3.5. Maintaining Consistent Schema
- Use schema checking to ensure that attributes and object classes conform to the schema rules.
- Use syntax validation to ensure that attribute values match the required attribute syntax.
- Select and apply a consistent data format.
3.5.1. Schema Checking
Note
organizationalPerson
object class, then the common name (cn
) and surname (sn
) attributes are required for the entry. That is, values for these attributes must be set when the entry is created. In addition, there is a long list of attributes that can optionally be used on the entry, including descriptive attributes like telephoneNumber
, uid
, streetAddress
, and userPassword
.
3.5.2. Syntax Validation
telephoneNumber
attribute actually has a valid telephone number for its value.
3.5.2.1. Overview of Syntax Validation
syntax-validate.pl
.
3.5.2.2. Syntax Validation and Other Directory Server Operations
For normal LDAP operations, an attribute is encrypted just before the value is written to the database. This means That encryption occurs after the attribute syntax is validated.
-E
flag with db2ldif
and ldif2db
, which allows syntax validation to occur just fine for the import operation. However, if the encrypted database is exported without using the -E
flag (which is not supported), then an LDIF with encrypted values is created. When this LDIF is then imported, the encrypted attributes cannot be validated, a warning is logged, and attribute validation is skipped in the imported entry.
There may be differences in the allowed or enforced syntaxes for attributes in Windows Active Directory entries and Red Hat Directory Server entries. In that case, the Active Directory values could not be properly synced over because syntax validation enforces the RFC standards in the Directory Server entries.
If the Directory Server 11.0 instance is a supplier which replicates its changes to a consumer, then there is no issue with using syntax validation. However, if the supplier in replication is an older version of Directory Server or has syntax validation disabled, then syntax validation should not be used on the 11.0 consumer because the Directory Server 11.0 consumer may reject attribute values that the supplier allows.
3.5.3. Selecting Consistent Data Formats
- ITU-T Recommendation E.123. Notation for national and international telephone numbers.
- ITU-T Recommendation E.163. Numbering plan for the international telephone services. For example, a US phone number is formatted as
+1 555 222 1717
.
postalAddress
attribute expects an attribute value in the form of a multi-line string that uses dollar signs ($) as line delimiters. A properly formatted directory entry appears as follows:
postalAddress: 1206 Directory Drive$Pleasant View, MN$34200
3.5.4. Maintaining Consistency in Replicated Schema
- Do not modify the schema on a read-only replica.Modifying the schema on a read-only replica introduces an inconsistency in the schema and causes replication to fail.
- Do not create two attributes with the same name that use different syntaxes.If an attribute is created in a read-write replica that has the same name as an attribute on the supplier replica but has a different syntax from the attribute on the supplier, replication will fail.