jspωiki
LDAP Schema

Overview#

LDAP Schema is a very important part of LDAP directory services.

LDAP Schema is defined in RFC 4512.

Schema Definitions#

Schema definitions in this section are described using ABNF and rely on the common productions specified in Section 1.2 as well as these:
noidlen = numericoid [ LCURLY len RCURLY ]
len = number

oids = oid / ( LPAREN WSP oidlist WSP RPAREN )
oidlist = oid *( WSP DOLLAR WSP oid )

extensions = *( SP xstring SP qdstrings )
xstring = "X" HYPHEN 1*( ALPHA / HYPHEN / USCORE )

qdescrs = qdescr / ( LPAREN WSP qdescrlist WSP RPAREN )
qdescrlist = [ qdescr *( SP qdescr ) ]
qdescr = SQUOTE descr SQUOTE

qdstrings = qdstring / ( LPAREN WSP qdstringlist WSP RPAREN )
qdstringlist = [ qdstring *( SP qdstring ) ]
qdstring = SQUOTE dstring SQUOTE
dstring = 1*( QS / QQ / QUTF8 )   ; escaped UTF-8 string

QQ =  ESC %x32 %x37 ; "\27"
QS =  ESC %x35 ( %x43 / %x63 ) ; "\5C" / "\5c"

; Any UTF-8 encoded Unicode character
; except %x27 ("\'") and %x5C ("\")
QUTF8    = QUTF1 / UTFMB

; Any ASCII character except %x27 ("\'") and %x5C ("\")
QUTF1    = %x00-26 / %x28-5B / %x5D-7F
Schema definitions in this section also share a number of common terms.
  • The NAME field provides a set of short names (LDAP Descriptors) that are to be used as aliases for the OID.
  • The DESC field optionally allows a descriptive string to be provided by the directory administrator and/or implementor. While specifications may suggest a descriptive string, there is no requirement that the suggested (or any) descriptive string be used.
  • The OBSOLETE field, if present, indicates the element is not active.
Implementers should note that future versions of this document may expand these definitions to include additional terms. Terms whose identifier begins with "X-" are reserved for private experiments and are followed by <SP> and <qdstrings> tokens.

Although many people may have a basic understanding of attribute Types and objectClass Types, there is a great deal of information about LDAP Schema that most people do not know.

Because LDAP Schema is important it is extremely useful to have a more complete understanding of what it really entails. We will make further attempts to provide an in-depth description of schema elements in general.

LDAP Schema of a Directory System Agent defines a set of rules that govern the kinds of data that the server can hold. LDAP Schema is comprised of a number of different LDAP Schema Element Types

Attributes are the elements responsible for storing data in a directory, and the LDAP Schema defines the rules for which AttributeTypes may be used in an LDAP Entry, the kinds of values that those AttributeTypes may have, and how DUA may interact with those Attribute Values.

DUA may learn about the LDAP Schema elements that the server supports by retrieving an appropriate SubschemaSubentry.

A collection of Links On LDAP Schema#

More Information#

There might be more information for this subject on one of the following: