Alcatel-Lucent 6850-48 Network Guide

Page of 1162
Managing Authentication Servers
LDAP Servers
OmniSwitch AOS Release 6 Network Configuration Guide
September 2009
page 35-19
This is how the entry would appear with actual data in it.
dn: uid=yname, ou=people, o=yourcompany
objectClass: top
objectClass: person
objectClass: organizational Person
cn: your name
sn: last name
givenname: first name
uid: yname
ou: people
description:
<list of optional attributes>
. . .
Directory Entries
Directory entries are used to store data in directory servers. LDAP–enabled directory entries contain infor-
mation about an object (person, place, or thing) in the form of a Distinguished Name (DN) that should be 
created in compliance with the LDAP protocol naming conventions.
Distinguished names are constructed from Relative Distinguished Names (RDNs), related entries that 
share no more than one attribute value with a DN. RDNs are the components of DNs, and DNs are string 
representations of entry names in directory servers.
Distinguished names typically consist of descriptive information about the entries they name, and 
frequently include the full names of individuals in a network, their email addresses, TCP/IP addresses, 
with related attributes such as a department name, used to further distinguish the DN. Entries include one 
or more object classes, and often a number of attributes that are defined by values.
Object classes define all required and optional attributes (a set of object classes is referred to as a 
“schema”). As a minimum, every entry must include the DN and one defined object class, like the name of 
an organization. Attributes required by a particular object class must also be defined. Some commonly 
used attributes that comprise a DN include the following:
Country (c), State or Province (st), Locality (l), 
Organization (o), Organization Unit (ou),
and Common Name (cn)
Although each attribute would necessarily have its own values, the attribute syntax determines what kind 
of values are allowed for a particular attribute, e.g., (c=US), where country is the attribute and US is the 
value. Extra consideration for attribute language codes will be necessary if entries are made in more than 
one language.
Entries are usually based on physical locations and established policies in a Directory Information Tree 
(DIT); the DN locates an entry in the hierarchy of the tree. Alias entries pointing to other entries can also 
be used to circumvent the hierarchy during searches for entries.
Once a directory is set up, DN attributes should thereafter be specified in the same order to keep the direc-
tory paths consistent. DN attributes are separated by commas as shown in this example:
cn=your name, ou=your function, o= your company, c=US
As there are other conventions used, please refer to the appropriate RFC specification for further details.