Sun Java System Directory Server Enterprise Edition 6.2 Administration Guide

Managing Object Classes Over LDAP

This section explains how to create, view, and delete object classes over LDAP.

Creating Object Classes

The cn=schema entry has a multivalued attribute, objectClasses, that contains definitions of each object class in the directory schema. You can add to those definitions by using the ldapmodify(1) command.

New object class definitions, and changes that you make to user-defined object classes, are saved in the file 99user.ldif.

If you are creating several object classes that inherit from other object classes, you must create the parent object classes first. If your new object class uses custom attributes, you must also define those first.

For each object class definition, you must provide at least an OID. Consider using at least the following elements for new object classes:

ProcedureTo Create an Object Class

You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.

  1. Prepare your object class definition according to the syntax specified in RFC 4517.

  2. Use the ldapmodify(1) command to add your object class definition.

    Notice that Directory Server adds X-ORIGIN 'user defined' to the definition that you provide.


Example 11–4 Creating an Object Class

The following example adds a new object class using the ldapmodify command:


$ cat blogger.ldif 
dn: cn=schema
changetype: modify
add: objectClasses
objectClasses: ( 1.2.3.4.5.6.8 
 NAME 'blogger' 
 DESC 'Someone who has a blog' 
 SUP inetOrgPerson 
 STRUCTURAL 
 MAY blog )

$ ldapmodify -D cn=admin,cn=Administrators,cn=config -w - -f blogger.ldif
Enter bind password: 
modifying entry cn=schema

$

In a production environment, you would provide a valid, unique OID, not 1.2.3.4.5.6.8.


Viewing Object Classes

The cn=schema entry has a multivalued attribute, objectClasses, that contains definitions of each object class in the directory schema. You can read those definitions by using the ldapsearch(1) command.

ProcedureTo View an Object Class

You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.

  1. Use the ldapsearch command to view all the object class definitions that currently exist in your directory schema.


Example 11–5 Viewing Object Classes

The following command displays definitions for all object classes:


$ ldapsearch -T -b cn=schema "(objectclass=*)" objectClasses

The -T option prevents the ldapsearch command from folding LDIF lines, so you can more easily work with the output using commands such as grep or sed. If you then pipe the output of this command through the grep command, you can view only the user-defined extensions to directory schema. For example:


$ ldapsearch -T -b cn=schema "(objectclass=*)" objectClasses | grep "user defined"
objectClasses: ( 1.2.3.4.5.6.8 NAME 'blogger'
 DESC 'Someone who has a blog' STRUCTURAL MAY blog
 X-ORIGIN 'user defined' )
$ 

Deleting Object Classes

The cn=schema entry has a multivalued attribute, objectClasses, that contains definitions of each object class in the directory schema. You can delete definitions with X-ORIGIN 'user defined' by using the ldapmodify(1) command.

Because the schema is defined by the LDAP view in cn=schema, you can view and modify the schema online using the ldapsearch and ldapmodify utilities. However, you can delete only schema elements that have the value ’user defined’ for the X-ORIGIN field. The server will not delete other definitions.

Changes that you make to user-defined elements are saved in the file 99user.ldif .

ProcedureTo Delete an Object Class

You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.

  1. View the definition of the object class to delete.

    See To View an Object Class for details.

  2. Use the ldapmodify(1) command to delete the object class definition as it appears in the schema.


Example 11–6 Deleting an Object Class

The following command deletes the object class that was created in Example 11–4:


$ ldapmodify -D cn=admin,cn=Administrators,cn=config -w -
Enter bind password: 
dn: cn=schema
changetype: delete
delete: objectClasses
objectClasses: ( 1.2.3.4.5.6.8 NAME 'blogger' DESC 'Someone who has a blog' 
 STRUCTURAL MAY blog X-ORIGIN 'user defined' )
^D

Notice that you must include X-ORIGIN 'user defined', which was added by Directory Server to classify this schema definition as an extension.