Overview#
LDAP Schema is a very important part of LDAP directory services.LDAP Schema is defined in RFC 4512.
Schema Definitions#
Schema definitions in this section are described using ABNF and rely on the common productions specified in Section 1.2 as well as these:
noidlen = numericoid [ LCURLY len RCURLY ]
len = number
oids = oid / ( LPAREN WSP oidlist WSP RPAREN )
oidlist = oid *( WSP DOLLAR WSP oid )
extensions = *( SP xstring SP qdstrings )
xstring = "X" HYPHEN 1*( ALPHA / HYPHEN / USCORE )
qdescrs = qdescr / ( LPAREN WSP qdescrlist WSP RPAREN )
qdescrlist = [ qdescr *( SP qdescr ) ]
qdescr = SQUOTE descr SQUOTE
qdstrings = qdstring / ( LPAREN WSP qdstringlist WSP RPAREN )
qdstringlist = [ qdstring *( SP qdstring ) ]
qdstring = SQUOTE dstring SQUOTE
dstring = 1*( QS / QQ / QUTF8 ) ; escaped UTF-8 string
QQ = ESC %x32 %x37 ; "\27"
QS = ESC %x35 ( %x43 / %x63 ) ; "\5C" / "\5c"
; Any UTF-8 encoded Unicode character
; except %x27 ("\'") and %x5C ("\")
QUTF8 = QUTF1 / UTFMB
; Any ASCII character except %x27 ("\'") and %x5C ("\")
QUTF1 = %x00-26 / %x28-5B / %x5D-7F
- The NAME field provides a set of short names (LDAP Descriptors) that are to be used as aliases for the OID.
- The DESC field optionally allows a descriptive string to be provided by the directory administrator and/or implementor. While specifications may suggest a descriptive string, there is no requirement that the suggested (or any) descriptive string be used.
- The OBSOLETE field, if present, indicates the element is not active.
Although many people may have a basic understanding of attribute Types and objectClass Types, there is a great deal of information about LDAP Schema that most people do not know.
Because LDAP Schema is important it is extremely useful to have a more complete understanding of what it really entails. We will make further attempts to provide an in-depth description of schema elements in general.
LDAP Schema of a Directory System Agent defines a set of rules that govern the kinds of data that the server can hold. LDAP Schema is comprised of a number of different LDAP Schema Element Types
Attributes are the elements responsible for storing data in a directory, and the LDAP Schema defines the rules for which AttributeTypes may be used in an LDAP Entry, the kinds of values that those AttributeTypes may have, and how DUA may interact with those Attribute Values.
DUA may learn about the LDAP Schema elements that the server supports by retrieving an appropriate SubschemaSubentry.
A collection of Links On LDAP Schema#
- LDAP Query For Schema
- PAM LDAP Schema Modifications
- EDirectory Schema Reference
- LDAP Schema Viewer
- SUN LDAP Schema Tutorial
- Schema Extensions
- Make Changes to the Existing Schema
- Overview of Schema Modifications
- Edirectory's Location of the RFC-2307 Schema
- Schema Browser Tool
- The Willeke Schema
- SubschemaSubentry
- The COSINE and Internet X.500 Schema
- Microsoft Active Directory Attributes
- Microsoft Active Directory Syntax
More Information#
There might be more information for this subject on one of the following:- ABSTRACT
- Active Directory Schema Related LDAP Searches
- ActiveDirectorySchemaChanges
- Apple Directory
- Attribute
- AttributeType Description
- DESC
- DIT Structure Rule
- Differences between LDAP 2 and 3 Protocols
- Glossary Of LDAP And Directory Terminology
- LDAP
- LDAP Descriptor
- LDAP Schema Element Extensions
- LDAP Schema Element Type
- LDAP Schema for NDS
- LDAP schema used by autofs
- LDAP_UNDEFINED_TYPE
- MatchingRule
- NDS Master Replica
- Name Form
- Netlogon attribute
- OID
- ObjectClasses
- Schema
- Schema Checking
- Schema Extensions
- SchemaRFC2307Bis
- Structural ObjectClass
- SudoRole
- Thinking of LDAP
- X-SYSTEMFLAGS