Skip Navigation Links | |
Exit Print View | |
![]() |
Oracle Directory Server Enterprise Edition Administration Guide 11g Release 1 (11.1.1.5.0) |
Part I Directory Server Administration
2. Directory Server Instances and Suffixes
3. Directory Server Configuration
6. Directory Server Access Control
7. Directory Server Password Policy
8. Directory Server Backup and Restore
9. Directory Server Groups, Roles, and CoS
10. Directory Server Replication
To Fix Schema Compliance Problems
Extending Directory Server Schema
Extending Schema With a Custom Schema File
To Extend Schema With a Custom Schema File
When Creating Custom Schema Files
Extending Schema Using a Schema File and Replication
To Extend Schema Using a Schema File and Replication
Default Directory Server Schema
Naming Attributes and Object Classes
When Defining New Object Classes
Managing Object Classes Over LDAP
13. Directory Server Attribute Value Uniqueness
15. Directory Server Monitoring
Part II Directory Proxy Server Administration
16. Directory Proxy Server Tools
17. Directory Proxy Server Instances
19. Directory Proxy Server Certificates
20. Directory Proxy Server Load Balancing and Client Affinity
21. Directory Proxy Server Distribution
22. Directory Proxy Server Virtualization
23. Virtual Data Transformations
24. Connections Between Directory Proxy Server and Back-End LDAP Servers
25. Connections Between Clients and Directory Proxy Server
26. Directory Proxy Server Client Authentication
27. Directory Proxy Server Logging
28. Directory Proxy Server Monitoring and Alerts
Part III Directory Service Control Center Administration
This section explains how to create, view, and delete attribute types over LDAP.
The cn=schema entry has a multivalued attribute, attributeTypes, that contains definitions of each attribute type in the directory schema. You can add to those definitions by using the ldapmodify(1) command.
New attribute type definitions, and changes that you make to user-defined attribute types, are saved in the file 99user.ldif.
For each attribute type definition, you must provide at least an OID to define your new attribute type. Consider using at least the following elements for new attribute types:
Attribute OID. Corresponds to the object identifier for your attribute. An OID is a string, usually of dotted decimal numbers, that uniquely identifies the schema object.
For strict LDAP v3 compliance, you must provide a valid numeric OID. To learn more about OIDs or to request a prefix for your enterprise, send email to the IANA (Internet Assigned Number Authority) at iana@iana.org, or see the IANA web site.
Attribute name. Corresponds to a unique name for the attribute. Also called its attribute type. Attribute names must begin with a letter and contain only ASCII letters, digits, and hyphens.
An attribute name can contain uppercase letters, but no LDAP client should rely on case to differentiate attributes. Attribute names must be handled in a case-insensitive manner according to section 2.5 of RFC 4512.
You can optionally include alternate attribute names, also referred to as aliases, for your attribute type.
Attribute description. Is short descriptive text that explains the attribute’s purpose.
Syntax. Is referenced by the OID and describes the data to be held by the attribute.
Attribute syntaxes with their OIDs are listed in RFC 4517.
Number of values allowed. By default, attributes are multivalued, but you might want to restrict an attribute to a single value.
You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.
Notice that Directory Server adds X-ORIGIN 'user defined' to the definition that you provide.
Example 11-1 Creating an Attribute Type
The following example adds a new attribute type with Directory String syntax using the ldapmodify command:
$ cat blogURL.ldif dn: cn=schema changetype: modify add: attributeTypes attributeTypes: ( 1.2.3.4.5.6.7 NAME ( 'blog' 'blogURL' ) DESC 'URL to a personal weblog' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) $ ldapmodify -D cn=admin,cn=Administrators,cn=config -w - -f blogURL.ldif Enter bind password: modifying entry cn=schema $
In a production environment, you would provide a valid, unique OID, not 1.2.3.4.5.6.7.
The cn=schema entry has a multivalued attribute, attributeTypes, that contains definitions of each attribute type in the directory schema. You can read those definitions by using the ldapsearch(1) command.
You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.
Example 11-2 Viewing Attribute Types
The following command displays definitions for all attribute types:
$ ldapsearch -T -b cn=schema "(objectclass=*)" attributeTypes
The -T option prevents the ldapsearch command from folding LDIF lines, so you can more easily work with the output using commands such as grep or sed. If you then pipe the output of this command through the grep command, you can view only the user-defined extensions to directory schema. For example:
$ ldapsearch -T -b cn=schema "(objectclass=*)" attributeTypes | grep "user defined" attributeTypes: ( 1.2.3.4.5.6.7 NAME ( 'blog' 'blogURL' ) DESC 'URL to a personal weblog' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user defined' )
The cn=schema entry has a multivalued attribute, attributeTypes, that contains definitions of each attribute type in the directory schema. You can delete definitions with X-ORIGIN 'user defined' by using the ldapmodify(1) command.
Because the schema is defined by the LDAP view in cn=schema, you can view and modify the schema online using the ldapsearch and ldapmodify utilities. However, you can delete only schema elements that have the value ’user defined’ for the X-ORIGIN field. The server will not delete other definitions.
Changes that you make to user-defined attributes are saved in the file 99user.ldif.
You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.
See To View Attribute Types for details.
Example 11-3 Deleting an Attribute Type
The following command deletes the attribute type that is created in Example 11-1:
$ ldapmodify -D cn=admin,cn=Administrators,cn=config -w - Enter bind password: dn: cn=schema changetype: delete delete: attributeTypes attributeTypes: ( 1.2.3.4.5.6.7 NAME ( 'blog' 'blogURL' ) DESC 'URL to a personal weblog' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user defined' ) ^D
Notice that you must include the X-ORIGIN 'user defined', which was added by Directory Server to classify this schema definition as an extension.