To declare a directory or an object, LDAP used scheme system.
Scheme or schema is simply a packaging unit. It is a collection of valid object class and attributes. The attributes are declared and registered through LDAP system and can be widely known by it. Every object class and attributes must be defined inside of scheme. An attribute defined in one schema can be used by an objectclass defined in another schema.
It is wise to say scheme is like a blueprint of object. When we want to instantiate / create an object, we should refer to the blueprint. Object defined outside of blueprint won’t be recognized / not accepted.
Even after declaring objects and attributes inside of scheme, the scheme won’t be used unless it is included in the configuration file.
Schema decides what information are stored in LDAP. Therefore, we can’t carelessly stored all data in LDAP. All object class and attributes should be defined inside of schema, including connection between object classes and attributes.
Each schema can only accommodate object class and attributes for specific purpose. For example: a schema samba is a scheme to accommodate information needed by samba.
On default setting, LDAP (OpenLDAP) has included four schemes ready to use. Those schemes are:
- Core function of OpenLDAP
- Schema for Cosine and x.500
- Specific schema for access NIS
- Schema for internet organization person entry.
All schemas are usually written as plain text which have .schema extension.
To write a schema, an understanding of object class and attributes should be acquired which will be discussed in other article.
Here is the relation of schema, object class, and attributes: