- A file system consists of files in a tree-like structure.
- An LDAP directory consists of entries in a tree-like structure.
- A file in a file system is an arbitrary blob of text or binary data.
- A directory entry is a collection of attributes, or name / value pairs. Attributes may be text or binary. They may be mandatory or optional, single or multi-valued.
- A file in a file system has a name, e.g. “tax-report-2010.xml”. The file name must be unique within the containing folder.
- An entry in a directory branch has a relative distinguished name (RDN), e.g. “cn=Alice Wonderland”. The RDN comes from an existing name/value pair in the entry that was chosen to become the entry’s name (or title). RDNs must also be unique within the containing directory branch.
- A file in a file system is uniquely identified by its path, e.g. “/home/vladimir/taxes/tax-report-2010.xml”.
- An entry in a directory is identified by its distinguished name (DN), which is formed by the chain of RDNs leading all the way to the directory root, e.g. “cn=Alice Wonderland, ou=people, dc=wonderland, dc=net”.
Here is a truncated example directory entry of a user, in LDIF (LDIF stands for LDAP data interchange format).
The distinguished name (DN) is in bold, the name/value pair serving as RDN is slanted.
dn: uid=alice,ou=people,dc=wonderland,dc=net uid: alice objectClass: inetorgperson objectClass: organizationalperson objectClass: person objectClass: top cn: Alice Wonderland sn: Wonderland employeeNumber: 18001 givenName: Alice initials: AA mail: firstname.lastname@example.org mobile: +1 010 154 3228 userPassword:: c2VjcmV0
If you like this analogy explanation of LDAP you’re welcome to use it in your own presentations 🙂