
This is the Title of the Book, eMatter Edition
Copyright © 2007 O’Reilly & Associates, Inc. All rights reserved.
228
|
Chapter 7: Using LDAP for Authentication
phone number, email address, nicknames, etc. are all attributes. You can use as
many or as few attributes in your LDAP database as you like; you can even invent
your own. But for a record to contain a given attribute, that record must be associ-
ated with the proper object class.
An object class describes the type of record you’re trying to build: it defines which
attributes are mandatory for each record and which attributes are optional. “Oh,”
you might think, “that’s easy, then: I just need to choose an object class that pro-
vides the group of attributes I want to store for my users and associate each user
record with that object class!”
If you thought that, you’d only be partly right. In practice, you’ll probably want to
use attributes from a variety of object classes. “Well, fine,” you think, “I’ll just spec-
ify multiple object classes in each user record, and get my full complement of
attributes à la carte. Whatever.”
Right again, but again there’s more to it than that: chances are, the object classes
that provide the attributes you need are spread across a number of schema files (these
are text files, each containing a list of attributes and the object classes that reference
them). So even before you can begin composing your user