LDAP Schemas

是描述LDAP存储数据对象结构的标准方法。LDAP Schemas看起来很难,但实际上比较简单。
Schemas定义了属性和对象类型,由Schemas Definition组成。

Schemas Definition分为:
1、Object Class定义:包括对象类型名、必选的属性、可选的属性、对象所属的种类。
例如:对person类型的定义
objectclass
(
2.5.6.6
NAME 'person'
DESC 'RFC4519: a person'
SUP top STRUCTURAL
MUST ( sn $ cn )
MAY ( userPassword $ telephoneNumber $ seeAlso $ description )
)

2、Attribute 定义:包括属性名、值类型、匹配规则、是否容许多值:
例如:
attributetype
(
2.5.4.20
NAME 'telephoneNumber'
DESC 'RFC2256: Telephone Number'
EQUALITY telephoneNumberMatch
SUBSTR telephoneNumberSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32}
)

3、Object Identifiers;
是对象类型定义的第一个字段,也叫OID,全球唯一。

4、DIT内容规则:
A DIT content rule identifies a particular structural object class, and indicates which
auxiliary object classes are allowed (or not allowed) to be included in entries that use
that object class.
For an example, let’s use a few of the object classes introduced in Chapter 3. In the
Anatomy of an LDIF Filesection we created an entry representing a document. It
implemented the documentobject class, whose schema (located in cosine.schema)
looks like this:
objectclass
(
0.9.2342.19200300.100.4.6
NAME 'document'
SUP top
STRUCTURAL
MUST documentIdentifier
MAY ( commonName $ description $ seeAlso $ localityName $
organizationName $ organizationalUnitName $
documentTitle $ documentVersion $ documentAuthor $
documentLocation $ documentPublisher )
)

This is a structural object class. Also in Chapter 3, in the Adding System Recordssection
we added the entry for uid=authenticate,ou=System,dc=example,dc=com. This
entry implemented the simpleSecurityObjectobject class. Here is the schema for
simpleSecurityObject:
objectclass
(
0.9.2342.19200300.100.4.19
NAME 'simpleSecurityObject'
DESC 'RFC1274: simple security object'
SUP top
AUXILIARY
MUST userPassword
)

留下评论