Skip to main content
The schema viewer provides a comprehensive view of your LDAP server’s schema, including object classes, attribute types, and their relationships.

Opening the Schema Viewer

Press F6 to open the schema viewer. The viewer loads the schema from the LDAP server and displays it in an interactive interface.
Schema is automatically loaded when you connect to an LDAP server. The viewer discovers the schema from standard locations including cn=Subschema and cn=schema.

Schema Tabs

The schema viewer has two tabs that you can switch between using Tab:

Object Classes Tab

Displays all object classes defined in the schema with the following information:
  • Name — Object class name (e.g., person, inetOrgPerson, organizationalUnit)
  • OID — Object identifier (e.g., 2.5.6.6)
  • Kind — Class type:
    • Structural — Defines the basic structure of an entry
    • Abstract — Template for other classes (e.g., top)
    • Auxiliary — Additional attributes that can be added
  • Superior — Parent object class in the inheritance chain
  • MUST attributes — Required attributes for this class
  • MAY attributes — Optional attributes for this class

Inheritance Resolution

The schema viewer automatically resolves inheritance chains. When viewing an object class, you see:
  • Attributes directly defined in the class
  • Attributes inherited from superior classes
  • The complete flattened attribute set
Example inheritance chain:
top (abstract)

person (structural)
  MUST: cn, sn
  MAY: userPassword, telephoneNumber

inetOrgPerson (structural)
  MAY: mail, uid, displayName
  (inherits cn, sn, userPassword, telephoneNumber from person)
When you create or edit entries, Loom uses the schema to validate attribute names and suggest available attributes based on the entry’s object classes.
1

Browse schema

  • j / k or arrow keys — Scroll through the list
  • Tab — Switch between Object Classes and Attribute Types tabs
  • g / Home — Jump to the top
  • G / End — Jump to the bottom
2

Filter entries

Press / to open the filter input. Type to search by name. The list updates in real-time as you type.Examples:
  • person — Find all object classes or attributes with “person” in the name
  • mail — Find mail-related attributes
  • posix — Find POSIX account attributes
3

View details

Select any object class or attribute type to view its full definition in the detail panel, including:
  • Complete OID
  • Description
  • All inherited attributes (for object classes)
  • Syntax and constraints (for attribute types)
4

Close viewer

Press q or Esc to close the schema viewer and return to the browser.

Schema Discovery

Loom automatically discovers the schema from your LDAP server using these methods:
1

Query subschema DN

Loom first queries the root DSE for the subschemaSubentry attribute, which points to the schema entry.
2

Try fallback locations

If the subschema DN is not found, Loom tries standard locations:
  • cn=Subschema (OpenLDAP, 389 Directory Server)
  • cn=schema (Active Directory, OpenDJ)
3

Parse schema definitions

Loom parses the attributeTypes and objectClasses attributes from the schema entry, following RFC 4512 format.
Schema loading happens automatically when you connect. If schema discovery fails, Loom logs the error but continues to operate with a minimal default schema.

Using Schema Information

The schema is integrated throughout Loom’s interface:

When Adding Attributes

When you press a in the detail panel to add an attribute:
  • Loom shows only attributes allowed by the entry’s object classes
  • Attributes are filtered based on MUST and MAY lists
  • Operational attributes (no user modification) are excluded
  • The list includes all inherited attributes from superior classes

When Editing Attributes

For DN-valued attributes (like member, manager, owner):
  • Loom enables DN search mode
  • You can search for entries by name and select them
  • The full DN is automatically inserted

Single-Valued Attributes

When editing single-valued attributes:
  • Loom prevents adding multiple values
  • The + (add value) action is disabled
  • Attempting to add a second value shows an error

Example Object Class Definition

Here’s how the inetOrgPerson class appears in the schema viewer: 
Name: inetOrgPerson
OID: 2.16.840.1.113730.3.2.2
Kind: Structural
Superior: organizationalPerson

MUST attributes:
  cn, sn, objectClass (inherited from person and top)

MAY attributes:
  audio, businessCategory, carLicense, departmentNumber,
  displayName, employeeNumber, employeeType, givenName,
  homePhone, homePostalAddress, initials, jpegPhoto,
  labeledURI, mail, manager, mobile, o, pager,
  photo, roomNumber, secretary, uid, userCertificate,
  x500uniqueIdentifier, preferredLanguage, userSMIMECertificate,
  userPKCS12
  (plus inherited: description, seeAlso, telephoneNumber,
   userPassword, etc.)

Keybindings

KeyAction
F6Open schema viewer
TabSwitch between Object Classes and Attribute Types
j / kScroll up/down
/Filter by name
g / HomeJump to top
G / EndJump to bottom
q / EscClose schema viewer

Common Object Classes

Standard LDAP Object Classes
  • top — Abstract base class for all entries
  • person — Basic person entry with cn and sn
  • organizationalPerson — Person with organizational attributes
  • inetOrgPerson — Internet person with email and uid
  • posixAccount — Unix/Linux account with uidNumber and gidNumber
  • groupOfNames — Group entry with member attribute
  • organizationalUnit — Organizational unit container
  • domain — Domain component entry

Build docs developers (and LLMs) love

Get started for freeTalk to us