51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark ! CCPL HEADER START
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark ! This work is licensed under the Creative Commons
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark ! Attribution-NonCommercial-NoDerivs 3.0 Unported License.
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark ! To view a copy of this license, visit
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark ! or send a letter to Creative Commons, 444 Castro Street,
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark ! Suite 900, Mountain View, California, 94041, USA.
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark ! You can also obtain a copy of the license at
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark ! See the License for the specific language governing permissions
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark ! and limitations under the License.
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark ! If applicable, add the following below this CCPL HEADER, with the fields
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark ! enclosed by brackets "[]" replaced with your own identifying information:
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark ! Portions Copyright [yyyy] [name of copyright owner]
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark ! CCPL HEADER END
08248b5c5b494aff8d1922e8e0b5777796d7450dmark ! Copyright 2011-2014 ForgeRock AS
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark xmlns='http://docbook.org/ns/docbook' version='5.0' xml:lang='en'
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>Schema definitions describe the data, and especially the object classes
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark and attribute types that can be stored in the directory. By default OpenDJ
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark conforms strictly to LDAPv3 standards pertaining to schema definitions and
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark attribute syntax checking, ensuring that data stored is valid and properly
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark formed. Unless your data use only standard schema present in OpenDJ when
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark you install, then you must add additional schema definitions to account
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark the data your applications stored.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>Out of the box, OpenDJ comes with many standard schema definitions.
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark In addition you can update and extend schema definitions while OpenDJ
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark is online. As a result you can add new applications requiring additional
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark data without stopping your directory service.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>This chapter demonstrates how to change and to extend OpenDJ schema.
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark This chapter also identifies the standard schema definitions available when
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark you install OpenDJ.</para>
8e09dca18a95fc3277e0b349306e75a5831a63d6mark xlink:href='http://tools.ietf.org/html/rfc4512'>RFC 4512</link>, defines
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark the kinds of information you find in the directory, and can define how
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark the information are related. This chapter focuses primarily on two types
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark of directory schema definitions.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <itemizedlist>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para><firstterm>Attribute type</firstterm> definitions describe attributes
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark of directory entries, such as <literal>givenName</literal> or
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>Here is an example of an attribute type definition.</para>
08248b5c5b494aff8d1922e8e0b5777796d7450dmark# Attribute type definition
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmarkattributeTypes: ( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822Mailbox' )
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch
08248b5c5b494aff8d1922e8e0b5777796d7450dmark SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} X-ORIGIN 'RFC 4524' )
08248b5c5b494aff8d1922e8e0b5777796d7450dmark </programlisting>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>Attribute type definitions start with an object identifier (OID),
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark and generally a short name or names that are easier to remember than the
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark OID. The attribute type definition can specify how attribute values
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark should be collated for sorting, and what syntax they use. The X-ORIGIN
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark is an extension to identify where the definition originated. When you
ad186a2f9fc7d81ff5d08a8542e0ef45eb74c1d4mark define your own schema, you likely want to provide an X-ORIGIN to help
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark you to track versions of definitions, and where the definitions came
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark from.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para><firstterm>Object class</firstterm> definitions identify the
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark attribute types that an entry must have, and may have. Examples of
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>Here is an example of an object class definition.</para>
08248b5c5b494aff8d1922e8e0b5777796d7450dmark# Object class definition
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmarkobjectClasses: ( 2.5.6.6 NAME 'person' SUP top STRUCTURAL MUST ( sn $ cn )
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark MAY ( userPassword $ telephoneNumber $ seeAlso $ description )
08248b5c5b494aff8d1922e8e0b5777796d7450dmark X-ORIGIN 'RFC 4519' )
08248b5c5b494aff8d1922e8e0b5777796d7450dmark </programlisting>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>Entries all have an attribute identifying their object classes,
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>Object class definitions start with an object identifier (OID), and
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark generally a short name that is easier to remember than the OID. The
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark definition here says that the person object class inherits from the top
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark object class, which is the top-level parent of all object classes. When
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark you view the objectclass attribute values on an entry, you see the list
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark of object classes that the entry takes. An entry can have one STRUCTURAL
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark object class inheritance branch, such as <literal>top</literal> -
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <literal>person</literal> - <literal>organizationalPerson</literal> -
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <literal>inetOrgPerson</literal>. Yet entries can have multiple
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark AUXILIARY object classes. The object class then defines the attribute
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark types that must be included, and the attribute types that may be included
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark on entries having the object class.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>An <firstterm>attribute syntax</firstterm> constrains what directory
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark clients can store as attribute values.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>An attribute syntax is identified in an attribute type definition by
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark its OID. String-based syntax OIDs are optionally followed by a number, set
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark between braces, that represents a minimum upper bound on the number of
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark characters in the attribute value. For example, in the attribute type
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark definition shown above, the syntax is
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <literal>1.3.6.1.4.1.1466.115.121.1.26{256}</literal>. The syntax is an
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark IA5 string (composed of characters from the international version of the
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark ASCII character set) that can contain at least 256 characters.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>You can find a table matching attribute syntax OIDs with their
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark human-readable names in RFC 4517, <link xlink:show="new"
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark xlink:href="http://tools.ietf.org/html/rfc4517#appendix-A">Appendix A.
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark Summary of Syntax Object Identifiers</link>. The RFC describes
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark attribute syntaxes in detail. Alternatively, you can see the attribute
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark syntaxes that OpenDJ supports by opening the OpenDJ Control Panel and
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark browsing to Schema > Manage Schema > Attribute Syntaxes. You can
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark also list them by using the <command>dsconfig</command> command.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>Although attribute syntaxes are often specified in attribute type
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark definitions, directory servers do not always check that attribute values
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark comply with attribute syntaxes. OpenDJ directory server does tend to
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark enforce compliance by default, in particular for certificates, country
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark strings, directory strings, JPEG photos, and telephone numbers. The aim
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark is to avoid accumulating garbage in your directory data.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>If you are trying unsuccessfully to import non-compliant data from a
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark more lenient directory server, you can either clean the data before
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark importing it, or if cleaning the data is not an option, read <xref
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>When creating your own attribute type definitions, use existing
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark attribute syntaxes where possible. If you must create your own attribute
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark syntax, then consider the extensions in
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <xref linkend="attr-syntax-schema-definition-extensions" />.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>Matching rules determine how the directory server compares attribute
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark values to assertion values for LDAP search and LDAP compare
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark operations.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>For example, suppose you search with the filter
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <literal>(uid=bjensen)</literal>. The assertion value in this case is
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>OpenDJ has the following schema definition for the user ID
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark attribute.</para>
08248b5c5b494aff8d1922e8e0b5777796d7450dmarkattributeTypes: ( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' )
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch
08248b5c5b494aff8d1922e8e0b5777796d7450dmark SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} X-ORIGIN 'RFC 4519' )
08248b5c5b494aff8d1922e8e0b5777796d7450dmark </programlisting>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>When finding an equality match for your search, OpenDJ uses the
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <literal>caseIgnoreMatch</literal> matching rule to check for user ID
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark attribute values that equal <literal>bjensen</literal> without regard
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark to case.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>You can see the matching rules that OpenDJ supports by opening the
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark OpenDJ Control Panel and browsing to Schema > Manage Schema >
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark Matching Rules. Notice that many matching rules support string collation
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark in languages other than English. You can also list matching rules by
08248b5c5b494aff8d1922e8e0b5777796d7450dmark <para>As you can read in examples like, <link xlink:show="new"
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark xlink:role="http://docbook.org/xlink/role/olink"><citetitle>Search: List
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark Active Accounts</citetitle></link>, OpenDJ matching rules enable
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark directory clients to do more interesting searches than simply comparing
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark strings. That example shows how to search for users who have
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark authenticated in the last three months.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </itemizedlist>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>OpenDJ exposes schema over protocol through the
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <literal>cn=schema</literal> entry. OpenDJ stores the schema definitions
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark corresponding to the entry in LDIF under the
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <filename>config/schema/</filename> directory. Many standard definitions
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark and definitions pertaining to the server configuration are included at
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark installation time.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </section>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <indexterm>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </indexterm>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>OpenDJ directory server is designed to permit updating the list of
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark directory schema definitions while the server is running. As a result you can
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark add support for new applications that require new attributes or new kinds
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark of entries without interrupting the directory service. OpenDJ also replicates
8e09dca18a95fc3277e0b349306e75a5831a63d6mark schema definitions, so the schema you add on one replica is propagated to
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark other replicas without you having to intervene manually.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>As it is easy to introduce typos into schema definitions, the
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark best way to start defining your own schema is with the OpenDJ Control
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark Panel. Open the Control Panel > Schema > Manage Schema window to
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark get started creating your custom object classes and attribute types.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <imageobject>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <imagedata fileref="images/Manage-Schema.png" format="PNG" />
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </imageobject>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </mediaobject>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>As object classes reference attribute types, you first create
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark custom attribute types, and then create the object class that references
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark the attribute types.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>Create a custom attribute type through the New Attribute window.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <imageobject>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <imagedata fileref="images/custom-attrtype.png" format="PNG" />
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </imageobject>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </mediaobject>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>Using the New Object Class window, create an auxiliary object class
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark that allows your new custom attribute type. You set the type to Auxiliary
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark under Extra Options.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <imageobject>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <imagedata fileref="images/custom-objclass.png" format="PNG" />
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </imageobject>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </mediaobject>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>When you finish, the schema changes show up by default in the file
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <filename>config/schema/99-user.ldif</filename>. Notice that the file name
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark starts with a number, 99. This number is larger than the numbers prefixing
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark other schema file names. In fact, OpenDJ reads the schema files in sorted
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark order, reading schema definitions as they occur. If OpenDJ reads a schema
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark definition for an object class before it has read the definitions of the
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark attribute types mentioned in the object class definition, then it displays
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark an error. Therefore, when naming your schema file, make sure the name appears
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark in the sorted list of file names <emphasis>after</emphasis> all the schema
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark files containing definitions that your schema definitions depends on. The
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark default file name for your schema, <filename>99-user.ldif</filename>, ensures
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark that your definitions load only after all of the schema files installed by
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark default.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>You can create this file in the lab using the Control Panel, and then
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark apply the definitions in production by adapting the content for use with the
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <command>ldapmodify</command> command, for example.</para>
08248b5c5b494aff8d1922e8e0b5777796d7450dmark<computeroutput>dn: cn=schema
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmarkobjectClass: top
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmarkobjectClass: ldapSubentry
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmarkobjectClass: subschema
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmarkattributeTypes: ( temporary-fake-attr-id NAME 'myCustomAttribute' EQUALITY case
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark IgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstrings
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE userApplications )
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmarkobjectClasses: ( temporary-fake-oc-id NAME 'myCustomObjClass
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark ' SUP top AUXILIARY MAY myCustomAttribute )
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmarkmodifiersName: cn=Directory Manager,cn=Root DNs,cn=config
08248b5c5b494aff8d1922e8e0b5777796d7450dmarkmodifyTimestamp: 20110620095948Z</computeroutput>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>To test your schema definition, add the object class and attribute
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark to an entry.</para>
08248b5c5b494aff8d1922e8e0b5777796d7450dmark<computeroutput>dn: uid=bjensen,ou=People,dc=example,dc=com
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmarkchangetype: modify
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmarkadd: objectClass
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmarkobjectClass: myCustomObjClass
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmarkadd: myCustomAttribute
08248b5c5b494aff8d1922e8e0b5777796d7450dmarkmyCustomAttribute: Testing 1, 2, 3...</computeroutput>
08248b5c5b494aff8d1922e8e0b5777796d7450dmark$ <userinput>ldapmodify \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --port 1389 \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --bindDN "cn=Directory Manager" \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --bindPassword password \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark<computeroutput>Processing MODIFY request for uid=bjensen,ou=People,dc=example,dc=com
08248b5c5b494aff8d1922e8e0b5777796d7450dmarkMODIFY operation successful for DN uid=bjensen,ou=People,dc=example,dc=com</computeroutput>
08248b5c5b494aff8d1922e8e0b5777796d7450dmark$ <userinput>ldapsearch \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --port 1389 \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --baseDN dc=example,dc=com \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark uid=bjensen \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark myCustomAttribute</userinput>
08248b5c5b494aff8d1922e8e0b5777796d7450dmark<computeroutput>dn: uid=bjensen,ou=People,dc=example,dc=com
08248b5c5b494aff8d1922e8e0b5777796d7450dmarkmyCustomAttribute: Testing 1, 2, 3...</computeroutput>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>In addition to supporting the standard schema definitions that are
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark described in <link xlink:href="http://tools.ietf.org/html/rfc4512#section-4.1"
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark >RFC 4512, section 4.1</link>, OpenDJ also supports the following extensions
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark that you can use when adding your own definitions.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <variablelist xml:id="general-schema-definition-extensions">
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <indexterm>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </indexterm>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <varlistentry>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>Used to specify the origin of a schema element. Examples include
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <literal>X-ORIGIN 'RFC 4519'</literal>, <literal>X-ORIGIN
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark 'draft-ietf-ldup-subentry'</literal>, and <literal>X-ORIGIN
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </varlistentry>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <varlistentry>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>Used to specify the relative path to the schema file containing the
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark schema element such as <literal>X-SCHEMA-FILE '00-core.ldif'</literal>.
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark Schema definitions are located by default in
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <filename>/path/to/opendj/config/schema/*.ldif</filename> files.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </varlistentry>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </variablelist>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <variablelist xml:id="attr-syntax-schema-definition-extensions">
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <title>Extensions for Attribute Syntax Descriptions</title>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <indexterm>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </indexterm>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <varlistentry>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>Used to define a syntax that is an enumeration of values. The
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark following attribute syntax description defines a syntax allowing four
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark possible attribute values for example.</para>
08248b5c5b494aff8d1922e8e0b5777796d7450dmarkldapSyntaxes: ( security-label-syntax-oid DESC 'Security Label'
08248b5c5b494aff8d1922e8e0b5777796d7450dmark X-ENUM ( 'top-secret' 'secret' 'confidential' 'unclassified' ) )
08248b5c5b494aff8d1922e8e0b5777796d7450dmark </programlisting>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </varlistentry>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <varlistentry>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>Used to define a syntax based on a regular expression pattern, where
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark valid regular expressions are those defined for <link xlink:show="new"
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark xlink:href="http://docs.oracle.com/javase/6/docs/api/java/util/regex/Pattern.html"
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark ><literal>java.util.regex.Pattern</literal></link>. The following attribute
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark syntax description defines a simple, lenient SIP phone URI syntax
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark check.</para>
08248b5c5b494aff8d1922e8e0b5777796d7450dmarkldapSyntaxes: ( simple-sip-uri-syntax-oid DESC 'Lenient SIP URI Syntax'
08248b5c5b494aff8d1922e8e0b5777796d7450dmark X-PATTERN '^sip:[a-zA-Z0-9.]+@[a-zA-Z0-9.]+(:[0-9]+)?$' )
08248b5c5b494aff8d1922e8e0b5777796d7450dmark </programlisting>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </varlistentry>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <varlistentry>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>Used as a fallback to substitute a defined syntax for one that
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark OpenDJ does not implement. The following example substitutes Directory
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark String syntax, which has OID 1.3.6.1.4.1.1466.115.121.1.15, for a syntax
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark that OpenDJ does not implement.</para>
08248b5c5b494aff8d1922e8e0b5777796d7450dmarkldapSyntaxes: ( non-implemented-syntax-oid DESC 'Not Implemented in OpenDJ'
08248b5c5b494aff8d1922e8e0b5777796d7450dmark X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' )
08248b5c5b494aff8d1922e8e0b5777796d7450dmark </programlisting>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </varlistentry>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </variablelist>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <variablelist xml:id="attr-type-schema-definition-extensions">
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <title>Extension for Attribute Type Descriptions</title>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <indexterm>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </indexterm>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <varlistentry>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para><literal>X-APPROX</literal> is used to specify the approximate
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark matching rule to use for a given attribute type when not using the default,
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark which is the <link xlink:href="http://aspell.net/metaphone/"
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark xlink:show="new">double metaphone approximate match</link>.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </varlistentry>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </variablelist>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </section>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <title>Relaxing Schema Checking to Import Legacy Data</title>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <indexterm>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </indexterm>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>By default, OpenDJ accepts data that follows the standards in terms of
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark what is allowed and what is rejected. You might have legacy data from a
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark directory service that is more lenient, allowing non-standard constructions
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark such as multiple structural object classes per entry, not checking attribute
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark value syntax, or even not respecting schema definitions.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>For example, when importing data with multiple structural object
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark classes defined per entry, you can relax schema checking to warn rather
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark than reject entries having this issue.</para>
08248b5c5b494aff8d1922e8e0b5777796d7450dmark$ <userinput>dsconfig \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark set-global-configuration-prop \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --port 4444 \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --bindDN "cn=Directory Manager" \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --bindPassword password \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --set single-structural-objectclass-behavior:warn \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --trustAll \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --no-prompt</userinput>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>You can allow attribute values that do not respect the defined syntax
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark with the <command>dsconfig</command> command as well.</para>
08248b5c5b494aff8d1922e8e0b5777796d7450dmark$ <userinput>dsconfig \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark set-global-configuration-prop \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --port 4444 \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --bindDN "cn=Directory Manager" \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --bindPassword password \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --set invalid-attribute-syntax-behavior:warn \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --trustAll \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --no-prompt</userinput>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>You can even turn off schema checking altogether, although turning
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark off schema checking only really makes sense when you are absolutely sure
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark that the entries and attribute values respect the schema definitions, and
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark you simply want to turn off schema checking temporarily to speed up import
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark processing.</para>
08248b5c5b494aff8d1922e8e0b5777796d7450dmark$ <userinput>dsconfig \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark set-global-configuration-prop \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --port 4444 \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --bindDN "cn=Directory Manager" \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --bindPassword password \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --set check-schema:false \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --trustAll \
08248b5c5b494aff8d1922e8e0b5777796d7450dmark --no-prompt</userinput>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </section>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <indexterm>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </indexterm>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>The following files under <filename>config/schema/</filename>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark contain schema definitions out of the box.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <variablelist>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <varlistentry>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <listitem>
ec40cc0dc62425cea5d63fd9d984f8614479de25mark This file contains a core set of
ec40cc0dc62425cea5d63fd9d984f8614479de25mark attribute type and object class definitions
ec40cc0dc62425cea5d63fd9d984f8614479de25mark from the following Internet-Drafts, RFCs, and standards:
ec40cc0dc62425cea5d63fd9d984f8614479de25mark <member xlink:show="new" xlink:href="https://tools.ietf.org/html/draft-ietf-boreham-numsubordinates">draft-ietf-boreham-numsubordinates</member>
ec40cc0dc62425cea5d63fd9d984f8614479de25mark <member xlink:show="new" xlink:href="https://tools.ietf.org/html/draft-findlay-ldap-groupofentries">draft-findlay-ldap-groupofentries</member>
ec40cc0dc62425cea5d63fd9d984f8614479de25mark <member xlink:show="new" xlink:href="https://tools.ietf.org/html/draft-furuseth-ldap-untypedobject">draft-furuseth-ldap-untypedobject</member>
ec40cc0dc62425cea5d63fd9d984f8614479de25mark <member xlink:show="new" xlink:href="https://tools.ietf.org/html/draft-good-ldap-changelog">draft-good-ldap-changelog</member>
ec40cc0dc62425cea5d63fd9d984f8614479de25mark <member xlink:show="new" xlink:href="https://tools.ietf.org/html/draft-ietf-ldup-subentry">draft-ietf-ldup-subentry</member>
ec40cc0dc62425cea5d63fd9d984f8614479de25mark <member xlink:show="new" xlink:href="https://tools.ietf.org/html/draft-wahl-ldap-adminaddr">draft-wahl-ldap-adminaddr</member>
ec40cc0dc62425cea5d63fd9d984f8614479de25mark <member xlink:show="new" xlink:href="https://tools.ietf.org/html/rfc1274">RFC 1274</member>
ec40cc0dc62425cea5d63fd9d984f8614479de25mark <member xlink:show="new" xlink:href="https://tools.ietf.org/html/rfc2079">RFC 2079</member>
ec40cc0dc62425cea5d63fd9d984f8614479de25mark <member xlink:show="new" xlink:href="https://tools.ietf.org/html/rfc2256">RFC 2256</member>
ec40cc0dc62425cea5d63fd9d984f8614479de25mark <member xlink:show="new" xlink:href="https://tools.ietf.org/html/rfc2798">RFC 2798</member>
ec40cc0dc62425cea5d63fd9d984f8614479de25mark <member xlink:show="new" xlink:href="https://tools.ietf.org/html/rfc3045">RFC 3045</member>
ec40cc0dc62425cea5d63fd9d984f8614479de25mark <member xlink:show="new" xlink:href="https://tools.ietf.org/html/rfc3296">RFC 3296</member>
ec40cc0dc62425cea5d63fd9d984f8614479de25mark <member xlink:show="new" xlink:href="https://tools.ietf.org/html/rfc3671">RFC 3671</member>
ec40cc0dc62425cea5d63fd9d984f8614479de25mark <member xlink:show="new" xlink:href="https://tools.ietf.org/html/rfc3672">RFC 3672</member>
ec40cc0dc62425cea5d63fd9d984f8614479de25mark <member xlink:show="new" xlink:href="https://tools.ietf.org/html/rfc4512">RFC 4512</member>
ec40cc0dc62425cea5d63fd9d984f8614479de25mark <member xlink:show="new" xlink:href="https://tools.ietf.org/html/rfc4519">RFC 4519</member>
ec40cc0dc62425cea5d63fd9d984f8614479de25mark <member xlink:show="new" xlink:href="https://tools.ietf.org/html/rfc4523">RFC 4523</member>
ec40cc0dc62425cea5d63fd9d984f8614479de25mark <member xlink:show="new" xlink:href="https://tools.ietf.org/html/rfc4524">RFC 4524</member>
ec40cc0dc62425cea5d63fd9d984f8614479de25mark <member xlink:show="new" xlink:href="https://tools.ietf.org/html/rfc4530">RFC 4530</member>
ec40cc0dc62425cea5d63fd9d984f8614479de25mark <member xlink:show="new" xlink:href="https://tools.ietf.org/html/rfc5020">RFC 5020</member>
ec40cc0dc62425cea5d63fd9d984f8614479de25mark <member xlink:show="new" xlink:href="https://www.itu.int/rec/T-REC-X.501">X.501</member>
ec40cc0dc62425cea5d63fd9d984f8614479de25mark </simplelist>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </varlistentry>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <varlistentry>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <listitem>
ec40cc0dc62425cea5d63fd9d984f8614479de25mark This file contains schema definitions from
ec40cc0dc62425cea5d63fd9d984f8614479de25mark xlink:href="https://tools.ietf.org/html/draft-behera-ldap-password-policy-09"
ec40cc0dc62425cea5d63fd9d984f8614479de25mark >draft-behera-ldap-password-policy</link> (Draft 09),
ec40cc0dc62425cea5d63fd9d984f8614479de25mark which defines a mechanism for storing password policy information
ec40cc0dc62425cea5d63fd9d984f8614479de25mark in an LDAP directory server.
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </varlistentry>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <varlistentry>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>This file contains the attribute type and objectclass definitions
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark for use with the directory server configuration.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </varlistentry>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <varlistentry>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <listitem>
ec40cc0dc62425cea5d63fd9d984f8614479de25mark This file contains schema definitions from
ec40cc0dc62425cea5d63fd9d984f8614479de25mark xlink:href="https://tools.ietf.org/html/draft-good-ldap-changelog"
ec40cc0dc62425cea5d63fd9d984f8614479de25mark >draft-good-ldap-changelog</link>, which defines a mechanism
ec40cc0dc62425cea5d63fd9d984f8614479de25mark for storing information about changes to directory server data.
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </varlistentry>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <varlistentry>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <listitem>
ec40cc0dc62425cea5d63fd9d984f8614479de25mark This file contains schema definitions from
ec40cc0dc62425cea5d63fd9d984f8614479de25mark >RFC 2713</link>, which defines a mechanism
ec40cc0dc62425cea5d63fd9d984f8614479de25mark for storing serialized Java objects in the directory server.
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </varlistentry>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <varlistentry>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <listitem>
ec40cc0dc62425cea5d63fd9d984f8614479de25mark This file contains schema definitions from
ec40cc0dc62425cea5d63fd9d984f8614479de25mark >RFC 2714</link>, which defines a mechanism
ec40cc0dc62425cea5d63fd9d984f8614479de25mark for storing CORBA objects in the directory server.
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </varlistentry>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <varlistentry>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <listitem>
ec40cc0dc62425cea5d63fd9d984f8614479de25mark This file contains schema definitions from
ec40cc0dc62425cea5d63fd9d984f8614479de25mark >RFC 2739</link>, which defines a mechanism
ec40cc0dc62425cea5d63fd9d984f8614479de25mark for storing calendar and vCard objects in the directory server.
ec40cc0dc62425cea5d63fd9d984f8614479de25mark Note that the definition in RFC 2739 contains a number of errors,
ec40cc0dc62425cea5d63fd9d984f8614479de25mark and this schema file has been altered from the standard definition
ec40cc0dc62425cea5d63fd9d984f8614479de25mark in order to fix a number of those problems.
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </varlistentry>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <varlistentry>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <listitem>
ec40cc0dc62425cea5d63fd9d984f8614479de25mark This file contains schema definitions from
ec40cc0dc62425cea5d63fd9d984f8614479de25mark >RFC 2926</link>, which defines a mechanism
ec40cc0dc62425cea5d63fd9d984f8614479de25mark for mapping between Service Location Protocol (SLP) advertisements and LDAP.
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </varlistentry>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <varlistentry>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <listitem>
ec40cc0dc62425cea5d63fd9d984f8614479de25mark This file contains schema definitions from
ec40cc0dc62425cea5d63fd9d984f8614479de25mark >RFC 3112</link>, which defines the authentication password schema.
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </varlistentry>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <varlistentry>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <listitem>
ec40cc0dc62425cea5d63fd9d984f8614479de25mark This file contains schema definitions from
ec40cc0dc62425cea5d63fd9d984f8614479de25mark >RFC 3712</link>, which defines a mechanism
ec40cc0dc62425cea5d63fd9d984f8614479de25mark for storing printer information in the directory server.
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </varlistentry>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <varlistentry>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <listitem>
ec40cc0dc62425cea5d63fd9d984f8614479de25mark This file contains schema definitions from
ec40cc0dc62425cea5d63fd9d984f8614479de25mark >RFC 4403</link>, which defines a mechanism
ec40cc0dc62425cea5d63fd9d984f8614479de25mark for storing UDDIv3 information in the directory server.
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </varlistentry>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <varlistentry>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <listitem>
ec40cc0dc62425cea5d63fd9d984f8614479de25mark This file contains schema definitions from
ec40cc0dc62425cea5d63fd9d984f8614479de25mark xlink:href="https://tools.ietf.org/html/draft-howard-rfc2307bis"
ec40cc0dc62425cea5d63fd9d984f8614479de25mark >draft-howard-rfc2307bis</link>, which defines a mechanism
ec40cc0dc62425cea5d63fd9d984f8614479de25mark for storing naming service information in the directory server.
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </varlistentry>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <varlistentry>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <listitem>
ec40cc0dc62425cea5d63fd9d984f8614479de25mark This file contains schema definitions from
ec40cc0dc62425cea5d63fd9d984f8614479de25mark >RFC 4876</link>, which defines a schema
ec40cc0dc62425cea5d63fd9d984f8614479de25mark for storing Directory User Agent (DUA) profiles and preferences
ec40cc0dc62425cea5d63fd9d984f8614479de25mark in the directory server.
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </varlistentry>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <varlistentry>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>This file contains schema definitions required when storing Samba
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark user accounts in the directory server.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </varlistentry>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <varlistentry>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>This file contains schema definitions required for Solaris and
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark OpenSolaris LDAP naming services.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </varlistentry>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <varlistentry>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark <para>This file contains the attribute type and objectclass definitions
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark for use with the directory server configuration.</para>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </listitem>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </varlistentry>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </variablelist>
51607ea01068c9047391e4c8b46bc9dbd0edb7fdmark </section>