How to Name and Place Objects in the Directory Information Tree

In a Directory Information Tree (DIT), you classify directory service entries into object classes. Typical object classes include person objects, organization objects, and country objects.

When referring to the object class, you use the appropriate abbreviation. For example, CN (common name) represents a person object, O (organization) represents an organization object, and C (country) represents a country object. The object's abbreviation precedes the object's name. So, for example, if the object is a person whose name is J. Smith, the notation is CN=JSmith.

An object class dictates the required and optional attributes for that object. For example, the object class for the person object might require you to include values for the attributes of surname and common name, while it gives you the option of listing values for the attributes of telephone number and email address.

The object class also defines entries' relationships with each other so that you know where they belong in the DIT. For example, as Figure A shows, country objects are in the first layer below the root.

Country objects always take this position because their object class requires that they be located immediately beneath the DIT's root. Similarly, the DIT's second layer is typically organization objects because the object class for organization objects dictates that they be located directly beneath a country object or another organization object.

An entry's distinguished name (DN) traces the entry's path in the DIT. You create the DN by listing the class and name of the desired object, followed by the class and name of the object directly above the desired object, and so on, all the way to the root.

For example, the DN for J. Smith is CN=JSmith, O=Sales, C=US. Using this form of notation, you can uniquely identify the user as J. Smith in the US sales office, which distinguishes him from any other users named J. Smith in other organizations or countries.

If your colleagues understand that you are talking about objects located in the US sales organization, you can refer to J. Smith as simply CN=JSmith. This shortened version is called a relative distinguished name (RDN).

The directory service schema define the object classes used to create directory entries. The schema also define the attributes contained in those classes and the syntax for the values of those attributes. If a particular application or service requires a special type of object or an additional attribute for an existing object, you can add new classes to the schema or modify existing classes.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.