Oracle® Internet Directory Administrator's Guide 10g (9.0.4) Part Number B12118-01 |
|
Directory Schema Administration, 5 of 7
You can extend the number of attributes for entries. The method you use depends on whether the entries already exist.
For an existing entry, there are two ways to extend the attributes associated with it. One way is to add names of object classes to the list in the objectclass
attribute for each entry. If your directory is relatively small, then this can be a desirable method because it enables searches for entries based on that attribute. However, if your directory is large, then entering the names of object classes to the objectclass
attribute can be very painstaking. In this case, the second way, namely, using content rules, may be a more efficient way to extend the content of entries.
This section contains these topics:
At installation, Oracle Internet Directory provides standard LDAP object classes and several proprietary object classes. You cannot add mandatory attributes to the sets of attributes belonging to these predefined object classes. If a given object class does not contain all the attributes that you want for an entry, then you can do one of the following:
See Also:
You can create an auxiliary object class containing the additional attributes you want for your entry, and then associate that auxiliary object class with the entry. You associate the auxiliary object class with the entry by specifying it in the objectclass
attribute for the entry.
See Also:
|
A content rule, following your specifications, determines the kind of content allowed in any entry that is associated with a particular structural object class. For example, you can specify that any entry associated with the person
object class must have, in addition to the attributes in that object class, other attributes as well. The additional attributes can be those of an auxiliary object class, and they can be either mandatory or optional. You can also specify that such entries must not contain values for one or more particular attributes.
Whereas you must list auxiliary classes in the entry--which can be an administrative burden--you do not need to list content rules in the entry.
In addition to the structural object class to which it applies, a content rule can also indicate:
Content rules are defined as values of the DITContentRule
attribute in the subschema subentry (cn=subschemasubentry
). They must conform to these rules:
objectClass
attribute of that entry. More specifically:
objectClass
attribute must always be present in the entry
objectClass
attribute does not list these auxiliary object classes.
"Managing Content Rules" for instructions on creating and managing content rules
See Also:
When validating an object for schema consistency, the directory server uses the content rule for the structural object class of the entry. It also uses all the other object classes listed in the entry.
If more than one content rule exists for an object class, then, when adding or modifying an entry, or when bulkloading data, the following rules apply.
Because the auxiliary object classes listed in content rules are not listed in the objectclass
attribute for an entry, you cannot list those object classes as filters when you search for entries. Instead, base your searches on the structural object class that you are interested in. If you need to base your search on an auxiliary object class, then add that auxiliary object class to the objectclass
attribute in the user objects explicitly.
For example, a content rule for structural object class inetOrgPerson
may specify an auxiliary object class orclUser
. However, this does not mean that every inetOrgPerson
entry in the directory contains orclUser
as a value of the objectclass
attribute. As a result, the search with the filter objectclass=orclUser
fails. Instead of querying for an auxiliary object class contained in the content rule, you should query for structural object classes--for example, objectclass=inetOrgPerson
.
To base a search on objectclass=orcluser
, add orclUser
as one of the values of objectclass
attribute in each entry.
These considerations apply also to filters used in access control policies. If you are using a content rule to associate additional auxiliary object classes, then use only the structural object classes in the search filters.
This section tells you how to manage content rules by using Oracle Directory Manager and command-line tools.
This section tells you how to use Oracle Directory Manager to create and modify content rules.
Creating a Content Rule by Using Oracle Directory Manager
To create a content rule:
Modifying a Content Rule by Using Oracle Directory Manager
To modify a content rule:
The format of a content rule is:
DITContentRule ::= SEQUENCE {oids ALPHA-NUMERIC-OID, structuralObjectClass OBJECT-CLASS, LABEL CONTENT-LABEL OPTIONAL, auxiliaries SET (1..MAX) OF OBJECT-CLASS OPTIONAL, mandatory SET (1..MAX) OF ATTRIBUTE OPTIONAL, optional SET (1..MAX) OF ATTRIBUTE OPTIONAL,
Table 6-1 describes the parameters. Note that the attribute and object class names are case-insensitive.
During the process of defining a new content rule, the directory server validates the syntax and ensures that the attributes and object classes listed in the content rule have been defined in the directory.
Content rules can be specified for structural object classes only. The name of the object class is case-insensitive.
You can specify more than one content rule for each structural object class provided the content rules have different labels associated with them.
To modify an existing definition of a content rule, the client must first delete the existing definition and then add the new definition. Simple replacement of a content rule by using the replace
command is not allowed.
To delete a content rule, the client needs to specify only the structural object class and the alphanumeric object identifier of the content rule. Optionally, the client can also specify the associated version of the content rule to be deleted.
|
![]() Copyright © 1999, 2003 Oracle Corporation. All Rights Reserved. |
|