Printout Header

LEX Online Manual Content

LDAP Object Classes

Each object in an LDAP directory has at least one object class associated with it. The object class determines the characteristics of this object, in particular the set of attributes which the object can have (and the ones it must have).

The object classes are defined in the LDAP directory schema - they constitute a class hierarchy there, there is one central top level class (which is called 'top'), all other classes are derived from that.

Object class hierarchy

This leads to the fact that normally each object of a certain class has actually all the parent classes also as associated classes. You see this if you look at the 'objectClass' attribute which exists for all objects in all LDAP directories:

Several object classes for the same object

One of these object classes is the main class which defines the nature of the object and which is sometimes is called 'structural class'. Some directories store an attribute named structuralClass for each object - in other directory environment you can derive the main object class from the order in which the classes are stored in the multi-valued attribute objectClass. LEX tries to evaluate the main class for each object according to the current directory type. You can see the result in the object list column Object Type:

Structural Object Class

Class Types and Attributes

LEX can evaluate the Structural Class of each object - and the superior classes from which this class is derived. These superior classes are called Abstract Classes. Additionally, there can be Auxiliary Classes associated with an object.

All this classes together define a certain set of attributes for each object. LEX loads information about the directory schema, this is done in the first seconds of each LDAP connection to a new LDAP server. If the schema information could be evaluated correctly, LEX knows exactly the complete set of attributes for each type of object in this directory, including the characteristics of attributes: Is it mandatory, is it operational, is it indexed? ...and so on.

Object Classes in the Creation Process

If you create an LDAP directory object, you ave to specify the structural (=the main) object class for this object - according to this LEX shows you what attributes can be set and have to be set in the creation process.

You will notice that LEX also associate several object classes with the object, according to the class hierarchy described in the paragraphs above. This can be done because LEX performed the internal directory schema evaluation at the beginning of the connection:

Super classes in the creation process

Please note that in Microsoft Active Directory environments there could be auxiliary classes associated with an object class without being listed in the objectClass attribute of the regarding objects. Look for example at an AD user object: It has the object classes user, organizationalPerson, person and top.

Super classes of an AD user object

In fact an Active Directory user has also the auxiliary object class securityPrincipal, in Exchange environments, there could be the auxiliary class mailRecipent, among with several other mail specific classes. You don't have to be worried about these auxiliary classes in the object creation, LEX knows them and shows you the correct set of attributes.

Adding an Object Class to an existing Object

In many LDAP directory environments, you can add auxiliary classes to an existing object. There could be normal inetOrgPerson objects in an OpenLDAP directory for example, which you want to 'expand' to posix users or samba users. Then you would have to add the object class sambaUser or posixUser to the regarding objects.

Please be careful when you expand objects with new object classes. There might be intrinsic rules about the valid combinations of object classes in the directory - maybe an object cannot be used anymore correctly after the object class expansion. It is very likely that is difficult to remove an associated object class from an object, so don't do this if you do not know the consequences for the regarding objects.

You can add object classes to existing objects by editing the objectClass attribute. Just select this attribute of the regarding object in the attribute list in the LEX main window or in an standalone attribute window, and use the menu option Edit - Add Array Member, or just press the PLUS key on your keyboard or use the Add Add attribute element to an array button Add attribute element to an array button.

In this case, it's not the normal attribute editor which appears. Instead, the Add New Object Class to Object dialog is shown:

Adding object classes to objects

So you can choose an object class from the drop down list at the Objectclass text box. LEX knows what attributes this object class can have and show you the appropriate list. Some object classes may have must-have attributes which you have to set in this dialog- without these mandatory attributes you will probably get an error when you try to add the object class.