 | Work in progress This site is in the process of being reviewed and updated. |
Introduction
We want to store the schema into ADS as any other entries. We have to define the minimum set of ObjectClasses an AttributeTypes needed to be able to bootstrap the schema.
All the ObjectClass will depend on the MetaObjectClass element, which is hard wired in the server.
All the AttributeTypes will depend on the MetaAttributeType element, which is hard wired in the server.
|
The new Syntaxes will use the OIDs 1.3.6.1.4.1.18060.0.4.0.0.N We will use OIDs 1.3.6.1.4.1.18060.1.1.0.0.N for Meta objects. Here, the prefix 1.3.6.1.4.1.18060 is the one declared to IANA to represent the Apache Foundation and the next 1.1 values are used specifically for Apache Directory. |
Elements of the Meta-Schema
The MetaSchema will be presented in MetaSchema schema, but before, we must define some elements in this page.
Syntaxes
We must define the minimum set of syntaxes.
Those are following the following grammar (from RFC 4512 ) :
<SyntaxDescription> ::=
<LPAREN> <WSP>
<numericoid>
( <SP> "DESC" <SP> <qdstring> )?
<extensions> <WSP>
<RPAREN>
34 of them are defined in RFC 4517. For instance, here the definition of Boolean syntax :
3.3.3. Boolean
A value of the Boolean syntax is one of the Boolean values, true or
false. The LDAP-specific encoding of a value of this syntax is
defined by the following ABNF:
Boolean = "TRUE" / "FALSE"
The LDAP definition for the Boolean syntax is:
( 1.3.6.1.4.1.1466.115.121.1.7 DESC 'Boolean' )
This syntax corresponds to the BOOLEAN ASN.1 type from [ASN.1].
Here are the new one we need to implement the MetaSchema, described in the following table :
| Desc | OID | Extensions | rules |
|---|---|---|---|
| objectClassType | 1.3.6.1.4.1.18060.0.4.0.0.1 | - | Should be one of those 3 strings :
|
| numericOid |
1.3.6.1.4.1.18060.0.4.0.0.2 | - |
Must be a valid numeric OID |
| attributeTypeUsage | 1.3.6.1.4.1.18060.0.4.0.0.3 | - | Should be one of those 4 strings :
|
| number |
1.3.6.1.4.1.18060.0.4.0.0.4 | - |
Must be a number |
| oidLen |
1.3.6.1.4.1.18060.0.4.0.0.5 | - |
Must be a valid numeric oid followed by a length constraint |
| objectName | 1.3.6.1.4.1.18060.0.4.0.0.6 | - | Must be a valid name a-zA-Z([a-zA-Z0-9-;])* |
MatchingRules
The Matching rules are defined in RFC 4512 :
<MatchingRuleDescription> ::= <LPAREN> <WSP>
<numericoid> <MRParameters>
<SP> "SYNTAX" <SP> <numericoid>
<extensions> <WSP> <RPAREN>
<MRParameters> ::=
( <SP> "NAME" <SP> <qdstrings> |
<SP> "DESC" <SP> <qdstring> |
<SP> "OBSOLETE" )+
Here are the new MatchingRules :
| Name | OID | Desc | Obsolete | Syntax | Extensions |
|---|---|---|---|---|---|
| OidMatch |
1.3.6.1.4.1.18060.1.1.0.2.1 | Match an OID |
no |
OID |
- |
| BooleanMatch | 1.3.6.1.4.1.18060.1.1.0.2.2 | Match a Boolean | no | Boolean | - |
| NameOrOidMatch | 1.3.6.1.4.1.18060.1.1.0.2.3 | Match a name or an OID | no | NameOrOid | - |
| TypeMatch | 1.3.6.1.4.1.18060.1.1.0.2.4 | Match a type of ObjectClass | no | Type | - |
| UsageMatch | 1.3.6.1.4.1.18060.1.1.0.2.5 | Match an attributeType Usage | no | Usage | - |
ObjectClasses
The ObjectClass element is described in RFC 4512 :
<ObjectClassDescription> ::=
<LPAREN> <SP> <numericoid> <ocparameters> <extensions> <WSP> <RPAREN>
// Each parameters should not be seen more than once
<ocparameters> ::=
( <SP> "NAME" <SP> <qdescrs>
| <SP> "DESC" <SP> <qdstring>
| <SP> "OBSOLETE"
| <SP> "SUP" <SP> <oids>
| <SP> ( "ABSTRACT" | "STRUCTURAL" | "AUXILIARY" )
| <SP> "MUST" <SP> <oids>
| <SP> "MAY" <SP> <oids> )+
Here we have some elements which are already in the schema :
attributetype ( 2.5.4.0 NAME 'objectClass' DESC 'RFC2256: object classes of the entity' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
attributetype ( 2.5.4.13
NAME 'description'
DESC 'RFC2256: descriptive information'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024}
)
attributetype ( 2.5.4.41
NAME 'name'
DESC 'RFC2256: common supertype of name attributes'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768}
)
The other ones must be defined. Here is a table grouping all the missing elements :
| Name | OID | Desc | Sup | Equality | Ordering | Substr | Syntax | SingleValue | Collective |
|---|---|---|---|---|---|---|---|---|---|
| m-oid | 1.3.6.1.4.1.18060.0.4.0.2.1 | The Object Identifier |
- |
OidMatch |
- |
- |
OID | yes | - |
| m-name | 1.3.6.1.4.1.18060.0.4.0.2.2 | The Object name |
- | caseIgnoreMatch | - |
caseIgnoreSubstringsMatch |
objectName {32768} |
no |
- |
| m-description | 1.3.6.1.4.1.18060.0.4.0.2.3 | The object description |
- | caseIgnoreMatch | - |
caseIgnoreSubstringsMatch | 1.3.6.1.4.1.1466.115.121.1.15{1024} |
yes |
- |
| m-obsolete | 1.3.6.1.4.1.18060.0.4.0.2.4 | The type is obsolete |
- | BooleanMatch | - | - | Boolean | yes | - |
| m-supObjectClass | 1.3.6.1.4.1.18060.0.4.0.2.5 | The list of superiors | - | NameOrOidMatch | - | - | NameOrOid | no | - |
| m-must | 1.3.6.1.4.1.18060.0.4.0.2.6 | The list of mandatory ATs | - | NameOrOidMatch | - | - | NameOrOid | no | - |
| m-may | 1.3.6.1.4.1.18060.0.4.0.2.7 | The list of authorized ATs | - | NameOrOidMatch | - | - | NameOrOid | no | - |
| m-typeObjectClass | 1.3.6.1.4.1.18060.0.4.0.2.8 | The ObjectClass type | - | TypeObjectClassMatch | - | - | TypeObjectClass | yes | - |
| m-extensionObjectClass |
1.3.6.1.4.1.18060.0.4.0.2.9 | An objectclass extension |
- | caseIgnoreMatch | - | - |
1.3.6.1.4.1.1466.115.121.1.15{32768} | no |
- |
AttributeType
The AttributeType element is described in RFC 4512 :
<AttributeTypeDescription> = <LPAREN> <WSP> <numericoid> <atparameters> <extensions> <WSP> <RPAREN>
// Each parameters should not be seen more than once
<atparameters> ::=
(<SP> "NAME" <SP> <qdescrs>
| <SP> "DESC" <SP> qdstring
| <SP> "OBSOLETE"
| <SP> "SUP" <SP> <oid>
| <SP> "EQUALITY" <SP> <oid>
| <SP> "ORDERING" <SP> <oid>
| <SP> "SUBSTR" <SP> <oid>
| <SP> "SYNTAX" <SP> <noidlen>
| <SP> "SINGLE-VALUE"
| <SP> "COLLECTIVE"
| <SP> "NO-USER-MODIFICATION"
| <SP> "USAGE" <SP> <usage>)+
Here we have some elements which are already in the schema :
attributetype ( 2.5.4.13
NAME 'description'
DESC 'RFC2256: descriptive information'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024}
)
attributetype ( 2.5.4.41
NAME 'name'
DESC 'RFC2256: common supertype of name attributes'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768}
)
The other ones must be defined. Here is a table grouping all the missing elements :
| Name | OID | Desc | Sup | Equality | Ordering | Substr | Syntax | SingleValue | Collective |
|---|---|---|---|---|---|---|---|---|---|
| m-supAttributeType | 1.3.6.1.4.1.18060.0.4.0.2.10 | The list of superior | - | nameOrOidMatch | - | - | NameOrOid | yes | - |
| m-equality | 1.3.6.1.4.1.18060.0.4.0.2.11 | Equality matching rule | - | nameOrOidMatch | - | - | NameOrOid | yes | - |
| m-ordering | 1.3.6.1.4.1.18060.0.4.0.2.12 | Ordering matching rule | - | nameOrOidMatch | - | - | NameOrOid | yes | - |
| m-substr | 1.3.6.1.4.1.18060.0.4.0.2.13 | Substring matching rule | - | nameOrOidMatch | - | - | NameOrOid | yes | - |
| m-syntax | 1.3.6.1.4.1.18060.0.4.0.2.14 | The attribute syntax | - | nameOrOidMatch | - | - | NameOrOid | yes | - |
| m-singleValue | 1.3.6.1.4.1.18060.0.4.0.2.15 | The attribute is single valued | - | BooleanMatch | - | - | Boolean | yes | - |
| m-collective | 1.3.6.1.4.1.18060.0.4.0.2.16 | The attribute is collective | - | BooleanMatch | - | - | Boolean | yes | - |
| m-noUserModification | 1.3.6.1.4.1.18060.0.4.0.2.17 | The attribute is protected | - | BooleanMatch | - | - | Boolean | yes | - |
| m-usage | 1.3.6.1.4.1.18060.0.4.0.2.18 | Type of operation | - | UsageMatch | - | - | Usage | yes | - |
| m-extensionAttribyteType |
1.3.6.1.4.1.18060.0.4.0.2.19 | Extension for attributeType |
- |
caseIgnoreMatch | - |
- |
1.3.6.1.4.1.1466.115.121.1.15{32768} | no |
- |
Ordering is useless, so is Substr.
DITStructureRules
The DITStructureRule element is described in RFC 4512 :
<DITStructureRule> = <LPAREN> <WSP> <ruleid> <dsrparameters> <extensions> <WSP> <RPAREN>
// Each parameters should not be seen more than once
<dsrparameters> ::=
( <SP> "NAME" <SP> <qdescrs>
| <SP> "DESC" <SP> qdstring
| <SP> "OBSOLETE"
| <SP> "FORM" <SP> <oid>
| <SP> "SUP" <SP> <ruleids>) +
The other ones must be defined. Here is a table grouping all the missing elements :
| Name | OID | Desc | Sup | Equality | Ordering | Substr | Syntax | SingleValue | Collective |
|---|---|---|---|---|---|---|---|---|---|
| m-ruleId | 1.3.6.1.4.1.18060.0.4.0.2.20 | The rule ID |
- |
ruleIdMatch |
- | - | RuleId | yes | - |
| m-form | 1.3.6.1.4.1.18060.0.4.0.2.21 | The name form associated with this DITStructure rule |
- | oidMatch | - | - | RuleIds | yes |
- |
| m-supDitStructureRule | 1.3.6.1.4.1.18060.0.4.0.2.22 | The list of superiors |
- | ruleIdsMatch | - | - | Oid | no | - |
| m-extensionDITStructureRule |
1.3.6.1.4.1.18060.0.4.0.2.23 | Extensions for DITStructureRule |
- |
caseIgnoreMatch | - |
- | 1.3.6.1.4.1.1466.115.121.1.15{32768} | no | - |
NameForms
The NameForm element is described in RFC 4512 :
<NameForm> = <LPAREN> <WSP> <numericOid> <nfParameters> <extensions> <WSP> <RPAREN>
// Each parameters should not be seen more than once
<nfParameters> ::=
( <SP> "NAME" <SP> <qdescrs>
| <SP> "DESC" <SP> qdstring
| <SP> "OBSOLETE"
| <SP> "OC" <SP> <oid>
| <SP> "MUST" <SP> <oids>
| <SP> "MAY" <SP> <oids> ) +
The other ones must be defined. Here is a table grouping all the missing elements :
| Name | OID | Desc | Sup | Equality | Ordering | Substr | Syntax | SingleValue | Collective |
|---|---|---|---|---|---|---|---|---|---|
| m-oc | 1.3.6.1.4.1.18060.0.4.0.2.24 | The structural ObjectClass |
- |
numericOidMatch |
- | - | Oid | yes |
- |
| m-extensionNameForm |
1.3.6.1.4.1.18060.0.4.0.2.25 | Extensions for NameForm |
- |
caseIgnoreMatch | - |
- | 1.3.6.1.4.1.1466.115.121.1.15{32768} |
no | - |
DITContentRules
The DITContentRule element is described in RFC 4512 :
<DITContentRule> = <LPAREN> <WSP> <numericOid> <dcrParameters> <extensions> <WSP> <RPAREN>
// Each parameters should not be seen more than once
<dcrParameters> ::=
( <SP> "NAME" <SP> <qdescrs>
| <SP> "DESC" <SP> qdstring
| <SP> "OBSOLETE"
| <SP> "AUX" <SP> <oids>
| <SP> "MUST" <SP> <oids>
| <SP> "MAY" <SP> <oids>
| <SP> "NOT" <SP> <oids> ) +
The other ones must be defined. Here is a table grouping all the missing elements :
| Name | OID | Desc | Sup | Equality | Ordering | Substr | Syntax | SingleValue | Collective |
|---|---|---|---|---|---|---|---|---|---|
| m-aux | 1.3.6.1.4.1.18060.0.4.0.2.26 | List of auxiliary ObjectClasses |
- |
numericOidMatch |
- | - | Oids | no | - |
| m-not | 1.3.6.1.4.1.18060.0.4.0.2.27 | List of precluded attribute types |
- |
numericOidMatch |
- | - | Oids | no | - |
| m-extensionDITContentRule |
1.3.6.1.4.1.18060.0.4.0.2.28 | Extensions for DITContentRule |
- |
caseIgnoreMatch | - |
- | 1.3.6.1.4.1.1466.115.121.1.15{32768} | no | - |
MatchingRuleUses
The MatchingRuleUse element is described in RFC 4512 :
<MatchingRuleUse> = <LPAREN> <WSP> <numericOid> <mruParameters> <extensions> <WSP> <RPAREN>
// Each parameters should not be seen more than once
<mruParameters> ::=
( <SP> "NAME" <SP> <qdescrs>
| <SP> "DESC" <SP> qdstring
| <SP> "OBSOLETE"
| <SP> "APPLIES" <SP> <oids> ) +
The other ones must be defined. Here is a table grouping all the missing elements :
| Name | OID | Desc | Sup | Equality | Ordering | Substr | Syntax | SingleValue | Collective |
|---|---|---|---|---|---|---|---|---|---|
| m-applies | 1.3.6.1.4.1.18060.0.4.0.2.29 | List of attribute types the matching rule applies to |
- |
numericOidMatch |
- | - | Oids | no | - |
| m-extensionMatchingRuleUse |
1.3.6.1.4.1.18060.0.4.0.2.30 | Extensions for DITContentRule |
- |
caseIgnoreMatch | - |
- | 1.3.6.1.4.1.1466.115.121.1.15{32768} | no | - |
Description of currently existing schemas
All the current schemas objects are described with the new syntax in those pages :
| Schema | ObjectClasses | AttributeTypes |
|---|---|---|
| apache | apache ObjectClasses | apache AttributeTypes |
| apachedns | apachedns ObjectClasses | apachedns AttributeTypes |
| autofs | autofs ObjectClasses | autofs AttributeTypes |
| collective | collective ObjectClasses | collective AttributeTypes |
| corba | corba ObjectClasses | corba AttributeTypes |
| core | core ObjectClasses | core AttributeTypes |
| cosine | cosine ObjectClasses | cosine AttributeTypes |
| dhcp | dhcp ObjectClasses | dhcp AttributeTypes |
| inetorgPerson | inetorgPerson ObjectClasses | inetorgPerson AttributeTypes |
| java | java ObjectClasses | java AttributeTypes |
| krb5kdc | krb5kdc ObjectClasses | krb5kdc AttributeTypes |
| misc | misc ObjectClasses | misc AttributeTypes |
| mozilla | mozilla ObjectClasses | mozilla AttributeTypes |
| nis | nis ObjectClasses | nis AttributeTypes |
| samba | samba ObjectClasses | samba AttributeTypes |
| system | system ObjectClasses | system AttributeTypes |