Directory Development Fundamentals www novell com Ed Shropshire

Directory Development Fundamentals www. novell. com Ed Shropshire NDS Partner Programs Novell, Inc. eshropshire@novell. com

Vision…one Net A world where networks of all types—corporate and public, intranets, extranets, and the Internet—work together as one Net and securely connect employees, customers, suppliers, and partners across organizational boundaries Mission To solve complex business and technical challenges with Net business solutions that enable people, processes, and systems to work together and our customers to profit from the opportunities of a networked world

Deployed Versions Novell e. Directory™ and Novell Directory Services® (NDS) Product Version Build Version Platforms Net. Ware 5. 1 SP 4 (NDS 7) DS. nlm v 7. 57 Net. Ware 5. 1 SP 4 (NDS 8) DS. nlm v 8. 79 Net. Ware 5. 1 e. Directory 8 DS. nlm & DS. dlm v 8. 79 Net. Ware 5. 0, Win NT/2 K e. Directory 8. 5. x DS v 85. 23 Net. Ware 5. x, Win, Solaris Net. Ware 6 (e. Directory 8. 6) DS. nlm v 10110. 20 Net. Ware 6 e. Directory 8. 6. 1 DS v 10210. 43 NW 5. 1, NW 6, Win, Solaris, Linux Net. Ware 6 SP 1 (e. Directory 8. 6. 2) DS. nlm v 10310. 17 Net. Ware 6 e. Directory 8. 6. 2 DS v 103 xx. xx NW 5. 1, NW 6, Win, Solaris, Linux e. Directory 8. 7 DS v 10410. xx NW 5. 1, NW 6, Win, Solaris, Linux, AIX

Differences Between e. Directory and NDS® NDS e. Directory NOS directory focused on managing Net. Ware® servers A cross-platform, scalable, standards-based directory used for managing identities that span all aspects of the network—e. Directory is the foundation for e. Business Net. Ware 5 Net. Ware 6

Novell one Net and e. Business Vision Novell provides Net services software that gives organizations the ability to simplify the complexities of the Net, securely extend and integrate networks and applications between companies and accelerate e. Business transformations NET Services Novell e. Directory™ NW …

What’s New with Novell e. Directory • • • Novell e. Directory 8. 6. 1 and 8. 7 Product of the Year—Network Magazine The Name—Novell e. Directory Sun. Tone Certification Partner Redistribution Program Free e. Directory for Developers LDAPZone AIX LDAP 2000 Server Brand LDAP Java SDK LDAP Java Beans

Novell e. Directory Partner Redistribution Kit Program • Get started 4 Download unlimited e. Directory licenses for development purposes—visit developer. novell. com/e. Directory/download. htm • Get profitable 4 Offer commercial solutions that include FREE 250, 000 user versions of e. Directory 4 Save each application customer up to a half-million US dollars in up-front licensing costs 4 Visit developer. novell. com/e. Directory

Novell e. Directory Partner Redistribution Kit Program • OEMs/ISVs can (AT NO COST): 4 Distribute 250, 000 e. Directory user versions with each copy of their shipping products 4 Distribute full-featured versions of e. Directory to an unlimited number of application customers 4 Distribute the latest Multi-OS version of e. Directory— Windows*, Sun Solaris*, Linux*, Net. Ware®, and IBM AIX* (*future) 4 Increase software/hardware/server sales 4 Rely on proven embedded technology 4 Build competitive advantage with added services and lower up-front deployment costs

LDAPzone. com Why LDAPzone? • Comprehensive 4 Resources and information on everything LDAP • Community 4 Share ideas, sample code, forums, tips and tricks • Directions 4 The latest LDAP news, updates and developments www. ldapzone. com

Novell Developer Offerings • Support options 4 What • • can you get if you pay Benefits 24 hour turnaround Developer labs Priority support Dedicated support contacts • Certification • Solutions search • Developer labs • Developer training

Novell e. Directory Architecture Dir. XML™ On. Demand. SM LDAP i. Install e. Guide i. Chain® Solaris NDAP Access Schema Utilities Maintenance Security Repair Merge Backup Replication Storage Management Interface (SMI) Database System Abstraction Layer (SAL) i. Monitor e. Directory Management Framework i. Manage SSO NT Net. Ware Linux AIX ? ? ?

Net Directory Service Solutions App 1 App 2 How do I accelerate 3 App my SSO/ existing business systems 4 so App NMAS my customers, employees and • IS professionals are not • waiting for them? • Dir. XML™ How do I use the Internet to let my partners, customers Browser and employees access secure Web Server applications andi. Chain data? e. Directory • Novell Account Management • Novell Authentication Services How do II simplify my business How do simplify my business PBX E-mail process and eliminate redundant process Application and eliminate redundant Application and inconsistent data? HR Application Web Server

168 Applications Before Zero-Day Start

One Net Simplifies Business Processes SSL IP XML LDAP

Enlightened Workforce (Intelligent Portal)

The Three Views Novell e. Directory • Let’s take a look at it from a different perspective Schema View Logical View Top Names Person Rights User Perspective Physical View Partitions Replicas

What Makes It Different? • • • Extensible schema Inherited rights Multi-master replication Filtered replica Referential integrity Scalable data store Multi-protocol support (discovery—access protocols) Multi-authentication support Developer interfaces Platform support

e. Directory Features Feature details Filtered replica LDAP Support A new replica type that enables flexible control of what’s replicated LDAP v 3 support including SSL Down to the attribute level Improved search speed Improved administration tools Monitoring and repair tools in Console. One® ICE (Import/Convert/Export) utility i. Monitor utility Cross-platform support Already runs on Net. Ware, NT 4, Linux, Windows 2000 and Solaris Looking at other UNIX and mainframe platforms (e. g AIX) Open. LDAP SDK ADSI Provider Translates ADSI calls into LDAP Apps developed to ADSI are fully supported Dir. XML Support Provides foundation for integrating network information for any system, application, device, etc.

What is LDAP? LDAP began life as an attempt to simplify access to x. 500 (DAP) directories, thus the name: Lightweight Directory Access Protocol • • A standardized protocol for accessing X. 500 directories A version of DAP* that contains less code than DAP An enabled client with TCP/IP access to X. 500 directories Lightweight means you don’t have to manage all of the connection overhead in your application • Lightweight doesn’t mean limited access functionality • LDAP is a client-server protocol

Technical LDAP Benefits • Applications can be Directory-Enabled Applications directory-neutral • Directories can be LDAP Netscape • Note: All directories are not equal AP LD LD AP interchanged Microsoft Licenses in use: 40 M Licenses in use: 4. 5 M Novell e. Directory Licenses in use: 174 M

Overview • LDAP is a client/server access protocol • LDAP also describes a data model (ACI, Schema, Replication) • LDAP is controlled by the IETF community • LDAP certifications 4 Works with LDAP (for applications) and LDAP 2000 (for servers) 4 Novell is a founding member of the Interoperability Forum/Open Group

Novell e. Directory SDK • Everything to integrate with e. Directory 4 Libraries, tools, sample code, and documentation 4 Platforms (server and workstation) • • • Net. Ware® Windows 2000 NT Windows 95/98 Solaris, Linux 4 http: //developer. novell. com/ndk/ndssdk. htm

NJCL e. Dir libraries for C NDAP/NCP LDAP service provider for JNDI Novell e. Directory LDAP Class Libraries for Java Novell e. Commerce Beans Novell controls for Active. X (NWIDir) LDAP libraries for C Novell JDBC driver for e. Directory e. MFramework Beans for Novell services Novell controls for Active. X (NWDir) Novell ODBC driver for e. Directory JNDI

NJCL NDS libraries for C NDAP/NCP LDAP service provider for JNDI Novell e. Directory LDAP Class Libraries for Java Novell e. Commerce Beans Novell controls for Active. X (NWIDir) LDAP libraries for C Novell JDBC driver for e. Directory e. MFramework Beans for Novell services Novell controls for Active. X (NWDir) Novell ODBC driver for e. Directory JNDI

NJCL NDS libraries for C NDAP/NCP LDAP service provider for JNDI Novell e. Directory LDAP Class Libraries for Java Novell e. Commerce Beans Novell controls for Active. X (NWIDir) LDAP libraries for C Novell JDBC driver for e. Directory e. MFramework Beans for Novell services Novell controls for Active. X (NWDir) Novell ODBC driver for e. Directory JNDI

NJCL NDS libraries for C NDAP/NCP LDAP service provider for JNDI Novell e. Directory LDAP Class Libraries for Java Novell e. Commerce Beans Novell controls for Active. X (NWIDir) LDAP libraries for C Novell JDBC driver for e. Directory e. MFramework Beans for Novell services Novell controls for Active. X (NWDir) Novell ODBC driver for e. Directory JNDI

Novell ODBC Driver for e. Directory • ODBC driver specifically designed to query and retrieve e. Directory data 4 Supports standard SQL statements 4 Makes reporting and retrieving data quick and easy 4 Abstracts the directory tree into accessible relational database tables 4 Hides the complexity of the underlying directory syntax

How ODBC Maps e. Directory Data • Mapping e. Directory data to relational tables 4 e. Directory hierarchical directory data is mapped to a flattened relational database table • e. Directory object classes correspond to the tables • e. Directory class attributes correspond to columns of the table • Entries correspond to rows of the table Surname Jones Nelson Smith Wilson Given name Kim Chris Sam Lynn Title Manager Engineer Tester Writer

Troubleshooting Novell ODBC Driver • Common problems 4 Insufficient resources • Select fewer attributes or specify the attributes rather than using a wildcard to include all attributes • Examine the attributes you select to ensure that only a few of them are multi-valued • Restrict the number of objects selected by specifying only one container 4 e. Directory rights 4 SQL statement errors • Use the correct table and column names in SQL statements • Read-only access to e. Directory

NJCL NDS libraries for C NDAP/NCP LDAP service provider for JNDI Novell e. Directory LDAP Class Libraries for Java Novell e. Commerce Beans Novell controls for Active. X (NWIDir) LDAP libraries for C Novell JDBC driver for e. Directory e. MFramework Beans for Novell services Novell controls for Active. X (NWDir) Novell ODBC driver for e. Directory JNDI

Novell e. Directory LDAP Compliance • Novell LDAP SDKs fully implement • IETF draft for C Interface – draft-ietf-ldapext-c-api-05. txt • IEFT draft for Java Interface – draft-ietf-ldapext-java-api-13. txt – e. Directory supports all LDAP version 3 required functionality • IETF RFCs 2247, 2251, 2252, 2253, 2254, 2255 and 2256 • e. Directory also supports most optional functionality

More About LDAP • Users given “server view” vs. a “tree view” • LDAP uses UTF-8 encoding of character strings 4 Allowing strings of any language to be used in the API 4 389—Provides clear text connections 636—Secure connections using SSL • LDAP servers listen on two TCP/IP ports 4 • An LDAP bind (connection) is an e. Directory login 4 4 LDAP requires that individual users have passwords No password is interpreted as an anonymous bind • Specifies no file access mechanisms • Novell e. Directory event mechanism coming soon

Novell Extensions to LDAP • Novell LDAP extensions 4 Partitions—split, join, get number of entries, abort operation 4 Replicas—add, remove, change type, list on server, return information 4 Replica synchronization—to a specified server, to all replicas, at a specified time 4 Schema synchronization 4 Get effective e. Directory rights for attributes 4 Get DN of logged-in caller 4 Restart the LDAP server

NJCL NDS libraries for C NDAP/NCP LDAP service provider for JNDI Novell e. Directory LDAP Class Libraries for Java Novell e. Commerce Beans Novell controls for Active. X (NWIDir) LDAP libraries for C Novell JDBC driver for e. Directory e. MFramework Beans for Novell services Novell controls for Active. X (NWDir) Novell ODBC driver for e. Directory JNDI

LDAP Class Libraries for Java • Now available on the Novell Developer Kit (NDK) 4 Conforms to the IETF LDAP Java interface 4 Socket, threads, queues, connection manager 4 Referrals 4 Schema management 4 Security SSL and SASL 4 Extensions and controls 4 Exposes additional classes and methods • ASN. 1/BER Protocol Methods (APIs)

Benefits of LDAP Libraries for Java • • • Classes and methods reflect LDAP protocol Small footprint Easy to learn and use Synchronous and asynchronous interfaces Pure Java solution Extensions for e. Directory management Tuned and tested with e. Directory Works with other LDAP-aware directories SSL secured through Novell Security Technologies Open Source available on the Open. LDAP Site 4 www. openldap. org

NJCL NDS libraries for C NDAP/NCP LDAP service provider for JNDI Novell e. Directory LDAP Class Libraries for Java Novell e. Commerce Beans Novell controls for Active. X (NWIDir) LDAP libraries for C Novell JDBC driver for e. Directory e. MFramework Beans for Novell services Novell controls for Active. X (NWDir) Novell ODBC driver for e. Directory JNDI

What is JNDI? • Java Naming and Directory Interface (JNDI) 4 An addition to Java. Soft’s enterprise API set 4 Object-oriented look and feel 4 Abstracted view • Naming-system neutral, enabling many different service providers to be accessed via the same interface • Promotes interaction between naming systems • Provider issues tend to show through 4 Providers may or may not be pure Java • Platform support is provider-dependent • Providers tend to be vendor-specific

NJCL NDS libraries for C NDAP/NCP LDAP service provider for JNDI Novell e. Directory LDAP Class Libraries for Java Novell e. Commerce Beans Novell controls for Active. X (NWIDir) LDAP libraries for C Novell JDBC driver for e. Directory e. MFramework Beans for Novell services Novell controls for Active. X (NWDir) Novell ODBC driver for e. Directory JNDI

Use Novell LDAP Libraries for C • Use the Novell LDAP Libraries for C vs. other SDKs 4 4 4 4 Extensions for e. Directory management Tuned and tested for e. Directory Works with other LDAP-aware directories Available on Net. Ware, Windows, UNIX Supported by Novell Worldwide Developer Support Internationalized and localized SSL-secured through Novell Security Technologies • LDAP Libraries for C Open Source • Novell LDAP Libraries for C leverage www. Open. LDAP. org

NJCL NDS libraries for C NDAP/NCP LDAP service provider for JNDI Novell e. Directory LDAP Class Libraries for Java Novell e. Commerce Beans Novell controls for Active. X (NWIDir) LDAP libraries for C Novell JDBC driver for e. Directory e. MFramework Beans for Novell services Novell controls for Active. X (NWDir) Novell ODBC driver for e. Directory JNDI

Novell JDBC Driver for e. Directory • Conforms to the JDBC specification • Requires the JNDI LDAP service provider for • • e. Directory Supports standard SQL statements Abstracts the directory tree into accessible relational database tables Hides the complexity of the underlying directory syntax Provides “read only” access of e. Directory

NJCL NDS libraries for C NDAP/NCP LDAP service provider for JNDI Novell e. Directory LDAP Class Libraries for Java Novell e. Commerce Beans Novell controls for Active. X (NWIDir) LDAP libraries for C Novell JDBC driver for e. Directory e. MFramework Beans for Novell services Novell controls for Active. X (NWDir) Novell ODBC driver for e. Directory JNDI

Novell Controls for Active. X • Application Administration • • • (NWApp. A) Bindery (NWBind) Browser (NWBrowse) Catalog Administration (NWCat. A) Client and Server Socket (NWCli. Skt and NWSvr. Skt) Directory (NWDir) Directory Administration (NWDir. A) Directory Authenticator (NWDir. Auth) Directory Query (NWDir. Q) Internet Directory (NWIDir) Internet Directory Query (NWIDir. Q) • Internet Directory Entries (NWIDir. E) • NDPS Printer Administration • • • (NWDPPrt. A) Network Selector (NWSelect) Peer Socket (NWPr. Skt) Print Queue Administration (NWPQA) Print Server Administration (NWPSA) Secret. Store (NWSec. Str) Server Administration (NWSrv. A) Session Management (NWSess) User Group (NWUsr. Grp) Volume Administration (NWVol. A)

NJCL NDS libraries for C NDAP/NCP LDAP service provider for JNDI Novell e. Directory LDAP Class Libraries for Java Novell e. Commerce Beans Novell controls for Active. X (NWIDir) LDAP libraries for C Novell JDBC driver for e. Directory e. MFramework Beans for Novell services Novell controls for Active. X (NWDir) Novell ODBC driver for e. Directory JNDI

Beans for Novell e. Directory • e. Commerce LDAP beans 4 4 4 Components for integrating web applications with LDAP directories Enabling authentication Read/write directory access Contextless login SSL security • NDS bean 4 4 4 Enables access to and manipulation of e. Directory entries Dependent upon the Novell class libraries for Java Requires the Novell Client

Scripting Options • Third Party Scripting Options 4 Perl 4 Python 4 PHP • Visit LDAPZone for a complete list and options www. LDAPZone. com

Supercharge Your Web Applications with Novell e. Directory • Realize the benefit of using Novell e. Directory to personalize web server applications 4 The objective of this seminar is to provide ideas and examples that will assist you in developing and deploying more powerful and flexible web-based applications

Why Tie Web Applications to Novell e. Directory? • Enhance and strengthen business relationships 4 Allowing secure access to information and applications • Provide the ability to simply and securely provide access to personalized and sensitive information 4 This may be the difference between gaining or disappointing a customer or partner

Use Novell e. Directory to • Store identity profiles • Control data access • Maintain customer identity relationships • Manage user security • Manage data at the network level • Abstract service locations • Increase throughput

HTTP is Stateless • To enable session tracking, utilize • Realms – Browser passes user and password with each request • Hidden form fields – Hidden input types that are not displayed when read by the browser • Cookies – Keyed piece of data created by the server and stored by the client browser • URL rewriting – Requested URL is modified to include a session ID • Servlet HTTPsession objects – Enables name/value pairs to be stored per session

Use Novell e. Directory to Track Sessions • Take advantage of GUIDs* 4 Identify who is accessing the site • GUIDs eliminate the need to store personal data • GUIDs are globally unique across all trees and servers • e. Directory automatically creates a GUID for each new entry – GUIDs do not change throughout life of object • Administrators may want to create an index on GUID to enhance response time 4 Operational Attribute *Globally Unique Identifiers

Use Novell e. Directory to Personalize the User Experience • Case example (CNN) 4 Provides worldwide news, sports, financial data and other information 4 Customized and personalized advertising and content using the GUID as a cookie 4 Customization is transparent to the user

CNN e. Directory Architecture (ad-injection) Netscape web servers on Solaris (CNN Web Farm) (Cookie) HTTP LDAP Client Internal e. Directory on Net. Ware Firewall and Solaris Development Servers - Compaq 1850 R - 2 GB RAM/72 GB RAID 0 - 1 Intel Pro/100 Server Adapter e. Directory on Net. Ware 5 - SUN Sparc U 60 Staging Server - Solaris 2. 6 - Compaq 1850 R -2 GB RAM/72 GB RAID 0 - 1 Intel Pro/100 Server Adapter e. Directory on Net. Ware 5 Load Directory Servers - Compaq 6400 R - 2 GB RAM/72 GB RAID 0 - 1 Intel Pro/100 Server Adapter

Tune Your Application and e. Directory to Achieve High Throughput • Filter the scope of data searches • Create well-formed schema extensions • Tune e. Directory 4 Tune memory/cache 4 Use proper tree design 4 Co-locate servers • Distributed nature of e. Directory gives better throughput 4 Utilize filtered replicas 4 Index on critical attributes

Directory Services and Databases • Let’s look at the strengths and weaknesses of both • When are they exclusive of each other? • When do they compliment each other? • The whys and wherefores

Directory Services and Databases Directory Service Strengths • Fast on the read • Distributed • Object-oriented • Hierarchical • Standardized schema • Replication • Attributes can be multi-valued (cont. ) Relational Database Strengths • Designed to handle transactions • Schema tuned for exact application needs • Can be modeled to handle very complex needs • Data integrity built in • Management of data failures

When to Use What? ? • Each has it’s own best use • Directories are used most often for 4 4 4 Authentication Authorization Personalization • RDBMS’s used most often for 4 4 4 Transaction processing Highly volatile data Very complex data requirements • Examples of each usage

Making the Choice… • Frequency of data modifications • Primary data requirements • Security • Flexibility • Model the data needs • Determine transactional requirements

What Is So Important About Schema? • It sets some structure Directory Schema components Rules for Tree structure rules Directory tree Object classes Objects Attribute types Attribute syntaxes Values • Provides a framework • Identifies syntax • Schema=Data Dictionary

What Is in the Schema? • Object classes • Attributes types • Syntaxes • Matching rules • Naming and containment rules Directory Schema components Rules for Tree structure rules Directory tree Object classes Objects Attribute types Attribute syntaxes Values

e. Directory Has an Extensible Schema • You can extend the schema, you do not change the schema 4 Create new classes 4 Add optional attributes 4 Use auxiliary classes 4 Delete non-base classes that do not have any object instantiated 4 Delete attributes that are not used in any classes • Schema extensions do not impact directory performance

Extension Options • You can make extensions programmatically or by using an LDIF file with the ldapmodify utility 4 Programmatically • Easier to control • Not as many files 4 LDIF • No need to recompile changes • Easy to run multiple

New Schema Recommendations • • • Determine exact purpose of new classes and attributes Don’t define anything for “future use” Remember to include the domain containment Understand any flags you use Use auxiliary classes whenever possible 4 Don’t add new attributes to existing classes if possible • Reuse/extend existing schema definitions 4 If small, change to existing definition • Add your attributes first, then your classes

Syntaxes • Define what your data looks like • Not extensible • e. Directory supports LDAP equivalence of e. Directory syntaxes • Recommendations 4 For readability limit use of octet string

Matching Rules • Equality 4 Defines how two values are compared • i. e. , case. Ignore. Match • Ordering 4 Used to determine if a value is greater or less than another value • SUBSTR 4 Defines the way substring matches work

Attribute Types • Attribute type is a string value containing various fields • What makes up an attribute 4 ASN. 1 id - OID acts as an unique identifier 4 Human readable name 4 A description 4 Matching rules 4 Syntax 4 Flag • i. e. , if attribute is single valued

Attribute Type Example • (2. 5. 4. 20 • NAME ‘telephone number’ • DESC ‘Standard Attribute’ • EQUALITY telephone. Number. Match • SUBSTR telephone. Number. Substring. Match • SYNTAX 1. 3. 6. 1. 4. 1. 1466. 115. 121. 1. 50{32} ) • (2. 5. 4. 28 • NAME ‘preferred. Delivery. Method’ • SYNTAX 1. 3. 6. 1. 4. 1. 1466. 115. 121. 1. 14 • SINGLE-Value )

Attribute Types • MUST—Mandatory Attributes 4 4 4 In LDAP these are referred to as MUST When you create an object of this type, you must populate these attributes Cannot add MUST attributes once objects are created from object class • MAY—Optional Attributes 4 4 4 In LDAP these are referred to as MAY e. Directory does not store these attributes with an object unless they have a value You can add more optional attributes to a class after the class is created

LDAP Attribute Options • NO-USER-MODIFICATION 4 Equivalent to non-removable in e. Directory • SINGLE-VALUE 4 Default multi-valued • Upper Bound 4 Specified after syntax within { }

Operational Attributes • Standard 4 modify. Time. Stamp 4 create. Time. Stamp 4 modifers. Name 4 creators. Name 4 subschema. Sub. Entry • e. Directory-Specific 4 structural. Object. Class 4 subordinate. Count 4 entry. Flags (base. Class)

Object Class Types • Structural—default 4 Used to create entries • Abstract 4 Building block class • Used for sub-classing • Auxiliary 4 Used to add attributes to existing entries • If type is not specified, default will be structural

Object Class Definition • ASN. 1 id - Object ID (OID) • Human readable name • List of superior object classes • Identifier • List of required (MUST) attributes • List of optional (MAY) attributes

Example of Object Class Definition • (2. 5. 6. 6 • NAME ‘person’ • SUP top • Structural • MUST ( sn $ cn) • MAY ( user. Password $ telephone. Number $ see. Also $ description ) )

Defining a New Object Class SUP=Inheritance • This is the class you inherit from • Your class automatically gets attributes from the parent, as well as any additional that you specify • Multiple levels of inheritance is possible • You can add superclasses starting in e. Directory 8. 5

Naming • The naming list specifies which attributes which can be • • used to name the object Naming can be specified in LDAP with the X-NDS_NAMING option Naming attribute can be multi-valued Complete control over how to name and access the object Defaults (if not supplied) 4 4 Inherit from superclass definition if possible The combination of all string attributes in the MUST and MAY lists

Containment • Containment identifies the other object types which can contain this class • Note that this is not the container flag • If a class is a container, it can be defined to be able to contain itself • Containment is now modifiable in e. Directory 8. 5 4 You can add containment

Containment (cont. ) • Containment can be specified in LDAP with the X-NDS_CONTAINMENT option • The defaults if not supplied are 4 Inherit from Super Class definition, if possible 4 “C”, “L”, “OU”, and “domain”

Auxiliary Classes • Auxiliary (or aux) classes are a collection of attributes • Aux classes are applied at the object level • Only the objects that need the attributes have them • Doesn’t change the object class definition

Using Auxiliary classes • Two steps 4 Modify the object class of an existing object to include the aux class name 4 Write values to attributes as you would any other attributes for that class • Easy to remove 4 Delete the aux class name from the object. Class attribute • Note—auxiliary classes are available from e. Directory 8 and beyond

X-NDS Class Options • The changes you can make to class definitions using the X-NDS options are 4 Flags • X-NDS_NOT_CONTAINER • X-NDS_NONREMOVABLE 4 Containment • X-NDS_CONTAINMENT 4 Naming • X-NDS_NAMING 4 Mapping • X-NDS_NAME • All X-NDS options have default values

X-NDS Attribute Options • Most attribute options are flags 4 4 4 X-NDS_PUBLIC_READ X-NDS_SERVER_READ X-NDS_NEVER_SYNC • NDS per replica flag 4 4 4 X-NDS_NOT_SCHED_SYNC_IMMEDIATE X-NDS_SCHED_SYNC_NEVER X-NDS_NAME_VALUE_ACCESS • NDS write managed flag • One other attribute option 4 X-NDS_LOWER_BOUND

Schema Naming Recommendations • LDAP schema name valid character set 4 Alpha-numeric and dash 4 First character must be alpha 4 Nothing else • Name format 4 Lowercase prefix, followed by uppercase words • Old—“MYAPP: New Attribute Name” • New—“myapp. New. Attribute. Name” • Don’t use delimiter characters

Schema Naming Recommendations • If you follow the naming rules, LDAP mapping for the names are not needed • If you haven’t followed rules in past (or future), then mappings are needed for access to schema items via LDAP • What are mappings, anyway? 4 Object Class object. Class

Schema Available Definitions • LDAP ships with a subset of inet. Org. Person mapped to the e. Directory user class • Schema extensions are available for… 4 Full inet. Org. Person mapped to e. Directory user 4 Full inet. Org. Person 4 residential. Person 4 new. Pilot. Person 4 www. novell. com/products/nds/schema/index. html

ASN 1 OIDs and Prefixes • What is an OID? 4 Novell’s base OID 2. 16. 840. 1. 113719 • joint-iso-ccitt(2) country(16) us(840) organization(1) Novell(113719) • LDAP allows access via the OID • Be sure to have OIDs for your application • How do you use your allocated sub-arc? 4 4 2. 16. 840. 1. 113719. 2. . 4. . 2. 16. 840. 1. 113719. 2. . 6. . • is your assigned subarc value • is the sequence number you assign • is the version number you assign • Find out more about OIDs 4 www. alvestrand. no/harald/objectid/