operations for querying LDAP directories. LDAP directories are generally used
to store information about the people in an organization. For example, LDAP
directories typically store information about the business unit
that a person belongs to, information that identifies the person,
and information about how to contact them, such as telephone numbers
and email addresses.
LDAP directories use a tree structure as the
data model. Different types of databases, such as Sun ONE or Microsoft
Active Directory, use different tree structures. LDAP administrators
typically customize the directory structure based on the requirements
of their organization.
Talk to your LDAP
administrator for information about the directory that you are querying.
following graphic shows a very simple directory tree. LDAP directories typically
contain many more items, numbering in the thousands.
structure of the tree and the information that each item in the
tree stores is defined by the directory schema.
Each item in the tree is uniquely identified by their
distinguished name (DN). The DN includes the relative DN of the
directory item (for example ou=People) concatenated with the relative
DN of the parent items in the tree.
The DN of this item is cn=marketing,ou=Groups,dc=YourCompany,dc=com
The DN of this item is ou=People,dc=YourCompany,dc=com
item in the directory tree has a number of attributes that are used
to store information about the item. For example, items that represent
people typically have an attribute named mail which is used to store
the person’s email address.
The attributes of an item are
defined by rules in the directory schema. Each item has the
which determines the schema rules that govern the item.
Typically, when you connect to an LDAP server you specify
the area of the directory tree that you want to use. To specify
the area, you provide the DN of the item in the tree that contains
all of the other items that you want to use. This DN is called the
For example, a base DN of
to information in that item and the items that it contains.
a base DN improves system efficiency because only the information
in the base DN is retrieved from the LDAP server.
about using the LDAP service, see
Services Reference for AEM forms