Configuring the Directory Server
Configuring Security in the Directory Server
Running the Directory Server as a Non-Root User
Working With Object Identifiers (OIDs)
Extending the Directory Schema
Extending the Schema With a Custom Schema File
You can add new attribute types to the schema by using the ldapmodify command. The attribute types syntax requires that you provide at least a valid OID to define a new element. In typical applications, you can optionally include the following identifiers for the attribute type. To see the full set of attribute type elements, see Understanding Attribute Types in Sun OpenDS Standard Edition 2.0 Architectural Reference.
|
For example, you can specify the addition of a new attribute type, blogURL, in an LDIF file that will be added to the schema.
$ cat blogURL.ldif dn: cn=schema changetype: modify add: attributeTypes attributeTypes: ( 1.3.6.1.4.1.26037.1.999.1000 NAME ( 'blog' 'blogURL' ) DESC 'URL to a personal weblog' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'OpenDS Directory Server' USAGE userApplications )
Note - Pay special attention to the spaces in an attribute type declaration. The LDAP specification requires that a space exist between the opening parenthesis and the OID, and the value of the USAGE element and the closing parenthesis. Further, the LDIF specification states that LDIF parsers should ignore exactly one space at the beginning of each line. Therefore, it is a good practice to add two (2) spaces at the beginning of the line that starts with an element keyword. For example, add two spaces before NAME, DESC, SYNTAX, SINGLE-VALUE, X-ORIGIN, and USAGE in the previous example.
The cn=schema entry has a multivalued attribute, attributeTypes, that contains definitions of each attribute type in the directory schema. You can view the schema definitions by using the ldapsearch command.
Manipulation of the cn=schema suffix is regarded as an administrative action and, as such, it is recommended that you use the administration connector when accessing this suffix. See Managing Administration Traffic to the Server for more information.
$ ldapsearch -h localhost -p 4444 -D "cn=Directory Manager" -w password -X --useSSL \ --baseDN cn=schema --searchScope base \ "(objectclass=*)" attributeTypes dn: cn=schema attributeTypes: ( 2.5.4.41 NAME 'name' EQUALITY caseIgnoreMatch SUBSTR caseIgnore eSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} X-ORIGIN 'RFC 4519 ' ) attributeTypes: ( 2.5.4.49 NAME 'distinguishedName' EQUALITY distinguishedNameMa tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'RFC 4519' ) attributeTypes: ( 2.5.4.0 NAME 'objectClass' EQUALITY objectIdentifierMatch SYNT AX 1.3.6.1.4.1.1466.115.121.1.38 X-ORIGIN 'RFC 4512' ) ...(more output)...
$ ldapsearch -h localhost -p 4444 -D "cn=Directory Manager" -w password -X --useSSL \ -b cn=schema -s base --dontWrap "(objectclass=*)" attributeTypes | grep "telexNumber" attributeTypes: ( 2.5.4.21 NAME 'telexNumber' SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 X-ORIGIN 'RFC 4519' )
The cn=schema entry has a multivalued attribute, attributeTypes, that contains definitions of each attribute type in the directory schema. You add custom schema definitions by using the ldapmodify command. This example adds an attribute named blog.
Manipulation of the cn=schema suffix is regarded as an administrative action and, as such, it is recommended that you use the administration connector when accessing this suffix. See Managing Administration Traffic to the Server for more information.
dn: cn=schema changetype: modify add: attributeTypes attributeTypes: ( 1.3.6.1.4.1.26037.1.999.1000 NAME ( 'blog' 'blogURL' ) DESC 'URL to a personal weblog' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'OpenDS Directory Server' USAGE userApplications )
$ ldapmodify -h localhost -p 4444 -D "cn=Directory Manager" -w password -X --useSSL \ -a -f blogURL.ldif Processing MODIFY request for cn=schema MODIFY operation successful for DN cn=schema
$ ldapsearch -h localhost -p 4444 -D "cn=Directory Manager" -w password -X --useSSL \ -b cn=schema -s base --dontWrap "(objectclass=*)" attributeTypes | grep 'blog' attributeTypes: ( 1.3.6.1.4.1.26037.1.999.1000 NAME ( 'blog' 'blogURL' ) DESC 'URL to a personal weblog' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'OpenDS Directory Server' USAGE userApplications )
Note - The directory server automatically adds new attribute definitions to the 99user.ldif file.
The cn=schema entry has a multivalued attribute, attributeTypes, that contains definitions of each attribute type in the directory schema. You can delete definitions with X-ORIGIN 'user defined' by using the ldapmodify command. The directory server does not allow deletions to other definitions.
Caution - Be careful when deleting attribute types, because doing so can harm your directory. Do not delete an attribute type unless absolutely necessary. |
Manipulation of the cn=schema suffix is regarded as an administrative action and, as such, it is recommended that you use the administration connector when accessing this suffix. For more information, see Managing Administration Traffic to the Server.
dn: cn=schema changetype: modify delete: attributeTypes attributeTypes: ( 1.3.6.1.4.1.26037.1.999.1000 NAME ( 'blog' 'blogURL' ) DESC 'URL to a personal weblog' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'OpenDS Directory Server' USAGE userApplications )
$ ldapmodify -h localhost -p 4444 -D "cn=Directory Manager" -w password -X --useSSL \ --defaultAdd --fileName "remove_blogURL.ldif" Processing MODIFY request for cn=schema MODIFY operation successful for DN cn=schema