LDAP uses objects to store data. Take the user object as an example. You can store a lot of information about a user: first and last name, location, telephone, fax, pager, mobile, and maybe a picture of that person. LDAP uses classes to define what information can be stored about that object, commonly known as object attributes.
Objects can be a business, a car, a person, a stock item, or a desk. Any data about these objects can be defined and stored in an LDAP server. LDAP was designed to be extensible so that it could be used for purposes not originally envisioned.
LDAP is very particular about what information you store in the LDAP server because it needs to maintain the integrity of all data. To do this, an object is specifically defined so that it must include certain data, may contain other data about an object, and will include nothing else. This may seem restrictive, but it stops any data that does not concern the object being stored.
For example, consider the employee Jane Dadswell; the record must contain her first, middle, and last name; employee ID; Social Security number; telephone number; e-mail address; date of birth; and her location. (The list is not exhaustive, and we expect you can come up with more.) On the other hand, her record may contain information about her car (if she has one), pager number (if she has one), picture, and home telephone number.
Any other data will not be allowed because the object is strictly defined to store only certain information. The object definitions are in the LDAP schema, which we talk about later in the chapter. At this point, you just need to be aware that there are very tight restrictions on what data is associated with an object, and that many object definitions exist for many situations.
Was this article helpful?