SonicWALL TZ 190 LDAP Terms, Further Information on LDAP Schemas

User Management

604

SonicOS Enhanced 4.0 Administrator Guide

LDAP Terms

The following terms are useful when working with LDAP and its variants:

• Schema – The schema is the set of rules or the structure that defines the types of data that

can be stored in a directory, and how that data can be stored. Data is stored in the form of

‘entries’.

• Active Directory (AD) – The Microsoft directory service, commonly used with Windows-

based networking. Microsoft Active Directory is compatible with LDAP.

• eDirectory – The Novell directory service, used for Novell NetWare-based networking.

Novell eDirectory has an LDAP gateway that can be used for management.

• Entry – The data that is stored in the LDAP directory. Entries are stored in ‘attribute’/value

(or name/value) pairs, where the attributes are defined by ‘object classes’. A sample entry

would be ‘cn=john’ where ‘cn’ (common name) is the attribute, and ‘john’ is the value.

• Object class – Object classes define the type of entries that an LDAP directory may contain.

A sample object class, as used by AD, would be ‘user’ or ‘group’.

Microsoft Active Directory’s Classes can be browsed at http://msdn.microsoft.com/library/

default.asp?url=/library/en-us/adschema/adschema/classes_all.asp

• Object - In LDAP terminology, the entries in a directory are referred to as objects. For the

purposes of the SonicOS implementation of the LDAP client, the critical objects are ‘User’

and ‘Group’ objects. Different implementations of LDAP can refer to these object classes

in different fashions, for example, Active Directory refers to the user object as ‘user’ and

the group object as ‘group’, while RFC2798 refers to the user object as ‘inetOrgPerson’ and

the group object as ‘groupOfNames’.

• Attribute - A data item stored in an object in an LDAP directory. Object can have required

attributes or allowed attributes. For example, the ‘dc’ attribute is a required attribute of the

‘dcObject’ (domain component) object.

• dn - A ‘distinguished name’, which is a globally unique name for a user or other object. It is

made up of a number of components, usually starting with a common name (cn) component

and ending with a domain specified as two or more domain components (dc). For example,

‘cn=john,cn=users,dc=domain,dc=com’

• cn – The ‘common name’ attribute is a required component of many object classes

throughout LDAP.

• ou – The ‘organizational unit’ attribute is a required component of most LDAP schema

implementations.

• dc – The ‘domain component’ attribute is commonly found at the root of a distinguished

name, and is commonly a required attribute.

• TLS – Transport Layer Security is the IETF standardized version of SSL (Secure Sockets

Layer). TLS 1.0 is the successor to SSL 3.0.

Further Information on LDAP Schemas

• Microsoft Active Directory: Schema information is available at http://msdn.microsoft.com/

library/default.asp?url=/library/en-us/adschema/adschema/active_directory_schema.asp

and http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ldap/ldap/

ldap_reference.asp

• RFC2798 InetOrgPerson: Schema definition and development information is available at

http://rfc.net/rfc2798.html

• RFC2307 Network Information Service: Schema definition and development information

is available at http://rfc.net/rfc2307.html