LDAP Terminology
An entry is one unit in an LDAP directory. An entry is identified or referenced by its unique Distinguished Name (DN).
An entry has attributes, which are pieces of information directly associated with the entry. For example, an organization could be an LDAP entry. Attributes associated with the organization might be its fax number, its address, and so on. People can also be entries in the LDAP directory. Common attributes for people include their telephone numbers and their e-mail addresses.
Certain attributes are required, while other attributes are optional. An objectclass sets which attributes are required and which are optional. Objectclass definitions are found in various schema files, located in the /etc/openldap/schema directory.
The LDAP Data Interchange Format (LDIF) is an ASCII text format for LDAP entries. Files that import or export data to and from LDAP servers must be in LDIF format. An LDIF entry looks like this:
[<id>] dn: <distinguished name> <attrtype>: <attrvalue> <attrtype>: <attrvalue> <attrtype>: <attrvalue> |
An entry can contain as many <attrtype>: <attrvalue> pairs as needed. A blank line indicates that the entry is finished and that another entry is about to begin.
 | Caution |
|---|---|
Your <attrtype> and <attrvalue> pairs must be defined in a schema before they can be used. You cannot simply define them in an LDIF file and expect an LDAP server without corresponding data in its schema files to be able to use this information. |
Everything enclosed within < > is variable and can be set by you when you add an LDAP entry, with the exception of the <id>. The <id> is a number normally set by the LDAP tools when you add an entry, and you will probably never need to manually set one.