About This Reference
This reference describes the default directory schema. Each schema definition has its own section, with links to related sections. Reference pages for the most commonly used elements may include additional descriptions and examples that are not present in the directory schema definitions.
This reference does not include directory configuration attributes and object classes, collation matching rules.
LDAP directory schema defines how data can be stored in the directory. When a directory server receives a request to update directory data, it can check the data changes against the directory schema, refusing any request that would result in a violation of the directory schema and directory data corruption.
Schema checking prevents errors such as the following:
-
Adding inappropriate attributes to an entry
-
Removing required attributes from an entry
-
Using an attribute value that has the wrong syntax
-
Adding the wrong type of subordinate object
LDAP directory schema consists of definitions for the following:
- Attribute types
-
Define attributes of directory entries, including their syntaxes and matching rules
- Directory Information Tree (DIT) content rules
-
Define the content of entries with a given structural object class
- DIT structure rules
-
Define the names entries may have, and how entries may be related to each other
- Matching rules
-
Define how values of attributes are matched and compared
- Matching rule uses
-
List attributes that can be used with an extensibleMatch search filter
- Name forms
-
Define naming relations for structural object classes
- Object classes
-
Define the types of objects that an entry represents, and the required and optional attributes for entries of those types
- Syntaxes
-
Define the encodings used in LDAP
For a technical description of LDAP directory schema, read Directory Schema in Lightweight Directory Access Protocol (LDAP): Directory Information Models (RFC 4512).
LDAP directory servers allow client applications to access directory schema while the server is running. This enables applications to validate their changes against the schema before sending an update request to the server. As a result, LDAP schema definitions are optimized for applications, not humans. The reader must resolve relationships between schema definitions, and must find most documentation elsewhere.