On Wed, Nov 03, 2010 at 01:19:26PM -0400, Ted Unangst wrote:
> Am I missing something, or is there no documentation for the schema
> files? man ldapd.conf tells me I can include additional schema files
> via the schema keyword, but nothing tells me what to put in those
> files.
Following diff attempts to documents the schema file syntax. Only
a brief synopsis of the attribute type and object class syntax is
given, the rest is referred to the RFC.
I couldn't get the long synopsis lines to display as I wanted, so
I'm hoping for some mdoc help :)
-martin
Index: ldapd.conf.5
===================================================================
RCS file: /cvs/src/usr.sbin/ldapd/ldapd.conf.5,v
retrieving revision 1.11
diff -u -p -u -r1.11 ldapd.conf.5
--- ldapd.conf.5 3 Nov 2010 11:21:11 -0000 1.11
+++ ldapd.conf.5 3 Nov 2010 19:47:39 -0000
@@ -132,6 +132,9 @@ Password for the root user.
Specified either in plain text, or in hashed format.
.It schema Ar filename
Add schema definitions from the specified file.
+For a description of the schema file syntax see
+.Sx SCHEMA
+below.
.El
.Sh NAMESPACES
A namespace is a subtree of the global X.500 DIT (Directory Information Tree),
@@ -250,16 +253,79 @@ Typically used to allow users to modify
Enable compression of entries and optionally specify compression level (0 - 9).
By default, no compression is used.
.El
+.Sh SCHEMA
+Schema files define the structure and format of entries in the directory tree.
+There are three types of definitions in a schema file:
+.Bl -tag -width Ds
+.It attributetype
+\*(lp
+.Ar oid
+.Op NAME name
+.Op DESC description
+.Op OBSOLETE
+.Op SUP oid
+.Op EQUALITY oid
+.Op ORDERING oid
+.Op SUBSTR oid
+.Op SYNTAX oid
+.Op SINGLE-VALUE
+.Op COLLECTIVE
+.Op NO-USER-MODIFICATION
+.Op USAGE Brq userApplications | directoryOperation | distributedOperation |
dSAOperation
+\*(rp
+.Pp
+An attribute type definition specifies the syntax of attribute values, whether
+it allows multiple values and how it can be compared in search requests.
+For a complete description of attribute type defitions, see section
+4.1.2 in RFC 4712.
+.It objectclass
+\*(lp
+.Ar oid
+.Op NAME name
+.Op DESC description
+.Op OBSOLETE
+.Op SUP oids
+.Op Brq ABSTRACT | STRUCTURAL | AUXILIARY
+.Op MUST oids
+.Op MAY oids
+\*(rp
+.Pp
+An object class definition specifies which attributes are required
+and which are allowed.
+For a complete description of object class definitions, see section
+4.1.1 in RFC 4712.
+.It objectidentifier Ar symbolic-name Ar OID
+Defines a symbolic name for the object identifier.
+A symbolic name can be used in place of a numeric OID in definitions
+of attribute types, object classes and other symbolic OIDs.
+A descendant OID can be defined in terms of another symbolic OID by appending
+a numeric OID after a colon, for example:
+.Bd -literal -offset indent
+objectidentifier MyOidRoot 1.2.3.4
+objectidentifier MyOidAttributes MyOidRoot:5.6
+objectidentifier MyOidObjects MyOidRoot:7
+.Ed
+.Pp
+This would define MyOidAttributes as a symbolic name for the OID
+1.2.3.4.5.6, and MyOidObjects for 1.2.3.4.7.
+.El
.Sh FILES
.Bl -tag -width "/etc/ldap/ldapd.confXXX" -compact
.It Pa /etc/ldapd.conf
Default
.Xr ldapd 8
configuration file.
+.It Pa /etc/ldap/*.schema
+Default schema definition files.
.El
.Sh SEE ALSO
.Xr ldapctl 8 ,
.Xr ldapd 8
+.Rs
+.%R RFC 4512
+.%T Lightweight Directory Access Protocol (LDAP): Directory Information Models
+.%D June 2006
+.Re
.Sh HISTORY
The
.Nm
