The total set of object classes and attributes known to the LDAP directory is referred to as the directory schema. Each LDAP directory server comes with a standard schema that includes predefined object classes and attributes. Also, you can extend this standard schema to represent information unique to your enterprise.
For each object class, the schema contains information such as the names of the superior object classes from which this object class is derived, and the names of the required and optional attributes of the object class. For each of the attributes, the schema contains information about its syntax and whether the attribute is single- or multi-valued.
All LDAP directory implementations are expected to support the minimal default schema specified in RFC 2256. The tables below summarize those object classes and attributes in the default schema used by The Oracle Commerce Platform’s LDAP repository. For the full list of object classes and attributes, please refer to the RFC.
Sample LDAP Schema
The examples in this chapter use the LDAP schema described in the following two tables. The inetorgPerson
object class represents a person entry. This object class inherits from organizationalPerson
but is not part of the default LDAP schema. It is specific to the Oracle Directory Server. The inetorgPerson
object class and its associated attributes are shown in italic in the tables that follow.
Sample LDAP Object Classes
Name | Parent | Required Attributes | Optional Attributes |
---|---|---|---|
top | objectClass | ||
person | top | sn, cn | userPassword, telephoneNumber |
organizationalPerson | person | title, employeeNumber, telephoneNumber, facsimileTelephoneNumber | |
inetorgPerson | organizationalPerson | mail, uid |
Sample LDAP Entry Attributes
Name | Description | Single Value? |
---|---|---|
objectClass | describes the kind of object an entry represents | false |
cn | common name of an object, for example, person’s full name | false |
sn | surname, or family name, of a person | false |
o | name of an organization | false |
ou | name of an organizational unit or department | false |
givenName | person’s first name | false |
userPassword | user password as an Octet String | false |
title | person’s title in organizational context | false |
telephoneNumber | telephone number | false |
facsimileTelephoneNumber | fax number | false |
uid | unique id | false |
e-mail address | false | |
employeeNumber | employee number | false |
Notice that all attributes listed above are multi-valued. There are actually very few single-valued attributes in LDAP, for maximum flexibility.