PingDirectory

Managing DIT structure rules

Directory information tree (DIT) structure rules define which entries might be superior or subordinate to other entries in the DIT.

Together with name forms, DIT structure rules determine how relative distinguished names (RDNs) are added together to make up distinguished names (DNs). Because DITs don’t have a global standard and are specific to a company’s implementation, each DIT structure rule associates a name form with an object class and specifies each structure rule with an integer rule identifier, instead of an OID number. The identifier defines its relationship, either superior or subordinate, to another object class. If no superior rules are specified, the DIT structure rule applies to the root of the subtree.

DIT structure rule definition

DIT structure rules can be specified with existing schema components and don’t require additional code for implementation.

The following formal specification for attribute types is provided in RFC 4512, section 4.1.7.1.

DITStructureRuleDescription = "(" wsp
ruleid                      ; object identifier
[ sp "NAME" sp qdescrs ]    ; short name descriptor
[ sp "DESC" sp qdstring ]   ; description
[ sp "OBSOLETE" ]           ; specifies if the rule is inactive
sp "FORM" sp oid            ; OID or name form with which the rule is associated
[ sp "SUP" ruleids ]        ; Superior rule IDs
extensions wsp ")"          ; extensions followed by a white space and ")"

The following extensions are specific to PingDirectory Server and are not defined in RFC 4512.

extensions = /
"X-ORIGIN" /             ; Specifies where the rule is defined
"X-SCHEMA-FILE" /        ; Specifies which schema file contains the definition
"X-READ-ONLY"            ; True or False. Specifies if the file that contains
                         ;   the schema element is marked as read-only in
                         ;   the server configuration.

Viewing DIT structure rules

Steps

  • To view the dITStructureRules attribute, run ldapsearch.

    dITStructureRules is a multi-valued operational attribute that publishes the definitions on the PingDirectory server. The attribute is stored in the subschema subentry.

    Example:

    $ bin/ldapsearch --baseDN cn=schema --searchScope base \
  "(objectclass=*)" dITStructureRules