Object Attribute Names Versus Schema Attribute Names
As mentioned earlier in this chapter, many of the LDAP attribute names are either the same as or derived from the NDS schema names. For instance, Account Balance in NDS is accountBalance in LDAP ”you simply run the words together. Note that schema names are not case-sensitive. Therefore, the use of case in the name is just to help make the name more readily recognizable.
Frequently, schema names do not reflect their true meaning to a casual user because (mostly) programmers design them. Therefore, you often find that the attribute names used in Novell or third-party DS-aware utilities do not match those used in the schema. This makes troubleshooting using tools such as DSBrowse a little challenging because it's difficult to locate the correct name. Table 2.12 shows some of the most commonly used User object attribute names and descriptions, as used by ConsoleOne, and their corresponding NDS and LDAP schema names.
Table 2.12. Attribute Names Used in ConsoleOne Versus Schema Names
CONSOLEONE DESCRIPTION
NDS SCHEMA NAME
LDAP SCHEMA NAME
Account balance
Account Balance
accountBalance
Allow unlimited credit
Allow Unlimited Credit
allowUnlimitedCredit
Other name
CN
cn
Description
Description
description
Fax Number
Facsimile Telephone Number
facsimileTelephone Number
Full name
Full Name
fullName
Qualifier
Generational Qualifier
generationQualifier
Given name
Given Name
givenName
Middle Initial
Initials
initials
E-Mail Address
Internet Email Address
mail
Location
L
l
Language
Language
Language
Account disabled
Login Disabled
loginDisabled
Expiration date and time (under Account has expiration time)
Login Expiration Time
loginExpirationTime
Grace logins allowed
Login Grace Limit
loginGraceLimit
Remaining grace logins
Login Grace Remaining
loginGraceRemaining
Maximum connections
Login Maximum Simultaneous
loginMaximum Simultaneous
Low balance limit
Minimum Account Balance
minimumAccountBalance
Department
OU
ou
Allow user to change password
Password Allow Change
passwordAllowChange
Days between forced changes
Password Expiration Interval
passwordExpiration Interval
Date and time password expires
Password Expiration Time
passwordExpirationTime
Minimum password length
Password Minimum Length
passwordMinimumLength
Require a password
Password Required
passwordRequired
Require unique passwords
Password Unique Required
passwordUniqueRequired
City
Physical Delivery Office Name
physicalDelivery Office Name
Mailing label information (found under the Postal Address option under the General tab)
Postal Address
postalAddress
Zip Code
Postal Code
postalCode
Post Office Box
Postal Office Box
postOfficeBox
Last name
Surname
sn
State
S
st
Street
SA
street
Telephone
Telephone Number
telephoneNumber
Title
Title
title
Testuser
uniqueID
uid
NOTE
Bear in mind that the default attribute mapping used by the LDAP server is to map DS's Generational Qualifier attribute (which is an eight-character CI string) to the LDAP attribute generationQualifier . There is also a DS attribute called generationQualifier (which is a 32KB CI string) that is not mapped to an LDAP attribute.
TIP
Chapter 7 contains a table similar to Table 2.12 that compares the ACL attribute names used by Novell utilities with their schema names.