Novell Doc: LDAP Libraries for C - Modifying the Schema

3.7 Modifying the Schema

You can use LDIF files to add attribute and class definitions. eDirectory also allows you to modify existing schema definitions.

NOTE:Modifying existing definitions should be done with caution since you are changing an attribute or class that another application may be using.

You can modify the following features of existing class definitions:

Containment rules. You can add classes to or delete classes from the definition's containment rules.
Super class rules. You can add a new super class to an object class, but you cannot remove any defined super classes.
ASN.1 IDs. You can modify the ASN.1 ID assigned to the class.
Class flags. You can change a leaf class definition into a container class by turning on the container class flag. But once turned on, it cannot be removed.
Optional attributes. You can add new optional attributes to or delete optional attributes from the class definition. This is not the preferred method. If possible, create an auxiliary class and use the auxiliary class to add the attributes to the entries created from the class definition.

You can modify the following features of existing attributes:

On sized attributes, you can increase the upper boundary.
You can set the following attribute flags:
- X-NDS_NEVER_SYNC
- X-NDS_NOT_SCHED_SYNC_IMMEDIATE
- X-NDS_PUBLIC_READ
- X-NDS_SERVER_READ
You can clear the following attribute flags:
- SINGLE-VALUE
- X-NDS_LOWER_BOUND
- X-NDS_NEVER_SYNC
- X-NDS_NOT_SCHED_SYNC_IMMEDIATE
- X-NDS_PUBLIC_READ
- X-NDS_SERVER_READ

Adding an Attribute Definition. To add an attribute definition, you modify the subschemaSubentry object which always has a DN of cn=schema in NDS. You obtain this name by reading the root DSE.

The following example adds five attributes that could be used for a student class definition. In the example, each structural element in attributeTypes uses line folding (new line plus one space) so that the various elements are more visible. (The OIDs are only sample ASN.1 IDs and have not been registered.)

 version: 1
 
 dn: cn=schema
 changetype: modify
 add: attributeTypes
 attributeTypes: (
   1.20.300.400.500.4.1
   NAME 'advisor'
   DESC 'faculity advisor for the student'
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
   SINGLE-VALUE
   X-NDS_PUBLIC_READ '1'
   X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1')
 attributeTypes: (
   1.20.300.400.500.4.2
   NAME 'major'
   DESC 'students major accepted by the department'
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
   X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1')
 attributeTypes: (
   1.20.300.400.500.4.3
   NAME 'minor'
   DESC 'students minor accepted by the department'
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
   X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1')
 attributeTypes: (
   1.20.300.400.500.4.4
   NAME 'department'
   DESC 'department supervising the student'
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
   SINGLE-VALUE
   X-NDS_PUBLIC_READ '1'
   X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1'
 )
 attributeTypes: (
   1.20.300.400.500.4.5
   NAME 'studentID'
   DESC 'unique ID assigned to the student'
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.36
   SINGLE-VALUE)

The values 1.20.300.400.500.4.1 through 1.20.300.400.500.4.5 specify the OID or ASN1 ID of the attribute. For information on obtaining an OID and a naming prefix that guarantees uniqueness in the eDirectory schema, see Schema Extensions in eDirectory Schema Reference.

The NAME element specifies the name of the attribute.

The DESC element describes the attribute.

The SYNTAX element specifies the type of data the attribute can contain. For a list of supported OIDs, see Attribute Syntax Definitions in eDirectory Schema Reference.

The SINGLE-VALUE flag specifies that the attribute is single valued. When not specified, the attribute defaults to multi-valued. For a description of the possible LDAP and X-NDS flags, see Attribute Flags in LDAP and eDirectory.

Adding a Structural Class Definition. To add a class definition, you modify the schema object, dn: cn=schema. You obtain this name by reading the root DSE.

NOTE:eDirectory maintains referential integrity, so any new attributes must be added in the file before they are added to the class. The following example uses attributes that need to be added to the schema before the class definition.

In the following example, each structural element in objectClasses uses line folding (new line plus one space) so that the various elements are more visible.

 version: 1
 
 dn: cn=schema
 changetype: modify
 objectClasses: (
   1.20.300.400.500.6.1
   NAME 'student'
   SUP 'person'
   STRUCTURAL
   MUST (cn $ studentID $ givenName $ sn)
   MAY (advisor $ major $ minor $ department)
   X-NDS_NAMING ('cn')
   X-NDS_CONTAINMENT ('organization' 'organizationalUnit'
   'domain' )
   X-NDS_NOT_CONTAINER '1'
   X-NDS_NONREMOVABLE '1')

The 1.20.300.400.500.6.1 value specifies the OID or ASN1 ID of the class. For information on obtaining an OID and a naming prefix that guarantees uniqueness in the eDirectory schema, see Schema Extensions in eDirectory Schema Reference.

The NAME element specifies the name of the object class.

The SUP element specifies the super class of the object class.

The STRUCTURAL element specifies that the class is an effective class. ABSTRACT specifies a non-effective class, and AUXILIARY specifies an auxiliary class.

The MUST element specifies the mandatory attributes.

The MAY element specifies the optional attributes.

For a description of the possible X-NDS flags, see Object Class Flags in LDAP and eDirectory.

NOTE:This example shows how to add a structural class. Since student is a class that might apply to more than one type of user in the directory (inetOrgPerson or User), this class might be more useful as an auxiliary class. See the next example.

Adding an Auxiliary Class. The following example creates two new attributes, creates an auxiliary class with these new attributes, and then adds an inetOrgPerson entry with the auxiliary class as an object class of the entry and with values for the auxiliary class attributes.

 version: 1
 
 # Add an attribute to track a bear's hair. The attribute is
 # multi-valued, uses a case ignore string syntax, 
 # and has public read rights
 # Values may include: long hair, short, curly, straight, 
 # none, black, and brown
 # X-NDS_PUBLIC_READ ’1’ The 1 allows public read, 
 # 0 denies public read
 dn: cn=schema
 changetype: modify
 add: attributeTypes
 attributeTypes: ( 2.16.840.1.113719.1.186.4.10 NAME ’bearHair’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-NDS_PUBLIC_READ ’1’ )
 
 # add an attribute to store a bear's picture
 dn: cn=schema
 changetype: modify
 add: attributeTypes
 attributeTypes: ( 2.16.840.1.113719.1.186.4.11 NAME ’bearPicture’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE )
 
 # create an Auxiliary class for the bearfeatures
 dn: cn=schema
 changetype: modify
 add: objectclasses
 objectclasses: (2.16.840.1.113719.1.186.6.101 NAME ’bearFeatures’ MAY (bearHair $ bearPicture) AUXILIARY)
 
 # now create a user named booboo
 dn: cn=booboo,o=jellystone
 changetype: add
 cn: booboo
 sn: bear
 givenName: booboo
 bearHair: Short
 bearHair: Brown
 bearHair: Curly
 bearPicture:< file:///c:/tmp/alien.jpg
 objectClass: top
 objectClass: person
 objectClass: inetOrgPerson
 objectClass: bearFeatures