Skip Navigation Links | |
Exit Print View | |
Oracle Directory Server Enterprise Edition Administration Guide 11g Release 1 (11.1.1.5.0) |
Part I Directory Server Administration
2. Directory Server Instances and Suffixes
3. Directory Server Configuration
6. Directory Server Access Control
7. Directory Server Password Policy
8. Directory Server Backup and Restore
9. Directory Server Groups, Roles, and CoS
10. Directory Server Replication
To Fix Schema Compliance Problems
Extending Directory Server Schema
Extending Schema With a Custom Schema File
To Extend Schema With a Custom Schema File
When Creating Custom Schema Files
Extending Schema Using a Schema File and Replication
To Extend Schema Using a Schema File and Replication
Default Directory Server Schema
Naming Attributes and Object Classes
When Defining New Object Classes
Managing Attribute Types Over LDAP
13. Directory Server Attribute Value Uniqueness
15. Directory Server Monitoring
Part II Directory Proxy Server Administration
16. Directory Proxy Server Tools
17. Directory Proxy Server Instances
19. Directory Proxy Server Certificates
20. Directory Proxy Server Load Balancing and Client Affinity
21. Directory Proxy Server Distribution
22. Directory Proxy Server Virtualization
23. Virtual Data Transformations
24. Connections Between Directory Proxy Server and Back-End LDAP Servers
25. Connections Between Clients and Directory Proxy Server
26. Directory Proxy Server Client Authentication
27. Directory Proxy Server Logging
28. Directory Proxy Server Monitoring and Alerts
Part III Directory Service Control Center Administration
This section explains how to create, view, and delete object classes over LDAP.
The cn=schema entry has a multivalued attribute, objectClasses, that contains definitions of each object class in the directory schema. You can add to those definitions by using the ldapmodify(1) command.
New object class definitions, and changes that you make to user-defined object classes, are saved in the file 99user.ldif.
If you are creating several object classes that inherit from other object classes, you must create the parent object classes first. If your new object class uses custom attributes, you must also define those first.
For each object class definition, you must provide at least an OID. Consider using at least the following elements for new object classes:
Object Class OID. Corresponds to the object identifier for your object class. An OID is a string, usually of dotted decimal numbers, that uniquely identifies the schema object.
For strict LDAP v3 compliance, you must provide a valid numeric OID. To learn more about OIDs or to request a prefix for your enterprise, send email to the IANA (Internet Assigned Number Authority) at iana@iana.org, or see the IANA web site.
Object class name. Corresponds to a unique name for the object class.
Parent object class. Is an existing object class from which this object class inherits attributes.
If you do not intend to have this object class inherit from another specific object class, use top.
Typically, if you want to add new attributes for user entries, the parent would be the inetOrgPerson object class. If you want to add new attributes for corporate entries, the parent is usually organization or organizationalUnit. If you want to add new attributes for group entries, the parent is usually groupOfNames or groupOfUniqueNames.
Required attributes. Lists and defines attributes that must be present for this object class.
Allowed attributes. Lists and defines additional attributes that can be present for this object class.
You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.
Notice that Directory Server adds X-ORIGIN 'user defined' to the definition that you provide.
Example 11-4 Creating an Object Class
The following example adds a new object class using the ldapmodify command:
$ cat blogger.ldif dn: cn=schema changetype: modify add: objectClasses objectClasses: ( 1.2.3.4.5.6.8 NAME 'blogger' DESC 'Someone who has a blog' SUP inetOrgPerson STRUCTURAL MAY blog ) $ ldapmodify -D cn=admin,cn=Administrators,cn=config -w - -f blogger.ldif Enter bind password: modifying entry cn=schema $
In a production environment, you would provide a valid, unique OID, not 1.2.3.4.5.6.8.
The cn=schema entry has a multivalued attribute, objectClasses, that contains definitions of each object class in the directory schema. You can read those definitions by using the ldapsearch(1) command.
You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.
Example 11-5 Viewing Object Classes
The following command displays definitions for all object classes:
$ ldapsearch -T -b cn=schema "(objectclass=*)" objectClasses
The -T option prevents the ldapsearch command from folding LDIF lines, so you can more easily work with the output using commands such as grep or sed. If you then pipe the output of this command through the grep command, you can view only the user-defined extensions to directory schema. For example:
$ ldapsearch -T -b cn=schema "(objectclass=*)" objectClasses | grep "user defined" objectClasses: ( 1.2.3.4.5.6.8 NAME 'blogger' DESC 'Someone who has a blog' STRUCTURAL MAY blog X-ORIGIN 'user defined' ) $
The cn=schema entry has a multivalued attribute, objectClasses, that contains definitions of each object class in the directory schema. You can delete definitions with X-ORIGIN 'user defined' by using the ldapmodify(1) command.
Because the schema is defined by the LDAP view in cn=schema, you can view and modify the schema online using the ldapsearch and ldapmodify utilities. However, you can delete only schema elements that have the value ’user defined’ for the X-ORIGIN field. The server will not delete other definitions.
Changes that you make to user-defined elements are saved in the file 99user.ldif .
You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.
See To View an Object Class for details.
Example 11-6 Deleting an Object Class
The following command deletes the object class that was created in Example 11-4:
$ ldapmodify -D cn=admin,cn=Administrators,cn=config -w - Enter bind password: dn: cn=schema changetype: delete delete: objectClasses objectClasses: ( 1.2.3.4.5.6.8 NAME 'blogger' DESC 'Someone who has a blog' STRUCTURAL MAY blog X-ORIGIN 'user defined' ) ^D
Notice that you must include X-ORIGIN 'user defined', which was added by Directory Server to classify this schema definition as an extension.