Oracle® Internet Directory Administrator's Guide 10g (9.0.4) Part Number B12118-01 |
|
Directory Concepts and Architecture, 3 of 15
In a typical telephone directory, an entry for a person contains such information items as an address and a phone number. In an online directory, such an information item is called an attribute. Attributes in a typical employee entry can include, for example, a job title, an e-mail address, or a phone number.
For example, in Figure 2-2, the entry for Anne Smith in Great Britain (uk) has several attributes, each providing specific information about her. These are listed in the balloon to the right of the tree, and they include emailaddrs
, printername
, jpegPhoto
, and app preferences
. Moreover, each bullet in Figure 2-2 is also an entry with attributes, although the attributes for each are not shown.
Each attribute consists of an attribute type and one or more attribute values. The attribute type is the kind of information that the attribute contains--for example, jobTitle
. The attribute value is the particular occurrence of information appearing in that entry. For example, the value for the jobTitle
attribute could be manager
.
This section contains these topics:
Attributes contain two kinds of information.
This information is maintained and retrieved by directory clients and is unimportant to the operation of the directory. A telephone number, for example, is application information.
This information pertains to the operation of the directory itself. Some operational information is specified by the directory to control the server--for example, the time stamp for the creation or modification of an entry, or the name of the user who creates or modifies an entry. Other operational information, such as access information, is defined by administrators and is used by the directory program in its processing.
To enhance your ability to search for entries, Oracle Internet Directory automatically creates several system operational attributes when you add an entry to the directory. These include:
Attribute | Description |
---|---|
|
Name of the person creating the entry |
|
|
|
Name of person creating the entry |
|
Time of entry creation in UTC |
Moreover, when a user modifies an entry, Oracle Internet Directory automatically updates the modifiersName
and modifyTimestamp
attributes to, respectively, the name of the person modifying the entry, and the time of the entry modification in UTC.
See Also:
"Setting System Operational Attributes" for instructions on configuring system operational attributes |
Attributes can be either single-valued or multivalued. Single-valued attributes carry only one value in the attribute, whereas multivalued attributes can have several. An example of a multivalued attribute is a group membership list with names of everyone in the group.
Oracle Internet Directory implements all of the standard LDAP attributes. Table 2-1 shows some of the more common LDAP attributes as defined by RFC 2798 of the Internet Engineering Task Force (IETF).
See Also:
Appendix B, "Oracle Internet Directory Schema Elements" for a list of several attributes Oracle Internet Directory provides. |
Attribute syntax is the format of the data that can be loaded into each attribute. For example, the syntax of the telephoneNumber
attribute might require a telephone number to be a string of numbers containing spaces and hyphens. However, the syntax for another attribute might require specifying whether the data has to be in the form of a date, or whether the data can consist of numbers only. Each attribute must have one and only one syntax.
Oracle Internet Directory recognizes most of the syntaxes specified in RFC 2252 of the Internet Engineering Task Force (IETF), allowing you to associate most of the syntaxes described in that document with an attribute. In addition to recognizing the syntaxes in RFC 2252, Oracle Internet Directory also enforces some LDAP syntaxes. You cannot add new syntaxes beyond those already supported by Oracle Internet Directory.
In response to most incoming client requests, the directory server performs search and compare operations. During these operations, the directory server consults the relevant matching rule to determine equality between the attribute value sought and the attribute value stored. For example, matching rules associated with the telephoneNumber
attribute could cause "(650) 123-4567" to be matched with either "(650) 123-4567" or "6501234567" or both. When you create an attribute, you associate a matching rule with it.
Oracle Internet Directory implements all the standard LDAP matching rules. You cannot add new matching rules beyond those already supported by Oracle Internet Directory.
An attribute type can have various options that enable you to specify how the value for that attribute is made available in a search or a compare operation. For example, suppose that an employee has two addresses, one in London, the other in New York. Options for that employee's address
attribute could allow you to store both addresses.
Moreover, attribute options can include language codes. For example, options for John Doe's givenName
attribute could enable you to store his given name in both French and Japanese.
For clarity, we can distinguish between an attribute with an option and its base attribute, which is the same attribute without an option. For example, in the case of givenName;lang-fr=Jean
, the base attribute is givenName
; the French value for that base attribute is givenName;lang-fr=Jean
.
An attribute with one or more options inherits the properties--for example, matching rules and syntax-- of its base attribute. To continue the previous example, the attribute with the option cn;lang-fr=Jean
inherits the properties of cn
.
|
![]() Copyright © 1999, 2003 Oracle Corporation. All Rights Reserved. |
|