5.3 Manually Extending the Schema

You can manually extend the eDirectory schema using files with a .sch extension.

This section contains the following information:

5.3.1 Extending the Schema on Windows

Use NDSCons.exe to extend the schema on Windows servers. Schema files (*.sch) that come with eDirectory are installed by default into the C:\Novell\NDS directory.

  1. Click Start > Settings > Control Panel > NetIQ eDirectory Services.

  2. Click install.dlm, then click Start.

  3. Click Install Additional Schema Files, then click Next.

  4. Log in as a user with administrative rights, then click OK.

  5. Specify the schema file path and name.

  6. Click Finish.

5.3.2 Extending the Schema on Linux

The following sections provide information about extending the schema on Linux computers:

Using the ndssch Utility to Extend the Schema on Linux

In addition to NetIQ iManager, you can use ndssch, the eDirectory schema extension utility, to extend the schema on Linux computers. The attributes and classes that you specify in the schema file (.sch) will be used to modify the schema of the tree. The association between the attributes and classes are created as specified in the .sch file.

Use the following syntax:

ndssch [-h hostname[:port]] [-t tree_name] [-F <logfile>] admin-FDN schemafile...
ndssch [-h hostname[:port]] [-t tree_name] [-d] admin_FDN schemafile [schema_description]...

ndssch Parameter

Description

-h hostname

Name or IP address of the server that the schema is to be extended on. The schema of the tree that the specified server belongs to will be extended. This is an optional parameter if the tree is located on the host whose schema is to be extended. Otherwise, it is a mandatory parameter.

port

The server port.

-t tree_name

Name of the tree that the schema is to be extended on. This is an optional parameter. The default tree name is the one specified in the /etc/opt/novell/eDirectory/conf/nds.conf file. For more information, see Configuration Parameters in the NetIQ eDirectory 8.8 SP8 Installation Guide.

-F logfile

Specifies the path name to the ndssch log file.

admin-FDN

Name with the full context of the user with eDirectory administrator rights to the tree.

schemafile

Filename that contains information about the schema to be extended.

-d, schema_description

When this option is used, every schema file must be followed by a description of the schema file.

Extending the RFC 2307 Schema

The attributes and object classes defined in RFC 2307 are user or group related and NIS related. The user- or group-related definitions are compiled into the /opt/novell/eDirectory/lib/nds-modules/schema/rfc2307-usergroup.sch file. The NIS-related definitions are compiled into the /opt/novell/eDirectory/lib/nds-modules/schema/rfc2307-nis.sch file. The corresponding files in the LDIF format are also provided (/opt/novell/eDirectory/lib/nds-modules/schema/rfc2307-usergroup.ldif and /opt/novell/eDirectory/lib/nds-modules/schema/rfc2307-nis.ldif respectively).

You can extend the RFC 2307 schema using the ndssch utility or the ldapmodify tool.

Using the ndssch Utility

Enter one of the following commands:

ndssch -t tree_name admin-FDN /opt/novell/eDirectory/lib/nds-schema/rfc2307-usergroup.sch

or

ndssch -t tree_name admin-FDN /opt/novell/eDirectory/lib/nds-schema/rfc2307-nis.sch

Parameter

Description

-t

Name of the tree on that the schema is to be extended on. This is an optional parameter. If this parameter is not specified, the tree name is taken from the /etc/opt/novell/eDirectory/conf/nds.conf file.

Using the ldapmodify Utility

Enter one of the following commands:

ldapmodify -h -D -w -f /opt/novell/eDirectory/lib/nds-schema/rfc2307-usergroup.ldif

or

ldapmodify -h -D -w -f /opt/novell/eDirectory/lib/nds-schema/rfc2307-nis.ldif

Parameter

Description

-h ldaphost

Specifies an alternate host on which the LDAP server is running.

-D binddn

Uses binddn to bind to the X.500 directory. It should be a string-represented DN as defined in RFC 1779.

-w passwd

Uses passwd as the password for simple authentication.

-f file

Reads the entry modification information from file instead of from standard input.