go to  ForumEasy.com   
LdapPro
Home » Archive » Message


[Email To Friend][View in Live Context][prev topic « prev post | next post » next topic]
  Schema Checking: A valid example
 
Subject: Schema Checking: A valid example
Author: eLDAP
In response to: Schema Checking: The validity of an LDAP Entry
Posted on: 08/09/2006 09:37:30 PM


The following entry is a valid one.

dn: uid=Babs_Jensen,ou=people,dc=mydomain,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgperson
cn: Babs Jensen
sn: Jensen
givenname: Barbara
mail: bjensen@example.com



 

> On 08/09/2006 09:36:18 PM eLDAP wrote:

When an entry is added or modified through an LDAP operation, the entry is checked against the schema for the following conditions:

Object Class
  • Must have at least one value of attribute type "objectClass".
  • Must have at least one structural object class. (e.g. 'inetOrgPerson', 'organizationalPerson', 'person')
  • Can have any number of auxiliary object classes including zero.
  • Can have any number of abstract object classes, but only as a result of class inheritance. (e.g. 'top')
  • Must have exactly one immediate or base structural object class. (e.g. 'inetOrgPerson')
  • Cannot change its immediate structural object class

    Attribute Type
  • The set of attribute types of the entry MUST contain those listed in MUST lists of all of its object classes, including the implied inherited object classes.
  • The set of attribute types of the entry MUST be contained by those listed in MUST or MAY lists of all of its object classes, including the implied inherited object classes.

    Attribute Value
  • If the attribute type is SINGLE-VALUED and the entry has more than one value, the entry is invalid.
  • If the attribute value does not comply with the syntax of that attribute, the entry is invalid.

    RDN
  • RDN MUST made up with only attribute types that are valid for that entry.
  • The values of attribute types used in the RDN appear in the entry.


    It should be noted that RDN checking, theoretically, is not LDAP schema specs. The implementation of RDN enforcement is up to vendors. For example, IBM enforces RDN checking; SunOne and AD do not enforce it but RDN is automatically added as attribute while built up the entry into LDAP DIT




    References:

    		•  


     
    Powered by ForumEasy © 2002-2022, All Rights Reserved. | Privacy Policy | Terms of Use
     
    Get your own forum today. It's easy and free.