Chapter 6 Solaris for ISPs Directory Services Schema
SolarisTM for ISPsTM extends the standard schema defined in SunTM Directory Services. The base schema is defined in Chapter 8, "Configuring the Directory Schema," of the Sun Directory Services 3.1 Administration Guide. Extensions to the base schema, both object classes and attributes, are discussed in this chapter.
Note -
The schema defined by Solaris for ISPs is unstable in this first release of the product. Object class and attribute definitions that are a part of the schema extension may change without warning in future releases.
Maintaining the Schema
In general, you should not change existing object classes or attributes in the schema, but use or add to them for your purposes. If you change an attribute or object class so that the Solaris for ISPs software cannot use it, you may have to reinstall the directory. In this case, any data entries not backed up will be lost. For information on backing up the directory, see the Sun Directory Services manual pages for ldbmcat and ldif2ldbm.
If you decide to add to the schema, refer to Chapter 8, "Configuring the Directory Schema," of the Sun Directory Services 3.1 Administration Guide for complete details.
What to Back Up
To ensure the integrity of the directory, you should periodically back up the schema configuration files. Certainly, you should back up the schema before starting work to extend it for your own uses.
As discussed in detail in Chapter 4, "Configuring Directory Services," of the Sun Directory Services 3.1 Administration Guide, the following files are critical for directory services function:
-
dsserv.conf holds the main configuration information.
-
dsserv.oc.conf holds the object class definitions.
-
dsserv.at.conf holds the attribute definitions.
-
dsserv.acl.conf holds access control information.
Copies of these files are stored in three places in the system:
-
/etc/opt/SUNWconn/ldap/current holds the current configuration files.
-
/etc/opt/SUNWconn/ldap/default holds the default configuration files that were installed with the software. (These files are read-only.)
-
/etc/opt/SUNWconn/ldap/previous holds the previous configuration files.
Before starting any work on the schema, back up the configuration files in /etc/opt/SUNWconn/ldap/current and those in /etc/opt/SUNWconn/ldap/previous. When you edit the files, Sun Directory Services copies the unedited files in ~/current to ~/previous. It does this only once per editing session, (until you restart dsservd). If you are making many changes to the schema, you may want to make manual backups of your changes as you work.
Backup information is presented in detail in Chapter 4, "Configuring Directory Services," of the Sun Directory Services 3.1 Administration Guide.
Restoring the Schema
To restore your directory services configuration to a previous version, stop dsservd, replace the desired configuration files in /etc/opt/SUNWconn/ldap/current, and restart the daemon. Step-by-step information is presented in Chapter 4, "Configuring Directory Services," of the Sun Directory Services 3.1 Administration Guide.
Restoring the Solaris for ISPs Schema
When Solaris for ISPs is installed, the original schema configuration files are backed up at /etc/opt/SUNWisp/SUNWconn/ldap/backup. This files were customized at installation with your root domain and administrator information. If you are working on the schema, and arrive at a situation where Solaris for ISPs does not work, restore the default schema as follows:
-
Log into the machine where the directory services is running.
-
Give yourself root access.
-
Stop the directory services server, by entering:# /etc/init.d/dsserv stop
Note -You can also stop and start the server through its administration console.
-
Copy each of the configuration files from the backup to the current directory:
-
cp /etc/opt/SUNWisp/SUNWconn/ldap/backup/ispdsserv.conf /etc/opt/SUNWconn/ldap/current/dsserv.conf
-
cp /etc/opt/SUNWisp/SUNWconn/ldap/backup/ispdsserv.at.conf /etc/opt/SUNWconn/ldap/current/dsserv.at.conf
-
cp /etc/opt/SUNWisp/SUNWconn/ldap/backup/ispdsserv.oc.conf /etc/opt/SUNWconn/ldap/current/dsserv.oc.conf
-
cp /etc/opt/SUNWisp/SUNWconn/ldap/backup/ispdsserv.acl.conf /etc/opt/SUNWconn/ldap/current/dsserv.acl.conf
-
cp /etc/opt/SUNWisp/SUNWconn/ldap/backup/mapping/radius.mapping /etc/opt/SUNWconn/ldap/current/mapping/radius.mapping
-
-
Start the directory services server by entering:# /etc/init.d/dsserv start
Solaris for ISPs Object Classes
This section contains a list of the object classes added to the base schema to support Solaris for ISPs. Attributes listed as mandatory must have a value entered when the entry is created. Object classes are listed in alphabetical order.
ispAdministrator Class
Purpose: Defines an entry representing an administrator of ISP services and networks. The ispAdministrator's relative distinguished name the commonName attribute and its value. Its superior object is ispSubscriber.
Table 6-1 ispAdministrator Attributes| Attribute name | Mandatory? | Schema | Purpose |
|---|---|---|---|
| associatedDomain | No | Base | The domain with which this administrator is associated. Reserved for future Solaris for ISPs functionality. |
| commonName | Yes | Base | The name of the administrator described by the entry, in the form Firstname Lastname (userid). |
| description | No | Base | An arbitrary description of the administrator. |
| gidNumber | No | Base | A UNIX group-ID. For virtually-hosted FTP or Web services, the group ID specified for the virtual domain. |
| homeDirectory | No | Base | The file system location of the home directory of the administrator described by the entry. (Not used by Solaris for ISPs.) |
| ispAdministeredService | No | Extension | The distinguished names of services this administrator is authorized to manage. |
| ispContentDirectory | No | Extension | A directory location where content belonging to the administrator is located. For virtually-hosted FTP or Web services, the path to user content relative to the ispRootDirectory. |
| labeledURI | No | Base | The Uniform Resource Identifier and label associated with the Web page of this administrator. |
| No | Base | The advertised electronic mail address of the administrator. | |
| objectClass | Yes | Base | The object class of the entry (ispAdministrator). |
| ou | No | Base | The organizational unit to which the entry belongs. In this release of Solaris for ISPs, the Administrator node under the root domain. |
| surname | Yes | Base | The family name of the administrator |
| userCertificate | No | Base | A certificate containing the public key of the administrator. |
| userid | Yes | Base | The login name of the administrator. |
| userPassword | Yes | Base | The password of the administrator. |
| uidNumber | No | Base | A UNIX user-ID. For virtually-hosted FTP or Web services, the user ID specified for the virtual domain. |
ispManagedService Class
Purpose: Defines an entry representing an ISP service that is managed by Sun Internet Administrator. This object class is reserved for use by Sun Internet Administrator. The ispManagedService's relative distinguished name is the host attribute and its value.
Table 6-2 ispManagedService Attributes| Attribute name | Mandatory? | Schema | Purpose |
|---|---|---|---|
| associatedName | No | Base | The distinguished name of the top-level service entry for this service. |
| commonName | No | Base | The user-friendly name of a service, for display in the GUI of Sun Internet Administrator |
| host | Yes | Base | The fully-qualified name of the host where this service is installed. |
| ispCategory | No | Base | The type of user interface supported by this service. See the ispCategory attribute section for details. |
| ispImageFile | No | Extension | The name of a GIF image file containing the icon for this service. |
| ispServiceLocation | No | Extension | The path to the X-based administration application for this service. |
| ispParameterizedOperation | No | Extension | Information on a supported command-line utility that accepts parameters. |
| ispServlets | No | Extension | The fully-qualified Java class name of a servlet used in this service's administration user interface. |
| ispServletClasspath | No | Extension | The Java classpath for classes required by this service's administration user interface. |
| ispSupportedOperation | No | Extension | Information on a supported command-line utility that accepts no parameters. |
| ispVersion | No | Extension | The release number (major.minor) of the service described by the entry. |
| labeledURI | No | Base | The path to the main GUI page of a service. For a 3-tier service, enter a path relative to the document root. For a 2-tier service, enter the complete URL. |
| objectClass | Yes | Base | The object class of the entry (ispManagedService). |
ispService Class
Purpose: Defines an entry representing a Solaris for ISPs software component. The ispService's relative distinguished name is the the ispVersion attribute and its value.
Table 6-3 ispService Attributes| Attribute name | Mandatory? | Schema | Purpose |
|---|---|---|---|
| associatedDomain | No | Base | The domain with which this service is associated. |
| commonName | Yes | Base | The name of the service (not used in Solaris for ISPs). |
| description | No | Base | An arbitrary description of the service. |
| host | No | Base | The fully-qualified name of the host where the service is installed. |
| ispDirectoryRoot | No | Extension | A directory prefix to a location on the file system where a domain's content is virtually-hosted. Used by Sun Internet FTP Server and SWS when in a virtual host configuration. |
| ispPrivateData | No | Extension | Software component password information for use by Sun Internet Administrator. This attribute is protected by ACLs from access by a user other than the directory root and Sun Internet Administrator. |
| ispServiceContext | No | Extension | A CORBA naming context used by Sun Internet FTP Server and Sun Internet News Server. |
| ispServiceLocation | No | Extension | A CORBA stringified object reference to the service administration server. (Used by Sun Internet FTP Server and Sun Internet News Server.) |
| ispSupplementaryInformation | No | Extension | Arbitrary information about the service. Reserved for Solaris for ISPs service-specific needs. |
| ispVersion | Yes | Extension | The release number (major.minor) of the service described by the entry. |
| labeledURI | No | Base | The path to the servlets for a three-tier GUI. |
| No | Base | The advertised electronic mail address of the user. Not used by Solaris for ISPs. | |
| objectClass | Yes | Base | The object class of the entry (ispService). |
| userCertificate | No | Base | A certificate containing the public key of the user. |
| userPassword | No | Base | The password of the entry, used for binding to the directory |
ispSubscriber Class
Purpose: Defines an entry representing a subscriber (customer) of the ISP. The ispSubscriber's relative distinguished name is the commonName attribute and its value. Its superior object is inetOrgPerson.
If you are using the RADIUS server that comes with Sun Directory Services, overlay the ispSubscriber objects with the remoteUser object class.
Table 6-4 ispSubscriber Attributes| Attribute name | Mandatory? | Schema | Purpose |
|---|---|---|---|
| associatedDomain | No | Base | The domain with which this subscriber is associated. |
| commonName | Yes | Base | The name of the subscriber described by the entry, in the form Firstname Lastname (userid). |
| gidNumber | No | Base | A UNIX group-ID. For virtually-hosted FTP and Web services, the group ID specified for the virtual domain. |
| homeDirectory | No | Base | The file system location of the home directory of the subscriber described by the entry. (Not used by Solaris for ISPs.) |
| host | No | Base | The fully-qualified name of the host. Not used by Solaris for ISPs. |
| ispAuthorizedServices | No | Extension | The distinguished names of services the subscriber is authorized to use. |
| ispContentDirectory | No | Extension | A directory location where content belonging to a subscriber is located. For virtually-hosted FTP and Web services, the path relative to the ispRootDirectory. |
| labeledURI | No | Base | The Uniform Resource Identifier and label associated with the Web page of this subscriber. |
| No | Base | The advertised electronic mail address of the subscriber. | |
| objectClass | Yes | Base | The object class of the entry (ispSubscriber). |
| ou | No | Base | The organizational unit to which the subscriber belongs (in Solaris for ISPs, the People node under a domain entry). |
| surname | Yes | Base | The family name of the subscriber. |
| uidNumber | No | Base | A UNIX user-ID. For virtually-hosted FTP and Web services, the user ID specified for the virtual domain. |
| userCertificate | No | Base | A certificate containing the public key of the subscriber. |
| userid | Yes | Base | The login name of the subscriber. |
| userPassword | Yes | Base | The password of the subscriber. |
Solaris for ISPs Attributes
This section describes the attributes used by object classes added to the basic schema for Solaris for ISPs. Some of these attributes are a part of the base schema, but are included here for ease of use. Attributes created for the Solaris for ISPs schema extension begin with "isp."
Attributes defined in the schema have one of the following syntaxes:
-
bin: binary
-
ces: case-exact string
A case-sensitive alphanumeric string.
-
cis: case-ignore string
An alphanumeric string, not case-sensitive.
-
dn: distinguished name
-
protected: encrypted
A value that has been encrypted using
-
int or long: integer
-
tel: telephone number
-
utctime: UTC time
The following list presents attributes in alphabetical order.
associatedDomain Attribute
Summary: cis, multi-valued, base schema
Purpose: Specifies the domain with which the object described by the entry is associated. For the OSI tree entry of a domain, must contain the name (in dot notation, for example, eng.sun.com) of the corresponding DC tree entry.
associatedName Attribute
Summary: dn, base schema
Purpose: Specifies the distinguished name of an entry associated with this entry. For the DC tree entry of a domain, must contain the distinguished name of the corresponding OSI tree entry.
commonName Attribute
Alternate name: cn
Summary: cis, multi-valued, base schema
Purpose: Specifies the full name of the object described by the entry.
Subscriber and administrator entries use the form Firstname Lastname (uid). For example, user John Smith who uses the login name jsmith would have an entry in the directory. Its commonName attribute would contain the value John Smith (jsmith).
The ispManagedService object class uses this attribute for the user-friendly name displayed in the Sun Internet Administrator GUI.
description Attribute
Summary: cis, multi-valued, base schema
Purpose: Specifies an arbitrary description of the entry object.
gidNumber Attribute
Summary: long, single-valued, base schema
Purpose: Specifies a UNIX group-ID. For a subscriber with virtually-hosted FTP services, must be the group-ID specified for the virtual domain.
homeDirectory Attribute
Summary: ces, single-valued, base schema
Purpose: Specifies the file system location of the home directory of the user described by the entry. This attribute is not used by Solaris for ISPs, but is left for general information required by the customer.
host Attribute
Summary: cis, multi-valued, base schema
Purpose: Specifies the name of the machine associated with or managed by the object described by the entry. When used with Solaris for ISPs object entries, the host attribute must contain the fully-qualified host name.
ispAdministeredService Attribute
Summary: dn, multi-valued, Solaris for ISPs schema extension
Purpose: Specifies the services (by distinguished names of the top-level service entries) that an administrator can manage. The top-level entry for a service is an ispService object under the root domain entry. For example, under ou=services,o=sun,c=us where sun.com is the root domain entry.
ispAuthorizedServices Attribute
Summary: dn, multivalued, Solaris for ISPs schema extension
Purpose: Specifies the services (by distinguished name) that an ispSubscriber is authorized to use.
ispCategory Attribute
Summary: cis, single-valued, Solaris for ISPs schema extension
Purpose: Specifies the category of graphical user interface supported by the service described by the entry. Acceptable values are:
-
2tier, indicating that the user interface is Web-based and uses the two-tier architecture supported by Sun Internet Administrator.
-
3tier, indicating that the user interface is Web-based and uses the three-tier architecture supported by Sun Internet Administrator.
-
CLI, indicating that the user interface is a command-line utility.
-
X, indicating that the user interface is an X-based program.
ispContentDirectory Attribute
Summary: ces, single-valued, Solaris for ISPs schema extension
Purpose: Specifies a directory location (which may be distinct from that in the homeDirectory attribute) where content belonging to a user is located. Used by ispAdministrator and ispSubscriber classes. For a user with virtually-hosted FTP services, must contain the path (relative to the ispDirectoryRoot of the domain) to the user's FTP content.
ispDirectoryRoot Attribute
Summary: ces, single-valued, Solaris for ISPs schema extension
Purpose: Specifies a root directory for an ISP service, usually on a per-domain basis.
ispImageFile Attribute
Summary: cis, single-valued, Solaris for ISPs schema extension
Purpose: Specifies the name of a file containing the image described by the entry. The ispManagedService object class uses this attribute to specify its GIF-format icon file.
ispPrivateData Attribute
Summary: ces, single-valued, Solaris for ISPs schema extension
Purpose: Specifies software component password information used by Sun Internet Administrator. This attribute is protected by ACLs from access by users other than the Sun Directory Services root administrator.
ispServiceContext Attribute
Summary: ces, single-valued, Solaris for ISPs schema extension
Purpose: Specifies a service context for use by an ISP service. For Sun Internet FTP Server and Sun Internet News Server, this is a CORBA naming context.
ispServiceLocation Attribute
Summary: ces, single-valued, Solaris for ISPs schema extension
Purpose: Specifies the location of the ispService object described by the entry.
Sun Internet FTP Server and Sun Internet News Server use this attribute in an ispService object to store a CORBA stringified object reference to their administration servers. Sun Internet Administrator uses this attribute in an ispManagedService object to store the path to an X-based user interface application.
ispServlets Attribute
Summary: ces, multivalued, Solaris for ISPs schema extension
Purpose: Specifies the fully-qualified Java class name of a servlet used in an ispManagedService's administration user interface. For each servlet used, assign an ispServlets attribute with the following value:
-
The path to the servlet, relative to the document root of the administration Web server (part of Sun Internet Administrator)
-
The fully-qualified Java class name of the servlet
-
Any required servlet arguments, listed by name and value
ispServletClasspath Attribute
Summary: ces, single-valued, Solaris for ISPs schema extension
Purpose: Specifies the Java classpath for classes required by an ispManagedService's administration user interface. A Java classpath may contain several paths; separate them with colons (:).
ispParameterizedOperation Attribute
Summary: ces, multivalued, Solaris for ISPs schema extension
Purpose: Specifies information about a command-line function that takes parameters. For an ispManagedService object, three space-delimited fields of information are required:
-
The complete path to the command-line utility
-
The complete path to a help file for the utility, or NONE if there is no help information for the utility.
-
An arbitrary string, containing the space-delimited parameters required by the utility. If parameters are accepted from the user on the command line, this field holds the string SOME.
ispSupplementaryInformation Attribute
Summary: cis, multivalued, base schema
Purpose: Holds additional information concerning the object described by the entry. In object classes that extend the base schema, this attribute is reserved for Solaris for ISPs service-specific needs.
ispSupportedOperation Attribute
Summary: ces, multivalued, Solaris for ISPs schema extension
Purpose: Stores information on a supported command-line utility that accepts no parameters. For an ispManagedService object, three space-delimited fields of information are required:
-
The complete path to the command-line utility
-
The complete path to a help file for the utility, or NONE if there is no help information for the utility.
-
The string NONE.
ispVersion Attribute
Summary: ces, single-valued, Solaris for ISPs schema extension
Purpose: Specifies the release version of the ispService object described by this entry. Solaris for ISPs uses the form major.minor for the version attribute.
labeledURI Attribute
Alternate name: labeledURL
Summary: ces, multi-valued, base schema
Purpose: Specifies a Uniform Resource Identifier (URI) and label associated with the object described by the entry.
mail Attribute
Alternate name: preferredRfc822Originator
Summary: cis, multi-valued, base schema
Purpose: Specifies the advertised electronic mail address, in RFC822 format, of the object described by the entry. Sun Internet FTP Server uses this attribute as an error-reporting address.
objectClass Attribute
Summary: cis, multivalued, base schema
Purpose: Specifies the object class of the type of entry.
ou Attribute
Alternate name: organizationUnitName
Summary: cis, base schema
Purpose: Specifies the name of the organization unit to which the object described by the entry belongs.
surname Attribute
Alternate name: sn
Summary: cis, base schema
Purpose: Specifies the surname of the person described by the entry.
uidNumber Attribute
Summary: long, single-valued, base schema
Purpose: Specifies a UNIX user-ID. For a subscriber with virtually-hosted FTP services, must be the user-ID specified for the virtual domain.
userCertificate Attribute
Summary: bin, base schema
Purpose: Specifies a certificate containing the public key of the user described by the entry.
userid Attribute
Alternate name: uid
Summary: cis, multi-valued, base schema
Purpose: Specifies the login name of the user described by the entry.
userPassword Attribute
Summary: protected, multi-valued, base schema
Purpose: Specifies the password for the entity described by the entry.
- © 2010, Oracle Corporation and/or its affiliates