Versions Compared

Old Version 7

changes.mady.by.user Emmanuel Lécharny

Saved on

compared with

New Version Current

changes.mady.by.user Emmanuel Lécharny

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3
Note
titleWork in progress

This site is in the process of being reviewed and updated.

Table of Contents
indent20px
typelist

Introduction

We want to store the schema into ADS as any other entries. We have to define the minimum set of ObjectClasses an AttributeTypes needed to be able to bootstrap the schema.

All the ObjectClass will depend on the MetaObjectClass element, which is hard wired in the server.
All the AttributeTypes will depend on the MetaAttributeType element, which is hard wired in the server.

Note

The new Syntaxes will use the OIDs  1.3.6.1.4.1.18060.0.4.0.0.N
The new MatchingRules will use the OIDs 1.3.6.1.4.1.18060.0.4.0.1.N
The new AttributesType will use the OIDs 1.3.6.1.4.1.18060.0.4.0.2.N
The new ObjectClasses will use the OIDs 1.3.6.1.4.1.18060.0.4.0.3.N
The new ObjectClasses DITStructureRules will use the OIDs 1.3.6.1.4.1.18060.0.4.0.4.N
The new NameForms will use the OIDs 1.3.6.1.4.1.18060.0.4.0.5.N

We will use OIDs  1.3.6.1.4.1.18060.1.1.0.0.N for Meta objects.

Here, the prefix 1.3.6.1.4.1.18060 is the one declared to IANA to represent the Apache Foundation and the next 1.1 values are used specifically for Apache Directory.

Elements of the Meta-Schema

The MetaSchema will be presented in MetaSchema schema, but before, we must define some elements in this page.

Syntaxes

We must define the minimum set of syntaxes.

Those are following the following grammar (from RFC 4512 ) :

No Format

<SyntaxDescription> ::=
    <LPAREN> <WSP>
         <numericoid>
         ( <SP> "DESC" <SP> <qdstring> )?
         <extensions> <WSP>
    <RPAREN>

34 of them are defined in  RFC 4517. For instance, here the definition of Boolean syntax :

No Format

3.3.3.  Boolean

   A value of the Boolean syntax is one of the Boolean values, true or
   false.  The LDAP-specific encoding of a value of this syntax is
   defined by the following ABNF:

      Boolean = "TRUE" / "FALSE"

   The LDAP definition for the Boolean syntax is:

      ( 1.3.6.1.4.1.1466.115.121.1.7 DESC 'Boolean' )

   This syntax corresponds to the BOOLEAN ASN.1 type from [ASN.1].

Here are the new one we need to implement the MetaSchema, described in the following table :

Desc

OID

Extensions

rules

objectClassType

1.3.6.1.4.1.18060.0.4.0.0.1

-

Should be one of those 3 strings :

  • ABSTRACT
  • STRUCTURAL
  • AUXILIARY

numericOid

1.3.6.1.4.1.18060.0.4.0.0.2

-

Must be a valid numeric OID

attributeTypeUsage

1.3.6.1.4.1.18060.0.4.0.0.3

-

Should be one of those 4 strings :

  • userApplications
  • directoryOperation
  • distributedOperation
  • dSAOperation

number

1.3.6.1.4.1.18060.0.4.0.0.4

-

Must be a number

oidLen

1.3.6.1.4.1.18060.0.4.0.0.5

-

Must be a valid numeric oid followed
by a length constraint

objectName

1.3.6.1.4.1.18060.0.4.0.0.6

-

Must be a valid name a-zA-Z(a-zA-Z0-9-;)*

MatchingRules

The Matching rules are defined in RFC 4512 :

No Format

<MatchingRuleDescription> ::= <LPAREN> <WSP>
         <numericoid> <MRParameters>
         <SP> "SYNTAX" <SP> <numericoid>
         <extensions> <WSP> <RPAREN>

<MRParameters> ::=
    ( <SP> "NAME" <SP> <qdstrings> |
    <SP> "DESC" <SP> <qdstring> |
    <SP> "OBSOLETE" )+

Here are the new MatchingRules :

Name

OID

Desc

Obsolete

Syntax

Extensions

OidMatch

1.3.6.1.4.1.18060.1.1.0.2.1

Match an OID

no

OID

-

BooleanMatch

1.3.6.1.4.1.18060.1.1.0.2.2

Match a Boolean

no

Boolean

-

NameOrOidMatch

1.3.6.1.4.1.18060.1.1.0.2.3

Match a name or an OID

no

NameOrOid

-

TypeMatch

1.3.6.1.4.1.18060.1.1.0.2.4

Match a type of ObjectClass

no

Type

-

UsageMatch

1.3.6.1.4.1.18060.1.1.0.2.5

Match an attributeType Usage

no

Usage

-

ObjectClasses

The ObjectClass element is described in RFC 4512 :

Code Blocknoformat
<ObjectClassDescription> ::=
          <LPAREN> <SP> <numericoid> <ocparameters> <extensions> <WSP> <RPAREN>

// Each parameters should not be seen more than once
<ocparameters>  ::=
    ( <SP> "NAME" <SP> <qdescrs>
    | <SP> "DESC" <SP> <qdstring>
    | <SP> "OBSOLETE"
    | <SP> "SUP" <SP> <oids>
    | <SP> ( "ABSTRACT" | "STRUCTURAL" | "AUXILIARY" )
    | <SP> "MUST" <SP> <oids>
    | <SP> "MAY" <SP> <oids> )+

Here we have some elements which are already in the schema :

Code Blocknoformat
attributetype ( 2.5.4.0
	NAME 'objectClass'
	DESC 'RFC2256: object classes of the entity'
	EQUALITY objectIdentifierMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
 )
Code Blocknoformat
attributetype ( 2.5.4.13
	NAME 'description'
	DESC 'RFC2256: descriptive information'
	EQUALITY caseIgnoreMatch
	SUBSTR caseIgnoreSubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024}
 )
Code Blocknoformat
attributetype ( 2.5.4.41
	NAME 'name'
	DESC 'RFC2256: common supertype of name attributes'
	EQUALITY caseIgnoreMatch
	SUBSTR caseIgnoreSubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768}
 )

...

Name

OID

Desc

Sup

Equality

Ordering

Substr

Syntax

SingleValue

Collective

NoUserModification

Usage

m-oid

1.3.6.1.4.1.18060.0.4.0.2.1

The Object Identifier

-

OidMatch

-

-

OID

yes

-

m-name obsolete

1.3.6.1.4.1.18060.0.4.0.2.2

The Object name

-

caseIgnoreMatch

-

caseIgnoreSubstringsMatch

objectName {32768}

no

-

m-description

1.3.6.1.4.1.18060.0.4.0.2.3

The object description

-

caseIgnoreMatch

-

caseIgnoreSubstringsMatch

1.3.6.1.4.1.1466.115.121.1.15{1024}

yes

-

m-obsolete

1.3.6.1.4.1.18060.0.4.0.2.4

The type is obsolete

-

BooleanMatch

-

-

Boolean

yes

-

yes

dSAOperation

m-supObjectClass

sup

1.3.6.1.4.1.18060.10.14.0.32.2 5

The list of superior superiors

-

NamesOrOidsMatch NameOrOidMatch

-

-

NamesOrOids NameOrOid

no

-

yes

dSAOperation

m-must

1.3.6.1.4.1.18060.10.14.0.32.3 6

The list of mandatory AT ATs

-

NamesOrOidsMatch NameOrOidMatch

-

-

NamesOrOids NameOrOid

no

-

yes

dSAOperation

m-may

1.3.6.1.4.1.18060.10.14.0.32.4 7

The list of authorized AT ATs

-

NamesOrOidsMatch NameOrOidMatch

-

-

NamesOrOids NameOrOid

no

-

yes

dSAOperation

type m-typeObjectClass

1.3.6.1.4.1.18060.10.14.0.32.5 8

The ObjectClass type

-

TypeMatch TypeObjectClassMatch

-

-

Type TypeObjectClass

yes

-

yes

m-extensionObjectClass

1.3.6.1.4.1.18060.0.4.0.2.9

An objectclass
extension

-

caseIgnoreMatch

-

-

1.3.6.1.4.1.1466.115.121.1.15{32768}

no

- dSAOperation

AttributeType

The AttributeType element is described in RFC 4512 :

Code Blocknoformat
<AttributeTypeDescription> = <LPAREN> <WSP> <numericoid> <atparameters> <extensions> <WSP> <RPAREN>

// Each parameters should not be seen more than once
<atparameters>  ::=
    (<SP> "NAME" <SP> <qdescrs>
    | <SP> "DESC" <SP> qdstring
    | <SP> "OBSOLETE"
    | <SP> "SUP" <SP> <oid>
    | <SP> "EQUALITY" <SP> <oid>
    | <SP> "ORDERING" <SP> <oid>
    | <SP> "SUBSTR" <SP> <oid>
    | <SP> "SYNTAX" <SP> <noidlen>
    | <SP> "SINGLE-VALUE"
    | <SP> "COLLECTIVE"
    | <SP> "NO-USER-MODIFICATION"
    | <SP> "USAGE" <SP> <usage>)+

Here we have some elements which are already in the schema :

Code Blocknoformat
attributetype ( 2.5.4.13
	NAME 'description'
	DESC 'RFC2256: descriptive information'
	EQUALITY caseIgnoreMatch
	SUBSTR caseIgnoreSubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024}
 )
Code Blocknoformat
attributetype ( 2.5.4.41
	NAME 'name'
	DESC 'RFC2256: common supertype of name attributes'
	EQUALITY caseIgnoreMatch
	SUBSTR caseIgnoreSubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768}
 )

...

Name

OID

Desc

Sup

Equality

Ordering

Substr

Syntax

SingleValue

Collective

NoUserModification

Usage

m-supAttributeType

obsolete

1.3.6.1.4.1.18060.10.14.0.32.6 10

The type is obsolete list of superior

-

BooleanMatch nameOrOidMatch

-

-

Boolean NameOrOid

yes

-

yes

dSAOperation

sup m-equality

1.3.6.1.4.1.18060.10.14.0.32.7 11

Equality matching rule The list of superior

-

nameOrOidMatch

-

-

NameOrOid

yes

-

yes

dSAOperation

equality

m-ordering

1.3.6.1.4.1.18060.10.14.0.32.8 12

Equality Ordering matching rule

-

nameOrOidMatch nameOrOidMatch

-

-

NameOrOid

yes

-

yes

dSAOperation

ordering

m-substr

1.3.6.1.4.1.18060.10.14.0.32.9 13

Ordering Substring matching rule

-

nameOrOidMatch nameOrOidMatch

-

-

NameOrOid

yes

-

yes

dSAOperation

substr

m-syntax

1.3.6.1.4.1.18060.10.14.0.32.10 14

The attribute syntax Substring matching rule

-

nameOrOidMatch nameOrOidMatch

-

-

NameOrOid

yes

-

m-singleValue

1.3.6.1.4.1.18060.0.4.0.2.15

The attribute is single valued

-

BooleanMatch

-

-

Boolean

yes

dSAOperation - syntax

m-collective

1.3.6.1.4.1.18060.10.14.0.32.11 16

The attribute syntax is collective

-

nameOrOidMatch BooleanMatch

-

-

NameOrOid Boolean

yes

-

yes

dSAOperation

single-value m-noUserModification

1.3.6.1.4.1.18060.10.14.0.32.12 17

The attribute is single valued protected

-

BooleanMatch

-

-

Boolean

yes

-

yes

dSAOperation

m-usage

1.3.6.1.4.1.18060.0.4.0.2.18

Type of operation

-

UsageMatch

-

-

Usage

yes

-

m-extensionAttribyteType collective

1.3.6.1.4.1.18060.0.4.0.2.19

Extension for attributeType

-

caseIgnoreMatch

-

-

1.3.6.1.4.1.1466.115.121.1.15{32768}

no

-

Ordering is useless, so is Substr.

DITStructureRules

The DITStructureRule element is described in RFC 4512 :

No Format

<DITStructureRule> = <LPAREN> <WSP> <ruleid> <dsrparameters> <extensions> <WSP> <RPAREN>

// Each parameters should not be seen more than once
<dsrparameters>  ::=
    ( <SP> "NAME" <SP> <qdescrs>
    | <SP> "DESC" <SP> qdstring
    | <SP> "OBSOLETE"
    | <SP> "FORM" <SP> <oid>
    | <SP> "SUP" <SP> <ruleids>) +

The other ones must be defined. Here is a table grouping all the missing elements :

Name

OID

Desc

Sup

Equality

Ordering

Substr

Syntax

SingleValue

Collective

m-ruleId

1.3.6.1.4.1.18060.0.4.0.2.20

The rule ID

-

ruleIdMatch

-

-

RuleId

yes

-

m-form 

1.3.13 .6.1.4.1.18060.0.4.0.2.21

The name form associated
with this DITStructure rule The attribute is collective

-

BooleanMatch oidMatch

-

-

Boolean RuleIds

yes

-

yes

dSAOperation

m-supDitStructureRule

1.3.6.1.4.1.18060.0.4.0.2.22

The list of superiors

-

ruleIdsMatch

-

-

Oid

no

-

m-extensionDITStructureRule no-user-modification

1.3.6.1.4.1.18060.0.4.0.2.23

Extensions for DITStructureRule

-

caseIgnoreMatch

-

-

1.3.6.1.4.1.0.3.14 1466.115.121.1.15{32768}

no

-

NameForms

The NameForm element is described in RFC 4512 :

No Format

<NameForm> = <LPAREN> <WSP> <numericOid> <nfParameters> <extensions> <WSP> <RPAREN>

// Each parameters should not be seen more than once
<nfParameters>  ::=
    ( <SP> "NAME" <SP> <qdescrs>
    | <SP> "DESC" <SP> qdstring
    | <SP> "OBSOLETE"
    | <SP> "OC" <SP> <oid>
    | <SP> "MUST" <SP> <oids>
    | <SP> "MAY" <SP> <oids> ) +

The other ones must be defined. Here is a table grouping all the missing elements :

Name

OID

Desc

Sup

Equality

Ordering

Substr

Syntax

SingleValue

Collective

m-oc

1.3.6.1.4.1.18060.0.4.0.2.24

The structural ObjectClass

-

numericOidMatch

The attribute is protected

-

BooleanMatch

-

-

Boolean

yes

-

yes

dSAOperation

Oid

yes

-

m-extensionNameForm

1.3.6.1.4.1.18060.0.4.0.2.25

Extensions for NameForm

-

caseIgnoreMatch

-

-

1.3.6.1.4.1.1466.115.121.1.15{32768}

no

-

DITContentRules

The DITContentRule element is described in RFC 4512 :

No Format

<DITContentRule> = <LPAREN> <WSP> <numericOid> <dcrParameters> <extensions> <WSP> <RPAREN>

// Each parameters should not be seen more than once
<dcrParameters>  ::=
    ( <SP> "NAME" <SP> <qdescrs>
    | <SP> "DESC" <SP> qdstring
    | <SP> "OBSOLETE"
    | <SP> "AUX" <SP> <oids>
    | <SP> "MUST" <SP> <oids>
    | <SP> "MAY" <SP> <oids>
    | <SP> "NOT" <SP> <oids> ) +

The other ones must be defined. Here is a table grouping all the missing elements :

Name

OID

Desc

Sup

Equality

Ordering

Substr

Syntax

SingleValue

Collective

m-aux usage

1.3.6.1.4.1.18060.0.4.0.2.26

List of auxiliary ObjectClasses

-

numericOidMatch

-

-

Oids

no

-

m-not

1.3.6.1.4.1.18060.0.3.15

Type of operation

-

4.0.2.27

List of precluded attribute types

-

numericOidMatch

-

-

Oids

no UsageMatch

-

m-

Usage

yes

-

yes

dSAOperation

...

extensionDITContentRule

1.3.6.1.4.1.18060.0.4.0.2.28

Extensions for DITContentRule

-

caseIgnoreMatch

-

-

1.3.6.1.4.1.1466.115.121.1.15{32768}

no

-

MatchingRuleUses

The MatchingRuleUse element is described in RFC 4512 :

No Format

<MatchingRuleUse> = <LPAREN> <WSP> <numericOid> <mruParameters> <extensions> <WSP> <RPAREN>

// Each parameters should not be seen more than once
<mruParameters>  ::=
    ( <SP> "NAME" <SP> <qdescrs>
    | <SP> "DESC" <SP> qdstring
    | <SP> "OBSOLETE"
    | <SP> "APPLIES" <SP> <oids> ) +

The other ones must be defined. Here is a table grouping all the missing elements :

Name

OID

Desc

Sup

Equality

Ordering

Substr

Syntax

SingleValue

Collective

m-applies

1.3.6.1.4.1.18060.0.4.0.2.29

List of attribute types the matching rule applies to

-

numericOidMatch

-

-

Oids

no

-

m-extensionMatchingRuleUse

1.3.6.1.4.1.18060.0.4.0.2.30

Extensions for DITContentRule

-

caseIgnoreMatch

-

-

1.3.6.1.4.1.1466.115.121.1.15{32768}

no

-

Description of currently existing schemas

All the current schemas objects are described with the new syntax in those pages :

Schema

ObjectClasses

AttributeTypes

apache

apache ObjectClasses

apache AttributeTypes

apachedns

apachedns ObjectClasses

apachedns AttributeTypes

autofs

autofs ObjectClasses

autofs AttributeTypes

collective

collective ObjectClasses

collective AttributeTypes

corba

corba ObjectClasses

corba AttributeTypes

core

core ObjectClasses

core AttributeTypes

cosine

cosine ObjectClasses

cosine AttributeTypes

dhcp

dhcp ObjectClasses

dhcp AttributeTypes

inetorgPerson

inetorgPerson ObjectClasses

inetorgPerson AttributeTypes

java

java ObjectClasses

java AttributeTypes

krb5kdc

krb5kdc ObjectClasses

krb5kdc AttributeTypes

misc

misc ObjectClasses

misc AttributeTypes

mozilla

mozilla ObjectClasses

mozilla AttributeTypes

nis

nis ObjectClasses

nis AttributeTypes

samba

samba ObjectClasses

samba AttributeTypes

system

system ObjectClasses

system AttributeTypes