Skip to main content

LDAP Object Classes

Each object in an LDAP directory has at least one object class associated with it. The object class determines the characteristics of the object, in particular the set of attributes which the object can have.

The LDAP Object Class Management screen is used to configure the LDAP Object Browser on PK Protect's ACL Management page. The LDAP Object Browser is used to add users to PK Protect's Access Control List (ACL), which determines a user's decryption rights.

When a Hadoop cluster is configured with LDAP or LDAPS, four pre-defined object classes appear on this screen. These four pre-defined object classes appear for every Hadoop cluster configured with LDAP or LDAPS. The cluster to which a particular object class belongs is listed in the Cluster column on the screen. The values of each of the four pre-defined object classes are editable.

The pre-defined object classes are described in the below table:

Object Class

Values

Group

Search DN: $BSEDN

Filter:
member=(&(memberOf=$DN)(objectofClass=user))
Search Scope: SUBTREE_LEVEL
Collection: Yes

Container

Search DN: $DN
Filter: (objectClass=*)

Search Scope: ONE_LEVEL
Collection: Yes

Organizational Unit

Search DN: $DN
Filter: (objectClass=*)

Search Scope: ONE_LEVEL
Collection: Yes

Default (any object class or which specific properties have not been defined above. This will not be configurable)

Search DN: $DN
Filter: (objectClass=*)

Search Scope: ONE_LEVEL
Collection: Yes

Pre-defined object classes can be edited, but not deleted.

Access LDAP Object Class Management screen by clicking the LDAP Object Classes option in the left side pane. The LDAP Object Class Management screen is depicted below:

Add Object Class

Perform the following steps to add an object class:

  1. Click Add Object Class.

  2. A dialog box will appear.

    The fields are described below:

    1. Object Class Name: Specify the name of the object class.

    2. Search Dn: Enter the Search Dn. For example, Search Dn= (objectClass=*), Search Dn= (ou=dev,dc=dg,dc=com) etc.

    3. Filter: Specify the filter for the search. This specifies the criteria to identify which entries within the scope should be returned.

    4. Search Scope: Select the search scope from the dropdown.

      1. One-level scope: This value is used to indicate searching all entries one level under the base DN, but not including the base DN and not including any entries under that one level under the base DN.

      2. Sub-tree scope: This value is used to indicate searching of all entries at all levels under and including the specified base DN.

      3. Object-level scope: This value is used to indicate searching only the entry at the base DN, resulting in only that entry being returned.

    5. Collection: Select Yes or No for collection.

    6. Cluster: Select the Hadoop cluster.

  3. Click Save.

Edit Object Class

Perform the following steps to edit an object class:

  1. Select the object class you want to edit.

  2. Click Edit Object Class.

  3. A dialog box will appear.

  4. Click Save after making the desired changes

You cannot edit the name of the object class.

Delete Object Class

Perform the following steps to delete an object class:

  1. Select the object class you want to delete.

  2. Click Delete at the top right corner.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.