You will notice in Figure 11.1 that all of the information is stored in an object based on
attribute names. The possible attribute names are based on the object schema. This is similar to
column names for a table in a relational database. When using a directory server, there is gen-
erally a preexisting schema that will handle your data with little or no change. In many cases,
this directory structure and schema is standardized across different directory vendors. This is
different from using a database because you are not required to design and define the neces-
Each attribute provided for an object in the schema is used for a specific purpose. For example,
in Figure 11.1, the attribute cn refers to the common name of the object. You will see this
attribute in many of the objects from all directory providers.
Another important topic to discuss is how to refer to a specific point in the directory structure.
Every object or point in the directory structure can be located using its Distinguished Name
(DN). The DN is very much like the primary key from a relational database. The DN for an
object is made up of the path through the tree, listing the objects beginning at the root. For
example, the DN for the Tad Hans object in Figure 11.1 would look like this:
uid=thans, ou=People, o=airius.com
This DN is actually used in the previous example to place Tad in the Managers group. It is also
possible to have a relative DN, or RDN. Based on the DN above,
is an RDN from
By prepending the RDN onto the base, you have the full DN for the object. This will become
more apparent when we begin to do searches and begin each search from a specific base.
One of the first uses for directories was to store phone book information. This scenario is what
the examples throughout this chapter will display.
With an understanding of a directory, it is now time to learn how to access the information
stored within the directory. Each vendor of a directory server will usually provide a proprietary
API that can be used to access a directory. They can also provide the capability to access the
directory server using one or more of several other available protocols.