Note: To create LDAP queries or to browse, an LDAP
client must bind to the LDAP server using the distinguished name (DN) of an
account that has the authority to search and read the values of LDAP attributes,
such as user and group information. The LDAP administrator ensures that
read
access privileges are set for the bind DN. Read access privileges allow
access to the subtree of the base DN and ensure that searches of user and
group information are successful.
The directory server provides an operational
attribute in each directory entry (for example, the IBM Directory Server uses ibm-entryUuid
as the operational attribute). The value of this attribute is a universally
unique identifier (UUID), which is chosen automatically by the directory server
when the entry is added, and is expected to be unique: no other entry with
the same or different name would have this same value. Directory clients
may use this attribute to distinguish objects identified by a distinguished
name or to locate an object after renaming. Ensure that the bind credentials
have the authority to read this attribute.