LDAP in the Solaris Operating Environment[c] Deploying Secure Directory Services

The Sun One Directory Server 5.2 software maintains schema definitions in LDIF. These definitions reside in several files located in /var/mps/serverroot/slapd- instance/ config/schema by default. These files are read when the directory server is initialized . Adding your own schema definitions is usually done by creating an LDIF representation and either importing it under cn=schema or appending it to the 99user.ldif file located in the directory previously mentioned.

In most cases, scripts like idsconfig will automatically update the schema for you. However, if you want to create your own definitions, you must update the directory server somehow. This can be done either by importing LDIF or through the Directory Console.

To create your own attributes and object classes using the Directory Console, go to the Configuration tab and click on Schema. FIGURE 7-6 shows the Schema display.

Figure 7-6. Directory Server Console Schema Display

This screen is also useful for browsing the schema definitions already established on your directory server. If you encounter object class violations while configuring your directory server, check the error log for details, and use the Directory Console to determine which attributes are required and which ones are allowed. You can also view the matching rules that apply.

To create your own schema definitions, start by clicking on the Attribute tab, then the Create button. You must always create the attributes that your object class will use first. Once all you attributes are defined, you can create a new object class and include the attributes in your new object class.

Once the new definitions are completed, the 99user.ldif file is automatically updated. You can extract the LDIF representation created, and import it into other servers.

Example of Script to Update the Schema

#!/bin/sh ( cat <<EOF dn: cn=schema changetype: modify add: attributetypes attributeTypes: ( sunaccessSmradip-oid NAME 'sunaccessSmradip' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) attributeTypes: ( sunaccessSmradonlinestatus-oid NAME 'sunacce ssSmradonlinestatus' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-O RIGIN 'user defined' ) EOF ) > attr.ldif # ldapmodify -D "cn=directory manager" -w mysecret -f attr.ldif

Note

The text following the directive attributeTypes: is shown wrapped.

Категории