LDAP entry structure

Programmer Reference : LDAP : The LDAP Players : LDAP entry structure

LDAP entries are associated with an LdapSession and are composed of usually unordered attributes and are identified by a unique Distinguished Name (DN). Attributes are key/value(s) pairs, where the keys are strings such as 'sn' (aka last name) and the values are one or more strings or binary data.

The following attributes in LDAP Version 3 (http://www.ietf.org/rfc/rfc2256.txt) are pertinent to the current discussion:

•DN - Distinguished Name, the name that uniquely identifies an entry in the directory

•sn - surname

•dc - domain component

•ou - organizational unit (or user group) to which the user belongs. There may be more than one of these.

•cn - common name

•RDN - Relative Distinguished Name, an attribute that will make the entry unique in its hierarchy when combined with its parent's Distinguished Name

•objectClass - the type of the entry. There may be more than one of these.

The DN is similar to a full file name (C:\temp\somefile.txt) and the RDN is the name (somefile.txt) in the parent folder (temp). In the sample data, the DN of Aimee Rivest is cn=Aimee Rivest,ou=Payroll,dc=example,dc=com, and her RDN is cn=Aime Rivest in the parent entry ou=Payroll,dc=example,dc=com.

$C:\Users\documentation\Documents\vastePublisher\stable\VAS Documentation Word\images\ldap\ldap_directory.png$

Sample data directory structure

The objectClass attribute specifies the "types" of an LDAP entry, and there are usually multiple values. For instance, the objectClass attribute's values for Aimee Rivest are inetOrgPerson, organizationalPerson, person, and top. Each of these types specify what attributes can be present in Aimee's entry. For instance, InetOrgPerson defines employeeType and departmentNumber attributes among others.

$C:\Users\documentation\Documents\vastePublisher\stable\VAS Documentation Word\images\ldap\ldap_attributes.png$

Attributes for sample data entry

An LDAP entry at a minimum would have an objectClass attribute and a Distinguished Name (DN). In the sample data, the DN of the organizationUnit Payroll is ou=Payroll,dc=example,dc=com, and the RDN is ou=Payroll in the parent entry dc=example,dc=com.

Instances of LdapEntry can be created in VA Smalltalk or retrieved through a search mechanism described below;

•EsLdapExamples class>>exampleEdisonAdd creates a new LDAP entry and asks the server for inclusion to add it to the directory.

•EsLdapExamples class>>exampleFilterUsingAnd gets the LDAP entries matching an “anded” search filter.

•EsLdapExamples class>>exampleGetFirstRootEntry gets the top of the directory tree from the server.

For an example of how to modify attributes in an LdapEntry, see EsLdapExamples class>>exampleDeleteThenRestoreAttribute. For more on operations to modify LDAP entries, see LdapEntry Operations.

Last modified date: 05/25/2018