LDAP Sample Schema

The following table represents a portion of a Microsoft Active Directory (AD) instance. This instance contains groups and users that appear throughout the examples in this section.

This sample schema is for Microsoft Active Directory. In an OpenLDAP server, UID would be used instead of sAMAccountName
The user ad_search is used for LDAP searches but is not a database user.
For illustrative purposes, the CN and sAMAccountName are different. It is common for them to actually be the same.

LDAP Groups

Groups OU (OU=Database,OU=SecurityGroups,DC=test,DC=yellowbrick,DC=io)

ObjectClass	Member Of	CN	sAMAccountName	Group level
group		yb_all_users	yb_all_users	Top-level group
group	yb_all_users	yb_db_admins	yb_db_admins	Second-level group
group	yb_all_users	yb_db_developers	yb_db_developers	Second-level group
group	yb_all_users	yb_prod_users	yb_prod_users	Second-level group
group	yb_all_users	yb_svc_logins	yb_svc_logins	Second-level group
group	yb_prod_users	db_analyst_role	db_analyst_role	Third-level group
group	yb_prod_users	db_marketing_role	db_marketing_role	Third-level group
group	yb_prod_users	db_sales_role	db_sales_role	Third-level group

LDAP Users

Users OU (OU=OrgUsers,DC=test,DC=yellowbrick,DC=io)

ObjectClass	Member Of	CN	sAMAccountName	User principal name
InetOrgPerson	db_analyst_role	analyst_1	analyst1	analyst1@test.yellowbrick.io
InetOrgPerson	yb_db_developers	developer_1	developer1	developer1@test.yellowbrick.io
InetOrgPerson	db_marketing_role	marketing_1	marketing1	marketing1@test.yellowbrick.io
InetOrgPerson	db_sales_role	sales_1	sales1	sales1@test.yellowbrick.io
InetOrgPerson	yb_db_admins	user_1_dba	user1-dba	user1-dba@test.yellowbrick.io
InetOrgPerson	yb_prod_users	elt_user	eltuser	eltuser@test.yellowbrick.io
group	yb_svc_logins	web_user	webuser	webuser@test.yellowbrick.io
user	none	ad_search	ad_search	ad_search@test.yellowbrick.io