17.2 Data Model of LDAP Directory
The Directory Information Tree (DIT) is the basic data structure with which the LDAP protocol works. The DIT may be distributed over more than one physical server. Distribution over physical servers is carried out by means of referrals. For example, if we are searching for a record on another server, the record will contain a referral item that contains one or more LDAP URLs with a link to the particular subtree.
A tree is made up of entries. Every entry has an assigned set of named attributes. Such named attributes may be, for example, country (c), organization (o), common/canonical name (cn). An entry in an LDAP tree usually describes an object in the real world (for example, a company, a person, a printer, a computer, or a user group). As an example, we will use an entry for a person:
- Surname (sn): Rasek
- Canonical name (cn): Ludek Rasek
- Telephone (telephoneNumber): 345
Every entry attribute has its own name and value. Some attributes within an entry have...
