[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Understanding LDAP



At 07:27 PM 7/21/00 +0800, Izauddin Mohd Isa wrote:
>Hi guys,
>
>I'm new to this LDAP. I have surf n surf all the beaches (site) that has
>
>LDAP information but still cannot grasp on how it work in term of the
>directory schema, entry, objectclass and attribute.
>
>Correct me if I'm wrong. The LDAP store it data or entry in the database
>
>based on the directory schema and the schema is based on the objectclass
>
>and the attribute. The openldap distribution come with this
>slapd.oc.conf
>and slapd.at.conf. Is this the standard objectclass and attribute ?

Standard?  depends on your definition of standard.  For the most part
the schema is 'Standard Track', but does contain a fair amount of
other schema (from various sources).


>What about posixAccount and inetOrgPerson objectclass that I found on some
>of the web site ?

This schema is Informational (ie: not Standard Track).

>Can we defined our own objectclass and attribute ?

Yes, see FAQ: http://www.openldap.org/faq/index.cgi?file=219

>Where can I found the comprehensive list of objectclass and attribute ?

There is no comprehensive list of schema items.  However, there are
lists which contain commonly available/used items.  See FAQ.


>Said that I want to have an entry in the LDAP database that have the
>info from organizationalPerson, posixAccount and inetOrgPerson
>(I found this at ldap.hklc.com) objectclass, so I just write this three
>oc
>definition in a file and rename it to slapd.oc.conf and discard the
>other
>objectclass. Will this work ? if not why ?


See the FAQ for examples.


>How an entry is written in the LDAP database when we use openldap that
>came with RH6.2 by default ? Said that I enter a data using common name
>and want their unix account information as well, do I have to combine
>the
>structure/schema from the organizationalPerson and posixAccount and
>created a single
>objectclass so that I only have one entry in the LDAP database. If I did
>
>not combine both the objectclass do I have to enter two dn into the LDAP
>
>database ? (one for the organizationalPerson and one for the
>posixAccount).

Best you read the U-Mich guide (see FAQ for URI) or a decent book on
the subject (again see FAQ: http://www.openldap.org/faq/index.cgi?file=73)
I recommend that everyone read:

David Chadwick's online book "Understanding X.500" (remember that LDAP
is an access protocol to an X.500 directory).
  http://www.salford.ac.uk/its024/Version.Web/Contents.htm

and Tim Howes' "Use as directed"
  http://www.data.com/issue/990207/ldap.html



>Do point me to where I can find the answer for the above question, and
>thank you very much for all the information that I can get.

I suggest browsing the FAQ as well as the mailing list archives...