|
Oracle® Internet Directory Administrator's Guide,
10g Release 2 (10.1.2) B14082-02 |
|
 Previous |
 Next |
|
Oracle® Internet Directory Administrator's Guide,
10g Release 2 (10.1.2) B14082-02 |
|
|
Previous |
Next |
This chapter explains how to administer the Oracle Internet Directory object classes and attributes.
This chapter contains these topics:
A directory schema:
Contains rules about the kinds of objects you can store in the directory
Contains rules for how directory servers and clients treat information during operations such as a search
Helps to maintain the integrity and quality of the data stored in the directory
Reduces duplication of data
Provides a predictable way for directory-enabled applications to access and modify directory objects
The directory schema contains all information about how data is organized in the DIT—that is, metadata such as that for an object class, an attribute, a matching rule, and syntax. This information is stored in a special class of entry called a subentry. More specifically, Oracle Internet Directory, following LDAP Version 3 standards, stores this information in the subentry called subSchemaSubentry.
You can add new object classes and objects by modifying subSchemaSubentry. You cannot, however, add new matching rules and syntaxes beyond those already supported by Oracle Internet Directory.
This section contains these topics:
This section explains how to add and modify an object class. Oracle recommends that you understand the basic concepts of directory components before attempting to add to or modify the base schema in the directory.
When you add an entry, you associate it with one or more object classes. Each object class contains attributes that you want to associate with the new entry. For example, if you are creating an entry for an employee, you can associate it with the person object class. This object class contains many of the attributes that you want to associate with that employee entry, including, for example, name, address, and telephone number.
Each object class derives from a hierarchy of superclasses, and it inherits attributes from these superclasses. By default, all object classes inherit from the top object class. When you assign an object class to an entry, the entry inherits all of the attributes of both that object class as well as its superclasses.
The attributes that entries inherit from a super class may be either mandatory or optional. Values for optional attributes need not be present in the directory entry.
You can specify for any object class whether an attribute is mandatory or optional; however, the characteristic you specify is binding only for that object class. If you place the attribute in another object class, you can again specify whether the attribute is mandatory or optional for that object class. You can:
Add a new, non-standard object class and assign it existing attributes
Select from existing standard object classes
Modify an existing object class, assigning it a different set of attributes
Add and modify existing attributes
|
See Also:
|
Entries must be added in a top-down sequence—that is, when you add an entry, all of its parent entries must already exist in the directory. Similarly, when you add entries that reference object classes and attributes, those referenced object classes and attributes must already exist in the directory schema. In most cases this will not be a problem because the directory server is delivered with a full set of standard directory objects.
When you add or perform an operation on an entry, you do not need to specify the entire hierarchy of superclasses associated with that entry. You can specify only the leaf object classes. Oracle Internet Directory resolves the hierarchy for the leaf object classes and enforces the information model constraints. For example, the inetOrgPerson object class has top, person and organizationalPerson as its superclasses. When you create an entry for a person, you need to specify only inetOrgPerson as the object class. Oracle Internet Directory then enforces the schema constraints defined by the respective superclasses, namely, top, person, and organizationalPerson.
This section tells you what to keep in mind when adding, modifying, or deleting object classes.
|
Note: Oracle Internet Directory does not enforce these rules. They are provided here as guidelines. |
When you add object classes, keep the following in mind:
Every structural object class must have top as a superclass.
The name and the object identifier of an object class must be unique across all the schema components. The Object Identifier must begin with the unique identifier 2.16.840.1.113894 followed by either the Oracle-supplied prefix .9999 or a site-specific prefix.
Schema components referred to in the object class, such as superclasses, must already exist.
The superclass of an abstract object class must be abstract also.
It is possible to redefine mandatory attributes in a superclass into optional attributes in the new object class. Conversely, optional attributes in a superclass can be redefined into mandatory attributes in the new object class.
|
Note: Every schema object in the Oracle Internet Directory has certain limitations. For example, some objects cannot be changed. These limitations are explained as constraints and rules in this chapter. |
This section discusses the types of modifications you can make to an existing object class. You can perform modifications through Oracle Directory Manager and through the command-line tools.
You can make these changes to an object class:
Change a mandatory attribute into an optional attribute
Add optional attributes
Add additional superclasses
Convert abstract object classes into structural or auxiliary object classes unless the abstract object class is a superclass to another abstract object class
When you modify object classes, keep these guidelines in mind:
You cannot modify an object class that is part of the standard LDAP schema. You can, however, modify user-defined object classes.
If existing object classes do not have the attributes you need, you can create an auxiliary object class and associate the needed attributes with that object class.
You cannot add additional mandatory attributes to an existing object class.
You cannot remove attributes or superclasses from an existing object class.
You cannot convert structural object classes to other object class types.
You should not modify an object class if there are entries already associated with it.
There are also some limitations on deleting object classes:
You cannot delete object classes from the base schema.
You can delete object classes that are not in the base schema as long as they are not directly or indirectly referenced by other schema components. For example, there may be some directory entries referring to these object classes. Deleting these object classes renders these entries inaccessible.
This section tells you how to use Oracle Directory Manager to search for object classes, view their properties, add, modify, and delete them.
You can specify your search for an object class by:
Selecting an object class property, for example, a name or an object identifier
Entering a value for the property you selected
Selecting a search filter specifying the relationship between the object class property you selected and the value you entered, for example, Begins With or Exactly Matches
This section provides more details on how to enter an object class search.
To search for an object class:
In the navigator pane, expand Oracle Internet Directory Servers, then directory server instance.
Select Schema Management. The Schema Management tab pages appear in the right pane.
In the right pane, choose Find Object Classes. The Find: Object Classes dialog box appears.
On the search criteria bar, from the menu farthest to the left, select the property of the object class you want to search for. Options are listed and described in Table A-22.
|
Note: Not all attributes are used in every object class. Be sure that the attribute you specify actually corresponds to one in the object class for which you are looking. Otherwise, the search will fail. |
In the menu in the middle of the search criteria bar, select the filter you want to use for your search. Options are listed and described in Table A-23.
In the text box at the right end of the search criteria bar, type the value of the property of the object class you are searching for. For example, to search for all object classes with names that begin with the letters orcl, type those letters in the text box at the right end of the search criteria bar.
Below the Criteria field are five buttons described in the next table. Use these buttons to further refine your search.
Choose Search. The results of your search appear in the window at the lower portion of the Find:Object Class dialog box.
To view all object classes in the schema:
In the navigator pane, expand Oracle Internet Directory Servers, then directory server instance.
Select Schema Management.
In the right pane, select the Object Classes tab page.
To examine an individual object class and its attributes, in the Object Classes tab page, choose the object class. The properties of the selected object class appear in the Object Class dialog box.
To add object classes by using Oracle Directory Manager:
In the navigator pane, expand Oracle Internet Directory Servers, then directory server instance.
Select Schema Management.
In the right pane, select the Object Classes tab and, in the toolbar, choose Create. The New Object Class dialog box appears.
Alternatively, in the Object Classes tab page, select an object class that is similar to one you would like to create, and then choose Create Like. The New Object Class dialog box displays the attributes of the selected object class. You can create the new object class by using this one as a template.
In the New Object Class dialog box, enter the information in the fields. These are described in Table A-25.
Choose OK.
|
See Also:
|
In the navigator pane, expand Oracle Internet Directory Servers, then directory server instance.
Select Schema Management.
In the right pane, select the Object Classes tab and choose the object class you want to modify. The Object Class dialog box appears.
In the Object Class dialog box, modify or add the information in the fields. These are described in Table A-25.
Choose OK.
|
Note: You can add attributes to an auxiliary object class or a user-defined structural object class.See Also: Example: Adding a New Attribute to an Auxiliary or User-Defined Object Class for an example of adding attributes to an auxiliary object class |
|
Caution: Oracle recommends that you not delete object classes from the base schema. If you delete an object class that is referenced by any entries, those entries then become inaccessible.Should you decide to delete an object class from the base schema, be careful not to delete one that is in use or that you might want to use in the future. |
To delete an object class by using Oracle Directory Manager:
In the navigator pane, select Schema Management.
In the right pane, select the Object Classes tab page and select the object class you want to delete.
Choose Delete.
You can use command-line tools to add or modify existing object classes in the directory schema. The command-line tools enable you to use input files. Furthermore, the commands can be batched together in scripts.
To add or modify schema components, use ldapmodify.
In this example, an LDIF input file, new_object_class.ldi, contains data similar to this:
dn: cn=subschemasubentry changetype: modify add: objectclasses objectclasses: ( 2.16.840.1.113894.9999.12345 NAME 'myobjclass' SUP top STRUCTURAL MUST ( cn $ sn ) MAY ( telephonenumber $ givenname $ myattr ) )
Be sure to leave the mandatory space between the opening and closing parentheses and the object identifier.
To load the file, enter this command:
ldapmodify -h myhost -p 389 -f new_object_class.ldi
This example:
Adds the structural object class named myobjclass
Gives it an object identifier of 2.16.840.1.113894.9999.12345.
Specifies top as its superclass
Specifies cn and sn as mandatory attributes
Allows telephonenumber, givenname, and myattr as optional attributes
Note that all the attributes mentioned must exist prior to the execution of the command.
To create an abstract object class, follow the previous example, replacing the word STRUCTURAL with the word ABSTRACT.
To add a new attribute to either an auxiliary object class or a user-defined structural object class, use ldapmodify. This example deletes the old object class definition and adds the new definition in a compound modify operation. The change is committed by the directory server in one transaction. Existing data is not affected. The input file should be as follows:
dn: cn=subschemasubentry changetype: modify delete: objectclasses objectclasses: old value - add: objectclasses objectclasses: new value
For example, to add the attribute changes to the existing object class country, the input file would be:
dn: cn=subschemasubentry changetype: modify delete: objectclasses objectclasses: ( 2.16.840.1.113894.9999.12345 NAME 'country' SUP top STRUCTURAL MUST c MAY ( searchGuide $ description ) ) - add: objectclasses objectclasses: ( 2.16.840.1.113894.9999.12345 NAME 'country' SUP top STRUCTURAL MUST c MAY ( searchGuide $ description $ changes ) )
This section contains these topics:
Managing Attributes by Using Command-Line Tools
|
See Also:
|
You need to understand attributes from a conceptual standpoint before attempting operations involving attributes.
In most cases, the attributes available in the base schema will suit the needs of your organization. However, if you decide to use an attribute not in the base schema, you can add a new attribute or modify an existing one.
By default, attributes are multivalued. You can specify an attribute as single-valued by using either Oracle Directory Manager or command-line tools.
The rules for adding attributes are:
The name and the object identifier of an attribute must be unique across all the schema components.
Syntax and matching rules must agree.
Any super attributes must already exist.
The rules for deleting attributes are:
You can delete only user-defined attributes. Do not delete attributes from the base schema.
You can delete any attribute that is not referenced directly or indirectly by some other schema component.
If you delete an attribute that is referenced by any entry, that entry will no longer be available for directory operations.
|
See Also: "About LDAP Attribute Syntax" in Oracle Identity Management User Reference for information about using syntax to specify the size of the attribute value |
This section tells you how to use Oracle Directory Manager to search for, view, add, modify, delete, and index attributes.
To view attributes by using Oracle Directory Manager:
In the navigator pane, expand Oracle Internet Directory Servers, then directory server instance.
Select Schema Management.
In the right pane, select the Attributes tab page This tab page displays a table containing the attribute properties. The columns in this table are described in Table A-26.
|
See Also: "Viewing Attributes for a Specific Entry by Using Oracle Directory Manager" for instructions about how to view attributes for a specific entry |
To search for attributes by using Oracle Directory Manager:
In the navigator pane, expand Oracle Internet Directory Servers, then directory server instance.
Select Schema Management. The corresponding tab pages appear in the right pane.
Select the Attributes tab page.
Choose the Find Attributes button in the lower right corner. The Find Attributes dialog box appears
In the menu at the left end of the search criteria bar, select the property of the attributes for which you want to search. Options are described in Table A-26.
In the menu in the middle of the search criteria bar, select the filter you want to use for your search. Options are described in Table A-27.
In the text box at the right end of the search criteria bar, type part or all of the value of the attribute for which you want to search. For example, to search for all attributes whose names begin with the letters orcl, you would type those letters in the text box at the right end of the search criteria bar and create the phrase Name Begins With orcl.
To further refine your search, use the buttons in the Search Criteria box to enhance the search criteria bar. These are described in Table A-28.
Choose Search. The results of your search appear in the window at the lower portion of the Find Attributes dialog box.
You can add a completely new attribute, or copy from an existing one.
|
Tip: Because equality, syntax, and matching rules are numerous and complex, it may be simpler to copy these characteristics from a similar existing attribute. See "Creating a New Attribute from an Existing One by Using Oracle Directory Manager". |
To add a new attribute:
In the navigator pane, expand Oracle Internet Directory Servers, then directory server instance.
Select Schema Management.
In the right pane, select the Attributes tab, then choose the Create button in the toolbar. The New Attribute Type dialog box appears. It contains two tab pages—General and Advanced—with fields in which you either enter values or select from menus.
In the General tab, enter values in each of the fields. These are described in Table A-29.
Select the Advanced tab, and enter values in each of the fields. These are described in Table A-30.
Choose OK.
|
Note: To use this attribute, remember to declare it to be part of the attribute set for an object class. You do this by selecting Schema Management in the navigator pane, then, in the right pane, selecting the Object Classes tab page. For further instructions, see "Guidelines for Modifying Object Classes". |
To add an attribute by copying an existing attribute:
In the navigator pane, expand Oracle Internet Directory Servers, then directory server instance.
Select Schema Management.
In the right pane, select the Attributes tab.
In the Attributes tab page, select the attribute you want to copy.
Choose Create Like. The New Attribute Type dialog box for that attribute appears. This dialog box contains two tab pages—General and Advanced.
Select the General tab and enter values in each of the fields. These are described in Table A-29. You must always change the DN to that of the new attribute.
Select the Advanced tab and enter values in each of the fields. These are described in Table A-30.
Choose OK.
|
Note: To use this attribute, remember to declare it to be part of the attribute set for an object class. You do this by selecting Schema Management in the navigator pane, then, in the right pane, selecting the Object Classes tab page. For further instructions, see "Guidelines for Modifying Object Classes". |
To modify an attribute by using Oracle Directory Manager:
In the navigator pane, expand Oracle Internet Directory Servers, then directory server instance.
Select Schema Management.
In the right pane, select the Attributes tab, then select an editable attribute in the list.
Choose Edit. The Attribute dialog box displays two tab pages—General and Advanced—with fields in which you enter values either by typing or selecting from menus.
Select the General tab and enter values in each of the fields. These are described in Table A-29.
Select the Advanced tab and enter values in each of the fields. These are described in Table A-30.
Choose OK.
|
Note: You can delete only user-defined attributes. Do not delete attributes from the base schema. |
To delete an attribute:
In the navigator pane, expand Oracle Internet Directory Servers, then directory server instance.
Select Schema Management.
In the right pane, select the Attributes tab, then select an editable attribute in the list.
Choose Delete.
Oracle Internet Directory uses indexes to make attributes available for searches. When Oracle Internet Directory is installed, certain attributes are already indexed. If you want to use additional attributes in search filters, you must index them.
|
Note: You can use Oracle Directory Manager to index an attribute only at the time when you create it. You cannot use Oracle Directory Manager to index an already existing attribute. To index an already existing attribute, use the Catalog Management tool as described in "Indexing an Attribute by Using Command-Line Tools".You can index only those attributes that have:
|
In the navigator pane, expand Oracle Internet Directory Servers, then directory server instance.
Select Schema Management.
In the right pane, select the Attributes tab page. This tab page displays all of the attributes in the schema. A selected check box in the Indexed column indicates an indexed attribute.
To add an index to an attribute:
Create an attribute as described in "Adding an Attribute by Using Oracle Directory Manager".
In the New Attribute Type dialog box, on the Advanced tab page, select the Indexed check box.
To drop an index from an attribute:
In the navigator pane, expand Oracle Internet Directory Servers, then directory server instance.
Select Schema Management.
In the right pane, select the Attributes tab.
Select the indexed attribute. Note that this must be an attribute that is editable as indicated by the icon to the left of the attribute name.
Choose Drop Index.
This section discusses adding, modifying, and indexing attributes by using command-line tools.
To add a new attribute to the schema by using ldapmodify, type a command similar to the following at the system prompt:
ldapmodify -h host -p port -f ldif_file_name
The LDIF file contains data similar to this:
dn: cn=subschemasubentry
changetype: modify
add: attributetypes
attributetypes: ( 1.2.3.4.5 NAME 'myattr' SYNTAX
'1.3.6.1.4.1.1466.115.121.1.38' )
To specify an attribute as single-valued, include in the attribute definition entry in the LDIF file the keyword SINGLE-VALUE with surrounding white space.
You can find a given syntax Object ID by using either Oracle Directory Manager or the ldapsearch command line tool.
|
See Also:
|
|
Note: You can delete only user-defined attributes. Do not delete attributes from the base schema. |
To delete an attribute by using ldapmodify, type a command similar to the following at the system prompt:
ldapmodify -h host -p port -f ldif_file_name
The LDIF file contains data similar to this:
dn: cn=subschemasubentry
changetype: modify
delete: attributetypes
attributetypes: ( 1.2.3.4.5 NAME 'myattr' SYNTAX
'1.3.6.1.4.1.1466.115.121.1.38' )
You can find a given syntax Object ID by using either Oracle Directory Manager or the ldapsearch command line tool.
|
See Also:
|
Oracle Internet Directory uses indexes to make attributes available for searches. When Oracle Internet Directory is installed, the entry cn=catalogs lists available attributes that can be used in a search.
If you want to use additional attributes in search filters, you must add them to the catalog entry. You can index only those attributes that have:
An equality matching rule
Matching rules supported by Oracle Internet Directory as listed in "About LDAP Attribute Matching Rules" in Oracle Identity Management User Reference
No more than 128 characters in their names
You can index a new attribute—that is, one for which no data exists in the directory—by using ldapmodify. You can index an attribute for which data already exists in the directory by using the Catalog Management tool. You can drop an index from an attribute by using ldapmodify, but Oracle recommends that you use the Catalog Management tool.
Once you have defined a new attribute in the schema, you can add it to the catalog entry by using ldapmodify.
To add an attribute for which no directory data exists by using ldapmodify, import an LDIF file by using ldapmodify. For example, to add a new attribute foo that has already been defined in the schema, import the following LDIF file by using ldapmodify:
dn: cn=catalogs changetype: modify add: orclindexedattribute orclindexedattribute: foo
You should not use this method to index an attribute for which data exists in the directory. To index such an attribute, use the Catalog Management tool.
To drop an index from an attribute by using ldapmodify, specify delete in the LDIF file. For example:
dn: cn=catalogs changetype: modify delete: orclindexedattribute orclindexedattribute: foo
Use the Catalog Management tool to index an attribute for which data already exists and to drop an index from an attribute.
|
Note: Unless you are absolutely sure that the indexes were not created by the base schema that was installed with Oracle Internet Directory, be careful not to use the catalog.sh-delete option to remove indexes from attributes. Removing indexes from base schema attributes can adversely impact the operation of Oracle Internet Directory.
|
You can extend the number of attributes for entries. The method you use depends on whether the entries already exist.
For an existing entry, there are two ways to extend the attributes associated with it. One way is to add names of object classes to the list in the objectclass attribute for each entry. If your directory is relatively small, then this can be a desirable method because it enables searches for entries based on that attribute. However, if your directory is large, then entering the names of object classes to the objectclass attribute can be very painstaking. In this case, the second way, namely, using content rules, may be a more efficient way to extend the content of entries.
This section contains these topics:
Extending the Number of Attributes Prior to Creating Entries in the Directory
Extending the Number of Attributes for Existing Entries by Creating an Auxiliary Object Class
Extending the Number of Attributes for Existing Entries by Creating a Content Rule
At installation, Oracle Internet Directory provides standard LDAP object classes and several proprietary object classes. You cannot add mandatory attributes to the sets of attributes belonging to these predefined object classes. If a given object class does not contain all the attributes that you want for an entry, then you can do one of the following:
|
See Also:
|
You can create an auxiliary object class containing the additional attributes you want for your entry, and then associate that auxiliary object class with the entry. You associate the auxiliary object class with the entry by specifying it in the objectclass attribute for the entry.
|
See Also:
|
A content rule, following your specifications, determines the kind of content allowed in any entry that is associated with a particular structural object class. For example, you can specify that any entry associated with the person object class must have, in addition to the attributes in that object class, other attributes as well. The additional attributes can be those of an auxiliary object class, and they can be either mandatory or optional.
Whereas you must list auxiliary classes in the entry—which can be an administrative burden—you do not need to list content rules in the entry.
In addition to the structural object class to which it applies, a content rule can also indicate:
Auxiliary object classes allowed for entries governed by the rule
Mandatory attributes, in addition to those called for by the structural and auxiliary object classes, required for entries governed by the DIT content rule
Optional attributes permitted for entries governed by the DIT content rule, in addition to those called for by structural and auxiliary object classes,
Content rules are defined as values of the DITContentRule attribute in the subschema subentry (cn=subschemasubentry). They must conform to these rules:
The structural object class of the entry identifies the content rule applicable for the entry. If no content rule is present for a structural object class, then entries associated with that object class contain only the attributes permitted by the structural object class definition.
Because a content rule is associated with a structural object class, all entries of the same structural object class have the same content rule regardless of the their location in the DIT
The content of an entry must be consistent with the object classes listed in the objectClass attribute of that entry. More specifically:
Mandatory attributes of object classes listed in the objectClass attribute must always be present in the entry
Optional attributes of auxiliary object classes indicated by the content rule can also be present even if the objectClass attribute does not list these auxiliary object classes.
When validating an object for schema consistency, the directory server uses the content rule for the structural object class of the entry. It also uses all the other object classes listed in the entry.
If more than one content rule exists for an object class, then, when adding or modifying an entry, or when bulkloading data, the following rules apply.
An entry can have attributes from all the auxiliary object classes listed in the various content rules. Not specifying an object class in the content rule does not restrict a client from explicitly adding an auxiliary object class in directory entries.
An entry must contain values for all the mandatory attributes listed in:
The content rules
The object classes associated with the entry
The auxiliary object classes listed in the content rule applicable to the entry
Optionally, an entry can contain values for any or all the optional attributes listed in:
The content rule
The object classes listed in the entry
The auxiliary object classes listed in the content rule applicable for the entry
If any attribute is specified as mandatory, then it overrides any other definition that defines it as optional.
Because the auxiliary object classes listed in content rules are not listed in the objectclass attribute for an entry, you cannot list those object classes as filters when you search for entries. Instead, base your searches on the structural object class that you are interested in. If you need to base your search on an auxiliary object class, then add that auxiliary object class to the objectclass attribute in the user objects explicitly.
For example, a content rule for structural object class inetOrgPerson may specify an auxiliary object class orclUser. However, this does not mean that every inetOrgPerson entry in the directory contains orclUser as a value of the objectclass attribute. As a result, the search with the filter objectclass=orclUser fails. Instead of querying for an auxiliary object class contained in the content rule, you should query for structural object classes—for example, objectclass=inetOrgPerson.
To base a search on objectclass=orcluser, add orclUser as one of the values of objectclass attribute in each entry.
These considerations apply also to filters used in access control policies. If you are using a content rule to associate additional auxiliary object classes, then use only the structural object classes in the search filters.
This section tells you how to manage content rules by using Oracle Directory Manager and command-line tools.
This section tells you how to use Oracle Directory Manager to create and modify content rules.
Creating a Content Rule by Using Oracle Directory Manager
To create a content rule:
In the navigator pane, expand Oracle Internet Directory Servers, then directory server instance.
Select Schema Management.
In the right pane, select the Content Rules tab.
Choose Create. The New Content Rule dialog box appears.
In the New Content Rule dialog box, enter values in the appropriate fields. These fields are described in Table A-32.
Choose OK.
Modifying a Content Rule by Using Oracle Directory Manager
To modify a content rule:
In the navigator pane, expand Oracle Internet Directory Servers, then directory server instance.
Select Schema Management.
In the right pane, select the Content Rules tab.
Select the content rule you want to modify, then choose Edit. The Content Rule dialog box appears.
In the Content Rule dialog box, enter values in the appropriate fields. The fields for this dialog box are described in Table A-33
Choose OK.
The format of a content rule is:
DITContentRule ::= SEQUENCE {
oids ALPHA-NUMERIC-OID, structuralObjectClass OBJECT-CLASS, LABEL CONTENT-LABEL OPTIONAL, auxiliaries SET (1..MAX) OF OBJECT-CLASS OPTIONAL, mandatory SET (1..MAX) OF ATTRIBUTE OPTIONAL, optional SET (1..MAX) OF ATTRIBUTE OPTIONAL, precluded SET (1..MAX) OF ATTRIBUTE OPTIONAL }
Table 8-1 describes the parameters. Note that the attribute and object class names are case-insensitive.
Table 8-1 Content Rule Parameters
| Parameter | Description |
|---|---|
|
oids |
A unique object identifier (oids) for the content rule similar to the one for an object class or attribute definition. It must be a unique numeric value that begins with |
|
LABEL |
The content label of the content rule as applied in the directory |
|
structuralObjectClass |
The structural object class to which the content rule applies |
|
auxiliaries |
The auxiliary object classes allowed for an entry to which the content rule applies |
|
mandatory |
User attribute types contained in an entry to which the content rule applies. These are in addition to those mandatory attributes that the entry contains as a result of its association with its specified structural and auxiliary object classes. |
|
optional |
User attribute types that may be contained in an entry to which the content rule applies. These are in addition to those that the entry may contain as a result of its association with its specified structural and auxiliary object classes. |
During the process of defining a new content rule, the directory server validates the syntax and ensures that the attributes and object classes listed in the content rule have been defined in the directory.
Content rules can be specified for structural object classes only. The name of the object class is case-insensitive.
You can specify more than one content rule for each structural object class provided the content rules have different labels associated with them.
To modify an existing definition of a content rule, the client must first delete the existing definition and then add the new definition. Simple replacement of a content rule by using the replace command is not allowed.
To delete a content rule, the client needs to specify only the structural object class and the alphanumeric object identifier of the content rule. Optionally, the client can also specify the associated version of the content rule to be deleted.
This section contains these topics:
Viewing Matching Rules by Using ldapsearch
|
Note: Matching rules cannot be modified. |
In the navigator pane, expand Oracle Internet Directory Servers, then directory server instance.
Select Schema Management.
In the right pane, select the Matching Rules tab. The fields in this tab page are shown as column heads. They are described in Table A-31.
This section contains these topics:
Viewing Syntaxes by Using by Using ldapsearch
|
Note: Syntaxes cannot be modified. |
To view syntaxes by using Oracle Directory Manager:
In the navigator pane, expand Oracle Internet Directory Servers, then directory server instance.
Select Schema Management.
In the right pane, select the Syntaxes tab. The fields in this tab page are shown as column heads. They are:
Description—Name of the attribute syntax
Object ID—Unique identifier of this syntax
