Introduction
We want to store the schema into ADS as any other entries. We have to define the minimum set of ObjectClasses an AttributeTypes needed to be able to bootstrap the schema.
All the ObjectClass will depend on the MetaObjectClass element, which is hard wired in the server.
All the AttributeTypes will depend on the MetaAttributeType element, which is hard wired in the server.
The new Syntaxes will use the OIDs 1.3.6.1.4.1.18060.1.1.0.1.N
The new MatchingRules will use the OIDs 1.3.6.1.4.1.18060.1.1.0.2.N
The new AttributesType will use the OIDs 1.3.6.1.4.1.18060.1.1.0.3.N
The new ObjectClasses will use the OIDs 1.3.6.1.4.1.18060.1.1.0.4.N
Here, the prefix 1.3.6.1.4.1.18060 is the one declared to IANA to represent the Apache Foundation and the next 1.1 values are used specifically for Apache Directory.
Elements of the Meta-Schema
Syntaxes
We must define the minimum set of syntaxes.
Those are following the following grammar (from RFC 4512 ) :
<SyntaxDescription> ::=
<LPAREN> <WSP>
<numericoid>
( <SP> "DESC" <SP> <qdstring> )?
<extensions> <WSP>
<RPAREN>
Only one is already defined: in http://www.rfc-archive.org/getrfc.php?rfc=4517
3.3.3. Boolean
A value of the Boolean syntax is one of the Boolean values, true or
false. The LDAP-specific encoding of a value of this syntax is
defined by the following ABNF:
Boolean = "TRUE" / "FALSE"
The LDAP definition for the Boolean syntax is:
( 1.3.6.1.4.1.1466.115.121.1.7 DESC 'Boolean' )
This syntax corresponds to the BOOLEAN ASN.1 type from [ASN.1].
They are the new one described in the following table :
Desc |
OID |
Extensions |
rules |
|---|---|---|---|
NameOrOid |
1.3.6.1.4.1.18060.1.1.0.1.1 |
- |
Must be a valid Name or a valid OID |
Type |
1.3.6.1.4.1.18060.1.1.0.1.2 |
- |
Should be one of those 3 strings :
|
Usage |
1.3.6.1.4.1.18060.1.1.0.1.4 |
- |
Should be one of those 4 strings :
|
MatchingRules
The Matching rules are deifned in RFC 4512 :
<MatchingRuleDescription> ::= <LPAREN> <WSP>
<numericoid> <MRParameters>
<SP> "SYNTAX" <SP> <numericoid>
<extensions> <WSP> <RPAREN>
<MRParameters> ::=
( <SP> "NAME" <SP> <qdstrings> |
<SP> "DESC" <SP> <qdstring> |
<SP> "OBSOLETE" )+
Here are the new MatchingRules :
Name |
OID |
Desc |
Obsolete |
Syntax |
Extensions |
|---|---|---|---|---|---|
BooleanMatch |
1.3.6.1.4.1.18060.1.1.0.2.1 |
Match a Boolean |
no |
Boolean |
- |
NameOrOidMatch |
1.3.6.1.4.1.18060.1.1.0.2.2 |
Match a name or an OID |
no |
NameOrOid |
- |
TypeMatch |
1.3.6.1.4.1.18060.1.1.0.2.3 |
Match a type of ObjectClass |
no |
Type |
- |
UsageMatch |
1.3.6.1.4.1.18060.1.1.0.2.4 |
Match an attributeType Usage |
no |
Usage |
- |
ObjectClasses
The ObjectClass element is described in RFC 4512 :
<ObjectClassDescription> ::=
<LPAREN> <SP> <numericoid> <ocparameters> <extensions> <WSP> <RPAREN>
// Each parameters should not be seen more than once
<ocparameters> ::=
( <SP> "NAME" <SP> <qdescrs>
| <SP> "DESC" <SP> <qdstring>
| <SP> "OBSOLETE"
| <SP> "SUP" <SP> <oids>
| <SP> ( "ABSTRACT" | "STRUCTURAL" | "AUXILIARY" )
| <SP> "MUST" <SP> <oids>
| <SP> "MAY" <SP> <oids> )+
Here we have some elements which are already in the schema :
attributetype ( 2.5.4.0 NAME 'objectClass' DESC 'RFC2256: object classes of the entity' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
attributetype ( 2.5.4.13
NAME 'description'
DESC 'RFC2256: descriptive information'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024}
)
attributetype ( 2.5.4.41
NAME 'name'
DESC 'RFC2256: common supertype of name attributes'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768}
)
The other ones must be defined. Here is a table grouping all the missing elements :
Name |
OID |
Desc |
Sup |
Equality |
Ordering |
Substr |
Syntax |
SingleValue |
Collective |
NoUserModification |
Usage |
|---|---|---|---|---|---|---|---|---|---|---|---|
obsolete |
1.3.6.1.4.1.18060.1.1.0.3.1 |
The type is obsolete |
- |
BooleanMatch |
- |
- |
Boolean |
yes |
- |
yes |
dSAOperation |
sup |
1.3.6.1.4.1.18060.1.1.0.3.2 |
The list of superiors |
- |
NameOrOidMatch |
- |
- |
NameOrOid |
no |
- |
yes |
dSAOperation |
must |
1.3.6.1.4.1.18060.1.1.0.3.3 |
The list of mandatory ATs |
- |
NameOrOidMatch |
- |
- |
NameOrOid |
no |
- |
yes |
dSAOperation |
may |
1.3.6.1.4.1.18060.1.1.0.3.4 |
The list of authorized ATs |
- |
NameOrOidMatch |
- |
- |
NameOrOid |
no |
- |
yes |
dSAOperation |
type |
1.3.6.1.4.1.18060.1.1.0.3.5 |
The ObjectClass type |
- |
TypeMatch |
- |
- |
Type |
yes |
- |
yes |
dSAOperation |
AttributeType
The AttributeType element is described in RFC 4512 :
<AttributeTypeDescription> = <LPAREN> <WSP> <numericoid> <atparameters> <extensions> <WSP> <RPAREN>
// Each parameters should not be seen more than once
<atparameters> ::=
(<SP> "NAME" <SP> <qdescrs>
| <SP> "DESC" <SP> qdstring
| <SP> "OBSOLETE"
| <SP> "SUP" <SP> <oid>
| <SP> "EQUALITY" <SP> <oid>
| <SP> "ORDERING" <SP> <oid>
| <SP> "SUBSTR" <SP> <oid>
| <SP> "SYNTAX" <SP> <noidlen>
| <SP> "SINGLE-VALUE"
| <SP> "COLLECTIVE"
| <SP> "NO-USER-MODIFICATION"
| <SP> "USAGE" <SP> <usage>)+
Here we have some elements which are already in the schema :
attributetype ( 2.5.4.13
NAME 'description'
DESC 'RFC2256: descriptive information'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024}
)
attributetype ( 2.5.4.41
NAME 'name'
DESC 'RFC2256: common supertype of name attributes'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768}
)
The other ones must be defined. Here is a table grouping all the missing elements :
Name |
OID |
Desc |
Sup |
Equality |
Ordering |
Substr |
Syntax |
SingleValue |
Collective |
NoUserModification |
Usage |
|---|---|---|---|---|---|---|---|---|---|---|---|
obsolete |
1.3.6.1.4.1.18060.1.1.0.3.6 |
The type is obsolete |
- |
BooleanMatch |
- |
- |
Boolean |
yes |
- |
yes |
dSAOperation |
sup |
1.3.6.1.4.1.18060.1.1.0.3.7 |
The list of superior |
- |
nameOrOidMatch |
- |
- |
NameOrOid |
yes |
- |
yes |
dSAOperation |
equality |
1.3.6.1.4.1.18060.1.1.0.3.8 |
Equality matching rule |
- |
nameOrOidMatch |
- |
- |
NameOrOid |
yes |
- |
yes |
dSAOperation |
ordering |
1.3.6.1.4.1.18060.1.1.0.3.9 |
Ordering matching rule |
- |
nameOrOidMatch |
- |
- |
NameOrOid |
yes |
- |
yes |
dSAOperation |
substr |
1.3.6.1.4.1.18060.1.1.0.3.10 |
Substring matching rule |
- |
nameOrOidMatch |
- |
- |
NameOrOid |
yes |
- |
yes |
dSAOperation |
syntax |
1.3.6.1.4.1.18060.1.1.0.3.11 |
The attribute syntax |
- |
nameOrOidMatch |
- |
- |
NameOrOid |
yes |
- |
yes |
dSAOperation |
single-value |
1.3.6.1.4.1.18060.1.1.0.3.12 |
The attribute is single valued |
- |
BooleanMatch |
- |
- |
Boolean |
yes |
- |
yes |
dSAOperation |
collective |
1.3.6.1.4.1.18060.1.1.0.3.13 |
The attribute is collective |
- |
BooleanMatch |
- |
- |
Boolean |
yes |
- |
yes |
dSAOperation |
no-user-modification |
1.3.6.1.4.1.18060.1.1.0.3.14 |
The attribute is protected |
- |
BooleanMatch |
- |
- |
Boolean |
yes |
- |
yes |
dSAOperation |
usage |
1.3.6.1.4.1.18060.1.1.0.3.15 |
Type of operation |
- |
UsageMatch |
- |
- |
Usage |
yes |
- |
yes |
dSAOperation |
Ordering is useless, so is Substr.
Description of CORE.SCHEMA
We now can define the schemas, using this meta schema
system
ObjectClass top
RFC 4512
objectclass ( 2.5.6.0
NAME 'top'
DESC 'top of the superclass chain'
ABSTRACT
MUST objectClass
)
Using MetaSchema
top is a very special ObjectClass, as it is the only one which can't be described with the MetaSchema, because top can't depend on itself because it can't exist before being created ! top will be hard wired in the server. Here is the LDIF file which could be used if we were to include it into the server :
dn: name=top,cn=metaSchema objectclass: metaObjectClass name: top desc: top of the superclass chain type: ABSTRACT must: objectClass
ObjectClass alias
RFC 4512
objectclass ( 2.5.6.1
NAME 'alias'
DESC 'RFC2256: an alias'
SUP top
STRUCTURAL
MUST aliasedObjectName
)
Using MetaSchema
dn: name=alias,cn=schema objectclass: top name: alias desc: RFC2256: an alias sup: top type: STRUCTURAL must: aliasedObjectName
core
ObjectClass country
RFC 4512
objectclass ( 2.5.6.2
NAME 'country'
DESC 'RFC2256: a country'
SUP top
STRUCTURAL
MUST c
MAY ( searchGuide $ description )
)
Using MetaSchema
dn: name=country,dc=core,cn=schema objectclass: top name: country desc: RFC2256: a country sup: top type: STRUCTURAL must: c may: searchGuide may: description
ObjectClass locality
RFC 4512
objectclass ( 2.5.6.3
NAME 'locality'
DESC 'RFC2256: a locality'
SUP top
STRUCTURAL
MAY ( street $ seeAlso $ searchGuide $ st $ l $ description )
)
Using MetaSchema
dn: name=locality,dc=core,cn=schema objectclass: top name: locality desc: RFC2256: a locality sup: top type: STRUCTURAL may: street may: seeAlso may: searchGuide may: st may: l may: description
ObjectClass organization
RFC 4512
objectclass ( 2.5.6.4
NAME 'organization'
DESC 'RFC2256: an organization'
SUP top
STRUCTURAL
MUST o
MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description )
)
Using MetaSchema
dn: name=organization,dc=core,cn=schema objectclass: top name: organization desc: RFC2256: an organization sup: top type: STRUCTURAL must: o may: userPassword may: searchGuide may: seeAlso may: businessCategory may: x121Address may: registeredAddress may: destinationIndicator may: preferredDeliveryMethod may: telexNumber may: teletexTerminalIdentifier may: telephoneNumber may: internationaliSDNNumber may: facsimileTelephoneNumber may: street may: postOfficeBox may: postalCode may: postalAddress may: physicalDeliveryOfficeName may: st may: l may: description
ObjectClass organizationalUnit
RFC 4512
objectclass ( 2.5.6.5
NAME 'organizationalUnit'
DESC 'RFC2256: an organizational unit'
SUP top
STRUCTURAL
MUST ou
MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description )
)
Using MetaSchema
dn: name=organizationalUnit,dc=core,cn=schema objectclass: top name: organizationalUnit desc: RFC2256: an organizational unit sup: top type: STRUCTURAL must: ou may: userPassword may: searchGuide may: seeAlso may: businessCategory may: x121Address may: registeredAddress may: destinationIndicator may: preferredDeliveryMethod may: telexNumber may: teletexTerminalIdentifier may: telephoneNumber may: internationaliSDNNumber may: facsimileTelephoneNumber may: street may: postOfficeBox may: postalCode may: postalAddress may: physicalDeliveryOfficeName may: st may: l may: description
ObjectClass
RFC 4512
Using MetaSchema
dn: name=,dc=core,cn=schema objectclass: top name: desc: sup: top type: may:
ObjectClass
RFC 4512
Using MetaSchema
dn: name=,dc=core,cn=schema objectclass: top name: desc: sup: top type: may:
ObjectClass
RFC 4512
Using MetaSchema
dn: name=,dc=core,cn=schema objectclass: top name: desc: sup: top type: may:
ObjectClass
RFC 4512
Using MetaSchema
dn: name=,dc=core,cn=schema objectclass: top name: desc: sup: top type: may:
ObjectClass
RFC 4512
Using MetaSchema
dn: name=,dc=core,cn=schema objectclass: top name: desc: sup: top type: may:
ObjectClass
RFC 4512
Using MetaSchema
dn: name=,dc=core,cn=schema objectclass: top name: desc: sup: top type: may:
ObjectClass
RFC 4512
Using MetaSchema
dn: name=,dc=core,cn=schema objectclass: top name: desc: sup: top type: may: