[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: help: understanding objectclasses and schemas

To: openldap-general@OpenLDAP.org
Subject: Re: help: understanding objectclasses and schemas
From: Alan Knowles <alan_k@HK.Super.NET>
Date: Tue, 18 May 1999 11:43:54 +0800
References: <373A9B8A.412392E7@rz.uni-karlsruhe.de>

Martin Strohbach wrote:
> 
> Hello everybody!
> 
> It seems to me that the concept of objectclasses and schemas is not clear to me,
> so I would like to ask some questions:

Dont worry, It is confusing to start with...

> 
> As far as I understood schemas, they define what attributes an entry _must_ and
> _is allowed_ to have. I am now in the situation that I want to deploy a ldap
> server that is X.500 conform, for later (if at all) integration with X.500
> directories. But I cannot understand why I should recognize the objectclass
> "person" for example: if objectclasses only define what attributes a entry must
> and is allowed to have, why isn't it then sufficient to have an objectclass
> "myperson" that is identical with the X.500 objectclass "person" and allows or
> requires other attributes? So it would be sufficient to add
> "objectclass:myperson" instead of "objectclass:person" _and_
> "objectclass:myperson".
> So the next qusetion is obvious: is it possibleto subclass schemas. I think 

(Subclassing is a difficult thing to explain with LDAP, I generally
think as each data chunk that has attributes available based on the
types of objectclasses listed.)

I
> read about it, but I can't remember where.

The general reason for keeping the 'standard' objectclass names is so
that another application (client) can query your ldap database and know
what to expect.
If you want to define an additional objectclass that has a few more
'must have' attributes, you would end up with something like this  (I
think there was a standard?? for user defined objectclasses - as to not
cross over with future standards - myorgnamePerson may be a good idea
??)

dn:cn=xxxxxx
cn:xxx
....stuff here
objectclass:myperson
objectclass:person
objectclass:top


> 
> Finally rfc2256 made me think of objectclass "top" and subschema. What is
> objectclass subschema? rfc2256 says: servers MUST recognize this objectclass. By
> the way: what does it mean "a server must recognize a objectclass". Does this
> mean that each entry has to have such an attribute?

the ldapv2 server rules dont tend to enforce too much, you can get away
without this, but it is usefull to plan ahead, and add it in...

> As I saw in many postings in this newsgroups people seem always to have an
> attribute called "objectclass:top" as rfc2256 requires. But this objectclass
> seems perfectcly strange to me: it requires nothing but objectclass and that is
> always right, if the entry is of objectclass "top" (for I have to add the
> attribute objectclass:top). So the next conclusion would be: why require the
> attribute objectclass at all: either it is always included or it is not and then
> no schema can require it, because the entry belongs to no objectclass.
> 
> I appreciate any help that brings light into the dark ...

Almost all (from what i remember) objectclasses require the top
objectclass.  

Try and remember that Open LDAP is a Version2 server at present
(although soon to be V3).. and that it doesn't tend to enforce much.
(especially if you turn off schema checking).


regards

alan
> 
> --
>  _                                                                        _
> /_/\/\                                                                /\/\_\
> \_\  /  \-------------------------------------------------------\     \  /_/
> /_/  \   \ Martin Strohbach  ***  eMail uk73@rz.uni-karlsruhe.de \    /  \_\
> \_\/\ \   \-------------------------------------------------------\  / /\/_/
>    \_\/                                                              \/_/
> 
> Skyper: 5838331@Skyper.de

Prev by Date: Re: Using LDAP to share users among Linuxes
Next by Date: Re: CLDAP support ?
Index(es):
- Chronological
- Thread