| Questions? Send me an email at eric@ypass.net and I'll try to help.
Schema
The LDAP schema is simply a definition of what type of data
can be contained within an entry. The data inside of an entry
is called a key/value pair. In terms of LDAP, the key/value pair is refered
to as an attribute. An attribute looks something like this:
uid: edk
Here, the key is username, and the value is edk. This is refered to as the
username attribute.
objectClasses are definitions of what attributes an entry can contain.
READ THIS CAREFULLY: An objectClass defines which attributes an entry MUST
have, as well as which attributes an entry MAY have.
For our objectClass example, we'll use the posixAccount objectClass. The posixAccount
objectClass is defined as follows:
MUST CONTAIN:
cn
uid
uidNumber
gidNumber
homeDirectory
MAY CONTAIN:
userPassword
loginShell
gecos
description
This means that if an entry has an objectClass of "posixAccount", it will always contain
the uid, uidNumber, gidNumber, and homeDirectory attributes. It is also allowed to contain
the userPassword, loginShell, gecos, and description attributes.
It is worth noting the terminology differences between standard UNIX and LDAP at this point.
The posixAccount objectclass refers to the uid as the username. The uidNumber is
the numeric uid.
If you were to look at your /etc/passwd file, the columns would be:
uid:userPassword:uidNumber:gidNumber:gecos:homeDirectory:loginShell
Previous: Security | Next: Replication
|
