[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Schema's

To: "Paul Reilly" <pareilly@tcd.ie>, "Michael Str?der" <michael@stroeder.com>
Subject: Re: Schema's
From: jyu1@email.arizona.edu
Date: Mon, 28 Apr 2003 16:20:23 -0700
Cc: "openldap-software@OpenLDAP.org" <openldap-software@OpenLDAP.org>
In-reply-to: <Pine.OSF.4.43L0.0304282328140.132795-100000@web2.tcd.ie>
User-agent: UofA Webmail

Thanks, Paul, this really help.
But do I really have to get a new OID?
If I just want to try it local, can I just use 1....sth?
Jiao
>-- Original Message --
>Date: Mon, 28 Apr 2003 23:46:18 +0100 (IST)
>From: Paul Reilly <pareilly@tcd.ie>
>To: Michael Str?der <michael@stroeder.com>
>Cc: "jyu1@email.arizona.edu" <jyu1@email.arizona.edu>,
>	"openldap-software@OpenLDAP.org" <openldap-software@OpenLDAP.org>
>Subject: Re: Schema's
>
>
>
>> jyu1@email.arizona.edu wrote:
>> > does any one have some successful experience in creating their own
>> > schemas (attribute and object classes)?
>>
>> Yes.
>> ;-)
>> Ciao, Michael.
>>
>
>Yes, it's quite easy. See the OpenLDAP admin quide here:
>
>http://www.openldap.org/doc/admin/schema.html#Extending%20Schema
>and here:
>http://www.openldap.org/doc/admin21/schema.html
>
>Basically to create your own attributes, object classes you need to have
>a unique OID - you can get one from IANA by filling out this form.
>
>http://www.iana.org/cgi-bin/enterprise.pl
>
>They send you back a number within a few days. Then you can check
>the IANA list of enterprise numbers, and you'll see you are listed!
>For instance my organisation is OID 13800
>http://www.iana.org/assignments/enterprise-numbers
>
>You then create a new file in schema/myschema.schema and define your
>objects/attributes within that. Once you have your OID, you can
>sub branch it as you see fit. Standard practice implies we use the .1
>branch for SNMP OID's  and .2 branch for LDAP OID's. Therefore in my
>case, I use:
>
>  13800.1       reserved for SNMP mibs etc (not that we'll need this!)
>  13800.2       LDAP objects
>  13800.2.1     My Attribute Type range
>  13800.2.1.1           ...atrribute type 1
>  13800.2.1.2           ...attribute type 2 etc
>  13800.2.2     My Object Class Range
>  13800.2.2.1           ...object class 1
>  13800.2.2.1           ...object class 2 etc
>
>  See http://www.openldap.org/doc/admin21/schema.html
>
>So I can then define my own attributes like so:
>
>attributetype ( 1.3.6.1.4.1.13800.2.1.10 NAME 'tcdMiddleName'
>        DESC 'TCD Person, Middle Name'
>        EQUALITY caseExactIA5Match
>        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
>
>and then create an Object Class which these attributes are collected in:
>
>objectclass ( 1.3.6.1.4.1.13800.2.2.200 NAME 'trinityAccount' SUP top AUXILIARY
>         DESC 'Abstraction of an account with POSIX attributes'
>        MUST (  tcdCategory )
>        MAY (   tcdLongEmail $ tcdMiddleName $ tcdCourseName $tcdCourseCode
>) )
>
>etc.
>
>You shoudn't create any extra attributes unless you really need to.
>Often the inetOrgPerson schema contains almost all you need.
>
>Extending existing schema's is a little tricky, due to restrictions
>on what object classes can be combined. But it's not too difficult.
>For more info, see the excellent O'Reilly "LDAP System Administration"
>book by Gerald Carter which covers OpenLDAP in detail.
>
>Paul
>
>
>
>
>
>

References:
- Re: Schema's
  - From: Paul Reilly <pareilly@tcd.ie>

Prev by Date: RE: namingcontexts
Next by Date: SASL/GSSAPI authentication problems - Invalid credentials
Index(es):
- Chronological
- Thread