Each LDAP entry contains a set of LDAP attributes that represent various kinds of characteristics of the entry itself. An attribute comprises an attribute type and one or more attribute values. An example of an attribute type might be 'mail' with 'jdoe@company.com' acting as its value.
Types of AttributesAll in all, there are three types of attributes. They are:
Text attributes. LDAP schema always marks those as 'human readable'. These attributes can't contain non-printable symbols in their values. Here are some of the examples of text attributes: mail, displayName, telephoneNumber.
Binary attributes. Binary attributes can contain any symbols in their values and are supposed to describe entities like images, audio data, certificates and so on.
Operational attributes. These are used by LDAP servers for administering the directory system itself and are not returned in search results unless explicitly requested by name. For example, operational attributes may serve as an indicator as to who and when created and modified the entry such attribute belongs to, etc.
Specific Attribute PropertiesHere is how each LDAP attribute can be marked in an LDAP schema:
Collective. When it is essential to share attribute values between several entries, collective attributes are used. These attributes are stored in special entries invisible to users. These special entries contain a description of the DIT subtree of entries which their collective attributes should apply to.
Obsolete. LDAP Attributes that are no longer considered of any usage worth can be declared obsolete by an LDAP schema.
No User Modification. Some attributes are not supposed to be modified by users, so they are usually declared as 'no-user-modification'. All operational attributes belong to the 'no-user-modification' category.
Single-Valued. For a variety of reasons some LDAP attributes can't have more than one value, like, for example, the 'givenName' or 'country' attributes, while such attribute as 'telephone number' can quite understandably be multi-valued.
These properties are stored at the Attribute Properties page. To display the page, select an attribute and click
Properties on the Standard toolbar.
Object ClassesobjectClass is a special entry attribute, which defines what kind of object an entry describes along with a set of attributes that this entry may contain. We strongly recommend against editing this attribute manually - one should rather use the Add or Remove Object Classes wizard specifically designed for this purpose.
Attribute Recognition SettingsAt times you might wish to change the way LDAP Administrator displays a particular attribute value, e.g. when a text value is stored in an attribute marked as 'non-human readable' by the server's LDAP schema. By default, all attribute values marked as 'non-human readable' are displayed by LDAP Administrator as binary, but, if you know that such value is actually represented by plain text and want to change its display mode, do the following:
Select an attribute value.
Click the
Properties button on the Standard toolbar, or press Alt+Enter.
Choose the Advanced tab.
Check the Override the default attribute recognition option and select either Text or Binary.
Click OK to save your changes.
The fact that you have once changed the default attribute recognition settings globally affects the application recognition behavior, meaning that from this moment on all attribute values will be displayed according to the mode set last. |
External ViewersSometimes LDAP attribute values can contain data available for processing by either external applications or by LDAP Administrator itself. For example, you can view images contained in a jpegPhoto attribute using your image viewer, or locate entries using DNs contained in the distinguishedName attribute values. If LDAP Administrator has recognized an attribute as the one to be further processed, a corresponding command will appear in the attribute's context menu. For example, the context menu for the jpegPhoto attribute will display the Show Image command, while for the distinguishedName attribute it is going to be Find DN.