E
Schema Elements
This appendix briefly lists different schema elements supported in the Oracle Internet Directory. Most of these elements are used as defined by the ldapext and ASID working groups of the Internet Engineering Task Force (IETF).
See Also:
The following URLs on the World Wide Web:
http://www.ietf.org for the IETF home page
http://www.ietf.org/html.charters/ldapext-charter.html for the ldapext charter and LDAP drafts)
http://ietf.org/html.charters/asid-charter.html for the ASID charter and LDAP drafts
http://www.ietf.org/html.charters/ ldup-charter.html for the LDUP charter and drafts
http://www.iana.org , the Internet Assigned Numbers Authority home page, for information about object identifiers
|
This appendix contains these topics:
IETF Requests for Comments (RFCs) Enforced by Oracle Internet Directory
Oracle Internet Directory enforces the following Requests for Comments (RFCs) of the Internet Engineering Task Force (IETF):
IETF Drafts Enforced by Oracle Internet Directory
Oracle Internet Directory enforces the following two drafts of the IETF:
Draft: |
"Definition of the inetOrgPerson LDAP Object Class" |
URL: |
http://ietf.org/internet-drafts/draft-smith-ldap-inetorgperson-03.txt |
Draft: |
"Referrals and Knowledge References in LDAP Directories" |
URL: |
http://www.ietf.org/internet-drafts/draft-ietf-ldapext-knowledge-00.txt |
Proprietary Oracle Internet Directory Schema Elements
Oracle Internet Directory's proprietary schema includes attributes and object classes in these categories:
In addition, Oracle Internet Directory installation includes schema elements that enable specific Oracle products to use Oracle Internet Directory. For information about these schema elements, see the documentation for the specific Oracle product.
Access Control
Attributes |
orclEntryLevelACI, orclACI |
Object Class |
orclPrivilegeGroup |
Replication
Attributes |
orclGUID, changeNumber changeType, changes, orclParentGUID, server, supplier, consumer, orclReplBindDN, orclReplBindPassword, changeLog, changeStatus, orclChangeRetryCount, orclPurgeSchedule, orclDirReplGroupAgreement, orclAgreementId, orclSupplierReference,orclConsumerReference, orclReplicationProtocol, orclUpdateSchedule, targetDN, orclExcludedNamingcontexts, orclDirReplGroupDSAs |
Object class |
changeLogEntry, changeStatusEntry, orclReplAgreementEntry |
Oracle Internet Directory Configuration
Attributes |
orclDebugLevel, orclMaxCC, orclDBType, orclSuffix, orclDITRoot, orclSuName, orclSuPassword, orclSizeLimit, orclTimeLimit, orclGuName, orclGuPassword, orclServerProcs, orclconfigsetnumber, orclhostname, orclIndexedAttribute, orclCatalogEntryDN, orclServerMode, orclPrName, orclPrPassword, orclUseEncrypt, orclDirectoryVersion |
Object class |
subconfig, orclConfigSet, orclLDAPSubConfig, orclREPLSubConfig, orclcontainerOC, subregistry, orclLDAPInstance, orclREPLInstance, orclIndexOC, orcleventLog, orclEvents |
SSL
Note:
These attribute values are stored as part of configuration entries.
|
Attributes |
orclsslAuthentication, orclsslEnable, 'orclsslWalletURL, orclsslWalletPasswd, orclsslPort, orclsslVersion |
Audit Log
Attributes |
orclServerEvent, orcleventtype, orclauditattribute, orclauditmessage, orcleventtime, orcluserdn, orclSequence, orclAuditLevel, orclOpResult |
Object class |
OrclAuditOC |
Configuration Set Entry Attributes
The following table lists and describes the entire set of configuration set entry attributes that are used to configure an instance of a directory server.
LDAP Syntax
Syntax defines the type of values that an attribute can hold. Oracle Internet Directory recognizes most of the syntax specified in RFC 2252, that is, it allows you to associate most of the syntax described in that document with an attribute. In addition to recognizing most LDAP syntax, Oracle Internet Directory enforces some LDAP syntax.
This section covers topics in the following subsections:
LDAP Syntax Enforced by Oracle Internet Directory
Oracle Internet Directory enforces LDAP syntax for the following:
Commonly Used LDAP Syntax Recognized by Oracle Internet Directory
The following LDAP syntax is more commonly used:
Attribute Type Description |
Numeric String |
Boolean |
Object Class Description |
Certificate |
Octet String |
Directory String |
OID |
DN |
Presentation Address |
Facsimile Telephone Number |
Printable String |
INTEGER |
Telephone Number |
JPEG |
UTC Time |
Name And Optional UID |
|
Additional LDAP Syntax Recognized by Oracle Internet Directory
In addition to the commonly used LDAP syntax defined above, Oracle Internet Directory recognizes LDAP syntax for the following:
Access Point |
LDAP Schema Description |
ACI Item |
LDAP Syntax Description |
Audio |
Mail Preference |
Binary |
Master And Shadow Access Points |
Bit String |
Matching Rule |
Certificate List |
Matching Rule Use Description |
Certificate Pair |
MHS OR Address |
Country String |
Modify Rights |
Data Quality Syntax |
Name Form Description |
Delivery Method |
Object Class Description |
DIT Content Rule Description |
Octet String |
DIT Structure Rule Description |
Other Mailbox |
DL Submit Permission |
Postal Address |
DSA Quality Syntax |
Protocol Information |
DSE Type |
Substring Assertion |
Enhanced Guide |
Subtree Specification |
Fax |
Supplier And Consumer |
Generalized Time |
Supplier Information |
Guide |
Supplier Or Consumer |
IA5 String |
Supported Algorithm |
LDAP Schema Definition |
Teletex TerminalIdentifier |
|
Telex Number |
Size of Attribute Values
Syntax does not put any specific size constraint on attribute values. You can, however, use syntax to specify the size of the attribute value. Oracle Internet Directory does not enforce the 'len' characteristics on the attribute.
For example, to limit an attribute foo to a size of 64, you would define the attribute as follows:
(object_identifier_of_attribute NAME 'foo' EQUALITY caseIgnoreMatch SYNTAX
'object_identifier_of_syntax{64}')
See Also:
Section 4.1.6 f of RFC2251 for more information on Attribute Value. You can find this RFC at the following URL: http://www.ietf.org/rfc/rfc2251.txt.
|
Matching Rules
Oracle Internet Directory recognizes the following matching rules definitions in the schema.
accessDirectiveMatch |
IntegerMatch |
bitStringMatch |
numericStringMatch |
caseExactMatch |
objectIdentifierFirstComponentMatch |
caseExactIA5Match |
ObjectIdentifierMatch |
caseIgnoreIA5Match |
OctetStringMatch |
caseIgnoreListMatch |
presentationAddressMatch |
caseIgnoreMatch |
protocolInformationMatch |
caseIgnoreOrderingMatch |
telephoneNumberMatch |
distinguishedNameMatch |
uniqueMemberMatch |
generalizedTimeMatch |
|
generalizedTimeOrderingMatch |
|
Of the matching rules in the previous list, Oracle Internet Directory actually enforces the following when it compares attribute values:
DistinguishedNameMatch |
caseExactMatch |
caseIgnoreMatch |
numericStringMatch |
IntegerMatch |
telephoneNumberMatch |