Managing the NDS Schema With the NDS Manager Utility
Articles and Tips:
01 Nov 1997
With IntranetWare and NetWare 4.11, Novell intro-duced the NDS Managerutility, which you can run as a standalone utility or as part of the NetWareAdministrator (NWADMIN) utility. You can use the NDS Manager utility tomanage the Novell Directory Services (NDS) database, performing tasks suchas the following:
Managing partitions and replicas
Removing a server from the NDS tree
Updating the version of NDS running on the server
Checking the synchronization status of partitions
Diagnosing and repairing NDS errors
Novell has released an updated version of the NDS Manager utility, whichis included in IntranetWare Support Pack 4.0. This updated version includesNDS Schema Manager, a new component of the NDS Manager utility that allowsyou to view and customize the NDS schema. (You can download IntranetWareSupport Pack 4.0 from the Novell Support Connection World-Wide Web site at http://www.support.novell.com/misc/patlst.htm#nw411.)
With NDS Schema Manager, you can perform several tasks:
You can view or print a list of all of the attributes and classes in the NDS schema.
You can view or print information about an attribute or class.
You can create a new attribute or class.
You can add an attribute to an existing class.
You can delete an attribute or class.
You can view or print extensions to the NDS schema.
You can compare the schemas of two NDS trees and view or print a schema comparison report.
This article explains how you as a network administrator or a developercan use NDS Schema Manager to manage or design the NDS schema.
THE NDS SCHEMA OF THINGS TO COME
NDS is a full-featured, hierarchical directory. In addition to providingpartition and replication capabilities, NDS offers a dynamic schema. Thetermschemarefers to the rules that govern the structure of theNDS database and define the relationship (either superior or subordinate)between NDS objects. For example, the NDS schema ensures that an OrganizationalUnit (OU), such as OU=East Coast Sales, is not placed beneath a User object,such as CN=John Doe.
Unlike NDS, many directories are static and use a file to define theirschema. To change a static schema, you must modify this file and then restartthe directory to make the changes take effect. Because NDS has a dynamicschema, however, you can modify the schema while NDS is running, and thechanges take effect immediately.
The NDS schema is also global, which means that each NDS tree has onlyone schema. When you make changes to this schema, these changes are replicatedthroughout the entire NDS tree. To modify the NDS schema, you must haveADMIN rights to the [Root] object in the NDS tree.
The NDS schema includes two components: attributes and classes.Attributesspecify the syntax of the individual fields in the NDS database. For example,one of the attributes for a User object is a telephone number.Classes,on the other hand, use a collection of one or more attributes to definea template for storing information (referred to asobjects) in theNDS database. For example, NDS includes a definition for the Organizationclass, which is a collection of attributes and rules used to create an Organizationobject.
NDS SCHEMA MANAGER
To access NDS Schema Manager, you launch the NDS Manager utility andselect a partition or a server listed in the boxes on the left-hand sideof the main NDS Manager window. You then select the Schema Manager optionfrom the Object menu. The NDS Schema Manager window appears, displayingtwo boxes. (See Figure 1.) The box on the right-handside of the window contains attributes; the box on the left-hand side ofthe window contains classes.
Figure 1: The NDS Schema Manager window displays the classes and attributes included in the NDS schema.
If you double-click an attribute, the Attribute Information dialog boxappears. (See Figure 2.) If you double-clicka class, the Class Manager dialog box appears. (See Figure 3.)
Figure 2: This Attribute Information dialog box displays information about the Version attribute.
Figure 3: This Class Manager dialog box displays information about the User class.
You can also access these dialog boxes by selecting an attribute or classand clicking the appropriate button in the toolbar. Finally, you can accessthese dialog boxes by right-clicking an attribute or class. A menu appears,displaying only valid operations for the attribute or class you selected.
ATTRIBUTE OPERATIONS
With NDS Schema Manager, you can view, create, or delete an attribute.To view an attribute, you double-click the attribute in the NDS Schema Managerwindow to bring up the Attribute Information dialog box. (See Figure 2.) This dialog box shows the name of the attribute, its syntax, itsflags, and the class using this attribute. For example, in Figure 2, the Classes Using Attribute field shows that the Version attributeis being used by the NLSProduct and Server classes.
Creating an Attribute
To create an attribute, you must have ADMIN rights to the [Root] object'saccess control list (ACL). If you do not have these rights, an error messageappears, explaining the rights required to perform this operation. If youhave the necessary rights, you must complete the following steps:
Right-click an attribute in the NDS Schema Manager window, and select the Create New Attribute option. An information screen appears, explaining that the Create Attribute Wizard will help you create an attribute in the NDS schema.
Click the Next button. A screen appears, prompting you to enter an attribute name, which can be up to 32 characters and can include spaces. The attribute name must be unique and should be descriptive. For example, if you created an attribute that would be used to save a color picture in NDS, you might name the attribute Color Picture.
After you enter a name for the new attribute, click the Next button. A screen appears, prompting you to select the attribute syntax. NDS has 28 syntaxes you can choose from. (For more information about syntaxes, see "Attribute Syntaxes and Flags" on theNetWare Connectionweb site.) For the Color Picture attribute, you would select the Octet String syntax. You use the Octet String syntax to save items in NDS that are arbitrary in both length and data. By saving the picture in NDS, you would ensure that the picture could be accessed even if the server went down (since the NDS database is replicated across multiple servers).
After you select a syntax for the new attribute, click the Next button. A screen appears, prompting you to select flags for this attribute. The flags available for a particular attribute depend on the syntax you have chosen. For example, the Boolean syntax does not support the Sized flag because the Boolean syntax has a true or false value and has no associated size.
For the Color Picture attribute, you might choose the Single Valued and Public Read flags. The Single Valued flag specifies that you do not want multiple pictures, and the Public Read flag allows applications to access the picture. For example, you could enable a web server to display this picture in a HyperText Markup Language (HTML) document. (For more information about flags, see "Attribute Syntaxes and Flags"on theNetWare Connectionweb site.)
After you select flags for the new attribute, click the Next button. A screen appears, summarizing the settings you have chosen. (See Figure 4.)
Figure 4: The final Create Attribute Wizard screen summarizes the new attribute.
If you want to change a setting, you can click the Back button to access a previous screen. Make sure the settings are correct because you cannot modify the attribute after you create it. When this attribute is correctly defined, click the Finish button to create the attribute.
Deleting an Attribute
Before you can delete an attribute, you must ensure that no class isusing the attribute. If a class is using this attribute, you must firstdelete the class. However, you cannot delete standard attributes and classesthat were included with the shipping version of NDS. If you add an attributeto a standard class, you cannot delete that attribute.
To delete an attribute, you must have ADMIN rights to the [Root] object'sACL. You then right-click the attribute you want to delete in the NDS SchemaManager window, and select the Delete Attribute option. A warning screenappears. If you are sure that no classes are using this attribute, clickthe Yes button to delete the attribute.
CLASS OPERATIONS
With NDS Schema Manager, you can also view a class, view the class'sinheritance, create a class, delete a class, or add an attribute to a class.To view a class, you double-click the class in the NDS Schema Manager windowto bring up the Class Manager dialog box. (See Figure 3.)
The Class Manager dialog box shows which attributes are mandatory andwhich attributes are optional. This dialog box also specifies the class'snaming attribute, the types of objects that can contain this class, andthe class's flags. (For more information about classes, see "Components of a Class" on theNetWare Connectionweb site.)
Viewing a Class's Inheritance
Before you create a class, you should understand class inheritance. InNDS, classes, like objects, are part of a hierarchy. You assign class inheritancewhen you create a class.
If you right-click a class in the NDS Schema Manager window and selectthe View Inheritance option, the Class Inheritance dialog box appears. Thisdialog box shows how the class inherits attributes from its parent classes.For example, in Figure 5, Organizational Person,Person, and Top are the parent classes of User.
Figure 5: A class can inherit attributes from multiple classes.
The definition of a class includes the components of the class itselfand the components of all of the classes in the inheritance hierarchy. Asshown in Figure 5, the inheritance hierarchyis inverted: The Top class is actually the topmost class in this hierarchy.The reason the inheritance hierarchy is inverted is that classes can inheritattributes from multiple classes, and an inverted hierarchy logically displaysthese multiple inheritances.
Creating a Class
To create a class, you must have ADMIN rights to the [Root] object'sACL. You must then complete the following steps:
Right-click a class in the NDS Schema Manager window, and select the Create New Class option. An information screen appears, explaining that the Create Class Wizard will help you create a class in the NDS schema.
Click the Next button. A screen appears, prompting you to enter the class name, which can be up to 32 characters and can include spaces. The class name must be unique and should be descriptive. For example, if you created a class for employees of the month, you might name the class Employee of the Month.
After you enter a name for the new class, click the Next button. A screen appears, prompting you to specify a class or classes from which the new class will inherit attributes and flags. For example, you could specify that the Employee of the Month class would inherit attributes and flags from the Top class. (NDS Schema Manager allows you to customize this inheritance as you continue the process of creating a class.)
After you select the class or classes from which you want the new class to inherit attributes and flags, click the Next button. A screen appears, prompting you to select flags for the new class. You can set two flags: the Container flag and the Effective flag. The Container flag specifies that NDS objects using this class can contain other NDS objects, and the Effective flag specifies that NDS objects can be created using the class. For example, you would need to set the Effective flag for the Employee of the Month class. However, you would not set the Container flag because you would use the Employee of the Month class to create a leaf object (rather than a container object). (For more information about flags, see "Components of a Class" on theNetWare Connectionweb site.)
After you select flags for the new class, click the Next button. A screen appears, prompting you to select mandatory attributes for this class. Mandatory attributes are required values for NDS objects that use the class.
After you select mandatory attributes for the new class, click the Next button. A screen appears, prompting you to select optional attributes for this class. Optional attributesare not required values, but these attributes may be used by NDS objects that use the class.
After you select optional attributes for the new class, click the Next button. A screen appears, prompting you to select the class's naming attribute, which defines the attribute or attributes that are used to name the NDS object. Only attributes that have a string-type syntax can be used for naming. (Astring-type syntaxis a collection of alpha and numeric characters, which NDS can use to name objects. For more information about syntaxes, see "Components of a Class" on theNetWare Connectionweb site.)
To appear in the list of available naming attributes, an attribute must be a mandatory or optional attribute. If the naming attribute you want to select does not appear in this list, you can click the Back button and make the naming attribute a mandatory or optional attribute. If you select an optional attribute as a naming attribute, it is effectively a mandatory attribute, even though it is defined as optional.
After you select a naming attribute for the new class, click the Next button. A screen appears, prompting you to select this class's container class, which specifies where an NDS object that uses the new class can appear in the NDS tree.
After you select a container class for the new class, click the Next button. A screen appears, summarizing the settings you have chosen. (See Figure 6.) If these settings are correct, click the Finish button to create the class.
Figure 6: The final Create Class Wizard screen summarizes the new class.
Deleting a Class
To delete a class, you must have ADMIN rights to the [Root] object'sACL. You right-click the class you want to delete in the NDS Schema Managerwindow and select the Delete Class option. A warning screen appears. Ifyou are sure that no NDS objects are using this class, click the Yes buttonto delete the class.
Adding an Attribute to a Class
To add an attribute to a class, you must have ADMIN rights to the [Root]object's ACL. Before you add an attribute, you should be aware that youcan only add attributes to a class; you cannot delete attributes from aclass. If you want to delete an attribute from a class, you must deletethe entire class and create a new class without the attribute.
As mentioned earlier, you should not delete a class if any NDS objectsare using the class. Instead, you must delete these NDS objects before youdelete the class. Finally, you cannot delete attributes from standard classesbecause these classes are flagged as Non-removable.
To add an attribute to a class, you right-click the class in the NDSSchema Manager window and select the Add Optional Attribute to Class option.The Add Optional Attributes dialog box appears, displaying a list of attributesthat you can add to this class. (See Figure 7.) You simply double-click the attribute you want to add and click the OK button.
Figure 7: You can add attributes to an existing class, but you cannot delete attributes from the class. You must delete the entire class after ensuring that no NDS object uses this class.
THE REPORTS YOU HAVE BEEN WAITING FOR
With NDS Schema Manager, you can generate the following reports:
A report on schema extensions (see Figure 8 and Figure 9)
Figure 8: You can view the attributes and classes that were modified when the NDS schema was extended.
Figure 9: You can select the Schema Extension option from the Object menu in the NDS Schema window if you want to print the schema extension report or save it to a file.
A report on an attribute or a class
A report on the entire NDS schema
A report that compares the schemas of two NDS trees (see Figure 10)
Figure 10: NDS Schema Manager allows you to compare the schemas of two NDS trees. You can compare attributes or classes, and you can print the report or save it to a file.
Schema extensions are attributes and classes that have been added toor modified in the standard NDS schema. If you want to simply view a reportof schema extensions, you can select the Only Show Extensions option fromthe View menu in the NDS Schema Manager window. (See Figure 8.) You can also generate a schema extensions report by selecting theSchema Extensions option from the Object menu in the NDS Schema Managerwindow. (See Figure 9.) If you choose this option,you can print the schema extensions report or save it to a file.
Don't be surprised if many attributes and classes appear in the schemaextensions report: Each version of NDS includes a slightly different NDSschema. If you have upgraded NDS on the ser-ver, the NDS schema is a hybridof the schema in previous versions of NDS and the schema in the upgradedversion of NDS.
In addition, several applications, such as Novell Workstation Manager,extend the NDS schema when they are installed. Also, if you extended theTop class by adding an attribute, all classes appear in the schema extensionreport. Because all classes inherit attributes from the Top class, all classeshave been modified.
If you want to generate a report on a specific attribute or class, youselect the attribute or class in the NDS Schema Manager window and thenselect the Schema Report option from the Object menu. You can also generatethis report by right-clicking an attribute or class in the NDS Schema Managerwindow and then selecting the Quick Report option.
If you want to generate a report on the entire NDS schema, you selectthe Schema Report option from the Object menu. You then select the GenerateReport on Entire Schema option from the Schema Reports screen.
If you want to compare the schemas of two NDS trees, you select the SchemaCompare option from the Object menu. (See Figure 10.) After you specify which trees NDS Schema Manager should compare,you can use report filters to specify that the schema comparison reportcompare attributes or classes.
Figure 10 shows the differences between twoNDS trees. LDAP Services for NDS 1.0, which has been installed on one NDStree, extended the NDS schema by adding optional attributes to the NCP Serverand User classes.
Comparing two NDS trees is helpful if you are going to merge these trees.Before you can merge two NDS trees, their schemas must be identical. Whenyou run the DSREPAIR utility, it modifies both schemas so that they areidentical and then merges the two NDS trees.
CONCLUSION
If you are a network administrator, you can use NDS Schema Manager toexamine the schema of your company's NDS tree and evaluate its attributesand classes. With NDS Schema Manager, you can also extend the NDS schemato accommodate special types of NDS objects.
The larger and more complex your company, the more likely it is thatyou will want to customize the NDS schema. However, even small companieshave unique needs. Because NDS Schema Manager allows you to view and printreports about the NDS schema, you can evaluate how well this schema meetsyour company's needs. You can then determine if you need to extend the NDSschema in any way.
If you are a developer, you can use NDS Schema Manager to gather informationabout the NDS schema, which can help you extend the features of the applicationyou are creating. For information about developer resources such as applicationprogram interfaces (APIs) and documentation, visit the Novell DeveloperNetweb site (http://devsup.novell.com).
David Cox works for Novell Inc. in Provo, Utah.
Attribute Syntaxes and Flags
Novell Directory Services (NDS) attributes consist of a unique name, a syntax, and one or more flags. You can use the following syntaxes and flags for creating attributes:
ATTRIBUTE SYNTAXES
Back Link. The Back Link attribute uses this syntax to keep track of other servers that refer to an NDS object. NDS uses the Back Link syntax for internal management.
Boolean. An attribute uses this syntax if the attribute's value is either True, which is represented as one (1), or False, which is represented as zero (0). The Single Valued flag is set for the Boolean syntax.
Case Exact String. An attribute uses this syntax if the attribute's value is a Unicode string that is case sensitive in comparison operations. Two Case Exact Strings match if they are the same length and their corresponding characters, including case, are identical.
Case Ignore List. An attribute uses this syntax if the attribute's value is an ordered sequence of Unicode string that is not case sensitive in comparison operations. Two Case Ignore Lists match if their corresponding strings match. These corresponding strings match if they are the same length and their corresponding characters are identical in all respects except case.
Case Ignore String. An attribute uses this syntax if the attribute's value is a Unicode string that is not case sensitive in comparison operations. Two Case Ignore Strings match if they are the same length and their corresponding characters are identical in all respects except case.
Class Name. An attribute uses this syntax if the attribute's value is a class name. Two Class Names match if they are the same length and their corresponding characters are identical in all respects except case.
Counter. An attribute uses this syntax if the attribute's value is an incrementally modified, numeric signed integer. Any attribute defined using the Counter syntax is flagged as Single Valued. The Counter syntax differs from the Integer syntax in that any value added to an attribute that uses the Counter syntax is added to the total, and any value deleted is subtracted from the total.
Distinguished Name. An attribute uses this syntax if the attribute's value is the name of an NDS object. A Distinguished Name is not case sensitive, even if one of the naming attributes is case sensitive.
Email Address. An attribute uses this syntax if the attribute's value is a string of binary information. NDS makes no assumption about the internal structure of the content of the Email Address syntax.
Facsimile Telephone Number. An attribute uses this syntax if the attribute's value is a fax number. This syntax specifies a string that complies with the format agreed upon for storing international telephone numbers--E.123--and an optional bit string formatted according to the T.30 recommendation. Facsimile Telephone Number values are matched based on the telephone number field. The Facsimile Telephone Number syntax uses the same matching rules as the Case Exact String syntax except that all space and hyphen characters are ignored during comparison operations.
Hold. An attribute uses this syntax if the attribute is an accounting quantity, whose value is a numeric signed integer. An accounting quantity is an amount tentatively held against a subject's credit limit, pending completion of a transaction. The Hold syntax is treated in a similar manner as the Counter syntax: New values are added to or subtracted from the base total. If the Hold amount is reduced to zero, the Hold record is deleted.
Integer. An attribute uses this syntax if the attribute is represented by a numeric signed integer. Two Integers match if they are identical. In comparison operations, the Integer syntax uses the numeric signed integer rules (any positive or negative whole number, including zero).
Interval. An attribute uses this syntax if the attribute's value is a signed numeric integer that represents intervals of time. (Intervals use the same representation as Integers.) The interval value is the number of seconds in a time interval.
Net Address. An attribute uses this syntax if the attribute's value is a network-layer address in the IntranetWare and NetWare environment. The address is expressed in a binary format. Two Net Addresses match if the type, length, and value of the addresses match.
Numeric String. An attribute uses this syntax if the attribute's value is a numeric string as defined in the CCITT X.208 definition of Numeric String. Digits (0 to 9) and spaces are the only valid characters in the Numeric String character set. Two Numeric Strings match if the strings are the same length and their corresponding characters are identical.
Object ACL. An attribute uses this syntax if the attribute's value represents an Access Control List (ACL) entry in the NDS tree. An Object ACL value is used to control access to either an NDS object or an attribute.
Octet List. An attribute uses this syntax if the attribute's value is an ordered sequence of binary information. (This syntax describes an ordered sequence of strings of binary information, or an Octet String.) An Octet List matches a stored list if the Octet List is a subset of the stored list (thus, the Approximate Equals matching rule applies). The Octet List syntax uses the same matching rules as the Octet String syntax.
Octet String. An attribute uses this syntax if the attribute's value is a string of binary information that is not interpreted by NDS. An Octet String is a non-Unicode string. Two Octet Strings match if they are the same length and the corresponding bit sequences, or octet, are identical.
Path. An attribute uses this syntax if the attribute represents a file system path that contains the information needed to locate a file on an IntranetWare or NetWare server. The Path syntax uses the same matching rules as the Case Exact String syntax.
Postal Address. An attribute uses this syntax if the attribute's value is a Unicode string of a Postal Address. An attribute value for this syntax is typically composed of selected attributes from version 1 of the Message Handling Service (MHS) Unformatted Postal O/R Address specification, according to the f.401 recommendation. The value is limited to six lines of 30 characters each, including a Postal Country Name. The Postal Address syntax uses the same matching rules as the Case Ignore List syntax.
Printable String. An attribute uses this syntax if the attribute's value is a printable string, as defined in CCITT X.208. The printable character set includes upper- and lower-case alphabetic characters, digits (0 to 9), spaces, apostrophes, left and right parentheses, plus (+) signs, commas, hyphens, full stops (periods), solidus (forward slashes), colons, equals signs (=), and question marks. Two Printable Strings match if they are the same length and their corresponding characters are identical.
Replica Pointer. An attribute uses this syntax if the attribute's value represents a replica of an NDS partition. This syntax has six components: server name, replica type (Master, Secondary, Read-only, or Subordinate Reference), replica number, replica root ID, number of address, and address record.
Stream. An attribute uses this syntax if the attribute's value is a file stored on an IntranetWare or NetWare 4 server. For example, login scripts and other stream attributes use this syntax. The data stored in a stream file has no syntax enforcement of any kind. This data is purely arbitrary, defined by the application that created and uses it.
Telephone Number. An attribute uses this syntax if the attribute's value is a telephone number. The length of Telephone Numbers must be between one and 32 characters. The Telephone Number syntax uses the same matching rules as the Case Exact String syntax, except that all spaces and hyphen characters are ignored during comparison operations.
Time. An attribute uses this syntax if the attribute's value is an unsigned integer that represents time expressed in seconds. The Time syntax uses the same representation as the Integer syntax. The Time syntax also uses the unsigned integer rules (any positive whole number including zero).
Timestamp. An attribute uses this syntax if the attribute's value marks the time when a particular event occurred. When an event occurs, an NDS server makes a new Timestamp value and associates the value with the event. Every Timestamp value is unique within an NDS partition, providing a complete sequence of events that occur on all servers holding replicas of a partition.
Typed Name. An attribute uses this syntax if the attribute's value represents a level and an interval associated with an object. This syntax names an NDS object and attaches two numeric values to this object:
Level of the attribute, which indicates its priority
Interval that represents the number of seconds between certain events or the frequency of reference
Unknown. An attribute uses this syntax if the attribute's definition has been deleted from the NDS schema. This syntax represents strings of binary information.
ATTRIBUTE FLAGS
Single Valued. This flag indicates that the selected syntax can have only one value. In some cases, multiple values of a syntax (for example, Boolean) do not make sense, and NDS automatically sets this flag.
String. NDS automatically sets the String flag for all string-type syntaxes. The String syntax is a type of string that supports string matching rules. Only a string-type syntax can be used to define naming attributes for a class.
Synchronize Immediate. If this flag is set, NDS immediately schedules any changes made to the attribute to be synchronized with other replicas of the NDS partition. If this flag is not set, NDS synchronizes the changes at a later time when other changes can be bundled together.
Public Read. If this flag is set, the attribute allows other NDS objects to read its value, regardless of any restrictions. These objects do not have to be authenticated to NDS.
Write Managed. If this flag is set, the NDS object can manage the attribute. The object can modify the attribute regardless of any restrictions.
Per Replica. If this flag is set, the value of an NDS object can be different on each replica of a partition.
Sized. Only syntaxes that logically support a sized feature can have this flag set. If the flag is set, a valid upper and lower limit for the attribute must be set. An upper limit of minus one (-1) specifies that no upper limit exists, and NDS enforces only the lower limit.
Components of a Class
Classes are templates for storing information in Novell Directory Services (NDS). All NDS objects must belong to a class, which is defined by the following components:
Class inheritance
Flags
Structure rules
Attributes
CLASS INHERITANCE
Because classes are organized into an inheritance hierarchy, a class inherits flags and attributes from parent classes. The complete definition of a class is derived from the components of the class itself plus the components of all of the classes in the class's inheritance.
NDS Schema Manager displays a class's inheritance as an inverted hierarchy. The inheritance hierarchy is inverted because a class can inherit characteristics from multiple classes. However, parent classes are not recursive--that is, parent classes do not inherit attributes from their child classes.
In general, the classes at the top of the inheritance hierarchy provide general characteristics, and the classes at the bottom of the hierarchy are more specialized. Figure 11 shows the inheritance hierarchy of the standard schema that ships with NDS.
Figure 11: The standard schema that ships with NDS includes this subset of classes. The classes inherit flags and attributes from their parent classes in the inheritance hierarchy.
Because the Top class is the parent class of all other classes, the Top class has no parent class. The Top class is also unique because you cannot use it to define an NDS object. The Top class is used by the [Root] object in the NDS tree.
FLAGS
Classes are defined by the following flags. You can set only two flags when you create a class; NDS sets the other three flags.
Container. You can set the Container flag when you create a class. If you set this flag, NDS objects using the class can contain other NDS objects.
Effective. You can set the Effective flag when you create the class. If you set this flag, the class can be used to create NDS objects. In addition, you must ensure that the class's structure rules are completely defined. (See the "Structure Rules" section.)
If you do not set the Effective flag, the class is flagged as non-effective, which means it cannot be used to define NDS objects. A non-effective class is used to define information that can be used by a number of similar classes. Thus, a non-effective class is essentially a building block that defines information associated with various effective classes.
Non-removable. NDS sets the Non-removable flag, which is reserved for the classes included in the standard NDS schema. If NDS sets this flag, you cannot delete the class.
Ambiguous Naming. NDS sets the Ambiguous Naming flag if the class has a naming conflict or if the class does not have enough naming information.
Ambiguous Containment. NDS sets the Ambiguous Containment flag if the class has a conflict or if the class does not have enough information about the class's ability to contain other classes.
STRUCTURE RULES
Structure rules determine how NDS objects are named and where they can reside in the NDS tree objects. A class's structure rules define the possible relationships between objects in the NDS tree. These structure rules can be inherited from a parent class or explicitly defined in the class itself.
Naming Attributes
An NDS object is identified by its own name and the name of the container objects in which the object resides. An NDS object's name is referred to as its partial name, or Relative Distinguished Name (RDN). An NDS object's naming attributes determine its RDN.
Structure rules control the formation of an NDS object's Distinguished Name (DN). An NDS object's RDN and the names of all of its parent objects form its complete name, or DN. However, in defining a class for an NDS object, you need to specify only the immediate parent object's class as a container class.
Each class should have one or more attributes designated as naming attributes. If you do not assign a naming attribute to a class, NDS sets the Ambiguous Naming flag.
A naming attribute must be a mandatory or optional attribute. If you select only an optional attribute as the naming attribute, the optional attribute becomes, in effect, a mandatory attribute.
A naming attribute may be multivalued and must follow NDS inheritance rules. For example, Organization objects are named using the Organization Name (O) attribute, which is the only attribute that can be used for an organization's RDN because O is the naming attribute. Some classes specify more than one naming attribute. For example, the Locality class is named by the Locality Name (L) attribute and the State or Province Name (S) attribute. Thus, an RDN for a Locality object might be L=Chicago+S=Illinois.
A naming attribute does not necessarily reflect the class to which an object belongs. Many classes, such as Computer, Server, and User are named by their Common Name (CN) attribute. In this case, the naming attribute itself does not indicate the class to which the NDS object belongs. However, the naming attribute might suggest the nature of the object.
On the other hand, some naming attributes are closely tied to specific classes. For example, the Country object is named by the Country Name (C) attribute.
Container Classes
Each class has a container list, which specifies where an object can reside in the NDS tree. An NDS object can be subordinate only to the NDS objects using classes in this container list. By limiting the possible location of an object in the NDS tree, a container list restricts the order and types of RDNs that appear in the object's DN.
Container lists control the structure of the NDS tree through inheritance properties and ensure that the NDS tree expands in a consistent and logical manner. For example, a Country (C) object can be subordinate only to the [Root] object in the NDS tree.
In addition to controlling the structure of the NDS tree, container lists must also be flexible enough to accommodate a variety of organizational situations. For example, in the relationship between the Organization and Locality classes, each class specifies the other as a container class. As a result, you can decide which hierarchical order best represents your company.
ATTRIBUTES
Attributes describe the data used to define an object in the NDS tree. A class organizes a group of attributes in a meaningful way and specifies matching rules and directives for retrieving data in the NDS tree.
Mandatory Attributes. Mandatory attributes are required. When you create an NDS object, you must assign a value to every mandatory attribute. A class's mandatory attributes are inherited from its parent classes.
Optional Attributes. Optional attributes are not required. When you create an NDS object, you are not required to assign a value to optional attributes. There is one exception, however: If an optional attribute has been selected as the naming attribute, you must assign this attribute a value.
* Originally published in Novell Connection Magazine
Disclaimer
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.