Oracle Internet Directory Administrator's Guide
Release 2.0.6
A77230-01

Library
Product
Contents
Index

Prev Next

6
Managing Directory Schema

This chapter covers topics in the following sections:

Guidelines for Managing Object Classes

This section explains how to add and modify object classes. Oracle Corporation recommends that you understand the basic concepts of directory components before attempting to add to or modify the base schema in the directory.

See Also:

  • Chapter 2 for a conceptual overview of LDAP schema components

  • Appendix F for a list of schema components installed with Oracle Internet Directory

 

Adding Object Classes

When you add directory entries, you select object classes for those entries. The attributes of an entry are determined by the object classes to which that entry is assigned.

Entries must be loaded in a top-down sequence. When you add an entry, all of its parent entries must already exist in the directory. Similarly, when you add entries that reference object classes and attributes, those referenced object classes and attributes must already exist in the directory schema. In most cases this will not be a problem since the directory server is delivered with a full set of standard directory objects.

Note:

Every schema object in the Oracle Internet Directory has certain limitations. For example, some objects cannot be changed. These limitations are explained as constraints and rules in this chapter. 

The attributes an entry inherits from an object class may be either mandatory or optional. Optional attributes need not be present in the directory entry.

You can specify for any object class whether an attribute is mandatory or optional; however, the characteristic you specify is binding only for that object class. If you place the attribute in another object class, you can again specify whether the attribute is mandatory or optional for that object class. You can:

Administrators typically assign object classes to entries based on the attributes present in that object class. However, superclasses let you take advantage of inheritance--that is, the object classes selected for an entry have a hierarchy of superclasses from which they inherit mandatory and optional attributes.

When you add object classes, keep the following guidelines in mind:

Modifying Object Classes

Listed below are the types of modifications you can make to an existing object class. The rules for these modifications are explained later in this section. You can perform any modifications through Oracle Directory Manager and through the command line tools.

It is generally not a good idea to modify object classes, except auxiliary object classes. If existing object classes do not have the attributes you need, it is better to create an auxiliary object class and associate the needed attributes with it.

You can make the following changes to an object class:

When you modify object classes, keep the following guidelines in mind:

Deleting Object Classes

There are also some limitations on deleting object classes:

Managing Object Classes by Using Oracle Directory Manager

This section discusses using Oracle Directory Manager to perform the administrative tasks described in the following sections:

Searching for Object Classes

You can specify your search for an object class by:

This section provides more details on how to enter an object class search.

To search for an object class:

  1. In the navigator pane, select Schema Management. The Schema Management tab pages appear in the right pane:


  2. Click the Find Object Classes button at the lower right of the right pane, or, from the menu bar, click Edit > Find Object Classes. The Find: Object Classes dialog box appears:


  3. In the menu farthest to the left on the search criteria bar, select the property of the object class for which you want to search. Options are:

    Option  Description 

    Name 

    Name of the object class for which you are searching. For example, the phrase Name Exact Match subAcl gives you the subAcl object class. 

    Object ID 

    Object Identifier for the object class for which you are searching. For example, the phrase Object ID Begins With 2.5.2 gives you a list of object classes whose object identifiers begin with 2.5.2. 

    Description 

    Word in the description field. For example, the phrase Description Contains Shoe gives you a list of object classes with the word shoe in the description column. 

    Type 

    The type of object class for which you are searching, whether abstract, structural, or auxiliary 

    Superclass 

    The class from which the object class for which you are searching is derived 

    Mandatory Attributes 

    Mandatory attributes of the object class for which you are searching. For example, the phrase Mandatory Attributes Contains cn gives you a list of all object classes in which the cn attribute is mandatory. 

    Optional Attributes 

    Optional attributes of the object class for which you are searching 

    Note:

    Not all attributes are used in every object class. Be sure that the attribute you specify actually corresponds to one in the object class for which you are looking. Otherwise, the search will fail. 

  4. In the text box at the right end of the search criteria bar, type the value of the property of the object class for which you are searching. For example, to search for all object classes in which the name of the property begins with the letters orcl, type those letters in the text box at the right end of the search criteria bar.

  5. In the menu in the middle of the search criteria bar, select the filter you want to use for your search. Options are:

    Filter  Description 

    Begins With 

    To search by using only the first few characters of the property of the object class for which you are searching. For example, the phrase Type Begins With aux gives you a list of all of the auxiliary object classes. 

    Ends With 

    To search by using only the last few characters of the property of the object class for which you are searching. For example, the phrase Type Ends With ral gives you a list of all of the structural object classes. 

    Contains 

    To search for object classes in which the property you selected includes, but is not necessarily limited to, the value you enter. For example, the phrase Optional Attributes Contains cn gives you a list of all object classes in which cn is an optional attribute. 

    Exact Match 

    To search for an object class in which the property you selected is exactly the same as the value you enter. For example, the phrase Super Class Exact Match person gives you a list of all object classes that have person as their superclass. 

    Greater Or Equal 

    To search for an object class in which the property you selected is numerically or alphabetically greater than or equal to the value you enter. For example, the phrase Name Greater or Equal orcl gives you a list of object classes from those beginning with the letters orcl to those beginning with letters at the end of the alphabet. 

    Less or Equal 

    To search for an object class in which the property you selected is numerically or alphabetically less than or equal to the value you enter. For example, the phrase Name Less or Equal orcl gives you a list of object classes from those beginning with the letters orcl to those at the beginning of the alphabet. 

    Not Null 

    To search for all object classes in which the property you selected is present. For example, the phrase Mandatory Attributes Not Null gives you a list of all object classes which contain mandatory attributes. 

  6. Below the Search Criteria field are five buttons described in Table 6-1. Use these buttons to further refine your search.

    Table 6-1 Search Criteria Buttons
    Button  Description 

    New 

    Creates a new search criteria bar in the Search Criteria field. This button is enabled only when the search criteria bar has been deleted. 

    And 

    Creates another search criteria bar in the Search Criteria field. Matches all object classes having one specified criterion with those that also have another specified criterion. 

    Or 

    Creates another search criteria bar in the Search Criteria field. Matches all object classes with either one specified attribute or another.  

    Not 

    Negates the criterion in the selected search criteria bar and retrieves all object classes that do not have the specified criterion. 

    Delete 

    Deletes a selected search criteria bar 
  7. Click Search. The results of your search appear in the window at the lower portion of the Find:Object Class dialog box.

Viewing Properties of Object Classes

You can view properties of object classes as described in the following sections:

Viewing All Object Classes in the Schema

To view all object classes in the schema:

  1. In the navigator pane, expand Schema Management. The tabs in the Schema Management pane display the components of the schema:

    • Object classes

    • Attributes

    • Syntaxes

    • Matching Rules

  2. Click the Object Classes tab in the right pane. A pane like the following appears.


    To see all the information in this pane, you can scroll horizontally and vertically.

Viewing Properties of an Individual Object Class

To examine an individual object class and its attributes, select the Object Classes tab and double-click the object class in the list displayed in the panel. The properties of the selected object class appear in the Object Class dialog box:


Object classes from which attributes may be inherited are listed in the Super Class pane. The mandatory attributes are listed in the Mandatory Attributes window and optional attributes are listed in the Optional Attributes window. Each window indicates whether the attributes are indexed so that they can be used in a search expression.

Adding Object Classes

To add object classes by using Oracle Directory Manager:

  1. In the navigator pane, select Schema Management, then choose one of the following methods:

    • In the right pane, select the Object Classes tab and click the Create button in the toolbar.

    • Click the Create button at the bottom of the right pane.

    • From Operations menu, select Create Object Class.

    The New Object Class dialog box appears:


    Alternatively, select an object class that is similar to one you would like to create, and then click the Create Like button. A window similar to the one shown above appears, but it includes the attributes of the selected object class. You can create the new object class using the selected one as a template.

  2. Enter the information in the fields that are described in Table 6-2.

    Table 6-2 Fields for Adding a New Object Class
    Field  Description 

    Name 

    Name of the object class you are creating 

    Object ID 

    A standardized numerical sequence based on IETF standards. It must be unique. Normally this is derived from the identifier assigned by registration agencies, such as ANSI or ISO. If you are creating a new object class, assign an identifier that is sure to be unique, following the system agreed upon within your organization. 

    Description 

    This optional field is for your information only 

    Type 

    The type of object class: Abstract, Structural, Auxiliary, None.

    See Also: "Object Class Types" 

    Super Class 

    The class(es) from which you are deriving this new object class. The new object class will inherit all the attributes of the superclass(es) you select. All structural object classes must have top as one of its superclasses.

    See Also: "Subclasses, Superclasses, and Inheritance" 

    Mandatory Attributes 

    Attributes for which values must be entered 

    Optional Attributes 

    Attributes for which values may be entered 

    You can add objects by clicking the buttons to the right of each window.

  3. Click OK.

    See Also:

    The online help for further details on adding object classes by using Oracle Directory Manager 

Modifying Object Classes

To modify an existing object class:

  1. In the navigator pane, expand Schema Management.

  2. Select the Object Classes tab page.

  3. In the Object Classes tab page, double-click the object class you want to modify. The Object Class dialog box appears:


  4. Enter the information in the fields described in Table 6-2.

    You can add attributes by clicking the buttons to the right of each window.

  5. Click Apply.

    See Also:

    Oracle Directory Manager online help for further details on modifying object classes 

Deleting Object Classes

Caution:

Oracle Corporation recommends that you not delete object classes from the schema.

Should you decide to delete an object class, be careful not to delete one that is in use or that you might want to use in the future. If you delete an object class that is referenced by any entries, those entries then become inaccessible. 

To delete an object class:

  1. In the navigator pane, select Schema Management.

  2. Select the Object Classes tab.

  3. In the Object Classes tab page, select the object class you want to delete.

  4. Click Delete.

Managing Object Classes by Using Command Line Tools

You can use command line tools to add or modify existing object classes in the directory schema. The command line tools enable you to use input files. Furthermore, the commands can be batched together in scripts.

To add or modify schema components, use ldapmodify.

See:

"ldapmodify" 

Example 1: Adding a New Object Class

To add a new object class schema component by using ldapmodify, at the system prompt type a command using the following syntax: 

ldapmodify -h host -p port -f ldif_filename

In this example, the LDIF input file contains data similar to this: 

dn: cn=subschemasubentry
changetype: modify
add: objectclasses
objectclasses: ( 1.2.3.4.5 NAME 'myobjclass' SUP top STRUCTURAL MUST ( cn $ 
sn ) MAY ( telephonenumber $ givenname $ myattr ) )

The example above adds the structural object class named myobjclass, giving it an object identifier of 1.2.3.4.5, specifying top as its superclass, requiring cn and sn as mandatory attributes, and allowing telephonenumber, givenname, and myattr as optional attributes. Note that all the attributes mentioned must exist prior to the execution of the command.

Be sure to leave the mandatory space between the opening and closing parentheses and the object identifier.

To create an abstract object class, follow the above example, replacing the word STRUCTURAL with the word ABSTRACT.

Example 2: Modifying an Auxiliary Object Class by Adding a New Attribute

To modify an auxiliary object class by adding a new attribute, use ldapmodify. The input file should be as follows: 

dn: cn=subschemasubentry 
changetype: modify 
delete: objectclasses 
objectclasses: old value 
-
add: objectclasses 
objectclasses: new value

For example, to add the attribute changes to the existing object class country, the input file would be: 

dn: cn=subschemasubentry 
changetype: modify 
delete: objectclasses 
objectclasses:  ( 2.5.6.2 NAME 'country' SUP top STRUCTURAL MUST c MAY 

( searchGuide $ description  )  ) 
-
add: objectclasses 
objectclasses:  ( 2.5.6.2 NAME 'country' SUP top STRUCTURAL MUST c MAY 

( searchGuide $ description  $ changes )  )

Rules for Managing Attributes

This section explains how to add, modify, and delete user-defined attributes. You need to understand attributes from a conceptual standpoint before attempting operations involving attributes.

In most cases, the attributes available in the base schema will suit the needs of your organization. However, if you decide to use an attribute not available in the base schema, you can add a new attribute, or modify an existing one.

See Also:

"Attributes" 

Adding Attributes

The rules for adding attributes are:

Modifying Attributes

The rules for modifying attributes are:

Deleting Attributes

The rules for deleting attributes are:

Managing Attributes by Using Oracle Directory Manager

Oracle Directory Manager allows you to manage attributes by performing tasks described in the following sections:

Searching for Attributes

To search for attributes by using Oracle Directory Manager:

  1. In the navigator pane, select Schema Management. The Schema Management tab pages appear in the right pane.

  2. Select the Attributes tab page:


  3. Click the Find Attributes button in the lower right corner. The Find Attributes dialog box appears:


  4. In the menu at the left end of the search criteria bar, select the property of the attributes for which you want to search. Options are:

    Field  Description 

    Name 

    Name of the attribute for which you are searching 

    Indexed 

    List of indexed attributes 

    Object ID 

    Object Identifier for the attribute for which you are searching. For example, the phrase Object ID Begins With 2.5.2 gives you a list of attributes whose object identifiers begin with 2.5.2

    Description 

    Words in the description column of attributes 

    Syntax 

    The standardized rules for data entry applicable to this attribute type. Use this to narrow your search to attributes using a particular syntax.  

    Size 

    Maximum size allowed for this object 

    Usage 

    Standards specifying how the attribute can be used. You narrow your search by entering one of the following options: userApplications, directoryOperation, distributedOperation, and dSAOperation

    Ordering 

    Standards specifying how precedence is established for values 

    Equality 

    Standards specifying how equality is determined in compare and search operations 

    Substring 

    Used for regular expression matching 

    Single Value 

    Indicates that this attribute type contains a maximum of one value 

    Super 

    Super attribute for the attribute for which you are searching 

  5. In the text box at the right end of the search criteria bar, type part or all of the value of the attribute for which you want to search. For example, to search for all attributes whose names begin with the letters orcl, you would type those letters in the text box at the right end of the search criteria bar and create the phrase Name Begins With orcl.

  6. In the menu in the middle of the search criteria bar, select the filter you want to use for your search. Options are:

    Option  Description 

    Begins With 

    To search by using only the first few characters of the property's value. For example, the phrase Syntax Begins With 1.3 gives you a list of all attributes in which the first few numbers of the syntax identifier are 1.3

    Ends With 

    To search by using only the last few characters of the property's value. For example, the phrase Name Ends With License gives you a list of all attributes with that ending, such as carLicense

    Contains 

    To search for attributes that include the property with the value you enter. For example, the phrase Ordering Contains time gives you a list of all attributes with the word time in the Ordering column 

    Exact Match 

    To search for a value that is exactly the same as that found in the attribute property you specified. For example, the phrase Equality Exact Match caseIgnoreMatch gives you a list of all attributes that have the caseIgnoreMatch matching rule. 

    Greater or Equal 

    To search for an attribute that has a property that is numerically or alphabetically greater than or equal to the value you enter. For example, the phrase Name Greater or Equal orcl gives you a list of attributes from those beginning with orcl to those beginning with letters at the end of the alphabet. 

    Less or Equal 

    To search for an attribute that has a property that is numerically or alphabetically less than or equal to the value you enter. For example, the phrase Name Less or Equal orcl gives you a list of attributes from those beginning with orcl to those beginning with letters at the start of the alphabet. 

    Not Null 

    To search for all attributes in which the attribute property you selected is present. For example, the phrase Description Not Null gives you a list of all attributes which have text in the description field. 

  7. Beneath the Search Criteria field are five buttons described in the table below. Use these buttons to further refine your search.

    Button  Description 

    New 

    Creates a new search criteria bar in the Search Criteria field. This button is enabled only when the Search Criteria field is empty. 

    And 

    Creates another search criteria bar in the Search Criteria field. Matches all attributes with one specified property with those that also have another specified property.  

    Or 

    Creates another search criteria bar in the Search Criteria field. Matches all attributes with either one specified property or another.  

    Not 

    Negates the criteria in the selected search criteria bar and matches all attributes that do not have the property specified.  

    Delete 

    Deletes a selected search criteria bar 

  8. Click Search. The results of your search appear in the window at the lower portion of the Find: Attributes dialog box.

Adding an Attribute

You can use Oracle Directory Manager to add attributes as described in the following sections:

Adding a New Attribute

To add a new attribute by using Oracle Directory Manager:

  1. In the navigator pane, select the Schema Management tab.

  2. Choose one of the following methods:

    • In the right pane, select the Attributes tab, then click the Create button in the toolbar.

    • Click the Create button at the bottom of the right pane.

    • Select Create Attribute from the Operation menu.

    The New Attribute Type dialog box appears:


    This dialog box contains two tab pages--General and Advanced--with fields in which you enter values either by typing or selecting from menus.

  3. In the General tab, enter values in each of the fields as described in Table 6-3.

    Table 6-3 Fields for Adding Attributes in General Tab
    Field  Description 

    Name 

    Name for this attribute 

    Object ID 

    A standardized numerical sequence based on IETF standards. It must be unique. Normally this is derived from the identifier assigned by registration agencies, such as ANSI or ISO.

    For an explanation of the standard identifiers, see the current LDAP standards available through the IETF website. 

    Description 

    This optional field is for your information only. 

    Syntax 

    The standardized rules for data entry applicable to this attribute type. 

    Size 

    Maximum size allowed for this object 

    Single Value 

    Selecting this check box indicates that this attribute type contains a maximum of one value. 
  4. Select the Advanced tab:


    In the Advanced tab page, enter values in each of the fields as described in Table 6-4.

    Table 6-4 Fields for Adding Attributes in Advanced Tab
    Field  Description 

    Indexed 

    Selecting the Indexed check box adds this attribute to the index, thereby making it available for use in a search. Only those attributes that have an equality matching rule can be indexed. 

    Usage 

    Standards specifying how the attribute can be used. Options are:

    • userApplications

      Attributes whose values must be entered by the user, for example, telephoneNumber

    • directoryOperation

      Attributes whose values are entered by the directory server, for example, creatorName or timeStamp

    • distributedOperation

    • dSAOperation

      Attributes used for the internal operation of the server, for example, orclUpdateSchedule

     

    Ordering 

    Standards specifying how precedence is established for values 

    Equality 

    Standards specifying how equality is determined in compare and search operations 

    Substring 

    Used for regular expression matching 

    Super 

    Super attribute for this attribute. To add the super attribute, click the Add button next to this field. The Super Attribute Selector appears. Select the super attribute and click Select. Repeat as needed. To delete a super attribute from the Super field, select it, then click Delete. 
  5. Click OK.

    Note:

    To use this attribute, remember to declare it to be part of the attribute set for an object class. You do this by selecting Schema Management in the navigator pane, then, in the right pane, selecting the Object Classes tab page. For further instructions, see "Modifying Object Classes"

Adding an Attribute by Copying an Existing Attribute

To add an attribute by copying an existing attribute:

  1. In the navigator pane, select Schema Management. The right pane displays the tab pages you use to manage the schema.

  2. In the right pane, select the Attributes tab.

  3. In the Attributes tab page, select the attribute you want to copy.

  4. Click the Create Like button at the bottom of the right pane. The Attribute dialog box for that attribute appears:


    This dialog box contains two tab pages--General and Advanced--with fields in which you enter values either by typing or selecting from menus.

  5. Select the General tab and enter values in each of the fields as described in Table 6-3. You must always change the DN to that of the new attribute.

  6. Select the Advanced tab and enter values in each of the fields as described in Table 6-4 .

  7. Click OK to save your changes.

Modifying an Attribute

To modify an attribute by using Oracle Directory Manager:

  1. In the navigator pane, select Schema Management.

  2. In the right pane, select the Attributes tab and double-click an editable attribute in the list. The Attribute dialog box displays properties of the selected attribute:


    This dialog box contains two tab pages--General and Advanced--with fields in which you enter values either by typing or selecting from menus.

  3. Select the General tab and enter values in each of the fields as described in Table 6-3.

  4. Select the Advanced tab and enter values in each of the fields as described in Table 6-4 .

  5. Click OK.

Indexing an Attribute

Oracle Internet Directory uses indexes to make attributes available for searches. When Oracle Internet Directory is installed, certain attributes are already indexed. If you want to use additional attributes in search filters, you must index them.

Note:

You cannot use Oracle Directory Manager to index an already existing attribute. If you are using Oracle Directory Manager, you can index an attribute only at the time when you create it. To index an already existing attribute, use the Catalog Management tool.

Also, only those attributes that have an equality matching rule can be indexed. 

See Also:

"Indexing an Attribute by Using Command Line Tools" for instructions on using the command line catalog management tool 

This section covers topics in the following subsections:

Viewing Indexed Attributes

To view indexed attributes:

  1. In the navigator pane, select Schema Management.

  2. In the right pane, select the Attributes tab. The Attributes tab displays all of the attributes in the schema. A selected check box in the Indexed column indicates an indexed attribute.

Indexing an Attribute When You Create It

See:

"Adding an Attribute" 

Dropping an Index from an Attribute

To drop an index from an attribute:

  1. In the navigator pane, select Schema Management.

  2. In the right pane, select the Attributes tab.

  3. Select the indexed attribute. Note that this must be an attribute that is editable as indicated by the icon to the left of the attribute name.

  4. Click Drop Index.

Managing Attributes by Using Command Line Tools

You can use command line tools to perform the tasks described in the following sections:

Adding and Modifying Attributes

See Also:

"ldapmodify" for a detailed explanation of this command and its options 

To add a new attribute to the schema by using ldapmodify, type a command similar to the following at the system prompt: 

ldapmodify -h host -p port -f ldif_filename

The input file contains data similar to this: 

dn: cn=subschemasubentry
changetype: modify
add: attributetypes
attributetypes: ( 1.2.3.4.5 NAME 'myattr' SYNTAX

                 '1.3.6.1.4.1.1466.115.121.1.38' )

Finding a Syntax Object ID

You can find a given syntax Object ID by using either Oracle Directory Manager or the ldapsearch command line tool.

Viewing Syntaxes by Using Oracle Directory Manager

To view syntaxes by using Oracle Directory Manager:

  1. In the navigator pane, select Schema Management.

  2. In the right pane, select the Syntaxes tab:


Viewing Syntaxes by Using by Using ldapsearch

Use ldapsearch on the subentry cn=subSchemaSubentry.

See Also:

"ldapsearch" 

Indexing an Attribute by Using Command Line Tools

Oracle Internet Directory uses indexes to make attributes available for searches. When Oracle Internet Directory is installed, the entry cn=catalogs lists available attributes that can be used in a search.

If you want to use additional attributes in search filters, you must add them to the catalog entry. Only those attributes that have an equality matching rule can be indexed.

You can index a new attribute--that is, one for which no data exists in the directory--by using ldapmodify. You can index an attribute for which data already exists in the directory by using the Catalog Management tool. You can drop an index from an attribute by using ldapmodify, but the recommended method is by using the Catalog Management tool.

These topics are discussed in the following sections:

Indexing an Attribute for Which No Directory Data Exists

Once you have defined a new attribute in the schema, you can add it to the catalog entry by using ldapmodify.

To add an attribute for which no directory data exists by using ldapmodify, import an LDIF file by using ldapmodify. For example, to add a new attribute foo that has already been defined in the schema, import the following LDIF file by using ldapmodify: 

Dn: cn=catalogs 
Changetype: modify 
Add: orclindexedattribute 
Orclindexedattribute: foo

You should not use this method to index an attribute for which data exists in the directory. To index such an attribute, use the Catalog Management Tool.

To drop an index from an attribute by using ldapmodify, specify delete in the LDIF file. For example: 

Dn: cn=catalogs 
Changetype: modify 
Delete: orclindexedattribute 
Orclindexedattribute: foo

See Also:

"ldapmodify" 

Indexing an Attribute for Which Directory Data Exists

Use the Catalog Management Tool to index an attribute for which data already exists and to drop an index from an attribute.

See:

"Using the Catalog Management Tool" 

Prev Next
Oracle
Copyright © 1999 Oracle Corporation.
All Rights Reserved.

Library
Product
Contents
Index