[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Schema's

To: Michael Ströder <michael@stroeder.com>
Subject: Re: Schema's
From: Paul Reilly <pareilly@tcd.ie>
Date: Mon, 28 Apr 2003 23:46:18 +0100 (IST)
Cc: "jyu1@email.arizona.edu" <jyu1@email.arizona.edu>, "openldap-software@OpenLDAP.org" <openldap-software@OpenLDAP.org>
In-reply-to: <3EADA145.4020100@stroeder.com>

> jyu1@email.arizona.edu wrote:
> > does any one have some successful experience in creating their own
> > schemas (attribute and object classes)?
>
> Yes.
> ;-)
> Ciao, Michael.
>

Yes, it's quite easy. See the OpenLDAP admin quide here:

http://www.openldap.org/doc/admin/schema.html#Extending%20Schema
and here:
http://www.openldap.org/doc/admin21/schema.html

Basically to create your own attributes, object classes you need to have
a unique OID - you can get one from IANA by filling out this form.

http://www.iana.org/cgi-bin/enterprise.pl

They send you back a number within a few days. Then you can check
the IANA list of enterprise numbers, and you'll see you are listed!
For instance my organisation is OID 13800
http://www.iana.org/assignments/enterprise-numbers

You then create a new file in schema/myschema.schema and define your
objects/attributes within that. Once you have your OID, you can
sub branch it as you see fit. Standard practice implies we use the .1
branch for SNMP OID's  and .2 branch for LDAP OID's. Therefore in my
case, I use:

  13800.1       reserved for SNMP mibs etc (not that we'll need this!)
  13800.2       LDAP objects
  13800.2.1     My Attribute Type range
  13800.2.1.1           ...atrribute type 1
  13800.2.1.2           ...attribute type 2 etc
  13800.2.2     My Object Class Range
  13800.2.2.1           ...object class 1
  13800.2.2.1           ...object class 2 etc

  See http://www.openldap.org/doc/admin21/schema.html

So I can then define my own attributes like so:

attributetype ( 1.3.6.1.4.1.13800.2.1.10 NAME 'tcdMiddleName'
        DESC 'TCD Person, Middle Name'
        EQUALITY caseExactIA5Match
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)

and then create an Object Class which these attributes are collected in:

objectclass ( 1.3.6.1.4.1.13800.2.2.200 NAME 'trinityAccount' SUP top AUXILIARY
         DESC 'Abstraction of an account with POSIX attributes'
        MUST (  tcdCategory )
        MAY (   tcdLongEmail $ tcdMiddleName $ tcdCourseName $tcdCourseCode ) )

etc.

You shoudn't create any extra attributes unless you really need to.
Often the inetOrgPerson schema contains almost all you need.

Extending existing schema's is a little tricky, due to restrictions
on what object classes can be combined. But it's not too difficult.
For more info, see the excellent O'Reilly "LDAP System Administration"
book by Gerald Carter which covers OpenLDAP in detail.

Paul

Follow-Ups:
- Re: Schema's
  - From: jyu1@email.arizona.edu

References:
- Re: Schema's
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: Schema's
Next by Date: namingcontexts
Index(es):
- Chronological
- Thread