Ability to describe simple
data hierarchy. |
Try This:
On a piece of paper, create
a simple data hierarchy for yourself, starting with "Country" and ending
with "Common name" |
Factoid:
In a typical directory service
the number of read operations is vastly greater than the number of write
operations, sometimes by a factor of 1,000 or more. |
See the complete list of
attributes for InitOrgperson in the online documentation.
|
|
Directory Server Database
The related concepts of data hierarchy and schema are central to understanding
a directory service.
Entry Attributes
Every entry in the directory includes a list of descriptive attributes.
For example, an organizational person entry will include attributes such
as first and last name, nicknames or aliases, and contact information such
as email addresses and phone numbers. This attribute list will be
different for each type of entry, depending on that entry's requirements.
For example, a modem does not need an e-mail address any more than an organizational
person needs a serial number. Moreover, some kinds of attributes
may be required for the entry (first and last name, for example), while
others are optional (such as cellular phone numbers).
Data Hierarchy
Data in the directory is arranged in a tree hierarchy. That
is, the hierarchy begins at a single point known as the root and branches
down to the location of the directory entries.
Because LDAP
is intended to be a global directory service, the top of the Directory
Server tree is traditionally represented by country name, followed by a
series of geographic and physical location information, followed by a common
name. For example, a person named George Jetson who works in shipping and
receiving for Spacely Sprockets in the state of California, US, would be
located with the following entry:
-
Country = US
-
State = California
-
Organization = Spacely Sprockets
-
Organizational unit = Widgets
-
Common name = George Jetson
A different George Jetson who works for the same company but
in the accounting department would be uniquely represented with the following
entry:
-
Country = US
-
State = California
-
Organization = Spacely Sprockets
-
Organizational unit = Accounting
-
Common name = George Jetson
The following figure shows an example LDAP directory hierarchy:
Object Classes
Because LDAP's data model is based on the X.500
standard, directory databases can contain an almost unlimited range of
information. X.500 is an international standard for the global directory
structure which defines the kinds of information that can be included in
directory databases. The complete list is quite large, and includes
almost every reasonable category of information you might ever want to
use.
The type of data that an entry is defined to contain is known as the
entry's object class. Every entry in the directory is defined to
be of a certain type, or object class. Each object class is
defined to allow specific types of descriptive elements, known as the attribute
list.
Commonly used object classes include the following:
-
Organizational Person - an entry representing a person who is employed
by or in some way associated with the organization.
-
Residential Person - an entry representing a person who is in the
residential environment (that is, a person who is not a member of the organization).
-
Organizational Role - an entry representing a position or role within
an organization. Examples might be the postmaster, system administrator,
or the help desk.
-
Device - an entry representing a physical unit that can communicate,
such as a modem or a disk drive.
|