Manualshelf

Preparing your LDAP Directory for HP-UX Integration

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
21222324252627282930
26
Schema
RFC 2307
As alluded to earlier in this document, specific object classes and attributes are used to contain Posix naming
information, such as entries in the /etc/passwd file. For example, an entry in the /etc/passwd file is
represented in the directory as an entry of the posixAccount object class. The attributes and object classes
used when migrating data to an LDAP directory are defined by the schema and syntaxes described in RFC
2307. RFC 2307 complies with the LDAP v3 syntax and schema specifications defined in RFC 2252
4
and
RFC 2256
5
.
Incorporating RFC 2307
In order to store Posix naming information in your LDAP directory, the directory server must understand the
RFC 2307 schema. By default a Netscape 4.x server includes the RFC 2307 schema. However, if your
directory server does not already incorporate RFC 2307, you will need to update your directory, appending
the RFC 2307 schema. The HP-UX/LDAP Integration product includes the definition for RFC 2307 in
/opt/ldapux/ypldapd/etc/slapd.conf
. How you incorporate a new schema into your directory
depends on the directory architecture. Compliant LDAP v3 directories publish the location of the subschema
entry in the root DSE. In Appendix B (RFC 2307 Schema) of this document is the RFC 2307 schema in
LDAP data interchange format (LDIF.) Assuming your directory server is LDAP v3 compliant, and allows
online schema modification, you can incorporate the schema using the following steps.
1. Examine the root DSE to determine the location of your subschema entry…
%
ldapsearch -b "" -s base "objectclass=*" subschemasubentry
2. Copy the RFC 2307 schema out of this document (assuming you have an electronic copy) and
modify the "dn:" with the DN discovered in step 1.
3. Add the new entries to the subschema entry using ldapmodify.
%
ldapmodify -D "administrator DN" -w "administrator_password" \
< filename_with_modified_2307_schema_file
RFC 2307 LDAP requirements
Although most LDAP v3 compliant directories follow the LDAP v3 protocol specified in RFC 2251, not all
comply with the schemas defined in RFC 2256. One example is the "common name" (cn) attribute being
defined as a single valued attribute, instead of multi-valued. In addition, some directories do not support
multi-valued RDNs (where two or more attributes of the entry are combined to create the RDN.) And some
directories do now allow entries to be dynamically modified by adding or removing new object classes.
4
Wahl, Coulbeck, Howes, Kille, "Lightweight Directory Access Protocol (v3): Attribute Syntax Definitions",
RFC 2252, ftp://ftp.isi.edu/in-notes/rfc2252.txt
5
Wahl, "A Summary of the X.500(96) User Schema for use with LDAP v3", RFC 2256
ftp://ftp.isi.edu/in-notes/rfc2256.txt