ldapschema.1 (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

ldapschema(1) ldapschema(1)

LDAP DIRECTORY SERVER DEFINTION FILE

In order to properly install new attribute types on the LDAP directory server schema, the

ldapschema

utility needs to determine whether the LDAP server supports the matching rules and LDAP syntaxes

used by the new attribute type deﬁnitions. The

ldapschema utility performs an LDAP search for sup-

ported matching rules and syntaxes on the LDAP server. However, some types of directory servers do not

provide this information as part of the search. Perform the following command to determine if your direc-

tory server returns information about supported matching rules and LDAP syntaxes:

First, determine the

<schemaDN>:

/opt/ldapux/bin/ldapsearch -b "" -s base \

"(objectclass=*)" subschemasubentry

Then, obtain the list of supported matching rules and LDAP syntaxes:

/opt/ldapux/bin/ldapsearch -b "<schemaDN>" -s base \

"(objectclass=*)" matchingRules ldapSyntaxes

If the latter search does not return a complete listing of supported matching rules and LDAP syntaxes,

they need to be speciﬁed in the

/etc/opt/ldapux/schema/schema-

ds_type .xml ﬁle, where

ds_type corresponds to the same value speciﬁed with the

-T option on the command line when executing

the

ldapschema utility.

The LDAP directory server deﬁnition, enclosed by the

tags, may specify the

schema description, followed by any number of supported matching rules and LDAP syntax deﬁnitions.

Using Active Directory Server as an example, run

ldapschema with the -T ads option, so the

corresponding directory server deﬁnition is obtained from

/etc/opt/ldapux/schema/schema-

ads.xml ﬁle provided with the utility.

After general schema information is speciﬁed, supported matching rules, if any, must be speciﬁed fol-

lowed by any supported LDAP syntaxes deﬁnitions. The example below deﬁnes two syntaxes supported

on ADS (lines 8-12 and 14-18).

Line 1: <?xml version="1.0" encoding="UTF-8"?>

Line 2: <!DOCTYPE dsSchemaDefinition SYSTEM "/etc/opt/ldapux/schema/schema.dtd">

Line 3:

Line 4: <dsSchemaDefinition>

Line 5:

Line 6: <schemaDescription>ADS Syntaxes</schemaDescription>

Line 7:

Line 8: <syntaxDefinition>

Line 9: <oid>2.5.5.1</oid>

Line 10: <desc>Distinguished Name</desc>

Line 11: <oMSyntax>127</oMSyntax>

Line 12: </syntaxDefinition>

Line 13:

Line 14: <syntaxDefinition>

Line 15: <oid>2.5.5.2</oid>

Line 16: <desc>Object Identifier</desc>

Line 17: <oMSyntax>6</oMSyntax>

Line 18: </syntaxDefinition>

Line 19:

Line 20: </dsSchemaDefinition>

Lines 1-2 are required in every LDAP directory server deﬁnition ﬁle. LDAP syntax and matching rules

deﬁnitions closely follow the format speciﬁed in RFC 2252. Values speciﬁed for all XML tags must not be

quoted. Only the description ﬁeld (enclosed by

<desc>...</desc> tags) can contain spaces.

Deﬁning LDAP Syntaxes

Each

<syntaxDefinition> can contain the following case-sensitive tags, in the order speciﬁed:

<oid> Required. Exactly one numeric id must be speciﬁed.

<desc> Optional. At most one description can be speciﬁed.

<oMSyntax> Required on ADS only, ignored on other types of LDAP directory servers.

HP-UX 11i v3: June 2010 Web Release − 9 − Hewlett-Packard Company 9