Attribute syntaxes are essentially data type definitions. The syntax for an attribute type indicates the type of data meant to be held by the corresponding values. This can be used to determine whether a particular value is acceptable for a given attribute, as well as to provide information about how the server should interact with existing values.
The Sun Java System Directory Server 5.x does not support the ability to reject values that violates the constraints of the associated attribute syntax. This capability has been added in the Sun Java System Directory Server 6.0, although it is off by default for compatibility reasons (in order to support existing deployments where there may be attribute values that violate the associated syntax). OpenDS also supports the ability to reject values that violate the associated attribute syntax, and this is the default behavior for the purposes of standards compliance. For compatibility reasons, it is possible to completely disable this attribute syntax checking if necessary, but it is also possible to accept values that violate the associated syntax but log a warning message to the server's error log every time this occurs. Note, however, that because OpenDS is much more standards compliant in its use of schema elements than the Sun Java System Directory Server, if attributes are allowed to have values that violate their associated syntax then matching operations may not behave as expected with such values.
The Attribute Syntax Description Format#
The attribute syntax description format is described in RFC 4512, section 4.1.5. The definition is as follows:
SyntaxDescription = LPAREN WSP numericoid ; object identifier [ SP "DESC" SP qdstring ] ; description extensions WSP RPAREN ; extensions
The elements of the attribute syntax description include:
- The numeric OID used to uniquely identify the attribute syntax in the server.
- An optional description for the syntax. If it is provided, then it must be enclosed in single quotation marks.
- An optional set of extensions for the attribute syntax. OpenDS does not currently support any extensions for use in attribute syntaxes.
For example, the following is the attribute syntax description for the standard directory string syntax:
( 18.104.22.168.4.1.1422.214.171.124.15 DESC 'Directory String' )
In this case, the OID is "126.96.36.199.4.1.14188.8.131.52.15" and the description is "Directory String". There are no extensions.
Commonly-Used Attribute Syntaxes#
There are a number of attribute syntaxes defined in LDAP, both in the core protocol specification, as well as other related RFCs and Internet Drafts. Many of these attribute syntaxes are defined in RFC 4517, (LDAP Syntaxes and Matching Rules) in section 3.3. Some of the most commonly-used attribute syntaxes include:
- Directory String -- The Directory String syntax is used to hold general-purpose string values containing one or more UTF-8 characters. Technically, empty values (i.e., those with zero characters) are not allowed, although the Sun Java System Directory Server has historically allowed this, so OpenDS offers a configuration option that may be used to allow it as well although it is disabled by default for standards compliance.
- IA5 String -- The IA5 String syntax is used to hold string values based on the IA5 character set, which is also known as the ASCII character set.
- Printable String -- The Printable String syntax is used to hold string values contain one or more characters from the set of uppercase and lowercase letters, numeric digits, single quotes, left and right parentheses, plus sign, comma, hyphen, period, and equals sign.
- Boolean -- The Boolean syntax is used to hold values of either "TRUE" or "FALSE". No other values are allowed for attributes with this syntax.
- Integer -- The Integer syntax is used to hold integer values, which must contain at least one digit, may start with a hyphen to indicate a negative value, and zero may be used as the first digit only when the value is zero.
- Octet String -- The Octet String syntax is used to hold a set of zero or more bytes. It has been used to replace the former Binary syntax.
- DN -- The DN syntax is used to hold distinguished name values, comprised of zero or more RDN components. Values should be in the format specified in RFC 4514 (LDAP String Representation of Distinguished Names).
The OpenDS Attribute Syntax Implementation#
Like matching rules, attribute syntaxes require logic to determine whether a given value is appropriate and therefore they are be implemented as Java classes. These classes must be subclasses of org.opends.server.api.AttributeSyntax. The most important method in this class is:
public boolean valueIsAcceptable(ByteString value, StringBuilder invalidReason)
This method is used to determine whether a given value is acceptable according to the constraints for that syntax.
The OpenDS implementation also contains four additional methods that may be used to specify default matching rules for use in conjunction with that attribute syntax:
public EqualityMatchingRule getEqualityMatchingRule() public OrderingMatchingRule getOrderingMatchingRule() public SubstringMatchingRule getSubstringMatchingRule() public ApproximateMatchingRule getApproximateMatchingRule()
These methods will be used to provide the default matching rules for an attribute type if no explicit rules are specified. Attribute types will be discussed in greater detail in the next section.
Attribute syntax objects may be retrieved from the server schema using their OIDs.