Datasheet
“main” (Installation and Administration) — 2004/6/25 — 13:29 — page 479 — #505
i
i
i
i
i
i
i
i
21
Linux in the Network
The LDAP principle can be applied to any data structure that should be
centrally administered. A few application examples are:
Employment as a replacement for the NIS service.
Mail routing (postfix, sendmail).
Address books for mail clients, like Mozilla, Evolution, and Outlook.
Administration of zone descriptions for a BIND9 name server.
This list can be extended because LDAP is extensible, unlike NIS. The
clearly-defined hierarchical structure of the data eases the administration
of large amounts of data, because it can be searched better.
21.8.2 Structure of an LDAP Directory Tree
An LDAP directory has a tree structure. All entries (called objects) of the
directory have a defined position within this hierarchy. This hierarchy is
called the directory information tree or, for short, DIT. The complete path to
the desired entry, which unambiguously identifies it, is called distinguished
name or DN. The single nodes along the path to this entry are called relative
distinguished name or RDN. Objects can generally be assigned to one of two
possible types:
container These objects can themselves contain other objects. Such object
classes are root (the root element of the directory tree, which does
not really exist), c (country), ou (organizational unit), and dc (do-
main component). This model is comparable to the directories (fold-
ers) in a file system.
leaf These objects sit at the end of a branch and have no subordinate ob-
jects. Examples are person, InetOrgPerson, or groupofNames.
The top of the directory hierarchy has a root element root. This can con-
tain c (country), dc (domain component), or o (organization) as subordi-
nate elements. The relations within an LDAP directory tree become more
evident in the following example, shown in Figure 21.16 on the next page.
The complete diagram comprises a fictional directory informa-
tion tree. The entries on three levels are depicted. Each entry corre-
sponds to one box in the picture. The complete, valid distinguished
name for the fictional SUSE employee Geeko Linux, in this case, is
cn=Geeko Linux,ou=doc,dc=suse,dc=de. It is composed by
adding the RDN cn=Geeko Linux to the DN of the preceding entry
ou=doc,dc=suse,dc=de.
479SUSE LINUX Enterprise Server