| Note | ||
|---|---|---|
| ||
This site is in the process of being reviewed and updated. |
| Table of Contents | ||||
|---|---|---|---|---|
|
Introduction
We want to store the schema into ADS as any other entries. We have to define the minimum set of ObjectClasses an AttributeTypes needed to be able to bootstrap the schema.
...
Those are following the following grammar (from RFC 4512 ) :
| Code Blocknoformat |
|---|
<SyntaxDescription> ::=
<LPAREN> <WSP>
<numericoid>
( <SP> "DESC" <SP> <qdstring> )?
<extensions> <WSP>
<RPAREN>
|
Only one is already defined: in http://www.rfc-archive.org/getrfc.php?rfc=4517
34 of them are defined in RFC 4517. For instance, here the definition of Boolean syntax :
| No Format |
|---|
3.3 |
| Code Block |
3.3.3. Boolean
A value of the Boolean syntax is one of the Boolean values, true or
false. The LDAP-specific encoding of a value of this syntax is
defined by the following ABNF:
Boolean = "TRUE" / "FALSE"
The LDAP definition for the Boolean syntax is:
( 1.3.6.1.4.1.1466.115.121.1.7 DESC 'Boolean' )
This syntax corresponds to the BOOLEAN ASN.1 type from [ASN.1].
|
They Here are the new one we need to implement the MetaSchema, described in the following table :
Desc | OID | Extensions | rules | ||
|---|---|---|---|---|---|
nameOrNumericId objectClassType | 1.3.6.1.4.1.18060.0.4.0.0.0 1 | - | Should be one of those 3 strings :
| ||
numericOid | Must be a valid Name or a valid OID | objectClassType | 1.3.6.1.4.1.18060.0.4.0.0.1 2 | - | Must be a valid numeric OID |
attributeTypeUsage | 1.3.6.1.4.1.18060.0.4.0.0.3 | - | Should be one of those 4 strings :
| ||
number | Should be one of those 3 strings :
| oid | 1.3.6.1.4.1.18060.0.4.0.0.2 4 | - | Must be a valid OID number |
oidLen usage | 1.3.6.1.4.1.18060.0.4.0.0.3 5 | - Should be one of those 4 strings : | Must be a valid numeric oid followed | ||
objectName | 1.3.6.1.4.1.18060.0.4.0.0.6 | - | Must be a valid name a-zA-Z(a-zA-Z0-9-;)* dSAOperation |
MatchingRules
The Matching rules are deifned defined in RFC 4512 :
| Code Blocknoformat |
|---|
<MatchingRuleDescription> ::= <LPAREN> <WSP>
<numericoid> <MRParameters>
<SP> "SYNTAX" <SP> <numericoid>
<extensions> <WSP> <RPAREN>
<MRParameters> ::=
( <SP> "NAME" <SP> <qdstrings> |
<SP> "DESC" <SP> <qdstring> |
<SP> "OBSOLETE" )+
|
...
The ObjectClass element is described in RFC 4512 :
| Code Blocknoformat |
|---|
<ObjectClassDescription> ::=
<LPAREN> <SP> <numericoid> <ocparameters> <extensions> <WSP> <RPAREN>
// Each parameters should not be seen more than once
<ocparameters> ::=
( <SP> "NAME" <SP> <qdescrs>
| <SP> "DESC" <SP> <qdstring>
| <SP> "OBSOLETE"
| <SP> "SUP" <SP> <oids>
| <SP> ( "ABSTRACT" | "STRUCTURAL" | "AUXILIARY" )
| <SP> "MUST" <SP> <oids>
| <SP> "MAY" <SP> <oids> )+
|
Here we have some elements which are already in the schema :
| Code Blocknoformat |
|---|
attributetype ( 2.5.4.0 NAME 'objectClass' DESC 'RFC2256: object classes of the entity' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) |
| Code Blocknoformat |
|---|
attributetype ( 2.5.4.13
NAME 'description'
DESC 'RFC2256: descriptive information'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024}
)
|
| Code Blocknoformat |
|---|
attributetype ( 2.5.4.41
NAME 'name'
DESC 'RFC2256: common supertype of name attributes'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768}
)
|
...
Name | OID | Desc | Sup | Equality | Ordering | Substr | Syntax | SingleValue | Collective |
|---|---|---|---|---|---|---|---|---|---|
m-oid | 1.3.6.1.4.1.18060.0.4.0.2.1 | The Object Identifier | - | OidMatch | - | - | OID | yes | - |
m-name | 1.3.6.1.4.1.18060.0.4.0.2.2 | The Object name | - | caseIgnoreMatch | - | caseIgnoreSubstringsMatch | 1.3.6.1.4.1.1466.115.121.1.15objectName {32768} | no | - |
m-description | 1.3.6.1.4.1.18060.0.4.0.2.3 | The object description | - | caseIgnoreMatch | - | caseIgnoreSubstringsMatch | 1.3.6.1.4.1.1466.115.121.1.15{1024} | yes | - |
m-obsolete | 1.3.6.1.4.1.18060.0.4.0.2.4 | The type is obsolete | - | BooleanMatch | - | - | Boolean | yes | - |
m-supObjectClass | 1.3.6.1.4.1.18060.0.4.0.2.5 | The list of superiors | - | NameOrOidMatch | - | - | NameOrOid | no | - |
m-must | 1.3.6.1.4.1.18060.0.4.0.2.6 | The list of mandatory ATs | - | NameOrOidMatch | - | - | NameOrOid | no | - |
m-may | 1.3.6.1.4.1.18060.0.4.0.2.7 | The list of authorized ATs | - | NameOrOidMatch | - | - | NameOrOid | no | - |
m-typeObjectClass | 1.3.6.1.4.1.18060.0.4.0.2.8 | The ObjectClass type | - | TypeObjectClassMatch | - | - | TypeObjectClass | yes | - |
m-extensionObjectClass | 1.3.6.1.4.1.18060.0.4.0.2.9 | An objectclass | - | caseIgnoreMatch | - | - | 1.3.6.1.4.1.1466.115.121.1.15{32768} | no | - |
...
The AttributeType element is described in RFC 4512 :
| Code Blocknoformat |
|---|
<AttributeTypeDescription> = <LPAREN> <WSP> <numericoid> <atparameters> <extensions> <WSP> <RPAREN>
// Each parameters should not be seen more than once
<atparameters> ::=
(<SP> "NAME" <SP> <qdescrs>
| <SP> "DESC" <SP> qdstring
| <SP> "OBSOLETE"
| <SP> "SUP" <SP> <oid>
| <SP> "EQUALITY" <SP> <oid>
| <SP> "ORDERING" <SP> <oid>
| <SP> "SUBSTR" <SP> <oid>
| <SP> "SYNTAX" <SP> <noidlen>
| <SP> "SINGLE-VALUE"
| <SP> "COLLECTIVE"
| <SP> "NO-USER-MODIFICATION"
| <SP> "USAGE" <SP> <usage>)+
|
Here we have some elements which are already in the schema :
| Code Blocknoformat |
|---|
attributetype ( 2.5.4.13
NAME 'description'
DESC 'RFC2256: descriptive information'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024}
)
|
| Code Blocknoformat |
|---|
attributetype ( 2.5.4.41
NAME 'name'
DESC 'RFC2256: common supertype of name attributes'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768}
)
|
...
The DITStructureRule element is described in RFC 4512 :
| Code Blocknoformat |
|---|
<DITStructureRule> = <LPAREN> <WSP> <ruleid> <dsrparameters> <extensions> <WSP> <RPAREN>
// Each parameters should not be seen more than once
<dsrparameters> ::=
( <SP> "NAME" <SP> <qdescrs>
| <SP> "DESC" <SP> qdstring
| <SP> "OBSOLETE"
| <SP> "FORM" <SP> <oid>
| <SP> "SUP" <SP> <ruleids>) +
|
...
Name | OID | Desc | Sup | Equality | Ordering | Substr | Syntax | SingleValue | Collective | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
m-ruleId | 1.3.6.1.4.1.18060.0.4.0.2.20 | The rule ID | - | ruleIdMatch | - | - | RuleId | yes | - | ||||||||
m-form | 1.3.6.1.4.1.18060.0.4.0.2.21 | The name form associated | - | oidMatch | - | - | RuleIds | yes | - | DITStructure rule | - | oidMatch | - | - | RuleIds | yes | - |
m-supDitStructureRule | 1.3.6.1.4.1.18060.0.4.0.2.22 | The list of superiors | - | ruleIdsMatch | - | - | Oid | no | - | ||||||||
m-extensionDITStructureRule | 1.3.6.1.4.1.18060.0.4.0.2.23 | Extensions for DITStructureRule | - | caseIgnoreMatch | - | - | 1.3.6.1.4.1.1466.115.121.1.15{32768} | no | - |
NameForms
The NameForm element is described in RFC 4512 :
| No Format |
|---|
<NameForm> = <LPAREN> <WSP> <numericOid> <nfParameters> <extensions> <WSP> <RPAREN>
// Each parameters should not be seen more than once
<nfParameters> ::=
( <SP> "NAME" <SP> <qdescrs>
| <SP> "DESC" <SP> qdstring
| <SP> "OBSOLETE"
| <SP> "OC" <SP> <oid>
| <SP> "MUST" <SP> <oids>
| <SP> "MAY" <SP> <oids> ) +
|
The other ones must be defined. Here is a table grouping all the missing elements :
Name | OID | Desc | Sup | Equality | Ordering | Substr | Syntax | SingleValue | Collective |
|---|---|---|---|---|---|---|---|---|---|
m-oc m-supDitStructureRule | 1.3.6.1.4.1.18060.0.4.0.2.22 24 | The list of superiors structural ObjectClass | - | numericOidMatch ruleIdsMatch | - | - | Oid | yes no | - |
m-extensionDITStructureRule extensionNameForm | 1.3.6.1.4.1.18060.0.4.0.2.23 25 | Extensions for DITStructureRule NameForm | - | caseIgnoreMatch | - | - | 1.3.6.1.4.1.1466.115.121.1.15{32768} | no | - |
...
DITContentRules
The NameForm DITContentRule element is described in RFC 4512 :
| Code Blocknoformat |
|---|
<NameForm><DITContentRule> = <LPAREN> <WSP> <numericOid> <nfParameters><dcrParameters> <extensions> <WSP> <RPAREN> // Each parameters should not be seen more than once <nfParameters><dcrParameters> ::= ( <SP> "NAME" <SP> <qdescrs> | <SP> "DESC" <SP> qdstring || <SP> "OBSOLETE" | <SP> "AUX" <SP> "OBSOLETE"<oids> | <SP> "OCMUST" <SP> <oid><oids> | <SP> "MUSTMAY" <SP> <oids> | <SP> "MAYNOT" <SP> <oids> ) + |
The other ones must be defined. Here is a table grouping all the missing elements :
Name | OID | Desc | Sup | Equality | Ordering | Substr | Syntax | SingleValue | Collective | ||
|---|---|---|---|---|---|---|---|---|---|---|---|
m-aux | 1.3.6.1.4.1.18060.0.4.0.2.26 | List of auxiliary ObjectClasses | - | numericOidMatch | - | - | Oids | no | - | ||
m-not oc | 1.3.6.1.4.1.18060.0.4.0.2.24 | The structural ObjectClass | 27 | List of precluded attribute types | - | numericOidMatch | - | - | Oid Oids | yes no | - |
m-extensionNameForm extensionDITContentRule | 1.3.6.1.4.1.18060.0.4.0.2.25 28 | Extensions for NameForm DITContentRule | - | caseIgnoreMatch | - | - | 1.3.6.1.4.1.1466.115.121.1.15{32768} | no | - |
...
MatchingRuleUses
The DITContentRule MatchingRuleUse element is described in RFC 4512 :
| Code Blocknoformat |
|---|
<DITContentRule><MatchingRuleUse> = <LPAREN> <WSP> <numericOid> <dcrParameters><mruParameters> <extensions> <WSP> <RPAREN> // Each parameters should not be seen more than once <dcrParameters> ::= ( <SP> "NAME" <SP> <qdescrs> | <SP> "DESC" <SP> qdstring | <SP> "OBSOLETE"// Each parameters should not be seen more than once <mruParameters> ::= |( <SP> "AUXNAME" <SP> <oids><qdescrs> | <SP> "MUSTDESC" <SP> <oids>qdstring | <SP> "MAYOBSOLETE" <SP> <oids> | <SP> "NOTAPPLIES" <SP> <oids> ) + |
The other ones must be defined. Here is a table grouping all the missing elements :
Name | OID | Desc | Sup | Equality | Ordering | Substr | Syntax | SingleValue | Collective |
|---|---|---|---|---|---|---|---|---|---|
m-aux applies | 1.3.6.1.4.1.18060.0.4.0.2.26 29 | List of auxiliary ObjectClasses attribute types the matching rule applies to | - | numericOidMatch | - | - | Oids | no | - |
m-extensionDITContentRule extensionMatchingRuleUse | 1.3.6.1.4.1.18060.0.4.0.2.27 30 | Extensions for DITContentRule | - | caseIgnoreMatch | - | - | 1.3.6.1.4.1.1466.115.121.1.15{32768} | no | - |
...