Designing Your Directory Tree70 Netscape Directory Server Deployment Guide • August 2002• A Directory Server role—Roles are a new feature of Directory Server that unifythe static and dynamic group concept. Refer to “About Roles,” on page 71 formore information.In a deployment containing hosted organizations, we recommend using thegroupOfUniqueNames object class to contain the values naming the members ofgroups used in directory administration. In a hosted organization, we alsorecommend that group entries used for directory administration are located underthe ou=Groups branch.Naming Organization EntriesThe organization entry name, like other entry names, must be unique. Using thelegal name of the organization along with other attribute values helps ensure thename is unique. For example, you might name an organization entry as follows:o=example_a+st=Washington,o=ISP,c=USYou can also use trademarks, however they are not guaranteed to be unique.In a hosting environment, you need to include the following attributes in theorganization’s entry:• o (organizationName)• objectClass with values of top, organization, and nsManagedDomainNaming Other Kinds of EntriesYour directory will contain entries that represent many things, such as localities,states, countries, devices, servers, network information, and other kinds of data.For these types of entries, use the commonName (cn) attribute in the RDN if possible.Therefore, if you are naming a group entry, name it as follows:cn=administrators,dc=example,dc=comHowever, sometimes you need to name an entry whose object class does notsupport the commonName attribute. Instead, use an attribute that is supported by theentry’s object class.There does not have to be any correspondence between the attributes used for theentry’s DN and the attributes actually used in the entry. However, acorrespondence between the DN attributes and attributes used by the entrysimplifies administration of your directory tree.