LDAP - objectClass attribute

> Software Security > LDAP

1 - About

Each entry has an objectClass attribute which defines the type of an entry (ie person, country, …)

The objectClass attribute specifies the object classes of an entry, which along with the system and user schema determine the permitted attributes of an entry.

Values of this attribute may be modified by clients, but the objectClass attribute cannot be removed.

Servers may restrict the modifications of this attribute to prevent the basic structural class of the entry from being changed (e.g. one cannot change a person into a country).

When creating an entry or adding an objectClass value to an entry, all superclasses of the named classes are implicitly added as well if not already present, and the client must supply values for any mandatory attributes of new superclasses.

Advertising

3 - Example

  • person's
  • country
  • meeting room;
  • recipe
  • job