The objectclass and schemacheck configuration file options can be used to enforce schema rules on entries in the directory. The schema rules are defined by one or more objectclass lines, and enforcement is turned on or off via the schemacheck option. The format of an objectclass line is as follows:
objectclass name
[ requires attrs ]
[ allows attrs ]
This option defines the schema rules for the object class given by
name. Schema rules consist of the attributes the entry is required
to have (given by the requires attrs clause) and those
attributes that it may optionally have (given by the allows
attrs clause). In both clauses, attrs is a comma-separated
list of attribute names.
Note that object class inheritance (that is, defining one object class in terms of another) is not supported directly. All of an object class's required and allowed attributes must be listed in the objectclass definition.
For example, to define an objectclass called ``myPerson'', you might include a definition like this:
objectclass myperson
requires cn, sn, objectclass
allows mail, phone, fax
To then enforce this rule (that is, to make sure an entry with an
objectclass of ``myperson'' contains the cn,
sn and objectclass attributes, and that it contains no
other attributes besides mail, phone, and fax),
turn on schema checking with a line like this:
schemacheck on