Object classes (LDAP)

An object class uses attributes to describe the characteristics of an abstract type. An entry within a Directory represents a specific instance of this type by allocating actual values to the attributes.

There are three different types of object classes:


Every object needs to belong to exactly one class of this type. It defines the actual nature of the object, e.g. whether it is a person or a division.


This is used for utility classes that cannot stand alone. It is used for expanding objects that already belong to a structural class by adding additional attributes. In addition to the one defining structural class, an object can belong to any number of auxiliary classes.


This class type is rarely used. It serves as a pattern for derived classes, since it can only pass its attributes on, but cannot belong to an object itself. Examples for abstract classes are top or alias. The majority of classes are derived from top, and inherit its single attribute objectClass for saving an entry's affiliation with a class. An alias is simply a reference to another object.

Source: Florian Löffler, SA: Entwicklung und Implementierung einer Visualisierungslösung für LDAP Access Controls, Erlangen 2009.