleID attribute. Thisattribute contains the special employee number assigned to each example.comemployee.In the future, example.com can add new attributes to the examplePerson objectclass as needed.Directory Tree Designexample.com creates a directory tree as follows:• The root of the directory tree is example.com’s internet domain name:dc=example,dc=com.• The directory tree has four branch points: ou=people, ou=groups, ou=rolesand ou=resources.• All of example.com’s people entries are created under the ou=people branch.The people entries are all members of the person, organizationalPerson,inetOrgPerson, and examplePerson object classes. The uid attribute uniquelyidentifies each entry’s DN. For example, example.com contains entries forBabs Jensen (uid=bjensen) and Emily Stanton (uid=estanton).• example.com creates three roles, one for each department in example.com:sales, marketing, and accounting.Each person entry contains a role attribute which identifies the department towhich the person belongs. example.com can now create ACIs based uponthese roles.For more information about roles, refer to “About Roles,” on page 71.• Two group branches are created under the ou=groups branch.The first group, cn=administrators, contains entries for the directoryadministrators that manage the directory contents.Mail administrators use the second group, cn=messaging admin, to managemail accounts. This group corresponds to the administrators group used byNetscape Messaging Server. example.com makes sure that the group itconfigures for Netscape Messaging Server is different from the group it createsfor Directory Server.• Two branches are created under the ou=resources branch, one for conferencerooms (ou=conference rooms) and one for offices (ou=offices).