How it Works
Red Hat
Loading...
C
D
E
Loading...
Loading...
DIRECTORY SERVER 8.1 - SCHEMA
Reference
228 pgs1.98 Mb0

Red Hat DIRECTORY SERVER 8.1 - SCHEMA, Directory Server 8.1 Reference

Red Hat Directory
Server 8.1
Schema Reference
Ella Deon Lackey
Publication date: April 28, 2009, updated on January 11, 2010
Schema Reference
Author Ella Deon Lackey Copyright © 2008 Red Hat, Inc
Copyright © 2009 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, MetaMatrix, Fedora, the Infinity Logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
All other trademarks are the property of their respective owners.
1801 Varsity Drive Raleigh, NC 27606-2072 USA Phone: +1 919 754 3700 Phone: 888 733 4281 Fax: +1 919 754 3701 PO Box 13588 Research Triangle Park, NC 27709 USA
iii
Preface xv
1. Purpose and Contents ................................................................................................... xv
2. Prerequisite Reading ..................................................................................................... xv
3. Examples and Formatting .............................................................................................. xvi
4. Additional Reading ....................................................................................................... xvii
5. Giving Feedback ......................................................................................................... xviii
6. Documentation History ................................................................................................. xviii
1. About Directory Server Schema 1
1.1. Schema Definitions ...................................................................................................... 1
1.2. Default Directory Server Schema Files .......................................................................... 5
1.3. Object Identifiers (OIDs) ............................................................................................... 6
1.4. Extending the Schema ................................................................................................. 7
1.5. Schema Checking ........................................................................................................ 7
2. Directory Server Attribute Reference 9
2.1. abstract ....................................................................................................................... 9
2.2. accessTo ..................................................................................................................... 9
2.3. administratorContactInfo ............................................................................................... 9
2.4. adminRole ................................................................................................................... 9
2.5. adminUrl .................................................................................................................... 10
2.6. aliasedObjectName ..................................................................................................... 10
2.7. associatedDomain ...................................................................................................... 10
2.8. associatedName ......................................................................................................... 10
2.9. attributetypes .............................................................................................................. 11
2.10. audio ....................................................................................................................... 11
2.11. authorCn .................................................................................................................. 11
2.12. authorityRevocationList ............................................................................................. 11
2.13. authorSn .................................................................................................................. 12
2.14. automountInformation ............................................................................................... 12
2.15. bootFile .................................................................................................................... 12
2.16. bootParameter .......................................................................................................... 13
2.17. buildingName ........................................................................................................... 13
2.18. businessCategory ..................................................................................................... 13
2.19. c (countryName) ....................................................................................................... 13
2.20. cACertificate ............................................................................................................. 14
2.21. carLicense ................................................................................................................ 14
2.22. certificateRevocationList ............................................................................................ 14
2.23. cn (commonName) ................................................................................................... 15
2.24. co (friendlyCountryName) .......................................................................................... 15
2.25. cosAttribute .............................................................................................................. 15
2.26. cosIndirectSpecifier ................................................................................................... 15
2.27. cosPriority ................................................................................................................ 16
2.28. cosSpecifier .............................................................................................................. 16
2.29. cosTargetTree ........................................................................................................... 16
2.30. cosTemplateDn ......................................................................................................... 16
2.31. crossCertificatePair ................................................................................................... 17
2.32. dc (domainComponent) ............................................................................................. 17
2.33. deltaRevocationList ................................................................................................... 17
2.34. departmentNumber ................................................................................................... 17
2.35. description ................................................................................................................ 18
2.36. destinationIndicator ................................................................................................... 18
Schema Reference
iv
2.37. displayName ............................................................................................................ 18
2.38. dITRedirect .............................................................................................................. 18
2.39. dmdName ................................................................................................................ 19
2.40. dn (distinguishedName) ............................................................................................ 19
2.41. dNSRecord .............................................................................................................. 19
2.42. documentAuthor ....................................................................................................... 19
2.43. documentIdentifier .................................................................................................... 20
2.44. documentLocation ..................................................................................................... 20
2.45. documentPublisher ................................................................................................... 20
2.46. documentStore ......................................................................................................... 20
2.47. documentTitle ........................................................................................................... 21
2.48. documentVersion ...................................................................................................... 21
2.49. drink (favouriteDrink) ................................................................................................. 21
2.50. dSAQuality ............................................................................................................... 21
2.51. employeeNumber ..................................................................................................... 22
2.52. employeeType .......................................................................................................... 22
2.53. enhancedSearchGuide .............................................................................................. 22
2.54. fax (facsimileTelephoneNumber) ................................................................................ 22
2.55. gecos ....................................................................................................................... 23
2.56. generationQualifier .................................................................................................... 23
2.57. gidNumber ............................................................................................................... 23
2.58. givenname ............................................................................................................... 24
2.59. homeDirectory .......................................................................................................... 24
2.60. homePhone .............................................................................................................. 24
2.61. homePostalAddress .................................................................................................. 25
2.62. host ......................................................................................................................... 25
2.63. houseIdentifier .......................................................................................................... 26
2.64. inetDomainBaseDN ................................................................................................... 26
2.65. inetDomainStatus ..................................................................................................... 26
2.66. inetSubscriberAccountId ............................................................................................ 26
2.67. inetSubscriberChallenge ............................................................................................ 26
2.68. inetSubscriberResponse ............................................................................................ 27
2.69. inetUserHttpURL ....................................................................................................... 27
2.70. inetUserStatus .......................................................................................................... 27
2.71. info .......................................................................................................................... 27
2.72. initials ...................................................................................................................... 28
2.73. installationTimeStamp ............................................................................................... 28
2.74. internationalISDNNumber .......................................................................................... 28
2.75. ipHostNumber .......................................................................................................... 28
2.76. ipNetmaskNumber .................................................................................................... 29
2.77. ipNetworkNumber ..................................................................................................... 29
2.78. ipProtocolNumber ..................................................................................................... 29
2.79. ipServicePort ............................................................................................................ 30
2.80. ipServiceProtocol ...................................................................................................... 30
2.81. janetMailbox ............................................................................................................. 30
2.82. jpegPhoto ................................................................................................................. 31
2.83. keyWords ................................................................................................................. 31
2.84. knowledgeInformation ............................................................................................... 31
2.85. l (localityName) ........................................................................................................ 31
2.86. labeledURI ............................................................................................................... 32
2.87. lastModifiedBy .......................................................................................................... 32
v
2.88. lastModifiedTime ....................................................................................................... 32
2.89. loginShell ................................................................................................................. 32
2.90. macAddress ............................................................................................................. 33
2.91. mail ......................................................................................................................... 33
2.92. mailAccessDomain ................................................................................................... 33
2.93. mailAlternateAddress ................................................................................................ 34
2.94. mailAutoReplyMode .................................................................................................. 34
2.95. mailAutoReplyText .................................................................................................... 34
2.96. mailDeliveryOption .................................................................................................... 34
2.97. mailEnhancedUniqueMember .................................................................................... 35
2.98. mailForwardingAddress ............................................................................................. 35
2.99. mailHost ................................................................................................................... 35
2.100. mailMessageStore .................................................................................................. 35
2.101. mailPreferenceOption .............................................................................................. 35
2.102. mailProgramDeliveryInfo .......................................................................................... 36
2.103. mailQuota ............................................................................................................... 36
2.104. mailRoutingAddress ................................................................................................ 36
2.105. manager ................................................................................................................. 36
2.106. member .................................................................................................................. 37
2.107. memberCertificateDescription .................................................................................. 37
2.108. memberNisNetgroup ............................................................................................... 38
2.109. memberOf .............................................................................................................. 38
2.110. memberUid ............................................................................................................. 38
2.111. memberURL ........................................................................................................... 39
2.112. mgrpAddHeader ...................................................................................................... 39
2.113. mgrpAllowedBroadcaster ......................................................................................... 39
2.114. mgrpAllowedDomain ............................................................................................... 39
2.115. mgrpApprovePassword ............................................................................................ 40
2.116. mgrpBroadcasterPolicy ............................................................................................ 40
2.117. mgrpDeliverTo ......................................................................................................... 40
2.118. mgrpErrorsTo .......................................................................................................... 40
2.119. mgrpModerator ....................................................................................................... 40
2.120. mgrpMsgMaxSize ................................................................................................... 41
2.121. mgrpMsgRejectAction ............................................................................................. 41
2.122. mgrpMsgRejectText ................................................................................................. 41
2.123. mgrpNoDuplicateChecks ......................................................................................... 41
2.124. mgrpRemoveHeader ............................................................................................... 41
2.125. mgrpRFC822MailMember ........................................................................................ 42
2.126. mobile .................................................................................................................... 42
2.127. mozillaCustom1 ...................................................................................................... 42
2.128. mozillaCustom2 ...................................................................................................... 42
2.129. mozillaCustom3 ...................................................................................................... 42
2.130. mozillaCustom4 ...................................................................................................... 43
2.131. mozillaHomeCountryName ...................................................................................... 43
2.132. mozillaHomeLocalityName ....................................................................................... 43
2.133. mozillaHomePostalCode .......................................................................................... 43
2.134. mozillaHomeState ................................................................................................... 43
2.135. mozillaHomeStreet .................................................................................................. 44
2.136. mozillaHomeStreet2 ................................................................................................ 44
2.137. mozillaHomeUrl ...................................................................................................... 44
2.138. mozillaNickname (xmozillanickname) ....................................................................... 44
Schema Reference
vi
2.139. mozillaSecondEmail (xmozillasecondemail) .............................................................. 44
2.140. mozillaUseHtmlMail (xmozillausehtmlmail) ................................................................ 45
2.141. mozillaWorkStreet2 ................................................................................................. 45
2.142. mozillaWorkUrl ........................................................................................................ 45
2.143. multiLineDescription ................................................................................................ 45
2.144. name ..................................................................................................................... 45
2.145. netscapeReversiblePassword .................................................................................. 46
2.146. NisMapEntry ........................................................................................................... 46
2.147. nisMapName .......................................................................................................... 46
2.148. nisNetgroupTriple .................................................................................................... 46
2.149. nsAccessLog .......................................................................................................... 47
2.150. nsAdminAccessAddresses ....................................................................................... 47
2.151. nsAdminAccessHosts .............................................................................................. 47
2.152. nsAdminAccountInfo ............................................................................................... 47
2.153. nsAdminCacheLifetime ............................................................................................ 48
2.154. nsAdminCgiWaitPid ................................................................................................. 48
2.155. nsAdminDomainName ............................................................................................. 48
2.156. nsAdminEnableEnduser .......................................................................................... 48
2.157. nsAdminEndUserHTMLIndex ................................................................................... 48
2.158. nsAdminGroupName ............................................................................................... 49
2.159. nsAdminOneACLDir ................................................................................................ 49
2.160. nsAdminSIEDN ....................................................................................................... 49
2.161. nsAdminUsers ........................................................................................................ 49
2.162. nsAIMid .................................................................................................................. 49
2.163. nsBaseDN .............................................................................................................. 50
2.164. nsBindDN ............................................................................................................... 50
2.165. nsBindPassword ..................................................................................................... 50
2.166. nsBuildNumber ....................................................................................................... 50
2.167. nsBuildSecurity ....................................................................................................... 50
2.168. nsCertConfig .......................................................................................................... 51
2.169. nsCertfile ................................................................................................................ 51
2.170. nsClassname .......................................................................................................... 51
2.171. nsConfigRoot .......................................................................................................... 51
2.172. nscpAIMScreenname .............................................................................................. 51
2.173. nsDefaultAcceptLanguage ....................................................................................... 52
2.174. nsDefaultObjectClass .............................................................................................. 52
2.175. nsDeleteclassname ................................................................................................. 52
2.176. nsDirectoryFailoverList ............................................................................................ 52
2.177. nsDirectoryInfoRef .................................................................................................. 52
2.178. nsDirectoryURL ...................................................................................................... 53
2.179. nsDisplayName ....................................................................................................... 53
2.180. nsErrorLog ............................................................................................................. 53
2.181. nsExecRef .............................................................................................................. 53
2.182. nsExpirationDate ..................................................................................................... 53
2.183. nsGroupRDNComponent ......................................................................................... 54
2.184. nsHardwarePlatform ................................................................................................ 54
2.185. nsHelpRef .............................................................................................................. 54
2.186. nsHostLocation ....................................................................................................... 54
2.187. nsICQid .................................................................................................................. 54
2.188. nsInstalledLocation ................................................................................................. 55
2.189. nsJarfilename ......................................................................................................... 55
vii
2.190. nsKeyfile ................................................................................................................ 55
2.191. nsLdapSchemaVersion ............................................................................................ 55
2.192. nsLicensedFor ........................................................................................................ 55
2.193. nsLicenseEndTime .................................................................................................. 56
2.194. nsLicenseStartTime ................................................................................................. 56
2.195. nsLogSuppress ....................................................................................................... 56
2.196. nsmsgDisallowAccess ............................................................................................. 56
2.197. nsmsgNumMsgQuota .............................................................................................. 57
2.198. nsMSNid ................................................................................................................ 57
2.199. nsNickName ........................................................................................................... 57
2.200. nsNYR ................................................................................................................... 57
2.201. nsOsVersion ........................................................................................................... 57
2.202. nsPidLog ................................................................................................................ 58
2.203. nsPreference .......................................................................................................... 58
2.204. nsProductName ...................................................................................................... 58
2.205. nsProductVersion .................................................................................................... 58
2.206. nsRevisionNumber .................................................................................................. 58
2.207. nsSecureServerPort ................................................................................................ 59
2.208. nsSerialNumber ...................................................................................................... 59
2.209. nsServerAddress .................................................................................................... 59
2.210. nsServerCreationClassname .................................................................................... 59
2.211. nsServerID ............................................................................................................. 60
2.212. nsServerMigrationClassname .................................................................................. 60
2.213. nsServerPort .......................................................................................................... 60
2.214. nsServerSecurity ..................................................................................................... 60
2.215. nsSNMPContact ..................................................................................................... 61
2.216. nsSNMPDescription ................................................................................................ 61
2.217. nsSNMPEnabled ..................................................................................................... 61
2.218. nsSNMPLocation .................................................................................................... 61
2.219. nsSNMPMasterHost ................................................................................................ 61
2.220. nsSNMPMasterPort ................................................................................................. 62
2.221. nsSNMPOrganization .............................................................................................. 62
2.222. nsSSL2 .................................................................................................................. 62
2.223. nsSSL2Ciphers ....................................................................................................... 62
2.224. nsSSL3 .................................................................................................................. 62
2.225. nsSSL3Ciphers ....................................................................................................... 63
2.226. nsSSL3SessionTimeout ........................................................................................... 63
2.227. nsSSLActivation ...................................................................................................... 63
2.228. nsSSLclientauth ...................................................................................................... 63
2.229. nsSSLPersonalitySSL ............................................................................................. 64
2.230. nsSSLSessionTimeout ............................................................................................ 64
2.231. nsSSLSupportedCiphers ......................................................................................... 64
2.232. nsSSLToken ........................................................................................................... 64
2.233. nsSuiteSpotUser ..................................................................................................... 64
2.234. nsTaskLabel ........................................................................................................... 65
2.235. nsUniqueAttribute ................................................................................................... 65
2.236. nsUserIDFormat ..................................................................................................... 65
2.237. nsUserRDNComponent ........................................................................................... 65
2.238. nsValueBin ............................................................................................................. 65
2.239. nsValueCES ........................................................................................................... 66
2.240. nsValueCIS ............................................................................................................ 66
Schema Reference
viii
2.241. nsValueDefault ........................................................................................................ 66
2.242. nsValueDescription ................................................................................................. 66
2.243. nsValueDN ............................................................................................................. 66
2.244. nsValueFlags .......................................................................................................... 66
2.245. nsValueHelpURL ..................................................................................................... 67
2.246. nsValueInt .............................................................................................................. 67
2.247. nsValueSyntax ........................................................................................................ 67
2.248. nsValueTel .............................................................................................................. 67
2.249. nsValueType ........................................................................................................... 67
2.250. nsVendor ................................................................................................................ 67
2.251. nsViewConfiguration ............................................................................................... 68
2.252. nsViewFilter ............................................................................................................ 68
2.253. nsWellKnownJarfiles ............................................................................................... 68
2.254. nswmExtendedUserPrefs ........................................................................................ 68
2.255. nsYIMid .................................................................................................................. 68
2.256. ntGroupAttributes .................................................................................................... 69
2.257. ntGroupCreateNewGroup ........................................................................................ 69
2.258. ntGroupDeleteGroup ............................................................................................... 69
2.259. ntGroupDomainId .................................................................................................... 69
2.260. ntGroupId ............................................................................................................... 70
2.261. ntGroupType ........................................................................................................... 70
2.262. ntUniqueId .............................................................................................................. 70
2.263. ntUserAcctExpires ................................................................................................... 71
2.264. ntUserAuthFlags ..................................................................................................... 71
2.265. ntUserBadPwCount ................................................................................................. 71
2.266. ntUserCodePage .................................................................................................... 71
2.267. ntUserComment ...................................................................................................... 72
2.268. ntUserCountryCode ................................................................................................. 72
2.269. ntUserCreateNewAccount ........................................................................................ 72
2.270. ntUserDeleteAccount ............................................................................................... 72
2.271. ntUserDomainId ...................................................................................................... 72
2.272. ntUserFlags ............................................................................................................ 73
2.273. ntUserHomeDir ....................................................................................................... 73
2.274. ntUserHomeDirDrive ............................................................................................... 73
2.275. ntUserLastLogoff ..................................................................................................... 73
2.276. ntUserLastLogon ..................................................................................................... 74
2.277. ntUserLogonHours .................................................................................................. 74
2.278. ntUserLogonServer ................................................................................................. 74
2.279. ntUserMaxStorage .................................................................................................. 74
2.280. ntUserNumLogons .................................................................................................. 75
2.281. ntUserParms .......................................................................................................... 75
2.282. ntUserPasswordExpired .......................................................................................... 75
2.283. ntUserPrimaryGroupId ............................................................................................. 75
2.284. ntUserPriv .............................................................................................................. 75
2.285. ntUserProfile ........................................................................................................... 76
2.286. ntUserScriptPath ..................................................................................................... 76
2.287. ntUserUniqueId ....................................................................................................... 76
2.288. ntUserUnitsPerWeek ............................................................................................... 76
2.289. ntUserUsrComment ................................................................................................. 77
2.290. ntUserWorkstations ................................................................................................. 77
2.291. o (organizationName) .............................................................................................. 77
ix
2.292. objectClass ............................................................................................................. 77
2.293. objectClasses ......................................................................................................... 78
2.294. obsoletedByDocument ............................................................................................ 78
2.295. obsoletesDocument ................................................................................................. 78
2.296. oncRpcNumber ....................................................................................................... 78
2.297. organizationalStatus ................................................................................................ 79
2.298. otherMailbox ........................................................................................................... 79
2.299. ou (organizationalUnitName) ................................................................................... 79
2.300. owner ..................................................................................................................... 79
2.301. pager ..................................................................................................................... 80
2.302. pamExcludeSuffix ................................................................................................... 80
2.303. pamFallback ........................................................................................................... 80
2.304. pamIDAttr ............................................................................................................... 80
2.305. pamIDMapMethod ................................................................................................... 80
2.306. pamIncludeSuffix .................................................................................................... 81
2.307. pamMissingSuffix .................................................................................................... 81
2.308. pamSecure ............................................................................................................. 81
2.309. pamService ............................................................................................................ 81
2.310. parentOrganization .................................................................................................. 81
2.311. personalSignature ................................................................................................... 82
2.312. personalTitle ........................................................................................................... 82
2.313. photo ..................................................................................................................... 82
2.314. physicalDeliveryOfficeName .................................................................................... 82
2.315. postalAddress ......................................................................................................... 83
2.316. postalCode ............................................................................................................. 83
2.317. postOfficeBox ......................................................................................................... 83
2.318. preferredDeliveryMethod ......................................................................................... 84
2.319. preferredLanguage .................................................................................................. 84
2.320. preferredLocale ....................................................................................................... 84
2.321. preferredTimeZone .................................................................................................. 84
2.322. presentationAddress ............................................................................................... 85
2.323. protocolInformation ................................................................................................. 85
2.324. ref .......................................................................................................................... 85
2.325. registeredAddress ................................................................................................... 85
2.326. roleOccupant .......................................................................................................... 86
2.327. roomNumber .......................................................................................................... 86
2.328. searchGuide ........................................................................................................... 86
2.329. secretary ................................................................................................................ 86
2.330. seeAlso .................................................................................................................. 87
2.331. serialNumber .......................................................................................................... 87
2.332. serverHostName ..................................................................................................... 87
2.333. serverProductName ................................................................................................ 87
2.334. serverRoot .............................................................................................................. 88
2.335. serverVersionNumber .............................................................................................. 88
2.336. shadowExpire ......................................................................................................... 88
2.337. shadowFlag ............................................................................................................ 89
2.338. shadowInactive ....................................................................................................... 89
2.339. shadowLastChange ................................................................................................. 89
2.340. shadowMax ............................................................................................................ 90
2.341. shadowMin ............................................................................................................. 90
2.342. shadowWarning ...................................................................................................... 91
Schema Reference
x
2.343. singleLevelQuality ................................................................................................... 91
2.344. sn (surname) .......................................................................................................... 91
2.345. st (stateOrProvinceName) ....................................................................................... 91
2.346. street ..................................................................................................................... 92
2.347. subject ................................................................................................................... 92
2.348. subtreeMaximumQuality .......................................................................................... 92
2.349. subtreeMinimumQuality ........................................................................................... 92
2.350. supportedAlgorithms ............................................................................................... 93
2.351. supportedApplicationContext .................................................................................... 93
2.352. telephoneNumber ................................................................................................... 93
2.353. teletexTerminalIdentifier ........................................................................................... 93
2.354. telexNumber ........................................................................................................... 94
2.355. textEncodedORAddress .......................................................................................... 94
2.356. title ......................................................................................................................... 94
2.357. ttl (TimeToLive) ....................................................................................................... 95
2.358. uid (userID) ............................................................................................................ 95
2.359. uidNumber .............................................................................................................. 95
2.360. uniqueIdentifier ....................................................................................................... 96
2.361. uniqueMember ........................................................................................................ 96
2.362. updatedByDocument ............................................................................................... 96
2.363. updatesDocument ................................................................................................... 96
2.364. userCertificate ........................................................................................................ 96
2.365. userClass ............................................................................................................... 97
2.366. userPassword ......................................................................................................... 97
2.367. userPKCS12 ........................................................................................................... 97
2.368. userSMIMECertificate .............................................................................................. 98
2.369. vacationEndDate ..................................................................................................... 98
2.370. vacationStartDate ................................................................................................... 98
2.371. x121Address .......................................................................................................... 98
2.372. x500UniqueIdentifier ............................................................................................... 98
3. Directory Server Object Class Reference 101
3.1. account .................................................................................................................... 101
3.2. alias ......................................................................................................................... 102
3.3. bootableDevice ......................................................................................................... 103
3.4. cacheObject ............................................................................................................. 104
3.5. cosClassicDefinition .................................................................................................. 104
3.6. cosDefinition ............................................................................................................. 105
3.7. cosIndirectDefinition .................................................................................................. 106
3.8. cosPointerDefinition .................................................................................................. 106
3.9. cosSuperDefinition .................................................................................................... 107
3.10. cosTemplate ........................................................................................................... 108
3.11. country ................................................................................................................... 108
3.12. dcObject ................................................................................................................. 109
3.13. device .................................................................................................................... 110
3.14. document ............................................................................................................... 110
3.15. documentSeries ...................................................................................................... 112
3.16. domain ................................................................................................................... 113
3.17. domainRelatedObject .............................................................................................. 114
3.18. dSA ....................................................................................................................... 115
3.19. extensibleObject ..................................................................................................... 116
3.20. friendlyCountry ....................................................................................................... 116
xi
3.21. groupOfCertificates ................................................................................................. 117
3.22. groupOfMailEnhancedUniqueNames ........................................................................ 118
3.23. groupOfNames ....................................................................................................... 119
3.24. groupOfUniqueNames ............................................................................................. 119
3.25. groupOfURLs ......................................................................................................... 120
3.26. ieee802Device ........................................................................................................ 121
3.27. inetAdmin ............................................................................................................... 122
3.28. inetDomain ............................................................................................................. 123
3.29. inetOrgPerson ........................................................................................................ 123
3.30. inetSubscriber ......................................................................................................... 126
3.31. inetUser ................................................................................................................. 126
3.32. ipHost .................................................................................................................... 127
3.33. ipNetwork ............................................................................................................... 128
3.34. ipProtocol ............................................................................................................... 129
3.35. ipService ................................................................................................................ 130
3.36. labeledURIObject .................................................................................................... 130
3.37. locality .................................................................................................................... 131
3.38. mailGroup .............................................................................................................. 132
3.39. mailRecipient .......................................................................................................... 132
3.40. netscapeCertificateServer ........................................................................................ 133
3.41. netscapeDirectoryServer ......................................................................................... 134
3.42. NetscapeLinkedOrganization ................................................................................... 134
3.43. netscapeMachineData ............................................................................................. 135
3.44. NetscapePreferences .............................................................................................. 135
3.45. netscapeReversiblePasswordObject ......................................................................... 135
3.46. netscapeServer ....................................................................................................... 136
3.47. netscapeWebServer ................................................................................................ 137
3.48. newPilotPerson ....................................................................................................... 137
3.49. nisMap ................................................................................................................... 139
3.50. nisNetgroup ............................................................................................................ 139
3.51. nisObject ................................................................................................................ 140
3.52. nsAdminConfig ....................................................................................................... 141
3.53. nsAdminConsoleUser .............................................................................................. 142
3.54. nsAdminDomain ..................................................................................................... 142
3.55. nsAdminGlobalParameters ...................................................................................... 142
3.56. nsAdminGroup ........................................................................................................ 143
3.57. nsAdminObject ....................................................................................................... 144
3.58. nsAdminResourceEditorExtension ............................................................................ 144
3.59. nsAdminServer ....................................................................................................... 145
3.60. nsAIMpresence ....................................................................................................... 145
3.61. nsApplication .......................................................................................................... 146
3.62. nsCertificateServer .................................................................................................. 147
3.63. nsComplexRoleDefinition ......................................................................................... 148
3.64. nsContainer ............................................................................................................ 148
3.65. nsCustomView ........................................................................................................ 149
3.66. nsDefaultObjectClasses .......................................................................................... 149
3.67. nsDirectoryInfo ....................................................................................................... 149
3.68. nsDirectoryServer ................................................................................................... 150
3.69. nsEncryptionConfig ................................................................................................. 151
3.70. nsEncryptionModule ................................................................................................ 152
3.71. nsFilteredRoleDefinition ........................................................................................... 152
Schema Reference
xii
3.72. nsGlobalParameters ................................................................................................ 153
3.73. nsHost ................................................................................................................... 154
3.74. nsICQpresence ....................................................................................................... 155
3.75. nsLicenseUser ........................................................................................................ 155
3.76. nsManagedRoleDefinition ........................................................................................ 156
3.77. nsMessagingServerUser .......................................................................................... 156
3.78. nsMSNpresence ..................................................................................................... 157
3.79. nsNestedRoleDefinition ........................................................................................... 158
3.80. nsResourceRef ....................................................................................................... 158
3.81. nsRoleDefinition ...................................................................................................... 159
3.82. nsSimpleRoleDefinition ............................................................................................ 159
3.83. nsSNMP ................................................................................................................. 160
3.84. nsTask ................................................................................................................... 161
3.85. nsTaskGroup .......................................................................................................... 162
3.86. nsTopologyCustomView ........................................................................................... 162
3.87. nsTopologyPlugin .................................................................................................... 163
3.88. nsValueItem ............................................................................................................ 163
3.89. nsView ................................................................................................................... 164
3.90. nsYIMpresence ....................................................................................................... 164
3.91. ntGroup .................................................................................................................. 165
3.92. ntUser .................................................................................................................... 166
3.93. oncRpc .................................................................................................................. 168
3.94. organization ............................................................................................................ 169
3.95. organizationalPerson ............................................................................................... 171
3.96. organizationalRole .................................................................................................. 172
3.97. organizationalUnit ................................................................................................... 173
3.98. pamConfig .............................................................................................................. 175
3.99. person .................................................................................................................... 176
3.100. pilotObject ............................................................................................................ 176
3.101. pilotOrganization ................................................................................................... 177
3.102. posixAccount ........................................................................................................ 179
3.103. posixGroup ........................................................................................................... 180
3.104. referral ................................................................................................................. 181
3.105. residentialPerson .................................................................................................. 181
3.106. RFC822LocalPart .................................................................................................. 182
3.107. room .................................................................................................................... 184
3.108. shadowAccount ..................................................................................................... 184
3.109. simpleSecurityObject ............................................................................................. 186
3.110. strongAuthenticationUser ....................................................................................... 186
4. Operational Attributes and Object Classes 187
4.1. accountUnlockTime ................................................................................................... 187
4.2. aci ........................................................................................................................... 187
4.3. altServer .................................................................................................................. 187
4.4. copiedFrom .............................................................................................................. 188
4.5. copyingFrom ............................................................................................................ 188
4.6. createTimestamp ...................................................................................................... 188
4.7. creatorsName ........................................................................................................... 188
4.8. dITContentRules ....................................................................................................... 188
4.9. dITStructureRules ..................................................................................................... 189
4.10. hasSubordinates ..................................................................................................... 189
4.11. LDAPsubentry ......................................................................................................... 189
xiii
4.12. ldapSyntaxes .......................................................................................................... 190
4.13. matchingRules ........................................................................................................ 190
4.14. matchingRuleUse .................................................................................................... 190
4.15. modifyTimestamp .................................................................................................... 190
4.16. modifiersName ....................................................................................................... 190
4.17. nameForms ............................................................................................................ 191
4.18. namingContexts ...................................................................................................... 191
4.19. nsAccountLock ....................................................................................................... 191
4.20. nsAIMStatusGraphic ............................................................................................... 191
4.21. nsAIMStatusText ..................................................................................................... 191
4.22. nsBackendSuffix ..................................................................................................... 192
4.23. nscpEntryDN .......................................................................................................... 192
4.24. nsDS5ReplConflict .................................................................................................. 192
4.25. nsICQStatusGraphic ............................................................................................... 192
4.26. nsICQStatusText ..................................................................................................... 192
4.27. nsIdleTimeout ......................................................................................................... 193
4.28. nsLookThroughLimit ................................................................................................ 193
4.29. nsParentUniqueId ................................................................................................... 193
4.30. nsRole ................................................................................................................... 193
4.31. nsRoleDn ............................................................................................................... 194
4.32. nsRoleFilter ............................................................................................................ 194
4.33. nsSchemaCSN ....................................................................................................... 194
4.34. nsSizeLimit ............................................................................................................. 195
4.35. nsTimeLimit ............................................................................................................ 195
4.36. nsTombstone (Object Class) .................................................................................... 195
4.37. nsUniqueID ............................................................................................................ 196
4.38. nsYIMStatusGraphic ............................................................................................... 196
4.39. nsYIMStatusText ..................................................................................................... 196
4.40. numSubordinates .................................................................................................... 196
4.41. passwordGraceUserTime ........................................................................................ 196
4.42. passwordRetryCount ............................................................................................... 197
4.43. pwdpolicysubentry ................................................................................................... 197
4.44. subschemaSubentry ................................................................................................ 197
4.45. supportedControl .................................................................................................... 197
4.46. supportedExtension ................................................................................................. 197
4.47. supportedFeatures .................................................................................................. 198
4.48. supportedLDAPVersion ........................................................................................... 198
4.49. supportedSASLMechanisms .................................................................................... 198
4.50. vendorName ........................................................................................................... 198
4.51. vendorVersion ......................................................................................................... 198
4.52. glue (Object Class) ................................................................................................. 199
4.53. passwordObject (Object Class) ................................................................................ 199
4.54. subschema (Object Class) ...................................................................................... 200
Index 203
xiv
xv
Preface
Welcome to the Red Hat Directory Server Schema Reference. Red Hat Directory Server is a powerful and scalable distributed directory server application that uses the Lightweight Directory Access Protocol (LDAP) standard. Directory Server creates centralized and distributed data repositories for use with an intranet, extranet, and Internet applications. Integrating Directory Server into a computing infrastructure smooths interactions and services for customers, clients, and employees.
The Directory Server Schema Reference describes most of the common object classes and attributes defined by standard Directory Server schema. This reference is intended for system administrators who manage and maintain Red Hat Directory Server and define the directory schema.
1. Purpose and Contents
The schema reference covers information about attributes and object classes used by entries in the Directory Server:
• An overview of some of the basic concepts of the directory schema, including lists and descriptions of default schema files, and descriptions of object classes, attributes, object identifiers (OIDs), schema checking, and extending server schema.
• Alphabetical lists of the standard attributes, with definitions of their use, OIDs, and attribute syntax.
• Alphabetical lists of the standard object classes with descriptions of the object class, OIDs, and lists of required and allowed attributes. (The defined attributes for the object classes do not include the required and allowed attributes which are inherited from any superior object classes.)
• Directory Server's operational attributes and special attributes and object classes used by the server as part of its configuration, to perform tasks, or to manage databases.
This guide is intended as a reference for schema elements that are used to describe directory entries, like users, groups, and equipment, and some schema elements that are used to organize data in the directory, like views and roles.
However, this schema reference does not cover core schema used to configure the Directory Server itself. The directory service is also configured as directory entries within the cn=config subtree. For descriptions of those attributes, see the Configuration, Command, and File Reference.
2. Prerequisite Reading
This guide is a reference covering the standard schema and the standard object classes and attributes. However, this guide does not describe how to design, customize or maintain the schema, nor does it give any information on replication. Those concepts are described in the Deployment Guide. Read that book before continuing with this manual.
Preliminary planning for your schema needs depends on deciding how to represent the data which will be stored in the directory and the kinds of identities — different people, equipment, and facilities — which will be represented. Chose predefined schema elements to meet as many of the data needs as possible. These predefined schema elements are listed in this guide. After fully utilizing the standard schema, then begin planning how to extend the schema.
Preface
xvi
3. Examples and Formatting
Each of the examples used in this guide, such as file locations and commands, have certain defined conventions.
3.1. Command and File Examples
All of the examples for Red Hat Directory Server commands, file locations, and other usage are given for Red Hat Enterprise Linux 5 (32-bit) systems. Be certain to use the appropriate commands and files for your platform.
To start the Red Hat Directory Server:
/etc/init.d/dirsv start
Example 1. Example Command
3.2. Tool Locations
The tools for Red Hat Directory Server are located in the /usr/bin and the /usr/sbin directories. These tools can be run from any location without specifying the tool location.
3.3. LDAP Locations
There is another important consideration with the Red Hat Directory Server tools. The LDAP tools referenced in this guide are Mozilla LDAP, installed with Red Hat Directory Server in the /usr/lib/ mozldap directory on Red Hat Enterprise Linux 5 (32-bit) (or /usr/lib64/mozldap for 64-bit systems).
However, Red Hat Enterprise Linux systems also include LDAP tools from OpenLDAP in the /usr/ bin directory. It is possible to use the OpenLDAP commands as shown in the examples, but you must use the -x argument to disable SASL, which OpenLDAP tools use by default.
3.4. Text Formatting and Styles
Certain words are represented in different fonts, styles, and weights. Different character formatting is used to indicate the function or purpose of the phrase being highlighted.
Formatting Style Purpose
Monospace font Monospace is used for commands, package
names, files and directory paths, and any text displayed in a prompt.
Monospace with a background
This type of formatting is used for anything entered or returned in a command prompt.
Italicized text Any text which is italicized is a variable, such
as instance_name or hostname. Occasionally, this is also used to emphasize a new term or other phrase.
Bolded text Most phrases which are in bold are application
names, such as Cygwin, or are fields or
Additional Reading
xvii
Formatting Style Purpose
options in a user interface, such as a User Name Here: field or Save button.
Other formatting styles draw attention to important text.
NOTE
A note provides additional information that can help illustrate the behavior of the system or provide more detail for a specific issue.
IMPORTANT
Important information is necessary, but possibly unexpected, such as a configuration change that will not persist after a reboot.
WARNING
A warning indicates potential data loss, as may happen when tuning hardware for maximum performance.
4. Additional Reading
The Directory Server Administrator's Guide describes how to set up, configure, and administer Red Hat Directory Server and its contents. this manual does not describe many of the basic directory and architectural concepts that you need to deploy, install, and administer a directory service successfully. Those concepts are contained in the Red Hat Directory Server Deployment Guide. You should read that book before continuing with this manual.
When you are familiar with Directory Server concepts and have done some preliminary planning for your directory service, install the Directory Server. The instructions for installing the various Directory Server components are contained in the Red Hat Directory Server Installation Guide. Many of the scripts and commands used to install and administer the Directory Server are explained in detail in the Red Hat Directory Server Configuration, Command, and File Reference.
Also, Managing Servers with Red Hat Console contains general background information on how to use the Red Hat Console. You should read and understand the concepts in that book before you attempt to administer Directory Server.
The document set for Directory Server contains the following guides:
Red Hat Directory Server Release Notes contain important information on new features, fixed bugs, known issues and workarounds, and other important deployment information for this specific version of Directory Server.
Red Hat Directory Server Deployment Guide provides an overview for planning a deployment of the Directory Server.
Red Hat Directory Server Administrator's Guide contains procedures for the day-to-day maintenance of the directory service. Includes information on configuring server-side plug-ins.
Preface
xviii
Red Hat Directory Server Configuration, Command, and File Reference provides reference information on the command-line scripts, configuration attributes, and log files shipped with Directory Server.
Red Hat Directory Server Installation Guide contains procedures for installing your Directory Server as well as procedures for migrating from a previous installation of Directory Server.
Red Hat Directory Server Schema Reference provides reference information about the Directory Server schema.
Red Hat Directory Server Plug-in Programmer's Guide describes how to write server plug-ins in order to customize and extend the capabilities of Directory Server.
Using Red Hat Console gives an overview of the primary user interface and how it interacts with the Directory Server and Administration Server, as well as how to perform basic management tasks through the main Console window.
Using the Admin Server describes the different tasks and tools associated with the Administration Server and how to use the Administration Server with the Configuration and User Directory Server instances.
For the latest information about Directory Server, including current release notes, complete product documentation, technical notes, and deployment information, see the Red Hat Directory Server documentation site at http://www.redhat.com/docs/manuals/dir-server/.
5. Giving Feedback
If there is any error in this Schema Reference or there is any way to improve the documentation, please let us know. Bugs can be filed against the documentation for Red Hat Directory Server through Bugzilla, http://bugzilla.redhat.com/bugzilla. Make the bug report as specific as possible, so we can be more effective in correcting any issues:
• Select the Red Hat Directory Server product.
• Set the component to Doc - schema-reference.
• Set the version number to 8.1.
• For errors, give the page number (for the PDF) or URL (for the HTML), and give a succinct description of the problem, such as incorrect procedure or typo.
For enhancements, put in what information needs to be added and why.
• Give a clear title for the bug. For example, "Incorrect command example for setup script options" is better than "Bad example".
We appreciate receiving any feedback — requests for new sections, corrections, improvements, enhancements, even new ways of delivering the documentation or new styles of docs. You are welcome to contact Red Hat Content Services directly at mailto:docs@redhat.com.
6. Documentation History
Revision 8.1.5 January 11, 2010 Ella Deon Lackey
Expanding description of shadowExpire attribute, per Bugzilla #537262.
Documentation History
xix
Revision 8.1.4 September 17, 2009 Ella Deon Lackey
Completing tech review from Noriko, adding new object classes (and some required attributes) for the standard object class reference. From Bugzilla #236147.
Revision 8.1.3 September 11, 2009 Ella Deon Lackey
Fixing instance-specific directory location.
Revision 8.1.2 September 9, 2009 Ella Deon Lackey
Removing any references to the Directory Server Gateway or Org Chart.
Revision 8.1.1 September 5, 2009 Ella Deon Lackey
Adding the HPUX schema file directory to the default schema file overview section, per Bugzilla #521140.
Revision 8.1.0 April 28, 2009 Ella Deon Lackey dlackey@redhat.com
Initial draft for version 8.1.
xx
Chapter 1.
1
About Directory Server Schema
This chapter provides an overview of some of the basic concepts of the directory schema and lists the files in which the schema is described. It describes object classes, attributes, and object identifiers (OIDs) and briefly discusses extending server schema and schema checking.
1.1. Schema Definitions
The directory schema is a set of rules that defines how data can be stored in the directory. Directory information is stored discrete entries, and each entry is comprised of a set of attributes and their values. The kind of identity being described in the entry is defined in the entry's object classes. An object class specifies the kind of object the entry describes through the defined set of attributes for the object class.
Basically, the schema files are lists of the kinds of entries that can be create (the object classes) and the ways that those entries can be described (the attributes). The schema defines what the object classes and attributes are. The schema also defines the format that the attribute values contain (the attribute's syntax) and whether there can only be a single instance of that attribute.
Additional schema files can be added to the Directory Server configuration and loaded in the server, so the schema is customizable and can be extended as desired.
For more detailed information about object classes, attributes, and how the Directory Server uses the schema, see the Deployment Guide.
CAUTION
The Directory Server fails to start if the schema definitions contain too few or too many characters. Use exactly one space in those places where the LDAP standards allow the use of zero or many spaces; for example, the place between the NAME keyword and the name of an attribute type.
1.1.1. Object Classes
In LDAP, an object class defines the set of attributes that can be used to define an entry. The LDAP standard provides object classes for many common types of entries, such as people (person and inetOrgPerson), groups (groupOfUniqueNames), locations (locality), organizations and divisions (organization and organizationalUnit), and equipment (device).
In a schema file, an object class is identified by the objectclasses line, then followed by its OID, name, a description, its direct superior object class (an object class which is required to be used in conjunction with the object class and which shares its attributes with this object class), and the list of required (MUST) and allowed (MAY) attributes.
This is shown in Example 1.1, “person Object Class Schema Entry”.
objectClasses: ( 2.5.6.6 NAME 'person' DESC 'Standard LDAP objectclass' SUP top MUST ( sn $ cn ) MAY ( description $ seeAlso $ telephoneNumber $ userPassword ) X-ORIGIN 'RFC 2256' )
Example 1.1. person Object Class Schema Entry
Chapter 1. About Directory Server Schema
2
1.1.1.1. Required and Allowed Attributes
Every object class defines a number of required attributes and of allowed attributes. Required attributes must be present in entries using the specified object class, while allowed attributes are permissible and available for the entry to use, but are not required for the entry to be valid.
As in Example 1.1, “person Object Class Schema Entry”, the person object class requires the cn,
sn, and objectClass attributes and allows the description, seeAlso, telephoneNumber, and userPassword attributes.
NOTE
All entries require the objectClass attribute, which lists the object classes assigned to the entry.
1.1.1.2. Object Class Inheritance
An entry can have more than one object class. For example, the entry for a person is defined by the person object class, but the same person may also be described by attributes in the inetOrgPerson and organizationalPerson object classes.
Additionally, object classes can be hierarchical. An object class can inherit attributes from another class, in addition to its own required and allowed attributes. The second object class is the superior object class of the first.
The server's object class structure determines the list of required and allowed attributes for a particular entry. For example, a user's entry has to have the inetOrgPerson object class. In that case, the entry must also include the superior object class for inetOrgPerson, organizationalPerson, and the superior object class for organizationalPerson, which is person:
objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson
When the inetOrgPerson object class is assigned to an entry, the entry automatically inherits the required and allowed attributes from the superior object classes.
1.1.2. Attributes
Directory entries are composed of attributes and their values. These pairs are called attribute-value assertions or AVAs. Any piece of information in the directory is associated with a descriptive attribute.
For instance, the cn attribute is used to store a person's full name, such as cn: John Smith.
Additional attributes can supply additional information about John Smith:
givenname: John surname: Smith mail: jsmith@example.com
In a schema file, an attribute is identified by the attributetypes line, then followed by its OID, name, a description, syntax (allowed format for its value), optionally whether the attribute is single- or multi-valued, and where the attribute is defined.
Attributes
3
This is shown in Example 1.2, “description Attribute Schema Entry”.
attributetypes: ( 2.5.4.13 NAME 'description' DESC 'Standard LDAP attribute type' SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2256' )
Example 1.2. description Attribute Schema Entry
Some attributes can be abbreviated. These abbreviations are listed as part of the attribute definition:
attributetypes: ( 2.5.4.3 NAME ( 'cn' 'commonName' ) ...
1.1.2.1. Attribute Syntax
The attribute's syntax defines the format of the values which the attribute allows; as with other schema elements, the syntax is defined for an attribute using the syntax's OID, as listed in Table 1.1, “LDAP
Attribute Syntax”.
The Directory Server uses the attribute's syntax to perform sorting and pattern matching on entries.
Syntax Method OID Definition
Binary 1.3.6.1.4.1.1466.115.121.1.5 Indicates that values for this
attribute are binary.
Boolean 1.3.6.1.4.1.1466.115.121.1.7 Indicates that this attribute has
one of only two values, true or false.
Country String 1.3.6.1.4.1.1466.115.121.1.11 Indicates that values for this
attribute are limited to exactly two printable string characters; for example, US for the United States.
DN 1.3.6.1.4.1.1466.115.121.1.12 Indicates that values for this
attribute are DNs.
DirectoryString 1.3.6.1.4.1.1466.115.121.1.15 Indicates that values for this
attribute are case-insensitive strings.
GeneralizedTime 1.3.6.1.4.1.1466.115.121.1.24 Indicates that values for this
attribute are encoded as printable strings. The time zone must be specified. It is strongly recommended to use GMT time.
IA5String 1.3.6.1.4.1.1466.115.121.1.26 Indicates that values for this
attribute are case-exact strings.
Integer 1.3.6.1.4.1.1466.115.121.1.27 Indicates that valid values for
this attribute are numbers.
OctetString 1.3.6.1.4.1.1466.115.121.1.40 Indicates that values for this
attribute are binary; this is the same as using the binary syntax.
Chapter 1. About Directory Server Schema
4
Syntax Method OID Definition
Postal Address 1.3.6.1.4.1.1466.115.121.1.41 Indicates that values for this
attribute are encoded in the format postal-address = dstring* ("$" dstring). For example:
1234 Main St.$Raleigh, NC 12345$USA
Each dstring component is encoded as a DirectoryString value. Backslashes and dollar characters, if they occur, are quoted, so that they will not be mistaken for line delimiters. Many servers limit the postal address to 6 lines of up to thirty characters.
TelephoneNumber 1.3.6.1.4.1.1466.115.121.1.50 Indicates that values for this
attribute are in the form of telephone numbers. It is recommended to use telephone numbers in international form.
URI Indicates that the values for
this attribute are in the form of a URL, introduced by a string such as http://, https://, ftp://, ldap://, and ldaps://. The URI has the same behavior as IA5String. See RFC 2396 for more information on this syntax.
Table 1.1. LDAP Attribute Syntax
1.1.2.2. Single- and Multi-Valued Attributes
By default, most attributes are multi-valued. This means that an entry can contain the same attribute multiple times, with different values. For example:
dn: uid=jsmith, ou=marketing, ou=people, dc=example, dc=com ou: marketing ou: people
The cn, tel, and objectclass attributes, for example, all can have more than one value. Attributes that are single-valued — that is, only one instance of the attribute can be specified — are specified in the schema as only allowing a single value. For example, uidNumber can only have one possible value, so its schema entry has the term SINGLE-VALUE. If the attribute is multi-valued, there is no value expression.
Default Directory Server Schema Files
5
1.2. Default Directory Server Schema Files
Template schema definitions for Directory Server are stored in the /etc/dirsrv/schema directory. These default schema files are used to generate the schema files for new Directory Server instances. Each server instance has its own instance-specific schema directory in /etc/dirsrv/ slapd-instance_name/schema (/etc/opt/dirsrv/slapd-instance_name/schema on HP­UX). The schema files in the instance directory are used only by that instance.
To modify the directory schema, create new attributes and new object classes in the instance-specific schema directory. Because the default schema is used for creating new instances and each individual instance has its own schema files, it is possible to have slightly different schema for each instance, matching the use of each instance.
Any custom attributes added using the Directory Server Console or LDAP commands are stored in the 99user.ldif file; other custom schema files can be added to the /etc/dirsrv/ slapd-instance_name/schema directory for each instance. Do not make any modifications with the standard files that come with Red Hat Directory Server.
For more information about how the Directory Server stores information and suggestions for planning directory schema, see the Deployment Guide.
Schema File Purpose
00core.ldif Recommended core schema from the X.500 and
LDAP standards (RFCs). This schema is used by the Directory Server itself for the instance configuration and to start the server instance.
01common.ldif Standard-related schema from RFC 2256,
LDAPv3, and standard schema defined by Directory Server which is used to configure entries.
05rfc2247.ldif Schema from RFC 2247 and related pilot
schema, defined in "Using Domains in LDAP/ X.500 Distinguished Names."
05rfc2927.ldif Schema from RFC 2927, "MIME Directory Profile
for LDAP Schema."
10rfc2307.ldif Schema from RFC 2307, "An Approach for Using
LDAP as a Network Information Service."
10presence.ldif Schema for presence information; the file lists
the default object classes with the allowed attributes that must be added to a user's entry in order for instant-messaging presence information to be available for that user.
20subscriber.ldif Common schema element for Directory Server-
Nortel subscriber interoperability.
25java-object.ldif Schema from RFC 2713, "Schema for
Representing Java Objects in an LDAP Directory."
28pilot.ldif Schema from the pilot RFCs, especially RFC
1274, that are no longer recommended for use in new deployments.
Chapter 1. About Directory Server Schema
6
Schema File Purpose
30ns-common.ldif Common schema.
50ns-admin.ldif Schemas used by the Administration Server.
50ns-certificate.ldif Schemas used by Red Hat Certificate System.
50ns-directory.ldif Schema used by legacy Directory Server 4.x
servers.
50ns-mail.ldif Schema for mail servers.
50ns-value.ldif Schema for value items in Directory Server.
50ns-web.ldif Schema for web servers.
60autofs.ldif Object classes for automount configuration;
this is one of several schema files used for NIS servers.
60eduperson.ldif Schema elements for education-related people
and organization entries.
60mozilla.ldif Schema elements for Mozilla-related user
profiles.
60nss-ldap.ldif Schema elements for GSS-API service names.
60pam-plugin.ldif Schema elements for integrating directory
services with PAM modules.
60pureftpd.ldif Schema elements for defining FTP user
accounts.
60rfc2739.ldif Schema elements for calendars and vCard
properties.
60rfc3712.ldif Schema elements for configuring printers.
60sabayon.ldif Schema elements for defining sabayon user
entries.
60sudo.ldif Schema elements for defining sudo users and
roles.
60trust.ldif Schema elements for defining trust relationships
for NSS or PAM.
99user.ldif Custom schema elements added through the
Directory Server Console.
Table 1.2. Schema Files
1.3. Object Identifiers (OIDs)
All schema elements have object identifiers (OIDs) assigned to them, including attributes and object classes. An OID is a sequence of integers, usually written as a dot-separated string. All custom attributes and classes must conform to the X.500 and LDAP standards.
CAUTION
If an OID is not specified for a schema element, Directory Server automatically uses ObjectClass_name-oid and attribute_name-oid. However, using text OIDs instead
Extending the Schema
7
of numeric OIDs can lead to problems with clients, server interoperability, and server behavior, assigning a numeric OID is strongly recommended.
OIDs can be built on. The base OID is a root number which is used for every schema element for an organization, and then schema elements can be incremented from there. For example, a base OID could be 1. The company then uses 1.1 for attributes, so every new attribute has an OID of 1.1.x. It uses 1.2 for object classes, so every new object class has an OID of 1.2.x.
For Directory Server-defined schema elements, the base OIDs are as follows:
• The Netscape base OID is 2.16.840.1.113730.
• The Directory Server base OID is 2.16.840.1.113730.3.
• All Netscape-defined attributes have the base OID 2.16.840.1.113370.3.1.
• All Netscape-defined object classes have the base OID 2.16.840.1.113730.3.2.
For more information about OIDs or to request a prefix, go to the Internet Assigned Number Authority (IANA) website at http://www.iana.org/.
1.4. Extending the Schema
The Directory Server schema includes hundreds of object classes and attributes that can be used to meet most of directory requirements. This schema can be extended with new object classes and attributes that meet evolving requirements for the directory service in the enterprise by creating custom schema files.
When adding new attributes to the schema, a new object class should be created to contain them. Adding a new attribute to an existing object class can compromise the Directory Server's compatibility with existing LDAP clients that rely on the standard LDAP schema and may cause difficulties when upgrading the server.
For more information about extending server schema, see the Deployment Guide.
1.5. Schema Checking
Schema checking means that the Directory Server checks every entry when it is created, modified, or in a database imported using LDIF to make sure that it complies with the schema definitions in the schema files. Schema checking verifies three things:
• Object classes and attributes used in the entry are defined in the directory schema.
• Attributes required for an object class are contained in the entry.
• Only attributes allowed by the object class are contained in the entry.
You should run Directory Server with schema checking turned on. For information on enabling schema checking, see the Administrator's Guide.
8
Chapter 2.
9
Directory Server Attribute Reference
This chapter contains reference information about Red Hat Directory Server (Directory Server) attributes. The attributes are listed in alphabetical order with their definition, syntax, and OID.
This chapter contains information about attributes that describe directory entries, like users, groups, and equipment. This intent — describing directory data — also covers some schema elements that are used to organize data in the directory, like views and roles.
However, this attribute reference does not cover core schema used to configure the Directory Server itself. The directory service is also configured as directory entries within the cn=config subtree. For descriptions of those configuration attributes, see the Configuration, Command, and File Reference.
2.1. abstract
The abstract attribute contains an abstract for a document entry.
OID 0.9.2342.19200300.102.1.9
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Internet White Pages Pilot
2.2. accessTo
This attribute defines what specific hosts or servers a user is allowed to access.
OID 5.3.6.1.1.1.1.1
Syntax IA5String
Multi- or Single-Valued Multi-valued
Defined in nss_ldap/pam_ldap
2.3. administratorContactInfo
This attribute contains the contact information for the LDAP or server administrator.
OID 2.16.840.1.113730.3.1.74
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in Netscape Administration Services
2.4. adminRole
This attribute contains the role assigned to the user identified in the entry.
OID 2.16.840.1.113730.3.1.601
Syntax DirectoryString
Multi- or Single-Valued Single-valued
Chapter 2. Directory Server Attribute Reference
10
Defined in Netscape Administration Services
2.5. adminUrl
This attribute contains the URL of the Administration Server.
OID 2.16.840.1.113730.3.1.75
Syntax IA5String
Multi- or Single-Valued Multi-valued
Defined in Netscape Administration Services
2.6. aliasedObjectName
The aliasedObjectName attribute is used by the Directory Server to identify alias entries. This attribute contains the DN (distinguished name) for the entry for which this entry is the alias. For example:
aliasedObjectName: uid=jdoe,ou=people,dc=example,dc=com
OID 2.5.4.1
Syntax DN
Multi- or Single-Valued Single-valued
Defined in RFC 2256
1
2.7. associatedDomain
The associatedDomain attribute contains the DNS domain associated with the entry in the directory tree. For example, the entry with the distinguished name c=US, o=Example Corporation has the associated domain of EC.US. These domains should be represented in RFC 822 order.
associatedDomain:US
OID 0.9.2342.19200300.100.1.37
Syntax DirectoryString
Multi- or Single-Valued Multi-valued
Defined in RFC 1274
2
2.8. associatedName
The associatedName identifies an organizational directory tree entry associated with a DNS domain. For example:
associatedName: c=us
OID 0.9.2342.19200300.100.1.38
Syntax DN
Loading...
+ 198 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use