Having just started using OpenLDAP to authenticate users across web apps, I'm intrigued by a pattern I'm seeing in the documentation: Most install/config guides seem to (implicitly) recommend running the ldap server on ldap.whatever.org
.
As I installed ldap on my VPS, I just thought it'd be simpler to access it all through whatever.org
.
Is there any benefit of either approach? Or is it just assumed that the ldap software will run on it's own machine?
If you ever wish to separate services into different boxes, you'll want to use subdomains.
Think about what happens when you run LDAP and a web server on mydomain.com and later on you decide to move the web server somewhere else, but LDAP stays in the same box.
It's good practice that services accross a domain are named as follow
But, that's just good practice. If you prefer to name it mygrandmotherlovesmakingcrepes.caribou.org, and this name resolves to your LDAP server, feel free to do so :)
In fact, if you ldap and your webapps are running locally, you might as well connect to it using ldap://127.0.0.1.