This is mainly written for Google.
I've been engaged in building a custom LDAP directory with OpenLDAP on a Linux system, and it's been pretty slow slogging. The net is full of resources for how to use LDAP for authentication, or to hook a mailserver into an existing directory, but very little for building entirely new systems from scratch. Schema design is going to be mostly self taught.
Though I could do what I want with MySQL, I really believe that a hierarchical, non-relational system is a better fit to my application, (particularly because of better distributed, partitionable replication) but I still have a long learning curve ahead of me.
I had one particular error when defining a schema, and Google did not help me, so I'll plant the resolution here for the next one down this road.
After creating a schema to define the object of interest, trying to start the server produced an error message:
user-defined ObjectClass has inappropriate SUPerior
I'm defining a network device to be monitored, and that includes a whole raft of attributes. Hostname, IP address, description, parameters to various types of monitoring, and so on. This also includes SNMP credentials to make these queries.
objectclass ( myObjectClass:1
NAME 'mySnmpCredentials'
DESC 'All the stuff needed to access SNMP'
AUXILIARY MAY ( mySnmpVersion $ mySnmpCommunity $ mySnmpUseTCP $ mySnmpAuthKey $ mySnmpEncrKey ) ) objectclass ( myObjectClass:2 NAME 'myDevice' DESC 'A monitored device' SUP ( top $ mySnmpCredentials ) STRUCTURAL
MUST ( cn $ myHostname )
MAY ( myEnabled
$ myDescription
$ myComments
$ myDnsIPAddress
$ myDnsAliases
$ myDnsTxtRecord
$ myBGPRouteCountType
$ myBGPRouteCountEnabled ) )
Though a myDevice object works fine when all the attributes are provided in a long list, attempting to abstract out the SNMP credentials (which are likely to be used elsewhere in this same form) produced the above error.
It turns out that using AUXILIARY for the mixin object is responsible for this: changing it to ABSTRACT fixed it right up.
It's not entirely clear to me what the difference is between STRUCTURAL and AUXILIARY object types, and it appears that some servers don't enforce a distinction.
Steve,
Structural classes are used to create instance of an object in LDAP directory.
Auxiliary classes are some kind of containers with attributes which can be used to extend structurall classes with additional attributes.
You can add many different aux classess to structurall class definition if You want to extend it with some attributes.
This is very simple and maybe not very accurate (technically) description but I think it shows the idea behind structural and aux classess.
Posted by: Tomek Onyszko | October 27, 2006 at 12:54 PM