Figure 64 LDAP Directory Tree Structure
o=unix
ou=people | RDN: ou=people | ou=groups | ||
DN: ou=people, o=unix | ||||
uid=straw | uid=smith | cn=Engineering cn=Marketing | ||
RDN: uid=straw |
|
|
|
|
DN: uid=straw, ou=people, o=unix
The attributes that are required or allowed in a directory entry are defined in an object class. Each directory entry must contain an objectclass attribute that has at least one object class definition for that entry. The LDAP protocol defines a standard set of object classes to promote interoperability. It is also possible to extend the set of standard object classes by adding new object classes and attributes. The collection of all object classes and their attributes is called the directory schema. Example 6 shows the object class definition for person, as defined in an LDAP directory server standard directory schema.
Example 6 LDAP Standard Object Class Definition for Person
objectclass person oid 2.5.6.6 superior top requires
sn, cn
allows
description,
seeAlso,
telephoneNumber, userPassword
In this example, the person object class inherits attributes from the object class called top. The person object class requires the attributes sn (surname) and at least one cn (common name); you can store multiple common names per surname. Other attributes (description, seeAlso, telephoneNumber, and userPassword) are allowed, but not required. An entry for the person object class might look like the following:
cn: James Kirk
cn: James T. Kirk
sn: Kirk
description: Admiral userpassword:Gb0Rda/KJV//a telephonenumber: +1 555
Using the LDAP Browser
The Tru64 UNIX LDAP Browser allows any directory that is accessible through an LDAP V3 directory server to be browsed, searched, and modified using a graphical user interface. The LDAP Browser can be run on any platform that has Java Runtime Engine (JRE) Version 1.3 or higher installed.
196 LDAP Directory Server Administration