How to Name and Place Objects in the Directory Information Tree

In a Directory Information Tree (DIT), you classify directoryservice entries into object classes. Typical object classes include personobjects, organization objects, and country objects.

When referring to the object class, you use the appropriate abbreviation.For example, CN (common name) represents a person object, O (organization)represents an organization object, and C (country) represents a country object.The object's abbreviation precedes the object's name. So, for example, if theobject is a person whose name is J. Smith, the notation is CN=JSmith.

An object class dictates the required and optional attributes for thatobject. For example, the object class for the person object might require you toinclude values for the attributes of surname and common name, while it gives youthe option of listing values for the attributes of telephone number and emailaddress.

The object class also defines entries' relationships with each other sothat you know where they belong in the DIT. For example, as Figure A shows,country objects are in the first layer below the root.

Country objects always take this position because their object classrequires that they be located immediately beneath the DIT's root. Similarly, theDIT's second layer is typically organization objects because the object classfor organization objects dictates that they be located directly beneath acountry object or another organization object.

An entry's distinguished name (DN) traces the entry's path in the DIT. Youcreate the DN by listing the class and name of the desired object, followed bythe class and name of the object directly above the desired object, and so on,all the way to the root.

For example, the DN for J. Smith is CN=JSmith, O=Sales, C=US. Using thisform of notation, you can uniquely identify the user as J. Smith in the US salesoffice, which distinguishes him from any other users named J. Smith in otherorganizations or countries.

If your colleagues understand that you are talking about objects located inthe US sales organization, you can refer to J. Smith as simply CN=JSmith.This shortened version is called a relative distinguished name (RDN).

The directory service schema define the object classes used to createdirectory entries. The schema also define the attributes contained in thoseclasses and the syntax for the values of those attributes. If a particularapplication or service requires a special type of object or an additionalattribute for an existing object, you can add new classes to the schema ormodify existing classes.