Overview#An entry is the structure that holds information in a directory server. It consists of the following components:
- A DN that uniquely identifies the entry among all other entries in the server.
- A collection of object class values that are used to govern the contents of the entry.
- A collection of attributes values that contain the actual data for the entry.
Every entry is characterized by precisely one structural object class superclass chain which has a single structural object class as the most subordinate object class.
The Collection of object classes determines the available attributes for the entry. The Collection of object class determines define a set of required attributes, which must be present in the entry, and possibly OPTIONAL attributeTypes, which may be included in the entry but are not required.AttributeTypes that hold information about the object that the LDAP Entry represents. Some attributeType represent user information and are called user attributes. Other attributes represent operational and/or administrative information and are called operational attributes.
An attributeType is an attribute description with 0 or more Attribute Options with one or more associated values. An attributeType is often referred to by its attribute description. For example, the 'givenName' attributeType is the attribute that consists of the attribute description 'givenName' (the 'givenName' attribute type RFC 4519 and zero Attribute Options) and one or more associated values.
The attributeType governs whether the attribute can have multiple values, the LDAPSyntaxes and matching Rules used to construct and compare values of that attribute, and other functions. Attribute Options indicate subtypes and other functions.
Attribute values conform to the defined LDAPSyntaxes of the attribute type.
No two values of an attributeType may be equivalent. Two values are considered equivalent if and only if they would match according to the EQUALITY matching Rule of the attributeType. Or, if the attributeType is defined with no EQUALITY matching Rule, two values are equivalent if and only if they are identical. (See RFC 4512 2.5.1 for other restrictions.)
For example, a 'givenName' attributeType can have more than one value, they must be Directory Strings, and they are case-insensitive. A 'givenName' attributeType cannot hold both "John" and "JOHN", as these are equivalent values per the equality matching rule of the attribute type.
Additionally, no attribute is to have a value that is not equivalent to itself. For example, the 'givenName' attribute cannot have as a value a directory string that includes the REPLACEMENT CHARACTER (U+FFFD) code point, as matching involving that directory string is Undefined per this attribute's equality matching rule.
More Information#There might be more information for this subject on one of the following:
- ACL (eDirectory Attribute)
- Access Control
- Add Request
- Authentication ID
- Best Practices For LDAP Naming Attributes
- Best Practices For Unique Identifiers
- Collective Attribute
- Compare Request
- DN Syntax
- DSA-Specific Entry
- Delete Request
- Delete Response
- Directory Information Base
- Directory Information Tree
- Distinguished Names
- EDirectory Password Expiration
- Glossary Of LDAP And Directory Terminology
- Groups Are Bad
- IDM Tricks
- Introduction To LDAP
- LDAP Data Interchange Format
- LDAP Entry Collection
- LDAP Model of User Information
- LDAP Query Basic Examples
- LDAP Result Codes
- LDAP Subentry
- Lightweight Directory Access Protocol (LDAP) entryUUID Operational Attribute
- MAD Determine the Classes Associated With an Entry
- Modify Request
- Ndstrace Log Searches
- Not Synchronized
- ObjectClass Types
- Password MUST Change
- Permissions to read Universal Password
- Persistent Search Control
- RBAC vs ABAC
- SCIM Resource
- Schema Checking
- Security Identifier
- Smart referrals
- Static groups
- Structural ObjectClass
- Thinking of LDAP
- Time Restrictions
- Understanding Name Forms
- Virtual Attribute
- Which Jane Doe