Reputation: 5469
LDAP Schemas and Tree Structure
How does LDAP define which enties may be places where in the tree ?
I noticed that OpenLDAP prevents me from placing a 'bootableDevice' below an 'organizationalUnit', but 'inetOrgPerson'. Logically that makes sense, but how is this enforced in the LDAP schemas ?
Upvotes: 0
Views: 815
Answers (2)
Reputation: 1318
@JPBlanc gave the right answer for solving the original technical problem.
But for the records here's the answer for the main question:
How does LDAP define which enties may be places where in the tree ?
The LDAPv3 specifications specifies DIT Structure Rules and Name Forms for defining tree structure and possible attributes for forming the RDN of an entry. However OpenLDAP up to release 2.4.x does not implement this.
Upvotes: 0
Reputation: 72610
In my understanding, in openLDAP evey nod is considered as a container for every nod. You noticed that OpenLDAP prevents you from placing a bootableDevice below an organizationalUnit. In fact if you look at bootableDevice in the schema file, you will see that it's an AUXILIARY class
objectClasses: ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice'
DESC 'A device with boot parameters' SUP top AUXILIARY
MAY ( bootFile $ bootParameter ) )
So you just can't instanciate an AUXILIARY class. You can instanciate a computer and add to it, an AUXILIARY class in order to beneficiate of bootableDevice attributs in computer objects.
Here is an example :
In other directories, like Active-Directory the tree is partly designed in the schema. Each class has a list of class that can contain it.
JP
Upvotes: 1
Related Questions
- Establishing parent-child relations in LDAP
- LDAP set organization as root of the tree
- New to LDAP schema design
- Link people to organizational Units in a LDAP DIT tree
- Does OpenLDAP supports inheritance?
- Implementing an LDAP-type database
- ldap schema in development
- Extend openldap schema
- Extending a default schema in OpenLDAP
- Data Structure behind LDAP Database