Solaris 8 with OpenLDAP: Schema

Schema

The LDAP schema is simply a definition of what type of data can be contained within an entry. The data inside of an entry is called a key/value pair. In terms of LDAP, the key/value pair is refered to as an attribute. An attribute looks something like this:

uid: edk

Here, the key is username, and the value is edk. This is refered to as the username attribute.

objectClasses are definitions of what attributes an entry can contain.

READ THIS CAREFULLY: An objectClass defines which attributes an entry MUST have, as well as which attributes an entry MAY have.

For our objectClass example, we'll use the posixAccount objectClass. The posixAccount objectClass is defined as follows:

MUST CONTAIN:

    cn uid uidNumber gidNumber homeDirectory
MAY CONTAIN:
    userPassword loginShell gecos description
This means that if an entry has an objectClass of "posixAccount", it will always contain the uid, uidNumber, gidNumber, and homeDirectory attributes. It is also allowed to contain the userPassword, loginShell, gecos, and description attributes.

It is worth noting the terminology differences between standard UNIX and LDAP at this point. The posixAccount objectclass refers to the uid as the username. The uidNumber is the numeric uid.

If you were to look at your /etc/passwd file, the columns would be:

uid:userPassword:uidNumber:gidNumber:gecos:homeDirectory:loginShell
Previous: Security | Next: Replication