[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ActiveDirectory schema

To: Erik Skovgaard <eskovgaard@geotrain.com>
Subject: Re: ActiveDirectory schema
From: Helmut Volpers <helmut.volpers@icn.siemens.de>
Date: Mon, 14 Jun 1999 11:14:41 +0200
Cc: Rob Weltman <rweltman@netscape.com>, ietf-ldapext@netscape.com
References: <3.0.5.32.19990612182038.0082a2c0@popd.netcom.ca>
Resent-date: Mon, 14 Jun 1999 02:08:44 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"rm84iB.A.DoD.VaMZ3"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com


Erik Skovgaard wrote:
> 
> Rob,
> 
> No, it is *not* OK to modify the standard Object Classes - especially when
> the OID is a standard one.

The ObjectClasses which are defined in the standard should not be 
changed (they are defined in ASN.1 and are standard, independant
whether they are abstract, structural or auxiliary).

> 
> For whatever it is worth, nor is OK to create funny non-standard Structural
> Object Classes (i.e. inetOrgPerson) that people get tempted to use instead
> of the basic ones.  All extensions to the standard schema should be Aux.
> Object Classes, IMHO.  Or else there's only pain to gain.

I aggree. It's better to define inetOrgPerson as aux ObjectClass as well
as all private extensions which are needed.
You also can do extensions directly over DitContentRules if you support
them.
The main difference between the structural and the auxiliary
object-class
is that the structural have a direct relation to the object and
cannot be modified, the auxiliary can be added and later removed on an
existing object.

Helmut

> 
> Cheers,                 ....Erik.
> 
> ----------------------------------
> Erik Skovgaard
> GeoTrain Corp.
> Enterprise Directory Engineering
> http://www.geotrain.com
> 
> 
> At 13:32 1999-06-12 -0700, Rob Weltman wrote:
> >   I was looking at the schema published in ActiveDirectory (Windows 2000
> >Beta 3) and was a little puzzled. It looks like the objectclass "top" has
> >been considerably extended: top
> >        OID
> >                2.5.6.0
> >        Required
> >                objectClass
> >                instanceType
> >                nTSecurityDescriptor
> >                objectCategory
> >        Optional
> >                cn
> >                description
> >                distinguishedName
> >                whenCreated
> >                whenChanged
> >                subRefs
> >                displayName
> >                uSNCreated
> >                isDeleted
> >                dSASignature
> >                objectVersion
> >                repsTo
> >                repsFrom
> >                memberOf
> >                uSNChanged
> >                uSNLastObjRem
> >                showInAdvancedViewOnly
> >                adminDisplayName
> >                proxyAddresses
> >                adminDescription
> >                extensionName
> >                uSNDSALastObjRemoved
> >                displayNamePrintable
> >                directReports
> >                wWWHomePage
> >                USNIntersite
> >                name
> >                objectGUID
> >                replPropertyMetaData
> >                replUpToDateVector
> >                flags
> >                revision
> >                wbemPath
> >                fSMORoleOwner
> >                systemFlags
> >                siteObjectBL
> >                serverReferenceBL
> >                nonSecurityMemberBL
> >                queryPolicyBL
> >                wellKnownObjects
> >                isPrivilegeHolder
> >                partialAttributeSet
> >                managedObjects
> >                partialAttributeDeletionList
> >                url
> >                lastKnownParent
> >                bridgeheadServerListBL
> >                netbootSCPBL
> >                isCriticalSystemObject
> >                frsComputerReferenceBL
> >                fRSMemberReferenceBL
> >                uSNSource
> >                fromEntry
> >                allowedChildClasses
> >                allowedChildClassesEffective
> >                allowedAttributes
> >                allowedAttributesEffective
> >                possibleInferiors
> >                canonicalName
> >                proxiedObjectName
> >                sDRightsEffective
> >                dSCorePropagationData
> >                otherWellKnownObjects
> >                mS-DS-ConsistencyGuid
> >                mS-DS-ConsistencyChildCount
> >                createTimeStamp
> >                modifyTimeStamp
> >                subSchemaSubEntry   Some of the new attributes are
> >operational. But is it really okay to redefine "top"?   There is also a
> >minor bug in that there is a missing space after the left parenthesis for
> >the MAY and MUST lists: objectClasses: ( 1.2.840.113556.1.5.74 NAME
> >'categoryRegistration' SUP leaf S
> > TRUCTURAL MAY (localeID $ categoryId $ managedBy $ localizedDescription ) )
> >  Rob
> >

begin:vcard 
n:Volpers;Helmut 
tel;fax:+49-89-63645860
tel;home:+49-89-1576588
tel;work:+49-89-63646713
x-mozilla-html:FALSE
url:http://www.siemens.com/bus-com/
adr:;;Otto-Hahn-Ring 6;Munich;;81730;Germany
version:2.1
email;internet:Helmut.Volpers@icn.siemens.de
title:Directory Server Architect
x-mozilla-cpt:;30160
fn:Volpers, Helmut 
end:vcard

References:
- Re: ActiveDirectory schema
  - From: Erik Skovgaard <eskovgaard@geotrain.com>

Prev by Date: modifying top
Next by Date: Re: ActiveDirectory schema
Index(es):
- Chronological
- Thread