Administrator’s Guide
Red Hat Directory Server                                                            

Previous
Contents
Index
Next

Chapter 9

Extending the Directory Schema


Red Hat Directory Server (Directory Server) comes with a standard schema that includes hundreds of object classes and attributes. While the standard object classes and attributes should meet most of your requirements, you may need to extend your schema by creating new object classes and attributes.

This chapter describes how to extend your schema in the following sections:

Overview of Extending Schema

When you add new attributes to your schema, you must create a new object class to contain them. Although it may seem convenient to just add the attributes you need to an existing object class that already contains most of the attributes you require, doing so compromises interoperability with LDAP clients.

Interoperability of Directory Server with existing LDAP clients relies on the standard LDAP schema. If you change the standard schema, you will also have difficulties when upgrading your server. For the same reasons, you cannot delete standard schema elements.

For more information on object classes, attributes, and the directory schema, as well as guidelines for extending your schema, refer to Red Hat Directory Server Deployment Guide. For information on standard attributes and object classes, see the Red Hat Directory Server Schema Reference.

To extend the directory schema, you should proceed in the following order:

  1. Create new attributes. See "Creating Attributes," on page 383, for information.
  2. Create an object class to contain the new attributes, and add the attributes to the object class. See "Creating Object Classes," on page 387, for information.

Managing Attributes

Through Directory Server Console, you can view all attributes in your schema, and you can create, edit, and delete your attribute extensions to the schema. The following sections describe how to manage attributes:

For information on managing object classes, see "Managing Object Classes," on page 385.

Viewing Attributes

To view information about all attributes that currently exist in your directory schema:

  1. In the Directory Server Console, select the Configuration tab.
  2. In the left navigation tree, select the Schema folder, and then select the Attributes tab in the right pane.
This tab contains information about all the standard (read-only) and user-defined attributes in the schema.

For information on the fields and lists in the Attributes tab, refer to Table 9-1.

Table 9-1 Attributes Tab Reference  
Field or Pane
Description
Name
The name of the attribute.
OID
The object identifier of the attribute.
An OID is a string, usually of dotted decimal numbers, that uniquely identifies an object, such as an object class or an attribute. If you do not specify an OID, the Directory Server automatically uses attribute_name-oid. For example, if you create the attribute birthdate without supplying an OID, the Directory Server automatically uses birthdate-oid as the OID.
For more information about OIDs or to request a prefix for your enterprise, send mail to the IANA (Internet Assigned Number Authority) at [email protected], or visit the IANA website at: http://www.iana.org/.
Syntax
The attribute syntax:
  • Case Ignore String - Indicates that values for this attribute are not case-sensitive.
  • Case Exact String - Indicates that values for this attribute are case-sensitive.
  • Distinguished Name - Indicates that values for this attribute are DNs.
  • Binary - Indicates that values for this attribute are binary.
  • Telephone Number - Indicates that values for this attribute are in telephone number format.
  • Integer - Indicates that valid values for this attribute are numbers.
Operational attributes are not returned as a result of an ldapsearch operation unless they are explicitly specified in the search. Generally, operational attributes are reserved for use by the Directory Server.
Multi
If the attribute is multi-valued, an X appears in this column; otherwise, this field is blank. The Directory Server allows more than one instance of a multi-valued attribute per entry.

Creating Attributes

You can use Directory Server Console to create new attributes. After adding new attributes to your schema, you must create a new object class to contain them. See "Creating Object Classes," on page 387, for information.

To create a new attribute:

  1. Display the Attributes tab.
This procedure is explained in "Viewing Attributes," on page 382.
  1. Click Create.
The Create Attribute dialog box is displayed.
  1. Enter a unique name for the attribute in the Attribute Name text box.
  2. Enter an object identifier for the attribute in the Attribute OID (Optional) text box.
OIDs are described in Table 9-1, on page 382,.
  1. Select a syntax that describes the data to be held by the attribute from the Syntax drop-down menu.
Available syntaxes are described in Table 9-1, on page 382,.
  1. If you want the attribute to be multi-valued, select the Multi-Valued checkbox.
The Directory Server allows more than one instance of a multi-valued attribute per entry.
  1. Click OK.

Editing Attributes

You can only edit attributes you have created. You cannot edit standard attributes.

To edit an attribute:

  1. Display the Attributes tab.
This procedure is explained in "Viewing Attributes," on page 382.
  1. Select the attribute that you want to edit in the User Defined Attributes table, and click Edit.
The Edit Attribute dialog box is displayed.
  1. To change the attribute's name, enter a new one in the Attribute Name text box.
  2. To change the attribute's object identifier, enter a new one in the Attribute OID (Optional) text box.
OIDs are described in Table 9-1, on page 382,.
  1. To change the syntax that describes the data to be held by the attribute, choose a new one from the Syntax drop-down menu.
  2. Available syntaxes are described in Table 9-1, on page 382,.
  3. To make the attribute multi-valued, select the Multi-Valued checkbox.
The Directory Server allows more than one instance of a multi-valued attribute per entry.
  1. When you have finished editing the attribute, click OK.

Deleting Attributes

You can only delete attributes that you have created. You cannot delete standard attributes.

To delete an attribute:

  1. Display the Attributes tab.
This procedure is explained in "Viewing Attributes," on page 382.
  1. In the User Defined Attributes table, select the attribute, and click Delete.
  2. If prompted, confirm the delete.
The server immediately deletes the attribute. There is no undo.

Managing Object Classes

You can use Directory Server Console to manage your schema's object classes. Through the Console, you can view all of your schema's object classes and create, edit, and delete your object class extensions to the schema. The following sections describe how to manage object classes:

For information on managing attributes, see "Managing Attributes," on page 382.

Viewing Object Classes

To view information about all object classes that currently exist in your directory schema:

  1. In the Directory Server Console, select the Configuration tab.
  2. In the navigation tree, select the Schema folder, and then select the Object Classes tab in the right pane.
  3. In the Object Classes list, select the object class that you want to view.
This tab displays information about the standard or user-defined object class you selected.

For information on the fields and lists in the Object Classes tab, refer to Table 9-2.

Table 9-2 Object Classes Tab Reference  
Field or Pane
Description
Parent
The parent identifies the object class from which this object class inherits its attributes and structure. For example, the parent object for the inetOrgPerson object class is the organizationalPerson object. That means that an entry with the object class inetOrgPerson must also include the object class organizationalPerson.
Typically, if you want to add new attributes for user entries, the parent would be the inetOrgPerson object class. If you want to add new attributes for corporate entries, the parent is usually organization or organizationalUnit. If you want to add new attributes for group entries, the parent is usually groupOfNames or groupOfUniqueNames.
OID
The object identifier of the object class.
An OID is a string, usually of dotted decimal numbers, that uniquely identifies an object, such as an object class or an attribute. If you do not specify an OID, the Directory Server automatically uses ObjectClass_name-oid. For example, if you create the object class division without supplying an OID, the Directory Server automatically uses division-oid as the OID.
For more information about OIDs or to request a prefix for your enterprise, send mail to the IANA (Internet Assigned Number Authority) at [email protected], or visit the IANA website at: http://www.iana.org/.
Object Classes
This list contains all of the standard and user-defined object classes in the Directory Server schema.
Required Attributes
Contains a list of attributes that must be present in entries that use this object class. Includes inherited attributes.
Allowed Attributes
Contains a list of attributes that may be present in entries that use this object class. Includes inherited attributes.

Creating Object Classes

You create an object class by giving it a unique name, selecting a parent object for the new object class, and adding required and optional attributes.

To create an object class:

  1. Display the Object Classes tab.
This procedure is explained in "Viewing Object Classes," on page 386.
  1. Click Create on the Object Classes tab.
The Create Object Class dialog box is displayed.
  1. Enter a unique name for the object class in the Name text box.
  2. Enter an object identifier for the new object class in the OID (Optional) text box.
OIDs are described in Table 9-2, on page 386,.
  1. Select a parent object for the object class from the Parent drop-down menu.
You can choose from any existing object class. See Table 9-2, on page 386,, for more information on parent object classes.
  1. To add an attribute that must be present in entries that use the new object class, highlight the attribute in the Available Attributes list, and then click the Add button to the left of the Required Attributes box.
You can use either the standard attributes or create new ones. For information, see "Managing Attributes," on page 382.
  1. To add an attribute that may be present in entries that use the new object class, highlight the attribute in the Available Attributes list, and then click the Add button to the left of the Allowed Attributes box.
  2. To remove an attribute that you previously added, highlight the attribute in the Required Attributes list or the Allowed Attributes list, and then click the corresponding Remove button.
You cannot remove either allowed or required attributes that are inherited from the parent object classes.
  1. When you are satisfied with your object class definition, click OK to dismiss the dialog box.

Editing Object Classes

You can use Directory Server Console to edit object classes that you previously created. You cannot edit a standard object class.

To edit an object class:

  1. Display the Object Classes tab.
This procedure is explained in "Viewing Object Classes," on page 386.
  1. Select the object class that you want to edit from the Object Classes list, and click Edit.
The Edit Object Class dialog box is displayed.
  1. To change the name of the object class, enter the new name in the Name text box.
  2. To change the object identifier for the object class, enter the new OID in the OID (Optional) text box.
OIDs are described in Table 9-2, on page 386,.
  1. To change the parent object for the object class, select the new parent from the Parent pull-down menu.
  2. To add an attribute that must be present in entries that use the new object class, highlight the attribute in the Available Attributes list, and then click the Add button to the left of the Required Attributes box.
You can either use the standard attributes or create new ones. For information, see "Managing Attributes," on page 382.
  1. To add an attribute that may be present in entries that use the new object class, highlight the attribute in the Available Attributes list, and then click the Add button to the left of the Allowed Attributes box.
  2. To remove an attribute that you previously added, highlight the attribute in the Required Attributes list or the Allowed Attributes list, and then click the corresponding Remove button.
You cannot remove either allowed or required inherited attributes.
  1. When you are satisfied with you the object class definition, click OK to dismiss the dialog box.

Deleting Object Classes

You can delete only object classes that you have created. You cannot delete standard object classes.

To delete an object class:

  1. Display the Object Classes tab.
This procedure is explained in "Viewing Object Classes," on page 386.
  1. Select the object class that you want to remove, and click Delete.
  2. If prompted, confirm the delete.
The server immediately deletes the object class. There is no undo.

Turning Schema Checking On and Off

When schema checking is on, the Directory Server ensures that:

Schema checking is turned on by default in the Directory Server, and you should always run the Directory Server with schema checking turned on. The only case where you might want to turn schema checking off is to accelerate LDAP import operations. However, there is a risk of importing entries that do not conform to the schema. Consequently, it is impossible to search for these entries.

To turn schema checking on and off:

  1. In the Directory Server Console, select the Configuration tab.
  2. Highlight the server icon at the top of the navigation tree, then select the Settings tab in the right pane.
  3. To enable schema checking, check the "Enable Schema Checking" checkbox; clear it to turn off schema checking.
  4. Click Save.

You can also turn schema checking on and off by using the nsslapd-schemacheck attribute. For information, see the Red Hat Directory Server Configuration, Command, and File Reference.




Previous
Contents
Index
Next

© 2001 Sun Microsystems, Inc. Used by permission. © 2005 Red Hat, Inc. All rights reserved.
Read the Full Copyright and Third-Party Acknowledgments.

last updated May 20, 2005