In a Directory Information Tree (DIT), you classify directory
service entries into object classes. Typical object classes include person
objects, organization objects, and country objects.
When referring to the object class, you use the appropriate abbreviation.
For example, CN (common name) represents a person object, O (organization)
represents an organization object, and C (country) represents a country object.
The object's abbreviation precedes the object's name. So, for example, if the
object is a person whose name is J. Smith, the notation is CN=JSmith.
An object class dictates the required and optional attributes for that
object. For example, the object class for the person object might require you to
include values for the attributes of surname and common name, while it gives you
the option of listing values for the attributes of telephone number and email
address.
The object class also defines entries' relationships with each other so
that you know where they belong in the DIT. For example, as Figure A shows,
country objects are in the first layer below the root.
Country objects always take this position because their object class
requires that they be located immediately beneath the DIT's root. Similarly, the
DIT's second layer is typically organization objects because the object class
for organization objects dictates that they be located directly beneath a
country object or another organization object.
An entry's distinguished name (DN) traces the entry's path in the DIT. You
create the DN by listing the class and name of the desired object, followed by
the class and name of the object directly above the desired object, and so on,
all the way to the root.
For example, the DN for J. Smith is CN=JSmith, O=Sales, C=US. Using this
form of notation, you can uniquely identify the user as J. Smith in the US sales
office, which distinguishes him from any other users named J. Smith in other
organizations or countries.
If your colleagues understand that you are talking about objects located in
the US sales organization, you can refer to J. Smith as simply CN=JSmith.
This shortened version is called a relative distinguished name (RDN).
The directory service schema define the object classes used to create
directory entries. The schema also define the attributes contained in those
classes and the syntax for the values of those attributes. If a particular
application or service requires a special type of object or an additional
attribute for an existing object, you can add new classes to the schema or
modify existing classes.