Managing the Schema
125
no
vd
ocx (
E
NU)
01
F
ebr
ua
ry
200
6
flag. If any of these flags is present on a schema definition, LDAP treats the attribute as
“operational” and will not return that attribute unless specifically requested to do so.
BOTH_MANAGED is a new security rights enforcement mechanism. It is only meaningful on an
attribute of Distinguished Name syntax. If set on such an attribute, it will require that the requesting
connection have rights on both the target object and attribute and the object being referenced by the
target attribute. This is an expansion of the current WRITE_MANAGED flag functionality. This
flag is not currently set on any base schema attributes. This new security behavior will only occur on
an eDirectory 8.7.
x
server, so for consistent behavior relating to this flag, the entire tree must be
upgraded to eDirectory 8.7 or later.
Because only an eDirectory 8.7.
x
server will recognize these new flags, they can be set only on a
schema definition by an eDirectory 8.7.
x
server which holds a copy of the root partition (because
only servers holding root can do schema modifications). The normal installation of a new server or
upgrading an existing server that doesn’t hold the root partition will not successfully add these new
flags to the schema in your tree.
If you want either of these new features enabled in your tree, you need to ensure that the schema is
successfully extended to add these new flags. There are two ways to do this. The first option is to
choose a server that holds a writable copy of the root partition to be upgraded to eDirectory 8.7 or
later. This will automatically extend the schema correctly with the new flags.
The second option is more involved and contains the following steps:
1
Install a new 8.7.
x
server or upgrade any existing server in the tree. This server does not need to
hold a copy of [Root].
2
Manually add a copy of the root partition to this new server.
3
Rerun the appropriate schema extension files on that server to extend the schema:
4
Install the new schema files you choose that have these new flags set.
5
(Optional) After the schema has synchronized, you can remove the root replica from this
server.
NOTE:
These new schema flags enable optional features. If you don’t need or want the new
functionality, the absence of these new flags on the schema definitions will not cause any problems
in the normal operation of eDirectory in your tree. In the case of the READ_FILTERED flag, it
would not be present on some attribute definitions; therefore, an LDAP read request for all attributes
of an object might get some extra data it would not otherwise have received. Some attributes will
still be treated as operational anyway because of the presence of the READ_ONLY or HIDDEN
flag. The BOTH_MANAGED flag is intended only to be enabled on fully upgraded trees, because
consistent operation of this feature can be achieved only in that environment.
Platform
Instructions
Windows
Load
install.dlm
, then click
Install Additional Schema Files
.
NetWare
Load nwconfig, then select Directory Options/Extend Schema.
Linux, Solaris, AIX, and HP-UX
Use the ndssch utility. See
“Using the ndssch Utility to Extend
the Schema on Linux, Solaris, AIX, or HP-UX” on page 123
for
more information.
Summary of Contents for EDIRECTORY 8.8 - GUIDE
Page 4: ...novdocx ENU 01 February 2006...
Page 16: ...16 Novell eDirectory 8 8 Administration Guide novdocx ENU 01 February 2006...
Page 68: ...68 Novell eDirectory 8 8 Administration Guide novdocx ENU 01 February 2006...
Page 90: ...90 Novell eDirectory 8 8 Administration Guide novdocx ENU 01 February 2006...
Page 116: ...116 Novell eDirectory 8 8 Administration Guide novdocx ENU 01 February 2006...
Page 128: ...128 Novell eDirectory 8 8 Administration Guide novdocx ENU 01 February 2006...
Page 184: ...184 Novell eDirectory 8 8 Administration Guide novdocx ENU 01 February 2006...
Page 249: ...250 Novell eDirectory 8 8 Administration Guide novdocx ENU 01 February 2006...
Page 307: ...308 Novell eDirectory 8 8 Administration Guide novdocx ENU 01 February 2006...
Page 333: ...334 Novell eDirectory 8 8 Administration Guide novdocx ENU 01 February 2006...
Page 371: ...372 Novell eDirectory 8 8 Administration Guide novdocx ENU 01 February 2006...
Page 439: ...440 Novell eDirectory 8 8 Administration Guide novdocx ENU 01 February 2006...
Page 519: ...520 Novell eDirectory 8 8 Administration Guide novdocx ENU 01 February 2006...
Page 529: ...530 Novell eDirectory 8 8 Administration Guide novdocx ENU 01 February 2006...
Page 555: ...556 Novell eDirectory 8 8 Administration Guide novdocx ENU 01 February 2006...