The config branch contains admin system entries that are not part of a domain.

Config branch
entries include system admin accounts, global config, global grants, COS, servers, mime types, and
Zimlets.

The Zimbra LDAP Hierarchy figure shows the Zimbra LDAP hierarchy. Each type of entry (object)
has certain associated object classes.

An LDAP directory entry consists of a collection of attributes and has a globally unique
distinguished name (dn). The attributes allowed for an entry are determined by the object classes
associated with that entry. The values of the object class attributes determine the schema rules the
entry must follow.

An entry’s object class that determines what kind of entry it is, is called a structural object class and
cannot be changed. Other object classes are called auxiliary and may be added to or deleted from
the entry.

Use of auxiliary object classes in LDAP allows for an object class to be combined with an existing
object class. For example, an entry with structural object class inetOrgPerson, and auxiliary object
class zimbraAccount, would be an account. An entry with the structural object class zimbraServer
would be a server in the Zimbra system that has one or more Zimbra packages installed.

Zimbra Collaboration LDAP Schema

At the core of every LDAP implementation is a database organized using a schema.

The Zimbra LDAP schema extends the generic schema included with OpenLDAP software. It is
designed to coexist with existing directory installations.

All attributes and object classes specifically created for Zimbra Collaboration are prefaced by
“zimbra”, such as zimbraAccount object class or zimbraAttachmentsBlocked attribute.

The following schema files are included in the OpenLDAP implementation:

• core.schema

• cosine.schema

• inetorgperson.schema

28