LDAP-UX Client Services B.04.15 Administrator's Guide
6.5.7 Mapping Unsupported Matching Rules and LDAP Syntaxes
If matching rules and/or LDAP syntaxes used in attribute type definitions in the schema definition
file are not supported on the LDAP directory server, the ldapschema tool maps them to alternate
matching rules and syntaxes the LDAP server supports. LDAP-UX provides the /etc/opt/
ldapux/schema/map-rules.xml file which defines a list of default substitution matching
rules and syntaxes, and alternate matching rules and syntaxes.
The matching rules are specified in <equality>, <ordering> or <substr> in the attribute
type definition. The LDAP syntax is specified in the <syntax> tag of the attribute type definition.
The purpose of the mapping rules file is to allow an LDAP schema to be installed on an LDAP
directory server even if some of matching rules and LDAP syntaxes used in the definition of that
schema are not supported by the directory server. The /etc/opt/ldapux/schema/
map-rules.xml file uses the following mapping rules guideline:
• Map more restrictive syntaxes to less restrictive syntaxes.
• Map more specific matching rules to less specific matching rules.
For example, the Integer syntax contains a subset of characters of the IA5 string syntax. Therefore,
it is acceptable to map the Integer syntax to the IA5 string syntax, since the IA5 string syntax is
a super-set of the integer syntax.
6.5.7.1 Examples of Alternate Matching Rules and Syntaxes in /etc/opt/ldapux/map-rules.xml
The following shows examples of alternate matching rules and syntaxes defined in the /etc/
opt/ldapux/map-rules.xml:
<?xml version="1.0"
encoding="UTF-8"?> <!DOCTYPE mappingPolicies SYSTEM "/etc/opt/ldapux/schema/schema.dtd">
<mappingPolicies> <defaultMatchingRulesReplacements>
<defaultMatchingRule> <matchingRule>caseIgnoreMatch</matchingRule>
</defaultMatchingRule> </defaultMatchingRulesReplacements>
<defaultSyntaxesReplacements> <defaultSyntax only="ads">
<syntax>2.5.5.12</syntax> <desc>Active
Directory String syntax.</desc> <oMSyntax>64</oMSyntax>
</defaultSyntax> <defaultSyntax not="ads">
<syntax>1.3.6.1.4.1.1466.115.121.1.15</syntax>
<desc>Directory String syntax.</desc> </defaultSyntax>
</defaultSyntaxesReplacements> <matchingRulesReplacements>
<matchingRules> <matchingRule>IntegerMatch</matchingRule>
<subRule> <matchingRule>numericStringMatch</matchingRule>
</subRule> </matchingRules> </matchingRulesReplacements>
<syntaxesReplacements> <syntaxes> <syntax>1.3.6.1.4.1.1466.115.121.1.26</syntax>
<desc> IA5 String Syntax.</desc> <equivSyntax>
<syntax>2.5.5.5</syntax> <desc>Active
Directory IA5 String LDAP Syntax.</desc> <oMSyntax>22</oMSyntax>
</equivSyntax> <subSyntax> <syntax>1.3.6.1.4.1.1466.115.121.1.15</syntax>
<desc>Directory String syntax.</desc> </subSyntax>
</syntaxes> </syntaxesReplacements> </mappingPolicies>
How Does ldapschema Map Unsupported Matching Rules and LDAP Syntaxes
If any mapping rules or the syntax used by an attribute type are not supported on the LDAP
server, the ldapschema utility checks if the appropriate substitution rule is specified in the
/etc/opt/ldapux/map-rules.xml file. If it is specified, ldapschema locates the first
available matching rule or syntax supported on the LDAP server, and uses it in the attribute type
definition instead. If the substitution rule is not specified, or none of the substitution matching
rules or syntaxes are supported on the LDAP directory server, ldapschema checks if the default
substitution can be used.
The “vendor”, “versionGreaterOrEqual” and “versionLessThan” XML attributes can
be used to specify directory-specific information stored in <defaultMatchingRule> and
<defaultSyntax> tags. If the default substitution is not supported on the LDAP server, the
attribute type cannot be added to the LDAP directory server schema.
Examples
For example, an attribute type with IA5String syntax (1.3.6.1.4.1.1466.115.121.1.26)
is installed on Windows ADS, where this IA5 String syntax is not supported. ldapschema will
6.5 Schema Extension Utility 219