Schema
Schemas provide structure to the contents of a directory service.
Early Internet directory services such as finger and whois responded to queries with free-form text, with no consistency from one deployment to another. The clients for these protocols would be unable to reformat the data to the presentation style of the user, and could not extract particular fields (e.g. only the phone number) from the response.
A schema will define, for each object being represented:
- what attributes of that object are to be represented in the entry for that object
- what relationships of that object to other objects are to be represented
- how is the entry to be named and located
- how similar entries are to be distinguished
- how are entries to be ordered when displayed in a list
Some of the typical components of a schema definition include:
attribute type definition
An attribute definition typically includes a name, a syntax, and one or more matching rule, if the attribute is used in searching to locate an object.
matching rule
The matching rule defines the forms of comparison that can be made on an attribute, and are typically used when defining how the directory is to be searched
object class definition
The object class definition lists the attributes which are part of the representation of a particular object.
syntax
The syntax defines the transfer encoding of a particular attribute, such as a UTF-8 encoded string or a JPEG-encoded image.
Some protocols also allow for schema definitions to include:
name form
A statement of the attributes which are to be used for naming objects of a particular object class.
structure rule
The relationship between entries in a hierarchical directory service.
White pages schema
A white pages schema is a model for organizing data contained in entries in a directory service, in which each entry in the directory service typically represents an individual person that makes use of network resources, such as by receiving email or having an account to log into a system. In some environments, the schema may also include the representation of organizational divisions, roles, groups, and devices.
One of the earliest attempts to standardize a white pages schema for electronic mail use was X.500, that was derived from the addressing requirements of X.400. This evolved into the Lightweight Directory Access Protocol standard schema in RFC 2256. One of the most widely deployed white pages schemas used in LDAP for representing individuals in an organizational context is inetOrgPerson, defined in RFC 2798, although versions of Microsoft Active Directory require a different object class, User. Many large organizations have also defined their own white pages schemas for their employees or customers, as part of their Identity Management architecture. Converting between data bases and directories using different schemas is often the function of a metadirectory.
Schema registration and reuse
While some of the Internet standards-track schemas used in LDAP have their attribute and object class names registered in the IANA LDAP Parameters list, there is no general schema registry service, or procedure for locating a schema definition.
This is unfortunate as there are few published best practices or standard approaches for extending schemas that are general enough to allow to meet a large set of requirements, both by end-user organizations deploying directory services, or by vendors of directory-enabled applications which require schema extensions. Today, each organization will frequently start with one of the standard schemas provided by the directory server vendors as a baseline,but then extend it in a way which is private to that organization.
Some early directory deployments suffered due to poor design choices in their white pages schema, such as:
- attributes used for naming purposes were non-unique in large environments (such as a person's common name)
- attributes used for naming purposes were likely to change (such as surnames)
- attributes were included which could lead to Identity theft, such as a Social security number
- users were required during provisioning of their accounts to choose attributes which are unique but still memorable to them
Continued at Schema formats and Schema ontologies.