Establishing parent-child relations in LDAP

0
votes

I'm defining a custom schema for OpenLDAP. If I understand correctly, the SUP field in objectclass definitions may be used to indicate which attributes are inherited from the parent class. However, it does not force an entry of the child object class to be the actual child of an entry of the parent class in the entry tree. So how do I tell OpenLDAP that entries of a certain object class must be the children of entries of another given object class?

(As far as I understand it, there are two hierarchies at play: the attribute hierarchy and the object class hierarchy, and the LDAP tutorials I've found gloss over the distinction.)

1
ldapopenldap
Schemas don't do that. SUP indicates the superclasses of the object class you are defining.user207421
Thanks for your reply, though it does illustrate the ambiguity I often encounter when reading about LDAP. When you say that SUP indicates the superclasses of the object class I am defining, do you mean in the attribute hierarchy or in the object class hierarchy? The former simply indicates that the child class inherits every attribute from the parent, whereas the latter indicates that an entry of the child object class must be the child of an entry of one of the parent classes. I'm assuming the former, but I'm wondering how to express the latter. Are you saying it's simply not possible?Jon Smark
It means 'superclass' in exactly the same way that term is used everywhere else. There is no ambiguity. Similarly 'schemas don't do that' is another way of saying 'it's impossible'. You seem to be making mountains out of molehills here.user207421

1 Answers

1
votes

The SUP tag implies all of the required and optional attributes associated with that SUP ObjectClasses are also associated with the subordinate ObjectClasses. ONLY impacts schema elements.

For "child-parent" relations within LDAP Entries would typically be determined from the structure of the Directory Information Tree (DIT).