The concept of object here is similar to concept of object in Object Oriented Programming.

In Lightweight Directory Access Protocol (LDAP), object class is a set of attributes.It is defined inside a schema and may be organized in a hierarchy. This concept is similar to object in real world, where object in real world might consists of other elements. For example: a car is assembly of tire, wheel, chassis, engine, etc. An object class is not different from that. An object in LDAP is a collection of attributes.

When we said a class (in object class) we refer to the design / blueprint. We can create as many car as we want from a blueprint with same specification, same power, same dimension, everything same. And also object class is. An object class is a blueprint to create an object we can use in LDAP. When an object is created, it is an instance of an object class.

Object class is hierarchical. It can inherit attributes from its parent. In real world, we can say that an object motorcycle is derived from a bicycle. It is a bike with an engine. In LDAP, we can see that object class InetOrgPerson is a descendant of object class organizationalPerson and inherit avery attributes organizationalPerson has.

To define an object class, we follow this syntax:

An object class is declared by a keyword objectclass and followed by a whitespace (whsp) and a numericoid or Organizational Identification number. This number should be unique globally if we want to build an enterprise system. The numericoid is used for identifying object class, attributes, syntax, matching rules, etc. The numericoid is assigned by IANA. If you want to build an enterprise level and a production machine, please acquired one. If you just want to experiment, you can do that in private network with any numericoid.

Let’s dive deeper into the object class declaration:

NAME
Defined the object class’ name. This name should be unique globally.
DESC
Description for this object class.
OBSOLETE
Optional. When this object class is defined as obsolete, LDAP is informed that the object class is obsoleted and should not be used.
SUP
Optional. Define parent / super class of this object class. The object class given in this argument will act as parent and the newly create object class will inherit all properties from the parent object class.
ABSTRACT / STRUCTURAL / AUXILIARY
Define types of object class.
An abstract class defining an abstract class / non existing class / class that should not be exists. Well this is ambiguous, but it means the abstract class can not be instantiated in DIT.
A structural class defining a common node in hierarchy. The class can be instantiated as a node in LDAP tree (DIT).
An auxiliary class is an object with attributes but unlike structural class, it cannot create its own instance in DIT. This object should be used as auxiliary of complement of structural class.
MUST
Define attributes that should be exists if we want to use this object. The given object should be written as a list separated by dollar sign $.
MAY
Define optional attributes that can exists in this class.

Let see one example:

We can write them cascade like in the example, or as one long line.

In above example, we define an object class with OID 2.3.4.5. This object class’ name is country having top as a parent. This class is structural. An attribute countryName or c should declared before using this object. Attribute searchGuide is an optional.

Here is the relation of object class with schema and attributes:

ldap-object-hierarchy

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">