• Find us:
    +1-669-900-5138   |   +44-203-372-5553
  • Free Newsletter

    Get Latest Updates

  • Make Training Enquiry


    Company

  • Categories

  • Archive

  • OID/Directory Services 11g – Schema, Object Class, Attributes

    Posted by "" in "oid" on 2010-09-28

    Share on FacebookTweet about this on TwitterShare on Google+Share on LinkedInPin on PinterestEmail this to someone

    This post covers overview of Schema, Object Class and Attributesin OID. Schema Extension (creating object class, adding attribute) is NOT a regular task for OID administrators but one should know basics and tool/steps to modify/extend OID Schema.

    Schema : contains rules about kinds of objects you can store in OID. As shown in figure above schema definition is stored in cn=subSchemaSubentry under Root DSE .  Use ldapadd or ODSMto add subSchemaSubentry entry (You cannot use bulkload to add subSchemaSubentry).

    Attribute : is item/property attached to an entity/entry in OID. firstname, lastname, address are example of attributes for entity/entry user. Attribute can be Application Attributes(example firstname, lastname, photo) or System Configuration Attribute(example createTimestamp, createdBy, modifiedBy). Attribute can hold single value or multiple value.

    Object Class : group of attribute that define structure of entry/entity is called Object Class (for example user, person, OrganizationalPerson are Object Class). ObjectClass contains mandatory and optional attribute (For example for object class Person, cn & sn attribute are mandatory attribute where as addressis optional attribute). You assign objectClass to an entity/entry. There are three type of Object Class

    a) Structural : Structural object classes describe the basic aspects of an object. example, people, person, printer ..

    b) Auxiliary
    : Auxiliary object classes are groupings of optional attributes that expand the existing list of attributes in an entry. Unlike structural object classes, they do not place restrictions on where an entry may be stored, and you can attach them to any entry regardless of that entry’s location in the DIT.

    c) Abstract : An abstract object class is a virtual object class. It is used only for convenience when specifying the highest levels of the object class hierarchy. It cannot be the only object class for an entry. For example, the object class topis an abstract object class. It is required as a superclass for all structural object classes, but it cannot be used alone.

    .
    How to Add/Modify/Delete Object Class ?

    You can use a) Oracle Directory Services Manager (More on ODSM here) or b) command line tool (ldapXXXX) to add/modify/delete Object Class.

    To Manage/Create Object Class using ODSM: Login to ODSM (http://host:7005/odsm) -> Schema -> Object Classes -> Add/Modify 

    .

    To add/modify/delete Object Class using Command Line: Use ldap commands like ldapsearch, ldapmodify .

    .

      

    Things good to know about managing OID Schema
    1. Every structural object class must have topas a superclass (top is name of object class)
    2. The name and the object identifier of an object class must be unique across all the schema components (Object Identifier is string of decimal numbers, which uniquely identifies an Object)
    3. The Object Identifier must begin with the unique identifier 2.16.840.1.113894 followed by either the Oracle-supplied prefix.9999 or a site-specific prefix.
    4. It is possible to redefine mandatory attributesin a superclass into optional attributes in the new object class. Conversely, optional attributesin a superclass can be redefined into mandatory attributes in the new object class.
    5. You cannot modify an object class that is part of the standard LDAP schema. You can, however, modify user-defined object classes.
    6. If existing object classes do not have the attributes you need, you can create an auxiliary object class and associate the needed attributes with that object class.
    7. You cannot add additional mandatory attributes to an existing object class (Use auxiliary class to include existing objectclass as superclass and add additional attributes in auxiliary class).
    8. You cannotremove attributes or super-classes from an existing object class.
    9. You cannot convert structural object classes to other object class types (like structural or abstract).
    10. You should not modify an object class if there are entries already associated with it.
    11. You cannot delete object classes from the base schema.
    12. You can delete object classes that are not in the base schema if they are not directly or indirectly referenced by other schema components.

    .

    References/Related

    Related Posts for OID


    1. Oracle Internet Directory OID
    2. Oracle Internet Directory – Basics II
    3. OID to OID/Active Directory/iPlanet other LDAP Server Integration
    4. Multi Master OID Replication
    5. OID Architecture
    6. Oracle Internet Directory , OID Troubleshooting
    7. Server Chaining in OID
    8. OID Quesries/ Scripts FAQ
    9. OIDADMIN Client
    10. Oracle Identity Management (OID) 11g installation Issues on Linux
    11. OID 11g – Oracle Directory Services Manager (ODSM)
    12. DIP : Synchronization, Provisioing, Connectors, DSS in Oracle Directory Services (ODS) 11g
    13. OID Replication – Suppliers, Consumers, DRG, ASR/LDAP based replication
    14. ASR setup has failed – Error occurred while dropping database link : ORA-02084 : database name is missing a component while Configuring Multi Master OID replication using “remtool -asrsetup”
    15. OID 11g Down : Unable to Start OID 11g using OPMN (ODS schema locked ORA-28002)
    16. OID/Directory Services 11g – Schema, Object Class, Attributes
    17. OID 11g Distributed Install : DIP/ODSM (Java Component) & OID (LDAP/REPLD) on different machine
    18. OID Server Mode R, RW, RM: LDAP: error code 53 – Server currently in read only mode
    19. How to change OID 11g database schema (ODS) password
    20. How to add custom attribute, Object Classe in OID from command line or GUI
    21. Oracle Internet Directory (OID) and Real Application Cluster (RAC) database : Things you must know
    22. How to Update User Password in OID (single account or bulk) – command line or GUI
    23. Error starting OID 11g during configuration stage of OID installation on Windows Server “ProvisionException: Failed to start the component”
    24. How to delete Entries in OID 11g in Bulk – Delete Failed : Ldap Error Code 66 Not allowed on Non-Leaf
    25. How to find latest changelog number (or changes) in OID ?
    26. Context Initialization Error on running ldapsearch commands on OID Server
    27. How to find OID version and patches applied on OID Home ?
    28. How to change OID 11g LDAP/LDAPS listen port
    29. How to find/audit Failed Login Attempts in OID 11g
    30. Step by Step configuration of OID Multi Master Replication – LDAP based in OID 11g
    31. OID 11g LDAP based Multi Master replication : Configuration Entries you must know
    32. Configure SSL for Oracle Internet Directory (OID)
    33. How to backup Oracle Internet Directory (OID) 11g – Data : Full / Partial
    34. SSL / Wallets in OID/OHS : How to manage certificates in Wallet using command line ?? ORAPKI
    35. How to debug OID : LDAP Error code 50 – Insufficient Access Rights
    36. What Hashing Algorithm OID uses to store user Password : SSHA or MD5

    7 Responses to “OID/Directory Services 11g – Schema, Object Class, Attributes”

    1. […] Visit link: OID/Directory Services 11g – Schema, Object Class, Attributes […]

    2. […] about Attributes and Object Classes in Oracle Internet Directory (OID) in my previous post here  . OID comes with default attributes and objects classes and provides mechanism (Graphical User […]

    3. aravind says:

      Hi ,

      Please let me know,how to find portal users who have not logged to the portal for last 3 months.

      Regards,
      Aravindkumar

    4. […] be integrated (creating users, groups, extending OID attributes and objectless, more on OID objects here ). idmConfigTool is also used to extend objects required in OID to install Fusion […]

    5. Mahendra says:

      Hi Atul,

      Can you tell me the procedure to create a new realm in OID 11g?
      We have realm called dc=oracle,dc=com and new I wanted to create a new realm dc=mydomain,dc=com.

      Thanks,
      Mahendra.

    6. Atul Kumar says:

      @ Mahendra,
      Use oidrealm (CLI) or OIDDAS (GUI – if you have one for OID 11g), more on using oidrealm in today’s post of this blog

    7. Mahendra says:

      I have found the solution myself, Atul. I will be posting it in blog soon.

    Leave a Reply



  • K21 Technologies is among the most experienced Oracle Gold Partner for Identity Access Management service providers. We work with application development companies and in-house technology division to help achieve significant returns on their IT security investment. Our clientele includes some of the globally renowned corporate, which speaks of our expertise in our field.

    We have the most talented and experienced team that can swiftly deploy security solutions even in complex IT ecosystem. Our clients highly appreciate our timely implementation, interactive training, on-demand support and community resources.
  • CONTACTS

    K21 Technologies
    8 Magnolia Place, Harrow,
    London, HA2 6DS

    UK: +44(0)7476444481
    USA: +1-888-414-1821

  • 2014, K21 Technologies. All rights reserved DMCA.com
  • TOP
    TOP