Red Hat Directory Server 8.0 Administrator's Guide
4.2. Specifying Organizational Unit Entries
Organizational unit entries are often used to represent major branch points, or subdirectories, in
the directory tree. They correspond to major, reasonably static entities within the enterprise,
such as a subtree that contains people or a subtree that contains groups.
The organizational unit attribute that is contained in the entry may also represent a major
organization within the company, such as marketing or engineering. However, this style is
discouraged. Red Hat strongly encourages using a flat directory tree.
There is usually more than one organizational unit, or branch point, within a directory tree.
The LDIF that defines an organizational unit entry must appear as follows:
dn: distinguished_name
objectClass: top
objectClass: organizationalUnit
ou: organizational_unit_name
list_of_optional_attributes
...
The following is a sample organizational unit entry in LDIF format:
dn: ou=people, dc=example,dc=com
objectclass: top
objectclass: organizationalUnit
ou: people
description: Fictional example organizational unit
Table A.3, “LDIF Elements in Organizational Unit Entries” defines each element of the
LDIF-formatted organizational unit entry.
LDIF Element Description
dn: distinguished_name Specifies the distinguished name for the
entry. A DN is required. If there is a comma in
the DN, the comma must be escaped with a
backslash (\), such as dn:
ou=people,dc=example,dc=com.
objectClass: top Required. Specifies the top object class.
objectClass: organizationalUnit Specifies the organizationalUnit object
class. This line defines the entry as an
organizational unit.
ou: organizational_unit_name Attribute that specifies the organizational
unit's name.
list_of_attributes Specifies the list of optional attributes to
maintain for the entry.
Appendix A. LDAP Data Interchange Format
544