Mastering OpenLDAP
Configuring, Securing, and Integrating
Directory Services
Matt Butcher
BIRMINGHAM - MUMBAI
Mastering OpenLDAP
Copyright © 2007 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval
system, or transmitted in any form or by any means, without the prior written
permission of the publisher, except in the case of brief quotations embedded in
critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of
the information presented. However, the information contained in this book is sold
without warranty, either express or implied. Neither the author, Packt Publishing,
nor its dealers or distributors will be held liable for any damages caused or alleged to
be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all the
companies and products mentioned in this book by the appropriate use of capitals.
However, Packt Publishing cannot guarantee the accuracy of this information.
First published: August 2007
Production Reference: 1230807
Published by Packt Publishing Ltd.
32 Lincoln Road
Olton
Birmingham, B27 6PA, UK.
ISBN 978-1-847191-02-1
www.packtpub.com
Cover Image by Ronald R. McDaniel ()
Credits
Author
Matt Butcher
Reviewers
Aaron Richton
Project Manager
Patricia Weir
Project Coordinator
Abhijeet Deobhakta
George K Thiruvathukal
Quanah Gibson-Mount
Indexer
Bhushan Pangaonkar
Development Editor
Douglas Paterson
Proofreader
Rebecca Paterson
Assistant Development Editor
Nikhil Bangera
Production Coordinator
Shantanu Zagade
Technical Editor
Ved Prakash Jha
Cover Designer
Shantanu Zagade
Editorial Manager
Dipali Chittar
About the Author
Matt Butcher is the principal consultant for Aleph-Null, Inc., a systems integrator
that specializes in Free and Open Source solutions. He is also a member of the
Emerging Technologies Lab at Loyola University Chicago, where he is currently
finishing a Ph.D. in philosophy. Matt has written two other books for Packt:
Managing and Customizing OpenCms 6 Websites (ISBN: 978-1-904811-76-3), and
Building Websites with OpenCms (ISBN: 1-904811-04-3). Matt has also contributed
articles to Newsforge.com, TheServerSide.com, and LinuxDevices.com.
Anyone who actively works with Free and Open Source software
knows that any good project is the result of the contributions of a
wide variety of people. I hope it is evident in this book that I have
taken this lesson to heart. I would like to thank Bob Krumland for
introducing me to LDAP in 1997. I owe a great debt of gratitude to
Quanah Gibson-Mount and Aaron Richton, who both generously
lent their technical expertise to make this a better book. I would like
to thank Jon Hodge for his time and assistance. Also, I’d like to thank
Mark Patterson, Paul Beam, George Peavy, Ed Mattson, and Kevin
Reilly. And thanks to the members of the Emerging Technology
Lab at Loyola University, especially George Thiruvathukal for his
comments. The members of the OpenLDAP mailing list have been
tremendously helpful, especially Kurt Zeilenga, Howard Chu,
Pierangelo Masarati, and Aaron Richton. And, of course, thanks to
Claire, Anna, and Angie for their continual support, encouragement,
and crayon-colored pictures.
About the Reviewers
Aaron Richton is a Systems Administrator for the Rutgers University campus in
New Brunswick/Piscataway, NJ. He has used OpenLDAP since the 2.1 series. The
OpenLDAP servers he administers are responsible for the authentication of over
60,000 accounts. Richton holds degrees in Electrical and Computer Engineering and
Computer Science from the Rutgers University School of Engineering.
George K. Thiruvathukal Ph.D. is an associate professor of computer science
at Loyola University Chicago, where he directs the departmental computing and
infrastructure. He has held positions in industry (at Fortune 500 companies such as
R.R. Donnelley and Sons and Tellabs, both in the Chicago area) and in academia,
including the Illinois Institute of Technology and Argonne National Laboratory. He
has co-authored two books on advanced software development for Prentice Hall PTR
and Sun Microsystems press, including High-Performance Java Platform Computing:
Threads and Networking (see ) and Web Programming
in Python (see ). His research interests include
parallel/distributed systems, programming languages/paradigms/patterns,
and experimental computing. His teaching interests include most of the modern
computer science curriculum and computing history. For more information, see
/>
Quanah Gibson-Mount graduated from the University of Alaska, Fairbanks
with a B.S. in Computer Science. Quanah has been working with OpenLDAP since
the early stages of the OpenLDAP 2.1 release. He is currently a Principal Software
Engineer with Zimbra, Inc, where he focuses on OpenLDAP configuration and
Release Engineering. He is also the release engineer for the OpenLDAP project, and
in his spare (paid for) time teaches classes on LDAP and OpenLDAP for Symas Corp.
Prior to his employment with Zimbra, Quanah worked at Stanford University, where
one of his primary tasks was that of Directory Architect.
I'd like to thank my wife Karen for all of her support in these
many endeavors.
Table of Contents
Preface
Chapter 1: Directory Servers and LDAP
1
7
LDAP Basics
What is a Directory?
The Structure of a Directory Entry
A Unique Name: The DN
An Example LDAP Entry
7
8
10
11
12
The Directory Information Tree
What to Do with an LDAP Server
The History of LDAP and OpenLDAP
A Technical Overview of OpenLDAP
The Server
Clients
Utilities
Libraries
Summary
15
17
19
20
21
22
22
22
22
The Object Class Attribute
Operational Attributes
Chapter 2: Installation and Configuration
Before Getting Started
OpenLDAP Binaries for Operating Systems
Commercial OpenLDAP Distribution
Source Code Compilation
A Quick Note on Versions
Installation
Dependencies
Installing OpenLDAP
Configuring the SLAPD Server
Basics
14
15
23
23
24
24
25
25
25
25
26
26
28
Table of Contents
Schemas
More Directives
Module Directives
29
29
30
Database Configuration
ACLs
Verifying a Configuration File
Starting and Stopping the Server
Using the Init Script
Running SLAPD Directly
Configuring the LDAP Clients
A Basic ldap.conf File
31
34
38
40
41
41
43
44
Testing the Server
Summary
46
50
Size and Time Limits
46
Chapter 3: Using OpenLDAP
51
A Brief Survey of the LDAP Suite
LDAP from the Server Side
SLAPD
The Binding Operation
The Search Operation
More Operations: Additions, Modifications, and Deletions
Infrequent Operations
SLAPD Summary
51
52
52
53
54
58
60
61
SLURPD
Creating Directory Data
The LDIF File Format
62
62
63
Example.Com in LDIF
69
Anatomy of an LDIF File
Representing Attribute Values in LDIF
64
66
Defining the Base DN Record
Structuring the Directory with Organizational Units
Adding User Records
Adding System Records
Adding Group Records
The Complete LDIF File
Using the Utilities to Prepare the Directory
slapadd
When Should slapadd be Used?
What Does slapadd Do?
Loading the LDIF File
slapindex
slapcat
70
73
78
82
84
87
89
90
90
91
91
97
98
Operational Attributes
99
slapacl
101
[ ii ]
Table of Contents
slapauth
slapdn
slappasswd
Storing and Using Passwords in OpenLDAP
Generating a Password with slappasswd
slaptest
Performing Directory Operations Using the Clients
Common Command-Line Flags
Common Flags
Setting Defaults in ldap.conf
102
103
104
104
105
107
108
108
109
110
ldapsearch
110
ldapadd
119
ldapmodify
121
ldapdelete
ldapcompare
ldapmodrdn
128
129
130
A Simple Search
Restricting Returned Fields
Requesting Operational Attributes
Searching Using a File
110
113
114
116
Adding Records from a File
120
Adding a Record with ldapmodify
Modifying Existing Records
Modifying the Relative DN
Deleting Entire Records
121
122
125
128
Modifying the Superior DN with ldapmodrdn
ldappasswd
ldapwhoami
Summary
Chapter 4: Securing OpenLDAP
LDAP Security: The Three Aspects
Securing Network-Based Directory Connections with SSL/TLS
The Basics of SSL and TLS
Authenticity
Encryption
StartTLS
131
133
135
136
137
137
138
139
139
141
142
Creating an SSL/TLS CA
Creating a Certificate
143
147
Configuring StartTLS
Configuring Client TLS
Configuring LDAPS
152
153
155
Creating a New Certificate Request
Signing the Certificate Request
Configuring and Installing the Certificates
[ iii ]
147
149
150
Table of Contents
Debugging with the OpenSSL Client
157
Using Security Strength Factors
157
The security Directive
Authenticating Users to the Directory
Simple Binding
Using an Authentication User for Simple Binding
158
162
162
164
SASL Binding
165
Using Client SSL/TLS Certificates to Authenticate
175
Configuring Cyrus SASL
Configuring SLAPD for SASL Support
Creating a New Client Certificate
Configuring the Client
Configuring the Server
Testing with ldapwhoami
Going Further with SASL
Controlling Authorization with ACLs
The Basics of ACLs
Access to [resources]
Access using DN
Access using attrs
Access using Filters
Combining Access Specifiers
By [who] [type of access granted] [control]
The Access Field
The who Field
The control Field
Getting More from Regular Expressions
Debugging ACLs
A Practical Example
Summary
Chapter 5: Advanced Configuration
Multiple Database Backends
The slapd.conf File
Creating and Importing a Second Directory
Performance Tuning
Performance Directives
Global Directives
Directives in the Database Section
The DB_CONFIG File
Setting the Cache Size
Configuring the Data Directory
Optimizing BDB/HDB Transaction Logging
Tuning Lock Files
More about Berkeley DB
[ iv ]
167
168
176
178
179
181
183
184
184
185
186
187
189
190
190
191
195
208
209
211
213
217
219
219
220
223
226
226
227
233
243
245
246
246
248
248
Table of Contents
Directory Overlays
A Brief Tour of the Official Overlays
Configuring an Overlay: denyop
Loading the module
Adding the Overlay
Adding Overlay-Specific Directives
Referential Integrity Overlay
249
250
252
252
253
254
254
Configuring the Overlay
Modifying the Records
Drawbacks
A Useful Note
255
257
260
260
The Uniqueness Overlay
Summary
261
264
Chapter 6: LDAP Schemas
Introduction to LDAP Schemas
Why Do They Look So Complicated?
Schema Definitions
Object Classes and Attributes
Object Class Definitions
Attribute Definitions
Object Identifier Definitions
DIT Content Rules
Retrieving the Schemas from SLAPD
The ObjectClass Hierarchy
Attribute Hierarchies
Subordinate Attributes and Searching
265
265
266
267
269
270
274
282
284
290
292
293
294
Object Class Types: Abstract, Structural, and Auxiliary
295
Moving Onward
Schemas: Accesslog and Password Policy Overlays
Logging with the Accesslog Overlay
307
307
308
Implementing a Complex Overlay: Password Policy
320
The Object Class Hierarchy: An Overview
Abstract Classes
Structural Object Classes
Auxiliary Object Classes
Loading the accesslog Module
Configuring the Access Log Backend
Creating A Directory for the Access Log Files
Enabling Logging for the Main Backend
The Log Records
Setting the Global Directives in slapd.conf: Schema and Module
Creating a Password Policy
Configure the Overlay Directives
[]
296
298
300
305
308
309
310
311
313
321
322
326
Table of Contents
Test the Overlay
Password Policy Operational Attributes
Summary of ppolicy Operational Attributes
330
333
335
Creating a Schema
Getting an OID
Giving Our OID a Name
Creating Object Classes
Creating Attributes
Loading the New Schema
336
337
339
340
342
344
A New Record
Summary
345
347
Troubleshooting Schema Loading
345
Chapter 7: Multiple Directories
349
Replication: An Overview
SyncRepl
Configuring SyncRepl
Configuring the Master Server
350
352
353
354
Creating a SyncRepl User
356
Configuring the Shadow Server
357
Starting Replication
365
Delta SyncRepl
366
Debugging SyncRepl
369
The syncrepl Directive
Configuring a Referral
359
364
For Larger Directories...
365
The Master Server's Configuration
The Shadow Server's Configuration
366
368
Starting Over
Strategic Logging
A Few Common Mistakes
369
370
370
Configuring an LDAP Proxy
Using the LDAP Backend
371
372
Using Identity Management Features
Turning the Simple Proxy into a Caching Proxy
Notes on the Attribute Sets and Templates
A Translucent Proxy
Summary
Chapter 8: LDAP and the Web
The LDAP-Aware Application
Apache and LDAP
A Short Guide to Installing Apache
Configuring LDAP Authentication
Loading the Modules
[ vi ]
374
375
380
381
386
387
387
389
389
391
392
Table of Contents
Editing the default Configuration File
Other Features of the Require Parameter
phpLDAPadmin
Prerequisites
Installing phpLDAPadmin
Is Your Package Broken?
393
400
401
402
402
403
Configuring phpLDAPadmin
403
A First Look at phpLDAPadmin
411
A Basic Look at Configuration Parameters
Configuring the LDAP Server Settings
Navigating phpLDAPadmin
Viewing and Modifying a Record
Adding a New Record
Searching with phpLDAPadmin
405
409
414
416
422
426
Summary
430
Appendix A: Building OpenLDAP from Source
431
Appendix B: LDAP URLs
443
Appendix C: Useful LDAP Commands
447
Why Build from Source?
Getting the Code
The Tools for Compiling
Build Tools
Installing Dependencies
Compiling OpenLDAP
Configuring
Building with make
Installation
Building Everything
Summary
The LDAP URL
Common Uses of LDAP URLs
Not all LDAP URLs are for Searching
For More Information on LDAP URLs...
Summary
Getting Information about the Directory
The Root DSE
The Subschema Record
The Configuration Record
Making a Directory Backup
A Backup Copy of the Directory Database
An LDIF Backup File
[ vii ]
431
431
433
433
436
437
437
439
440
441
442
443
445
445
446
446
447
447
449
450
451
451
452
Table of Contents
Rebuilding a Database (BDB, HDB)
Step 1: Stop the Server
Step 2: Dump the Database
Step 3: Delete the Old Database Files
Step 4: Create a New Database
Step 5: Restart SLAPD
Troubleshooting Rebuilds
Summary
Index
453
453
454
455
456
456
457
457
459
[ viii ]
Preface
The OpenLDAP directory server is a mature product that has been around (in
one form or another) since 1995. All of the major Linux distributions include the
OpenLDAP server, and many major applications, both Open Source and proprietary,
are directory aware, and can make use of the services provided by OpenLDAP. And
yet the OpenLDAP server seems to be shrouded in mystery, known and understood
only by the gurus and hackers. This book is meant not only to demystify OpenLDAP,
but to give the system administrator and software developer a solid understanding
of how to make use, in the practical realm, of OpenLDAP’s directory services.
OpenLDAP is an Open Source server that provides network clients with directory
services. The directory server can be used to store organizational information in a
centralized location, and make this information available to authorized applications.
Client applications can connect to OpenLDAP using the Lightweight Directory
Access Protocol (LDAP). They can then search the directory and (if they have
appropriate access) modify and manipulate records in the directory. LDAP servers
are most frequently used to provide network-based authentication services for users.
But there are many other uses for an LDAP, including using the directory as an
address book, a DNS database, an organizational tool, or even as a network object
store for applications. We will look at some of these uses in this book.
The goal of this book is to prepare a system administrator or software developer
for building a directory using OpenLDAP, and then employing this directory in
the context of the network. To that end, this book will take a practical approach,
emphasizing how to get things done. On occasion, we will delve into theoretical
aspects of LDAP, but such discussions will only occur where understanding the
theory helps us answer practical questions.
Preface
What This Book Covers
In Chapter 1 we look at general concepts of directory servers and LDAP, cover the
history of LDAP and the lineage of the OpenLDAP server, and finish up with a
technical overview of OpenLDAP.
The next set of chapters focus on building directory services with OpenLDAP, and
we take a close look at the OpenLDAP server in these chapters.
Chapter 2 begins with the process of installing OpenLDAP on a GNU/Linux server.
Once we have the server installed, we do the basic post-installation configuration
necessary to have the server running.
Chapter 3 covers the basic use of the OpenLDAP server. We use the OpenLDAP
command-line tools to add records to our new directory, search the directory, and
modify records. This chapter introduces many of the key concepts involved in
working with LDAP data.
Chapter 4 covers security, including handling authentication to the directory,
configuring Access Control Lists (ACLs), and securing network-based directory
connections with Secure Sockets Layer (SSL) and Transport Layer Security (TLS).
Chapter 5 deals with advanced configuration of the OpenLDAP server. Here, we take
a close look at the various backend database options and also look at performance
tuning settings, as well as the recently introduced technology of directory overlays.
Chapter 6 focuses on extending the directory structure by creating and implementing
LDAP schemas. Schemas provide a procedure for defining new attributes and
structures to extend the directory and provide records tailor-made to your needs.
Chapter 7 focuses on directory replication and different ways of getting directory
servers to interoperate over a network. OpenLDAP can replicate its directory
contents from a master server to any number of subordinate servers. In this chapter,
we set up a replication process between two servers.
Chapter 8 deals with configuring other tools to interoperate with OpenLDAP. We
begin with the Apache web server, using LDAP as a source of authentication and
authorization. Next, we install phpLDAPadmin, a web-based program for managing
directory servers. Then we look at the main features, and do some custom tuning.
The appendices include a step-by-step guide to building OpenLDAP from source
(Appendix A), a guide to using LDAP URLs (Appendix B), and a compendium of
useful LDAP client commands (Appendix C).
[]
Preface
What You Need for This Book
To get the most from this book, you will need the OpenLDAP server software, as well
as the client command-line utilities. These are all freely available (as Open Source
software) in source code form from . However, you may
prefer to use the version of OpenLDAP provided by your particular Linux or
UNIX distribution.
While OpenLDAP will run on Linux, various versions of UNIX, MacOS X, and
Windows 2000 and so on, the examples in this book use the Linux operating system.
Since the basic LDAP tools are command-line applications, you will need basic
knowledge of getting around in a Linux/UNIX shell environment. The book does
not cover the network protocol in detail, and it is assumed that the reader has a basic
understanding of client-server network models. It is also assumed that the reader has
a basic understanding of the structure of web and email services.
Conventions
In this book you will find a number of styles of text that distinguish between
different kinds of information. Here are some examples of these styles, and an
explanation of their meaning.
There are three styles for code. Code words in text are shown as follows: "The
telephoneNumber attribute has two values, each representing a different
phone number."
A block of code will be set as follows:
########
# ACLs #
########
access to
by
by
by
attrs=userPassword
anonymous auth
self write
* none
When we wish to draw your attention to a particular part of a code block, the
relevant lines or items will be made bold:
directory /var/lib/ldap
# directory /usr/local/var/openldap-data
index objectClass sub,eq
index cn sub,eq
[]
Preface
Any command-line input and output is written as follows:
$ sudo slaptest -v -f /etc/ldap/slapd.conf
New terms and important words are introduced in a bold-type font. Words that you
see on the screen, in menus or dialog boxes for example, appear in our text like this:
"Clicking the Advanced Search Form link at the top of the simple search screen will
load a search screen with more options".
Important notes appear in a box like this.
Tips and tricks appear like this.
Reader Feedback
Feedback from our readers is always welcome. Let us know what you think about
this book, what you liked or may have disliked. Reader feedback is important for us
to develop titles that you really get the most out of.
To send us general feedback, simply drop an email to ,
making sure to mention the book title in the subject of your message.
If there is a book that you need and would like to see us publish, please send
us a note in the SUGGEST A TITLE form on www.packtpub.com or email
If there is a topic that you have expertise in and you are interested in either writing
or contributing to a book, see our author guide on www.packtpub.com/authors.
Customer Support
Now that you are the proud owner of a Packt book, we have a number of things to
help you to get the most from your purchase.
Downloading the Example Code for the Book
Visit and select this book from the list of titles
to download any example code or extra resources for this book. The files available
for download will then be displayed.
[]
Preface
Errata
Although we have taken every care to ensure the accuracy of our contents, mistakes
do happen. If you find a mistake in one of our books—maybe a mistake in text or
code—we would be grateful if you would report this to us. By doing this you can
save other readers from frustration, and help to improve subsequent versions of
this book. If you find any errata, report them by visiting ktpub.
com/support, selecting your book, clicking on the Submit Errata link, and entering
the details of your errata. Once your errata are verified, your submission will be
accepted and the errata are added to the list of existing errata. The existing errata can
be viewed by selecting your title from />
Questions
You can contact us at if you are having a problem with
some aspect of the book, and we will do our best to address it.
[]
Directory Servers and LDAP
In this first chapter, we will cover the basics of LDAP. While most of the chapters
in this book take a practical hands-on approach, this first chapter is higher-level
and introductory in nature. We will get introduced to directory servers and
LDAP, including commonly-used directory terminology. We will also see how the
OpenLDAP server fits into the directory landscape, where it came from, and how it
works. Here are the main topics covered in this chapter:
•
The basics of LDAP directories
•
The history of LDAP and the OpenLDAP server
•
A technical overview of the OpenLDAP server
LDAP Basics
The term LDAP stands for Lightweight Directory Access Protocol. As the name
indicates, LDAP was originally designed to be a network protocol that provided an
alternative form of access to existing directory servers, but as the idea of LDAP—and
the technologies surrounding it—matured, the term LDAP became synonymous
with a specific type of directory architecture. We use the term LDAP when
referring to directory services that comply with that architecture, as defined in the
LDAP specifications.
LDAP is standardized. The body of LDAP standards, including the
network protocols, the directory structure, and the services provided
by an LDAP server, are all available in the form of RFCs (Requests For
Comments). Throughout this book, I will reference specific LDAP RFCs as
authoritative sources of information about LDAP.
Directory Servers and LDAP
The current version of LDAP is LDAP v.3 (version 3), a standard developed in
1997 as RFC 2251, and widely implemented throughout the industry. The original
specification has recently (June 2006) been updated, and RFCs 4510-4519 provide a
clarified and much more cohesive specification for LDAP.
While directories in general, and LDAP directories in particular, are by no means
novel or rare in the information technology world, the driving technologies are
certainly not as well understood as near relatives like the relational database. One of
the goals of this chapter (and of this book in general) is to introduce and clarify the
function and use of an LDAP directory.
In this section, we will introduce some of the concepts that are important for
understanding LDAP. The best place to start is with the idea of the directory.
What is a Directory?
When we think of a directory, we conjure images of telephone directories or
address books. We use such directories to find information about individuals or
organizations. For instance, I might thumb through my address book to find the
phone number of my friend Jack, or skim through the telephone directory looking
for the address of Acme Services.
A directory server is used this way, too. It maintains information about some set of
entities (entities like people or organizations), and it provides services for accessing
that information.
Of course, a directory server must also have means for adding, modifying, and
deleting information, as well. But, even as a telephone directory is assumed to be
primarily a resource for reading, a directory server's information is assumed to be
read more often than written. This assumption about the use of a directory server is
codified, or summarized, in the phrase "high-read, low-write". Consequently,
many applications of LDAP technology are geared toward reading and searching
for information.
While many directory servers have been optimized for fast reading at
the expense of fast modification, this is not necessarily the case with
OpenLDAP. OpenLDAP is efficient on both counts, and it can be used for
applications that require frequent writing of data.
[]
Chapter 1
Some sorts of directory servers (envision a simple server-based implementation of
an address book) simply provide a narrow and specific service. A single-purpose
directory server, such as an online address book, might store only a very specific
type of data, like phone numbers, addresses, and email information for a set of
people. Such directories are not extensible. Instead, they are single-purpose.
But LDAP (and its X.500 predecessor) was designed to be a general-purpose directory
server. It has not been designed with the purpose of capturing a specific type of
data (like telephone numbers or email addresses). Instead, it was designed to
give implementers the ability to define—clearly and carefully—what data the
directory should store.
Such a generic directory server ought to be able to store many different kinds of
information. For that matter, it should be able to store different kinds of information
about different kinds of entities. For example, a general purpose directory should
be able to store information about entities as diverse as people and igneous rock
samples. But we don't want to store the same information about people as we do
about rocks.
A person might have a surname, a phone number, and an email address, as shown in
the following figure:
Human
Rock
Given Name
Surname
Phone Number
Email
ID Number
Location
Hardness
Malleability
A rock sample might have an identification number, information about its
geographical origin, and a hardness classification.
LDAP makes it possible to define what a person's entry would look like, and what a
rock's entry would look like. Its general architecture provides the capabilities needed
for managing large amounts of diverse directory entries.
In the remainder of this section we will examine how information in an LDAP
directory is structured. We will start by looking at the idea of a directory entry,
with a distinguished name and attributes. Then, we will look at how entries are
organized within the directory information tree. By the end of this section, you
should understand the basic structure of information within an LDAP directory.
[]
Directory Servers and LDAP
The Structure of a Directory Entry
Let's continue with our comparison of a directory server and a phone book. A phone
book contains a very specific type of information, organized in a very specific way,
and designed to fulfil a very specific purpose. Here's an example phone book entry:
Acme Services
123 W. First St.
Chicago, IL 60616-1234
(773) 555-8943 or (800) 555 9834
As mentioned earlier, this sort of directory has specific information, organized
in a specific way, designed to fulfill a specific purpose: it is information about
how to contact a specific organization (Acme Services) organized in a familiar
pattern (address and phone number). And it is designed so that a person, having a
particular name in mind, can quickly scan through the directory (which is ordered
alphabetically by organization name), and find the desired contact information.
But there are a few things to note about the phone book entry:
•
The data is arranged for searching by only one value: the name of the
organization. If you should happen to have the phone number of the
organization, but not the name, searching the phone book for the matching
telephone number in order to ascertain the name would be a taxing, and
probably futile task.
•
The format of the entry is sparse, and requires that the reader will be able to
recognize the format and supply auxiliary information required for making
sense of the data. One accustomed to reading phone book entries will be able
to extrapolate from the previous entry, and identify the information this way:
Organization Name: Acme Services
Street Address: 123 West First Street
City: Chicago
State: Illinois
Postal Code: 60616-1234
Country: USA
Phone Number: +1 773 555 8943
Phone Number: +1 800 555 9834
[ 10 ]