ldapschema.1 (2010 09)
l
ldapschema(1) ldapschema(1)
<noUserModification>
Optional, use if the NO-USER-MODIFICATION
flag is set. At most one
noUserMo-
dification flag can be specified.
<usage> Optional, must contain one of the following possible values:
userApplications
,
directoryOperation
, distributedOperation
,ordSAOperation
. At most
one
usage value can be specified.
<indexed> Optional, use if an attribute type requires indexing. At most one
indexed flag can be
set.
<dsSpecific>
Optional, use to specify any directory-specific information about the attribute type. See
the SPECIFYING DIRECTORY-SPECIFIC INFORMATION section for details.
Each attribute type definition must meet the following conditions in order to be added to the LDAP direc-
tory server schema:
• The attribute type has a numeric OID which adheres to RFC 2252 format specification.
• The attribute type has at least one name. Each name must adhere to RFC 2252 format specification.
• No other attribute types in the schema definition file or on the LDAP directory server have the same
OID or any of its name values.
• The super-type used by this attribute type is defined.
• The attribute type specifies either an LDAP syntax value or a super-type. Some directory servers, for
example ADS, do not support attribute type inheritance. For such directory servers, the LDAP syntax
for the sub-type attribute is obtained from the super-type definition and the super-type/sub-type rela-
tionship is ignored.
• The matching rules and syntaxes used by this attribute type are supported by the LDAP directory
server. See the MAPPING UNSUPPORTED MATCHING RULES AND LDAP SYNTAXES section for
details.
• The inheritance hierarchy has no cycles (no circular dependencies exist in the super-class/sub-class
relationships).
• If the attribute type has a super-type, they both have the same
USAGE value.
Defining Object Classes
Each
<objectClassDefinition>
can contain the following case-sensitive tags, in the order
specified:
<oid> Required. Exactly one numeric id must be specified. <oid> value must adhere to RFC
2252 format specification.
<name> Required. At least one object class name must be specified. Do not use quotes around the
name values. <name> value must adhere to RFC 2252 format specification.
<displayName>
Optional. At most one display name can be specified. This tag specifies a display name
of the object class used by LDAP clients and administrative tools. Currently,
<displayName> applies only to Active Directory Server (ADS) to specify lDAPDisplay-
Name and adminDisplayName if different from the <name> value.
<desc> Optional. At most one description can be specified. Do not use quotes around the
description value.
<obsolete> Optional, use only if applicable. Obsolete object classes cannot be used in definitions of
any other object classes. At most one obsolete flag can be specified.
<subClassOf>
Optional, use if an object class has super-classes. The specified super-class must already
exist on the LDAP directory server, or must its definition must be specified in the same
schema definition file.
<type> Optional, must contain one of the following possible values: STRUCTURAL, AUXILIARY,
ABSTRACT. At most one type value can be specified.
<must> Optional, use if an object class has mandatory attributes. The specified attributes must
already exist on the LDAP directory server, or must its definition must be specified in the
6 Hewlett-Packard Company − 6 − HP-UX 11i v3: June 2010 Web Release