There are bucket loads of off-the-shelf attributes and objectclasses some are standardized, some from the kindness of heart of the author(s). Many are packaged into Schemas distributed with OpenLDAP. Some of the most common are defined below. This list is not exhaustive. Where possible it is always sensible to use a pre-existing attribute and objectclass but you can build your own - if your heart will stand the strain of ASN.1.
Find the attribute you want then check with its objectclass to see what other 'stuff' it picks up. The objectclass hierarchy is shown by the notation [->objectclassname] under Name (and is mostly hyperlinked in the schema definitions). So if you use, say, the objectclass of residentialPerson which has a parent of person then the MUST attributes are sum of (inherits from in the jargon) both objectclasses which is this case means cn, sn and l are MUST.
Notes: Attribute name are case insensitive but you will see them mostly written in that pseudo Hungarian notation which puts capitals in (mostly) inconsistent places!
Contents
Commonly used attributes
Object Classes
corba.schema - distribution listing
core.schema - distribution schema - browsable
cosine.schema - distribution schema - browsable
inetorgperson.schema - distribution schema - browsable
java.schema - distribution schema - not browsable
nis.schema - distribution schema - browsable
openldap.schema - distribution schema - not browsable
qmail.schema - distribution schema - browsable
samba3.schema - edited distribution schema - browsable
authldap.schema (courier-imap) - distribution schema - browsable
Commonly Used Attributes
This not an exhaustive list but defines some common attributes and cross links them to some of the objectclasses in which they are used. Clicking the schema link will take you to the definition.
| Abbrev. | Name | objectClass | Description | Schema |
| c | countryName | country | 2 character country code defined in ISO 3166 | core.schema |
| cn | commonName | person organizationalPerson organizationalRole groupOfNames applicationProcess applicationEntity posixAccount device | core.schema | |
| dc | domainComponent | dcObject | any part of a domain name e.g. domain.com, domain or com | core.schema |
| - | facsimileTelephoneNumber | residentialPerson organizationalRole organizationalPerson | core.schema | |
| co | friendlyCountryName | friendlyCountry | full name of country | cosine.schema |
| gn | givenName | inetOrgPerson | First or given name | core.schema |
| homePhone | homeTelephoneNumber | inetOrgPerson | cosine.schema | |
| - | jpegPhoto | inetOrgPerson | jpg format photo | inetorgperson.schema |
| l | localityName | locality organizationalPerson | core.schema | |
| rfc822Mailbox | inetOrgPerson | email address e.g. joe@smokeyjoe.com | core.schema | |
| mobile | mobileTelephoneNumber | inetOrgPerson | mobile or cellular phone number | cosine.schema |
| o | organizationName | organization | Organization name or even organisational name | core.schema |
| ou | organisationalUnitName | organizationUnit | Usually department or any sub entity of larger entity | core.schema |
| - | owner | groupOfNames device groupOfUniqueNames | core.schema | |
| pager | pagerTelephoneNumber | inetOrgPerson | cosine.schema | |
| - | postalAddress | organizationalPerson | core.schema | |
| postalCode | postalCode | organizationalPerson | Post Code or ZIP | core.schema |
| sn | surname | person | surname or family name | core.schema |
| st | stateOrProvinceName | organizationalPerson | core.schema | |
| street | streetAddress | organizationalPerson | core.schema | |
| - | telephoneNumber | organizationalPerson | core.schema | |
| userPassword | - | organization organizationalUnit person dmd simpleSecurityObject domain posixAccount | User password for some form of access control | core.schema |
| uid | userid | account inetOrgPerson posixAccount | various - mostly username or other unique value | core.schema |
Object Classes
Not an exhaustive list but shows the mandatory (MUST) and optional (MAY) attributes in some commonly used objectclasses. Clicking the schema link will take you to the definition.
| Name | MUST | MAY | Schema |
| account | userid | description $ seeAlso $ localityName $ organizationName $ organizationalUnitName $ host | cosine.schema |
| country | c | searchGuide $ description | core.schema |
| dcObject | dc | - | core.schema |
| device | cn | serialNumber $ seeAlso $ owner $ ou $ o $ l $ description | core.schema |
| friendlyCountry [->country] | friendlyCountyName | - | cosine.schema |
| groupOfNames | member $ cn | businessCategory $ seeAlso $ owner $ ou $ o $ description | core.schema |
| groupOfUniqueNames | uniqueMember $ cn | businessCategory $ seeAlso $ owner $ ou $ o $ description | core.schema |
| inetOrgPerson [->person] | - | audio $ businessCategory $ carLicense $ departmentNumber $ displayName $ employeeNumber $ employeeType $ givenName $ homePhone $ homePostalAddress $ initials $ jpegPhoto $ labeledURI $ mail $ manager $ mobile $ o $ pager $ photo $ roomNumber $ secretary $ uid $ userCertificate $ x500uniqueIdentifier $ preferredLanguage $ userSMIMECertificate $ userPKCS12 | inetorgperson.schema |
| locality | - | street $ seeAlso $ searchGuide $ st $ l $ description | core.schema |
| organizationalPerson [->person] | - | title $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l | core.schema |
| organization | o | userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description | core.schema |
| organizationalRole | cn | x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l $ description | core.schema |
| organizationalUnit | ou | userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description | core.schema |
| person | sn $ cn | userPassword $ telephoneNumber $ seeAlso $ description | core.schema |
| posixAccount | cn $ uid $ uidNumber $ gidNumber $ homeDirectory | userPassword $ loginShell $ gecos $ description | nis.schema |
| residentialPerson [->person] | l | businessCategory $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ preferredDeliveryMethod $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l | core.schema |
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
