HP-UX Directory Server Administrator Guide HP-UX Directory Server Version 8.1 (5900-3098, May 2013)
10 Managing the Directory Schema
HP-UX Directory Server comes with a standard schema that includes hundreds of object classes
and attributes. While the standard object classes and attributes should meet the requirements of
most deployments, it may be necessary to extend the schema for specific directory data. Extending
the schema is done by creating new (custom) object classes and attributes.
The HP-UX Directory Server schema reference is a reference for most the standard Directory Server
attributes and object classes, with information on allowed and required attributes, which object
classes take which attribute, and OID and value information. This is a good resource for identifying
useful schema elements for a directory and determining what custom schema needs to be created.
10.1 Overview of schema
The directory schema is a set of rules that defines how data can be stored in the directory. Directory
information is stored in discrete entries, and each entry is comprised of a set of attributes and their
values. The kind of identity being described in the entry is defined in the entry's object classes. An
object class specifies the kind of object the entry describes through the defined set of attributes for
the object class.
In LDAP, an object class defines the set of attributes that can be used to define an entry. The LDAP
standard provides object classes for many common types of entries, including people, groups,
locations, organizations and divisions, and equipment. The identity is described in a directory
entries with attributes and their values, pairs are called attribute-value assertions or AVAs. Any
piece of information in the directory is associated with a descriptive attribute. Other aspects of the
Directory Server configuration, including matching rules and LDAP controls, are also defined in
the schema. All these together are schema elements.
Every schema element is identified by a unique, dot-separated number. This is called the object
identifier (OID).
10.1.1 Default schema files
The schema for Directory Server is defined in several different schema files (LDIF files that define
schema elements). The Directory Server schema files are instance-specific and are located in the
/etc/opt/dirsrv/slapd-instance_name/schema directory. There is also a common
/etc/opt/dirsrv/schema directory; the files in this directory are used as templates for new
Directory Server instances. Putting custom schema in the /etc/opt/dirsrv/schema directory
means that it is automatically added to any new instances that you create.
The default schema files are listed and described in the HP-UX Directory Server schema reference,
which also describes the common standard attributes and object classes. The attributes used by
the Directory Server to perform operations and manage entries is described with other configuration
settings in the HP-UX Directory Server configuration, command, and file reference.
10.1.2 Object classes
In LDAP, an object class defines the set of attributes that can be used to define an entry. The LDAP
standard provides object classes for many common types of entries, such as people (person and
inetOrgPerson), groups (groupOfUniqueNames), locations (locality), organizations and
divisions (organization and organizationalUnit), and equipment (device).
In a schema file, an object class is identified by the objectclasses line, then followed by its
OID, name, a description, its direct superior object class (an object class that is required to be
used in conjunction with the object class and that shares its attributes with this object class), and
the list of required (MUST) and allowed (MAY) attributes.
This is shown in Example 20 “person object class schema entry”.
10.1 Overview of schema 427