PingDirectory

Managing matching rule uses

Matching rule use definitions map certain attribute types with a matching rule definition for extensible match filters.

Extensible match filters allow clients to search using distinguished name (DN) components, such as (ou:dn:=engineering), or using an OID number, such as (cn:1.2.3.4:=Sam Carter). The matching rule use attribute publishes those attribute types and matching rule combinations, which can be used in extensible match assertions.

Typically, you define a matching rule use that isn’t normally specified in the attribute type definition. You can create new matching rule uses from the existing schema definitions by adding a custom schema file in the <server-root>/config/schema directory.

Matching rule use definitions

Matching rule uses can be specified with existing schema components and don’t require additional code for implementation.

The following formal specification for attribute types is provided in RFC 4512, section 4.1.4.

MatchingRuleUseDescription = "(" wsp
numericoid                  ; Object identifier
[ sp "NAME" sp qdescrs ]    ; Short name descriptor
[ sp "DESC" sp qdstring ]   ; Description
[ sp "OBSOLETE" ]           ; Specifies if the rule use is inactive
sp "APPLIES" sp oid         ; Attribute types
extensions wsp ")"          ; Extensions followed by a white space and ")"

The following extensions are specific to the PingDirectory server and aren’t defined in RFC 4512.

extensions = /
"X-SCHEMA-FILE" /        ; Specifies which schema file contains the definition
"X-READ-ONLY"            ; True or False. Specifies if the file that contains
                         ;   the schema element is marked as read-only in the
                         ;   server configuration.

Viewing matching rule uses

About this task

A matching rule use lists the attribute types that are suitable for use with an extensibleMatch search filter.

Steps

  • To view the PingDirectory server’s published list of matching rule uses that use the operational attribute matchingRuleUse, run ldapsearch.

    The multi-valued operational attribute matchingRuleUse publishes the definitions on the PingDirectory server, if any. The attribute is stored in the subschema subentry.

    Example:

    $ bin/ldapsearch --baseDN cn=schema --searchScope base \
  "(objectclass=*)" matchingRuleUse