?

What is 'attribute'?
1. An 'attribute' is the basic piece of data. One or more attributes are packag
ed into units before
it can be used in Entries. This packaging unit is called 'objectclass'. The obje
ctclass provides
us with information on where and when to use attributes.
An object's (e.g. Person) Entry in an Address Directory is comprised of attribu
tes, like,
a. cn (common name)
b. sn (surname name)
c. uid (user identification)
d. userPassword(user password)
e. mail(mail address)
f. ou(organizational unit)
g. teleponenumber
h. carlicense
i. dc
j. etc.
2. When used in Entries there are two forms for using attribute. The first form
is 'attribute=value' used
when it is part of a DN, and the other form is 'attribute: value' when it is u
sed elsewhere in an
Entry. For example,
dn: dc=example,dc=com,dc=au
dc: example,
objectClass: dcObject
objectClass: organization
o: example
description: The Example Company used in this tutorial.
3. Attribute and objectClass are physically contained in schema file. Schema fi
le is simply a physical
container used to hold the definitions of attributes and objectclasses. Apart fr
om it, schema files have no
functional value in OpenLDAP. There are a number of schema files that come with
each OpenLDAP
installation like:
a.
b.
c.
d.

core.schema
cosine.schema
inetorgperson.schema
misc.schema

4. We know, now, that attribute is a basic piece of data, that objectclass is

a packaging of attributes
into useful forms, and that attributes and objectclasses are physically containe
d in schema file.
5. Let us show an attribute 'dc' as it is defined and packaged in core.schema,
attributetype ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domainComponent' )
DESC 'RFC1274/2247: domain component'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )

objectclass ( 1.3.6.1.4.1.1466.344 NAME 'dcObject'

DESC 'RFC2247: domain component object'
SUP top AUXILIARY
MUST dc )
The important note for us at this point is the line in attributetype, namely,
0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domainComponent' )
The sequence of digits separated by '.' before the word 'NAME'.What's before 'NA
ME' is the internal
name known as 'objectIdentifier' or OID. The 'dc' or 'domainComponent' after the
'NAME' is same
name expressed in human readable and friendly form.
We always use the shorter format 'dc' as attribute name for this object.
6. Let us examine a First Level Entry we have previously, namely:
dn: ou=People,dc=example,dc=com,dc=au
ou: People
description: All people in organization
objectClass: organizationalUnit
and show an attribute 'ou' as it is defined in core.schema,
attributetype ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' )
DESC 'RFC2256: organizational unit this object belongs to' SUP name )
objectClasses: ( 2.5.6.5 NAME 'organizationalUnit'
DESC 'RFC2256: an organizational unit' SUP top STRUCTURAL
MUST ou
MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber
$
street $ postOfficeBox $ postalCode $ postalAddress $
physicalDeliveryOfficeName $ st $ l $ description ) )
The objectIdentifier is '2.5.4.11'.
The human readable form is 'ou' or 'organizationalUnitName'. Note that we use 'o
u' instead of
the longer name.