Product Documentation

Appearance

7.1.2
7.0.2
6.9.3
5.4.17
5.2.31

LDAP Sample Schema

The following table represents a portion of a Microsoft Active Directory (AD) instance. This instance contains groups and users that appear throughout the examples in this section.

  • This sample schema is for Microsoft Active Directory. In an OpenLDAP server, UID would be used instead of sAMAccountName
  • The user ad_search is used for LDAP searches but is not a database user.
  • For illustrative purposes, the CN and sAMAccountName are different. It is common for them to actually be the same.

LDAP Groups 

Groups OU (OU=Database,OU=SecurityGroups,DC=test,DC=yellowbrick,DC=io)
ObjectClassMember OfCNsAMAccountNameGroup level
groupyb_all_usersyb_all_usersTop-level group
groupyb_all_usersyb_db_adminsyb_db_adminsSecond-level group
groupyb_all_usersyb_db_developersyb_db_developersSecond-level group
groupyb_all_usersyb_prod_usersyb_prod_usersSecond-level group
groupyb_all_usersyb_svc_loginsyb_svc_loginsSecond-level group
groupyb_prod_usersdb_analyst_roledb_analyst_roleThird-level group
groupyb_prod_usersdb_marketing_roledb_marketing_roleThird-level group
groupyb_prod_usersdb_sales_roledb_sales_roleThird-level group

LDAP Users 

Users OU (OU=OrgUsers,DC=test,DC=yellowbrick,DC=io)
ObjectClassMember OfCNsAMAccountNameUser principal name
InetOrgPersondb_analyst_roleanalyst_1analyst1analyst1@test.yellowbrick.io
InetOrgPersonyb_db_developersdeveloper_1developer1developer1@test.yellowbrick.io
InetOrgPersondb_marketing_rolemarketing_1marketing1marketing1@test.yellowbrick.io
InetOrgPersondb_sales_rolesales_1sales1sales1@test.yellowbrick.io
InetOrgPersonyb_db_adminsuser_1_dbauser1-dbauser1-dba@test.yellowbrick.io
InetOrgPersonyb_prod_userselt_usereltusereltuser@test.yellowbrick.io
groupyb_svc_loginsweb_userwebuserwebuser@test.yellowbrick.io
usernonead_searchad_searchad_search@test.yellowbrick.io

Parent topic:LDAP Integration