LDAP Sample Schema

The following table represents a portion of a Microsoft Active Directory (AD) instance. This instance contains groups and users that appear throughout the examples in this section.
  • This sample schema is for Microsoft Active Directory. In an OpenLDAP server, UID would be used instead of sAMAccountName
  • The user ad_search is used for LDAP searches but is not a database user.
  • For illustrative purposes, the CN and sAMAccountName are different. It is common for them to actually be the same.

LDAP Groups

Groups OU (OU=Database,OU=SecurityGroups,DC=test,DC=yellowbrick,DC=io)
ObjectClass Member Of CN sAMAccountName Group level
group yb_all_users yb_all_users Top-level group
group yb_all_users yb_db_admins yb_db_admins Second-level group
group yb_all_users yb_db_developers yb_db_developers Second-level group
group yb_all_users yb_prod_users yb_prod_users Second-level group
group yb_all_users yb_svc_logins yb_svc_logins Second-level group
group yb_prod_users db_analyst_role db_analyst_role Third-level group
group yb_prod_users db_marketing_role db_marketing_role Third-level group
group yb_prod_users db_sales_role db_sales_role Third-level group

LDAP Users

Users OU (OU=OrgUsers,DC=test,DC=yellowbrick,DC=io)
ObjectClass Member Of CN sAMAccountName User principal name
InetOrgPerson db_analyst_role analyst_1 analyst1 analyst1@test.yellowbrick.io
InetOrgPerson yb_db_developers developer_1 developer1 developer1@test.yellowbrick.io
InetOrgPerson db_marketing_role marketing_1 marketing1 marketing1@test.yellowbrick.io
InetOrgPerson db_sales_role sales_1 sales1 sales1@test.yellowbrick.io
InetOrgPerson yb_db_admins user_1_dba user1-dba user1-dba@test.yellowbrick.io
InetOrgPerson yb_prod_users elt_user eltuser eltuser@test.yellowbrick.io
group yb_svc_logins web_user webuser webuser@test.yellowbrick.io
user none ad_search ad_search ad_search@test.yellowbrick.io