Internet Express for Tru64 UNIX Version 6.8 Administration Guide (14233)
Figure 11-1 LDAP Directory Tree Structure
ZK-1476U-AI
o=unix
ou=people
ou=groups
uid=straw
uid=smith
cn=Engineering
cn=Marketing
RDN: ou=people
DN: ou=people, o=unix
RDN: uid=straw
DN: uid=straw, ou=people, o=unix
The attributes that are required or allowed in a directory entry are defined in an object class.
Each directory entry must contain an objectclass attribute that has at least one object class
definition for that entry. The LDAP protocol defines a standard set of object classes to promote
interoperability. It is also possible to extend the set of standard object classes by adding new
object classes and attributes. The collection of all object classes and their attributes is called the
directory schema. Example 11-1 shows the object class definition for person, as defined in an
LDAP directory server standard directory schema.
Example 11-1 LDAP Standard Object Class Definition for Person
objectclass person
oid 2.5.6.6
superior top
requires
sn,
cn
allows
description,
seeAlso,
telephoneNumber,
userPassword
In this example, the person object class inherits attributes from the object class called top. The
person object class requires the attributes sn (surname) and at least one cn (common name);
you can store multiple common names per surname. Other attributes (description, seeAlso,
telephoneNumber, and userPassword) are allowed, but not required. An entry for the person
object class might look like the following:
cn: James Kirk
cn: James T. Kirk
sn: Kirk
description: Admiral
userpassword: Gb0Rda/KJV//a
telephonenumber: +1 555 555-1212
objectclass: top
objectclass: person
11.2 Using the LDAP Browser
The Tru64 UNIX LDAP Browser allows any directory that is accessible through an LDAP V3
directory server to be browsed, searched, and modified using a graphical user interface. The
LDAP Browser can be run on any platform that has Java Runtime Engine (JRE) Version 1.3 or
higher installed.
202 LDAP Directory Server Administration