Note | ||
---|---|---|
| ||
This site is in the process of being reviewed and updated. |
Table of Contents | ||||
---|---|---|---|---|
|
Introduction
We want to store the schema into ADS as any other entries. We have to define the minimum set of ObjectClasses an AttributeTypes needed to be able to bootstrap the schema.
All the ObjectClass will depend on the MetaObjectClass element, which is hard wired in the server.
All the AttributeTypes will depend on the MetaAttributeType element, which is hard wired in the server.
Note |
---|
The new Syntaxes will use the OIDs 1.3.6.1.4.1.18060.0.4.0.0.N We will use OIDs 1.3.6.1.4.1.18060.1.1.0.0.N for Meta objects. Here, the prefix 1.3.6.1.4.1.18060 is the one declared to IANA to represent the Apache Foundation and the next 1.1 values are used specifically for Apache Directory. |
Elements of the Meta-Schema
The MetaSchema will be presented in MetaSchema schema, but before, we must define some elements in this page.
Syntaxes
We must define the minimum set of syntaxes.
Those are following the following grammar (from RFC 4512 ) :
No Format |
---|
<SyntaxDescription> ::=
<LPAREN> <WSP>
<numericoid>
( <SP> "DESC" <SP> <qdstring> )?
<extensions> <WSP>
<RPAREN>
|
34 of them are defined in RFC 4517. For instance, here the definition of Boolean syntax :
No Format |
---|
3.3.3. Boolean
A value of the Boolean syntax is one of the Boolean values, true or
false. The LDAP-specific encoding of a value of this syntax is
defined by the following ABNF:
Boolean = "TRUE" / "FALSE"
The LDAP definition for the Boolean syntax is:
( 1.3.6.1.4.1.1466.115.121.1.7 DESC 'Boolean' )
This syntax corresponds to the BOOLEAN ASN.1 type from [ASN.1].
|
Here are the new one we need to implement the MetaSchema, described in the following table :
Desc | OID | Extensions | rules |
---|---|---|---|
objectClassType | 1.3.6.1.4.1.18060.0.4.0.0.1 | - | Should be one of those 3 strings :
|
numericOid | 1.3.6.1.4.1.18060.0.4.0.0.2 | - | Must be a valid numeric OID |
attributeTypeUsage | 1.3.6.1.4.1.18060.0.4.0.0.3 | - | Should be one of those 4 strings :
|
number | 1.3.6.1.4.1.18060.0.4.0.0.4 | - | Must be a number |
oidLen | 1.3.6.1.4.1.18060.0.4.0.0.5 | - | Must be a valid numeric oid followed |
objectName | 1.3.6.1.4.1.18060.0.4.0.0.6 | - | Must be a valid name a-zA-Z(a-zA-Z0-9-;)* |
MatchingRules
The Matching rules are defined in RFC 4512 :
No Format |
---|
<MatchingRuleDescription> ::= <LPAREN> <WSP>
<numericoid> <MRParameters>
<SP> "SYNTAX" <SP> <numericoid>
<extensions> <WSP> <RPAREN>
<MRParameters> ::=
( <SP> "NAME" <SP> <qdstrings> |
<SP> "DESC" <SP> <qdstring> |
<SP> "OBSOLETE" )+
|
Here are the new MatchingRules :
Name | OID | Desc | Obsolete | Syntax | Extensions |
---|---|---|---|---|---|
OidMatch | 1.3.6.1.4.1.18060.1.1.0.2.1 | Match an OID | no | OID | - |
BooleanMatch | 1.3.6.1.4.1.18060.1.1.0.2.2 | Match a Boolean | no | Boolean | - |
NameOrOidMatch | 1.3.6.1.4.1.18060.1.1.0.2.3 | Match a name or an OID | no | NameOrOid | - |
TypeMatch | 1.3.6.1.4.1.18060.1.1.0.2.4 | Match a type of ObjectClass | no | Type | - |
UsageMatch | 1.3.6.1.4.1.18060.1.1.0.2.5 | Match an attributeType Usage | no | Usage | - |
ObjectClasses
The ObjectClass element is described in RFC 4512 :
Code Blocknoformat |
---|
<ObjectClassDescription> ::= <LPAREN> <SP> <numericoid> <ocparameters> <extensions> <WSP> <RPAREN> // Each parameters should not be seen more than once <ocparameters> ::= ( <SP> "NAME" <SP> <qdescrs> | <SP> "DESC" <SP> <qdstring> | <SP> "OBSOLETE" | <SP> "SUP" <SP> <oids> | <SP> ( "ABSTRACT" | "STRUCTURAL" | "AUXILIARY" ) | <SP> "MUST" <SP> <oids> | <SP> "MAY" <SP> <oids> )+ |
Here we have some elements which are already in the schema :
Code Blocknoformat |
---|
attributetype ( 2.5.4.0 NAME 'objectClass' DESC 'RFC2256: object classes of the entity' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) |
Code Blocknoformat |
---|
attributetype ( 2.5.4.13 NAME 'description' DESC 'RFC2256: descriptive information' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} ) |
Code Blocknoformat |
---|
attributetype ( 2.5.4.41 NAME 'name' DESC 'RFC2256: common supertype of name attributes' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) |
...
Name | OID | Desc | Sup | Equality | Ordering | Substr | Syntax | SingleValue | Collective | NoUserModification | Usage | |
---|---|---|---|---|---|---|---|---|---|---|---|---|
m-oid | 1.3.6.1.4.1.18060.0.4.0.2.1 | The Object Identifier | - | OidMatch | - | - | OID | yes | - | |||
m-name obsolete | 1.3.6.1.4.1.18060.0.4.0.2.2 | The Object name | - | caseIgnoreMatch | - | caseIgnoreSubstringsMatch | objectName {32768} | no | - | |||
m-description | 1.3.6.1.4.1.18060.0.4.0.2.3 | The object description | - | caseIgnoreMatch | - | caseIgnoreSubstringsMatch | 1.3.6.1.4.1.1466.115.121.1.15{1024} | yes | - | |||
m-obsolete | 1.3.6.1.4.1.18060.0.4.0.2.4 | The type is obsolete | - | BooleanMatch | - | - | Boolean | yes | - | yes | dSAOperation | |
m-supObjectClass | sup | 1.3.6.1.4.1.18060.10.14.0.32.2 5 | The list of superior superiors | - | NamesOrOidsMatch NameOrOidMatch | - | - | NamesOrOids NameOrOid | no | - | yes | dSAOperation |
m-must | 1.3.6.1.4.1.18060.10.14.0.32.3 6 | The list of mandatory AT ATs | - | NamesOrOidsMatch NameOrOidMatch | - | - | NamesOrOids NameOrOid | no | - | yes | dSAOperation | |
m-may | 1.3.6.1.4.1.18060.10.14.0.32.4 7 | The list of authorized AT ATs | - | NamesOrOidsMatch NameOrOidMatch | - | - | NamesOrOids NameOrOid | no | - | yes | dSAOperation | |
type m-typeObjectClass | 1.3.6.1.4.1.18060.10.14.0.32.5 8 | The ObjectClass type | - | TypeMatch TypeObjectClassMatch | - | - | Type TypeObjectClass | yes | - | yes | ||
m-extensionObjectClass | 1.3.6.1.4.1.18060.0.4.0.2.9 | An objectclass | - | caseIgnoreMatch | - | - | 1.3.6.1.4.1.1466.115.121.1.15{32768} | no | - dSAOperation |
AttributeType
The AttributeType element is described in RFC 4512 :
Code Blocknoformat |
---|
<AttributeTypeDescription> = <LPAREN> <WSP> <numericoid> <atparameters> <extensions> <WSP> <RPAREN> // Each parameters should not be seen more than once <atparameters> ::= (<SP> "NAME" <SP> <qdescrs> | <SP> "DESC" <SP> qdstring | <SP> "OBSOLETE" | <SP> "SUP" <SP> <oid> | <SP> "EQUALITY" <SP> <oid> | <SP> "ORDERING" <SP> <oid> | <SP> "SUBSTR" <SP> <oid> | <SP> "SYNTAX" <SP> <noidlen> | <SP> "SINGLE-VALUE" | <SP> "COLLECTIVE" | <SP> "NO-USER-MODIFICATION" | <SP> "USAGE" <SP> <usage>)+ |
Here we have some elements which are already in the schema :
Code Blocknoformat |
---|
attributetype ( 2.5.4.13 NAME 'description' DESC 'RFC2256: descriptive information' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} ) |
Code Blocknoformat |
---|
attributetype ( 2.5.4.41 NAME 'name' DESC 'RFC2256: common supertype of name attributes' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) |
...
Name | OID | Desc | Sup | Equality | Ordering | Substr | Syntax | SingleValue | Collective | NoUserModification | Usage | |
---|---|---|---|---|---|---|---|---|---|---|---|---|
m-supAttributeType | obsolete | 1.3.6.1.4.1.18060.10.14.0.32.6 10 | The type is obsolete list of superior | - | BooleanMatch nameOrOidMatch | - | - | Boolean NameOrOid | yes | - | yes | dSAOperation |
sup m-equality | 1.3.6.1.4.1.18060.10.14.0.32.7 11 | Equality matching rule The list of superior | - | nameOrOidMatch | - | - | NameOrOid | yes | - | yes | dSAOperation | equality |
m-ordering | 1.3.6.1.4.1.18060.10.14.0.32.8 12 | Equality Ordering matching rule | - | nameOrOidMatch nameOrOidMatch | - | - | NameOrOid | yes | - | yes | dSAOperation | ordering |
m-substr | 1.3.6.1.4.1.18060.10.14.0.32.9 13 | Ordering Substring matching rule | - | nameOrOidMatch nameOrOidMatch | - | - | NameOrOid | yes | - | yes | dSAOperation | substr |
m-syntax | 1.3.6.1.4.1.18060.10.14.0.32.10 14 | The attribute syntax Substring matching rule | - | nameOrOidMatch nameOrOidMatch | - | - | NameOrOid | yes | - | |||
m-singleValue | 1.3.6.1.4.1.18060.0.4.0.2.15 | The attribute is single valued | - | BooleanMatch | - | - | Boolean | yes | dSAOperation - syntax | |||
m-collective | 1.3.6.1.4.1.18060.10.14.0.32.11 16 | The attribute syntax is collective | - | nameOrOidMatch BooleanMatch | - | - | NameOrOid Boolean | yes | - | yes | dSAOperation | |
single-value m-noUserModification | 1.3.6.1.4.1.18060.10.14.0.32.12 17 | The attribute is single valued protected | - | BooleanMatch | - | - | Boolean | yes | - | yes | dSAOperation | |
m-usage | 1.3.6.1.4.1.18060.0.4.0.2.18 | Type of operation | - | UsageMatch | - | - | Usage | yes | - | |||
m-extensionAttribyteType collective | 1.3.6.1.4.1.18060.0.4.0.2.19 | Extension for attributeType | - | caseIgnoreMatch | - | - | 1.3.6.1.4.1.1466.115.121.1.15{32768} | no | - |
Ordering is useless, so is Substr.
DITStructureRules
The DITStructureRule element is described in RFC 4512 :
No Format |
---|
<DITStructureRule> = <LPAREN> <WSP> <ruleid> <dsrparameters> <extensions> <WSP> <RPAREN>
// Each parameters should not be seen more than once
<dsrparameters> ::=
( <SP> "NAME" <SP> <qdescrs>
| <SP> "DESC" <SP> qdstring
| <SP> "OBSOLETE"
| <SP> "FORM" <SP> <oid>
| <SP> "SUP" <SP> <ruleids>) +
|
The other ones must be defined. Here is a table grouping all the missing elements :
Name | OID | Desc | Sup | Equality | Ordering | Substr | Syntax | SingleValue | Collective | ||
---|---|---|---|---|---|---|---|---|---|---|---|
m-ruleId | 1.3.6.1.4.1.18060.0.4.0.2.20 | The rule ID | - | ruleIdMatch | - | - | RuleId | yes | - | ||
m-form | 1.3.13 .6.1.4.1.18060.0.4.0.2.21 | The name form associated | - | BooleanMatch oidMatch | - | - | Boolean RuleIds | yes | - | yes | dSAOperation |
m-supDitStructureRule | 1.3.6.1.4.1.18060.0.4.0.2.22 | The list of superiors | - | ruleIdsMatch | - | - | Oid | no | - | ||
m-extensionDITStructureRule no-user-modification | 1.3.6.1.4.1.18060.0.4.0.2.23 | Extensions for DITStructureRule | - | caseIgnoreMatch | - | - | 1.3.6.1.4.1.0.3.14 1466.115.121.1.15{32768} | no | - |
NameForms
The NameForm element is described in RFC 4512 :
No Format |
---|
<NameForm> = <LPAREN> <WSP> <numericOid> <nfParameters> <extensions> <WSP> <RPAREN>
// Each parameters should not be seen more than once
<nfParameters> ::=
( <SP> "NAME" <SP> <qdescrs>
| <SP> "DESC" <SP> qdstring
| <SP> "OBSOLETE"
| <SP> "OC" <SP> <oid>
| <SP> "MUST" <SP> <oids>
| <SP> "MAY" <SP> <oids> ) +
|
The other ones must be defined. Here is a table grouping all the missing elements :
Name | OID | Desc | Sup | Equality | Ordering | Substr | Syntax | SingleValue | Collective | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
m-oc | 1.3.6.1.4.1.18060.0.4.0.2.24 | The structural ObjectClass | - | numericOidMatch | The attribute is protected | - | BooleanMatch | - | - | Boolean | yes | - | yes | dSAOperation | Oid | yes | - |
m-extensionNameForm | 1.3.6.1.4.1.18060.0.4.0.2.25 | Extensions for NameForm | - | caseIgnoreMatch | - | - | 1.3.6.1.4.1.1466.115.121.1.15{32768} | no | - |
DITContentRules
The DITContentRule element is described in RFC 4512 :
No Format |
---|
<DITContentRule> = <LPAREN> <WSP> <numericOid> <dcrParameters> <extensions> <WSP> <RPAREN>
// Each parameters should not be seen more than once
<dcrParameters> ::=
( <SP> "NAME" <SP> <qdescrs>
| <SP> "DESC" <SP> qdstring
| <SP> "OBSOLETE"
| <SP> "AUX" <SP> <oids>
| <SP> "MUST" <SP> <oids>
| <SP> "MAY" <SP> <oids>
| <SP> "NOT" <SP> <oids> ) +
|
The other ones must be defined. Here is a table grouping all the missing elements :
Name | OID | Desc | Sup | Equality | Ordering | Substr | Syntax | SingleValue | Collective | |||
---|---|---|---|---|---|---|---|---|---|---|---|---|
m-aux usage | 1.3.6.1.4.1.18060.0.4.0.2.26 | List of auxiliary ObjectClasses | - | numericOidMatch | - | - | Oids | no | - | |||
m-not | 1.3.6.1.4.1.18060.0.3.15 | Type of operation | - | 4.0.2.27 | List of precluded attribute types | - | numericOidMatch | - | - | Oids | no UsageMatch | - |
m- | Usage | yes | - | yes | dSAOperation |
...
extensionDITContentRule | 1.3.6.1.4.1.18060.0.4.0.2.28 | Extensions for DITContentRule | - | caseIgnoreMatch | - | - | 1.3.6.1.4.1.1466.115.121.1.15{32768} | no | - |
MatchingRuleUses
The MatchingRuleUse element is described in RFC 4512 :
No Format |
---|
<MatchingRuleUse> = <LPAREN> <WSP> <numericOid> <mruParameters> <extensions> <WSP> <RPAREN>
// Each parameters should not be seen more than once
<mruParameters> ::=
( <SP> "NAME" <SP> <qdescrs>
| <SP> "DESC" <SP> qdstring
| <SP> "OBSOLETE"
| <SP> "APPLIES" <SP> <oids> ) +
|
The other ones must be defined. Here is a table grouping all the missing elements :
Name | OID | Desc | Sup | Equality | Ordering | Substr | Syntax | SingleValue | Collective |
---|---|---|---|---|---|---|---|---|---|
m-applies | 1.3.6.1.4.1.18060.0.4.0.2.29 | List of attribute types the matching rule applies to | - | numericOidMatch | - | - | Oids | no | - |
m-extensionMatchingRuleUse | 1.3.6.1.4.1.18060.0.4.0.2.30 | Extensions for DITContentRule | - | caseIgnoreMatch | - | - | 1.3.6.1.4.1.1466.115.121.1.15{32768} | no | - |
Description of currently existing schemas
All the current schemas objects are described with the new syntax in those pages :
Schema | ObjectClasses | AttributeTypes |
---|---|---|
apache | ||
apachedns | ||
autofs | ||
collective | ||
corba | ||
core | ||
cosine | ||
dhcp | ||
inetorgPerson | ||
java | ||
krb5kdc | ||
misc | ||
mozilla | ||
nis | ||
samba | ||
system |