DIRECTORY SERVICES


LDAP schema
A directory entry contains information about a particular entity, or object - for example, a person or a group - and is associated with a distinguished name. An LDAP schema is a set of rules that define what can be stored as entries in an LDAP directory. Each LDAP directory has a default schema, which organizations can customize, or "extend," by adding elements to it. The elements of a schema are attributes, syntaxes, and object classes. LDAP directory servers provide the ability to enforce the schema to ensure that directory changes made using LDAP operations conform to it.

Attributes

An attribute defines a piece of information that directory entries contain. For example, some common attributes for entries related to people are cn (common name), telephoneNumber, and userPassword.

An attribute is either mandatory or optional for a particular type of entry. When an attribute is mandatory and directory administrators use schema-checking to enforce the schema, administrators must provide a value for the attribute when they add or modify the entries using LDAP operations. An attribute can also be defined to allow multiple values (default) or just one value.

Multiple types of directory entries can use the same attribute.

Object classes

An object class defines a set of attributes for a type of directory entry. Two or more object classes in an object class hierarchy define the attributes for a type of entry. An object class inherits attributes from all object classes above it in the hierarchy and then adds attributes of its own; for example:


There are three types of object classes: abstract, structural, and auxiliary.

Abstract object classes

An abstract object class defines an attribute or set of attributes that all object classes in an object class structure inherit. Every object class structure must have an abstract object class as the top-level object class. A default LDAP schema typically uses the abstract object class top. top includes only one attribute, objectClass, which defines an object class for each entry in the directory.

Structural object classes

A structural object class defines a type of object entry in an LDAP directory. Examples of structural object classes are person, organizationalPerson, and inetOrgPerson. An object class structure must include at least one structural object class.

Auxiliary object classes

An auxiliary object class adds attributes to another object class, usually a structural object class. An auxiliary object class is useful for defining a set of attributes used by multiple object classes. An auxiliary object class usually inherits from the abstract object class top. Object classes can't inherit attributes from an auxiliary object class. Instead, you must add an auxiliary object class to each object class that uses it.

Syntaxes

A syntax defines the data format in which an attribute value is stored. Directory String, Integer, and JPEG are examples of standard LDAP syntaxes.

Related topics