The Hybrid Schema

At Morrison Industries I created several objectclasses to work around problems in the standard LDAP schema. I've tried to keep these generic as possible so other people can use them as well rather than everyone running around and creating yet-another-schema.

Note: This schema requires the officePerson and evolutionPerson schema files to be loadded. You can download these here.

This file currently contains three objectclasses: mHybridPerson, mHybridUser, morrisonmailalias and ownedObject.


objectclass ( 1.3.6.1.4.1.6921.1.12
NAME 'mHybridPerson'
DESC 'Combine several objectclasses to support multiple MUAs'
SUP ( inetOrgPerson $ officePerson $ evolutionPerson )
STRUCTURAL )


mHybridPerson seals the structural objectclass chain issue for the dominant contact style objectclasses. It makes one objectclass that descends from the standard inetOrgPerson, M$-Outlook's officeperson, and Novell Evolution's evolutionPerson. Since evolutionPerson and officePerson both descend from inetOrgPerson they normally can't coexist. But they can both be present if an object is an mHybridPerson as well.


objectclass ( 1.3.6.1.4.1.6921.1.24
NAME 'mHybridUserAccount'
DESC 'Combine mHybridPerson and account'
SUP ( mHybridPerson $ account )
STRUCTURAL )


mHybridUserAccount seals the structural objectclass chain between account (which is structural) and the mHybridPerson class. This lets a user contain all the contact information and be an account. Fortunately other account type objectclasses such as sambaSAMAccount and posixAccount are auxilliary so they do not present a problem.


objectclass ( 1.3.6.1.4.1.6921.1.8
NAME 'morrisonmailalias'
DESC 'nisMailAlias plus mail and owner attributes'
SUP nisMailAlias
STRUCTURAL
MAY ( mail $ owner )
)


morrisonmailalias extends the nisMailAlias class to contain mail and owner attributes. By assigning a mail addess to the objectclass it becomes much more straight forward to expose mail aliases to mail clients for searching - since most mail client just want to see a "mail" attribute as indication this is something the user can send to. By allowing an owner attribute you can use a very simple ACL to delegate the ability of other users to modify the contents of a mail alias object.


objectclass ( 1.3.6.1.4.1.6921.4.5
NAME 'ownedObject'
DESC 'Extend allowed attributes to include owner'
MAY ( owner )
AUXILIARY )


ownedObject simply extends any object to include the owner attribute. The owner is extremely useful, especially in conjunction with ACLs to provide a fine degree of granularity regarding access to an object.