DIRECTORY SERVICES

Schema-checking
When schema-checking is enabled the LDAP service carries out LDAP and and modify operations only if the operations conform to the schema. Schema checking is enabled by default and it's best to keep this default behavior if you allow write access to a directory so you have better control over the contents of a directory. When schema-checking is enabled the LDAP service does the following to check that LDAP add and modify operations comply with the schema:
If any of these checks fail, the LDAP service aborts the operation and returns the message, "Object Class Violation."

Schema-checking is done only for LDAP add and modify operations and not when Notes and Web users add and change documents in a IBM® Lotus® Domino™ Directory.

Note Whether or not you enforce schema-checking, the LDAP service requires that each directory tree component specified in a distinguished name during an add or modify DN operation corresponds to an entry in the directory. For example, to add an entry with the distinguished name "uid=JDoe, o=Acme," there must be an entry in the directory for o=Acme.

Schema-checking and directory assistance

The schema defined for the domain of the server running the LDAP service is the basis for schema-checking. If the LDAP service uses directory assistance to serve a secondary Domino directory or Extended Directory Catalog for which LDAP write operations are enabled, the LDAP service uses the schema defined for its own domain to determine whether or not to allow write operations in the directory served through directory assistance.

See also