Software compiliation options

• List of current software
• OpenSSL Build parameters
• Heimdal Build parameters
• Berkeley BDB Build parameters
• Cyrus-SASL Build parameters
• OpenLDAP Build parameters

Configuration pages

• Hardware Configuration
• Base LDIF file used for preload setup
• Master slapd Configuration
• Replica slapd Configuration
• BDB Configuration
• syslog Configuration
• Example Schema
• Example ACL's
• Monitoring Types

Related pages

• Directory Service page
• OpenLDAP History and Configuration Overview

• QUICK LINKS
  • answers.stanford.edu
  • apple.stanford.edu
  • computing.stanford.edu
  • courses.stanford.edu
  • datarates.stanford.edu
  • dell.stanford.edu
  • departmentphone.stanford.edu
  • email.stanford.edu
  • ess.stanford.edu
  • helpsu.stanford.edu
  • myitserviceshelp.stanford.edu
  • orderithelp.stanford.edu
  • software.stanford.edu
  • studentphone.stanford.edu
  • techtraining.stanford.edu
  • tools.stanford.edu
  • unixcomputing.stanford.edu
  • vpn.stanford.edu
  • web.stanford.edu
  • windows.stanford.edu
• SERVICES
  • IT Services Only
  • All Campus Providers
    → computing.stanford.edu
• GETTING HELP
  • Stanford Answers
  • HelpSU: IT Help Desk
  • Training
• PROJECTS
• ABOUT US
  • What We Do
  • Organization Chart
  • Strategic Plan
  • Jobs
  • Contact info
  • Service & System Metrics
• INTERNAL
• SEARCH

  • Search IT Services:
     

Directory

When deploying a directory, it is possible that not all needs will be met by the schema's deployed with openldap.

For example, Stanford uses a krb5-kdc.schema file for putting in Kerberos attributes for its entries. This schema is not distributed with OpenLDAP.

Stanford also uses custom schemas to create attributes it wants in its entries for internal purposes.

The OpenLDAP Admin guide has information on creating custom schemas.

Basic things to know about schemas:

You will need an OID for your organization, which you can get from IANA. It can take up to 2 weeks. I also suggest reading the OpenLDAP FAQ on OIDs.

There are two basic parts to schemas, attributes and objectclasses.

Attributes can be defined to hold different types of data based on their SYNTAX. You can also specify how they can be indexed and searched on with the EQUALITY, SUBSTR, and ORDERING keywords.

ObjectClasses pull together attributes to define what ones are required ("MUST") in an entry with that objectclass, and which ones are optional ("MAY"). Objectclasses can also be of different types, such as AUXILARY or STRUCTURAL. Objectclasses may also be tied with existing objectclasses via the "SUP" keyword.

It is particularly important to read existing schema's to really develop an undertanding of how they work.