Rabbit Eight Brother Note 12: Customize your LDAP directory Schema
Part 1: Understand the Attribute of LDAP
The reason why LDAP is successful or the reason is that LDAP can store many types of information. And LDAP's Schema defines and controls what data can be stored in LDAP. This series of articles of authors include 4 parts, this is the third part.
1. What is LDAP's Schema?
In the LDAP directory, Schema is the collection of ACIBUTE defined attribute, defined ObjectClass and what kind of data is saved where ACI is stored.
Any database has a Schema, the next simple definition: Schema is a data model that is used to determine how the data is stored, the tracked data is, stored between data under different Entry relationship.
When you build your LDAP, some information that has defined Entry is stored in a range of Attributes. You can also create a new value type to be stored in LDAP.
All Attribute may be placed together to form a type called Object Class. To meet your needs, you can define your own Object Class, and the properties in each Object Class can be designed to be reqired or optional (optional).
If you are familiar with the relational database, then the following description helps you understand the Schema's understanding: Attribute is equivalent to the field (Field), while Object Calss is equivalent to the table.
You can design your LDAP Information Tree (DIT), store many similar object classes in the same Entry.
2. Understand the attibute of LDAP
Simply put, Attribute is a container that can store a single type of information. (Corresponding to KEY / VALUE).
Customized Schema allows you to design a lot of Attribute you need, such as your favorite food, birthday, work dates, etc., but you have to add the correct Attribute for your directory server configuration file (Schema).
A Attribute includes the following parts, we will introduce it later.
N attribute name
N description
Object identifier (OID) of N attribute
n Syntax used to perform type check and pattern match
N attribute is allowed to have multiple values
(1) What is the name of Attribute?
This is conceptually clear, but before you create a new attribute type, you should check if there is an Attribute that meets your requirements in the LDAP specification. You can find the Attribute list of the already defined Object Class from below: http://www.ldapman.org/schema-references.
Suppose you need Attribute does not exist, then you have to add it yourself. First, you should define a new name for the attribute you want to add, you need to pay attention to your Attribute's name to avoid the name conflict with Attribute, which is likely to be "official designation".
You can use your unit, the company and even the ID of your parking as your name of your Attribute. When defining schema, Gizmo's LDAP system administrators are likely to define such names as Attribute Names: "GizMoparkingPassNumber". We can see that this Attribute name can avoid conflicts with the official designated Attribute name conflict with the same day.
Please note that "gizmoparkingpassnumber" is very beautiful as Attribute, you should develop such habits: The first letter of Attribute must be lowercase, the first letter of other words must be capitalized, other letters must be lowercase, and yours Attribute name should be long enough, so you can know the significance of the data it stored according to your Attribute. Attribute's name consists of A-Z, 0-9, and other small letters, the first character of the name must be alphabet, space, underscore, and some special characters that are not allowed to appear in the name of Attribute.
(2) Description
It is a comment describing the use of Attribute.
(3) Object identifier (Object Identifier)
Object Identifiers (OID) are numbers referenced by the LDAP internal database. Attribute's name is to let you see me, but the computer doesn't like it, because the computer processing figures are the most efficient. If you are familiar with the concept of DNS, then you should be easy to understand. For example: www.sendmail.net This domain name is translated into an IP address after receiving the computer.
When the computer receives Attribute's name GIZMOPARKINGPASSNUMBER, convert this name into an OID, which will be converted to: 1.3.6.1.4.1.1234.
Do you need to register your own OID before you customize your own Object Class and Attribute? This depends on your directory server. Many directory servers allow you to specify a simple string as OID. If Gizmo has not registered, 1.3.6.1.4.1.1234 may have been assigned to "GizMoparkingPassNumber", but it is still unique and still can work properly.
You can not register your OID, but it is still a good idea. LDAP Attribute, syntax definition, and all Object Class and SNMP using OID and other unified identifiers that support ANSI's unified identity SCHEMA protocols are doing this.
It's easy to get your own OID, you can get rich $ 1,000 to Amerges (Note: This is the price of 2000. Now I don't know! ^ _ ^) Get your own OID, you can also Get your free OID: http://www.iana.org/ from authoritative institutions.
(4) Syntax (Syntax)
When you create Attribute, the following table lists the syntax you want to use.
code
Syntax name
Description
DN
DISTINGUISHED NAME
Allows any alphanumeric string. Pattern matching against fields of type DN are normalized for DN equivalency. For example, "uid = ratboy, ou = accounts, dc = ldapman, dc = com" is equivalent to "uid = Ratboy, ou = Accounts, DC = ldapman, DC = COM "
CIS
Case Ignore String
Allows any alphanumeric string. Information stored using cis is stored with the case preserved, but matches are performed with case ignored. This is the most commonly used syntax type because of its versatility.ces
Case Exact String
Allows Any AlphaST Attributes of Format Cis Are Case Sensitive. Used for Attributes Like Passwords, Where You Only Wish To Match Exact Strings.
int
Integer
Allows Only Integers to Be Stored In this Attribute.
Tel
Televhone Number
Like Cis, But When Searching Against Attributes of this Type, The Match Ignores Spaces and Dashes. This Allows "510-555-1212" To match "510 555 1212".
bin
binary
Used to store binary data in a standardized format.
Some LDAP directory allow you to add a customized syntax. How to do more than the scope of this article, I just remind you. When you create your own syntax, you can specify only the specified characters in Attribute, and you can specify matching rules.
If you want to store hexadecimal code in the directory, you don't care about the code in what format storage (some people may enter 00 A2 34 FF, others may enter 00A234FF, can also enter 00a2.34ff, you Want to match any format). In order to meet the needs, you need to define a new type of HEX syntax, only strings 0-9, A-Z and spaces are allowed. Matching will be case sensitive and delete all spaces to format. quickly! The task is completed.
About creating a custom syntax more detailed information, you can find it in the LDAP manual you use.
(5) Please take the liberty, are you single? (The author is a somewhat flavor!)
Some (not all) LDAP servers allow you to specify "Single" for Attribute, which is guaranteed to have only one value in your directory. We will give an example: an employee called Mike Jones, you can specify multiple values (Michael Jones, Mike Jones, but you want to store only one value when you store its mailbox.
Ok, Part 2 of this article will discuss Object Class and how to build your own Object Class using Attribute, Part 3 We will create a new Object Class using the knowledge learned from 1 and Part 2, and design your LDAP Schema of the catalog.
If you have a problem, please send me an email: donnerly@ldapman.org ..
August 3, 2000
Why, do you want to read the next 2? Haha, I also want! So, I sent a message to Mr. Michael Donnerly a few days ago, I hope to read the subsequent part, because I have checked the content Class of ObjectClass that day, Michael Donnelly replied quickly, saying that the follow-up is not completed, and it has been planned It is completed in the near future. It seems that we have to wait for a while. But some exaggerated? More than 3 years, haven't worked yet? However, we want to thank him to do, at least let us take the first step to LDAP! Bugs Bunny
2003-12-4 noon
