0

How does LDAP define which enties may be places where in the tree ?

I noticed that OpenLDAP prevents me from placing a 'bootableDevice' below an 'organizationalUnit', but 'inetOrgPerson'. Logically that makes sense, but how is this enforced in the LDAP schemas ?

Gene Vincent
  • 5,237
  • 9
  • 50
  • 86

2 Answers2

1

In my understanding, in openLDAP evey nod is considered as a container for every nod. You noticed that OpenLDAP prevents you from placing a bootableDevice below an organizationalUnit. In fact if you look at bootableDevice in the schema file, you will see that it's an AUXILIARY class 

objectClasses: ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice'
  DESC 'A device with boot parameters' SUP top AUXILIARY
  MAY ( bootFile $ bootParameter ) )

So you just can't instanciate an AUXILIARY class. You can instanciate a computer and add to it, an AUXILIARY class in order to beneficiate of bootableDevice attributs in computer objects.

Here is an example :

enter image description here

In other directories, like Active-Directory the tree is partly designed in the schema. Each class has a list of class that can contain it.

JP

JPBlanc
  • 70,406
  • 17
  • 130
  • 175
  • The list is called Containment. There be rules in them there trees. That is why AD trees start with dc=something, as a dc object can contain pretty much everything that an old NT style domain could contain. – geoffc Apr 08 '11 at 02:50
  • Strictly speaking "containment" is specific to MS AD and does not apply in this context. – Michael Ströder Jul 18 '18 at 16:20
0

@JPBlanc gave the right answer for solving the original technical problem.

But for the records here's the answer for the main question:

How does LDAP define which enties may be places where in the tree ?

The LDAPv3 specifications specifies DIT Structure Rules and Name Forms for defining tree structure and possible attributes for forming the RDN of an entry. However OpenLDAP up to release 2.4.x does not implement this.

Community
  • 1
  • 1
Michael Ströder
  • 1,248
  • 8
  • 12