- Spring Security(Third Edition)
- Mick Knutson Robert Winch Peter Mularien
- 370字
- 2025-04-04 17:54:29
Common LDAP attribute names
Each actual entry in the tree is defined by one or more object classes. An object class is a logical unit of organization, grouping a set of semantically-related attributes. By declaring an entry in the tree as an instance of a particular object class, such as a person, the organizer of the LDAP directory is able to provide users of the directory with a clear indication of what each element of the directory represents.
LDAP has a rich set of standard schemas covering the available LDAP object classes and their applicable attributes (along with gobs of other information). If you are planning on doing extensive work with LDAP, it's highly advised that you review a good reference guide, such as the appendix of the book Zytrax OpenLDAP (http://www.zytrax.com/books/ldap/ape/), or Internet2 Consortium's Guide to Person-related Schemas (http://middleware.internet2.edu/eduperson/).
In the previous section, we were introduced to the fact that each entry in an LDAP tree has a DN, which uniquely identifies it in the tree. The DN is composed of a series of attributes, one (or more) of which is used to uniquely identify the path down the tree of the entry represented by the DN. As each segment of the path described by the DN represents an LDAP attribute, you could refer to the available, well-defined LDAP schemas and object classes to determine what each of the attributes in any given DN means.
We've included some of the common attributes and their meanings in the following table. These attributes tend to be organizing attributes—meaning that they are typically used to define the organizational structure of the LDAP tree—and are ordered from top to bottom in the structure that you're likely to see in a typical LDAP installation:
The attributes in the preceding table do, however, tend to be organizing attributes on the directory tree and, as such, will probably form various search expressions or mappings that you will use to configure Spring Security to interact with the LDAP server.
Remember that there are hundreds of standard LDAP attributes—these represent a very small fraction of those you are likely to see when integrating with a fully-populated LDAP server.