Chapter 5. Defining Dynamic Attribute Values

As described in Section 3.2.2, “Standard Attributes”, LDAP entries store discrete parts of information in attributes that are added to an entry.
Red Hat Directory Server provides several different mechanisms for dynamically and automatically maintaining some types of attributes on directory entries. These plug-ins and configuration options simplify managing directory data and expressing relationships between entries.

5.1. Introduction to Managed Attributes

When performing a site survey, one of the earliest steps is to identify the characteristics of the entries in the directory (Section 2.3.3, “Characterizing the Directory Data”). These characteristics are the different aspects of the entities that need to be recorded in the directory entry. For an employee, this means information like the person's manager, title, business category, email address, home and office phone numbers. Each characteristic of the entry is maintained in an entry attribute.
Part of the characteristics of entries are their relationships to each other. Obviously, a manager has an employee, so those two entries are related. Groups are associated with their members. There are less apparent relationships, too, like between entries which share a common physical location.
Red Hat Directory Server provides several different ways that these relationships between entries can be maintained smoothly and consistently. There are several plug-ins that can apply or generate attributes automatically as part of the data within the directory:
  • Attribute uniqueness requires that every instance of a particular attribute within the subtree or database has a unique value. This is enforced whenever an entry is created or an attribute is modified.
  • Classes of service use one entry as a template; whenever that attribute value changes, then all other entries within the scope of the CoS automatically have the same attribute on their entries changed. (The entries affected by the CoS are identified through a definition entry.)
  • Managed entries create one entry according to a defined template whenever another entry in a defined scope is created. There are times, particularly with integration with external clients, when it may be necessary to have entry pairs created and managed automatically. Managed entries defines the template of the second entry and provides a mechanism to update it automatically.
  • Linked attributes follow DN values in attributes in one entry and automatically add a pre-determined attribute (with a value that points back to the original entry) to the referenced entries. So, if entry A lists entry B as a direct report, then entry B can automatically be updated to have a manager attribute with entry A as its specified manager.
  • Distributed numeric assignments automatically assign unique identifying numbers to entries. This is useful for GID or UID number assignments, which must be unique across an organization.
Consider several things about specific entry attribute values, as part of planning both directory data and directory schema:
  • How are the entries related? Are there common attributes which are shared among entries? Are there attributes which must represent connections between entries?
  • How and where (in what entry) is the original source of the data likely to be maintained? How often is this information updated and how many entries are affected when the data are changed?
  • What schema elements are used by these entries and what is the syntax of those attributes?
  • How does the plug-in handle distributed directory configuration, such as replication or synchronization?