LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS
To support Windows ADS, LDAP-UX provides the predefined LDAP directory server definition
file, /etc/opt/ldapux/schema/schema-ads.xml, which contains a list of schema
syntaxes that Windows Active Directory Server supports.
If you choose to use the ldapschema tool with the directory server other than HP-UX Directory
Server or Red Hat Directory Server or Windows Active Directory Server, and the LDAP directory
server doesn't provide a list of supported matching rules and syntaxes as part of the directory
server schema search. Then, you need to define your own supported matching rules and
syntaxes file. For detailed information on how to create an XML file containing supported
matching rules and syntaxes for your directory server, see Section 9.5.6 (page 371).
• Mapping Rules For Unsupported Matching Rules and Syntaxes File
If matching rules and LDAP syntaxes used in attribute type definitions in the schema definition
file are not supported on the LDAP directory server, the ldapschema tool maps them using
alternate matching rules and syntaxes the LDAP server supports. LDAP-UX provides the /etc/
opt/ldapux/schema/map-rules.xml file which defines a list of default substitution
matching rules and syntaxes, and alternate matching rules and syntaxes. For more information
about matching rules and LDAP syntaxes, see Section 9.5.7 (page 373).
9.5.3 The ldapschema (schema extension) tool
The ldapschema utility enables schema developers to define LDAP schemas using a universal
XML syntax, greatly simplifying the ability to support different directory server variations. It can be
used to query the current status of the LDAP schema on the LDAP directory server, and extend the
LDAP directory server schema with new attribute types and object classes. The ldapschema utility
was designed to support directory servers from several vendors and is currently supported with the
HP-UX Directory Server, Red Hat Directory Server, and Microsoft Windows Active Directory Server.
9.5.3.1 Syntax for ldapschema
ldapschema -q <schema> -T <ds_type> -V <ds_version> [options]
ldapschema -e <schema> -T <ds_type> -V <ds_version> [options]
9.5.3.1.1 Required command options
The following describes required options:
-q <schema> Queries the schema status on the LDAP directory without applying any
changes to the LDAP directory server. The schema definitions can be obtained
from the file name specified in the <schema> argument. ldapschema
detects whether any attribute types or object classes of the LDAP schema are
already installed on the LDAP server. Also, determines if definitions installed
on the LDAP server match definitions specified in the schema file being
queried. For more information, see -e <schema>.
-e <schema> Extends the LDAP directory server schema with attribute types and object
classes defined in the specified schema. Schema definition is obtained from
the schema file. For more information, see Section 9.5.4 (page 365). On most
LDAP directory servers this option requires specifying the -D binddn option
and either the -j filename or the -w - option to specify the credentials
of an administrator who has permissions to modify the schema on the
directory server.
-T ds_type Specifies type of LDAP directory server.
The following types of LDAP directory servers are fully supported by
ldapschema:
9.5 Schema extension utility 361