LDAP Implementation Cookbook

2.4. Relationship Between Objects

The associations between two directory entries can be defined in two ways:

By containment: the DIT hierarchy
By reference: the use of attributes of type (syntax) distinguished name (DN)

The directory entry associations provide both logical correlation (for example, an operating system is part of a computer system and a user is authorized to use certain system resources) and directory traversal paths for the operations supported by the schema. The use of the DIT containment hierarchy permits certain searches to be made more efficiently; searches may be scoped and filtered to retrieve all of a related set of objects in one LDAP request.

Traversals based on DN pointer associations, on the other hand, cannot be grouped ...

Get LDAP Implementation Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

LDAP Implementation Cookbook by Heinz Johner, Michel Melot, Harri Stranden, Permana Widhiasta

2.4. Relationship Between Objects

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly