mail us  |  mail this page

contact us
training  | 
tech stuff  | 

Appendix E: LDAP - Object Classes and Attributes

There are bucket loads of off-the-shelf attributes and objectclasses some are standardized, some from the kindness of heart of the author(s). Many are packaged into Schemas distributed with OpenLDAP. Some of the most common are defined below. This list is not exhaustive. Where possible it is always sensible to use a pre-existing attribute and objectclass but you can build your own - if your heart will stand the strain of ASN.1.

Find the attribute you want then check with its objectclass to see what other 'stuff' it picks up. The objectclass hierarchy is shown by the notation [->objectclassname] under Name (and is mostly hyperlinked in the schema definitions). So if you use, say, the objectclass of residentialPerson which has a parent of person then the MUST attributes are the sum of (inherits from in the jargon) both objectclasses which is this case means cn, sn and l are MUST attributes.

Notes: Attribute names are case insensitive but you will see them mostly written in that Camel Case notation which puts capitals in (mostly) inconsistent places!

Contents

  1. Commonly used attributes
  2. Object Classes
  3. config.ldif - used by OpenLDAP OLC (cn=config) feature - browsable
  4. corba.schema - OpenLDAP distribution - browsable
  5. core.schema - OpenLDAP distribution - browsable
  6. cosine.schema - OpenLDAP distribution - browsable
  7. dyngroup.schema - used by Dynamic Group feature - browsable
  8. inetorgperson.schema - OpenLDAP distribution - browsable
  9. java.schema - OpenLDAP distribution - not browsable
  10. misc.schema - OpenLDAP distribution - not browsable
  11. nis.schema - OpenLDAP distribution - browsable
  12. openldap.schema - distribution schema - not browsable
  13. qmail.schema - Qmail distribution - browsable
  14. samba3.schema - (edited) OpenLDAP distribution - browsable
  15. authldap.schema (courier-imap) - Courier distribution - browsable
  16. ppolicy.schema - used by OpenLDAP ppolicy overlay - not browsable

Commonly Used Attributes

This not an exhaustive list but defines some common attributes and cross links them to some of the objectclasses in which they are used. Clicking the schema link will take you to the attribute definition, clicking the objectClass link will show its usage in that object.

Name Alias objectClass Notes Schema
c countryName country 2 character country code defined in ISO 3166 core.schema
cn commonName person
organizationalPerson
organizationalRole
groupOfNames
applicationProcess
applicationEntity
posixAccount
device
core.schema
dc domainComponent dcObject any part of a domain name e.g. domain.com, domain or com core.schema
- facsimileTelephoneNumber residentialPerson
organizationalRole
organizationalPerson
core.schema
co friendlyCountryName friendlyCountry
full name of country cosine.schema
gn givenName inetOrgPerson First or given name core.schema
homePhone homeTelephoneNumber inetOrgPerson cosine.schema
- jpegPhoto inetOrgPerson jpg format photo inetorgperson.schema
l localityName locality
organizationalPerson
core.schema
mail rfc822Mailbox inetOrgPerson email address e.g. joe@smokeyjoe.com core.schema
mobile mobileTelephoneNumber inetOrgPerson mobile or cellular phone number cosine.schema
o organizationName organization Organization name or even organisational name core.schema
ou organisationalUnitName organizationUnit Usually department or any sub entity of larger entity core.schema
- owner groupOfNames
device
groupOfUniqueNames
core.schema
pager pagerTelephoneNumber inetOrgPerson cosine.schema
- postalAddress organizationalPerson core.schema
postalCode postalCode organizationalPerson Post Code or ZIP core.schema
sn surname person surname or family name core.schema
st stateOrProvinceName organizationalPerson core.schema
street streetAddress organizationalPerson core.schema
- telephoneNumber organizationalPerson core.schema
userPassword - organization
organizationalUnit
person
dmd
simpleSecurityObject
domain
posixAccount
User password for some form of access control core.schema
uid userid account
inetOrgPerson
posixAccount
various - mostly username or other unique value core.schema

Up Arrow

Object Classes

Not an exhaustive list but shows the mandatory (MUST) and optional (MAY) attributes in some commonly used objectclasses. Clicking the schema link will take you to the objectClass definition. While many objectClasses show no MUST attributes you must (ouch) follow any hierarchy (shown using the [->...] notation) to determine if this is the really case. Thus, if you try to create an entry with inetOrgPerson without at least one cn and sn attribute - it will fail. More information about objectClass and Attribute hierachies.

Name MUST MAY Schema
account userid description $ seeAlso $ localityName $ organizationName $ organizationalUnitName $ host cosine.schema
country c searchGuide $ description core.schema
dcObject dc - core.schema
device cn serialNumber $ seeAlso $ owner $ ou $ o $ l $ description core.schema
friendlyCountry
[->country]
friendlyCountyName - cosine.schema
groupOfNames member $ cn businessCategory $ seeAlso $ owner $ ou $ o $ description core.schema
groupOfUniqueNames uniqueMember $ cn businessCategory $ seeAlso $ owner $ ou $ o $ description core.schema
inetOrgPerson
[->organizationalPerson]
- audio $ businessCategory $ carLicense $ departmentNumber $ displayName $ employeeNumber $ employeeType $ givenName $ homePhone $ homePostalAddress $ initials $ jpegPhoto $ labeledURI $ mail $ manager $ mobile $ o $ pager $ photo $ roomNumber $ secretary $ uid $ userCertificate $ x500uniqueIdentifier $ preferredLanguage $ userSMIMECertificate $ userPKCS12 inetorgperson.schema
locality - street $ seeAlso $ searchGuide $ st $ l $ description core.schema
organizationalPerson
[->person]
- title $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l core.schema
organization o userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description core.schema
organizationalRole cn x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l $ description core.schema
organizationalUnit ou userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description core.schema
person sn $ cn userPassword $ telephoneNumber $ seeAlso $ description core.schema
posixAccount cn $ uid $ uidNumber $ gidNumber $ homeDirectory userPassword $ loginShell $ gecos $ description nis.schema
residentialPerson
[->person]
l businessCategory $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ preferredDeliveryMethod $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l core.schema

Up Arrow



Problems, comments, suggestions, corrections (including broken links) or something to add? Please take the time from a busy life to 'mail us' (at top of screen), the webmaster (below) or info-support at zytrax. You will have a warm inner glow for the rest of the day.

Contents

tech info
guides home
intro
contents
1 objectives
big picture
2 concepts
3 ldap objects
quickstart
4 install ldap
5 samples
6 configuration
7 replica & refer
reference
8 ldif
9 protocol
10 ldap api
operations
11 howtos
12 trouble
13 performance
14 ldap tools
security
15 security
appendices
notes & info
ldap resources
rfc's & x.500
glossary
ldap objects
change log

Creative Commons License
This work is licensed under a Creative Commons License.

If you are happy it's OK - but your browser is giving a less than optimal experience on our site. You could, at no charge, upgrade to a W3C STANDARDS COMPLIANT browser such as Firefox

Search

web zytrax.com

Share

Icons made by Icomoon from www.flaticon.com is licensed by CC 3.0 BY
share page via facebook tweet this page

Page

email us Send to a friend feature print this page Display full width page Decrease font size Increase font size

Resources

Systems

FreeBSD
NetBSD
OpenBSD
DragonFlyBSD
Linux.org
Debian Linux

Software

LibreOffice
OpenOffice
Mozilla
GitHub
GNU-Free SW Foundation
get-dns

Organizations

Open Source Initiative
Creative Commons

Misc.

Ibiblio - Library
Open Book Project
Open Directory
Wikipedia

Site

CSS Technology SPF Record Conformant Domain
Copyright © 1994 - 2024 ZyTrax, Inc.
All rights reserved. Legal and Privacy
site by zytrax
hosted by javapipe.com
web-master at zytrax
Page modified: January 20 2022.