Datasheet
“main” (Installation and Administration) — 2004/6/25 — 13:29 — page 480 — #506
i
i
i
i
i
i
i
i
Figure 21.16: Structure of an LDAP Directory
The global determination of which types of objects should be stored in the
DIT is done following a scheme. The type of an object is determined by the
object class. The object class determines what attributes the concerned ob-
ject must or can be assigned. A scheme, therefore, must contain definitions
of all object classes and attributes used in the desired application scenario.
There are a few common schemes (see RFC 2252 and 2256). It is, however,
possible to create custom schemes or to use multiple schemes complement-
ing each other if this is required by the environment in which the LDAP
server should operate.
Table 21.9 offers a small overview of the object classes from core.schema
and inetorgperson.schema used in the example, including required
attributes and valid attribute values.
Table 21.9: Commonly Used Object Classes and Attributes
Object Class Meaning Example Entry Compulsory
Attributes
dcObject domainComponent
(name compo-
nents of the
domain)
suse dc
organizationalUnit organizationalUnit
(organizational
unit)
doc ou
480 21.8. LDAP — A Directory Service