<!doctype html public "-//W30//DTD W3 HTML 2.0//EN">
<HTML>
<!-- This file was generated using SDF 2.001 by
Ian Clatworthy (ianc@mincom.com). SDF is freely
available from http://www.mincom.com/mtr/sdf. -->
<HEAD>
<TITLE>OpenLDAP Software 2.4 Administrator's Guide: Schema Specification</TITLE>
</HEAD>
<BODY>
<DIV CLASS="header">
<A HREF="http://www.OpenLDAP.org/">
<P><IMG SRC="../images/LDAPlogo.gif" ALIGN="Left" BORDER=0></P>
</A>
<DIV CLASS="navigate">
<P ALIGN="Center"><A HREF="index.html">Contents</A> | <A HREF="index.html">Parent Topic</A> | <A HREF="overlays.html">Previous Topic</A> | <A HREF="security.html">Next Topic</A> <BR><A HREF="http://www.openldap.org/">Home</A> | <A HREF="../index.html">Catalog</A></P>
</DIV>
<BR CLEAR="Left">
</DIV>
<DIV CLASS="main">
<H1>13. Schema Specification</H1>
<P>This chapter describes how to extend the user schema used by <EM>slapd</EM>(8). The chapter assumes the reader is familiar with the <TERM>LDAP</TERM>/<TERM>X.500</TERM> information model.</P>
<P>The first section, <A HREF="schema.html#Distributed Schema Files">Distributed Schema Files</A> details optional schema definitions provided in the distribution and where to obtain other definitions. The second section, <A HREF="schema.html#Extending Schema">Extending Schema</A>, details how to define new schema items.</P>
<P>This chapter does not discuss how to extend system schema used by <EM>slapd</EM>(8) as this requires source code modification. System schema includes all operational attribute types or any object class which allows or requires an operational attribute (directly or indirectly).</P>
<HR>
<H2><A NAME="Distributed Schema Files">13.1. Distributed Schema Files</A></H2>
<P>OpenLDAP Software is distributed with a set of schema specifications for your use. Each set is defined in a file suitable for inclusion (using the <TT>include</TT> directive) in your <EM>slapd.conf</EM>(5) file. These schema files are normally installed in the <TT>/usr/local/etc/openldap/schema</TT> directory.</P>
<TABLE CLASS="columns" BORDER ALIGN='Center'>
<CAPTION ALIGN=top>Table 8.1: Provided Schema Specifications</CAPTION>
<TR CLASS="heading">
<TD ALIGN='Left'>
<STRONG>File</STRONG>
</TD>
<TD ALIGN='Right'>
<STRONG>Description</STRONG>
</TD>
</TR>
<TR>
<TD ALIGN='Left'>
<TT>core.schema</TT>
</TD>
<TD ALIGN='Right'>
OpenLDAP <EM>core</EM> (required)
</TD>
</TR>
<TR>
<TD ALIGN='Left'>
<TT>cosine.schema</TT>
</TD>
<TD ALIGN='Right'>
Cosine and Internet X.500 (useful)
</TD>
</TR>
<TR>
<TD ALIGN='Left'>
<TT>inetorgperson.schema</TT>
</TD>
<TD ALIGN='Right'>
InetOrgPerson (useful)
</TD>
</TR>
<TR>
<TD ALIGN='Left'>
<TT>misc.schema</TT>
</TD>
<TD ALIGN='Right'>
Assorted (experimental)
</TD>
</TR>
<TR>
<TD ALIGN='Left'>
<TT>nis.schema</TT>
</TD>
<TD ALIGN='Right'>
Network Information Services (FYI)
</TD>
</TR>
<TR>
<TD ALIGN='Left'>
<TT>openldap.schema</TT>
</TD>
<TD ALIGN='Right'>
OpenLDAP Project (experimental)
</TD>
</TR>
</TABLE>
<P>To use any of these schema files, you only need to include the desired file in the global definitions portion of your <EM>slapd.conf</EM>(5) file. For example:</P>
<PRE>
# include schema
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
</PRE>
<P>Additional files may be available. Please consult the OpenLDAP <TERM>FAQ</TERM> (<A HREF="http://www.openldap.org/faq/">http://www.openldap.org/faq/</A>).</P>
<P><HR WIDTH="80%" ALIGN="Left">
<STRONG>Note: </STRONG>You should not modify any of the schema items defined in provided files.
<HR WIDTH="80%" ALIGN="Left"></P>
<HR>
<H2><A NAME="Extending Schema">13.2. Extending Schema</A></H2>
<P>Schema used by <EM>slapd</EM>(8) may be extended to support additional syntaxes, matching rules, attribute types, and object classes. This chapter details how to add user application attribute types and object classes using the syntaxes and matching rules already supported by slapd. slapd can also be extended to support additional syntaxes, matching rules and system schema, but this requires some programming and hence is not discussed here.</P>
<P>There are five steps to defining new schema:</P>
<OL>
<LI>obtain Object Identifier
<LI>choose a name prefix
<LI>create local schema file
<LI>define custom attribute types (if necessary)
<LI>define custom object classes</OL>
<H3><A NAME="Object Identifiers">13.2.1. Object Identifiers</A></H3>
<P>Each schema element is identified by a globally unique <TERM>Object Identifier</TERM> (OID). OIDs are also used to identify other objects. They are commonly found in protocols described by <TERM>ASN.1</TERM>. In particular, they are heavily used by the <TERM>Simple Network Management Protocol</TERM> (SNMP). As OIDs are hierarchical, your organization can obtain one OID and branch it as needed. For example, if your organization were assigned OID <TT>1.1</TT>, you could branch the tree as follows:</P>
<TABLE CLASS="columns" BORDER ALIGN='Center'>
<CAPTION ALIGN=top>Table 8.2: Example OID hierarchy</CAPTION>
<TR CLASS="heading">
<TD ALIGN='Left'>
<STRONG>OID</STRONG>
</TD>
<TD ALIGN='Right'>
<STRONG>Assignment</STRONG>
</TD>
</TR>
<TR>
<TD ALIGN='Left'>
<TT>1.1</TT>
</TD>
<TD ALIGN='Right'>
Organization's OID
</TD>
</TR>
<TR>
<TD ALIGN='Left'>
<TT>1.1.1</TT>
</TD>
<TD ALIGN='Right'>
SNMP Elements
</TD>
</TR>
<TR>
<TD ALIGN='Left'>
<TT>1.1.2</TT>
</TD>
<TD ALIGN='Right'>
LDAP Elements
</TD>
</TR>
<TR>
<TD ALIGN='Left'>
<TT>1.1.2.1</TT>
</TD>
<TD ALIGN='Right'>
AttributeTypes
</TD>
</TR>
<TR>
<TD ALIGN='Left'>
<TT>1.1.2.1.1</TT>
</TD>
<TD ALIGN='Right'>
x-my-Attribute
</TD>
</TR>
<TR>
<TD ALIGN='Left'>
<TT>1.1.2.2</TT>
</TD>
<TD ALIGN='Right'>
ObjectClasses
</TD>
</TR>
<TR>
<TD ALIGN='Left'>
<TT>1.1.2.2.1</TT>
</TD>
<TD ALIGN='Right'>
x-my-ObjectClass
</TD>
</TR>
</TABLE>
<P>You are, of course, free to design a hierarchy suitable to your organizational needs under your organization's OID. No matter what hierarchy you choose, you should maintain a registry of assignments you make. This can be a simple flat file or something more sophisticated such as the <EM>OpenLDAP OID Registry</EM> (<A HREF="http://www.openldap.org/faq/index.cgi?file=197">http://www.openldap.org/faq/index.cgi?file=197</A>).</P>
<P>For more information about Object Identifiers (and a listing service) see <A HREF="http://www.alvestrand.no/objectid/">http://www.alvestrand.no/objectid/</A>.</P>
<UL>
<EM>Under no circumstances should you hijack OID namespace!</EM></UL>
<P>To obtain a registered OID at <EM>no cost</EM>, apply for a OID under the <A HREF="http://www.iana.org/">Internet Assigned Numbers Authority</A> (ORG:IANA) maintained <EM>Private Enterprise</EM> arc. Any private enterprise (organization) may request a <TERM>Private Enterprise Number</TERM> (PEN) to be assigned under this arc. Just fill out the IANA form at <A HREF="http://pen.iana.org/pen/PenApplication.page">http://pen.iana.org/pen/PenApplication.page</A> and your official PEN will be sent to you usually within a few days. Your base OID will be something like <TT>1.3.6.1.4.1.X</TT> where <TT>X</TT> is an integer.</P>
<P><HR WIDTH="80%" ALIGN="Left">
<STRONG>Note: </STRONG>PENs obtained using this form may be used for any purpose including identifying LDAP schema elements.
<HR WIDTH="80%" ALIGN="Left"></P>
<P>Alternatively, OID name space may be available from a national authority (e.g., <A HREF="http://www.ansi.org/">ANSI</A>, <A HREF="http://www.bsi-global.com/">BSI</A>).</P>
<H3><A NAME="Naming Elements">13.2.2. Naming Elements</A></H3>
<P>In addition to assigning a unique object identifier to each schema element, you should provide at least one textual name for each element. Names should be registered with the <A HREF="http://www.iana.org/">IANA</A> or prefixed with "x-" to place in the "private use" name space.</P>
<P>The name should be both descriptive and not likely to clash with names of other schema elements. In particular, any name you choose should not clash with present or future Standard Track names (this is assured if you registered names or use names beginning with "x-").</P>
<P>It is noted that you can obtain your own registered name prefix so as to avoid having to register your names individually. See <A HREF="http://www.rfc-editor.org/rfc/rfc4520.txt">RFC4520</A> for details.</P>
<P>In the examples below, we have used a short prefix '<TT>x-my-</TT>'. Such a short prefix would only be suitable for a very large, global organization. In general, we recommend something like '<TT>x-de-Firm-</TT>' (German company) or '<TT>x-com-Example</TT>' (elements associated with organization associated with <TT>example.com</TT>).</P>
<H3><A NAME="Local schema file">13.2.3. Local schema file</A></H3>
<P>The <TT>objectclass</TT> and <TT>attributeTypes</TT> configuration file directives can be used to define schema rules on entries in the directory. It is customary to create a file to contain definitions of your custom schema items. We recommend you create a file <TT>local.schema</TT> in <TT>/usr/local/etc/openldap/schema/local.schema</TT> and then include this file in your <EM>slapd.conf</EM>(5) file immediately after other schema <TT>include</TT> directives.</P>
<PRE>
# include schema
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
# include local schema
include /usr/local/etc/openldap/schema/local.schema
</PRE>
<H3><A NAME="Attribute Type Specification">13.2.4. Attribute Type Specification</A></H3>
<P>The <EM>attributetype</EM> directive is used to define a new attribute type. The directive uses the same Attribute Type Description (as defined in <A HREF="http://www.rfc-editor.org/rfc/rfc4512.txt">RFC4512</A>) used by the attributeTypes attribute found in the subschema subentry, e.g.:</P>
<PRE>
attributetype <<A HREF="http://www.rfc-editor.org/rfc/rfc4512.txt">RFC4512</A> Attribute Type Description>
</PRE>
<P>where Attribute Type Description is defined by the following <TERM>ABNF</TERM>:</P>
<PRE>
AttributeTypeDescription = "(" whsp
numericoid whsp ; AttributeType identifier
[ "NAME" qdescrs ] ; name used in AttributeType
[ "DESC" qdstring ] ; description
[ "OBSOLETE" whsp ]
[ "SUP" woid ] ; derived from this other
; AttributeType
[ "EQUALITY" woid ; Matching Rule name
[ "ORDERING" woid ; Matching Rule name
[ "SUBSTR" woid ] ; Matching Rule name
[ "SYNTAX" whsp noidlen whsp ] ; Syntax OID
[ "SINGLE-VALUE" whsp ] ; default multi-valued
[ "COLLECTIVE" whsp ] ; default not collective
[ "NO-USER-MODIFICATION" whsp ]; default user modifiable
[ "USAGE" whsp AttributeUsage ]; default userApplications
whsp ")"
AttributeUsage =
"userApplications" /
"directoryOperation" /
"distributedOperation" / ; DSA-shared
"dSAOperation" ; DSA-specific, value depends on server
</PRE>
<P>where whsp is a space ('<TT> </TT>'), numericoid is a globally unique OID in dotted-decimal form (e.g. <TT>1.1.0</TT>), qdescrs is one or more names, woid is either the name or OID optionally followed by a length specifier (e.g <TT>{10</TT>}).</P>
<P>For example, the attribute types <TT>name</TT> and <TT>cn</TT> are defined in <TT>core.schema</TT> as:</P>
<PRE>
attributeType ( 2.5.4.41 NAME 'name'
DESC 'name(s) associated with the object'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
attributeType ( 2.5.4.3 NAME ( 'cn' 'commonName' )
DESC 'common name(s) associated with the object'
SUP name )
</PRE>
<P>Notice that each defines the attribute's OID, provides a short name, and a brief description. Each name is an alias for the OID. <EM>slapd</EM>(8) returns the first listed name when returning results.</P>
<P>The first attribute, <TT>name</TT>, holds values of <TT>directoryString</TT> (<TERM>UTF-8</TERM> encoded Unicode) syntax. The syntax is specified by OID (1.3.6.1.4.1.1466.115.121.1.15 identifies the directoryString syntax). A length recommendation of 32768 is specified. Servers should support values of this length, but may support longer values. The field does NOT specify a size constraint, so is ignored on servers (such as slapd) which don't impose such size limits. In addition, the equality and substring matching uses case ignore rules. Below are tables listing commonly used syntax and matching rules (<EM>slapd</EM>(8) supports these and many more).</P>
<TABLE CLASS="columns" BORDER ALIGN='Center'>
<CAPTION ALIGN=top>Table 8.3: Commonly Used Syntaxes</CAPTION>
<TR CLASS="heading">
<TD>
<STRONG>Name</STRONG>
</TD>
<TD>
<STRONG>OID</STRONG>
</TD>
<TD>
<STRONG>Description</STRONG>
</TD>
</TR>
<TR>
<TD>
<TT>boolean</TT>
</TD>
<TD>
<TT>1.3.6.1.4.1.1466.115.121.1.7</TT>
</TD>
<TD>
boolean value
</TD>
</TR>
<TR>
<TD>
<TT>directoryString</TT>
</TD>
<TD>
<TT>1.3.6.1.4.1.1466.115.121.1.15</TT>
</TD>
<TD>
Unicode (UTF-8) string
</TD>
</TR>
<TR>
<TD>
<TT>distinguishedName</TT>
</TD>
<TD>
<TT>1.3.6.1.4.1.1466.115.121.1.12</TT>
</TD>
<TD>
LDAP <TERM>DN</TERM>
</TD>
</TR>
<TR>
<TD>
<TT>integer</TT>
</TD>
<TD>
<TT>1.3.6.1.4.1.1466.115.121.1.27</TT>
</TD>
<TD>
integer
</TD>
</TR>
<TR>
<TD>
<TT>numericString</TT>
</TD>
<TD>
<TT>1.3.6.1.4.1.1466.115.121.1.36</TT>
</TD>
<TD>
numeric string
</TD>
</TR>
<TR>
<TD>
<TT>OID</TT>
</TD>
<TD>
<TT>1.3.6.1.4.1.1466.115.121.1.38</TT>
</TD>
<TD>
object identifier
</TD>
</TR>
<TR>
<TD>
<TT>octetString</TT>
</TD>
<TD>
<TT>1.3.6.1.4.1.1466.115.121.1.40</TT>
</TD>
<TD>
arbitrary octets
</TD>
</TR>
</TABLE>
<PRE>
</PRE>
<TABLE CLASS="columns" BORDER ALIGN='Center'>
<CAPTION ALIGN=top>Table 8.4: Commonly Used Matching Rules</CAPTION>
<TR CLASS="heading">
<TD>
<STRONG>Name</STRONG>
</TD>
<TD>
<STRONG>Type</STRONG>
</TD>
<TD>
<STRONG>Description</STRONG>
</TD>
</TR>
<TR>
<TD>
<TT>booleanMatch</TT>
</TD>
<TD>
equality
</TD>
<TD>
boolean
</TD>
</TR>
<TR>
<TD>
<TT>caseIgnoreMatch</TT>
</TD>
<TD>
equality
</TD>
<TD>
case insensitive, space insensitive
</TD>
</TR>
<TR>
<TD>
<TT>caseIgnoreOrderingMatch</TT>
</TD>
<TD>
ordering
</TD>
<TD>
case insensitive, space insensitive
</TD>
</TR>
<TR>
<TD>
<TT>caseIgnoreSubstringsMatch</TT>
</TD>
<TD>
substrings
</TD>
<TD>
case insensitive, space insensitive
</TD>
</TR>
<TR>
<TD>
<TT>caseExactMatch</TT>
</TD>
<TD>
equality
</TD>
<TD>
case sensitive, space insensitive
</TD>
</TR>
<TR>
<TD>
<TT>caseExactOrderingMatch</TT>
</TD>
<TD>
ordering
</TD>
<TD>
case sensitive, space insensitive
</TD>
</TR>
<TR>
<TD>
<TT>caseExactSubstringsMatch</TT>
</TD>
<TD>
substrings
</TD>
<TD>
case sensitive, space insensitive
</TD>
</TR>
<TR>
<TD>
<TT>distinguishedNameMatch</TT>
</TD>
<TD>
equality
</TD>
<TD>
distinguished name
</TD>
</TR>
<TR>
<TD>
<TT>integerMatch</TT>
</TD>
<TD>
equality
</TD>
<TD>
integer
</TD>
</TR>
<TR>
<TD>
<TT>integerOrderingMatch</TT>
</TD>
<TD>
ordering
</TD>
<TD>
integer
</TD>
</TR>
<TR>
<TD>
<TT>numericStringMatch</TT>
</TD>
<TD>
equality
</TD>
<TD>
numerical
</TD>
</TR>
<TR>
<TD>
<TT>numericStringOrderingMatch</TT>
</TD>
<TD>
ordering
</TD>
<TD>
numerical
</TD>
</TR>
<TR>
<TD>
<TT>numericStringSubstringsMatch</TT>
</TD>
<TD>
substrings
</TD>
<TD>
numerical
</TD>
</TR>
<TR>
<TD>
<TT>octetStringMatch</TT>
</TD>
<TD>
equality
</TD>
<TD>
octet string
</TD>
</TR>
<TR>
<TD>
<TT>octetStringOrderingMatch</TT>
</TD>
<TD>
ordering
</TD>
<TD>
octet string
</TD>
</TR>
<TR>
<TD>
<TT>octetStringSubstringsMatch ordering</TT>
</TD>
<TD>
octet st
</TD>
<TD>
ring
</TD>
</TR>
<TR>
<TD>
<TT>objectIdentiferMatch</TT>
</TD>
<TD>
equality
</TD>
<TD>
object identifier
</TD>
</TR>
</TABLE>
<P>The second attribute, <TT>cn</TT>, is a subtype of <TT>name</TT> hence it inherits the syntax, matching rules, and usage of <TT>name</TT>. <TT>commonName</TT> is an alternative name.</P>
<P>Neither attribute is restricted to a single value. Both are meant for usage by user applications. Neither is obsolete nor collective.</P>
<P>The following subsections provide a couple of examples.</P>
<H4><A NAME="x-my-UniqueName">13.2.4.1. x-my-UniqueName</A></H4>
<P>Many organizations maintain a single unique name for each user. Though one could use <TT>displayName</TT> (<A HREF="http://www.rfc-editor.org/rfc/rfc2798.txt">RFC2798</A>), this attribute is really meant to be controlled by the user, not the organization. We could just copy the definition of <TT>displayName</TT> from <TT>inetorgperson.schema</TT> and replace the OID, name, and description, e.g:</P>
<PRE>
attributetype ( 1.1.2.1.1 NAME 'x-my-UniqueName'
DESC 'unique name with my organization'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
</PRE>
<P>However, if we want this name to be used in <TT>name</TT> assertions, e.g. <TT>(name=*Jane*)</TT>, the attribute could alternatively be defined as a subtype of <TT>name</TT>, e.g.:</P>
<PRE>
attributetype ( 1.1.2.1.1 NAME 'x-my-UniqueName'
DESC 'unique name with my organization'
SUP name )
</PRE>
<H4><A NAME="x-my-Photo">13.2.4.2. x-my-Photo</A></H4>
<P>Many organizations maintain a photo of each each user. A <TT>x-my-Photo</TT> attribute type could be defined to hold a photo. Of course, one could use just use <TT>jpegPhoto</TT> (<A HREF="http://www.rfc-editor.org/rfc/rfc2798.txt">RFC2798</A>) (or a subtype) to hold the photo. However, you can only do this if the photo is in <EM>JPEG File Interchange Format</EM>. Alternatively, an attribute type which uses the <EM>Octet String</EM> syntax can be defined, e.g.:</P>
<PRE>
attributetype ( 1.1.2.1.2 NAME 'x-my-Photo'
DESC 'a photo (application defined format)'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
SINGLE-VALUE )
</PRE>
<P>In this case, the syntax doesn't specify the format of the photo. It's assumed (maybe incorrectly) that all applications accessing this attribute agree on the handling of values.</P>
<P>If you wanted to support multiple photo formats, you could define a separate attribute type for each format, prefix the photo with some typing information, or describe the value using <TERM>ASN.1</TERM> and use the <TT>;binary</TT> transfer option.</P>
<P>Another alternative is for the attribute to hold a <TERM>URI</TERM> pointing to the photo. You can model such an attribute after <TT>labeledURI</TT> (<A HREF="http://www.rfc-editor.org/rfc/rfc2079.txt">RFC2079</A>) or simply create a subtype, e.g.:</P>
<PRE>
attributetype ( 1.1.2.1.3 NAME 'x-my-PhotoURI'
DESC 'URI and optional label referring to a photo'
SUP labeledURI )
</PRE>
<H3><A NAME="Object Class Specification">13.2.5. Object Class Specification</A></H3>
<P>The <EM>objectclasses</EM> directive is used to define a new object class. The directive uses the same Object Class Description (as defined in <A HREF="http://www.rfc-editor.org/rfc/rfc4512.txt">RFC4512</A>) used by the objectClasses attribute found in the subschema subentry, e.g.:</P>
<PRE>
objectclass <<A HREF="http://www.rfc-editor.org/rfc/rfc4512.txt">RFC4512</A> Object Class Description>
</PRE>
<P>where Object Class Description is defined by the following <TERM>ABNF</TERM>:</P>
<PRE>
ObjectClassDescription = "(" whsp
numericoid whsp ; ObjectClass identifier
[ "NAME" qdescrs ]
[ "DESC" qdstring ]
[ "OBSOLETE" whsp ]
[ "SUP" oids ] ; Superior ObjectClasses
[ ( "ABSTRACT" / "STRUCTURAL" / "AUXILIARY" ) whsp ]
; default structural
[ "MUST" oids ] ; AttributeTypes
[ "MAY" oids ] ; AttributeTypes
whsp ")"
</PRE>
<P>where whsp is a space ('<TT> </TT>'), numericoid is a globally unique OID in dotted-decimal form (e.g. <TT>1.1.0</TT>), qdescrs is one or more names, and oids is one or more names and/or OIDs.</P>
<H4><A NAME="x-my-PhotoObject">13.2.5.1. x-my-PhotoObject</A></H4>
<P>To define an <EM>auxiliary</EM> object class which allows x-my-Photo to be added to any existing entry.</P>
<PRE>
objectclass ( 1.1.2.2.1 NAME 'x-my-PhotoObject'
DESC 'mixin x-my-Photo'
AUXILIARY
MAY x-my-Photo )
</PRE>
<H4><A NAME="x-my-Person">13.2.5.2. x-my-Person</A></H4>
<P>If your organization would like have a private <EM>structural</EM> object class to instantiate users, you can subclass one of the existing person classes, such as <TT>inetOrgPerson</TT> (<A HREF="http://www.rfc-editor.org/rfc/rfc2798.txt">RFC2798</A>), and add any additional attributes which you desire.</P>
<PRE>
objectclass ( 1.1.2.2.2 NAME 'x-my-Person'
DESC 'my person'
SUP inetOrgPerson
MUST ( x-my-UniqueName $ givenName )
MAY x-my-Photo )
</PRE>
<P>The object class inherits the required/allowed attribute types of <TT>inetOrgPerson</TT> but requires <TT>x-my-UniqueName</TT> and <TT>givenName</TT> and allows <TT>x-my-Photo</TT>.</P>
<H3><A NAME="OID Macros">13.2.6. OID Macros</A></H3>
<P>To ease the management and use of OIDs, <EM>slapd</EM>(8) supports <EM>Object Identifier</EM> macros. The <TT>objectIdentifier</TT> directive is used to equate a macro (name) with a OID. The OID may possibly be derived from a previously defined OID macro. The <EM>slapd.conf</EM>(5) syntax is:</P>
<PRE>
objectIdentifier <name> { <oid> | <name>[:<suffix>] }
</PRE>
<P>The following demonstrates definition of a set of OID macros and their use in defining schema elements:</P>
<PRE>
objectIdentifier myOID 1.1
objectIdentifier mySNMP myOID:1
objectIdentifier myLDAP myOID:2
objectIdentifier myAttributeType myLDAP:1
objectIdentifier myObjectClass myLDAP:2
attributetype ( myAttributeType:3 NAME 'x-my-PhotoURI'
DESC 'URI and optional label referring to a photo'
SUP labeledURI )
objectclass ( myObjectClass:1 NAME 'x-my-PhotoObject'
DESC 'mixin x-my-Photo'
AUXILIARY
MAY x-my-Photo )
</PRE>
<P></P>
</DIV>
<DIV CLASS="footer">
<HR>
<DIV CLASS="navigate">
<P ALIGN="Center"><A HREF="index.html">Contents</A> | <A HREF="index.html">Parent Topic</A> | <A HREF="overlays.html">Previous Topic</A> | <A HREF="security.html">Next Topic</A> <BR><A HREF="http://www.openldap.org/">Home</A> | <A HREF="../index.html">Catalog</A></P>
</DIV>
<P>
<FONT COLOR="#808080" FACE="Arial,Verdana,Helvetica" SIZE="1"><B>
________________<BR>
<SMALL>© Copyright 2011, <A HREF="http://www.OpenLDAP.org/foundation/">OpenLDAP Foundation</A>, <A HREF="mailto:info@OpenLDAP.org">info@OpenLDAP.org</A></SMALL></B></FONT>
</DIV>
</BODY>
</HTML>
