The database is the basic unit of storage, performance, replication, and indexing. All Directory Server operations — importing, exporting, backing up, restoring, and indexing entries — are performed on the database. Directory data are stored in an LDBM database. The LDBM database is implemented as a plug-in that is automatically installed with the directory and is enabled by default.
By default, Directory Server uses one back end database instance for a root suffix, and, by default, there are two databases,
o=NetscapeRoot for configuration entries and
userRoot for directory entries. A single database is sufficient to contain the directory tree. This database can manage millions of entries.
This database supports advanced methods of backing up and restoring data, in order to minimize risk to data.
Multiple databases can be used to support the whole Directory Server deployment. Information is distributed across the databases, allowing the server to hold more data than can be stored in a single database.
1.3.1. About Directory Entries
LDAP Data Interchange Format (LDIF) is a standard text-based format for describing directory entries. An entry consists of a number of lines in the LDIF file (also called a stanza), which contains information about an object, such as a person in the organization or a printer on the network.
Information about the entry is represented in the LDIF file by a set of attributes and their values. Each entry has an object class attribute that specifies the kind of object the entry describes and defines the set of additional attributes it contains. Each attribute describes a particular trait of an entry.
For example, an entry might be of object class
organizationalPerson, indicating that the entry represents a person within an organization. This object class supports the
telephoneNumber attributes. The values assigned to these attributes give the name and phone number of the person represented by the entry.
Directory Server also uses read-only attributes that are calculated by the server. These attributes are called operational attributes. The administrator can manually set operational attributes that can be used for access control and other server functions.
188.8.131.52. Performing Queries on Directory Entries
Entries are stored in a hierarchical structure in the directory tree. LDAP supports tools that query the database for an entry and request all entries below it in the directory tree. The root of this subtree is called the base distinguished name, or base DN. For example, if performing an LDAP search request specifying a base DN of
ou=people,dc=example,dc=com, then the search operation examines only the
ou=people subtree in the
dc=example,dc=com directory tree.
Not all entries are automatically returned in response to an LDAP search, however, because administrative entries (which have the
object class) are not returned by default with LDAP searches. Administrative objects, for example, can be entries used to define a role or a class of service. To include these entries in the search response, clients need to search specifically for entries with the
object class. See Section 4.3.2, “About Roles”
for more information about roles and Section 5.3, “About Classes of Service”
for more information about class of service.
1.3.2. Distributing Directory Data
When various parts of the directory tree are stored in separate databases, the directory can process client requests in parallel, which improves performance. The databases can even be located on different machines to further improve performance.
Distributed data are connected by a special entry in a subtree of the directory, called a database link, which point to data stored remotely. When a client application requests data from a database link, the database link retrieves the data from the remote database and returns it to the client. All LDAP operations attempted below this entry are sent to the remote machine. This method is called chaining.
Chaining is implemented in the server as a plug-in, which is enabled by default.