Alcatel-Lucent 6850-48 ネットワークガイド
LDAP Servers
Managing Authentication Servers
page 35-18
OmniSwitch AOS Release 6 Network Configuration Guide
September 2009
LDAP Server Details
LDAP servers must be configured with the properly defined LDAP schema and correct database suffix,
including well-populated data. LDAP schema is extensible, permitting entry of user-defined schema as
needed.
including well-populated data. LDAP schema is extensible, permitting entry of user-defined schema as
needed.
LDAP servers are also able to import and export directory databases using LDIF (LDAP Data Interchange
Format).
Format).
LDIF File Structure
LDIF is used to transfer data to LDAP servers in order to build directories or modify LDAP databases.
LDIF files specify multiple directory entries or changes to multiple entries, but not both. The file is in
simple text format and can be created or modified in any text editor. In addition, LDIF files import and
export binary data encoded according to the base 64 convention used with MIME (Multipurpose Internet
Mail Extensions) to send various media file types, such as JPEG graphics, through electronic mail.
LDIF files specify multiple directory entries or changes to multiple entries, but not both. The file is in
simple text format and can be created or modified in any text editor. In addition, LDIF files import and
export binary data encoded according to the base 64 convention used with MIME (Multipurpose Internet
Mail Extensions) to send various media file types, such as JPEG graphics, through electronic mail.
An LDIF file entry used to define an organizational unit would look like this:
dn: <distinguished name>
objectClass: top
objectClass: organizationalUnit
ou: <organizational unit name>
<list of optional attributes>
objectClass: top
objectClass: organizationalUnit
ou: <organizational unit name>
<list of optional attributes>
Below are definitions of some LDIF file entries:
Common Entries
The most common LDIF entries describe people in companies and organizations. The structure for such an
entry might look like the following:
entry might look like the following:
dn: <distinguished name>
objectClass: top
objectClass: person
objectClass: organizational Person
cn: <common name>
sn: <surname>
<list of optional attributes>
objectClass: top
objectClass: person
objectClass: organizational Person
cn: <common name>
sn: <surname>
<list of optional attributes>
entries
definition
dn: <distinguished name>
Defines the DN (required).
objectClass: top
Defines top object class (at least one is required). Object
class defines the list of attributes required and allowed in
directory server entries.
class defines the list of attributes required and allowed in
directory server entries.
objectClass: organizationalUnit
Specifies that organizational unit should be part of the
object class.
object class.
ou: <organizationalUnit name>
Defines the organizational unit’s name.
<list of attritbutes>
Defines the list of optional entry attributes.