Oracle Internet Directory Administrator's Guide Release 2.1.1 Part Number A86101-01 |
|
This chapter explains how to administer the Oracle Internet Directory object classes and attributes.
This chapter contains these topics:
A directory schema does the following:
The directory schema contains all information about how data is organized in the DIT. It includes attribute types, and the syntaxes and matching rules that apply to them. It also contains the various groupings of attributes, called object classes.
This chapter discusses each of these elements.
This section explains how to add and modify object classes. Oracle Corporation recommends that you understand the basic concepts of directory components before attempting to add to or modify the base schema in the directory.
See Also:
|
This section contains these topics:
When you add directory entries, you select object classes for those entries. The attributes of an entry are determined by the object classes to which that entry is assigned.
Entries must be loaded in a top-down sequence. When you add an entry, all of its parent entries must already exist in the directory. Similarly, when you add entries that reference object classes and attributes, those referenced object classes and attributes must already exist in the directory schema. In most cases this will not be a problem since the directory server is delivered with a full set of standard directory objects.
The attributes that an entry inherits from an object class may be either mandatory or optional. Optional attributes need not be present in the directory entry.
You can specify for any object class whether an attribute is mandatory or optional; however, the characteristic you specify is binding only for that object class. If you place the attribute in another object class, you can again specify whether the attribute is mandatory or optional for that object class. You can:
Administrators typically assign object classes to entries based on the attributes present in that object class. However, superclasses let you take advantage of inheritance--that is, the object classes selected for an entry have a hierarchy of superclasses from which they inherit mandatory and optional attributes. By default, all object classes inherit from the top
object class.
When you add or perform an operation on an entry, you do not need to specify the entire hierarchy of superclasses associated with that entry. This feature, called object class explosion, enables you to specify only the leaf object classes. Oracle Internet Directory resolves the hierarchy for the leaf object classes and enforces the information model constraints. For example, the inetOrgPerson
object class has top
, person
and organizationalPerson
as its superclasses. When you create an entry for a person entry, you need to specify only inetOrgPerson
as the object class. Oracle Internet Directory then enforces the schema constraints defined by the respective superclasses, namely, top
, person
, and organizationalPerson
.
When you add object classes, keep the following guidelines in mind:
top
as a superclass.
This section discusses the types of modifications you can make to an existing object class. You can perform modifications through Oracle Directory Manager and through the command line tools.
You can make these changes to an object class:
When you modify object classes, keep these guidelines in mind:
There are also some limitations on deleting object classes:
This section contains these topics:
You can specify your search for an object class by:
This section provides more details on how to enter an object class search.
To search for an object class:
orcl
, type those letters in the text box at the right end of the search criteria bar.
To view all object classes in the schema:
To examine an individual object class and its attributes, in the Object Classes tab page, click the object class. The properties of the selected object class appear in the Object Class dialog box.
Each box indicates whether the attributes are indexed so that they can be used in a search expression.
To add object classes by using Oracle Directory Manager:
The New Object Class dialog box appears.
Alternatively, select an object class that is similar to one you would like to create, and then click Create Like. A dialog box appears; it includes the attributes of the selected object class. You can create the new object class using the selected one as a template.
See Also:
To modify an object class:
Note: You can add attributes to an auxiliary object class or a user-defined structural object class. See Also: Example: Adding a New Attribute to an Auxiliary or User-Defined Object Class for an example of adding attributes to an auxiliary object class |
To delete an object class by using Oracle Directory Manager:
You can use command line tools to add or modify existing object classes in the directory schema. The command line tools enable you to use input files. Furthermore, the commands can be batched together in scripts.
To add or modify schema components, use ldapmodify.
This section contains these examples:
To add a new object class schema component by using ldapmodify, at the system prompt type a command using the following syntax:
ldapmodify -h host -p port -f ldif_filename
For example:
ldapmodify -h myhost -p 389 -f new_object_class.ldi
In this example, the LDIF input file, new_object_class.ldi
, contains data similar to this:
dn: cn=subschemasubentry changetype: modify add: objectclasses objectclasses: ( 1.2.3.4.5 NAME 'myobjclass' SUP top STRUCTURAL MUST ( cn $ sn ) MAY ( telephonenumber $ givenname $ myattr ) )
The example above adds the structural object class named myobjclass
, giving it an object identifier of 1.2.3.4.5
, specifying top
as its superclass, requiring cn
and sn
as mandatory attributes, and allowing telephonenumber
, givenname
, and myattr
as optional attributes. Note that all the attributes mentioned must exist prior to the execution of the command.
Be sure to leave the mandatory space between the opening and closing parentheses and the object identifier.
To create an abstract object class, follow the above example, replacing the word STRUCTURAL
with the word ABSTRACT
.
To add a new attribute to either an auxiliary object class or a user-defined structural object class, use ldapmodify. This example deletes the old object class definition and adds the new definition in a compound modify operation. The change is committed by the Oracle directory server in one transaction. Existing data is not affected. The input file should be as follows:
dn: cn=subschemasubentry changetype: modify delete: objectclasses objectclasses: old value - add: objectclasses objectclasses: new value
For example, to add the attribute changes
to the existing object class country
, the input file would be:
dn: cn=subschemasubentry changetype: modify delete: objectclasses objectclasses: ( 2.5.6.2 NAME 'country' SUP top STRUCTURAL MUST c MAY
( searchGuide $ description ) ) - add: objectclasses objectclasses: ( 2.5.6.2 NAME 'country' SUP top STRUCTURAL MUST c MAY
( searchGuide $ description $ changes ) )
This section contains these topics:
You need to understand attributes from a conceptual standpoint before attempting operations involving attributes.
In most cases, the attributes available in the base schema will suit the needs of your organization. However, if you decide to use an attribute not available in the base schema, you can add a new attribute or modify an existing one.
By default, attributes are multi-valued. You can specify an attribute as single-valued by using either Oracle Directory Manager or command line tools.
The rules for adding attributes are:
The rules for modifying attributes are:
The rules for deleting attributes are:
If you delete an attribute that is referenced by any entry, that entry will no longer be available for directory operations.
This section contains these topics:
To search for attributes by using Oracle Directory Manager:
orcl
, you would type those letters in the text box at the right end of the search criteria bar and create the phrase Name Begins With orcl
.
This section contains these topics:
To add a new attribute:
The New Attribute Type dialog box appears. It contains two tab pages--General and Advanced--with fields in which you either enter values or select from menus.
To use this attribute, remember to declare it to be part of the attribute set for an object class. You do this by selecting Schema Management in the navigator pane, then, in the right pane, selecting the Object Classes tab page. For further instructions, see "Guidelines for Modifying Object Classes".
Note:
To add an attribute by copying an existing attribute:
To modify an attribute by using Oracle Directory Manager:
Oracle Internet Directory uses indexes to make attributes available for searches. When Oracle Internet Directory is installed, certain attributes are already indexed. If you want to use additional attributes in search filters, you must index them.
See Also:
"Indexing an Attribute by Using Command Line Tools" for instructions on using the command line catalog management tool |
This section contains these topics:
To view indexed attributes:
When you create an attribute as described in "Adding an Attribute by Using Oracle Directory Manager", you use the New Attribute Type dialog box. On the Advanced tab page of that dialog box, you select the Indexed check box.
To drop an index from an attribute:
This section discusses adding, modifying, and indexing attributes by using command line tools. This section contains these topics:
To add a new attribute to the schema by using ldapmodify, type a command similar to the following at the system prompt:
ldapmodify -h host -p port -f ldif_filename
The LDIF file contains data similar to this:
dn: cn=subschemasubentry changetype: modify add: attributetypes attributetypes: ( 1.2.3.4.5 NAME 'myattr' SYNTAX
'1.3.6.1.4.1.1466.115.121.1.38' )
To specify an attribute as single-valued, include in the attribute definition entry in the LDIF file the keyword SINGLE-VALUE with surrounding white space.
You can find a given syntax Object ID by using either Oracle Directory Manager or the ldapsearch command line tool.
To view syntaxes by using Oracle Directory Manager:
Use ldapsearch on the subentry cn=subSchemaSubentry
.
This section discusses these topics:
Oracle Internet Directory uses indexes to make attributes available for searches. When Oracle Internet Directory is installed, the entry cn=catalogs
lists available attributes that can be used in a search.
If you want to use additional attributes in search filters, you must add them to the catalog entry. Only those attributes that have an equality matching rule can be indexed.
You can index a new attribute--that is, one for which no data exists in the directory--by using ldapmodify. You can index an attribute for which data already exists in the directory by using the Catalog Management tool. You can drop an index from an attribute by using ldapmodify, but the recommended method is by using the Catalog Management tool.
Once you have defined a new attribute in the schema, you can add it to the catalog entry by using ldapmodify.
To add an attribute for which no directory data exists by using ldapmodify, import an LDIF file by using ldapmodify. For example, to add a new attribute foo
that has already been defined in the schema, import the following LDIF file by using ldapmodify:
dn: cn=catalogs Changetype: modify Add: orclindexedattribute Orclindexedattribute: foo
You should not use this method to index an attribute for which data exists in the directory. To index such an attribute, use the Catalog Management Tool.
To drop an index from an attribute by using ldapmodify, specify delete
in the LDIF file. For example:
dn: cn=catalogs Changetype: modify Delete: orclindexedattribute Orclindexedattribute: foo
Use the Catalog Management Tool to index an attribute for which data already exists and to drop an index from an attribute.
|
Copyright © 1996-2000, Oracle Corporation. All Rights Reserved. |
|