| Note | ||
|---|---|---|
| ||
This site is in the process of being reviewed and updated. |
| Table of Contents | ||||
|---|---|---|---|---|
|
Introduction
We want to store the schema into ADS as any other entries. We have to define the minimum set of ObjectClasses an AttributeTypes needed to be able to bootstrap the schema.
...
Those are following the following grammar (from RFC 4512 ) :
| Code Blocknoformat |
|---|
<SyntaxDescription> ::=
<LPAREN> <WSP>
<numericoid>
( <SP> "DESC" <SP> <qdstring> )?
<extensions> <WSP>
<RPAREN>
|
Only one is already defined: in http://www.rfc-archive.org/getrfc.php?rfc=4517
34 of them are defined in RFC 4517. For instance, here the definition of Boolean syntax :
| No Format |
|---|
3. |
| Code Block |
3.3.3. Boolean A value of the Boolean syntax is one of the Boolean values, true or false. The LDAP-specific encoding of a value of this syntax is defined by the following ABNF: Boolean = "TRUE" / "FALSE" The LDAP definition for the Boolean syntax is: ( 1.3.6.1.4.1.1466.115.121.1.7 DESC 'Boolean' ) This syntax corresponds to the BOOLEAN ASN.1 type from [ASN.1]. |
They Here are the new one we need to implement the MetaSchema, described in the following table :
Desc | OID | Extensions | rules | ||
|---|---|---|---|---|---|
nameOrNumericId objectClassType | 1.3.6.1.4.1.18060.0.4.0.0.0 1 | - | Should be one of those 3 strings :
| ||
numericOid | Must be a valid Name or a valid OID | objectClassType | 1.3.6.1.4.1.18060.0.4.0.0.1 2 | - | Must be a valid numeric OID |
attributeTypeUsage | 1.3.6.1.4.1.18060.0.4.0.0.3 | - | Should be one of those 4 strings :
| ||
number | Should be one of those 3 strings :
| oid | 1.3.6.1.4.1.18060.0.4.0.0.2 4 | - | Must be a valid OID number |
oidLen usage | 1.3.6.1.4.1.18060.0.4.0.0.3 5 | - Should be one of those 4 strings : | Must be a valid numeric oid followed | ||
objectName | 1.3.6.1.4.1.18060.0.4.0.0.6 | - | Must be a valid name a-zA-Z(a-zA-Z0-9-;)* dSAOperation |
MatchingRules
The Matching rules are deifned defined in RFC 4512 :
| Code Blocknoformat |
|---|
<MatchingRuleDescription> ::= <LPAREN> <WSP>
<numericoid> <MRParameters>
<SP> "SYNTAX" <SP> <numericoid>
<extensions> <WSP> <RPAREN>
<MRParameters> ::=
( <SP> "NAME" <SP> <qdstrings> |
<SP> "DESC" <SP> <qdstring> |
<SP> "OBSOLETE" )+
|
...
The ObjectClass element is described in RFC 4512 :
| Code Blocknoformat |
|---|
<ObjectClassDescription> ::=
<LPAREN> <SP> <numericoid> <ocparameters> <extensions> <WSP> <RPAREN>
// Each parameters should not be seen more than once
<ocparameters> ::=
( <SP> "NAME" <SP> <qdescrs>
| <SP> "DESC" <SP> <qdstring>
| <SP> "OBSOLETE"
| <SP> "SUP" <SP> <oids>
| <SP> ( "ABSTRACT" | "STRUCTURAL" | "AUXILIARY" )
| <SP> "MUST" <SP> <oids>
| <SP> "MAY" <SP> <oids> )+
|
Here we have some elements which are already in the schema :
| Code Blocknoformat |
|---|
attributetype ( 2.5.4.0 NAME 'objectClass' DESC 'RFC2256: object classes of the entity' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) |
| Code Blocknoformat |
|---|
attributetype ( 2.5.4.13
NAME 'description'
DESC 'RFC2256: descriptive information'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024}
)
|
| Code Blocknoformat |
|---|
attributetype ( 2.5.4.41
NAME 'name'
DESC 'RFC2256: common supertype of name attributes'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768}
)
|
...
Name | OID | Desc | Sup | Equality | Ordering | Substr | Syntax | SingleValue | Collective |
|---|---|---|---|---|---|---|---|---|---|
m-oid | 1.3.6.1.4.1.18060.0.4.0.2.1 | The Object Identifier | - | OidMatch | - | - | OID | yes | - |
m-name | 1.3.6.1.4.1.18060.0.4.0.2.2 | The Object name | - | caseIgnoreMatch | - | caseIgnoreSubstringsMatch | 1.3.6.1.4.1.1466.115.121.1.15objectName {32768} | no | - |
m-description | 1.3.6.1.4.1.18060.0.4.0.2.3 | The object description | - | caseIgnoreMatch | - | caseIgnoreSubstringsMatch | 1.3.6.1.4.1.1466.115.121.1.15{1024} | yes | - |
m-obsolete | 1.3.6.1.4.1.18060.0.4.0.2.4 | The type is obsolete | - | BooleanMatch | - | - | Boolean | yes | - |
m-supObjectClass | 1.3.6.1.4.1.18060.0.4.0.2.5 | The list of superiors | - | NameOrOidMatch | - | - | NameOrOid | no | - |
m-must | 1.3.6.1.4.1.18060.0.4.0.2.6 | The list of mandatory ATs | - | NameOrOidMatch | - | - | NameOrOid | no | - |
m-may | 1.3.6.1.4.1.18060.0.4.0.2.7 | The list of authorized ATs | - | NameOrOidMatch | - | - | NameOrOid | no | - |
m-typeObjectClass | 1.3.6.1.4.1.18060.0.4.0.2.8 | The ObjectClass type | - | TypeObjectClassMatch | - | - | TypeObjectClass | yes | - |
m-extensionObjectClass | 1.3.6.1.4.1.18060.0.4.0.2.9 | An objectclass | - | caseIgnoreMatch | - | - | 1.3.6.1.4.1.1466.115.121.1.15{32768} | no | - |
...
The AttributeType element is described in RFC 4512 :
| Code Blocknoformat |
|---|
<AttributeTypeDescription> = <LPAREN> <WSP> <numericoid> <atparameters> <extensions> <WSP> <RPAREN>
// Each parameters should not be seen more than once
<atparameters> ::=
(<SP> "NAME" <SP> <qdescrs>
| <SP> "DESC" <SP> qdstring
| <SP> "OBSOLETE"
| <SP> "SUP" <SP> <oid>
| <SP> "EQUALITY" <SP> <oid>
| <SP> "ORDERING" <SP> <oid>
| <SP> "SUBSTR" <SP> <oid>
| <SP> "SYNTAX" <SP> <noidlen>
| <SP> "SINGLE-VALUE"
| <SP> "COLLECTIVE"
| <SP> "NO-USER-MODIFICATION"
| <SP> "USAGE" <SP> <usage>)+
|
Here we have some elements which are already in the schema :
| Code Blocknoformat |
|---|
attributetype ( 2.5.4.13
NAME 'description'
DESC 'RFC2256: descriptive information'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024}
)
|
| Code Blocknoformat |
|---|
attributetype ( 2.5.4.41
NAME 'name'
DESC 'RFC2256: common supertype of name attributes'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768}
)
|
...
Name | OID | Desc | Sup | Equality | Ordering | Substr | Syntax | SingleValue | Collective | ||
|---|---|---|---|---|---|---|---|---|---|---|---|
m-supAttributeType | 1.3.6.1.4.1.18060.0.4.0.2.10 | The list of superior | - | nameOrOidMatch | - | - | NameOrOid | yes | - | ||
m-equality | 1.3.6.1.4.1.18060.0.4.0.2.11 | Equality matching rule | - | nameOrOidMatch | - | - | NameOrOid | yes | - | ||
m-ordering | 1.3.6.1.4.1.18060.0.4.0.2.12 | Ordering matching rule | - | nameOrOidMatch | - | - | NameOrOid | yes | - | ||
m-substr | 1.3.6.1.4.1.18060.0.4.0.2.13 | Substring matching rule | - | nameOrOidMatch | - | - | NameOrOid | yes | - | ||
m-syntax | 1.3.6.1.4.1.18060.0.4.0.2.14 | The attribute syntax | - | nameOrOidMatch | - | - | NameOrOid | yes | - | ||
m-singleValue | 1.3.6.1.4.1.18060.0.4.0.2.15 | The attribute is single valued | - | BooleanMatch | - | - | Boolean | yes | - | ||
m-collective | 1.3.6.1.4.1.18060.0.4.0.2.16 | The attribute is collective | - | BooleanMatch | - | - | Boolean | yes | - | ||
m-noUserModification | 1.3.6.1.4.1.18060.0.4.0.2.17 | The attribute is protected | - | BooleanMatch | - | - | Boolean | yes | - | ||
m-usage | 1.3.6.1.4.1.18060.0.4.0.2.18 | Type of operation | - | operation | - | UsageMatch | - | - | Usage | yes | - |
m-extensionAttribyteType | 1.3.6.1.4.1.18060.0.4.0.2.19 | Extension for attributeType | - | caseIgnoreMatch | - | - | 1.3.6.1.4.1.1466.115.121.1.15{32768} | no | - |
Ordering is useless, so is Substr.
DITStructureRules
The DITStructureRule element is described in RFC 4512 :
| No Format |
|---|
<DITStructureRule> = <LPAREN> <WSP> <ruleid> <dsrparameters> <extensions> <WSP> <RPAREN>
// Each parameters should not be seen more than once
<dsrparameters> ::=
( <SP> "NAME" <SP> <qdescrs>
| <SP> "DESC" <SP> qdstring
| <SP> "OBSOLETE"
| <SP> "FORM" <SP> <oid>
| <SP> "SUP" <SP> <ruleids>) +
|
The other ones must be defined. Here is a table grouping all the missing elements :
Name | OID | Desc | Sup | Equality | Ordering | Substr | Syntax | SingleValue | Collective |
|---|---|---|---|---|---|---|---|---|---|
m-ruleId | 1.3.6.1.4.1.18060.0.4.0.2.20 | The rule ID | - | ruleIdMatch | - | - | RuleId | yes | - |
m-form | 1.3.6.1.4.1.18060.0.4.0.2.21 | The name form associated | - | oidMatch | - | - | RuleIds | yes | - |
m-supDitStructureRule | 1.3.6.1.4.1.18060.0.4.0.2.22 | The list of superiors | - | ruleIdsMatch | - | - | Oid | no | - |
m-extensionDITStructureRule | 1.3.6.1.4.1.18060.0.4.0.2.23 | Extensions for DITStructureRule | - | caseIgnoreMatch | - | - | 1.3.6.1.4.1.1466.115.121.1.15{32768} | no | - |
NameForms
The NameForm element is described in RFC 4512 :
| No Format |
|---|
<NameForm> = <LPAREN> <WSP> <numericOid> <nfParameters> <extensions> <WSP> <RPAREN>
// Each parameters should not be seen more than once
<nfParameters> ::=
( <SP> "NAME" <SP> <qdescrs>
| <SP> "DESC" <SP> qdstring
| <SP> "OBSOLETE"
| <SP> "OC" <SP> <oid>
| <SP> "MUST" <SP> <oids>
| <SP> "MAY" <SP> <oids> ) +
|
The other ones must be defined. Here is a table grouping all the missing elements :
Name | OID | Desc | Sup | Equality | Ordering | Substr | Syntax | SingleValue | Collective |
|---|---|---|---|---|---|---|---|---|---|
m-oc | 1.3.6.1.4.1.18060.0.4.0.2.24 | The structural ObjectClass | - | numericOidMatch UsageMatch | - | - | Usage Oid | yes | - |
m-extensionAttribyteType extensionNameForm | 1.3.6.1.4.1.18060.0.4.0.2.19 25 | Extension Extensions for attributeType NameForm | - | caseIgnoreMatch | - | - | 1.3.6.1.4.1.1466.115.121.1.15{32768} | no | - |
Ordering is useless, so is Substr.
...
DITContentRules
The DITStructureRule DITContentRule element is described in RFC 4512 :
| Code Blocknoformat |
|---|
<DITStructureRule><DITContentRule> = <LPAREN> <WSP> <ruleid><numericOid> <dsrparameters><dcrParameters> <extensions> <WSP> <RPAREN> // Each parameters should not be seen more than once <dsrparameters><dcrParameters> ::= ( <SP> "NAME" <SP> <qdescrs> | <SP> "DESC" <SP> qdstring | <SP> <qdescrs> "OBSOLETE" | <SP> "DESCAUX" <SP> qdstring<oids> | <SP> "OBSOLETEMUST" <SP> <oids> | <SP> "FORMMAY" <SP> <oid><oids> | <SP> "SUPNOT" <SP> <oids> <ruleids>) + |
The other ones must be defined. Here is a table grouping all the missing elements :
Name | OID | Desc | Sup | Equality | Ordering | Substr | Syntax | SingleValue | Collective | |||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
m-ruleId | 1.3.6.1.4.1.18060.0.4.0.2.20 | The rule ID | - | ruleIdMatch | - | - | RuleId | yes | - | |||
OID | Desc | Sup | Equality | Ordering | Substr | Syntax | SingleValue | Collective | ||||
m-aux m-form | 1.3.6.1.4.1.18060.0.4.0.2.21 | The name form associated | - | 26 | List of auxiliary ObjectClasses | - | numericOidMatch oidMatch | - | - | RuleIds Oids | yes no | - |
m-supDitStructureRule not | 1.3.6.1.4.1.18060.0.4.0.2.22 27 | List of precluded attribute types The list of superiors | - | numericOidMatch ruleIdsMatch | - | - | Oid Oids | no | - | |||
m-extensionDITStructureRule extensionDITContentRule | 1.3.6.1.4.1.18060.0.4.0.2.23 28 | Extensions for DITStructureRule DITContentRule | - | caseIgnoreMatch | - | - | 1.3.6.1.4.1.1466.115.121.1.15{32768} | no | - |
...
MatchingRuleUses
The NameForm MatchingRuleUse element is described in RFC 4512 :
| Code Blocknoformat |
|---|
<NameForm><MatchingRuleUse> = <LPAREN> <WSP> <numericOid> <nfParameters><mruParameters> <extensions> <WSP> <RPAREN> // Each parameters should not be seen more than once <nfParameters><mruParameters> ::= ( <SP> "NAME" <SP> <qdescrs> | <SP> "DESC" <SP> qdstring | <SP> "OBSOLETE" | <SP> "OC" <SP> <oid> | <SP> "MUST" <SP> <oids> OBSOLETE" | <SP> "MAYAPPLIES" <SP> <oids> ) + |
The other ones must be defined. Here is a table grouping all the missing elements :
Name | OID | Desc | Sup | Equality | Ordering | Substr | Syntax | SingleValue | Collective | |
|---|---|---|---|---|---|---|---|---|---|---|
m-oc applies | 1.3.6.1.4.1.18060.0.4.0.2.24 29 | List of attribute types the matching rule applies to The structural ObjectClass | - | numericOidMatch | - | - | Oid Oids | yes no | - | |
m-extensionNameForm extensionMatchingRuleUse | 1.3.6.1.4.1.18060.0.4.0.2.25 30 | Extensions for NameForm DITContentRule | - | caseIgnoreMatch | - | - |
| 1.3.6.1.4.1.1466.115.121.1.15{32768} | no yes | - |
Description of currently existing schemas
...