Chapter 1. About Directory Server Schema21.1.1.1. Required and Allowed AttributesEvery object class defines a number of required attributes and of allowed attributes. Requiredattributes must be present in entries using the specified object class, while allowed attributes arepermissible and available for the entry to use, but are not required for the entry to be valid.As in Example 1.1, “person Object Class Schema Entry”, the person object class requires the cn,sn, and objectClass attributes and allows the description, seeAlso, telephoneNumber, anduserPassword attributes.NOTEAll entries require the objectClass attribute, which lists the object classes assigned tothe entry.1.1.1.2. Object Class InheritanceAn entry can have more than one object class. For example, the entry for a person is definedby the person object class, but the same person may also be described by attributes in theinetOrgPerson and organizationalPerson object classes.Additionally, object classes can be hierarchical. An object class can inherit attributes from anotherclass, in addition to its own required and allowed attributes. The second object class is the superiorobject class of the first.The server's object class structure determines the list of required and allowed attributes for a particularentry. For example, a user's entry has to have the inetOrgPerson object class. In that case, theentry must also include the superior object class for inetOrgPerson, organizationalPerson,and the superior object class for organizationalPerson, which is person:objectClass: topobjectClass: personobjectClass: organizationalPersonobjectClass: inetOrgPersonWhen the inetOrgPerson object class is assigned to an entry, the entry automatically inherits therequired and allowed attributes from the superior object classes.1.1.2. AttributesDirectory entries are composed of attributes and their values. These pairs are called attribute-valueassertions or AVAs. Any piece of information in the directory is associated with a descriptive attribute.For instance, the cn attribute is used to store a person's full name, such as cn: John Smith.Additional attributes can supply additional information about John Smith:givenname: Johnsurname: Smithmail: jsmith@example.comIn a schema file, an attribute is identified by the attributetypes line, then followed by its OID,name, a description, syntax (allowed format for its value), optionally whether the attribute is single- ormulti-valued, and where the attribute is defined.
