This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
DIT Content Rule
DIT Content Rule

Version management

Difference between version and

At line 1 added 35 lines
!!! Overview
[{$pagename}] is a [Subschema] element that specifies which [AUXILIARY] object classes are allowed to be used with an entry, as well as which attribute types are required, allowed, and prohibited for use with an entry, based on its [STRUCTURAL] object class.
And of course, different [LDAP Server Implementations] implement the rules to various degrees.
The components of a [DIT Content Rule Description] include:
* The numeric [OID] of the structural object class with which the DIT content rule is associated.
* An optional set of names for the [{$pagename}].
* An optional set of [AUXILIARY] object class] names or OIDs for the auxiliary classes that are allowed to be used with entries containing the associated structural class.
* An optional set of [attributeType] names or OIDs for attribute types that are required to be present in entries with the associated structural class. These attributes will be required even if they are not allowed by any of the object classes in the entry.
* An optional set of attribute type names or OIDs for attribute types that may optionally be present in entries with the associated structural class. These attributes will be allowed even if they are not allowed by any of the object classes in the entry.
* An optional set of attribute type names or OIDs for attribute types that are prohibited to be present in entries with the associated structural class. These attributes will be prohibited even if they are allowed by any of the object classes in the entry.
The set of DIT content rules defined in the server may be determined by retrieving the [dITContentRules] attribute of the [SubschemaSubentry]. For more information about DIT content rules, see the [Understanding DIT Content Rules] document.
!! [{$pagename}] [LDAP] [specifications][1]
None of the major [LDAP] [specifications] include any [{$pagename}] definitions. However, the following is an [example] of a [{$pagename}] definition that augments the [inetOrgPerson] structural class to allow only the strongAuthenticationUser auxiliary class, that requires the [uid] attribute (in addition to the cn and sn attributes already required by [inetOrgPerson]), that also allows the c attribute (which specifies the user’s country and would not otherwise be allowed by the entry’s object classes), and that prohibits the use of the telexNumber and telexTerminalIdentifier attributes:
%%prettify
{{{
( 2.16.840.1.113730.3.2.2
NAME 'inetOrgPerson-content-rule'
AUX strongAuthenticationUser
MUST uid
MAY c
NOT ( telexNumber $ telexTerminalIdentifier ) )
}}}
/%
Note that according to [RFC 4512] section 2.4.3, a fully standards-compliant directory server __will NOT__ allow an entry to include any [AUXILIARY] object classes if there is no [{$pagename}] associated with that entry’s structural class. While some [LDAP Server Implementations] use a more relaxed constraint and allow any auxiliary class to be used in conjunction with an entry that is not governed by any DIT content rule, if you intend to use auxiliary object classes then it is [RECOMMENDED] that you also define the appropriate [{$pagename}](s) to allow their use.
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [DIT Content Rules|https://ldap.com/dit-content-rules/|target='_blank'] - based on information obtained 2018-06-24-
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop