B.4. Specifying Directory Entries Using LDIF
Many types of entries can be stored in the directory. This section concentrates on three of the most common types of entries used in a directory: domain, organizational unit, and organizational person entries.
The object classes defined for an entry are what indicate whether the entry represents a domain or domain component, an organizational unit, an organizational person, or some other type of entry. For a complete list of the object classes that can be used by default in the directory and a list of the most commonly used attributes, see the Red Hat Directory Server 11 Configuration, Command, and File Reference.
B.4.1. Specifying Domain Entries
Directories often have at least one domain entry. Typically this is the first, or topmost, entry in the directory. The domain entry often corresponds to the DNS host and domain name for your directory. For example, if the Directory Server host is called
ldap.example.com
, then the domain entry for the directory is probably named dc=ldap,dc=example,dc=com
or simply dc=example,dc=com
.
The LDIF entry used to define a domain appears as follows:
dn: distinguished_name objectClass: top objectClass: domain dc: domain_component_name list_of_optional_attributes ...
The following is a sample domain entry in LDIF format:
dn: dc=example,dc=com objectclass: top objectclass: domain dc: example description: Fictional example company
Each element of the LDIF-formatted domain entry is defined in Table B.2, “LDIF Elements in Domain Entries”.
LDIF Element | Description |
---|---|
dn: distinguished_name | Required. Specifies the distinguished name for the entry. |
objectClass: top | Required. Specifies the top object class. |
objectClass: domain | Specifies the domain object class. This line defines the entry as a domain or domain component. See the Red Hat Directory Server 11 Configuration, Command, and File Reference for a list of the attributes that can be used with this object class. --> |
dc: domain_component | Attribute that specifies the domain's name. The server is typically configured during the initial setup to have a suffix or naming context in the form dc= hostname,dc= domain,dc= toplevel. For example, dc=ldap,dc=example,dc=com . The domain entry should use the leftmost dc value, such as dc: ldap . If the suffix were dc=example,dc=com , the dc value is dc: example . Do not create the entry for dn: dc=com unless the server has been configured to use that suffix. |
list_of_attributes | Specifies the list of optional attributes to maintain for the entry. See the Red Hat Directory Server 11 Configuration, Command, and File Reference for a list of the attributes that can be used with this object class. |
B.4.2. Specifying Organizational Unit Entries
Organizational unit entries are often used to represent major branch points, or subdirectories, in the directory tree. They correspond to major, reasonably static entities within the enterprise, such as a subtree that contains people or a subtree that contains groups.
The organizational unit attribute that is contained in the entry may also represent a major organization within the company, such as marketing or engineering. However, this style is discouraged. Red Hat strongly encourages using a flat directory tree.
There is usually more than one organizational unit, or branch point, within a directory tree.
The LDIF that defines an organizational unit entry must appear as follows:
dn: distinguished_name objectClass: top objectClass: organizationalUnit ou: organizational_unit_name list_of_optional_attributes ...
The following is a sample organizational unit entry in LDIF format:
dn: ou=people,dc=example,dc=com objectclass: top objectclass: organizationalUnit ou: people description: Fictional example organizational unit
Table B.3, “LDIF Elements in Organizational Unit Entries” defines each element of the LDIF-formatted organizational unit entry.
LDIF Element | Description |
---|---|
dn: distinguished_name | Specifies the distinguished name for the entry. A DN is required. If there is a comma in the DN, the comma must be escaped with a backslash (\), such as dn: ou=people,dc=example,dc=com . |
objectClass: top | Required. Specifies the top object class. |
objectClass: organizationalUnit | Specifies the organizationalUnit object class. This line defines the entry as an organizational unit . See the Red Hat Directory Server 11 Configuration, Command, and File Reference for a list of the attributes available for this object class. |
ou: organizational_unit_name | Attribute that specifies the organizational unit's name. |
list_of_attributes | Specifies the list of optional attributes to maintain for the entry. See the Red Hat Directory Server 11 Configuration, Command, and File Reference for a list of the attributes available for this object class. |
B.4.3. Specifying Organizational Person Entries
The majority of the entries in the directory represent organizational people.
In LDIF, the definition of an organizational person is as follows:
dn: distinguished_name objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson cn: common_name sn: surname list_of_optional_attributes
The following is an example organizational person entry in LDIF format:
dn: uid=bjensen,ou=people,dc=example,dc=com objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson cn: Babs Jensen sn: Jensen givenname: Babs uid: bjensen ou: people description: Fictional example person telephoneNumber: 555-5557 userPassword: {SSHA}dkfljlk34r2kljdsfk9
Table B.4, “LDIF Elements in Person Entries” defines each aspect of the LDIF person entry.
LDIF Element | Description |
---|---|
dn: distinguished_name | Required. Specifies the distinguished name for the entry. For example, dn: uid=bjensen,ou=people,dc=example,dc=com . If there is a comma in the DN, the comma must be escaped with a backslash (\). |
objectClass: top | Required. Specifies the top object class. |
objectClass: person | Specifies the person object class. This object class specification should be included because many LDAP clients require it during search operations for a person or an organizational person. |
objectClass: organizationalPerson | Specifies the organizationalPerson object class. This object class specification should be included because some LDAP clients require it during search operations for an organizational person. |
objectClass: inetOrgPerson | Specifies the inetOrgPerson object class. The inetOrgPerson object class is recommended for the creation of an organizational person entry because this object class includes the widest range of attributes. The uid attribute is required by this object class, and entries that contain this object class are named based on the value of the uid attribute. See the Red Hat Directory Server 11 Configuration, Command, and File Reference for a list of the attributes available for this object class. |
cn: common_name | Specifies the person's common name, which is the full name commonly used by the person. For example, cn: Bill Anderson . At least one common name is required. |
sn: surname | Specifies the person's surname, or last name. For example, sn: Anderson . A surname is required. |
list_of_attributes | Specifies the list of optional attributes to maintain for the entry. See the Red Hat Directory Server 11 Configuration, Command, and File Reference for a list of the attributes available for this object class. |