Overview#

LDAP Schema Element Extensions LDAP Schema element definitions may include zero or more extensions, which are textual elements that may provide additional information about that element, and in some cases may describe additional functionality or constraints associated with that element.

If a schema element definition includes one or more LDAP Schema Element Extensions, then each extension must have the following format:

• One or more spaces to separate the extension from other components in the schema element definition.
• The name of the extension. The name must start with “X-”, and the remainder of the name may contain only ASCII letters (uppercase and/or lowercase), hyphens, and/or underscores.
• One or more spaces to separate the extension name from its value(s).
• The value(s) for the extension. This may take either of the following forms:
  • A single quote, followed by the text for the value, and another single quote. This format is only allowed for extensions with a single value.
  • An open parenthesis, zero or more spaces, the first extension value surrounded by single quotes, an optional set of additional extension values where each is preceded by at least one space and includes the value surrounded by single quotes, zero or more spaces, and a close parenthesis. This format is allowed for extensions that have one or more values.

Each extension value must contain one or more UTF-8 characters, with any single quote characters escaped as “\27” and any backslash characters escaped as “\5c”. Extension values cannot be empty strings, and all extensions must have at least one value.

LDAP does not define any standard schema extensions, but many LDAP Server Implementations accept any properly-formatted extension as a means of annotating the schema element. For example, one of the most commonly-used extension types is “X-ORIGIN”, which is typically used to indicate the source of the associated schema element, and the string “X-ORIGIN ‘RFC 4519’” might be used to indicate that the associated schema element is defined in RFC 4519.

Some directory servers may use certain extensions to describe additional constraints for the schema element that the normal LDAP syntax doesn’t support.

LDAPWiki shows several of the LDAP Schema Element Extensionss as Extended Flags

More Information#

There might be more information for this subject on one of the following:

• EDirectory Schema Reference
• Extended Flags
• LDAP Schema for NDS

---

• [#1] - Schema Element Extensions - based on information obtained 2018-10-02-