This section covers the following topics:
Directories often have at least one organization entry. Typically the organization entry is the first, or topmost entry in the directory. The organization entry often corresponds to the suffix set for the directory. For example, a directory defined to use a suffix of o=example.com will probably have an organization entry named o=example.com.
The LDIF that defines an organization entry should appear as follows:
dn: distinguished_name objectClass: top objectClass: organization o: organization_namelist_of_optional_attributes...
The following is an example organization entry in LDIF format:
dn: o=example.com objectclass: top objectclass: organization o: example.com Corporation description: Fictional company for example purposes telephonenumber: 555-5555
The organization name in the following example uses a comma:
dn: o=example.com Chile\, S.A. objectclass: top objectclass: organization o: example.com Chile\, S.A. description: Fictional company for example purposes telephonenumber: 555-5556
The following table describes each element of the organization entry.
Table 13–2 Organization Entries in LDIF
LDIF Element |
Description |
---|---|
dn: distinguished_name |
Required. Specifies the distinguished name for the entry. |
objectClass: top |
Required. Specifies the top object class. |
objectClass: organization |
Specifies the organization object class. This line defines the entry as an organization. |
o: organization_name |
Specifies the organization’s name. If the organization name includes a comma, you must escape the comma by a single backslash or the entire organization argument must be enclosed in quotation marks. However, if you are working with a UNIX shell, you must also escape the backslash. Therefore, you must use two back slashes. For example, to set the suffix to example.com Bolivia, S.A. you would enter o: example.com Bolivia\, S.A.. |
list_of_attributes |
Specifies the list of optional attributes that you want to maintain for the entry. |
In a directory tree, an organizational unit represents a major subdirectory. A directory tree usually contains more than one organizational unit. An LDIF file that defines an organizational unit entry must appear as follows:
dn: distinguished_name objectClass: top objectClass: organizationalUnit ou: organizational_unit_namelist_of_optional_attributes...
The following example shows an organizational unit entry in LDIF format:
dn: ou=people, o=example.com objectclass: top objectclass: organizationalUnit ou: people description: Fictional organizational unit for example purposes
The following table defines each element of the organizational unit entry.
Table 13–3 Organizational Unit Entries in LDIF
LDIF Element |
Description |
---|---|
dn: distinguished_name |
Required. Specifies the distinguished name for the entry. If there is a comma in the DN, the comma must be escaped with a backslash (\). For example: dn: ou=people,o=example.com Bolivia\,S.A. |
objectClass: top |
Required. Specifies the top object class. |
objectClass: organizationalUnit |
Specifies the organizationalUnit object class. This line defines the entry as an organizationalUnit. |
ou: organizational_unit_name |
Specifies an attribute containing the name of the organizational unit. |
list_of_attributes |
Specifies the list of optional attributes that maintain for the entry. |
The majority of the entries in a directory represent organizational people. In LDIF, the definition of an organizational person is as follows:
dn: distinguished_name objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson cn: common_name sn: surname list_of_optional_attributes
The following example shows an organizational person entry in LDIF format:
dn: uid=bjensen,ou=people,o=example.com objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson cn: Babs Jensen sn: Jensen givenname: Babs uid: bjensen ou: Marketing ou: people description: Fictional person for example purposes telephonenumber: 555-5557 userpassword: {sha}dkfljlk34r2kljdsfk9
The following table defines each element of the LDIF person entry.
Table 13–4 Organizational Person Entries in LDIF
LDIF Element |
Description |
dn: distinguished_name |
Required. Specifies the distinguished name for the entry. If there is a comma in the DN, the comma must be escaped with a backslash (\). For example, dn:uid=bjensen,ou=people,o=example.com Bolivia\,S.A. |
objectClass: top |
Required. Specifies the top object class. |
objectClass: person |
Specifies the person object class. This object class specification should be included because many LDAP clients require it during search operations for a person or an organizational person. |
objectClass: organizationalPerson |
Specifies the organizationalPerson object class. This object class specification should be included because some LDAP clients require it during search operations for an organizational person. |
objectClass: inetOrgPerson |
Specifies the inetOrgPerson object class. The inetOrgPerson object class is recommended for the creation of an organizational person entry because this object class includes the widest range of attributes. The uid attribute is required by this object class, and entries that contain this object class are named based on the value of the uid attribute. |
cn: common_name |
Required. Specifies the person’s common name which is the full name commonly used by the person. For example, cn: Bill Anderson. |
sn: surname |
Required. Specifies the person’s surname, or last name. For example, sn: Anderson. |
list_of_attributes |
Specifies the list of optional attributes that you maintain for the entry. |