Overview#LDAP Schema is a very important part of LDAP directory services.
LDAP Schema is defined in RFC 4512.
Schema Definitions#Schema definitions in this section are described using ABNF and rely on the common productions specified in Section 1.2 as well as these:
noidlen = numericoid [ LCURLY len RCURLY ] len = number oids = oid / ( LPAREN WSP oidlist WSP RPAREN ) oidlist = oid *( WSP DOLLAR WSP oid ) extensions = *( SP xstring SP qdstrings ) xstring = "X" HYPHEN 1*( ALPHA / HYPHEN / USCORE ) qdescrs = qdescr / ( LPAREN WSP qdescrlist WSP RPAREN ) qdescrlist = [ qdescr *( SP qdescr ) ] qdescr = SQUOTE descr SQUOTE qdstrings = qdstring / ( LPAREN WSP qdstringlist WSP RPAREN ) qdstringlist = [ qdstring *( SP qdstring ) ] qdstring = SQUOTE dstring SQUOTE dstring = 1*( QS / QQ / QUTF8 ) ; escaped UTF-8 string QQ = ESC %x32 %x37 ; "\27" QS = ESC %x35 ( %x43 / %x63 ) ; "\5C" / "\5c" ; Any UTF-8 encoded Unicode character ; except %x27 ("\'") and %x5C ("\") QUTF8 = QUTF1 / UTFMB ; Any ASCII character except %x27 ("\'") and %x5C ("\") QUTF1 = %x00-26 / %x28-5B / %x5D-7F
Schema definitions in this section also share a number of common terms.
The DESC field optionally allows a descriptive string to be provided by the directory administrator and/or implementor. While specifications may suggest a descriptive string, there is no requirement that the suggested (or any) descriptive string be used.
The OBSOLETE field, if present, indicates the element is not active.
Implementers should note that future versions of this document may expand these definitions to include additional terms. Terms whose identifier begins with "X-" are reserved for private experiments and are followed by <SP> and <qdstrings> tokens.
Because LDAP Schema is important it is extremely useful to have a more complete understanding of what it really entails. We will make further attempts to provide an in-depth description of schema elements in general.
LDAP Schema of a Directory Server defines a set of rules that govern the kinds of information that the server can hold. Directory schema is comprised of a number of different elements, including:
- LDAPSyntaxes -- Are defined by an OID and Provide information about the kind of information that can be stored in an attribute.
- MatchingRule -- Are defined by an OID and Provide information about how to make comparisons against Attribute Values
- Matching Rule Use -- Are defined by an OID and Indicate which AttributeTypes which are suitable for use with an extensibleMatch rules
- AttributeTypes -- Are defined by an OID and MAY contain DESC that may be used to refer to a given attribute, and associates that AttributeType with a LDAPSyntaxes and set of matching rules.
- Object Classes -- Are defined by an OID and MAY contain an ObjectClass-Name and is a named collections of AttributeTypes and classify them into sets of required and optional AttributeTypes.
- Name Forms -- Define rules for the set of AttributeTypes that should be included in the RDN for a specific ObjectClass Types.
- DIT Content Rule -- Are defined by an OID and Define additional constraints about the object classes and attributes that may be used in conjunction with an entry.
- DIT Structure Rule -- Are defined by an OID and Define rules that govern the kinds of subordinate entries that a given entry may have.
Attributes are the elements responsible for storing information in a directory, and the schema defines the rules for which attributes may be used in an entry, the kinds of values that those attributes may have, and how clients may interact with those values.
Clients may learn about the schema elements that the server supports by retrieving an appropriate SubschemaSubentry.
A collection of Links On LDAP Schema#
- LDAP Query For Schema
- PAM LDAP Schema Modifications
- LDAP Schema Viewer
- SUN LDAP Schema Tutorial
- Some Schema Extensions
- Make Changes to the Existing Schema
- Overview of Schema Modifications
- Edirectory's Location of the RFC-2307 Schema
- Schema Browser Tool
- The Schema-willeke
More Information#There might be more information for this subject on one of the following:
- Apple Directory
- AttributeType Description
- DIT Structure Rule
- Glossary Of LDAP And Directory Terminology
- LDAP Descriptor
- Name Form
- Netlogon attribute
- Schema Checking
- Schema Extensions
- Structural ObjectClass
- Thinking of LDAP