Data Model for Sun Java System LDAP Schema 2
The basic data model of Sun Java System object classes is to extend LDAP entry types (for example, user, group, domain) created by core object classes by overlaying them with shared classes (object classes can be shared by more than one service) and service-specific object classes (classes specific to a certain type of server).
In addition, there are two ways to structure the LDAP data model: native mode (the preferred way) using only an Organization Tree, and compatibility mode (for backwards compatibility with earlier versions of Sun Java System or iPlanetTM LDAP based products) using both a DC Tree and an Organization Tree. The LDAP data model for compatibility mode is essentially the same as data model for the Sun Java System LDAP Schema 1. Provisioning your LDAP differs depending on whether you chose the native or compatibility mode at installation time.
Use the Sun Java Communications Suite Delegated Administrator (a command-line utility and a console) to add, modify and delete users, groups and domains.
For a discussion of the differences in LDAP data models between the native and compatibility modes (and LDAP Schema 1), see “LDAP Directory Information Tree Requirements” in Chapter 3, “Understanding Product Requirements and Considerations,” in the Sun Java Communications Suite Enterprise Deployment Planning Guide.
For more information on RFC 2798, RFC 2252, and internet standards, use the following URL:
http://www.imc.org/rfcs.html
Data Model for Sun Java System LDAP Schema 2 shows the core classes, shared classes and server specific classes for the three types of entries for native mode: domains, users and groups. Note that for Calendar Server, there is an additional type of entry for resources that need to be scheduled, such as conference rooms and equipment.
Note that while userPresenceProfile is not specifically a Messaging Server object class (it is used to store vacation start and end dates), Calendar Server does not use it at all.
This table also includes the classes used by Access Manager in these types of entries. Access Manager classes are shown in italicized font. Note that the object classes and attributes defined for Access Manager are subject to change. See the Sun Java Enterprise System Technical Overview for a discussion of provisioning concepts.
Table 1–1 Native Mode Entry types and Corresponding Object Classes|
Types |
Core Classes |
Shared Classes |
Server Specific Classes |
|---|---|---|---|
|
Domain |
organization domain sunManagedOrganization sunNameSpace |
none |
mailDomain icsCalendarDomain |
|
User |
person inetUser organizationalPerson inetOrgPerson |
ipUser userPresenceProfile iplanet-am-managed -person |
inetMailUser inetLocalMailRecipient |
|
Group |
groupOfUniqueNames iplanet-am -managed-group |
iplanet-am-managed -filtered-group iplanet-am-managed -assignable-group iplanet-am-managed -static-group |
inetMailGroup inetLocalRecipient |
|
Resource |
inetResource |
none |
icsCalendarResource |
Data Model for Sun Java System LDAP Schema 2 shows the core classes, shared classes and server specific classes for the four types of entries for compatibility mode: DC Tree domains, Organization Tree domains, users and groups.
Note that for Calendar Server, there is an additional type of entry for resources that need to be scheduled, such as conference rooms and equipment. Also note that userPresenceProfile is used only by Messaging Server, even though it is not a messaging specific object class.
This table also includes the classes used by Access Manager in these types of entries.
Table 1–2 Compatibility Mode Entry types and Corresponding Object Classes|
Types |
Core Classes |
Shared Classes |
Server Specific Classes |
|---|---|---|---|
|
DC Tree Domain |
domain inetDomain |
none |
mailDomain icsCalendarDomain |
|
Org Tree Domain |
organization sunManagedOrganization sunNameSpace |
none |
|
|
User |
person inetUser organizationalPerson inetOrgPerson |
ipUser userPresenceProfile iplanet-am-managed-person |
inetMailUser inetLocalMailRecipient |
|
Group |
groupOfUniqueNames iplanet-am-managed -group |
iplanet-am-managed -filtered-group iplanet-am-managed -assignable-group iplanet-am-managed -static-group |
inetMailGroup inetLocalRecipient |
|
Resource |
inetResource |
|
icsCalendarResource |
- © 2010, Oracle Corporation and/or its affiliates