Attribute is the atomic structure of schema and a member of object class. Attribute typically contain data.

Every attribute is included in one or more object classes. Therefore, some object class might have same attribute. Once defined in a schema, it can also be used by any object class.

Attribute has a name as identifier. The name is used for identifying the attribute, distinguish one attribute from other attribute. Attribute should be unique. Attribute is also a container for value(s). It is an entry of which value is stored. The value could be a single-value or multi-value.

To define an attribute, we have following syntax:

In each attribute, a numericoid should be given. This is the OID Used by LDAP system and should be uniform.

Let’s dive deeper into the meaning of each syntax:

NAME
Defined the attribute’s name. This name should be unique globally (in system). The name is a pair of two string, and written inside of parenthesis. The first string is alias which usually abbreaviation of the second string. The second string is the ful string. If the string is composed of two or more word, it should be trimmed so there is no whitespace.
DESC
Description for this attribute.
OBSOLETE
Optional. When this attribute is defined as obsolete, LDAP is informed that the attribute is obsoleted and should not be used.
SUP
Optional. Define parent of this attribute.
EQUALITY caseIgnorematch
Define the properties of this attribute where a searching operation is used over this attribute.A searching can be done in two mode: case sensitive and case insensitive. If a case insensitive mode is desired, we have to declared the attribute using matchingRule caseIgnoreMatch. matchingRule is a special purpose attribute for searching.
More information about LDAP searching could be read from corresponding article.
ORDERING ‘matchingRule’
Used for matching rules of attributes combination.
SUBSTR ‘caseIgnoreSubstringMatch’
Define properties of this attribute when used in searching operation based on substring. The searching operation can be done in case insensitive or using matchingRule caseIgnoreSubstringMatch.
SYNTAX
Define oid of this attribute.
SINGLE-VALUE
Define whether this attribute can be used once in object class. For example: an attribute PersonName should only used once within a class. When not defined as SINGLE-VALUE, LDAP will automatically infer that the attribute can be used multiple times.

Now let’s define a simple attribute as an example:

Here is the relation of attributes with schema and object class

ldap-object-hierarchy

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">