Step In and get all the latest information on all IT certification exams!!!

What is LDAP schema: Similar types of object-classes and attributes are grouped together in a packaging unit, known as LDAP schema. In LDAP directories, schemas are added using the include statements in the slapd.conf (configuration file). An LDAP schema must contain at least one object class. An attribute added to one schema can also be used by an object class of another schema. A schema that represents individual people within organizations is known as a white pages schema.

What does LDAP schema store: The contents of the entries in a sub-tree are governed by a schema. The schema of a Directory Server defines a set of rules that govern the kinds of information that the server can hold. Directory schema is comprised of a number of different elements, including:

• Attribute Syntaxes: Provide information about the kind of information that can be stored in an attribute.
• Matching Rules: Provide information about how to make comparisons against attribute values.
• Matching Rule Uses: Indicate which attribute types may be used in conjunction with a particular matching rule.
• Attribute Types: Define an OID and a set of names that may be used to refer to a given attribute, and associates that attribute with a syntax and set of matching rules.
• Object Classes: Define named collections of attributes and classify them into sets of required and optional attributes.
• 
  Name Forms: Define rules for the set of attributes that should be included in the RDN for an entry.
• Content Rules: Define additional constraints about the object classes and attributes that may be used in conjunction with an entry.
• Structure Rule: Define rules that govern the kinds of subordinate entries that a given entry may have.

Attributes are the elements responsible for storing information in a directory, and the schema defines the rules for which attributes may be used in an entry, the kinds of values that those attributes may have, and how clients may interact with those values. Clients may learn about the schema elements that the server supports by retrieving an appropriate subschema subentry. The schema defines object classes. Each entry must have an objectClass attribute, containing named classes defined in the schema. The schema definition of the classes of an entry defines what kind of object the entry may represent – e.g. a person, organization or domain.

For example, an entry representing a person might belong to the classes “top” and “person”. Membership in the “person” class would require the entry to contain the “sn” and “cn” attributes, and allow the entry also to contain “userPassword”, “telephoneNumber”, and other attributes. Since entries may have multiple ObjectClasses values, each entry has a complex of optional and mandatory attribute sets formed from the union of the object classes it represents. ObjectClasses can be inherited, and a single entry can have multiple ObjectClasses values which define the available and required attributes of the entry itself.

Distributed Schema: OpenLDAP is distributed with a set of schema specifications that are defined in the specific files having the .schema extension. These specifications are known as Distributed Schema. Some of the common schema files are given below:

• core.schema: core.schema is used to define many common attributes and object classes.
• cosine.schema: cosine.schema defines attributes and object classes from the X.500 specifications.
• cobra.schema: This schema defines object classes and attributes for managing Common Object Broker Architecture (COBRA) object references across multiple computers.
• openldap.schema: openldap.schema is an experimental schema that is used to define some basic objects.
• inetOrgPerson.schema: This schema defines the inetOrgPerson object class, which is used to extending objects from core schema.
• misc.schema: This is an experimental schema that employ objects to manage mail lookups within the tree.
• nis.schema: nis.schema defines posixAccount. PosixAccount provides attributes for string authentication data within the user’s object. This schema is useful for NIS (Network Information Services).
• dyngroup.schema: This schema defines an experimental set of objects used with Netscape Enterprise Server.

Summary: The LDAP schema defines which attributes can be used in an LDAP server. The definitions of different types of attributes, instructions on how to store and sort the database, and textual descriptions of the attributes functions are stored in the schema.

>