White Pages Objects

The white pages schema is analogous to telephone directory information. It is meant to describe people and organizations. It contains the following objects:

• Organizational objects: • country • locality • organization • organizationalUnit • dcObject • domain • liOrganization • Person objects: • person • organizationalPerson • inetOrgPerson • residentialPerson • liPerson • ePerson • Group objects: • groupOfNames • groupOfUniqueNames • Miscellaneous objects:

• alias • aliasObject

• organizationalRole

All these objects are defined by industry standards, except for the ePerson and aliasObject objects, which are defined by IBM. The following sections describe these objects in more details.

2.6.2.1 Organizational Objects

The organizational objects consist of several structural object classes, each of whose superior is the top object class in the class hierarchy (except the liOrganization class, which is subclassed from organization).

The country object class is used to define country entries in the DIT. The locality object class is used to define locality in the DIT. The organization object class is used to define organization entries in the DIT. The

organizationalUnit object class is used to define entries that represent subdivisions of organizations.

The dcObject and domain object classes inUsing Domains in LDAP/X.500 Distinguished Names, RFC 2247, are used to map domains into distinguished names. The first, dcObject, is intended to be used in entries for which there is an appropriate structural object class. For example, if the domain represents a particular organization, the entry would have organization as its structural object class, and the dcObject class would be an auxiliary class. The second, domain, is a structural object class used for entries in which no other

information is being stored. The domain object class is typically used for entries that are plan holders or whose domains do not correspond to real-world entities. The dcObject object class permits the dc attribute to be present in an entry. This object class is defined as auxiliary, because it would typically be used in conjunction with an existing structural object class, such as organization, organizationalUnit or locality. If the entry does not

correspond to an organization, organizational unit, or other type of object for which an object class has been defined, the domain object class can be used. The domain object class requires that the DC attribute be present and permits several other attributes to be present in the entry. The DC attribute is used for naming entries of the domain class.

The liOrganization object class is a structural object class that is subclassed from the organization object class. It defines organizations in a manner acceptable for the Internet in a lightweight fashion.

2.6.2.2 Person Objects

The person objects consist of several objects subclassed from the person object. The Figure 9 on page 48 shows the class hierarchy (subclassing).

Figure 9. Class hierarchy for person object classes

The person object class is a structural object class defined by X.521 and RFC 2256 (same definition). It defines entries representing people generically. It contains the minimal set of attributes that the directory entry of type object class=person must contain: commonName (or cn) and surname (or sn) plus some additional optional attributes.

The organizationalPerson object class is a structural object class subclassed from person and is also defined by X.521 and RFC 2256 (same definition). It defines entries representing people employed by or associated with an organization. It adds optional attributes to those already defined in the person object class.

The inetOrgPerson object class is a structural object class subclassed from organizationalPerson. It is defined in an Internet Draft (not yet ratified). It defines entries representing person information requirements found in typical Internet and intranet directory service deployments. It incorporates attributes needed to define both organizational and residential characteristics of a person. It adds optional attributes to those already defined in the person and organizationalPerson object classes.

The residentialPerson object class is a structural object class subclassed from person and is also defined by X.521 and RFC 2256 (same definition). It

top (abstract)

residentialPerson (structural)

person

(structural) (auxiliary)ePerson

lips (structural) orgPerson (structural) inetOrgPerson (structural)

defines entries representing people in a residential environment. It adds optional attributes to those already defined in the person object class. The liPerson (lightweight Internet person) object class is a structural object class subclassed from person and is defined by the Network Applications Consortium and The Open Group (same definition). It defines entries representing people and contains the commonly used organizational and residential attributes that have been accepted by a wide group of companies. It adds these optional attributes to those already defined in the personobject class.

The ePerson object class is an auxiliary object class defined by IBM (thee

prefix identifies it as an IBM extension, see 2.4.2, “Naming Conventions” on page 40) and subclassed from top. It may be attached to any person directory entry, that is, a directory entry instantiated from any of the person structural classes: person, organizationalPerson, inetOrgPerson, residentialPerson, or liPerson. The ePerson object class supplements the existing person class directory entries with attributes needed for IBM software. When attached to an instantiated directory entry, that directory entry has the characteristics presented by the attributes of its structural class plus those attributes defined by IBM. If no structural class is specified when a new person needs to be instantiated, the default class used is inetOrgPerson, otherwise the existing entry for that person is used. This allows IBM software to use any customer or vendor chosen person class, that is, IBM software can depend on the ePerson object class independently of what others may use as their person structural class. For example, Microsoft has defined its own person class for Windows NT users as structural. IBM can then append it’s ePerson definition to this NT class, and, thereby, not disturb the NT definition while allowing its software products based on ePerson to continue to work without modification. Queries for object classes of type ePerson will return any directory entry to which the ePerson auxiliary class was appended.

2.6.2.3 Group Objects

The Group object classes are defined by X.521 and RFC 2256 (same definition). Figure 10 shows the class hierarchy (subclassing).

Figure 10. Class hierarchy for group object classes

The groupOfNames object class is a structural object class. It is used to define entries representing an unordered list of names that represent individual objects or other groups of names. The membership of a group is static, that is, it is explicitly modified by administrative action rather than dynamically determined each time the group is referenced. The membership of a group can be reduced to a set of individual object’s names by replacing each group with its membership (expansion of nested groups). Examples of groups are e-mail lists or department memberships.

The groupOfUniqueNames object class is a structural object class. It is the same as groupOfNames except that the integrity of its unordered list of names can be assured.

2.6.2.4 Miscellaneous Objects

The miscellaneous object classes are defined by X.521 and RFC 2256 (same definition). Figure 11 below shows the class hierarchy (subclassing).

Figure 11. Class hierarchy for miscellaneous object classes

The alias object class is a structural object class whose superior in the class hierarchy is the top object class. It allows an object to be known by more than one name. Each alias name has a corresponding alias entry in the DIT which

top (abstract) groupOfUniqueNames (structural) groupOfNames (structural) top (abstract) alias

contains a pointer to the object entry. It has only one attribute (the attribute is required) which is the alias name, and it must be used as the naming (RDN) attribute.

The aliasObject object class is an auxiliary object class defined by IBM whose superior is the top object class. It is similar to the alias object class, except that its one attribute does not have to be used as the naming attribute because the class is defined as auxiliary.

The organizationalRole object class is a structural class whose superior is the top object class in the class hierarchy. It is used to define entries that

represent an organizational role. An organizational role may be filled by a person or a non-human entity. An example of an organization role is Vice President of Business Operations.