ABSTRACT
A directory is a distributed database of named objects called entries. It employs a hierarchical naming scheme similar to the Domain Name System (DNS). The directory-naming scheme is more general than DNS in that its components are not restricted to domains. The naming components could be geographic and organizational entities, such as countries and corporations, or any arbitrary application entity. The directory applications have the freedom to extend the enterprise namespace as appropriate for their needs. Each directory entry is a collection of attributes. Directories are databases that are optimized for reads and contain key institutional and personal data for use by a wide variety of applications. They need ways to describe the sequence of fields in the database (a schema), the names of the fields (a namespace), and the contents of the fields (attribute values). They also need indices in the database (identifiers). The directory entries have a well-defined type or structure defined by their object class. The object class determines the legal set of attributes that can be present in an entry. The attributes, in turn, have type information, including the syntax of its values, and rules for how two related values can be matched or compared. The latter rules are called matching rules. Object classes, attributes, syntax, and matching rules are some of the most significant directory metadata elements. These elements constitute the directory schema. Typically, applications extend the directory schema to suit their information-modeling needs. The first step in developing a directory schema and namespace lies in understanding the nature of the schema and its constituent components. A schema is a set of rules determining what data can be stored in a directory service. The directory schema contains object names and object attributes used to define each object class. Each object class describes an entry, such as a person or asset. Directory entries (or object instances) are then structured and organized in a directory namespace. When a directory designer organizes this collection of object names and associated attributes hierarchically, these object names and attributes form a directory information tree (DIT). Within the DIT, each instance of an object class has a relatively distinguished name that, when combined with a top-level hierarchic name, forms a unique distinguished name (DN). Directory objects are hierarchically organized in a single-tree format known as the DIT. All objects are unique in this structure; even a copy of an object is considered a separate, unique object with the same values
for all its properties as the original. To maintain object uniqueness, every object has a name. This name differentiates it from all other objects and is defined by its position in the tree. The Oracle Internet Directory (OID) provides this service.
