However, there are some common conventions. There is no standard that mandates any particular structure for LDAP DITs, so directory servers may hold entries in any kind of hierarchical arrangement. Note, however, that it is acceptable for servers to have DITs that are outside the declared set of naming contexts if those entries are intended to provide some operational purpose for the server (e.g., to expose the server configuration, to provide monitoring information about the health of the server, to provide schema information, etc.) rather than holding data supplied by users of the directory service. This entry will be described in detail below, but one of the operational attributes that it exposes is called namingContexts, which provides a list of all of the DNs that act as naming contexts for the DITs that may be held in the server. This isn’t universally the case, but it is nevertheless a common occurrence.Īll LDAP servers must expose a special entry, called the root DSE, whose DN is the zero-length string.
Note, however, that despite the tree analogy, LDAP DITs are often pretty flat, with the vast majority of entries being leaf entries (i.e., entries that do not have any children), and only a relatively small number of non-leaf entries. Each tree has a single root entry, which is called the naming context (or in some servers, a suffix). This structure is called the Directory Information Tree, or DIT. LDAP directory servers present data arranged in tree-like hierarchies in which each entry may have zero or more subordinate entries.