Techniques for Extending the Schema

Creating and updating the directory's schema can be done the same way as any other update to a directory's objects. We discussed how to create and modify objects in Chapters 3 and 6 and these techniques are still valid for schema objects as well. It is possible to use any of the various tools or APIs that can perform these operations. In fact, for .NET version 2.0 users, there is pretty good support for all things schema related using the ActiveDirectorySchema* classes in the System.DirectoryServices.ActiveDirectory (SDS.AD) namespace.

As such, you might be surprised to hear us recommend not using SDS to create or modify schema. After all, it does work, and it is the API this book is primarily about. Why not use it here too?

Instead, we propose to stick with using Lightweight Data Interchange Format (LDIF) scripts, which are standard ASCII-based scripts, for declaratively updating the directory. Both Active Directory and ADAM ship with an LDIF client (called LDIFDE.exe). There are a few reasons for suggesting LDIF as your primary tool for performing schema extensions.

  • Schema extensions are performed infrequently and are generally performed by administrators, not developers, especially with Active Directory, which requires high privileges for schema modification.
  • LDIF makes it very easy to keep a record of schema modifications so that we can perform them again later, perhaps when moving between a development and a production environment or from ADAM to Active Directory.
  • Compiled code is fairly opaque to administrators, who typically prefer LDIF scripts for their readability. Very few administrators will simply trust a compiled program to update their directory, unless they wrote it themselves. LDIF scripts are easy to read, and as such, administrators can view what they are supposed to do.

Is it still possible to extend the schema with SDS? Of course! However, we do not believe this should be done as a general rule. There will always be cases where this is the appropriate thing to and we leave that to your discretion. We will include some samples at the book's web site for performing these operations should we need them.

If we think about it for a moment, we do not often find ourselves building a SQL database with ADO.NET calls, do we? Instead, it is far more prevalent to script out the database design in a set of files that contain DDL statements, and then execute them with a tool such as a query analyzer (or to hand them over to a database administrator!). The same basic theory applies here as well.

We do not attempt to provide a tutorial on LDIF here, but there are a variety of online resources that can help with this, including the Microsoft online documentation we already referenced. The tool and file syntax are very straightforward and developers or administrators should not have any difficulty using them.

Part I: Fundamentals

Introduction to LDAP and Active Directory

Introduction to .NET Directory Services Programming

Binding and CRUD Operations with DirectoryEntry

Searching with the DirectorySearcher

Advanced LDAP Searches

Reading and Writing LDAP Attributes

Active Directory and ADAM Schema

Security in Directory Services Programming

Introduction to the ActiveDirectory Namespace

Part II: Practical Applications

User Management

Group Management

Authentication

Part III: Appendixes

Appendix A. Three Approaches to COM Interop with ADSI

Appendix B. LDAP Tools for Programmers

Appendix C. Troubleshooting and Help

Index



The. NET Developer's Guide to Directory Services Programming
The .NET Developers Guide to Directory Services Programming
ISBN: 0321350170
EAN: 2147483647
Year: 2004
Pages: 165

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net