Specifications
For an object class, a directory domain can contain multiple entries, and each entry
can contain multiple attributes. Some attributes have a single value, while others
have multiple values. For example, the inetOrgPerson object class denes entries that
contain user attributes.
The inetOrgPerson class is a standard LDAP class dened by RFC 2798. Other standard
LDAP object classes and attributes are dened by RFC 2307. Open Directory’s default
object classes and attributes are based on these RFCs.
A collection of attributes and record types or object classes provides a blueprint for
the information in a directory domain. This blueprint is named the schema of the
directory domain. However, Open Directory uses a directory-based schema that is
dierent from a locally based stored schema.
Using a locally based schema conguration le can be complex. The issue with an
Open Directory master that services replica servers is that if you change or add an
attribute to the locally based schema of a Open Directory master you must also make
that change to each replica. Depending on the number of replicas you have, the
manual update process can take an enormous amount of time.
If you don’t make the same schema change locally on each replica, your replica servers
generate errors and fail when values for the newly added attribute are sent to replica
servers.
To eliminate this possibility of failure, Mac OS X uses a directory-based schema that
is stored in the directory database and is updated for each replica server from the
replicated directory database. This keeps the schema for replicas synchronized and
provides greater exibility to make changes to the schema.
24 Chapter 1 Directory Services with Open Directory