Mastering OpenLDAP
Configuring, Securing, and Integrating
Directory Services

Matt Butcher

BIRMINGHAM - MUMBAI


Mastering OpenLDAP
Copyright © 2007 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval
system, or transmitted in any form or by any means, without the prior written
permission of the publisher, except in the case of brief quotations embedded in
critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of
the information presented. However, the information contained in this book is sold
without warranty, either express or implied. Neither the author, Packt Publishing,
nor its dealers or distributors will be held liable for any damages caused or alleged to
be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all the
companies and products mentioned in this book by the appropriate use of capitals.
However, Packt Publishing cannot guarantee the accuracy of this information.

First published: August 2007

Production Reference: 1230807

Published by Packt Publishing Ltd.

32 Lincoln Road
Olton
Birmingham, B27 6PA, UK.
ISBN 978-1-847191-02-1
www.packtpub.com

Cover Image by Ronald R. McDaniel ()


Credits
Author
Matt Butcher
Reviewers
Aaron Richton

Project Manager
Patricia Weir
Project Coordinator
Abhijeet Deobhakta

George K Thiruvathukal
Quanah Gibson-Mount

Indexer
Bhushan Pangaonkar

Development Editor
Douglas Paterson

Proofreader

Rebecca Paterson

Assistant Development Editor
Nikhil Bangera

Production Coordinator
Shantanu Zagade

Technical Editor
Ved Prakash Jha

Cover Designer
Shantanu Zagade

Editorial Manager
Dipali Chittar


About the Author
Matt Butcher is the principal consultant for Aleph-Null, Inc., a systems integrator
that specializes in Free and Open Source solutions. He is also a member of the
Emerging Technologies Lab at Loyola University Chicago, where he is currently
finishing a Ph.D. in philosophy. Matt has written two other books for Packt:
Managing and Customizing OpenCms 6 Websites (ISBN: 978-1-904811-76-3), and
Building Websites with OpenCms (ISBN: 1-904811-04-3). Matt has also contributed
articles to Newsforge.com, TheServerSide.com, and LinuxDevices.com.
Anyone who actively works with Free and Open Source software
knows that any good project is the result of the contributions of a
wide variety of people. I hope it is evident in this book that I have
taken this lesson to heart. I would like to thank Bob Krumland for

introducing me to LDAP in 1997. I owe a great debt of gratitude to
Quanah Gibson-Mount and Aaron Richton, who both generously
lent their technical expertise to make this a better book. I would like
to thank Jon Hodge for his time and assistance. Also, I’d like to thank
Mark Patterson, Paul Beam, George Peavy, Ed Mattson, and Kevin
Reilly. And thanks to the members of the Emerging Technology
Lab at Loyola University, especially George Thiruvathukal for his
comments. The members of the OpenLDAP mailing list have been
tremendously helpful, especially Kurt Zeilenga, Howard Chu,
Pierangelo Masarati, and Aaron Richton. And, of course, thanks to
Claire, Anna, and Angie for their continual support, encouragement,
and crayon-colored pictures.


About the Reviewers
Aaron Richton is a Systems Administrator for the Rutgers University campus in

New Brunswick/Piscataway, NJ. He has used OpenLDAP since the 2.1 series. The
OpenLDAP servers he administers are responsible for the authentication of over
60,000 accounts. Richton holds degrees in Electrical and Computer Engineering and
Computer Science from the Rutgers University School of Engineering.

George K. Thiruvathukal Ph.D. is an associate professor of computer science

at Loyola University Chicago, where he directs the departmental computing and
infrastructure. He has held positions in industry (at Fortune 500 companies such as
R.R. Donnelley and Sons and Tellabs, both in the Chicago area) and in academia,
including the Illinois Institute of Technology and Argonne National Laboratory. He
has co-authored two books on advanced software development for Prentice Hall PTR
and Sun Microsystems press, including High-Performance Java Platform Computing:

Threads and Networking (see ) and Web Programming
in Python (see ). His research interests include
parallel/distributed systems, programming languages/paradigms/patterns,
and experimental computing. His teaching interests include most of the modern
computer science curriculum and computing history. For more information, see
/>

Quanah Gibson-Mount graduated from the University of Alaska, Fairbanks

with a B.S. in Computer Science. Quanah has been working with OpenLDAP since
the early stages of the OpenLDAP 2.1 release. He is currently a Principal Software
Engineer with Zimbra, Inc, where he focuses on OpenLDAP configuration and
Release Engineering. He is also the release engineer for the OpenLDAP project, and
in his spare (paid for) time teaches classes on LDAP and OpenLDAP for Symas Corp.
Prior to his employment with Zimbra, Quanah worked at Stanford University, where
one of his primary tasks was that of Directory Architect.
I'd like to thank my wife Karen for all of her support in these
many endeavors.


Table of Contents
Preface
Chapter 1: Directory Servers and LDAP

1
7

LDAP Basics
What is a Directory?
The Structure of a Directory Entry

A Unique Name: The DN
An Example LDAP Entry

7
8
10
11
12

The Directory Information Tree
What to Do with an LDAP Server
The History of LDAP and OpenLDAP
A Technical Overview of OpenLDAP
The Server
Clients
Utilities
Libraries
Summary

15
17
19
20
21
22
22
22
22

The Object Class Attribute

Operational Attributes

Chapter 2: Installation and Configuration
Before Getting Started
OpenLDAP Binaries for Operating Systems
Commercial OpenLDAP Distribution
Source Code Compilation

A Quick Note on Versions
Installation
Dependencies
Installing OpenLDAP
Configuring the SLAPD Server
Basics

14
15

23

23
24

24
25

25
25
25
26

26
28


Table of Contents
Schemas
More Directives
Module Directives

29
29
30

Database Configuration
ACLs
Verifying a Configuration File
Starting and Stopping the Server
Using the Init Script
Running SLAPD Directly
Configuring the LDAP Clients
A Basic ldap.conf File

31
34
38
40
41
41
43
44


Testing the Server
Summary

46
50

Size and Time Limits

46

Chapter 3: Using OpenLDAP

51

A Brief Survey of the LDAP Suite
LDAP from the Server Side
SLAPD

The Binding Operation
The Search Operation
More Operations: Additions, Modifications, and Deletions
Infrequent Operations
SLAPD Summary

51
52
52

53

54
58
60
61

SLURPD
Creating Directory Data
The LDIF File Format

62
62
63

Example.Com in LDIF

69

Anatomy of an LDIF File
Representing Attribute Values in LDIF

64
66

Defining the Base DN Record
Structuring the Directory with Organizational Units
Adding User Records
Adding System Records
Adding Group Records

The Complete LDIF File

Using the Utilities to Prepare the Directory
slapadd
When Should slapadd be Used?
What Does slapadd Do?
Loading the LDIF File

slapindex
slapcat

70
73
78
82
84

87
89
90

90
91
91

97
98

Operational Attributes

99


slapacl

101
[ ii ]


Table of Contents

slapauth
slapdn
slappasswd

Storing and Using Passwords in OpenLDAP
Generating a Password with slappasswd

slaptest
Performing Directory Operations Using the Clients
Common Command-Line Flags
Common Flags
Setting Defaults in ldap.conf

102
103
104

104
105

107
108

108

109
110

ldapsearch

110

ldapadd

119

ldapmodify

121

ldapdelete
ldapcompare
ldapmodrdn

128
129
130

A Simple Search
Restricting Returned Fields
Requesting Operational Attributes
Searching Using a File


110
113
114
116

Adding Records from a File

120

Adding a Record with ldapmodify
Modifying Existing Records
Modifying the Relative DN
Deleting Entire Records

121
122
125
128

Modifying the Superior DN with ldapmodrdn

ldappasswd
ldapwhoami
Summary

Chapter 4: Securing OpenLDAP

LDAP Security: The Three Aspects
Securing Network-Based Directory Connections with SSL/TLS
The Basics of SSL and TLS

Authenticity
Encryption
StartTLS

131

133
135
136

137

137
138
139

139
141
142

Creating an SSL/TLS CA
Creating a Certificate

143
147

Configuring StartTLS
Configuring Client TLS
Configuring LDAPS


152
153
155

Creating a New Certificate Request
Signing the Certificate Request
Configuring and Installing the Certificates

[ iii ]

147
149
150


Table of Contents
Debugging with the OpenSSL Client

157

Using Security Strength Factors

157

The security Directive

Authenticating Users to the Directory
Simple Binding

Using an Authentication User for Simple Binding


158

162
162

164

SASL Binding

165

Using Client SSL/TLS Certificates to Authenticate

175

Configuring Cyrus SASL
Configuring SLAPD for SASL Support
Creating a New Client Certificate
Configuring the Client
Configuring the Server
Testing with ldapwhoami
Going Further with SASL

Controlling Authorization with ACLs
The Basics of ACLs
Access to [resources]
Access using DN
Access using attrs
Access using Filters

Combining Access Specifiers

By [who] [type of access granted] [control]
The Access Field
The who Field
The control Field

Getting More from Regular Expressions
Debugging ACLs
A Practical Example
Summary

Chapter 5: Advanced Configuration

Multiple Database Backends
The slapd.conf File
Creating and Importing a Second Directory
Performance Tuning
Performance Directives
Global Directives
Directives in the Database Section

The DB_CONFIG File

Setting the Cache Size
Configuring the Data Directory
Optimizing BDB/HDB Transaction Logging
Tuning Lock Files
More about Berkeley DB
[ iv ]


167
168
176
178
179
181
183

184
184
185

186
187
189
190

190

191
195
208

209
211
213
217

219


219
220
223
226
226

227
233

243

245
246
246
248
248


Table of Contents

Directory Overlays
A Brief Tour of the Official Overlays
Configuring an Overlay: denyop
Loading the module
Adding the Overlay
Adding Overlay-Specific Directives

Referential Integrity Overlay


249
250
252

252
253
254

254

Configuring the Overlay
Modifying the Records
Drawbacks
A Useful Note

255
257
260
260

The Uniqueness Overlay
Summary

261
264

Chapter 6: LDAP Schemas

Introduction to LDAP Schemas
Why Do They Look So Complicated?

Schema Definitions
Object Classes and Attributes
Object Class Definitions
Attribute Definitions
Object Identifier Definitions
DIT Content Rules
Retrieving the Schemas from SLAPD
The ObjectClass Hierarchy
Attribute Hierarchies
Subordinate Attributes and Searching

265

265
266
267
269
270
274
282
284
290
292
293

294

Object Class Types: Abstract, Structural, and Auxiliary

295


Moving Onward
Schemas: Accesslog and Password Policy Overlays
Logging with the Accesslog Overlay

307
307
308

Implementing a Complex Overlay: Password Policy

320

The Object Class Hierarchy: An Overview
Abstract Classes
Structural Object Classes
Auxiliary Object Classes

Loading the accesslog Module
Configuring the Access Log Backend
Creating A Directory for the Access Log Files
Enabling Logging for the Main Backend
The Log Records

Setting the Global Directives in slapd.conf: Schema and Module
Creating a Password Policy
Configure the Overlay Directives

[]


296
298
300
305

308
309
310
311
313
321
322
326


Table of Contents
Test the Overlay
Password Policy Operational Attributes
Summary of ppolicy Operational Attributes

330
333
335

Creating a Schema
Getting an OID
Giving Our OID a Name
Creating Object Classes
Creating Attributes
Loading the New Schema


336
337
339
340
342
344

A New Record
Summary

345
347

Troubleshooting Schema Loading

345

Chapter 7: Multiple Directories

349

Replication: An Overview
SyncRepl
Configuring SyncRepl
Configuring the Master Server

350
352
353

354

Creating a SyncRepl User

356

Configuring the Shadow Server

357

Starting Replication

365

Delta SyncRepl

366

Debugging SyncRepl

369

The syncrepl Directive
Configuring a Referral

359
364

For Larger Directories...


365

The Master Server's Configuration
The Shadow Server's Configuration

366
368

Starting Over
Strategic Logging
A Few Common Mistakes

369
370
370

Configuring an LDAP Proxy
Using the LDAP Backend

371
372

Using Identity Management Features

Turning the Simple Proxy into a Caching Proxy
Notes on the Attribute Sets and Templates

A Translucent Proxy
Summary


Chapter 8: LDAP and the Web

The LDAP-Aware Application
Apache and LDAP
A Short Guide to Installing Apache
Configuring LDAP Authentication
Loading the Modules

[ vi ]

374

375

380

381
386

387

387
389
389
391

392


Table of Contents

Editing the default Configuration File
Other Features of the Require Parameter

phpLDAPadmin
Prerequisites
Installing phpLDAPadmin
Is Your Package Broken?

393
400

401
402
402

403

Configuring phpLDAPadmin

403

A First Look at phpLDAPadmin

411

A Basic Look at Configuration Parameters
Configuring the LDAP Server Settings
Navigating phpLDAPadmin
Viewing and Modifying a Record
Adding a New Record

Searching with phpLDAPadmin

405
409
414
416
422
426

Summary

430

Appendix A: Building OpenLDAP from Source

431

Appendix B: LDAP URLs

443

Appendix C: Useful LDAP Commands

447

Why Build from Source?
Getting the Code
The Tools for Compiling
Build Tools
Installing Dependencies

Compiling OpenLDAP
Configuring
Building with make
Installation
Building Everything
Summary

The LDAP URL
Common Uses of LDAP URLs
Not all LDAP URLs are for Searching
For More Information on LDAP URLs...
Summary
Getting Information about the Directory
The Root DSE
The Subschema Record
The Configuration Record
Making a Directory Backup
A Backup Copy of the Directory Database
An LDIF Backup File
[ vii ]

431
431
433
433
436
437
437
439
440

441
442
443
445
445
446
446
447
447
449
450
451
451
452


Table of Contents

Rebuilding a Database (BDB, HDB)
Step 1: Stop the Server
Step 2: Dump the Database
Step 3: Delete the Old Database Files
Step 4: Create a New Database
Step 5: Restart SLAPD
Troubleshooting Rebuilds
Summary

Index

453

453
454
455
456
456
457
457

459

[ viii ]


Preface
The OpenLDAP directory server is a mature product that has been around (in
one form or another) since 1995. All of the major Linux distributions include the
OpenLDAP server, and many major applications, both Open Source and proprietary,
are directory aware, and can make use of the services provided by OpenLDAP. And
yet the OpenLDAP server seems to be shrouded in mystery, known and understood
only by the gurus and hackers. This book is meant not only to demystify OpenLDAP,
but to give the system administrator and software developer a solid understanding
of how to make use, in the practical realm, of OpenLDAP’s directory services.
OpenLDAP is an Open Source server that provides network clients with directory
services. The directory server can be used to store organizational information in a
centralized location, and make this information available to authorized applications.
Client applications can connect to OpenLDAP using the Lightweight Directory
Access Protocol (LDAP). They can then search the directory and (if they have
appropriate access) modify and manipulate records in the directory. LDAP servers
are most frequently used to provide network-based authentication services for users.
But there are many other uses for an LDAP, including using the directory as an

address book, a DNS database, an organizational tool, or even as a network object
store for applications. We will look at some of these uses in this book.
The goal of this book is to prepare a system administrator or software developer
for building a directory using OpenLDAP, and then employing this directory in
the context of the network. To that end, this book will take a practical approach,
emphasizing how to get things done. On occasion, we will delve into theoretical
aspects of LDAP, but such discussions will only occur where understanding the
theory helps us answer practical questions.


Preface

What This Book Covers

In Chapter 1 we look at general concepts of directory servers and LDAP, cover the
history of LDAP and the lineage of the OpenLDAP server, and finish up with a
technical overview of OpenLDAP.
The next set of chapters focus on building directory services with OpenLDAP, and
we take a close look at the OpenLDAP server in these chapters.
Chapter 2 begins with the process of installing OpenLDAP on a GNU/Linux server.
Once we have the server installed, we do the basic post-installation configuration
necessary to have the server running.
Chapter 3 covers the basic use of the OpenLDAP server. We use the OpenLDAP
command-line tools to add records to our new directory, search the directory, and
modify records. This chapter introduces many of the key concepts involved in
working with LDAP data.
Chapter 4 covers security, including handling authentication to the directory,
configuring Access Control Lists (ACLs), and securing network-based directory
connections with Secure Sockets Layer (SSL) and Transport Layer Security (TLS).
Chapter 5 deals with advanced configuration of the OpenLDAP server. Here, we take

a close look at the various backend database options and also look at performance
tuning settings, as well as the recently introduced technology of directory overlays.
Chapter 6 focuses on extending the directory structure by creating and implementing
LDAP schemas. Schemas provide a procedure for defining new attributes and
structures to extend the directory and provide records tailor-made to your needs.
Chapter 7 focuses on directory replication and different ways of getting directory
servers to interoperate over a network. OpenLDAP can replicate its directory
contents from a master server to any number of subordinate servers. In this chapter,
we set up a replication process between two servers.
Chapter 8 deals with configuring other tools to interoperate with OpenLDAP. We
begin with the Apache web server, using LDAP as a source of authentication and
authorization. Next, we install phpLDAPadmin, a web-based program for managing
directory servers. Then we look at the main features, and do some custom tuning.
The appendices include a step-by-step guide to building OpenLDAP from source
(Appendix A), a guide to using LDAP URLs (Appendix B), and a compendium of
useful LDAP client commands (Appendix C).

[]


Preface

What You Need for This Book

To get the most from this book, you will need the OpenLDAP server software, as well
as the client command-line utilities. These are all freely available (as Open Source
software) in source code form from . However, you may
prefer to use the version of OpenLDAP provided by your particular Linux or
UNIX distribution.
While OpenLDAP will run on Linux, various versions of UNIX, MacOS X, and

Windows 2000 and so on, the examples in this book use the Linux operating system.
Since the basic LDAP tools are command-line applications, you will need basic
knowledge of getting around in a Linux/UNIX shell environment. The book does
not cover the network protocol in detail, and it is assumed that the reader has a basic
understanding of client-server network models. It is also assumed that the reader has
a basic understanding of the structure of web and email services.

Conventions

In this book you will find a number of styles of text that distinguish between
different kinds of information. Here are some examples of these styles, and an
explanation of their meaning.
There are three styles for code. Code words in text are shown as follows: "The
telephoneNumber attribute has two values, each representing a different
phone number."
A block of code will be set as follows:
########
# ACLs #
########
access to
by
by
by

attrs=userPassword
anonymous auth
self write
* none

When we wish to draw your attention to a particular part of a code block, the

relevant lines or items will be made bold:
directory /var/lib/ldap
# directory /usr/local/var/openldap-data
index objectClass sub,eq

index cn sub,eq

[]


Preface

Any command-line input and output is written as follows:
$ sudo slaptest -v -f /etc/ldap/slapd.conf

New terms and important words are introduced in a bold-type font. Words that you
see on the screen, in menus or dialog boxes for example, appear in our text like this:
"Clicking the Advanced Search Form link at the top of the simple search screen will
load a search screen with more options".
Important notes appear in a box like this.

Tips and tricks appear like this.

Reader Feedback

Feedback from our readers is always welcome. Let us know what you think about
this book, what you liked or may have disliked. Reader feedback is important for us
to develop titles that you really get the most out of.
To send us general feedback, simply drop an email to ,
making sure to mention the book title in the subject of your message.

If there is a book that you need and would like to see us publish, please send
us a note in the SUGGEST A TITLE form on www.packtpub.com or email

If there is a topic that you have expertise in and you are interested in either writing
or contributing to a book, see our author guide on www.packtpub.com/authors.

Customer Support

Now that you are the proud owner of a Packt book, we have a number of things to
help you to get the most from your purchase.

Downloading the Example Code for the Book

Visit and select this book from the list of titles
to download any example code or extra resources for this book. The files available
for download will then be displayed.
[]


Preface

Errata

Although we have taken every care to ensure the accuracy of our contents, mistakes
do happen. If you find a mistake in one of our books—maybe a mistake in text or
code—we would be grateful if you would report this to us. By doing this you can
save other readers from frustration, and help to improve subsequent versions of
this book. If you find any errata, report them by visiting ktpub.
com/support, selecting your book, clicking on the Submit Errata link, and entering
the details of your errata. Once your errata are verified, your submission will be

accepted and the errata are added to the list of existing errata. The existing errata can
be viewed by selecting your title from />
Questions

You can contact us at if you are having a problem with
some aspect of the book, and we will do our best to address it.

[]



Directory Servers and LDAP
In this first chapter, we will cover the basics of LDAP. While most of the chapters
in this book take a practical hands-on approach, this first chapter is higher-level
and introductory in nature. We will get introduced to directory servers and
LDAP, including commonly-used directory terminology. We will also see how the
OpenLDAP server fits into the directory landscape, where it came from, and how it
works. Here are the main topics covered in this chapter:
•

The basics of LDAP directories

•

The history of LDAP and the OpenLDAP server

•

A technical overview of the OpenLDAP server


LDAP Basics

The term LDAP stands for Lightweight Directory Access Protocol. As the name
indicates, LDAP was originally designed to be a network protocol that provided an
alternative form of access to existing directory servers, but as the idea of LDAP—and
the technologies surrounding it—matured, the term LDAP became synonymous
with a specific type of directory architecture. We use the term LDAP when
referring to directory services that comply with that architecture, as defined in the
LDAP specifications.
LDAP is standardized. The body of LDAP standards, including the
network protocols, the directory structure, and the services provided
by an LDAP server, are all available in the form of RFCs (Requests For
Comments). Throughout this book, I will reference specific LDAP RFCs as
authoritative sources of information about LDAP.


Directory Servers and LDAP

The current version of LDAP is LDAP v.3 (version 3), a standard developed in
1997 as RFC 2251, and widely implemented throughout the industry. The original
specification has recently (June 2006) been updated, and RFCs 4510-4519 provide a
clarified and much more cohesive specification for LDAP.
While directories in general, and LDAP directories in particular, are by no means
novel or rare in the information technology world, the driving technologies are
certainly not as well understood as near relatives like the relational database. One of
the goals of this chapter (and of this book in general) is to introduce and clarify the
function and use of an LDAP directory.
In this section, we will introduce some of the concepts that are important for
understanding LDAP. The best place to start is with the idea of the directory.


What is a Directory?

When we think of a directory, we conjure images of telephone directories or
address books. We use such directories to find information about individuals or
organizations. For instance, I might thumb through my address book to find the
phone number of my friend Jack, or skim through the telephone directory looking
for the address of Acme Services.
A directory server is used this way, too. It maintains information about some set of
entities (entities like people or organizations), and it provides services for accessing
that information.
Of course, a directory server must also have means for adding, modifying, and
deleting information, as well. But, even as a telephone directory is assumed to be
primarily a resource for reading, a directory server's information is assumed to be
read more often than written. This assumption about the use of a directory server is
codified, or summarized, in the phrase "high-read, low-write". Consequently,
many applications of LDAP technology are geared toward reading and searching
for information.
While many directory servers have been optimized for fast reading at
the expense of fast modification, this is not necessarily the case with
OpenLDAP. OpenLDAP is efficient on both counts, and it can be used for
applications that require frequent writing of data.

[]


Chapter 1

Some sorts of directory servers (envision a simple server-based implementation of
an address book) simply provide a narrow and specific service. A single-purpose
directory server, such as an online address book, might store only a very specific

type of data, like phone numbers, addresses, and email information for a set of
people. Such directories are not extensible. Instead, they are single-purpose.
But LDAP (and its X.500 predecessor) was designed to be a general-purpose directory
server. It has not been designed with the purpose of capturing a specific type of
data (like telephone numbers or email addresses). Instead, it was designed to
give implementers the ability to define—clearly and carefully—what data the
directory should store.
Such a generic directory server ought to be able to store many different kinds of
information. For that matter, it should be able to store different kinds of information
about different kinds of entities. For example, a general purpose directory should
be able to store information about entities as diverse as people and igneous rock
samples. But we don't want to store the same information about people as we do
about rocks.
A person might have a surname, a phone number, and an email address, as shown in
the following figure:
Human

Rock

Given Name
Surname
Phone Number
Email

ID Number
Location
Hardness
Malleability

A rock sample might have an identification number, information about its

geographical origin, and a hardness classification.
LDAP makes it possible to define what a person's entry would look like, and what a
rock's entry would look like. Its general architecture provides the capabilities needed
for managing large amounts of diverse directory entries.
In the remainder of this section we will examine how information in an LDAP
directory is structured. We will start by looking at the idea of a directory entry,
with a distinguished name and attributes. Then, we will look at how entries are
organized within the directory information tree. By the end of this section, you
should understand the basic structure of information within an LDAP directory.

[]


Directory Servers and LDAP

The Structure of a Directory Entry

Let's continue with our comparison of a directory server and a phone book. A phone
book contains a very specific type of information, organized in a very specific way,
and designed to fulfil a very specific purpose. Here's an example phone book entry:
Acme Services
123 W. First St.
Chicago, IL 60616-1234
(773) 555-8943 or (800) 555 9834

As mentioned earlier, this sort of directory has specific information, organized
in a specific way, designed to fulfill a specific purpose: it is information about
how to contact a specific organization (Acme Services) organized in a familiar
pattern (address and phone number). And it is designed so that a person, having a
particular name in mind, can quickly scan through the directory (which is ordered

alphabetically by organization name), and find the desired contact information.
But there are a few things to note about the phone book entry:
•

The data is arranged for searching by only one value: the name of the
organization. If you should happen to have the phone number of the
organization, but not the name, searching the phone book for the matching
telephone number in order to ascertain the name would be a taxing, and
probably futile task.

•

The format of the entry is sparse, and requires that the reader will be able to
recognize the format and supply auxiliary information required for making
sense of the data. One accustomed to reading phone book entries will be able
to extrapolate from the previous entry, and identify the information this way:










Organization Name: Acme Services
Street Address: 123 West First Street
City: Chicago
State: Illinois

Postal Code: 60616-1234
Country: USA
Phone Number: +1 773 555 8943
Phone Number: +1 800 555 9834

[ 10 ]