HP-UX Reference (11i v2 07/12) - 1 User Commands A-M (vol 1)
l
ldapschema(1) ldapschema(1)
<oid> Required. Exactly one numeric id must be specified.
<name> Required. At least one matching rule type name must be specified. Do not use quotes
around the name values.
<desc> Optional. At most one description can be specified.
<obsolete> Optional, use only if applicable. Obsolete matching rules cannot be used in definitions of
any other attribute types. At most one obsolete flag can be specified.
<syntax> Required. Specified LDAP syntax must also be supported on the LDAP directory server.
At most one LDAP syntax can be specified per matching rule definition.
Only syntaxes and matching rules fully supported by the LDAP directory server can be specified in this file.
Attributes vendor, versionGreaterOrEqual
, and versionLessThan can be used to specify
directory-specific information.
See
/etc/opt/ldapux/schema/schema-ads.xml
for an example of LDAP directory server
definition files.
MAPPING UNSUPPORTED MATCHING RULES AND LDAP SYNTAXES
If matching rules and/or LDAP syntaxes used in attribute type definitions in the schema definition file are
not supported on the LDAP directory server, they need to be mapped to use alternate matching rules and
syntaxes the LDAP server does support.
The matching rules are specified in
<equality> , <ordering> ,or<substr> tags in the attribute
type definition. The LDAP syntax is specified in the <syntax> tag. The mapping rules that determine
how the matching rules and syntaxes are replaced are specified in
/etc/opt/ldapux/schema/map-rules.xml
file. If ldapschema cannot successfully map the
attribute’s matching rules and syntax,
ldapschema
will not be able to add the attribute type to the LDAP
directory server schema.
The purpose of the mapping rules file is to allow an LDAP schema to be installed on an LDAP directory
server even if some of matching rules and LDAP syntaxes used in the definition of that schema are not sup-
ported by the directory server. File
/etc/opt/ldapux/schema/map-rules.xml
uses the follow-
ing mapping rules guideline:
• map more restrictive syntaxes to less restrictive syntaxes
• map more specific matching rules to less specific matching rules
For example, the Integer syntax contains a subset of characters of the IA5 string syntax. Therefore, it is
acceptable to map the Integer syntax to the IA5 string syntax, since the IA5 string syntax is a superset of
the Integer syntax.
The following example illustrates a sample
/etc/opt/ldapux/schema/map-rules.xml
file.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE mappingPolicies SYSTEM "schema.dtd">
<mappingPolicies>
<defaultMatchingRulesReplacements>
<defaultMatchingRule>
<matchingRule>caseIgnoreMatch</matchingRule>
</defaultMatchingRule>
</defaultMatchingRulesReplacements>
<defaultSyntaxesReplacements>
<defaultSyntax only="ads">
<syntax>2.5.5.12</syntax>
<desc>Active Directory String syntax.</desc>
<oMSyntax>64</oMSyntax>
</defaultSyntax>
<defaultSyntax not="ads">
<syntax>1.3.6.1.4.1.1466.115.121.1.15</syntax>
<desc>Directory String syntax.</desc>
</defaultSyntax>
554 Hewlett-Packard Company − 10 − HP-UX 11i Version 2: December 2007 Update