The Purpose of a Schema

   

A directory schema is a set of rules that determine what can be stored in a directory service and how directory servers and clients should treat information during directory operations such as searches. Before a directory server stores a new or modified entry, it checks the entry's contents against the schema rules. Whenever directory clients or servers compare two attribute values, they consult the schema to determine what comparison algorithm to use.

Chapter 7, Data Design, covered the importance of combining redundant data elements (that is, those needed by more than one application) into as few data elements as possible. One of the main purposes for a schema is to ensure that poorly behaved applications play by the rules and do not store redundant data in the directory service. Imagine the consequences if every directory-enabled application stored a person's name in a different directory attribute. The result would be wasted storage space and values that should be the same but are different, and ultimately a lot of confusion on the part of applications and end users.

Schemas can also be used to impose constraints on the size , range, and format of data values stored in the directory. For example, according to the Internet mail standards, e-mail address values should use a restricted set of characters and should conform to a specific format ( addr@domain ). In many cases, schema rules impose simple restrictions such as "this value must be an integer." Ensuring that the data values in the directory service conform to a collection of simple rules increases the quality of the data.

Finally, directory schemas can help slow the effects of directory entropy. Although they are not a substitute for appropriate access control rules (as described in Chapter 12, Privacy and Security Design), schema rules do help a bit in preventing chaos within your directory service.

Suppose that you allow end users to modify directory entries, but there is no schema enforcement; you should not be surprised when your directory servers become overburdened with a lot of information that does not belong there. Some users may store a lot of information that is of interest to only themselves , some may store very large values, and others may be silly or even malicious. For example, somebody might try to use an LDAP-based directory as a file system backup service for his PC, although most people would agree that this is inappropriate and should be discouraged!

Tip

If you have a lot of experience with traditional databases, you probably can't imagine a data store that does not impose schema rules. However, keep in mind that many users of your directory service may be novices with no directory service, database, or schema experience. Part of your job as the directory architect is to educate your users and developers and help them understand that schemas improve the directory service by increasing its reliability and the quality of the data.


   


Understanding and Deploying LDAP Directory Services
Understanding and Deploying LDAP Directory Services (2nd Edition)
ISBN: 0672323168
EAN: 2147483647
Year: 2002
Pages: 242

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net