ldapschema.1 (2010 09)
l
ldapschema(1) ldapschema(1)
Defining Matching Rules
Each <matchingRuleDefinition>
can contain the following case-sensitive tags, in the order
specified:
<oid> Required. Exactly one numeric id must be specified.
<name> Required. At least one matching rule type name must be specified. Do not use quotes
around the name values.
<desc> Optional. At most one description can be specified.
<obsolete> Optional, use only if applicable. Obsolete matching rules cannot be used in definitions of
any other attribute types. At most one obsolete flag can be specified.
<syntax> Required. Specified LDAP syntax must also be supported on the LDAP directory server.
At most one LDAP syntax can be specified per matching rule definition.
Only syntaxes and matching rules fully supported by the LDAP directory server can be specified in this
file. Attributes
vendor, versionGreaterOrEqual
, and versionLessThan
can be used to specify
directory-specific information.
See
/etc/opt/ldapux/schema/schema-ads.xml
for an example of LDAP directory server
definition files.
MAPPING UNSUPPORTED MATCHING RULES AND LDAP SYNTAXES
If matching rules and/or LDAP syntaxes used in attribute type definitions in the schema definition file are
not supported on the LDAP directory server, they need to be mapped to use alternate matching rules and
syntaxes the LDAP server does support.
The matching rules are specified in
<equality>, <ordering>,or<substr> tags in the attribute
type definition. The LDAP syntax is specified in the <syntax> tag. The mapping rules that determine
how the matching rules and syntaxes are replaced are specified in
/etc/opt/ldapux/schema/map-rules.xml
file. If ldapschema cannot successfully map the
attribute’s matching rules and syntax,
ldapschema
will not be able to add the attribute type to the
LDAP directory server schema.
The purpose of the mapping rules file is to allow an LDAP schema to be installed on an LDAP directory
server even if some of matching rules and LDAP syntaxes used in the definition of that schema are not
supported by the directory server. File
/etc/opt/ldapux/schema/map-rules.xml
uses the fol-
lowing mapping rules guideline:
• map more restrictive syntaxes to less restrictive syntaxes
• map more specific matching rules to less specific matching rules
For example, the Integer syntax contains a subset of characters of the IA5 string syntax. Therefore, it is
acceptable to map the Integer syntax to the IA5 string syntax, since the IA5 string syntax is a superset of
the Integer syntax.
The following example illustrates a sample
/etc/opt/ldapux/schema/map-rules.xml
file.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE mappingPolicies SYSTEM "schema.dtd">
<mappingPolicies>
<defaultMatchingRulesReplacements>
<defaultMatchingRule>
<matchingRule>caseIgnoreMatch</matchingRule>
</defaultMatchingRule>
</defaultMatchingRulesReplacements>
<defaultSyntaxesReplacements>
<defaultSyntax only="ads">
<syntax>2.5.5.12</syntax>
<desc>Active Directory String syntax.</desc>
<oMSyntax>64</oMSyntax>
</defaultSyntax>
<defaultSyntax not="ads">
10 Hewlett-Packard Company − 10 − HP-UX 11i v3: June 2010 Web Release