Each LDAP (Lightweight Directory Access Protocol) server contains a hierarchical database. Each client (with appropriate permissions) can create an entry, read an entry, update an entry, or delete an entry.
Each entry has the following characteristics:
Each entry is located in a particular position within a hierarchical tree of entries. Each parent entry can have zero, one, or more child entries.
Each entry contains a multiset of attributes, which are key-value pairs. The server contains a schema, which lists available attribute types. For each type of attribute, the schema also contrains the values permitted and provides rules for how to interpret the values.
Each entry contains one or more objecClass
attributes. Each objecClass attribute must
have a value contained within the schema. Each
objecClass attribute can dictate something
about the set of attributes contained within an entry.
Relative to an entry's parent entry, each child entry must be
uniquely identified by the same set of one or more attributes.
The relative distinguished name (RDN) is a
set of these attributes' key-value pairs where each key and
value is separated by an equals character
(=) and each key-value pair is separated by
a plus character (+). E.g., cn=John
Doe or cn=jxd1234 or
givenName=John+sn=Doe or cn=John
Doe+ou=Sales.
The position of each entry is uniquely determined by the
entry's distinguished name (DN). The
DN is a comma-separated bottom-up list of
RDNs of the entry and the entry's ancestors.
E.g., cn=John
Doe,ou=Sales,ou=people,dc=foo,dc=example,dc=com.
This DN corresponds to the tree below.
dc=foo,dc=example,dc=comou=peopleou=Salescn=John Doe