Manualshelf

HP-UX Directory Server 8.1 schema reference

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server
12345678910
1 About Directory Server schema
This document provides a reference for the HP-UX Directory Server schema.
This chapter provides an overview of some of the basic concepts of the directory schema and
lists the files in which the schema is described. It describes object classes, attributes, and object
identifiers (OIDs) and briefly discusses extending server schema and schema checking.
1.1 Schema definitions
The directory schema is a set of rules that defines how data can be stored in the directory. Directory
information is stored discrete entries, and each entry is comprised of a set of attributes and their
values. The kind of identity being described in the entry is defined in the entry's object classes.
An object class specifies the kind of object the entry describes through the defined set of attributes
for the object class.
Basically, the schema files are lists of the kinds of entries that can be create (the object classes) and
the ways that those entries can be described (the attributes). The schema defines what the object
classes and attributes are. The schema also defines the format that the attribute values contain
(the attribute's syntax) and whether there can only be a single instance of that attribute.
Additional schema files can be added to the Directory Server configuration and loaded in the
server, so the schema is customizable and can be extended as desired.
For more detailed information about object classes, attributes, and how the Directory Server uses
the schema, see the HP-UX Directory Server deployment guide.
CAUTION!
The Directory Server fails to start if the schema definitions contain too few or too many characters.
Use exactly one space in those places where the LDAP standards allow the use of zero or many
spaces; for example, the place between the NAME keyword and the name of an attribute type.
1.1.1 Object classes
In LDAP, an object class defines the set of attributes that can be used to define an entry. The
LDAP standard provides object classes for many common types of entries, such as people (person
and inetOrgPerson), groups (groupOfUniqueNames), locations (locality), organizations
and divisions (organization and organizationalUnit), and equipment (device).
In a schema file, an object class is identified by the objectclasses line, then followed by its
OID, name, a description, its direct superior object class (an object class which is required to be
used in conjunction with the object class and which shares its attributes with this object class),
and the list of required (MUST) and allowed (MAY) attributes.
This is shown in Example 1-1 “Object class schema entry for person”.
Example 1-1 Object class schema entry for person
objectClasses: ( 2.5.6.6 NAME 'person' DESC 'Standard LDAP objectclass'
SUP top MUST ( sn $ cn ) MAY ( description $ seeAlso $ telephoneNumber $
userPassword ) X-ORIGIN 'RFC 2256' )
1.1.1.1 Required and allowed attributes
Every object class defines a number of required attributes and of allowed attributes. Required
attributes must be present in entries using the specified object class, while allowed attributes are
permissible and available for the entry to use, but are not required for the entry to be valid.
1.1 Schema definitions 9