Note | ||
---|---|---|
| ||
This site is in the process of being reviewed and updated. |
Table of Contents | ||||
---|---|---|---|---|
|
Introduction
We want to store the schema into ADS as any other entries. We have to define the minimum set of ObjectClasses an AttributeTypes needed to be able to bootstrap the schema.
...
Note |
---|
The new Syntaxes will use the OIDs OIDs 1.3.6.1.4.1.18060.10.14.0.10.N |
Elements of the Meta-Schema
Syntaxes
We must define the minimum set of syntaxes.
Those are following the following grammar (from RFC 4512 ) :
.0.4.0.4.N We will use OIDs 1.3.6.1.4.1.18060.1.1.0.0.N for Meta objects. Here, the prefix 1.3.6.1.4.1.18060 is the one declared to IANA to represent the Apache Foundation and the next 1.1 values are used specifically for Apache Directory. |
Elements of the Meta-Schema
The MetaSchema will be presented in MetaSchema schema, but before, we must define some elements in this page.
Syntaxes
We must define the minimum set of syntaxes.
Those are following the following grammar (from RFC 4512 ) :
No Format |
---|
<SyntaxDescription> ::=
<LPAREN> <WSP> |
Code Block |
<SyntaxDescription> ::= <LPAREN> <WSP> <numericoid> ( <SP> "DESC" <SP> <qdstring> )? <extensions><numericoid> <WSP> <RPAREN> |
Only one is already defined: in http://www.rfc-archive.org/getrfc.php?rfc=4517
Code Block |
---|
3.3.3. Boolean ( A<SP> value"DESC" of<SP> the<qdstring> Boolean)? syntax is one of the Boolean values, true or <extensions> <WSP> <RPAREN> |
34 of them are defined in RFC 4517. For instance, here the definition of Boolean syntax :
No Format |
---|
3.3.3 false. The LDAP-specific encoding of aBoolean A value of the thisBoolean syntax is one of definedthe byBoolean thevalues, followingtrue ABNF:or false. The LDAP-specific encoding of a value of this syntax is defined by the following ABNF: Boolean = "TRUE" / "FALSE" The LDAP definition for the Boolean syntax is: ( 1.3.6.1.4.1.1466.115.121.1.7 DESC 'Boolean' ) This syntax corresponds to the BOOLEAN ASN.1 type from [ASN.1]. |
They Here are the new one we need to implement the MetaSchema, described in the following table :
Desc | OID | Extensions | rules | ||
---|---|---|---|---|---|
NameOrOid objectClassType | 1.3.6.1.4.1.18060.10.14.0.10.1 | - | Should be one of those 3 strings :
| ||
numericOid | Must be a valid Name or a valid OID | Type | 1.3.6.1.4.1.18060.10.14.0.10.2 | - | Must be a valid numeric OID |
attributeTypeUsage | Should be one of those 3 strings :
| Usage | 1.3.6.1.4.1.18060.10.14.0.10.4 3 | - | Should be one of those 4 strings :
|
MatchingRules
The Matching rules are deifned in RFC 4512 :
number | 1.3.6.1.4.1.18060.0.4.0.0.4 | - | Must be a number |
oidLen | 1.3.6.1.4.1.18060.0.4.0.0.5 | - | Must be a valid numeric oid followed |
objectName | 1.3.6.1.4.1.18060.0.4.0.0.6 | - | Must be a valid name a-zA-Z(a-zA-Z0-9-;)* |
MatchingRules
The Matching rules are defined in RFC 4512 :
No Format |
---|
<MatchingRuleDescription> ::= <LPAREN> <WSP>
<numericoid> <MRParameters>
<SP> "SYNTAX" <SP> <numericoid>
<extensions> <WSP> <RPAREN>
<MRParameters> ::=
( <SP> "NAME" <SP> <qdstrings> |
<SP> |
Code Block |
<MatchingRuleDescription> ::= <LPAREN> <WSP>
<numericoid> <MRParameters>
<SP> "SYNTAX" <SP> <numericoid>
<extensions> <WSP> <RPAREN>
<MRParameters> ::=
( <SP> "NAME" <SP> <qdstrings> |
<SP> "DESC" <SP> <qdstring> |
<SP> "OBSOLETE" )+
|
...
Name | OID | Desc | Obsolete | Syntax | Extensions |
---|---|---|---|---|---|
OidMatch BooleanMatch | 1.3.6.1.4.1.18060.1.1.0.2.1 | Match an OID | no | OID | - |
BooleanMatch | 1.3.6.1.4.1.18060.1.1.0.2.2 | Match a Boolean | no | Boolean | - |
NameOrOidMatch | 1.3.6.1.4.1.18060.1.1.0.2.2 3 | Match a name or an OID | no | NameOrOid | - |
TypeMatch | 1.3.6.1.4.1.18060.1.1.0.2.3 4 | Match a type of ObjectClass | no | Type | - |
UsageMatch | 1.3.6.1.4.1.18060.1.1.0.2.4 5 | Match an attributeType Usage | no | Usage | - |
...
The ObjectClass element is described in RFC 4512 :
Code Blocknoformat |
---|
<ObjectClassDescription> ::= <LPAREN> <SP> <numericoid> <ocparameters> <extensions> <WSP> <RPAREN> // Each parameters should not be seen more than once <ocparameters> ::= ( <SP> "NAME" <SP> <qdescrs> | <SP> "DESC" <SP> <qdstring> | <SP> "OBSOLETE" | <SP> "SUP" <SP> <oids> | <SP> ( "ABSTRACT" | "STRUCTURAL" | "AUXILIARY" ) | <SP> "MUST" <SP> <oids> | <SP> "MAY" <SP> <oids> )+ |
Here we have some elements which are already in the schema :
Code Blocknoformat |
---|
attributetype ( 2.5.4.0 NAME 'objectClass' DESC 'RFC2256: object classes of the entity' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) |
Code Blocknoformat |
---|
attributetype ( 2.5.4.13 NAME 'description' DESC 'RFC2256: descriptive information' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} ) |
Code Blocknoformat |
---|
attributetype ( 2.5.4.41 NAME 'name' DESC 'RFC2256: common supertype of name attributes' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) |
...
Name | OID | Desc | Sup | Equality | Ordering | Substr | Syntax | SingleValue | Collective | NoUserModification | Usage | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
m-oid | obsolete | 1.3.6.1.4.1.18060.10.14.0.32.1 | The type is obsolete Object Identifier | - | OidMatch BooleanMatch | - | - | Boolean OID | yes | - | yes | dSAOperation | sup | ||||||||
m-name | 1.3.6.1.4.1.18060.10.14.0.32.2 | The list of superiors Object name | - | NameOrOidMatch caseIgnoreMatch | - | - | caseIgnoreSubstringsMatch | objectName {32768} NameOrOid | no | - | yes | dSAOperation | must | ||||||||
m-description | 1.3.6.1.4.1.18060.10.14.0.32.3 | The list of mandatory ATs object description | - | NameOrOidMatch caseIgnoreMatch | - | - | NameOrOid | no | - | yes | dSAOperation | may | caseIgnoreSubstringsMatch | 1.3.6.1.4.1.180601466.115.1121.1.0.3.4 15{1024} | yes The list of authorized ATs | - | NameOrOidMatch | - | - | NameOrOid | no |
m-obsolete | - | yes | dSAOperation | type | 1.3.6.1.4.1.18060.10.14.0.32.5 4 | The ObjectClass type is obsolete | - | TypeMatch BooleanMatch | - | - | Type Boolean | yes | - | yes | dSAOperation |
AttributeType
The AttributeType element is described in RFC 4512 :
m-supObjectClass | 1.3.6.1.4.1.18060.0.4.0.2.5 | The list of superiors | - | NameOrOidMatch | - | - | NameOrOid | no | - |
m-must | 1.3.6.1.4.1.18060.0.4.0.2.6 | The list of mandatory ATs | - | NameOrOidMatch | - | - | NameOrOid | no | - |
m-may | 1.3.6.1.4.1.18060.0.4.0.2.7 | The list of authorized ATs | - | NameOrOidMatch | - | - | NameOrOid | no | - |
m-typeObjectClass | 1.3.6.1.4.1.18060.0.4.0.2.8 | The ObjectClass type | - | TypeObjectClassMatch | - | - | TypeObjectClass | yes | - |
m-extensionObjectClass | 1.3.6.1.4.1.18060.0.4.0.2.9 | An objectclass | - | caseIgnoreMatch | - | - | 1.3.6.1.4.1.1466.115.121.1.15{32768} | no | - |
AttributeType
The AttributeType element is described in RFC 4512 :
No Format |
---|
<AttributeTypeDescription> = <LPAREN> <WSP> <numericoid> <atparameters> <extensions> <WSP> <RPAREN>
// Each parameters should not be seen more than once
<atparameters> ::=
(<SP> "NAME" <SP> <qdescrs> |
Code Block |
<AttributeTypeDescription> = <LPAREN> <WSP> <numericoid> <atparameters> <extensions> <WSP> <RPAREN> // Each parameters should not be seen more than once <atparameters> ::= (<SP> "NAME" <SP> <qdescrs> | <SP> "DESC" <SP> qdstring | <SP> "OBSOLETE" | <SP> "SUP" <SP> <oid> | <SP> "EQUALITY" <SP> <oid> | <SP> "ORDERING" <SP> <oid> | <SP> "SUBSTR" <SP> <oid> | <SP> "SYNTAX" <SP> <noidlen> | <SP> "SINGLE-VALUE" | <SP> "COLLECTIVE" | <SP> "NO-USER-MODIFICATION" | <SP> "USAGEDESC" <SP> <usage>)+ |
Here we have some elements which are already in the schema :
Code Block |
---|
attributetype ( 2.5.4.13
NAME 'description'
DESC 'RFC2256: descriptive information'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024}
)
|
Code Block |
---|
attributetype ( 2.5.4.41
NAME 'name'
DESC 'RFC2256: common supertype of name attributes'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768}
)
|
The other ones must be defined. Here is a table grouping all the missing elements :
...
Name
...
OID
...
Desc
...
Sup
...
Equality
...
Ordering
...
Substr
...
Syntax
...
SingleValue
...
Collective
...
NoUserModification
...
Usage
...
obsolete
qdstring
| <SP> "OBSOLETE"
| <SP> "SUP" <SP> <oid>
| <SP> "EQUALITY" <SP> <oid>
| <SP> "ORDERING" <SP> <oid>
| <SP> "SUBSTR" <SP> <oid>
| <SP> "SYNTAX" <SP> <noidlen>
| <SP> "SINGLE-VALUE"
| <SP> "COLLECTIVE"
| <SP> "NO-USER-MODIFICATION"
| <SP> "USAGE" <SP> <usage>)+
|
Here we have some elements which are already in the schema :
No Format |
---|
attributetype ( 2.5.4.13 NAME 'description' DESC 'RFC2256: descriptive information' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1. |
...
1466.115. |
...
121.1. |
...
The type is obsolete
...
-
...
BooleanMatch
...
-
...
-
...
Boolean
...
yes
...
-
...
yes
...
dSAOperation
15{1024}
)
|
No Format |
---|
attributetype ( 2.5.4.41
NAME 'name'
DESC 'RFC2256: common supertype of name attributes'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX |
...
sup
...
1.3.6.1.4.1.18060.1.1.0.3.7
...
The list of superior
...
-
...
nameOrOidMatch
...
-
...
-
...
NameOrOid
...
yes
...
-
...
yes
...
dSAOperation
...
equality
1.3.6.1.4.1.1466. |
...
115. |
...
121.1.15{32768} ) |
The other ones must be defined. Here is a table grouping all the missing elements :
Name | OID | Desc | Sup | Equality | Ordering | Substr | Syntax | SingleValue | Collective | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
m-supAttributeType | 0.3.8 Equality matching rule | - | nameOrOidMatch | - | - | NameOrOid | yes | - | yes | dSAOperation | ordering | 1.3.6.1.4.1.18060.10.14.0.32.9 10 | The list of superior Ordering matching rule | - | nameOrOidMatch | - | - | NameOrOid | yes | - |
m-equality | yes | dSAOperation | substr | 1.3.6.1.4.1.18060.10.14.0.32.10 11 | Substring Equality matching rule | - | nameOrOidMatch | - | - | NameOrOid | yes | - | yes | dSAOperation | syntax | |||||
m-ordering | 1.3.6.1.4.1.18060.10.14.0.32.11 12 | Ordering matching rule The attribute syntax | - | nameOrOidMatch | - | - | NameOrOid | yes | - | yes | dSAOperation | |||||||||
single-value m-substr | 1.3.6.1.4.1.18060.10.14.0.32.12 13 | Substring matching rule The attribute is single valued | - | BooleanMatch nameOrOidMatch | - | - | Boolean NameOrOid | yes | - | yes | dSAOperation | collective | ||||||||
m-syntax | 1.3.6.1.4.1.18060.10.14.0.32.13 14 | The attribute is collective syntax | - | BooleanMatch nameOrOidMatch | - | - | Boolean NameOrOid | yes | - | yes | dSAOperation | |||||||||
no-user-modification m-singleValue | 1.3.6.1.4.1.18060.10.14.0.32.14 15 | The attribute is protected single valued | - | BooleanMatch | - | - | Boolean | yes | - | yes | dSAOperation | |||||||||
usage m-collective | 1.3.6.1.4.1.18060.10.14.0.32.15 16 | The attribute is collective Type of operation | - | UsageMatch BooleanMatch | - | - | Usage Boolean | yes | - | yes | dSAOperation |
Ordering is useless, so is Substr.
Description of CORE.SCHEMA
We now can define the schemas, using this meta schema
system
ObjectClass top
Section | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
ObjectClass alias
Section | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
core
ObjectClass country
Section | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
ObjectClass locality
Section | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
ObjectClass organization
Section | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
ObjectClass organizationalUnit
Section | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
ObjectClass
...
width | 50% |
---|
RFC 4512
...
Column | ||
---|---|---|
| ||
Using MetaSchema
|
ObjectClass
...
width | 50% |
---|
RFC 4512
...
Column | ||
---|---|---|
| ||
Using MetaSchema
|
ObjectClass
...
width | 50% |
---|
RFC 4512
...
Column | ||
---|---|---|
| ||
Using MetaSchema
|
ObjectClass
...
width | 50% |
---|
RFC 4512
...
Column | ||
---|---|---|
| ||
Using MetaSchema
|
ObjectClass
...
width | 50% |
---|
RFC 4512
...
Column | ||
---|---|---|
| ||
Using MetaSchema
|
ObjectClass
...
width | 50% |
---|
RFC 4512
...
Column | ||
---|---|---|
| ||
Using MetaSchema
|
ObjectClass
...
width | 50% |
---|
RFC 4512
...
width | 50% |
---|
Using MetaSchema
...
m-noUserModification | 1.3.6.1.4.1.18060.0.4.0.2.17 | The attribute is protected | - | BooleanMatch | - | - | Boolean | yes | - |
m-usage | 1.3.6.1.4.1.18060.0.4.0.2.18 | Type of operation | - | UsageMatch | - | - | Usage | yes | - |
m-extensionAttribyteType | 1.3.6.1.4.1.18060.0.4.0.2.19 | Extension for attributeType | - | caseIgnoreMatch | - | - | 1.3.6.1.4.1.1466.115.121.1.15{32768} | no | - |
Ordering is useless, so is Substr.
DITStructureRules
The DITStructureRule element is described in RFC 4512 :
No Format |
---|
<DITStructureRule> = <LPAREN> <WSP> <ruleid> <dsrparameters> <extensions> <WSP> <RPAREN>
// Each parameters should not be seen more than once
<dsrparameters> ::=
( <SP> "NAME" <SP> <qdescrs>
| <SP> "DESC" <SP> qdstring
| <SP> "OBSOLETE"
| <SP> "FORM" <SP> <oid>
| <SP> "SUP" <SP> <ruleids>) +
|
The other ones must be defined. Here is a table grouping all the missing elements :
Name | OID | Desc | Sup | Equality | Ordering | Substr | Syntax | SingleValue | Collective |
---|---|---|---|---|---|---|---|---|---|
m-ruleId | 1.3.6.1.4.1.18060.0.4.0.2.20 | The rule ID | - | ruleIdMatch | - | - | RuleId | yes | - |
m-form | 1.3.6.1.4.1.18060.0.4.0.2.21 | The name form associated | - | oidMatch | - | - | RuleIds | yes | - |
m-supDitStructureRule | 1.3.6.1.4.1.18060.0.4.0.2.22 | The list of superiors | - | ruleIdsMatch | - | - | Oid | no | - |
m-extensionDITStructureRule | 1.3.6.1.4.1.18060.0.4.0.2.23 | Extensions for DITStructureRule | - | caseIgnoreMatch | - | - | 1.3.6.1.4.1.1466.115.121.1.15{32768} | no | - |
NameForms
The NameForm element is described in RFC 4512 :
No Format |
---|
<NameForm> = <LPAREN> <WSP> <numericOid> <nfParameters> <extensions> <WSP> <RPAREN>
// Each parameters should not be seen more than once
<nfParameters> ::=
( <SP> "NAME" <SP> <qdescrs>
| <SP> "DESC" <SP> qdstring
| <SP> "OBSOLETE"
| <SP> "OC" <SP> <oid>
| <SP> "MUST" <SP> <oids>
| <SP> "MAY" <SP> <oids> ) +
|
The other ones must be defined. Here is a table grouping all the missing elements :
Name | OID | Desc | Sup | Equality | Ordering | Substr | Syntax | SingleValue | Collective |
---|---|---|---|---|---|---|---|---|---|
m-oc | 1.3.6.1.4.1.18060.0.4.0.2.24 | The structural ObjectClass | - | numericOidMatch | - | - | Oid | yes | - |
m-extensionNameForm | 1.3.6.1.4.1.18060.0.4.0.2.25 | Extensions for NameForm | - | caseIgnoreMatch | - | - | 1.3.6.1.4.1.1466.115.121.1.15{32768} | no | - |
DITContentRules
The DITContentRule element is described in RFC 4512 :
No Format |
---|
<DITContentRule> = <LPAREN> <WSP> <numericOid> <dcrParameters> <extensions> <WSP> <RPAREN>
// Each parameters should not be seen more than once
<dcrParameters> ::=
( <SP> "NAME" <SP> <qdescrs>
| <SP> "DESC" <SP> qdstring
| <SP> "OBSOLETE"
| <SP> "AUX" <SP> <oids>
| <SP> "MUST" <SP> <oids>
| <SP> "MAY" <SP> <oids>
| <SP> "NOT" <SP> <oids> ) +
|
The other ones must be defined. Here is a table grouping all the missing elements :
Name | OID | Desc | Sup | Equality | Ordering | Substr | Syntax | SingleValue | Collective |
---|---|---|---|---|---|---|---|---|---|
m-aux | 1.3.6.1.4.1.18060.0.4.0.2.26 | List of auxiliary ObjectClasses | - | numericOidMatch | - | - | Oids | no | - |
m-not | 1.3.6.1.4.1.18060.0.4.0.2.27 | List of precluded attribute types | - | numericOidMatch | - | - | Oids | no | - |
m-extensionDITContentRule | 1.3.6.1.4.1.18060.0.4.0.2.28 | Extensions for DITContentRule | - | caseIgnoreMatch | - | - | 1.3.6.1.4.1.1466.115.121.1.15{32768} | no | - |
MatchingRuleUses
The MatchingRuleUse element is described in RFC 4512 :
No Format |
---|
<MatchingRuleUse> = <LPAREN> <WSP> <numericOid> <mruParameters> <extensions> <WSP> <RPAREN>
// Each parameters should not be seen more than once
<mruParameters> ::=
( <SP> "NAME" <SP> <qdescrs>
| <SP> "DESC" <SP> qdstring
| <SP> "OBSOLETE"
| <SP> "APPLIES" <SP> <oids> ) +
|
The other ones must be defined. Here is a table grouping all the missing elements :
Name | OID | Desc | Sup | Equality | Ordering | Substr | Syntax | SingleValue | Collective |
---|---|---|---|---|---|---|---|---|---|
m-applies | 1.3.6.1.4.1.18060.0.4.0.2.29 | List of attribute types the matching rule applies to | - | numericOidMatch | - | - | Oids | no | - |
m-extensionMatchingRuleUse | 1.3.6.1.4.1.18060.0.4.0.2.30 | Extensions for DITContentRule | - | caseIgnoreMatch | - | - | 1.3.6.1.4.1.1466.115.121.1.15{32768} | no | - |
Description of currently existing schemas
All the current schemas objects are described with the new syntax in those pages :
Schema | ObjectClasses | AttributeTypes |
---|---|---|
apache | ||
apachedns | ||
autofs | ||
collective | ||
corba | ||
core | ||
cosine | ||
dhcp | ||
inetorgPerson | ||
java | ||
krb5kdc | ||
misc | ||
mozilla | ||
nis | ||
samba | ||
system |