6
Directory Schema Administration

This chapter explains how to administer the Oracle Internet Directory object classes and attributes.

This chapter contains these topics:

• About the Directory Schema

• About Object Class Management

• Managing Object Classes by Using Oracle Directory Manager

• Managing Object Classes by Using Command-Line Tools

• About Attribute Management

• Managing Attributes by Using Oracle Directory Manager

• Managing Attributes by Using Command-Line Tools

• Viewing Matching Rules

• Viewing Syntaxes

About the Directory Schema

A directory schema does the following:

• Contains rules about the kinds of objects you can store in the directory

• Contains rules for how directory servers and clients treat information during operations such as a search

• Helps to maintain the integrity and quality of the data stored in the directory

• Reduces duplication of data

• Provides a predictable way for directory-enabled applications to access and modify directory objects

The directory schema contains all information about how data is organized in the DIT. It includes attribute types, and the syntaxes and matching rules that apply to them. It also contains the various groupings of attributes, called object classes.

This chapter discusses each of these elements.

See Also: "The Directory Schema"

About Object Class Management

This section explains how to add and modify an object class. Oracle Corporation recommends that you understand the basic concepts of directory components before attempting to add to or modify the base schema in the directory.

See Also: "Object Classes" for a conceptual overview of object classes Appendix C, "Schema Elements" for a list of schema components installed with Oracle Internet Directory

This section contains these topics:

• Guidelines for Adding Object Classes

• Guidelines for Modifying Object Classes

• Guidelines for Deleting Object Classes

Guidelines for Adding Object Classes

When you add directory entries, you select object classes for those entries. The attributes of an entry are determined by the object classes to which that entry is assigned.

Entries must be loaded in a top-down sequence. When you add an entry, all of its parent entries must already exist in the directory. Similarly, when you add entries that reference object classes and attributes, those referenced object classes and attributes must already exist in the directory schema. In most cases this will not be a problem since the directory server is delivered with a full set of standard directory objects.

Note: Every schema object in the Oracle Internet Directory has certain limitations. For example, some objects cannot be changed. These limitations are explained as constraints and rules in this chapter.

The attributes that entries inherit from an object class may be either mandatory or optional. Optional attributes need not be present in the directory entry.

You can specify for any object class whether an attribute is mandatory or optional; however, the characteristic you specify is binding only for that object class. If you place the attribute in another object class, you can again specify whether the attribute is mandatory or optional for that object class. You can:

• Select from existing standard object classes

• Add a new, non-standard object class and assign it existing attributes

• Modify an existing object class, assigning it a different set of attributes

• Add and modify existing attributes

  See Also: "About Attribute Management"

Administrators typically assign object classes to entries based on the attributes present in that object class. However, a superclass lets you take advantage of inheritance--that is, the object classes selected for an entry have a hierarchy of superclasses from which they inherit mandatory and optional attributes. By default, all object classes inherit from the top object class.

When you add or perform an operation on an entry, you do not need to specify the entire hierarchy of superclasses associated with that entry. This feature, called object class explosion, enables you to specify only the leaf object classes. Oracle Internet Directory resolves the hierarchy for the leaf object classes and enforces the information model constraints. For example, the inetOrgPerson object class has top, person and organizationalPerson as its superclasses. When you create an entry for a person entry, you need to specify only inetOrgPerson as the object class. Oracle Internet Directory then enforces the schema constraints defined by the respective superclasses, namely, top, person, and organizationalPerson.

When you add object classes, keep the following guidelines in mind:

• Every structural object class must have top as a superclass.

• The name and the object identifier of an object class must be unique across all the schema components.

• Schema components referred to in the object class, such as superclasses, must already exist.

• The superclass of an abstract object class must be abstract also.

• It is possible to redefine mandatory attributes in a superclass into optional attributes in the new object class. Conversely, optional attributes in a superclass can be redefined into mandatory attributes in the new object class.

  See Also: "Subclasses, Superclasses, and Inheritance" for a conceptual discussion of these terms

Guidelines for Modifying Object Classes

This section discusses the types of modifications you can make to an existing object class. You can perform modifications through Oracle Directory Manager and through the command-line tools.

You can make these changes to an object class:

• Change a mandatory attribute into an optional attribute

• Add optional attributes

• Add additional superclasses

• Convert abstract object classes into structural or auxiliary object classes unless the abstract object class is a superclass to another abstract object class

When you modify object classes, keep these guidelines in mind:

• You cannot modify an object class that is part of the standard LDAP schema. You can, however, modify user-defined object classes. Also, if existing object classes do not have the attributes you need, you can create an auxiliary object class and associate the needed attributes with it.

• You cannot add additional mandatory attributes to an existing object class.

• You cannot modify object classes in the base schema.

• You cannot remove attributes or superclasses from an existing object class.

• You cannot convert structural object classes to other object class types.

• You should not modify an object class if there are entries already associated with it.

  See Also: "Managing Object Classes by Using Oracle Directory Manager" "Managing Object Classes by Using Command-Line Tools"

Guidelines for Deleting Object Classes

There are also some limitations on deleting object classes:

• You cannot delete object classes from the base schema.

• You can delete object classes that are not in the base schema as long as they are not directly or indirectly referenced by other schema components. For example, there may be some directory entries referring to these object classes. Deleting these object classes renders these entries inaccessible.

  Note: Oracle Internet Directory does not enforce these rules. They are provided here as guidelines.

Managing Object Classes by Using Oracle Directory Manager

This section contains these topics:

• Searching for Object Classes by Using Oracle Directory Manager

• Viewing Properties of Object Classes by Using Oracle Directory Manager

• Adding Object Classes by Using Oracle Directory Manager

• Modifying Object Classes by Using Oracle Directory Manager

• Deleting Object Classes by Using Oracle Directory Manager

Searching for Object Classes by Using Oracle Directory Manager

You can specify your search for an object class by:

• Selecting an object class property, for example, a name or an object identifier

• Entering a value for the property you selected

• Selecting a search filter specifying the relationship between the object class property you selected and the value you entered, for example, Begins With or Exactly Matches

This section provides more details on how to enter an object class search.

To search for an object class:

1. In the navigator pane, select Schema Management. The Schema Management tab pages appear in the right pane.

2. Click the Find Object Classes button at the lower right of the right pane, or, from the menu bar, click Edit > Find Object Classes. The Find: Object Classes dialog box appears.

3. In the menu farthest to the left on the search criteria bar, select the property of the object class for which you want to search. Options are:

   Option	Description
   Name	Name of the object class for which you are searching. For example, the phrase Name Exact Match subAcl gives you the subAcl object class.
   Object ID	Object Identifier for the object class for which you are searching. For example, the phrase Object ID Begins With 2.5.2 gives you a list of object classes whose object identifiers begin with 2.5.2.
   Description	Word in the description field. For example, the phrase Description Contains Shoe gives you a list of object classes with the word shoe in the description column.
   Type	Type of object class for which you are searching, whether abstract, structural, or auxiliary
   Superclass	Class from which the object class for which you are searching is derived
   Mandatory Attributes	Mandatory attributes of the object class for which you are searching. For example, the phrase Mandatory Attributes Contains cn gives you a list of all object classes in which the cn attribute is mandatory.
   Optional Attributes	Optional attributes of the object class for which you are searching

   Note: Not all attributes are used in every object class. Be sure that the attribute you specify actually corresponds to one in the object class for which you are looking. Otherwise, the search will fail.

4. In the menu in the middle of the search criteria bar, select the filter you want to use for your search. Options are:

   Filter	Description
   Begins With	Searches by using only the first few characters of the property of the object class for which you are searching. For example, the phrase Type Begins With aux gives you a list of all of the auxiliary object classes.
   Ends With	Searches by using only the last few characters of the property of the object class for which you are searching. For example, the phrase Type Ends With ral gives you a list of all of the structural object classes.
   Contains	Searches for object classes in which the property you selected includes, but is not necessarily limited to, the value you enter. For example, the phrase Optional Attributes Contains cn gives you a list of all object classes in which cn is an optional attribute.
   Exact Match	Searches for an object class in which the property you selected is exactly the same as the value you enter. For example, the phrase Super Class Exact Match person gives you a list of all object classes that have person as their superclass.
   Greater Or Equal	Searches for an object class in which the property you selected is numerically or alphabetically greater than or equal to the value you enter. For example, the phrase Name Greater or Equal orcl gives you a list of object classes from those beginning with the letters orcl to those beginning with letters at the end of the alphabet.
   Less or Equal	Searches for an object class in which the property you selected is numerically or alphabetically less than or equal to the value you enter. For example, the phrase Name Less or Equal orcl gives you a list of object classes from those beginning with the letters orcl to those at the beginning of the alphabet.
   Not Null	Searches for all object classes in which the property you selected is present. For example, the phrase Mandatory Attributes Not Null gives you a list of all object classes which contain mandatory attributes.

5. In the text box at the right end of the search criteria bar, type the value of the property of the object class for which you are searching. For example, to search for all object classes in which the name of the object class begins with the letters orcl, type those letters in the text box at the right end of the search criteria bar.

6. Below the Search Criteria field are five buttons described in the next table. Use these buttons to further refine your search.

   Button	Description
   New	Creates a new search criteria bar in the Search Criteria field. This button is enabled only when the search criteria bar has been deleted.
   And	Creates another search criteria bar in the Search Criteria field. Matches all object classes having one specified criterion with those that also have another specified criterion.
   Or	Creates another search criteria bar in the Search Criteria field. Matches all object classes with either one specified attribute or another.
   Not	Negates the criterion in the selected search criteria bar and retrieves all object classes that do not have the specified criterion.
   Delete	Deletes a selected search criteria bar

7. Click Search. The results of your search appear in the window at the lower portion of the Find:Object Class dialog box.

Viewing Properties of Object Classes by Using Oracle Directory Manager

To view all object classes in the schema:

1. In the navigator pane, expand Schema Management. The tabs in the Schema Management pane display the components of the schema:
   • Object classes

   • Attributes

   • Syntaxes

   • Matching Rules

2. In the right pane, select the Object Classes tab page.

   To examine an individual object class and its attributes, in the Object Classes tab page, click the object class. The properties of the selected object class appear in the Object Class dialog box.

3. In the Object Class dialog box:
   • Object classes from which attributes may be inherited are listed in the Super Class box

   • Mandatory attributes are listed in the Mandatory Attributes box

   • Optional attributes are listed in the Optional Attributes box

   Each box indicates whether the attributes are indexed so that they can be used in a search expression.

Adding Object Classes by Using Oracle Directory Manager

To add object classes by using Oracle Directory Manager:

1. In the navigator pane, expand Oracle Internet Directory Servers > directory server, then select Schema Management.

2. Choose one of the following methods:
   • In the right pane, select the Object Classes tab and click the Create button in the toolbar.

   • Click the Create button at the bottom of the right pane.

   • From Operations menu, select Create Object Class.

   The New Object Class dialog box appears.

   Alternatively, select an object class that is similar to one you would like to create, and then click Create Like. A dialog box appears; it includes the attributes of the selected object class. You can create the new object class using the selected one as a template.

3. Enter the information in the fields described in the following table:

   Field	Description
   Name	Enter the name of the object class you are creating.
   Object ID	Enter the object identifier. This is a standardized numerical sequence based on IETF standards. It must be unique, and should comply with the system established within your organization. Normally it is derived from the identifier assigned by registration agencies, such as ANSI or ISO.
   Description	Use this optional field for your information only.
   Type	Specify the type of object class: Abstract, Structural, Auxiliary, None.
   Super Class	Specify the class(es) from which to derive this object class. This object class will inherit all the attributes of the superclass(es) you select. Every structural object class must have top as one of its superclasses. Clicking Add displays the Super Class Selector dialog box from which you can select the superclass(es) you want to add.
   Mandatory Attributes	Specify the attributes for which values must be entered. Clicking Add displays the Mandatory Attributes Selector dialog box from which you can select the mandatory attributes you want to add.
   Optional Attributes	Specify the attributes for which values are not required. Clicking Add displays the Optional Attributes Selector dialog box from which you can select the optional attributes you want to add.

4. Click OK.

   See Also: "Object Class Types" "Subclasses, Superclasses, and Inheritance" Oracle Directory Manager online help for further details about adding object classes

Modifying Object Classes by Using Oracle Directory Manager

To modify an object class:

1. In the navigator pane, select Schema Management, then select the Object Classes tab.

2. In the Object Classes tab page, double-click the object class you want to modify. The Object Class dialog box appears.

3. Modify or add the information in the fields described in the following table.

   Field	Description
   Name	Enter the name of the object class you are creating.
   Object ID	Enter the object identifier. This is a standardized numerical sequence based on IETF standards. It must be unique, and should comply with the system established within your organization. Normally it is derived from the identifier assigned by registration agencies, such as ANSI or ISO.
   Description	Use this optional field for your information only.
   Type	Specify the type of object class: Abstract, Structural, Auxiliary, None.
   Super Class	Specify the class(es) from which to derive this object class. This object class will inherit all the attributes of the superclass(es) you select. Every structural object class must have top as one of its superclasses. Clicking Add displays the Super Class Selector dialog box from which you can select the superclass(es) you want to add.
   Mandatory Attributes	Specify the attributes for which values must be entered. Clicking Add displays the Mandatory Attributes Selector dialog box from which you can select the mandatory attributes you want to add.
   Optional Attributes	Specify the attributes for which values are not required. Clicking Add displays the Optional Attributes Selector dialog box from which you can select the optional attributes you want to add.

4. Click OK.

   See Also: "Object Class Types" "Subclasses, Superclasses, and Inheritance"

Deleting Object Classes by Using Oracle Directory Manager

Caution: Oracle Corporation recommends that you not delete object classes from the schema. Should you decide to delete an object class, be careful not to delete one that is in use or that you might want to use in the future. If you delete an object class that is referenced by any entries, those entries then become inaccessible.

Note: You can add attributes to an auxiliary object class or a user-defined structural object class. See Also: Example: Adding a New Attribute to an Auxiliary or User-Defined Object Class for an example of adding attributes to an auxiliary object class

To delete an object class by using Oracle Directory Manager:

1. In the navigator pane, select Schema Management.

2. In the right pane, select the Object Classes tab and select the object class you want to delete.

3. Click Delete.

Managing Object Classes by Using Command-Line Tools

You can use command-line tools to add or modify existing object classes in the directory schema. The command-line tools enable you to use input files. Furthermore, the commands can be batched together in scripts.

To add or modify schema components, use ldapmodify.

See: "ldapmodify Syntax"

This section contains these examples:

• Example: Adding a New Object Class

• Example: Adding a New Attribute to an Auxiliary or User-Defined Object Class

Example: Adding a New Object Class

In this example, an LDIF input file, new_object_class.ldi, contains data similar to this:

dn: cn=subschemasubentry
changetype: modify
add: objectclasses
objectclasses: ( 1.2.3.4.5 NAME 'myobjclass' SUP top STRUCTURAL MUST ( cn $ 
sn ) MAY ( telephonenumber $ givenname $ myattr ) )

Be sure to leave the mandatory space between the opening and closing parentheses and the object identifier.

To load the file, enter this command:

ldapmodify -h myhost -p 389 -f new_object_class.ldi

This example adds the structural object class named myobjclass, giving it an object identifier of 1.2.3.4.5, specifying top as its superclass, requiring cn and sn as mandatory attributes, and allowing telephonenumber, givenname, and myattr as optional attributes. Note that all the attributes mentioned must exist prior to the execution of the command.

To create an abstract object class, follow the above example, replacing the word STRUCTURAL with the word ABSTRACT.

Example: Adding a New Attribute to an Auxiliary or User-Defined Object Class

To add a new attribute to either an auxiliary object class or a user-defined structural object class, use ldapmodify. This example deletes the old object class definition and adds the new definition in a compound modify operation. The change is committed by the Oracle directory server in one transaction. Existing data is not affected. The input file should be as follows:

dn: cn=subschemasubentry 
changetype: modify 
delete: objectclasses 
objectclasses: old value 
-
add: objectclasses 
objectclasses: new value

For example, to add the attribute changes to the existing object class country, the input file would be:

dn: cn=subschemasubentry
changetype: modify 
delete: objectclasses 
objectclasses:  ( 2.5.6.2 NAME 'country' SUP top STRUCTURAL MUST c MAY 

( searchGuide $ description  )  ) 
-
add: objectclasses 
objectclasses:  ( 2.5.6.2 NAME 'country' SUP top STRUCTURAL MUST c MAY 

( searchGuide $ description  $ changes )  )

About Attribute Management

This section contains these topics:

• Rules for Adding Attributes

• Rules for Modifying Attributes

• Rules for Deleting Attributes

You need to understand attributes from a conceptual standpoint before attempting operations involving attributes.

In most cases, the attributes available in the base schema will suit the needs of your organization. However, if you decide to use an attribute not available in the base schema, you can add a new attribute or modify an existing one.

By default, attributes are multi-valued. You can specify an attribute as single-valued by using either Oracle Directory Manager or command-line tools.

See Also: "Attributes" for a conceptual discussion of attributes

Rules for Adding Attributes

The rules for adding attributes are:

• The name and the object identifier of an attribute must be unique across all the schema components.

• Syntax and matching rules must agree.

• Any super attributes must already exist.

Rules for Modifying Attributes

The rules for modifying attributes are:

• The name and the object identifier of an attribute must be unique across all the schema components.

• The syntax of an attribute cannot be modified.

• A single-valued attribute can be made into multi-valued, but a multi-valued attribute cannot be made single-valued.

• You cannot modify or delete base schema attributes.

Rules for Deleting Attributes

The rules for deleting attributes are:

• You can delete only user-defined attributes. Do not delete attributes from the base schema.

• You can delete any attribute that is not referenced directly or indirectly by some other schema component.

  If you delete an attribute that is referenced by any entry, that entry will no longer be available for directory operations.

Managing Attributes by Using Oracle Directory Manager

This section contains these topics:

• Viewing All Directory Attributes by Using Oracle Directory Manager

• Searching for Attributes by Using Oracle Directory Manager

• Adding an Attribute by Using Oracle Directory Manager

• Modifying an Attribute by Using Oracle Directory Manager

• Deleting an Attribute by Using Oracle Directory Manager

• Indexing an Attribute by Using Oracle Directory Manager

  See Also: "Attribute Options" for information about attribute options "Managing Entries with Attribute Options by Using Oracle Directory Manager" and "Managing Entries with Attribute Options by Using Command-Line Tools" for instructions on adding and deleting attribute options and for searching for entries containing attribute options

Viewing All Directory Attributes by Using Oracle Directory Manager

To view attributes by using Oracle Directory Manager:

1. In the navigator pane, expand Oracle Internet Directory Servers > directory server instance, then select Schema Management.

2. In the right pane, select the Attributes tab. This tab page displays a table containing the attribute properties. The following table describes each column of the table in the Attributes tab page.

   Column	Description
   Name	The standardized attribute type names
   Indexed	Check boxes indicating whether attributes are indexed
   Object ID	Standardized object identifier for each attribute
   Description	Words describing various attributes
   Syntax	The standardized rules for data entry applicable to each attribute type
   Size	Maximum size allowed for each object
   Usage	Standards specifying how the attribute can be used. There are four options: userApplications, directoryOperation, distributedOperation, and dSAOperation.
   Ordering	Standards specifying how precedence is established for values
   Equality	Standards specifying how equality is determined in compare and search operations
   Substring	Used for regular expression matching
   Single Value	Indicates attribute types that contain a maximum of one value
   Super	Super attribute for each attribute

   See Also: "Viewing Attributes for a Specific Entry by Using Oracle Directory Manager" for instructions about how to view attributes for a specific entry

Searching for Attributes by Using Oracle Directory Manager

To search for attributes by using Oracle Directory Manager:

1. In the navigator pane, select Schema Management. The Schema Management tab pages appear in the right pane.

2. Select the Attributes tab page.

3. Click the Find Attributes button in the lower right corner. The Find Attributes dialog box appears

4. In the menu at the left end of the search criteria bar, select the property of the attributes for which you want to search. Options are:

   Field	Description
   Name	Name of the attribute for which you are searching
   Indexed	List of indexed attributes
   Object ID	Object Identifier for the attribute for which you are searching. For example, the phrase Object ID Begins With 2.5.2 gives you a list of attributes whose object identifiers begin with 2.5.2.
   Description	Words in the description column of attributes
   Syntax	The standardized rules for data entry applicable to this attribute type. Use this to narrow your search to attributes using a particular syntax.
   Size	Maximum size allowed for this object
   Usage	Standards specifying how the attribute can be used. You narrow your search by entering one of the following options: userApplications, directoryOperation, distributedOperation, and dSAOperation.
   Ordering	Standards specifying how precedence is established for values
   Equality	Standards specifying how equality is determined in compare and search operations
   Substring	Used for regular expression matching
   Single Value	Indicator that this attribute type contains a maximum of one value
   Super	Super attribute for the attribute for which you are searching

5. In the menu in the middle of the search criteria bar, select the filter you want to use for your search. Options are:

   Option	Description
   Begins With	Searches by using only the first few characters of the property's value. For example, the phrase Syntax Begins With 1.3 gives you a list of all attributes in which the first few numbers of the syntax identifier are 1.3.
   Ends With	Searches by using only the last few characters of the property's value. For example, the phrase Name Ends With License gives you a list of all attributes with that ending, such as carLicense.
   Contains	Searches for attributes that include the property with the value you enter. For example, the phrase Ordering Contains time gives you a list of all attributes with the word time in the Ordering column.
   Exact Match	Searches for a value that is exactly the same as that found in the attribute property you specified. For example, the phrase Equality Exact Match caseIgnoreMatch gives you a list of all attributes that have the caseIgnoreMatch matching rule.
   Greater or Equal	Searches for an attribute that has a property that is numerically or alphabetically greater than or equal to the value you enter. For example, the phrase Name Greater or Equal orcl gives you a list of attributes from those beginning with orcl to those beginning with letters at the end of the alphabet.
   Less or Equal	Searches for an attribute that has a property that is numerically or alphabetically less than or equal to the value you enter. For example, the phrase Name Less or Equal orcl gives you a list of attributes from those beginning with orcl to those beginning with letters at the start of the alphabet.
   Not Null	Searches for all attributes in which the attribute property you selected is present. For example, the phrase Description Not Null gives you a list of all attributes which have text in the description field.

6. In the text box at the right end of the search criteria bar, type part or all of the value of the attribute for which you want to search. For example, to search for all attributes whose names begin with the letters orcl, you would type those letters in the text box at the right end of the search criteria bar and create the phrase Name Begins With orcl.

7. Beneath the Search Criteria field are five buttons described in the following table. Use these buttons to further refine your search.

   Button	Description
   New	Creates a new search criteria bar in the Search Criteria field. This button is enabled only when the Search Criteria field is empty.
   And	Creates another search criteria bar in the Search Criteria field. Matches all attributes with one specified property with those that also have another specified property.
   Or	Creates another search criteria bar in the Search Criteria field. Matches all attributes with either one specified property or another.
   Not	Negates the criteria in the selected search criteria bar and matches all attributes that do not have the property specified.
   Delete	Deletes a selected search criteria bar

8. Click Search. The results of your search appear in the window at the lower portion of the Find: Attributes dialog box.

Adding an Attribute by Using Oracle Directory Manager

You can add a completely new attribute, or copy from an existing one.

Tip: Because equality, syntax, and matching rules are numerous and complex, it may be simpler to copy these characteristics from a similar existing attribute.

Adding a New Attribute by Using Oracle Directory Manager

To add a new attribute:

1. In the navigator pane, expand Oracle Internet Directory Servers > directory server, then select Schema Management.

2. Do one of the following:
   • In the right pane, select the Attributes tab, then click the Create button in the toolbar.

   • In the right pane, select the Attributes tab, then click the Create button at the bottom of the Attributes tab page.

   • From the Operation menu, select Create Attribute. The New Attribute Type dialog box appears. It contains two tab pages--General and Advanced--with fields in which you either enter values or select from menus.

3. In the General tab, enter values in each of the fields as described in the following table:

   Field	Description
   Name	Type the name for this attribute.
   Object ID	Type the Object ID for this attribute. The Object ID is a standardized numerical sequence based on IETF standards. It must be unique. Normally this is derived from the identifier assigned by registration agencies, such as ANSI or ISO. For an explanation of the standard identifiers, see the current LDAP standards available through the IETF Web site.
   Description	This optional field is for your information only.
   Syntax	Type the standardized rules for data entry applicable to this attribute type.
   Size	Type the maximum size allowed for this object.
   Single Value	Select this check box to indicate that this attribute type contains a maximum of one value.

4. Select the Advanced tab. Enter values in each of the fields as described in the following table.

   Field	Description
   Indexed	Select to add this attribute to the index, thereby making it available for use in a search. Only those attributes that have an equality matching rule can be indexed.
   Usage	Specify standards for how the attribute can be used. Options are: userApplications Attributes whose values must be entered by the user, for example, telephoneNumber directoryOperation Attributes whose values are entered by the directory server, for example, creatorName or timeStamp distributedOperation dSAOperation Attributes used for the internal operation of the server, for example, orclUpdateSchedule
   Ordering	Specify standards for how precedence is established for values
   Equality	Specify standards for how equality is determined in compare and search operations
   Substring	Specify regular expression matching
   Super	Add the super attribute for this attribute. To do this: Click the Add button next to this field. The Super Attribute Selector appears. Select the super attribute and click Select. Repeat as needed. To delete a super attribute from the Super field, select it, then click Delete.

5. Click OK.

   Note: To use this attribute, remember to declare it to be part of the attribute set for an object class. You do this by selecting Schema Management in the navigator pane, then, in the right pane, selecting the Object Classes tab page. For further instructions, see "Guidelines for Modifying Object Classes".

Creating a New Attribute from an Existing One by Using Oracle Directory Manager

To add an attribute by copying an existing attribute:

1. In the navigator pane, select Schema Management.

2. In the right pane, select the Attributes tab.

3. In the Attributes tab page, select the attribute you want to copy.

4. Click the Create Like button at the bottom of the right pane. The New Attribute Type dialog box for that attribute appears. This dialog box contains two tab pages--General and Advanced--with fields in which you enter values either by typing or selecting from menus.

5. Select the General tab and enter values in each of the fields as described in the following table. You must always change the DN to that of the new attribute.

   Field	Description
   Name	Type the name for this attribute.
   Object ID	Type the Object ID for this attribute. The Object ID is a standardized numerical sequence based on IETF standards. It must be unique. Normally this is derived from the identifier assigned by registration agencies, such as ANSI or ISO. For an explanation of the standard identifiers, see the current LDAP standards available through the IETF Web site.
   Description	This optional field is for your information only.
   Syntax	Type the standardized rules for data entry applicable to this attribute type.
   Size	Type the maximum size allowed for this object.
   Single Value	Select this check box to indicate that this attribute type contains a maximum of one value.

6. Select the Advanced tab and enter values in each of the fields as described in the following table.

   Field	Description
   Indexed	Select to add this attribute to the index, thereby making it available for use in a search. Only those attributes that have an equality matching rule can be indexed.
   Usage	Specify standards for how the attribute can be used. Options are: userApplications Attributes whose values must be entered by the user, for example, telephoneNumber directoryOperation Attributes whose values are entered by the directory server, for example, creatorName or timeStamp distributedOperation dSAOperation Attributes used for the internal operation of the server, for example, orclUpdateSchedule
   Ordering	Specify standards for how precedence is established for values
   Equality	Specify standards for how equality is determined in compare and search operations
   Substring	Specify regular expression matching
   Super	Add the super attribute for this attribute. To do this: Click the Add button next to this field. The Super Attribute Selector appears. Select the super attribute and click Select. Repeat as needed. To delete a super attribute from the Super field, select it, then click Delete.

7. Click OK.

Modifying an Attribute by Using Oracle Directory Manager

To modify an attribute by using Oracle Directory Manager:

1. In the navigator pane, select Schema Management.

2. In the right pane, select the Attributes tab, then select an editable attribute in the list.

3. Click Edit. The Attribute dialog box displays two tab pages--General and Advanced--with fields in which you enter values either by typing or selecting from menus.

4. Select the General tab and enter values in each of the fields as described in the following table.

   Field	Description
   Name	Type the name for this attribute.
   Object ID	Type the Object ID for this attribute. The Object ID is a standardized numerical sequence based on IETF standards. It must be unique. Normally this is derived from the identifier assigned by registration agencies, such as ANSI or ISO. For an explanation of the standard identifiers, see the current LDAP standards available through the IETF Web site.
   Description	This optional field is for your information only.
   Syntax	Type the standardized rules for data entry applicable to this attribute type.
   Size	Type the maximum size allowed for this object.
   Single Value	Select this check box to indicate that this attribute type contains a maximum of one value.

5. Select the Advanced tab and enter values in each of the fields as described in the following table.

   Field	Description
   Indexed	Select to add this attribute to the index, thereby making it available for use in a search. Only those attributes that have an equality matching rule can be indexed.
   Usage	Specify standards for how the attribute can be used. Options are: userApplications Attributes whose values must be entered by the user, for example, telephoneNumber directoryOperation Attributes whose values are entered by the directory server, for example, creatorName or timeStamp distributedOperation dSAOperation Attributes used for the internal operation of the server, for example, orclUpdateSchedule
   Ordering	Specify standards for how precedence is established for values
   Equality	Specify standards for how equality is determined in compare and search operations
   Substring	Specify regular expression matching
   Super	Add the super attribute for this attribute. To do this: Click the Add button next to this field. The Super Attribute Selector appears. Select the super attribute and click Select. Repeat as needed. To delete a super attribute from the Super field, select it, then click Delete.

6. Click OK.

Deleting an Attribute by Using Oracle Directory Manager

Note: You can delete only user-defined attributes. Do not delete attributes from the base schema.

To delete an attribute:

1. In the navigator pane, select Schema Management.

2. In the right pane, select the Attributes tab, then select an editable attribute in the list.

3. Click Delete.

Indexing an Attribute by Using Oracle Directory Manager

Oracle Internet Directory uses indexes to make attributes available for searches. When Oracle Internet Directory is installed, certain attributes are already indexed. If you want to use additional attributes in search filters, you must index them.

Note: You can use Oracle Directory Manager to index an attribute only at the time when you create it. You cannot use Oracle Directory Manager to index an already existing attribute. To index an already existing attribute, use the Catalog Management tool as described in "Indexing an Attribute by Using Command-Line Tools". You can index only those attributes that have: An equality matching rule Matching rules supported by Oracle Internet Directory as listed in "Matching Rules" No more than 28 characters in their names

Viewing Indexed Attributes by Using Oracle Directory Manager

To view indexed attributes:

1. In the navigator pane, select Schema Management.

2. In the right pane, select the Attributes tab. The Attributes tab displays all of the attributes in the schema. A selected check box in the Indexed column indicates an indexed attribute.

Adding an Index to an Attribute by Using Oracle Directory Manager

When you create an attribute as described in "Adding an Attribute by Using Oracle Directory Manager", you use the New Attribute Type dialog box. On the Advanced tab page of that dialog box, you select the Indexed check box.

Dropping an Index from an Attribute by Using Oracle Directory Manager

To drop an index from an attribute:

1. In the navigator pane, select Schema Management.

2. In the right pane, select the Attributes tab.

3. Select the indexed attribute. Note that this must be an attribute that is editable as indicated by the icon to the left of the attribute name.

4. Click Drop Index.

Managing Attributes by Using Command-Line Tools

This section discusses adding, modifying, and indexing attributes by using command-line tools. This section contains these topics:

• Adding and Modifying Attributes by Using ldapmodify

• Deleting Attributes by Using ldapmodify

• Indexing an Attribute by Using Command-Line Tools

Adding and Modifying Attributes by Using ldapmodify

To add a new attribute to the schema by using ldapmodify, type a command similar to the following at the system prompt:

ldapmodify -h host -p port -f ldif_filename

The LDIF file contains data similar to this:

dn: cn=subschemasubentry
changetype: modify
add: attributetypes
attributetypes: ( 1.2.3.4.5 NAME 'myattr' SYNTAX

                 '1.3.6.1.4.1.1466.115.121.1.38' )

To specify an attribute as single-valued, include in the attribute definition entry in the LDIF file the keyword SINGLE-VALUE with surrounding white space.

You can find a given syntax Object ID by using either Oracle Directory Manager or the ldapsearch command line tool.

See Also: "ldapmodify Syntax" for a detailed explanation of ldapmodify and its options "Viewing Syntaxes" for instructions on how to view syntaxes by using either Oracle Directory Manager or ldapsearch

Deleting Attributes by Using ldapmodify

Note: You can delete only user-defined attributes. Do not delete attributes from the base schema.

To delete an attribute by using ldapmodify, type a command similar to the following at the system prompt:

ldapmodify -h host -p port -f ldif_filename

The LDIF file contains data similar to this:

dn: cn=subschemasubentry
changetype: modify
delete: attributetypes
attributetypes: ( 1.2.3.4.5 NAME 'myattr' SYNTAX

                 '1.3.6.1.4.1.1466.115.121.1.38' )

You can find a given syntax Object ID by using either Oracle Directory Manager or the ldapsearch command line tool.

See Also: "ldapmodify Syntax" for a detailed explanation of ldapmodify and its options "Viewing Syntaxes" for instructions on how to view syntaxes by using either Oracle Directory Manager or ldapsearch

Indexing an Attribute by Using Command-Line Tools

Oracle Internet Directory uses indexes to make attributes available for searches. When Oracle Internet Directory is installed, the entry cn=catalogs lists available attributes that can be used in a search.

If you want to use additional attributes in search filters, you must add them to the catalog entry. You can index only those attributes that have:

• An equality matching rule

• Matching rules supported by Oracle Internet Directory as listed in "Matching Rules"

• No more than 28 characters in their names

You can index a new attribute--that is, one for which no data exists in the directory--by using ldapmodify. You can index an attribute for which data already exists in the directory by using the Catalog Management tool. You can drop an index from an attribute by using ldapmodify, but Oracle Corporation recommends that you use the Catalog Management tool.

Indexing an Attribute for Which No Data Exists by Using ldapmodify

Once you have defined a new attribute in the schema, you can add it to the catalog entry by using ldapmodify.

To add an attribute for which no directory data exists by using ldapmodify, import an LDIF file by using ldapmodify. For example, to add a new attribute foo that has already been defined in the schema, import the following LDIF file by using ldapmodify:

dn: cn=catalogs 
changetype: modify 
add: orclindexedattribute 
orclindexedattribute: foo

You should not use this method to index an attribute for which data exists in the directory. To index such an attribute, use the Catalog Management tool.

Dropping an Index from an Attribute by Using ldapmodify

To drop an index from an attribute by using ldapmodify, specify delete in the LDIF file. For example:

dn: cn=catalogs 
changetype: modify 
delete: orclindexedattribute
orclindexedattribute: foo

See Also: "ldapmodify Syntax"

Indexing an Attribute for Which Data Exists by Using the Catalog Management Tool

Use the Catalog Management tool to index an attribute for which data already exists and to drop an index from an attribute.

See Also: "Catalog Management Tool Syntax"

Note: Be careful not to use the catalog.sh -delete option to remove indexes on attributes unless you are absolutely sure that the indexes were not created by the base schema that was installed with Oracle Internet Directory. Removing indexes from base schema attributes can adversely impact the operation of Oracle Internet Directory.

Viewing Matching Rules

This section contains these topics:

• Viewing Matching Rules by Using Oracle Directory Manager

• Viewing Matching Rules by Using ldapsearch

  Note: Matching rules cannot be modified.

Viewing Matching Rules by Using Oracle Directory Manager

1. In the navigator pane, expand Oracle Internet Directory Servers > directory server instance, then select Schema Management.

2. In the right pane, select the Matching Rules tab. The fields in this tab page are shown as column heads. They are:

   Column Head	Meaning
   Name	Name of the attribute matching rule
   Object ID	Unique identifier of this matching rule
   Description	Words describing the matching rule (optional)
   Syntax	Syntax used with this matching rule

Viewing Matching Rules by Using ldapsearch

Use ldapsearch on the subentry cn=subSchemaSubentry.

See Also: "ldapsearch Syntax"

Viewing Syntaxes

This section contains these topics:

• Viewing Syntaxes by Using Oracle Directory Manager

• Viewing Syntaxes by Using by Using ldapsearch

  Note: Syntaxes cannot be modified.

Viewing Syntaxes by Using Oracle Directory Manager

To view syntaxes by using Oracle Directory Manager:

1. In the navigator pane, select Schema Management.

2. In the right pane, select the Syntaxes tab. The fields in this tab page are shown as column heads. They are:
   • Description--Name of the attribute syntax

   • Object ID--Unique identifier of this syntax

Viewing Syntaxes by Using by Using ldapsearch

Use ldapsearch on the subentry cn=subSchemaSubentry.

See Also: "ldapsearch Syntax"