Directory Services basic concepts

Directory Server

Directory Server is a store of organized information (the directory) about various objects (users, network shares, resources, and so forth). Lightweight Directory Access Protocol (LDAP) is used to connect to Directory Server.

Directory

The directory is the hierarchy of the objects. Each object has a set of attributes and can have a number of child objects. The set of the object's attributes is determined by the object class. The object class is determined by the value of the attribute "objectClass". An object can have several values of an attribute. An object can belong to several object classes. In this case the object has several values of the attribute "objectClass" and the object has attributes of the all object classes.

Each object has a naming attribute. This attribute is used to collate the object's distinguished name.

Full distinguished name (FDN) of the object is unique identifier of the object and completely determines its placement within the directory.

Attributes

Each object stored in the directory has a number of attributes. The set of the object's attributes is determined by the object class. Object class determines names of all object's attributes and type of their values (text value or binary data). The object class is determined by the value of the attribute "objectClass". An object can have several values of an attribute.

FDN

Full Distinguished Name (FDN) is a comma-separated list of the naming attributes and their values which identifies an object inside the directory. For example, user "David Green" of the Active Directory domain "kofax.com" has the following FDN: CN=David Green, CN=Users, DC=kofax, DC=com.

LDAP search request

Directory Server search request should be created. The following parameters should be specified in the search request: LDAP can provide information about objects stored in the directory. To find a particular object a

  • Search base — FDN of an entry within the directory. Depending on the specified scope this item can be a search target item or a root item of the subtree where the target items are located.
  • Search scope can be one of:
    • Base only — In this case search base is the only target item to search for.
    • One level children only — In this case the search will be performed among all immediate children of the base entry. The base entry itself is not included. Deeper levels of entries are not included as well.
    • All entries entire subtree — In this case the search will be performed among all entries in the subtree starting from base entry (including base itself, its children and their children recursively).
  • Search filter — A specially formed text which specifies what entries within the search scope should be found.

The result of the search request is the list of entries (directory objects) from the specified scope which satisfy to the search filter.