Working with attributes

This feature enables you to work with attributes.

Each directory entry has a set of attributes associated with it through it's object class. While the object class describes the type of information that an entry contains, the actual data is contained in attributes. An attribute is represented by one or more name-value-pairs that hold specific data element such as a name, an address, or a telephone number. IBM® Security Directory Server represents data as name-value-pairs, a descriptive attribute, such as commonName (cn), and a specific piece of information, such as John Doe.

For example, the entry for John Doe might contain several attribute name-value-pairs.

dn: uid=jdoe, ou=people, ou=mycompany, o=sample
objectClass: top 
objectClass: person 
objectClass: organizationalPerson 
cn: John Doe 
sn: Doe 
givenName: Jack 
givenName: John

While the standard attributes are already defined in the schema file, you can create, edit, copy, or delete the attributes to suit the needs of your organization.

If you create a custom attribute for an object class, you must limit the attribute to the following size:

Binary data: 2,000,000,000 bytes
String data: 32,700 bytes

If you try to create an attribute in Web Administration Tool that is larger than the size, the server generated the following error: Length field value is out of range.

Note: In accordance with LDAP version 3 standards, the use of the '_' (underscrore) character is not allowed in the attribute name. In IBM Security Directory Server, if the configuration attribute ibm-slapdSchemaCheck is set to V3, the underscore character is not allowed in the attribute name. However, if ibm-slapdSchemaCheck is set to the default value of V3_lenient, the underscore character is allowed in attribute names.