| Wiki Markup |
|---|
h1. Introduction
We want to store the schema into ADS as any other entries. We have to define the minimum set of ObjectClasses an AttributeTypes needed to be able to bootstrap the schema.
All the ObjectClass will depend on the *MetaObjectClass* element, which is hard wired in the server.
All the AttributeTypes will depend on the *MetaAttributeType* element, which is hard wired in the server.
{note}
The new Syntaxes will use the OIDs |
Introduction
We want to store the schema into ADS as any other entries. We have to define the minimum set of ObjectClasses an AttributeTypes needed to be able to bootstrap the schema.
All the ObjectClass will depend on the MetaObjectClass element, which is hard wired in the server.
All the AttributeTypes will depend on the MetaAttributeType element, which is hard wired in the server.
| Note |
|---|
The new Syntaxes will use the OIDs 1.3.6.1.4.1.18060.1.1.0.1.NThe new MatchingRules will use the OIDs 1.3.6.1.4.1.18060.1.1.0.2.N The new AttributesType will use the OIDs 1.3.6.1.4.1.18060.1.1.0.3.N The new ObjectClasses will use the OIDs 1.3.6.1.4.1.18060.1.1.0.4.N We willuse OIDs use OIDs 1.3.6.1.4.1.18060.1.1.0.0.N for Meta objects. Here, the prefix 1.3.6.1.4.1.18060 is the one declared to IANA to represent the Apache Foundation and the next 1.1 values are used specifically for Apache Directory. |
...
. {note} h1. Elements of the Meta-Schema |
...
The MetaSchema will be presented in [MetaSchema schema], but before, we must define some elements in this page. h2. |
...
Syntaxes |
...
We must define the minimum set of syntaxes. |
...
Those are following the following grammar (from [RFC 4512] ) : |
...
{code |
} <SyntaxDescription> ::= <LPAREN> <WSP> <numericoid> ( <SP> "DESC" <SP> <qdstring> )? <extensions> <WSP> <RPAREN> {code} Only one is already defined: in [http://www.rfc-archive.org/getrfc.php?rfc=4517 |
...
| Code Block |
|---|
|RFC 4517] {code} 3.3.3. Boolean A value of the Boolean syntax is one of the Boolean values, true or false. The LDAP-specific encoding of a value of this syntax is defined by the following ABNF: Boolean = "TRUE" / "FALSE" The LDAP definition for the Boolean syntax is: ( 1.3.6.1.4.1.1466.115.121.1.7 DESC 'Boolean' ) This syntax corresponds to the BOOLEAN ASN.1 type from [ASN.1]. {code} They are the new one described in the following table : |
...
Desc
...
OID
...
Extensions
...
rules
...
m-oid
|| Desc || OID || Extensions || rules || | m-oid \\ | 1.3.6.1.4.1.18060.1.1.0.1.1 |
...
-
...
Must be a valid OID
...
m-nameOrOid
| \- \\ | Must be a valid OID \\ | | m-nameOrOid | 1.3.6.1.4.1.18060.1.1.0.1.2 |
...
-
...
Must be a valid Name or a valid OID
...
m-typeObjectClass
| \- | Must be a valid Name or a valid OID | | m-typeObjectClass | 1.3.6.1.4.1.18060.1.1.0.1.3 |
...
-
...
Should be one of those 3 strings :
- ABSTRACT
- STRUCTURAL
- AUXILIARY
...
m-usage
| \- | Should be one of those 3 strings : * ABSTRACT * STRUCTURAL * AUXILIARY | | m-usage | 1.3.6.1.4.1.18060.1.1.0.1.4 |
...
-
...
Should be one of those 4 strings :
- userApplications
- directoryOperation
- distributedOperation
- dSAOperation
MatchingRules
The Matching rules are deifned in RFC 4512 :
| Code Block |
|---|
| \- | Should be one of those 4 strings : * userApplications * directoryOperation * distributedOperation * dSAOperation | h2. MatchingRules The Matching rules are deifned in RFC 4512 : {code} <MatchingRuleDescription> ::= <LPAREN> <WSP> <numericoid> <MRParameters> <SP> "SYNTAX" <SP> <numericoid> <extensions> <WSP> <RPAREN> <MRParameters> ::= ( <SP> "NAME" <SP> <qdstrings> | <SP> "DESC" <SP> <qdstring> | <SP> "OBSOLETE" )+ {code} Here are the new *MatchingRules |
...
Name
...
OID
...
Desc
...
Obsolete
...
Syntax
...
Extensions
...
OidMatch
* : || Name || OID || Desc || Obsolete || Syntax || Extensions || | OidMatch \\ | 1.3.6.1.4.1.18060.1.1.0.2.1 |
...
| Match an |
...
no
...
OID
...
-
...
BooleanMatch
OID \\ | no \\ | *{_}OID{_}* \\ | \- \\ | | BooleanMatch | 1.3.6.1.4.1.18060.1.1.0.2.2 |
...
| Match a Boolean |
...
no
...
Boolean
...
-
...
NameOrOidMatch
| no | Boolean | \- | | NameOrOidMatch | 1.3.6.1.4.1.18060.1.1.0.2.3 |
...
| Match a name or an OID |
...
no
...
NameOrOid
...
-
...
TypeMatch
| no | *{_}NameOrOid{_}* | \- | | TypeMatch | 1.3.6.1.4.1.18060.1.1.0.2.4 |
...
| Match a type of ObjectClass |
...
no
...
Type
...
-
...
UsageMatch
| no | *{_}Type{_}* | \- | | UsageMatch | 1.3.6.1.4.1.18060.1.1.0.2.5 |
...
| Match an attributeType Usage |
...
no
...
Usage
...
-
ObjectClasses
The ObjectClass element is described in RFC 4512 :
| Code Block |
|---|
| no | *{_}Usage{_}* | \- | h2. ObjectClasses The ObjectClass element is described in RFC 4512 : {code} <ObjectClassDescription> ::= <LPAREN> <SP> <numericoid> <ocparameters> <extensions> <WSP> <RPAREN> // Each parameters should not be seen more than once <ocparameters> ::= ( <SP> "NAME" <SP> <qdescrs> | <SP> "DESC" <SP> <qdstring> | <SP> "OBSOLETE" | <SP> "SUP" <SP> <oids> | <SP> ( "ABSTRACT" | "STRUCTURAL" | "AUXILIARY" ) | <SP> "MUST" <SP> <oids> | <SP> "MAY" <SP> <oids> )+ {code} Here we have some elements which are already in the schema : |
...
{code |
}
attributetype ( 2.5.4.0
NAME 'objectClass'
DESC 'RFC2256: object classes of the entity'
EQUALITY objectIdentifierMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
)
|
| Code Block |
|---|
{code}
{code}
attributetype ( 2.5.4.13
NAME 'description'
DESC 'RFC2256: descriptive information'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024}
)
|
| Code Block |
{code} {code} attributetype ( 2.5.4.41 NAME 'name' DESC 'RFC2256: common supertype of name attributes' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) {code} The other ones must be defined. Here is a table grouping all the missing elements : |
...
Name
...
OID
...
Desc
...
Sup
...
Equality
...
Ordering
...
Substr
...
Syntax
...
SingleValue
...
Collective
...
NoUserModification
...
Usage
...
m-oid
|| Name || OID || Desc || Sup || Equality || Ordering || Substr || Syntax || SingleValue || Collective || NoUserModification || Usage || | m-oid | 1.3.6.1.4.1.18060.1.1.0.3.1 |
...
| The Object |
...
-
...
OidMatch
...
-
...
-
...
OID
...
yes
...
-
...
yes
...
dSAOperation
...
m-obsolete
Identifier \\ | \- \\ | *{_}OidMatch{_}* \\ | \- \\ | \- \\ | *{_}OID{_}* | yes | \- \\ | yes \\ | dSAOperation | | m-name | 1.3.6.1.4.1.18060.1.1.0.3.2 | The Object name\\ | \- | caseIgnoreMatch | \-\\ | caseIgnoreSubstringsMatch\\ | 1.3.6.1.4.1.1466.115.121.1.15{32768}\\ | no\\ | \-\\ | yes\\ | dSAOperation | | m-description | 1.3.6.1.4.1.18060.1.1.0.3.3 | The object description\\ | \- | caseIgnoreMatch | \-\\ | caseIgnoreSubstringsMatch | 1.3.6.1.4.1.1466.115.121.1.15{1024}\\ | yes\\ | \-\\ | yes\\ | dSAOperation | | m-obsolete | 1.3.6.1.4.1.18060.1.1.0.3. |
...
The type is obsolete
...
-
...
BooleanMatch
...
-
...
-
...
Boolean
...
yes
...
-
...
yes
...
dSAOperation
...
m-supObjectClass
4 | The type is obsolete \\ | \- | *{_}BooleanMatch{_}* | \- | \- | Boolean | yes | \- | yes | dSAOperation | | m-supObjectClass | 1.3.6.1.4.1.18060.1.1.0.3. |
...
The list of superiors
...
-
...
NameOrOidMatch
...
-
...
-
...
NameOrOid
...
no
...
-
...
yes
...
dSAOperation
...
m-must
5 | The list of superiors | \- | *{_}NameOrOidMatch{_}* | \- | \- | *{_}NameOrOid{_}* | no | \- | yes | dSAOperation | | m-must | 1.3.6.1.4.1.18060.1.1.0.3. |
...
The list of mandatory ATs
...
-
...
NameOrOidMatch
...
-
...
-
...
NameOrOid
...
no
...
-
...
yes
...
dSAOperation
...
m-may
6 | The list of mandatory ATs | \- | *{_}NameOrOidMatch{_}* | \- | \- | *{_}NameOrOid{_}* | no | \- | yes | dSAOperation | | m-may | 1.3.6.1.4.1.18060.1.1.0.3. |
...
The list of authorized ATs
...
-
...
NameOrOidMatch
...
-
...
-
...
NameOrOid
...
no
...
-
...
yes
...
dSAOperation
...
m-typeObjectClass
7 | The list of authorized ATs | \- | *{_}NameOrOidMatch{_}* | \- | \- | *{_}NameOrOid{_}* | no | \- | yes | dSAOperation | | m-typeObjectClass | 1.3.6.1.4.1.18060.1.1.0.3. |
...
The ObjectClass type
...
-
...
TypeMatch
...
-
...
-
...
Type
...
yes
...
-
...
yes
...
dSAOperation
AttributeType
The AttributeType element is described in RFC 4512 :
| Code Block |
|---|
8 | The ObjectClass type | \- | *{_}TypeMatch{_}* | \- | \- | *{_}Type{_}* | yes | \- | yes | dSAOperation | h2. AttributeType The AttributeType element is described in RFC 4512 : {code} <AttributeTypeDescription> = <LPAREN> <WSP> <numericoid> <atparameters> <extensions> <WSP> <RPAREN> // Each parameters should not be seen more than once <atparameters> ::= (<SP> "NAME" <SP> <qdescrs> | <SP> "DESC" <SP> qdstring | <SP> "OBSOLETE" | <SP> "SUP" <SP> <oid> | <SP> "EQUALITY" <SP> <oid> | <SP> "ORDERING" <SP> <oid> | <SP> "SUBSTR" <SP> <oid> | <SP> "SYNTAX" <SP> <noidlen> | <SP> "SINGLE-VALUE" | <SP> "COLLECTIVE" | <SP> "NO-USER-MODIFICATION" | <SP> "USAGE" <SP> <usage>)+ {code} Here we have some elements which are already in the schema : |
...
{code |
}
attributetype ( 2.5.4.13
NAME 'description'
DESC 'RFC2256: descriptive information'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024}
)
|
| Code Block |
|---|
{code} {code} attributetype ( 2.5.4.41 NAME 'name' DESC 'RFC2256: common supertype of name attributes' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) {code} The other ones must be defined. Here is a table grouping all the missing elements : |
...
Name
...
OID
...
Desc
...
Sup
...
Equality
...
Ordering
...
Substr
...
Syntax
...
SingleValue
...
Collective
...
NoUserModification
...
Usage
...
m-obsolete
|| Name || OID || Desc || Sup || Equality || Ordering || Substr || Syntax || SingleValue || Collective || NoUserModification || Usage || | m-obsolete | 1.3.6.1.4.1.18060.1.1.0.3. |
...
The type is obsolete
...
-
...
BooleanMatch
...
-
...
-
...
Boolean
...
yes
...
-
...
yes
...
dSAOperation
...
m-supAttributeType
9 | The type is obsolete | \- | *{_}BooleanMatch{_}* | \- | \- | Boolean | yes | \- | yes | dSAOperation | | m-supAttributeType | 1.3.6.1.4.1.18060.1.1.0.3. |
...
The list of superior
...
-
...
nameOrOidMatch
...
-
...
-
...
NameOrOid
...
yes
...
-
...
yes
...
dSAOperation
...
m-equality
10 | The list of superior | \- | *{_}nameOrOidMatch{_}* | \- | \- | *{_}NameOrOid{_}* | yes | \- | yes | dSAOperation | | m-equality | 1.3.6.1.4.1.18060.1.1.0.3. |
...
Equality matching rule
...
-
...
nameOrOidMatch
...
-
...
-
...
NameOrOid
...
yes
...
-
...
yes
...
dSAOperation
...
m-ordering
11 | Equality matching rule | \- | *{_}nameOrOidMatch{_}* | \- | \- | *{_}NameOrOid{_}* | yes | \- | yes | dSAOperation | | m-ordering | 1.3.6.1.4.1.18060.1.1.0.3. |
...
Ordering matching rule
...
-
...
nameOrOidMatch
...
-
...
-
...
NameOrOid
...
yes
...
-
...
yes
...
dSAOperation
...
m-substr
12 | Ordering matching rule | \- | *{_}nameOrOidMatch{_}* | \- | \- | *{_}NameOrOid{_}* | yes | \- | yes | dSAOperation | | m-substr | 1.3.6.1.4.1.18060.1.1.0.3. |
...
Substring matching rule
...
-
...
nameOrOidMatch
...
-
...
-
...
NameOrOid
...
yes
...
-
...
yes
...
dSAOperation
...
m-syntax
13 | Substring matching rule | \- | *{_}nameOrOidMatch{_}* | \- | \- | *{_}NameOrOid{_}* | yes | \- | yes | dSAOperation | | m-syntax | 1.3.6.1.4.1.18060.1.1.0.3. |
...
The attribute syntax
...
-
...
nameOrOidMatch
...
-
...
-
...
NameOrOid
...
yes
...
-
...
yes
...
dSAOperation
14 | The attribute syntax | \- | *{_}nameOrOidMatch{_}* | \- | \- | *{_}NameOrOid{_}* | yes | \- | yes | dSAOperation | | m-single-value |
...
| 1.3.6.1.4.1.18060.1.1.0.3. |
...
The attribute is single valued
...
-
...
BooleanMatch
...
-
...
-
...
Boolean
...
yes
...
-
...
yes
...
dSAOperation
...
m-collective
15 | The attribute is single valued | \- | *{_}BooleanMatch{_}* | \- | \- | Boolean | yes | \- | yes | dSAOperation | | m-collective | 1.3.6.1.4.1.18060.1.1.0.3. |
...
The attribute is collective
...
-
...
BooleanMatch
...
-
...
-
...
Boolean
...
yes
...
-
...
yes
...
dSAOperation
16 | The attribute is collective | \- | *{_}BooleanMatch{_}* | \- | \- | Boolean | yes | \- | yes | dSAOperation | | m-no-user-modification |
...
| 1.3.6.1.4.1.18060.1.1.0.3. |
...
The attribute is protected
...
-
...
BooleanMatch
...
-
...
-
...
Boolean
...
yes
...
-
...
yes
...
dSAOperation
...
m-usage
17 | The attribute is protected | \- | *{_}BooleanMatch{_}* | \- | \- | Boolean | yes | \- | yes | dSAOperation | | m-usage | 1.3.6.1.4.1.18060.1.1.0.3. |
...
Type of operation
...
-
...
UsageMatch
...
-
...
-
...
Usage
...
yes
...
-
...
yes
...
dSAOperation
Ordering is useless, so is Substr.
Description of currently existing schemas
All the current schemas objects are described with the new syntax in those pages :
...
Schema
...
ObjectClasses
...
AttributeTypes
...
apache
...
...
...
apachedns
...
...
...
autofs
...
...
...
collective
...
...
...
corba
...
...
...
core
...
...
...
cosine
...
...
...
dhcp
...
...
...
inetorgPerson
...
...
...
java
...
...
...
krb5kdc
...
...
...
misc
...
...
...
mozilla
...
...
...
nis
...
...
...
samba
...
...
...
system
...
...
18 | Type of operation | \- | *{_}UsageMatch{_}* | \- | \- | *{_}Usage{_}* | yes | \- | yes | dSAOperation |
Ordering is useless, so is Substr.
h1. Description of currently existing schemas
All the current schemas objects are described with the new syntax in those pages :
|| Schema || ObjectClasses || AttributeTypes ||
| apache | [apache ObjectClasses] | [apache AttributeTypes] |
| apachedns | [apachedns ObjectClasses] | [apachedns AttributeTypes] |
| autofs | [autofs ObjectClasses] | [autofs AttributeTypes] |
| collective | [collective ObjectClasses] | [collective AttributeTypes] |
| corba | [corba ObjectClasses] | [corba AttributeTypes] |
| core | [core ObjectClasses] | [core AttributeTypes] |
| cosine | [cosine ObjectClasses] | [cosine AttributeTypes] |
| dhcp | [dhcp ObjectClasses] | [dhcp AttributeTypes] |
| inetorgPerson | [inetorgPerson ObjectClasses] | [inetorgPerson AttributeTypes] |
| java | [java ObjectClasses] | [java AttributeTypes] |
| krb5kdc | [krb5kdc ObjectClasses] | [krb5kdc AttributeTypes] |
| misc | [misc ObjectClasses] | [misc AttributeTypes] |
| mozilla | [mozilla ObjectClasses] | [mozilla AttributeTypes] |
| nis | [nis ObjectClasses] | [nis AttributeTypes] |
| samba | [samba ObjectClasses] | [samba AttributeTypes] |
| system | [system ObjectClasses] | [system AttributeTypes] | |