LDAP Terminology
An entry is one unit in an LDAP directory. Each entry is identified by its unique Distinguished Name (DN).
Each entry has attributes, which are pieces of information directly associated with the entry. For example, an organization could be an LDAP entry. Attributes associated with the organization might be its fax number, its address, and so on. People can also be entries in the LDAP directory. Common attributes for people include the person's telephone numbers and email addresses.
Some attributes are required, while other attributes are optional. An objectclass definition sets which attributes are required and which are not for each entry. Objectclass definitions are found in various schema files, located in the /etc/openldap/schema/ directory.
The LDAP Data Interchange Format (LDIF) is an ASCII text format for LDAP entries. Files that import or export data to and from LDAP servers must be in LDIF format. An LDIF entry looks similar to the following example:
[<id>] dn: <distinguished name> <attrtype>: <attrvalue> <attrtype>: <attrvalue> <attrtype>: <attrvalue> |
An entry can contain as many <attrtype>: <attrvalue> pairs as needed. A blank line indicates the end of an entry.
 | Caution |
|---|---|
All <attrtype> and <attrvalue> pairs must be defined in a corresponding schema file to use this information. |
Any value enclosed within a < and a > is a variable and can be set whenever a new LDAP entry is created, except for <id>. The <id> is a number determined by the application you use to edit the entry.
 | Note |
|---|---|
You should never need to edit an LDIF entry by hand. Instead use an LDAP client application, such as the ones listed in the Section called OpenLDAP Daemons and Utilities. |