jspωiki
LDAP Schema

Overview#

LDAP Schema is a very important part of LDAP directory services.

LDAP Schema is defined in RFC 4512.

Schema Definitions#

Schema definitions in this section are described using ABNF and rely on the common productions specified in Section 1.2 as well as these:
noidlen = numericoid [ LCURLY len RCURLY ]
len = number

oids = oid / ( LPAREN WSP oidlist WSP RPAREN )
oidlist = oid *( WSP DOLLAR WSP oid )

extensions = *( SP xstring SP qdstrings )
xstring = "X" HYPHEN 1*( ALPHA / HYPHEN / USCORE )

qdescrs = qdescr / ( LPAREN WSP qdescrlist WSP RPAREN )
qdescrlist = [ qdescr *( SP qdescr ) ]
qdescr = SQUOTE descr SQUOTE

qdstrings = qdstring / ( LPAREN WSP qdstringlist WSP RPAREN )
qdstringlist = [ qdstring *( SP qdstring ) ]
qdstring = SQUOTE dstring SQUOTE
dstring = 1*( QS / QQ / QUTF8 )   ; escaped UTF-8 string

QQ =  ESC %x32 %x37 ; "\27"
QS =  ESC %x35 ( %x43 / %x63 ) ; "\5C" / "\5c"

; Any UTF-8 encoded Unicode character
; except %x27 ("\'") and %x5C ("\")
QUTF8    = QUTF1 / UTFMB

; Any ASCII character except %x27 ("\'") and %x5C ("\")
QUTF1    = %x00-26 / %x28-5B / %x5D-7F

Schema definitions in this section also share a number of common terms.

The NAME field provides a set of short names (LDAP Descriptors) that are to be used as aliases for the OID.

The DESC field optionally allows a descriptive string to be provided by the directory administrator and/or implementor. While specifications may suggest a descriptive string, there is no requirement that the suggested (or any) descriptive string be used.

The OBSOLETE field, if present, indicates the element is not active.

Implementers should note that future versions of this document may expand these definitions to include additional terms. Terms whose identifier begins with "X-" are reserved for private experiments and are followed by <SP> and <qdstrings> tokens.

Although many people may have a basic understanding of attribute Types and objectClass Types, there is a great deal of information about _LDAP Schema that most people do not know.

Because LDAP Schema is important it is extremely useful to have a more complete understanding of what it really entails. We will make further attempts to provide an in-depth description of schema elements in general.

LDAP Schema of a Directory Server defines a set of rules that govern the kinds of information that the server can hold. Directory schema is comprised of a number of different elements, including:

Attributes are the elements responsible for storing information in a directory, and the schema defines the rules for which attributes may be used in an entry, the kinds of values that those attributes may have, and how clients may interact with those values.

Clients may learn about the schema elements that the server supports by retrieving an appropriate SubschemaSubentry.

A collection of Links On LDAP Schema#

More Information#

There might be more information for this subject on one of the following: