1

I am tasked with creating a generic LDAP interface that will query groups and users. We are doing our initial testing against Active Directory, but the thought occurred to me that LDAP is just a way to query a directory database. The actual fields returned by any directory service (AD, Novell, etc) might be different.

For example, if I query a group or user through LDAP, one of the fields I get back is objectGUID, and if I use that value in subsequent requests for an individual object, that field is used to uniquely identify the LDAP record. Other fields returned by AD are cn, distinguishedName, etc.

Would any directory service that provides an LDAP interface use all the same fields? Or are the fields for each dependent upon the service being queried through LDAP?

John Livermore
  • 30,235
  • 44
  • 126
  • 216
  • It depends what schema you use. Active Directory has its own, but other LDAP servers use standard schemas that can be the same across servers. – user207421 Apr 13 '16 at 21:23

1 Answers1

1

It entirely depends on the schema that is defined in the LDAP server. The attributes of certain objectClass could also be different from server to server.

For ex : In Novell 'groupOfUniqueNames' objectClass has 'member' attribute to store its children, where as the same 'groupOfUniqueNames' objectClass has 'uniqueMember' attribute to store its children in openDJ server.

More over some LDAP servers could use 'groupOfNames' objectClass instead of 'groupOfUniqueNames' for groups. So it entirely depends on the schema defined for that LDAP server.

Sai Ganesh Pittala
  • 179
  • 2
  • 9