The total set of object classes and attributes known to the LDAP directory is referred to as the directory schema. Each LDAP directory server comes with a standard schema that includes predefined object classes and attributes. Also, you can extend this standard schema to represent information unique to your enterprise.

For each object class, the schema contains information such as the names of the superior object classes from which this object class is derived, and the names of the required and optional attributes of the object class. For each of the attributes, the schema contains information about its syntax and whether the attribute is single- or multi-valued.

All LDAP directory implementations are expected to support the minimal default schema specified in RFC 2256. The tables below summarize those object classes and attributes in the default schema used by Oracle ATG Web Commerce’s LDAP repository. For the full list of object classes and attributes, please refer to the RFC.

Sample LDAP Schema

The examples in this chapter use the LDAP schema described in the following two tables. The inetorgPerson object class represents a person entry. This object class inherits from organizationalPerson but is not part of the default LDAP schema. It is specific to the Oracle (formerly Sun ONE) Directory Server. The inetorgPerson object class and its associated attributes are shown in italic in the tables that follow.

Sample LDAP Object Classes

Name

Parent

Required Attributes

Optional Attributes

top

objectClass

person

top

sn, cn

userPassword, telephoneNumber

organizationalPerson

person

title, employeeNumber, telephoneNumber, facsimileTelephoneNumber

inetorgPerson

organizationalPerson

mail, uid

Sample LDAP Entry Attributes

Name

Description

Single Value?

objectClass

describes the kind of object an entry represents

false

cn

common name of an object, for example, person’s full name

false

sn

surname, or family name, of a person

false

o

name of an organization

false

ou

name of an organizational unit or department

false

givenName

person’s first name

false

userPassword

user password as an Octet String

false

title

person’s title in organizational context

false

telephoneNumber

telephone number

false

facsimileTelephoneNumber

fax number

false

uid

unique id

false

mail

e-mail address

false

employeeNumber

employee number

false

Notice that all attributes listed above are multi-valued. There are actually very few single-valued attributes in LDAP, for maximum flexibility.


Copyright © 1997, 2013 Oracle and/or its affiliates. All rights reserved. Legal Notices