LDAP-UX Client Services B.05.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

311

312

313

314

315

316

317

318

319

320

7.5.6 LDAP directory server definition file

To properly install new attribute types in an LDAP directory server schema, the ldapschema

utility needs to determine whether the LDAP server supports the matching rules and LDAP

syntaxes used by the new attribute type definitions. The ldapschema utility performs an LDAP

search for supported matching rules and syntaxes on the LDAP server. However, some types of

directory servers do not provide this information as part of the search.

You can perform the following commands to determine if your directory server returns

information about supported matching rules and LDAP syntaxes

1. To determine <schema DN>, run the following command:

/opt/ldapux/bin/ldapsearch —b "" —s base “(objectclass=*)” subsechemasubentry

2. To obtain a list of supported matching rules and LDAP syntaxes, run the following command

using schema DN information obtained from step 1:

/opt/ldapux/bin/ldapsearch —b "<schema DN>" —s base “(objectclass=*)” \

matchingRules ldapSyntaxes

If the latter LDAP search in step 2 does not return a complete list of supported matching rules

and LDAP syntaxes, the directory server definitions must be specified in the /etc/opt/ldapux/

schema/schema-<ds_type>.xml file. The <ds_type> value must correspond to the same

value specified with the -T option on the ldapschema command line. The case defined in

<ds_type> must match identically to the case specified in the -T argument.

The LDAP directory server definition, enclosed by <dsSchemaDefintion> tags, optionally

specifies schema description, followed by any number of supported matching rules and LDAP

syntaxes definitions. For example, LDAP-UX provides the /etc/opt/ldapux/schema/

schema-ads.xml file which can be used to obtain a list of syntaxes and matching rules that

Windows ADS supports. Run ldapschema with the –T ads option, the corresponding directory

server definition is obtained from the /etc/opt/ldapux/schema/schema-ads.xml file.

After general schema information is specified, supported matching rules, if any, must be specified

followed by any supported LDAP syntaxes definitions.

7.5.6.1 Example of the directory server definition file

The example below defines two syntaxes with <oid> values of 2.5.5.1 and 2.5.5.2 supported on

Windows ADS:

Line 1: <?xml version="1.0" encoding="UTF-8"?>

Line 2: <!DOCTYPE dsSchemaDefinition SYSTEM "/etc/opt/ldapux/schema/schema.dtd">

Line 3

LINE 4: <dsSchemaDefinition>

LINE 5:

Line 6: <schemaDescription>ADS Syntaxes</schemaDescription>

Line 7:

Line 8: <syntaxDefinition vendor="ads">

LINe 9: <oid>2.5.5.1</oid>

Line 10: <dessc>Distinguished Name</desc>

Line 11: <oMSyntax>127</oMSyntax>

Line 12: </syntaxDefintion>

Line 13:

Line 14: <syntaxDefinition vendor="ads">

LINe 15: <oid>2.5.5.2</oid>

Line 16: <desc>Object Identifier</desc>

Line 17: <oMSyntax>6</oMSyntax>

Line 18: </syntaxDefintion>

LINE 19:

Line 20: </dsSchemaDefintion>

Lines 1-2 are required in every LDAP directory server definition file. LDAP syntax and matching

rule definitions closely follow the format specified in RFC 2252. Values specified for all XML

tags must not be quoted. Only the description field (enclosed by <desc>...<desc> tages) can contain

spaces.

7.5 Schema extension utility 313