+++ /dev/null
-[defaults]
- base_features = sparse_super,filetype,resize_inode,dir_index,ext_attr
- default_mntopts = acl,user_xattr
- enable_periodic_fsck = 0
- blocksize = 4096
- inode_size = 256
- inode_ratio = 16384
-
-[fs_types]
- ext3 = {
- features = has_journal
- }
- ext4 = {
- features = has_journal,extent,huge_file,flex_bg,uninit_bg,dir_nlink,extra_isize
- auto_64-bit_support = 1
- inode_size = 256
- }
- ext4dev = {
- features = has_journal,extent,huge_file,flex_bg,uninit_bg,dir_nlink,extra_isize
- inode_size = 256
- options = test_fs=1
- }
- small = {
- blocksize = 1024
- inode_size = 128
- inode_ratio = 4096
- }
- floppy = {
- blocksize = 1024
- inode_size = 128
- inode_ratio = 8192
- }
- big = {
- inode_ratio = 32768
- }
- huge = {
- inode_ratio = 65536
- }
- news = {
- inode_ratio = 4096
- }
- largefile = {
- inode_ratio = 1048576
- blocksize = -1
- }
- largefile4 = {
- inode_ratio = 4194304
- blocksize = -1
- }
- hurd = {
- blocksize = 4096
- inode_size = 128
- }
mkdir -p './texmf/dvips.d'
mkdir -p './unixODBC/ODBCDataSources'
maybe chmod 0755 '.'
-maybe chmod 0644 './._cfg0000_mke2fs.conf'
maybe chmod 0700 './.etckeeper'
maybe chmod 0644 './.gitignore'
maybe chmod 0600 './.pwd.lock'
maybe chmod 0755 './bash_completion.d'
maybe chown named './bind'
maybe chmod 0755 './bind'
-maybe chgrp named './bind/._cfg0000_bind.keys'
-maybe chmod 0640 './bind/._cfg0000_bind.keys'
-maybe chgrp named './bind/._cfg0000_named.conf'
-maybe chmod 0640 './bind/._cfg0000_named.conf'
maybe chgrp named './bind/bind.keys'
maybe chmod 0640 './bind/bind.keys'
maybe chmod 0644 './bind/named-acl.conf'
maybe chmod 0644 './colordiffrc'
maybe chmod 0644 './colordiffrc-lightbg'
maybe chmod 0755 './conf.d'
-maybe chmod 0644 './conf.d/._cfg0000_slapd'
maybe chmod 0644 './conf.d/apache2'
maybe chmod 0644 './conf.d/auditd'
maybe chmod 0644 './conf.d/autofs'
maybe chmod 0755 './config-archive/etc/bash'
maybe chmod 0644 './config-archive/etc/bash/bashrc'
maybe chmod 0644 './config-archive/etc/bash/bashrc.dist.new'
+maybe chmod 0755 './config-archive/etc/bind'
+maybe chmod 0640 './config-archive/etc/bind/bind.keys'
+maybe chmod 0640 './config-archive/etc/bind/bind.keys.dist'
+maybe chmod 0640 './config-archive/etc/bind/named.conf'
+maybe chmod 0640 './config-archive/etc/bind/named.conf.dist.new'
maybe chmod 0755 './config-archive/etc/conf.d'
maybe chmod 0644 './config-archive/etc/conf.d/apache2'
maybe chmod 0644 './config-archive/etc/conf.d/apache2.dist'
maybe chmod 0644 './config-archive/etc/conf.d/keymaps.dist.new'
maybe chmod 0644 './config-archive/etc/conf.d/postgresql-9.1'
maybe chmod 0644 './config-archive/etc/conf.d/postgresql-9.1.dist'
+maybe chmod 0644 './config-archive/etc/conf.d/slapd'
+maybe chmod 0644 './config-archive/etc/conf.d/slapd.dist'
maybe chmod 0644 './config-archive/etc/conf.d/udev'
maybe chmod 0644 './config-archive/etc/conf.d/udev.dist'
maybe chmod 0644 './config-archive/etc/conf.d/urandom'
maybe chmod 0755 './config-archive/etc/init.d/numlock.dist'
maybe chmod 0755 './config-archive/etc/init.d/postgresql-9.1'
maybe chmod 0755 './config-archive/etc/init.d/postgresql-9.1.dist'
+maybe chmod 0755 './config-archive/etc/init.d/slapd'
+maybe chmod 0755 './config-archive/etc/init.d/slapd.dist'
maybe chmod 0755 './config-archive/etc/init.d/staticroute'
maybe chmod 0755 './config-archive/etc/init.d/staticroute.dist'
maybe chmod 0755 './config-archive/etc/init.d/sysfs'
maybe chmod 0644 './config-archive/etc/mc/mc.keymap.emacs.dist'
maybe chmod 0644 './config-archive/etc/mc/mc.menu'
maybe chmod 0644 './config-archive/etc/mc/mc.menu.dist'
+maybe chmod 0644 './config-archive/etc/mke2fs.conf'
+maybe chmod 0644 './config-archive/etc/mke2fs.conf.dist'
maybe chmod 0755 './config-archive/etc/mysql'
maybe chmod 0644 './config-archive/etc/mysql/my.cnf'
maybe chmod 0644 './config-archive/etc/mysql/my.cnf.dist'
+maybe chmod 0755 './config-archive/etc/openldap'
+maybe chmod 0600 './config-archive/etc/openldap/DB_CONFIG.example'
+maybe chmod 0600 './config-archive/etc/openldap/DB_CONFIG.example.dist'
+maybe chmod 0755 './config-archive/etc/openldap/schema'
+maybe chmod 0444 './config-archive/etc/openldap/schema/README'
+maybe chmod 0444 './config-archive/etc/openldap/schema/README.dist'
+maybe chmod 0444 './config-archive/etc/openldap/schema/collective.schema'
+maybe chmod 0444 './config-archive/etc/openldap/schema/collective.schema.dist'
+maybe chmod 0444 './config-archive/etc/openldap/schema/corba.schema'
+maybe chmod 0444 './config-archive/etc/openldap/schema/corba.schema.dist'
+maybe chmod 0444 './config-archive/etc/openldap/schema/core.ldif'
+maybe chmod 0444 './config-archive/etc/openldap/schema/core.ldif.dist'
+maybe chmod 0444 './config-archive/etc/openldap/schema/core.schema'
+maybe chmod 0444 './config-archive/etc/openldap/schema/core.schema.dist'
+maybe chmod 0444 './config-archive/etc/openldap/schema/cosine.ldif'
+maybe chmod 0444 './config-archive/etc/openldap/schema/cosine.ldif.dist'
+maybe chmod 0444 './config-archive/etc/openldap/schema/cosine.schema'
+maybe chmod 0444 './config-archive/etc/openldap/schema/cosine.schema.dist'
+maybe chmod 0444 './config-archive/etc/openldap/schema/duaconf.schema'
+maybe chmod 0444 './config-archive/etc/openldap/schema/duaconf.schema.dist'
+maybe chmod 0444 './config-archive/etc/openldap/schema/dyngroup.ldif'
+maybe chmod 0444 './config-archive/etc/openldap/schema/dyngroup.ldif.dist'
+maybe chmod 0444 './config-archive/etc/openldap/schema/dyngroup.schema'
+maybe chmod 0444 './config-archive/etc/openldap/schema/dyngroup.schema.dist'
+maybe chmod 0444 './config-archive/etc/openldap/schema/inetorgperson.ldif'
+maybe chmod 0444 './config-archive/etc/openldap/schema/inetorgperson.ldif.dist'
+maybe chmod 0444 './config-archive/etc/openldap/schema/inetorgperson.schema'
+maybe chmod 0444 './config-archive/etc/openldap/schema/inetorgperson.schema.dist'
+maybe chmod 0444 './config-archive/etc/openldap/schema/java.schema'
+maybe chmod 0444 './config-archive/etc/openldap/schema/java.schema.dist'
+maybe chmod 0444 './config-archive/etc/openldap/schema/misc.schema'
+maybe chmod 0444 './config-archive/etc/openldap/schema/misc.schema.dist'
+maybe chmod 0444 './config-archive/etc/openldap/schema/nis.ldif'
+maybe chmod 0444 './config-archive/etc/openldap/schema/nis.ldif.dist'
+maybe chmod 0444 './config-archive/etc/openldap/schema/nis.schema'
+maybe chmod 0444 './config-archive/etc/openldap/schema/nis.schema.dist'
+maybe chmod 0444 './config-archive/etc/openldap/schema/openldap.ldif'
+maybe chmod 0444 './config-archive/etc/openldap/schema/openldap.ldif.dist'
+maybe chmod 0444 './config-archive/etc/openldap/schema/openldap.schema'
+maybe chmod 0444 './config-archive/etc/openldap/schema/openldap.schema.dist'
+maybe chmod 0444 './config-archive/etc/openldap/schema/pmi.schema'
+maybe chmod 0444 './config-archive/etc/openldap/schema/pmi.schema.dist'
+maybe chmod 0444 './config-archive/etc/openldap/schema/ppolicy.schema'
+maybe chmod 0444 './config-archive/etc/openldap/schema/ppolicy.schema.dist'
maybe chmod 0755 './config-archive/etc/pam.d'
maybe chmod 0644 './config-archive/etc/pam.d/system-login'
maybe chmod 0644 './config-archive/etc/pam.d/system-login.dist'
maybe chmod 0644 './idnalias.conf'
maybe chmod 0644 './idnalias.conf.sample'
maybe chmod 0755 './init.d'
-maybe chmod 0755 './init.d/._cfg0000_slapd'
maybe chmod 0755 './init.d/amavisd'
maybe chmod 0755 './init.d/apache2'
maybe chmod 0755 './init.d/atd'
maybe chmod 0644 './nsswitch.conf'
maybe chmod 0644 './ntp.conf'
maybe chmod 0755 './openldap'
-maybe chmod 0600 './openldap/._cfg0000_DB_CONFIG.example'
maybe chmod 0600 './openldap/DB_CONFIG.example'
maybe chmod 0644 './openldap/ldap.conf'
maybe chmod 0644 './openldap/ldap.conf.default'
maybe chmod 0755 './openldap/schema'
-maybe chmod 0444 './openldap/schema/._cfg0000_README'
-maybe chmod 0444 './openldap/schema/._cfg0000_collective.schema'
-maybe chmod 0444 './openldap/schema/._cfg0000_corba.schema'
-maybe chmod 0444 './openldap/schema/._cfg0000_core.ldif'
-maybe chmod 0444 './openldap/schema/._cfg0000_core.schema'
-maybe chmod 0444 './openldap/schema/._cfg0000_cosine.ldif'
-maybe chmod 0444 './openldap/schema/._cfg0000_cosine.schema'
-maybe chmod 0444 './openldap/schema/._cfg0000_duaconf.schema'
-maybe chmod 0444 './openldap/schema/._cfg0000_dyngroup.ldif'
-maybe chmod 0444 './openldap/schema/._cfg0000_dyngroup.schema'
-maybe chmod 0444 './openldap/schema/._cfg0000_inetorgperson.ldif'
-maybe chmod 0444 './openldap/schema/._cfg0000_inetorgperson.schema'
-maybe chmod 0444 './openldap/schema/._cfg0000_java.schema'
-maybe chmod 0444 './openldap/schema/._cfg0000_misc.schema'
-maybe chmod 0444 './openldap/schema/._cfg0000_nis.ldif'
-maybe chmod 0444 './openldap/schema/._cfg0000_nis.schema'
-maybe chmod 0444 './openldap/schema/._cfg0000_openldap.ldif'
-maybe chmod 0444 './openldap/schema/._cfg0000_openldap.schema'
-maybe chmod 0444 './openldap/schema/._cfg0000_pmi.schema'
-maybe chmod 0444 './openldap/schema/._cfg0000_ppolicy.schema'
maybe chmod 0444 './openldap/schema/README'
maybe chmod 0644 './openldap/schema/amavisd-new.schema'
maybe chmod 0644 './openldap/schema/authldap.schema'
+++ /dev/null
-/* $Id: bind.keys,v 1.7 2011-01-03 23:45:07 each Exp $ */
-# The bind.keys file is used to override the built-in DNSSEC trust anchors
-# which are included as part of BIND 9. As of the current release, the only
-# trust anchors it contains are those for the DNS root zone ("."), and for
-# the ISC DNSSEC Lookaside Validation zone ("dlv.isc.org"). Trust anchors
-# for any other zones MUST be configured elsewhere; if they are configured
-# here, they will not be recognized or used by named.
-#
-# The built-in trust anchors are provided for convenience of configuration.
-# They are not activated within named.conf unless specifically switched on.
-# To use the built-in root key, set "dnssec-validation auto;" in
-# named.conf options. To use the built-in DLV key, set
-# "dnssec-lookaside auto;". Without these options being set,
-# the keys in this file are ignored.
-#
-# This file is NOT expected to be user-configured.
-#
-# These keys are current as of January 2011. If any key fails to
-# initialize correctly, it may have expired. In that event you should
-# replace this file with a current version. The latest version of
-# bind.keys can always be obtained from ISC at https://www.isc.org/bind-keys.
-
-managed-keys {
- # ISC DLV: See https://www.isc.org/solutions/dlv for details.
- # NOTE: This key is activated by setting "dnssec-lookaside auto;"
- # in named.conf.
- dlv.isc.org. initial-key 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2
- brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+
- 1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5
- ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk
- Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM
- QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt
- TDN0YUuWrBNh";
-
- # ROOT KEY: See https://data.iana.org/root-anchors/root-anchors.xml
- # for current trust anchor information.
- # NOTE: This key is activated by setting "dnssec-validation auto;"
- # in named.conf.
- . initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF
- FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX
- bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD
- X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz
- W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS
- Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq
- QxA+Uk1ihz0=";
-};
+++ /dev/null
-/*
- * Refer to the named.conf(5) and named(8) man pages, and the documentation
- * in /usr/share/doc/bind-9 for more details.
- * Online versions of the documentation can be found here:
- * http://www.isc.org/software/bind/documentation
- *
- * If you are going to set up an authoritative server, make sure you
- * understand the hairy details of how DNS works. Even with simple mistakes,
- * you can break connectivity for affected parties, or cause huge amounts of
- * useless Internet traffic.
- */
-
-acl "xfer" {
- /* Deny transfers by default except for the listed hosts.
- * If we have other name servers, place them here.
- */
- none;
-};
-
-/*
- * You might put in here some ips which are allowed to use the cache or
- * recursive queries
- */
-acl "trusted" {
- 127.0.0.0/8;
- ::1/128;
-};
-
-options {
- directory "/var/bind";
- pid-file "/var/run/named/named.pid";
-
- /* https://www.isc.org/solutions/dlv >=bind-9.7.x only */
- //bindkeys-file "/etc/bind/bind.keys";
-
- listen-on-v6 { ::1; };
- listen-on { 127.0.0.1; };
-
- allow-query {
- /*
- * Accept queries from our "trusted" ACL. We will
- * allow anyone to query our master zones below.
- * This prevents us from becoming a free DNS server
- * to the masses.
- */
- trusted;
- };
-
- allow-query-cache {
- /* Use the cache for the "trusted" ACL. */
- trusted;
- };
-
- allow-recursion {
- /* Only trusted addresses are allowed to use recursion. */
- trusted;
- };
-
- allow-transfer {
- /* Zone tranfers are denied by default. */
- none;
- };
-
- allow-update {
- /* Don't allow updates, e.g. via nsupdate. */
- none;
- };
-
- /*
- * If you've got a DNS server around at your upstream provider, enter its
- * IP address here, and enable the line below. This will make you benefit
- * from its cache, thus reduce overall DNS traffic in the Internet.
- *
- * Uncomment the following lines to turn on DNS forwarding, and change
- * and/or update the forwarding ip address(es):
- */
-/*
- forward first;
- forwarders {
- // 123.123.123.123; // Your ISP NS
- // 124.124.124.124; // Your ISP NS
- // 4.2.2.1; // Level3 Public DNS
- // 4.2.2.2; // Level3 Public DNS
- 8.8.8.8; // Google Open DNS
- 8.8.4.4; // Google Open DNS
- };
-
-*/
-
- //dnssec-enable yes;
- //dnssec-validation yes;
-
- /*
- * As of bind 9.8.0:
- * "If the root key provided has expired,
- * named will log the expiration and validation will not work."
- */
- //dnssec-validation auto;
-
- /* if you have problems and are behind a firewall: */
- //query-source address * port 53;
-};
-
-/*
-logging {
- channel default_log {
- file "/var/log/named/named.log" versions 5 size 50M;
- print-time yes;
- print-severity yes;
- print-category yes;
- };
-
- category default { default_log; };
- category general { default_log; };
-};
-*/
-
-include "/etc/bind/rndc.key";
-controls {
- inet 127.0.0.1 port 953 allow { 127.0.0.1/32; ::1/128; } keys { "rndc-key"; };
-};
-
-zone "." in {
- type hint;
- file "/var/bind/root.cache";
-};
-
-zone "localhost" IN {
- type master;
- file "pri/localhost.zone";
- notify no;
-};
-
-zone "127.in-addr.arpa" IN {
- type master;
- file "pri/127.zone";
- notify no;
-};
-
-/*
- * Briefly, a zone which has been declared delegation-only will be effectively
- * limited to containing NS RRs for subdomains, but no actual data beyond its
- * own apex (for example, its SOA RR and apex NS RRset). This can be used to
- * filter out "wildcard" or "synthesized" data from NAT boxes or from
- * authoritative name servers whose undelegated (in-zone) data is of no
- * interest.
- * See http://www.isc.org/software/bind/delegation-only for more info
- */
-
-//zone "COM" { type delegation-only; };
-//zone "NET" { type delegation-only; };
-
-//zone "YOUR-DOMAIN.TLD" {
-// type master;
-// file "/var/bind/pri/YOUR-DOMAIN.TLD.zone";
-// allow-query { any; };
-// allow-transfer { xfer; };
-//};
-
-//zone "YOUR-SLAVE.TLD" {
-// type slave;
-// file "/var/bind/sec/YOUR-SLAVE.TLD.zone";
-// masters { <MASTER>; };
-
- /* Anybody is allowed to query but transfer should be controlled by the master. */
-// allow-query { any; };
-// allow-transfer { none; };
-
- /* The master should be the only one who notifies the slaves, shouldn't it? */
-// allow-notify { <MASTER>; };
-// notify no;
-//};
-/* $Id: bind.keys,v 1.5.42.3 2011-03-25 17:46:40 each Exp $ */
-# The bind.keys file is used to override built-in DNSSEC trust anchors
-# which are included as part of BIND 9. As of the current release (BIND
-# 9.7), the only trust anchor it sets is the one for the ISC DNSSEC
-# Lookaside Validation zone ("dlv.isc.org"). Trust anchors for any other
-# zones MUST be configured elsewhere; if they are configured here, they
-# will not be recognized or used by named.
+/* $Id: bind.keys,v 1.7 2011-01-03 23:45:07 each Exp $ */
+# The bind.keys file is used to override the built-in DNSSEC trust anchors
+# which are included as part of BIND 9. As of the current release, the only
+# trust anchors it contains are those for the DNS root zone ("."), and for
+# the ISC DNSSEC Lookaside Validation zone ("dlv.isc.org"). Trust anchors
+# for any other zones MUST be configured elsewhere; if they are configured
+# here, they will not be recognized or used by named.
#
-# This file also contains a copy of the trust anchor for the DNS root zone
-# ("."). However, named does not use it; it is provided here for
-# informational purposes only. To switch on DNSSEC validation at the
-# root, the root key below can be copied into named.conf.
-#
-# The built-in DLV trust anchor in this file is used directly by named.
-# However, it is not activated unless specifically switched on. To use
-# the DLV key, set "dnssec-lookaside auto;" in the named.conf options.
-# Without this option being set, the key in this file is ignored.
+# The built-in trust anchors are provided for convenience of configuration.
+# They are not activated within named.conf unless specifically switched on.
+# To use the built-in root key, set "dnssec-validation auto;" in
+# named.conf options. To use the built-in DLV key, set
+# "dnssec-lookaside auto;". Without these options being set,
+# the keys in this file are ignored.
#
# This file is NOT expected to be user-configured.
#
# ROOT KEY: See https://data.iana.org/root-anchors/root-anchors.xml
# for current trust anchor information.
- # NOTE: This key not active; to use it, copy it into a managed-keys
- # statement in named.conf
+ # NOTE: This key is activated by setting "dnssec-validation auto;"
+ # in named.conf.
. initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF
FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX
bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD
+++ /dev/null
-# conf.d file for openldap
-#
-# To enable both the standard unciphered server and the ssl encrypted
-# one uncomment this line or set any other server starting options
-# you may desire.
-
-# If you have multiple slapd instances per #376699, this will provide a default config
-INSTANCE="openldap${SVCNAME#slapd}"
-
-# If you use the classical configuration file:
-OPTS_CONF="-f /etc/${INSTANCE}/slapd.conf"
-# Uncomment this instead to use the new slapd.d configuration directory for openldap 2.3
-#OPTS_CONF="-F /etc/${INSTANCE}/slapd.d"
-# (the OPTS_CONF variable is also passed to slaptest during startup)
-
-OPTS="${OPTS_CONF} -h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'"
-# Optional connectionless LDAP:
-#OPTS="${OPTS_CONF} -h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock cldap://'"
-
-# If you change the above listen statement to bind on a specific IP for
-# listening, you should ensure that interface is up here (change eth0 as
-# needed).
-#rc_need="net.eth0"
-
-# Specify the kerberos keytab file
-#KRB5_KTNAME=/etc/openldap/krb5-ldap.keytab
# Set various named options here.
#
-#OPTIONS=""
+OPTIONS="-d 2"
# Set this to the number of processors you want bind to use.
# Leave this unchanged if you want bind to automatically detect the number
#rc_named_after="pg_autovacuum postgresql"
# LDAP
-#rc_named_use="ldap"
-#rc_named_after="ldap"
+rc_named_use="ldap"
+rc_named_after="ldap"
# To enable both the standard unciphered server and the ssl encrypted
# one uncomment this line or set any other server starting options
# you may desire.
-#
-# OPTS="-h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'"
-# Uncomment the below to use the new slapd configuration for openldap 2.3
-#OPTS="-F /etc/openldap/slapd.d -h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'"
+
+# If you have multiple slapd instances per #376699, this will provide a default config
+INSTANCE="openldap${SVCNAME#slapd}"
+
+# If you use the classical configuration file:
+OPTS_CONF="-f /etc/${INSTANCE}/slapd.conf"
+# Uncomment this instead to use the new slapd.d configuration directory for openldap 2.3
+#OPTS_CONF="-F /etc/${INSTANCE}/slapd.d"
+# (the OPTS_CONF variable is also passed to slaptest during startup)
+
+OPTS="${OPTS_CONF} -h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'"
+# Optional connectionless LDAP:
+#OPTS="${OPTS_CONF} -h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock cldap://'"
+
+# If you change the above listen statement to bind on a specific IP for
+# listening, you should ensure that interface is up here (change eth0 as
+# needed).
+#rc_need="net.eth0"
+
+# Specify the kerberos keytab file
+#KRB5_KTNAME=/etc/openldap/krb5-ldap.keytab
--- /dev/null
+/* $Id: bind.keys,v 1.5.42.3 2011-03-25 17:46:40 each Exp $ */
+# The bind.keys file is used to override built-in DNSSEC trust anchors
+# which are included as part of BIND 9. As of the current release (BIND
+# 9.7), the only trust anchor it sets is the one for the ISC DNSSEC
+# Lookaside Validation zone ("dlv.isc.org"). Trust anchors for any other
+# zones MUST be configured elsewhere; if they are configured here, they
+# will not be recognized or used by named.
+#
+# This file also contains a copy of the trust anchor for the DNS root zone
+# ("."). However, named does not use it; it is provided here for
+# informational purposes only. To switch on DNSSEC validation at the
+# root, the root key below can be copied into named.conf.
+#
+# The built-in DLV trust anchor in this file is used directly by named.
+# However, it is not activated unless specifically switched on. To use
+# the DLV key, set "dnssec-lookaside auto;" in the named.conf options.
+# Without this option being set, the key in this file is ignored.
+#
+# This file is NOT expected to be user-configured.
+#
+# These keys are current as of January 2011. If any key fails to
+# initialize correctly, it may have expired. In that event you should
+# replace this file with a current version. The latest version of
+# bind.keys can always be obtained from ISC at https://www.isc.org/bind-keys.
+
+managed-keys {
+ # ISC DLV: See https://www.isc.org/solutions/dlv for details.
+ # NOTE: This key is activated by setting "dnssec-lookaside auto;"
+ # in named.conf.
+ dlv.isc.org. initial-key 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2
+ brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+
+ 1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5
+ ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk
+ Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM
+ QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt
+ TDN0YUuWrBNh";
+
+ # ROOT KEY: See https://data.iana.org/root-anchors/root-anchors.xml
+ # for current trust anchor information.
+ # NOTE: This key not active; to use it, copy it into a managed-keys
+ # statement in named.conf
+ . initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF
+ FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX
+ bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD
+ X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz
+ W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS
+ Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq
+ QxA+Uk1ihz0=";
+};
--- /dev/null
+/* $Id: bind.keys,v 1.7 2011-01-03 23:45:07 each Exp $ */
+# The bind.keys file is used to override the built-in DNSSEC trust anchors
+# which are included as part of BIND 9. As of the current release, the only
+# trust anchors it contains are those for the DNS root zone ("."), and for
+# the ISC DNSSEC Lookaside Validation zone ("dlv.isc.org"). Trust anchors
+# for any other zones MUST be configured elsewhere; if they are configured
+# here, they will not be recognized or used by named.
+#
+# The built-in trust anchors are provided for convenience of configuration.
+# They are not activated within named.conf unless specifically switched on.
+# To use the built-in root key, set "dnssec-validation auto;" in
+# named.conf options. To use the built-in DLV key, set
+# "dnssec-lookaside auto;". Without these options being set,
+# the keys in this file are ignored.
+#
+# This file is NOT expected to be user-configured.
+#
+# These keys are current as of January 2011. If any key fails to
+# initialize correctly, it may have expired. In that event you should
+# replace this file with a current version. The latest version of
+# bind.keys can always be obtained from ISC at https://www.isc.org/bind-keys.
+
+managed-keys {
+ # ISC DLV: See https://www.isc.org/solutions/dlv for details.
+ # NOTE: This key is activated by setting "dnssec-lookaside auto;"
+ # in named.conf.
+ dlv.isc.org. initial-key 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2
+ brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+
+ 1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5
+ ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk
+ Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM
+ QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt
+ TDN0YUuWrBNh";
+
+ # ROOT KEY: See https://data.iana.org/root-anchors/root-anchors.xml
+ # for current trust anchor information.
+ # NOTE: This key is activated by setting "dnssec-validation auto;"
+ # in named.conf.
+ . initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF
+ FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX
+ bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD
+ X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz
+ W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS
+ Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq
+ QxA+Uk1ihz0=";
+};
--- /dev/null
+//###############################################################
+//# Bind9-Konfigurationsdatei
+//# /etc/bind/named.conf
+//#
+//# Host Helga
+//#
+//# Generiert am: 26.05.2010
+//# von: frank@brehm-online.com
+//#
+//###############################################################
+
+
+/*
+ * Refer to the named.conf(5) and named(8) man pages, and the documentation
+ * in /usr/share/doc/bind-9 for more details.
+ * Online versions of the documentation can be found here:
+ * http://www.isc.org/software/bind/documentation
+ *
+ * If you are going to set up an authoritative server, make sure you
+ * understand the hairy details of how DNS works. Even with simple mistakes,
+ * you can break connectivity for affected parties, or cause huge amounts of
+ * useless Internet traffic.
+ */
+
+//###############################################################
+//# Allgemeine Optionen
+
+options {
+
+ directory "/var/bind";
+ pid-file "/var/run/named/named.pid";
+
+ /* https://www.isc.org/solutions/dlv >=bind-9.7.x only */
+ //bindkeys-file "/etc/bind/bind.keys";
+
+ listen-on-v6 {
+ any;
+ };
+ listen-on {
+ any;
+ };
+
+ allow-notify {
+ 85.214.147.150;
+ 85.214.134.152;
+ 46.16.73.175;
+ 127.0.0.1/8;
+ ::1;
+ 2a01:238:4225:6e00:8f8c:808a:7fb8:88df;
+ 2a01:238:4239:8a00:d4da:215d:3d01:f9b9;
+ };
+
+ //dnssec-enable yes;
+ //dnssec-validation yes;
+
+ /*
+ * As of bind 9.8.0:
+ * "If the root key provided has expired,
+ * named will log the expiration and validation will not work."
+ */
+ //dnssec-validation auto;
+
+ /* if you have problems and are behind a firewall: */
+ //query-source address * port 53;
+
+ // pid-file "/var/run/named/named.pid";
+
+ version "none";
+};
+
+/*
+logging {
+ channel default_log {
+ file "/var/log/named/named.log" versions 5 size 50M;
+ print-time yes;
+ print-severity yes;
+ print-category yes;
+ };
+
+ category default { default_log; };
+ category general { default_log; };
+};
+*/
+
+// Logging
+include "/etc/bind/named-log.conf";
+
+// Managed Keys
+include "/etc/bind/bind.keys";
+
+//###############################################################
+//# Kontrollkanäle für RNDC
+
+include "/etc/bind/rndc.key";
+
+controls {
+ inet 127.0.0.1 port 953 allow {
+ 127.0.0.1;
+ ::1/128;
+ } keys {
+ "rndc-key";
+ };
+};
+
+key DYN_DNS_UPDATER {
+ algorithm hmac-md5;
+ secret "gi69Yjzo1OSPVQ/oTTgw+Q==";
+};
+
+// Access-Control-Listen
+include "/etc/bind/named-acl.conf";
+
+//###############################################################
+//# Hint-Zonen (zum Finden der Root-Server)
+
+zone "." in {
+ type hint;
+ file "/var/bind/root.cache";
+};
+
+zone "localhost" IN {
+ type master;
+ file "pri/localhost.zone";
+ notify no;
+};
+
+zone "127.in-addr.arpa" IN {
+ type master;
+ file "pri/127.zone";
+ notify no;
+};
+
+//###############################################################
+// Include der Zonendefinitionen
+
+// Master-Zonen
+include "/etc/bind/named-pri.conf";
+
+// Dynamische Zonen
+include "/etc/bind/named-dyn.conf";
+
+// Slave-Zonen
+include "/etc/bind/named-sec.conf";
+
+# vim: ts=4 filetype=named noai
--- /dev/null
+/*
+ * Refer to the named.conf(5) and named(8) man pages, and the documentation
+ * in /usr/share/doc/bind-9 for more details.
+ * Online versions of the documentation can be found here:
+ * http://www.isc.org/software/bind/documentation
+ *
+ * If you are going to set up an authoritative server, make sure you
+ * understand the hairy details of how DNS works. Even with simple mistakes,
+ * you can break connectivity for affected parties, or cause huge amounts of
+ * useless Internet traffic.
+ */
+
+acl "xfer" {
+ /* Deny transfers by default except for the listed hosts.
+ * If we have other name servers, place them here.
+ */
+ none;
+};
+
+/*
+ * You might put in here some ips which are allowed to use the cache or
+ * recursive queries
+ */
+acl "trusted" {
+ 127.0.0.0/8;
+ ::1/128;
+};
+
+options {
+ directory "/var/bind";
+ pid-file "/var/run/named/named.pid";
+
+ /* https://www.isc.org/solutions/dlv >=bind-9.7.x only */
+ //bindkeys-file "/etc/bind/bind.keys";
+
+ listen-on-v6 { ::1; };
+ listen-on { 127.0.0.1; };
+
+ allow-query {
+ /*
+ * Accept queries from our "trusted" ACL. We will
+ * allow anyone to query our master zones below.
+ * This prevents us from becoming a free DNS server
+ * to the masses.
+ */
+ trusted;
+ };
+
+ allow-query-cache {
+ /* Use the cache for the "trusted" ACL. */
+ trusted;
+ };
+
+ allow-recursion {
+ /* Only trusted addresses are allowed to use recursion. */
+ trusted;
+ };
+
+ allow-transfer {
+ /* Zone tranfers are denied by default. */
+ none;
+ };
+
+ allow-update {
+ /* Don't allow updates, e.g. via nsupdate. */
+ none;
+ };
+
+ /*
+ * If you've got a DNS server around at your upstream provider, enter its
+ * IP address here, and enable the line below. This will make you benefit
+ * from its cache, thus reduce overall DNS traffic in the Internet.
+ *
+ * Uncomment the following lines to turn on DNS forwarding, and change
+ * and/or update the forwarding ip address(es):
+ */
+/*
+ forward first;
+ forwarders {
+ // 123.123.123.123; // Your ISP NS
+ // 124.124.124.124; // Your ISP NS
+ // 4.2.2.1; // Level3 Public DNS
+ // 4.2.2.2; // Level3 Public DNS
+ 8.8.8.8; // Google Open DNS
+ 8.8.4.4; // Google Open DNS
+ };
+
+*/
+
+ //dnssec-enable yes;
+ //dnssec-validation yes;
+
+ /*
+ * As of bind 9.8.0:
+ * "If the root key provided has expired,
+ * named will log the expiration and validation will not work."
+ */
+ //dnssec-validation auto;
+
+ /* if you have problems and are behind a firewall: */
+ //query-source address * port 53;
+};
+
+/*
+logging {
+ channel default_log {
+ file "/var/log/named/named.log" versions 5 size 50M;
+ print-time yes;
+ print-severity yes;
+ print-category yes;
+ };
+
+ category default { default_log; };
+ category general { default_log; };
+};
+*/
+
+include "/etc/bind/rndc.key";
+controls {
+ inet 127.0.0.1 port 953 allow { 127.0.0.1/32; ::1/128; } keys { "rndc-key"; };
+};
+
+zone "." in {
+ type hint;
+ file "/var/bind/root.cache";
+};
+
+zone "localhost" IN {
+ type master;
+ file "pri/localhost.zone";
+ notify no;
+};
+
+zone "127.in-addr.arpa" IN {
+ type master;
+ file "pri/127.zone";
+ notify no;
+};
+
+/*
+ * Briefly, a zone which has been declared delegation-only will be effectively
+ * limited to containing NS RRs for subdomains, but no actual data beyond its
+ * own apex (for example, its SOA RR and apex NS RRset). This can be used to
+ * filter out "wildcard" or "synthesized" data from NAT boxes or from
+ * authoritative name servers whose undelegated (in-zone) data is of no
+ * interest.
+ * See http://www.isc.org/software/bind/delegation-only for more info
+ */
+
+//zone "COM" { type delegation-only; };
+//zone "NET" { type delegation-only; };
+
+//zone "YOUR-DOMAIN.TLD" {
+// type master;
+// file "/var/bind/pri/YOUR-DOMAIN.TLD.zone";
+// allow-query { any; };
+// allow-transfer { xfer; };
+//};
+
+//zone "YOUR-SLAVE.TLD" {
+// type slave;
+// file "/var/bind/sec/YOUR-SLAVE.TLD.zone";
+// masters { <MASTER>; };
+
+ /* Anybody is allowed to query but transfer should be controlled by the master. */
+// allow-query { any; };
+// allow-transfer { none; };
+
+ /* The master should be the only one who notifies the slaves, shouldn't it? */
+// allow-notify { <MASTER>; };
+// notify no;
+//};
--- /dev/null
+# conf.d file for openldap
+#
+# To enable both the standard unciphered server and the ssl encrypted
+# one uncomment this line or set any other server starting options
+# you may desire.
+#
+# OPTS="-h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'"
+# Uncomment the below to use the new slapd configuration for openldap 2.3
+#OPTS="-F /etc/openldap/slapd.d -h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'"
--- /dev/null
+# conf.d file for openldap
+#
+# To enable both the standard unciphered server and the ssl encrypted
+# one uncomment this line or set any other server starting options
+# you may desire.
+
+# If you have multiple slapd instances per #376699, this will provide a default config
+INSTANCE="openldap${SVCNAME#slapd}"
+
+# If you use the classical configuration file:
+OPTS_CONF="-f /etc/${INSTANCE}/slapd.conf"
+# Uncomment this instead to use the new slapd.d configuration directory for openldap 2.3
+#OPTS_CONF="-F /etc/${INSTANCE}/slapd.d"
+# (the OPTS_CONF variable is also passed to slaptest during startup)
+
+OPTS="${OPTS_CONF} -h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'"
+# Optional connectionless LDAP:
+#OPTS="${OPTS_CONF} -h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock cldap://'"
+
+# If you change the above listen statement to bind on a specific IP for
+# listening, you should ensure that interface is up here (change eth0 as
+# needed).
+#rc_need="net.eth0"
+
+# Specify the kerberos keytab file
+#KRB5_KTNAME=/etc/openldap/krb5-ldap.keytab
--- /dev/null
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/files/slapd-initd2,v 1.1 2010/04/11 15:14:48 jokey Exp $
+
+depend() {
+ need net
+ before dbus hald avahi-daemon
+ provide ldap
+}
+
+start() {
+ ebegin "Starting ldap-server"
+ eval start-stop-daemon --start --pidfile /var/run/openldap/slapd.pid --exec /usr/lib64/openldap/slapd -- -u ldap -g ldap "${OPTS}"
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping ldap-server"
+ start-stop-daemon --stop --signal 2 --quiet --pidfile /var/run/openldap/slapd.pid
+ eend $?
+}
--- /dev/null
+#!/sbin/runscript
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/files/slapd-initd-2.4.28-r1,v 1.2 2012/02/12 21:35:04 robbat2 Exp $
+
+extra_commands="checkconfig"
+
+[ -z "$INSTANCE" ] && INSTANCE="openldap${SVCNAME#slapd}"
+
+depend() {
+ need net
+ before dbus hald
+ provide ldap
+}
+
+start() {
+ if ! checkconfig -Q ; then
+ eerror "There is a problem with your slapd.conf!"
+ return 1
+ fi
+ ebegin "Starting ldap-server"
+ [ -n "$KRB5_KTNAME" ] && export KRB5_KTNAME
+ eval start-stop-daemon --start --pidfile /var/run/openldap/${SVCNAME}.pid --exec /usr/lib64/openldap/slapd -- -u ldap -g ldap "${OPTS}"
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping ldap-server"
+ start-stop-daemon --stop --signal 2 --quiet --pidfile /var/run/openldap/${SVCNAME}.pid
+ eend $?
+}
+
+checkconfig() {
+ /usr/sbin/slaptest -u "$@" ${OPTS_CONF}
+}
--- /dev/null
+[defaults]
+ base_features = sparse_super,filetype,resize_inode,dir_index,ext_attr
+ blocksize = 4096
+ inode_size = 256
+ inode_ratio = 16384
+
+[fs_types]
+ ext3 = {
+ features = has_journal
+ }
+ ext4 = {
+ features = has_journal,extent,huge_file,flex_bg,uninit_bg,dir_nlink,extra_isize
+ inode_size = 256
+ }
+ ext4dev = {
+ features = has_journal,extent,huge_file,flex_bg,uninit_bg,dir_nlink,extra_isize
+ inode_size = 256
+ options = test_fs=1
+ }
+ small = {
+ blocksize = 1024
+ inode_size = 128
+ inode_ratio = 4096
+ }
+ floppy = {
+ blocksize = 1024
+ inode_size = 128
+ inode_ratio = 8192
+ }
+ news = {
+ inode_ratio = 4096
+ }
+ largefile = {
+ inode_ratio = 1048576
+ blocksize = -1
+ }
+ largefile4 = {
+ inode_ratio = 4194304
+ blocksize = -1
+ }
+ hurd = {
+ blocksize = 4096
+ inode_size = 128
+ }
--- /dev/null
+[defaults]
+ base_features = sparse_super,filetype,resize_inode,dir_index,ext_attr
+ default_mntopts = acl,user_xattr
+ enable_periodic_fsck = 0
+ blocksize = 4096
+ inode_size = 256
+ inode_ratio = 16384
+
+[fs_types]
+ ext3 = {
+ features = has_journal
+ }
+ ext4 = {
+ features = has_journal,extent,huge_file,flex_bg,uninit_bg,dir_nlink,extra_isize
+ auto_64-bit_support = 1
+ inode_size = 256
+ }
+ ext4dev = {
+ features = has_journal,extent,huge_file,flex_bg,uninit_bg,dir_nlink,extra_isize
+ inode_size = 256
+ options = test_fs=1
+ }
+ small = {
+ blocksize = 1024
+ inode_size = 128
+ inode_ratio = 4096
+ }
+ floppy = {
+ blocksize = 1024
+ inode_size = 128
+ inode_ratio = 8192
+ }
+ big = {
+ inode_ratio = 32768
+ }
+ huge = {
+ inode_ratio = 65536
+ }
+ news = {
+ inode_ratio = 4096
+ }
+ largefile = {
+ inode_ratio = 1048576
+ blocksize = -1
+ }
+ largefile4 = {
+ inode_ratio = 4194304
+ blocksize = -1
+ }
+ hurd = {
+ blocksize = 4096
+ inode_size = 128
+ }
--- /dev/null
+# $OpenLDAP: pkg/ldap/servers/slapd/DB_CONFIG,v 1.3.2.4 2007/12/18 11:53:27 ghenry Exp $
+# Example DB_CONFIG file for use with slapd(8) BDB/HDB databases.
+#
+# See the Oracle Berkeley DB documentation
+# <http://www.oracle.com/technology/documentation/berkeley-db/db/ref/env/db_config.html>
+# for detail description of DB_CONFIG syntax and semantics.
+#
+# Hints can also be found in the OpenLDAP Software FAQ
+# <http://www.openldap.org/faq/index.cgi?file=2>
+# in particular:
+# <http://www.openldap.org/faq/index.cgi?file=1075>
+
+# Note: most DB_CONFIG settings will take effect only upon rebuilding
+# the DB environment.
+
+# one 0.25 GB cache
+set_cachesize 0 268435456 1
+
+# Data Directory
+#set_data_dir db
+
+# Transaction Log settings
+set_lg_regionmax 262144
+set_lg_bsize 2097152
+#set_lg_dir logs
+
+# Note: special DB_CONFIG flags are no longer needed for "quick"
+# slapadd(8) or slapindex(8) access (see their -q option).
--- /dev/null
+# $OpenLDAP$
+# Example DB_CONFIG file for use with slapd(8) BDB/HDB databases.
+#
+# See the Oracle Berkeley DB documentation
+# <http://www.oracle.com/technology/documentation/berkeley-db/db/ref/env/db_config.html>
+# for detail description of DB_CONFIG syntax and semantics.
+#
+# Hints can also be found in the OpenLDAP Software FAQ
+# <http://www.openldap.org/faq/index.cgi?file=2>
+# in particular:
+# <http://www.openldap.org/faq/index.cgi?file=1075>
+
+# Note: most DB_CONFIG settings will take effect only upon rebuilding
+# the DB environment.
+
+# one 0.25 GB cache
+set_cachesize 0 268435456 1
+
+# Data Directory
+#set_data_dir db
+
+# Transaction Log settings
+set_lg_regionmax 262144
+set_lg_bsize 2097152
+#set_lg_dir logs
+
+# Note: special DB_CONFIG flags are no longer needed for "quick"
+# slapadd(8) or slapindex(8) access (see their -q option).
--- /dev/null
+This directory contains user application schema definitions for use
+with slapd(8).
+
+File Description
+---- -----------
+collective.schema Collective attributes (experimental)
+corba.schema Corba Object
+core.schema OpenLDAP "core"
+cosine.schema COSINE Pilot
+duaconf.schema Client Configuration (work in progress)
+dyngroup.schema Dynamic Group (experimental)
+inetorgperson.schema InetOrgPerson
+java.schema Java Object
+misc.schema Miscellaneous Schema (experimental)
+nadf.schema North American Directory Forum (obsolete)
+nis.schema Network Information Service (experimental)
+openldap.schema OpenLDAP Project (FYI)
+ppolicy.schema Password Policy Schema (work in progress)
+
+Additional "generally useful" schema definitions can be submitted
+using the OpenLDAP Issue Tracking System <http://www.openldap.org/its/>.
+Submissions should include a stable reference to a mature, open
+technical specification (e.g., an RFC) for the schema.
+
+The core.ldif and openldap.ldif files are equivalent to their
+corresponding .schema files. They have been provided as examples
+for use with the dynamic configuration backend. These example files
+are not actually necessary since slapd will automatically convert any
+included *.schema files into LDIF when converting a slapd.conf file
+to a configuration database, but they serve as a model of how to
+convert schema files in general.
+
+---
+
+This notice applies to all files in this directory.
+
+Copyright 1998-2011 The OpenLDAP Foundation, Redwood City, California, USA
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted only as authorized by the OpenLDAP
+Public License. A copy of this license is available at
+http://www.OpenLDAP.org/license.html or in file LICENSE in the
+top-level directory of the distribution.
+
+---
+
+This notice applies to all schema in this directory which are derived
+from RFCs and other IETF documents.
+
+Portions Copyright 1991-2004, The Internet Society. All Rights Reserved.
+
+This document and translations of it may be copied and furnished
+to others, and derivative works that comment on or otherwise explain
+it or assist in its implementation may be prepared, copied, published
+and distributed, in whole or in part, without restriction of any
+kind, provided that the above copyright notice and this paragraph
+are included on all such copies and derivative works. However,
+this document itself may not be modified in any way, such as by
+removing the copyright notice or references to the Internet Society
+or other Internet organizations, except as needed for the purpose
+of developing Internet standards in which case the procedures for
+copyrights defined in the Internet Standards process must be
+followed, or as required to translate it into languages other than
+English.
+
+The limited permissions granted above are perpetual and will not
+be revoked by the Internet Society or its successors or assigns.
+
+This document and the information contained herein is provided on
+an "AS IS" basis and THE AUTHORS, THE INTERNET SOCIETY, AND THE
+INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS
+OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE
+OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY
+IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR
+PURPOSE.
+
+
+---
+$OpenLDAP: pkg/ldap/servers/slapd/schema/README,v 1.29.2.6 2011/01/04 23:50:51 kurt Exp $
--- /dev/null
+This directory contains user application schema definitions for use
+with slapd(8).
+
+File Description
+---- -----------
+collective.schema Collective attributes (experimental)
+corba.schema Corba Object
+core.schema OpenLDAP "core"
+cosine.schema COSINE Pilot
+duaconf.schema Client Configuration (work in progress)
+dyngroup.schema Dynamic Group (experimental)
+inetorgperson.schema InetOrgPerson
+java.schema Java Object
+misc.schema Miscellaneous Schema (experimental)
+nadf.schema North American Directory Forum (obsolete)
+nis.schema Network Information Service (experimental)
+openldap.schema OpenLDAP Project (FYI)
+ppolicy.schema Password Policy Schema (work in progress)
+
+Additional "generally useful" schema definitions can be submitted
+using the OpenLDAP Issue Tracking System <http://www.openldap.org/its/>.
+Submissions should include a stable reference to a mature, open
+technical specification (e.g., an RFC) for the schema.
+
+The core.ldif and openldap.ldif files are equivalent to their
+corresponding .schema files. They have been provided as examples
+for use with the dynamic configuration backend. These example files
+are not actually necessary since slapd will automatically convert any
+included *.schema files into LDIF when converting a slapd.conf file
+to a configuration database, but they serve as a model of how to
+convert schema files in general.
+
+---
+
+This notice applies to all files in this directory.
+
+Copyright 1998-2011 The OpenLDAP Foundation, Redwood City, California, USA
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted only as authorized by the OpenLDAP
+Public License. A copy of this license is available at
+http://www.OpenLDAP.org/license.html or in file LICENSE in the
+top-level directory of the distribution.
+
+---
+
+This notice applies to all schema in this directory which are derived
+from RFCs and other IETF documents.
+
+Portions Copyright 1991-2004, The Internet Society. All Rights Reserved.
+
+This document and translations of it may be copied and furnished
+to others, and derivative works that comment on or otherwise explain
+it or assist in its implementation may be prepared, copied, published
+and distributed, in whole or in part, without restriction of any
+kind, provided that the above copyright notice and this paragraph
+are included on all such copies and derivative works. However,
+this document itself may not be modified in any way, such as by
+removing the copyright notice or references to the Internet Society
+or other Internet organizations, except as needed for the purpose
+of developing Internet standards in which case the procedures for
+copyrights defined in the Internet Standards process must be
+followed, or as required to translate it into languages other than
+English.
+
+The limited permissions granted above are perpetual and will not
+be revoked by the Internet Society or its successors or assigns.
+
+This document and the information contained herein is provided on
+an "AS IS" basis and THE AUTHORS, THE INTERNET SOCIETY, AND THE
+INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS
+OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE
+OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY
+IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR
+PURPOSE.
+
+
+---
+$OpenLDAP$
--- /dev/null
+# collective.schema -- Collective attribute schema
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/collective.schema,v 1.12.2.6 2011/01/04 23:50:51 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2011 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+## Portions Copyright (C) The Internet Society (2003).
+## Please see full copyright statement below.
+
+# From RFC 3671 [portions trimmed]:
+# Collective Attributes in LDAP
+
+#Abstract
+#
+# X.500 collective attributes allow common characteristics to be shared
+# between collections of entries. This document summarizes the X.500
+# information model for collective attributes and describes use of
+# collective attributes in LDAP (Lightweight Directory Access Protocol).
+# This document provides schema definitions for collective attributes
+# for use in LDAP.
+
+#3. Collective Attribute Types
+#
+# A userApplications attribute type can be defined to be COLLECTIVE
+# [RFC2252]. This indicates that the same attribute values will appear
+# in the entries of an entry collection subject to the use of the
+# collectiveExclusions attribute and other administrative controls.
+#
+# Collective attribute types are commonly defined as subtypes of non-
+# collective attribute types. By convention, collective attributes are
+# named by prefixing the name of their non-collective supertype with
+# "c-". For example, the collective telephone attribute is named
+# c-TelephoneNumber after its non-collective supertype telephoneNumber.
+#
+# Non-collective attributes types SHALL NOT subtype collective
+# attributes.
+#
+# Collective attributes SHALL NOT be SINGLE-VALUED. Collective
+# attribute types SHALL NOT appear in the attribute types of an object
+# class definition.
+#
+# Operational attributes SHALL NOT be defined to be collective.
+#
+# The remainder of section provides a summary of collective attributes
+# derived from those defined in [X.520]. Implementations of this
+# specification SHOULD support the following collective attributes and
+# MAY support additional collective attributes.
+#
+#
+#3.1. Collective Locality Name
+#
+# The c-l attribute type specifies a locality name for a collection of
+# entries.
+#
+attributeType ( 2.5.4.7.1 NAME 'c-l'
+ SUP l COLLECTIVE )
+#
+#
+#3.2. Collective State or Province Name
+#
+# The c-st attribute type specifies a state or province name for a
+# collection of entries.
+#
+attributeType ( 2.5.4.8.1 NAME 'c-st'
+ SUP st COLLECTIVE )
+#
+#
+#3.3. Collective Street Address
+#
+# The c-street attribute type specifies a street address for a
+# collection of entries.
+#
+attributeType ( 2.5.4.9.1 NAME 'c-street'
+ SUP street COLLECTIVE )
+#
+#
+#3.4. Collective Organization Name
+#
+# The c-o attribute type specifies an organization name for a collection
+# of entries.
+#
+attributeType ( 2.5.4.10.1 NAME 'c-o'
+ SUP o COLLECTIVE )
+#
+#
+#3.5. Collective Organizational Unit Name
+#
+# The c-ou attribute type specifies an organizational unit name for a
+# collection of entries.
+#
+attributeType ( 2.5.4.11.1 NAME 'c-ou'
+ SUP ou COLLECTIVE )
+#
+#
+#3.6. Collective Postal Address
+#
+# The c-PostalAddress attribute type specifies a postal address for a
+# collection of entries.
+#
+attributeType ( 2.5.4.16.1 NAME 'c-PostalAddress'
+ SUP postalAddress COLLECTIVE )
+#
+#
+#3.7. Collective Postal Code
+#
+# The c-PostalCode attribute type specifies a postal code for a
+# collection of entries.
+#
+attributeType ( 2.5.4.17.1 NAME 'c-PostalCode'
+ SUP postalCode COLLECTIVE )
+#
+#
+#3.8. Collective Post Office Box
+#
+# The c-PostOfficeBox attribute type specifies a post office box for a
+# collection of entries.
+#
+attributeType ( 2.5.4.18.1 NAME 'c-PostOfficeBox'
+ SUP postOfficeBox COLLECTIVE )
+#
+#
+#3.9. Collective Physical Delivery Office Name
+#
+# The c-PhysicalDeliveryOfficeName attribute type specifies a physical
+# delivery office name for a collection of entries.
+#
+attributeType ( 2.5.4.19.1 NAME 'c-PhysicalDeliveryOfficeName'
+ SUP physicalDeliveryOfficeName COLLECTIVE )
+#
+#
+#3.10. Collective Telephone Number
+#
+# The c-TelephoneNumber attribute type specifies a telephone number for
+# a collection of entries.
+#
+attributeType ( 2.5.4.20.1 NAME 'c-TelephoneNumber'
+ SUP telephoneNumber COLLECTIVE )
+#
+#
+#3.11. Collective Telex Number
+#
+# The c-TelexNumber attribute type specifies a telex number for a
+# collection of entries.
+#
+attributeType ( 2.5.4.21.1 NAME 'c-TelexNumber'
+ SUP telexNumber COLLECTIVE )
+#
+#
+#3.13. Collective Facsimile Telephone Number
+#
+# The c-FacsimileTelephoneNumber attribute type specifies a facsimile
+# telephone number for a collection of entries.
+#
+attributeType ( 2.5.4.23.1 NAME 'c-FacsimileTelephoneNumber'
+ SUP facsimileTelephoneNumber COLLECTIVE )
+#
+#
+#3.14. Collective International ISDN Number
+#
+# The c-InternationalISDNNumber attribute type specifies an
+# international ISDN number for a collection of entries.
+#
+attributeType ( 2.5.4.25.1 NAME 'c-InternationalISDNNumber'
+ SUP internationalISDNNumber COLLECTIVE )
+
+# Full Copyright
+#
+# Copyright (C) The Internet Society (2003). All Rights Reserved.
+#
+# This document and translations of it may be copied and furnished
+# to others, and derivative works that comment on or otherwise explain
+# it or assist in its implmentation may be prepared, copied, published
+# and distributed, in whole or in part, without restriction of any
+# kind, provided that the above copyright notice and this paragraph
+# are included on all such copies and derivative works. However,
+# this document itself may not be modified in any way, such as by
+# removing the copyright notice or references to the Internet Society
+# or other Internet organizations, except as needed for the purpose
+# of developing Internet standards in which case the procedures for
+# copyrights defined in the Internet Standards process must be followed,
+# or as required to translate it into languages other than English.
--- /dev/null
+# collective.schema -- Collective attribute schema
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2011 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+## Portions Copyright (C) The Internet Society (2003).
+## Please see full copyright statement below.
+
+# From RFC 3671 [portions trimmed]:
+# Collective Attributes in LDAP
+
+#Abstract
+#
+# X.500 collective attributes allow common characteristics to be shared
+# between collections of entries. This document summarizes the X.500
+# information model for collective attributes and describes use of
+# collective attributes in LDAP (Lightweight Directory Access Protocol).
+# This document provides schema definitions for collective attributes
+# for use in LDAP.
+
+#3. Collective Attribute Types
+#
+# A userApplications attribute type can be defined to be COLLECTIVE
+# [RFC2252]. This indicates that the same attribute values will appear
+# in the entries of an entry collection subject to the use of the
+# collectiveExclusions attribute and other administrative controls.
+#
+# Collective attribute types are commonly defined as subtypes of non-
+# collective attribute types. By convention, collective attributes are
+# named by prefixing the name of their non-collective supertype with
+# "c-". For example, the collective telephone attribute is named
+# c-TelephoneNumber after its non-collective supertype telephoneNumber.
+#
+# Non-collective attributes types SHALL NOT subtype collective
+# attributes.
+#
+# Collective attributes SHALL NOT be SINGLE-VALUED. Collective
+# attribute types SHALL NOT appear in the attribute types of an object
+# class definition.
+#
+# Operational attributes SHALL NOT be defined to be collective.
+#
+# The remainder of section provides a summary of collective attributes
+# derived from those defined in [X.520]. Implementations of this
+# specification SHOULD support the following collective attributes and
+# MAY support additional collective attributes.
+#
+#
+#3.1. Collective Locality Name
+#
+# The c-l attribute type specifies a locality name for a collection of
+# entries.
+#
+attributeType ( 2.5.4.7.1 NAME 'c-l'
+ SUP l COLLECTIVE )
+#
+#
+#3.2. Collective State or Province Name
+#
+# The c-st attribute type specifies a state or province name for a
+# collection of entries.
+#
+attributeType ( 2.5.4.8.1 NAME 'c-st'
+ SUP st COLLECTIVE )
+#
+#
+#3.3. Collective Street Address
+#
+# The c-street attribute type specifies a street address for a
+# collection of entries.
+#
+attributeType ( 2.5.4.9.1 NAME 'c-street'
+ SUP street COLLECTIVE )
+#
+#
+#3.4. Collective Organization Name
+#
+# The c-o attribute type specifies an organization name for a collection
+# of entries.
+#
+attributeType ( 2.5.4.10.1 NAME 'c-o'
+ SUP o COLLECTIVE )
+#
+#
+#3.5. Collective Organizational Unit Name
+#
+# The c-ou attribute type specifies an organizational unit name for a
+# collection of entries.
+#
+attributeType ( 2.5.4.11.1 NAME 'c-ou'
+ SUP ou COLLECTIVE )
+#
+#
+#3.6. Collective Postal Address
+#
+# The c-PostalAddress attribute type specifies a postal address for a
+# collection of entries.
+#
+attributeType ( 2.5.4.16.1 NAME 'c-PostalAddress'
+ SUP postalAddress COLLECTIVE )
+#
+#
+#3.7. Collective Postal Code
+#
+# The c-PostalCode attribute type specifies a postal code for a
+# collection of entries.
+#
+attributeType ( 2.5.4.17.1 NAME 'c-PostalCode'
+ SUP postalCode COLLECTIVE )
+#
+#
+#3.8. Collective Post Office Box
+#
+# The c-PostOfficeBox attribute type specifies a post office box for a
+# collection of entries.
+#
+attributeType ( 2.5.4.18.1 NAME 'c-PostOfficeBox'
+ SUP postOfficeBox COLLECTIVE )
+#
+#
+#3.9. Collective Physical Delivery Office Name
+#
+# The c-PhysicalDeliveryOfficeName attribute type specifies a physical
+# delivery office name for a collection of entries.
+#
+attributeType ( 2.5.4.19.1 NAME 'c-PhysicalDeliveryOfficeName'
+ SUP physicalDeliveryOfficeName COLLECTIVE )
+#
+#
+#3.10. Collective Telephone Number
+#
+# The c-TelephoneNumber attribute type specifies a telephone number for
+# a collection of entries.
+#
+attributeType ( 2.5.4.20.1 NAME 'c-TelephoneNumber'
+ SUP telephoneNumber COLLECTIVE )
+#
+#
+#3.11. Collective Telex Number
+#
+# The c-TelexNumber attribute type specifies a telex number for a
+# collection of entries.
+#
+attributeType ( 2.5.4.21.1 NAME 'c-TelexNumber'
+ SUP telexNumber COLLECTIVE )
+#
+#
+#3.13. Collective Facsimile Telephone Number
+#
+# The c-FacsimileTelephoneNumber attribute type specifies a facsimile
+# telephone number for a collection of entries.
+#
+attributeType ( 2.5.4.23.1 NAME 'c-FacsimileTelephoneNumber'
+ SUP facsimileTelephoneNumber COLLECTIVE )
+#
+#
+#3.14. Collective International ISDN Number
+#
+# The c-InternationalISDNNumber attribute type specifies an
+# international ISDN number for a collection of entries.
+#
+attributeType ( 2.5.4.25.1 NAME 'c-InternationalISDNNumber'
+ SUP internationalISDNNumber COLLECTIVE )
+
+# Full Copyright
+#
+# Copyright (C) The Internet Society (2003). All Rights Reserved.
+#
+# This document and translations of it may be copied and furnished
+# to others, and derivative works that comment on or otherwise explain
+# it or assist in its implmentation may be prepared, copied, published
+# and distributed, in whole or in part, without restriction of any
+# kind, provided that the above copyright notice and this paragraph
+# are included on all such copies and derivative works. However,
+# this document itself may not be modified in any way, such as by
+# removing the copyright notice or references to the Internet Society
+# or other Internet organizations, except as needed for the purpose
+# of developing Internet standards in which case the procedures for
+# copyrights defined in the Internet Standards process must be followed,
+# or as required to translate it into languages other than English.
--- /dev/null
+# corba.schema -- Corba Object Schema
+# depends upon core.schema
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/corba.schema,v 1.7.2.6 2011/01/04 23:50:51 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/corba.schema,v 1.7.2.6 2011/01/04 23:50:51 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2011 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+## Portions Copyright (C) The Internet Society (1999).
+## Please see full copyright statement below.
+
+
+# Network Working Group V. Ryan
+# Request for Comments: 2714 R. Lee
+# Category: Informational S. Seligman
+# Sun Microsystems, Inc.
+# October 1999
+#
+#
+# Schema for Representing CORBA Object References in an LDAP Directory
+#
+# Status of this Memo
+#
+# This memo provides information for the Internet community. It does
+# not specify an Internet standard of any kind. Distribution of this
+# memo is unlimited.
+#
+# Copyright Notice
+#
+# Copyright (C) The Internet Society (1999). All Rights Reserved.
+#
+# Abstract
+#
+# CORBA [CORBA] is the Common Object Request Broker Architecture
+# defined by the Object Management Group. This document defines the
+# schema for representing CORBA object references in an LDAP directory
+# [LDAPv3].
+#
+# [trimmed]
+
+# 3. Attribute Type Definitions
+#
+# The following attribute types are defined in this document:
+#
+# corbaIor
+# corbaRepositoryId
+#
+# 3.1 corbaIor
+#
+# This attribute stores the string representation of the interoperable
+# object reference (IOR) for a CORBA object. An IOR is an opaque handle
+# for the object which contains the information necessary to locate the
+# object, even if the object is in another ORB.
+#
+# This attribute's syntax is 'IA5 String' and its case is
+# insignificant.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.1.14
+# NAME 'corbaIor'
+# DESC 'Stringified interoperable object reference of a CORBA object'
+# EQUALITY caseIgnoreIA5Match
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+# SINGLE-VALUE
+# )
+#
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.14
+ NAME 'corbaIor'
+ DESC 'Stringified interoperable object reference of a CORBA object'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE )
+
+# 3.2 corbaRepositoryId
+#
+# Each CORBA interface has a unique "repository id" (also called "type
+# id") that identifies the interface. A CORBA object has one or more
+# repository ids, one for each interface that it implements.
+#
+# The format of a repository id can be any string, but the OMG
+# specifies four standard formats:
+#
+# a. IDL-style
+#
+# IDL:Prefix/ModuleName/InterfaceName:VersionNumber
+#
+# For example, the repository id for the "NamingContext" in OMG's COS
+# Naming module is: "IDL:omg.org/CosNaming/NamingContext:1.0".
+#
+# b. RMI-style
+#
+# RMI:ClassName:HashCode[:SUID]
+#
+# This format is used by RMI-IIOP remote objects [RMI-IIOP].
+# "ClassName" is the fully qualified name of the class (for example,
+# "java.lang.String"). "HashCode" is the object's hash code (that is,
+# that obtained by invoking the "hashCode()" method). "SUID" is the
+# "stream unique identifier", which is a 64-bit number that uniquely
+# identifies the serialization version of the class; SUID is optional
+# in the repository id.
+#
+# c. DCE-style
+#
+# DCE:UUID
+#
+# This format is used for DCE/CORBA interoperability [CORBA-DCE].
+# "UUID" represents a DCE UUID.
+#
+# d. "local"
+#
+# This format is defined by the local Object Request Broker (ORB).
+#
+# The corbaRepositoryId attribute is a multivalued attribute; each
+# value records a single repository id of an interface implemented by
+# the CORBA object. This attribute need not contain a complete list of
+# the interfaces implemented by the CORBA object.
+#
+# This attribute's syntax is 'Directory String' and its case is
+# significant. The values of this attribute are encoded using UTF-8.
+# Some values may require translation from their native representation
+# in order to be correctly encoded using UTF-8.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.1.15
+# NAME 'corbaRepositoryId'
+# DESC 'Repository ids of interfaces implemented by a CORBA object'
+# EQUALITY caseExactMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+# )
+#
+#
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.15
+ NAME 'corbaRepositoryId'
+ DESC 'Repository ids of interfaces implemented by a CORBA object'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+# 4. Object Class Definitions
+#
+# The following object classes are defined in this document:
+#
+# corbaContainer
+# corbaObject
+# corbaObjectReference
+#
+# 4.1 corbaContainer
+#
+# This structural object class represents a container for a CORBA
+# object.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.2.10
+# NAME 'corbaContainer'
+# DESC 'Container for a CORBA object'
+# SUP top
+# STRUCTURAL
+# MUST ( cn )
+# )
+#
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.10
+ NAME 'corbaContainer'
+ DESC 'Container for a CORBA object'
+ SUP top
+ STRUCTURAL
+ MUST cn )
+
+# 4.2 corbaObject
+#
+# This abstract object class is the root class for representing a CORBA
+# object.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.2.9
+# NAME 'corbaObject'
+# DESC 'CORBA object representation'
+# SUP top
+# ABSTRACT
+# MAY ( corbaRepositoryId $ description )
+# )
+#
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.9
+ NAME 'corbaObject'
+ DESC 'CORBA object representation'
+ SUP top
+ ABSTRACT
+ MAY ( corbaRepositoryId $ description ) )
+
+# 4.3 corbaObjectReference
+#
+# This auxiliary object class represents a CORBA object reference. It
+# must be mixed in with a structural object class.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.2.11
+# NAME 'corbaObjectReference'
+# DESC 'CORBA interoperable object reference'
+# SUP corbaObject
+# AUXILIARY
+# MUST ( corbaIor )
+# )
+#
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.11
+ NAME 'corbaObjectReference'
+ DESC 'CORBA interoperable object reference'
+ SUP corbaObject
+ AUXILIARY
+ MUST corbaIor )
+
+# 10. Full Copyright Statement
+#
+# Copyright (C) The Internet Society (1999). All Rights Reserved.
+#
+# This document and translations of it may be copied and furnished to
+# others, and derivative works that comment on or otherwise explain it
+# or assist in its implementation may be prepared, copied, published
+# and distributed, in whole or in part, without restriction of any
+# kind, provided that the above copyright notice and this paragraph are
+# included on all such copies and derivative works. However, this
+# document itself may not be modified in any way, such as by removing
+# the copyright notice or references to the Internet Society or other
+# Internet organizations, except as needed for the purpose of
+# developing Internet standards in which case the procedures for
+# copyrights defined in the Internet Standards process must be
+# followed, or as required to translate it into languages other than
+# English.
+#
+# The limited permissions granted above are perpetual and will not be
+# revoked by the Internet Society or its successors or assigns.
+#
+# This document and the information contained herein is provided on an
+# "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+# TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+# BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
+# HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+# MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
--- /dev/null
+# corba.schema -- Corba Object Schema
+# depends upon core.schema
+# $OpenLDAP$
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2011 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+## Portions Copyright (C) The Internet Society (1999).
+## Please see full copyright statement below.
+
+
+# Network Working Group V. Ryan
+# Request for Comments: 2714 R. Lee
+# Category: Informational S. Seligman
+# Sun Microsystems, Inc.
+# October 1999
+#
+#
+# Schema for Representing CORBA Object References in an LDAP Directory
+#
+# Status of this Memo
+#
+# This memo provides information for the Internet community. It does
+# not specify an Internet standard of any kind. Distribution of this
+# memo is unlimited.
+#
+# Copyright Notice
+#
+# Copyright (C) The Internet Society (1999). All Rights Reserved.
+#
+# Abstract
+#
+# CORBA [CORBA] is the Common Object Request Broker Architecture
+# defined by the Object Management Group. This document defines the
+# schema for representing CORBA object references in an LDAP directory
+# [LDAPv3].
+#
+# [trimmed]
+
+# 3. Attribute Type Definitions
+#
+# The following attribute types are defined in this document:
+#
+# corbaIor
+# corbaRepositoryId
+#
+# 3.1 corbaIor
+#
+# This attribute stores the string representation of the interoperable
+# object reference (IOR) for a CORBA object. An IOR is an opaque handle
+# for the object which contains the information necessary to locate the
+# object, even if the object is in another ORB.
+#
+# This attribute's syntax is 'IA5 String' and its case is
+# insignificant.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.1.14
+# NAME 'corbaIor'
+# DESC 'Stringified interoperable object reference of a CORBA object'
+# EQUALITY caseIgnoreIA5Match
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+# SINGLE-VALUE
+# )
+#
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.14
+ NAME 'corbaIor'
+ DESC 'Stringified interoperable object reference of a CORBA object'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE )
+
+# 3.2 corbaRepositoryId
+#
+# Each CORBA interface has a unique "repository id" (also called "type
+# id") that identifies the interface. A CORBA object has one or more
+# repository ids, one for each interface that it implements.
+#
+# The format of a repository id can be any string, but the OMG
+# specifies four standard formats:
+#
+# a. IDL-style
+#
+# IDL:Prefix/ModuleName/InterfaceName:VersionNumber
+#
+# For example, the repository id for the "NamingContext" in OMG's COS
+# Naming module is: "IDL:omg.org/CosNaming/NamingContext:1.0".
+#
+# b. RMI-style
+#
+# RMI:ClassName:HashCode[:SUID]
+#
+# This format is used by RMI-IIOP remote objects [RMI-IIOP].
+# "ClassName" is the fully qualified name of the class (for example,
+# "java.lang.String"). "HashCode" is the object's hash code (that is,
+# that obtained by invoking the "hashCode()" method). "SUID" is the
+# "stream unique identifier", which is a 64-bit number that uniquely
+# identifies the serialization version of the class; SUID is optional
+# in the repository id.
+#
+# c. DCE-style
+#
+# DCE:UUID
+#
+# This format is used for DCE/CORBA interoperability [CORBA-DCE].
+# "UUID" represents a DCE UUID.
+#
+# d. "local"
+#
+# This format is defined by the local Object Request Broker (ORB).
+#
+# The corbaRepositoryId attribute is a multivalued attribute; each
+# value records a single repository id of an interface implemented by
+# the CORBA object. This attribute need not contain a complete list of
+# the interfaces implemented by the CORBA object.
+#
+# This attribute's syntax is 'Directory String' and its case is
+# significant. The values of this attribute are encoded using UTF-8.
+# Some values may require translation from their native representation
+# in order to be correctly encoded using UTF-8.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.1.15
+# NAME 'corbaRepositoryId'
+# DESC 'Repository ids of interfaces implemented by a CORBA object'
+# EQUALITY caseExactMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+# )
+#
+#
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.15
+ NAME 'corbaRepositoryId'
+ DESC 'Repository ids of interfaces implemented by a CORBA object'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+# 4. Object Class Definitions
+#
+# The following object classes are defined in this document:
+#
+# corbaContainer
+# corbaObject
+# corbaObjectReference
+#
+# 4.1 corbaContainer
+#
+# This structural object class represents a container for a CORBA
+# object.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.2.10
+# NAME 'corbaContainer'
+# DESC 'Container for a CORBA object'
+# SUP top
+# STRUCTURAL
+# MUST ( cn )
+# )
+#
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.10
+ NAME 'corbaContainer'
+ DESC 'Container for a CORBA object'
+ SUP top
+ STRUCTURAL
+ MUST cn )
+
+# 4.2 corbaObject
+#
+# This abstract object class is the root class for representing a CORBA
+# object.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.2.9
+# NAME 'corbaObject'
+# DESC 'CORBA object representation'
+# SUP top
+# ABSTRACT
+# MAY ( corbaRepositoryId $ description )
+# )
+#
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.9
+ NAME 'corbaObject'
+ DESC 'CORBA object representation'
+ SUP top
+ ABSTRACT
+ MAY ( corbaRepositoryId $ description ) )
+
+# 4.3 corbaObjectReference
+#
+# This auxiliary object class represents a CORBA object reference. It
+# must be mixed in with a structural object class.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.2.11
+# NAME 'corbaObjectReference'
+# DESC 'CORBA interoperable object reference'
+# SUP corbaObject
+# AUXILIARY
+# MUST ( corbaIor )
+# )
+#
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.11
+ NAME 'corbaObjectReference'
+ DESC 'CORBA interoperable object reference'
+ SUP corbaObject
+ AUXILIARY
+ MUST corbaIor )
+
+# 10. Full Copyright Statement
+#
+# Copyright (C) The Internet Society (1999). All Rights Reserved.
+#
+# This document and translations of it may be copied and furnished to
+# others, and derivative works that comment on or otherwise explain it
+# or assist in its implementation may be prepared, copied, published
+# and distributed, in whole or in part, without restriction of any
+# kind, provided that the above copyright notice and this paragraph are
+# included on all such copies and derivative works. However, this
+# document itself may not be modified in any way, such as by removing
+# the copyright notice or references to the Internet Society or other
+# Internet organizations, except as needed for the purpose of
+# developing Internet standards in which case the procedures for
+# copyrights defined in the Internet Standards process must be
+# followed, or as required to translate it into languages other than
+# English.
+#
+# The limited permissions granted above are perpetual and will not be
+# revoked by the Internet Society or its successors or assigns.
+#
+# This document and the information contained herein is provided on an
+# "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+# TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+# BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
+# HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+# MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
--- /dev/null
+# OpenLDAP Core schema
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/core.ldif,v 1.2.2.8 2011/01/04 23:50:51 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2011 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+## Portions Copyright (C) The Internet Society (1997-2003).
+## All Rights Reserved.
+##
+## This document and translations of it may be copied and furnished to
+## others, and derivative works that comment on or otherwise explain it
+## or assist in its implementation may be prepared, copied, published
+## and distributed, in whole or in part, without restriction of any
+## kind, provided that the above copyright notice and this paragraph are
+## included on all such copies and derivative works. However, this
+## document itself may not be modified in any way, such as by removing
+## the copyright notice or references to the Internet Society or other
+## Internet organizations, except as needed for the purpose of
+## developing Internet standards in which case the procedures for
+## copyrights defined in the Internet Standards process must be
+## followed, or as required to translate it into languages other than
+## English.
+##
+## The limited permissions granted above are perpetual and will not be
+## revoked by the Internet Society or its successors or assigns.
+##
+## This document and the information contained herein is provided on an
+## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
+## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+#
+#
+#
+# Includes LDAPv3 schema items from:
+# RFC 2252/2256 (LDAPv3)
+#
+# Select standard track schema items:
+# RFC 1274 (uid/dc)
+# RFC 2079 (URI)
+# RFC 2247 (dc/dcObject)
+# RFC 2587 (PKI)
+# RFC 2589 (Dynamic Directory Services)
+#
+# Select informational schema items:
+# RFC 2377 (uidObject)
+#
+#
+# Standard attribute types from RFC 2256
+#
+dn: cn=core,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: core
+#
+# system schema
+#olcAttributeTypes: ( 2.5.4.0 NAME 'objectClass'
+# DESC 'RFC2256: object classes of the entity'
+# EQUALITY objectIdentifierMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
+#
+# system schema
+#olcAttributeTypes: ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' )
+# DESC 'RFC2256: name of aliased object'
+# EQUALITY distinguishedNameMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
+#
+olcAttributeTypes: ( 2.5.4.2 NAME 'knowledgeInformation'
+ DESC 'RFC2256: knowledge information'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+#
+# system schema
+#olcAttributeTypes: ( 2.5.4.3 NAME ( 'cn' 'commonName' )
+# DESC 'RFC2256: common name(s) for which the entity is known by'
+# SUP name )
+#
+olcAttributeTypes: ( 2.5.4.4 NAME ( 'sn' 'surname' )
+ DESC 'RFC2256: last (family) name(s) for which the entity is known by'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.5 NAME 'serialNumber'
+ DESC 'RFC2256: serial number of the entity'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} )
+#
+# RFC 4519 definition ('countryName' in X.500 and RFC2256)
+olcAttributeTypes: ( 2.5.4.6 NAME ( 'c' 'countryName' )
+ DESC 'RFC4519: two-letter ISO-3166 country code'
+ SUP name
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.11
+ SINGLE-VALUE )
+#
+olcAttributeTypes: ( 2.5.4.7 NAME ( 'l' 'localityName' )
+ DESC 'RFC2256: locality which this object resides in'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' )
+ DESC 'RFC2256: state or province which this object resides in'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.9 NAME ( 'street' 'streetAddress' )
+ DESC 'RFC2256: street address of this object'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+#
+olcAttributeTypes: ( 2.5.4.10 NAME ( 'o' 'organizationName' )
+ DESC 'RFC2256: organization this object belongs to'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' )
+ DESC 'RFC2256: organizational unit this object belongs to'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.12 NAME 'title'
+ DESC 'RFC2256: title associated with the entity'
+ SUP name )
+#
+# system schema
+#olcAttributeTypes: ( 2.5.4.13 NAME 'description'
+# DESC 'RFC2256: descriptive information'
+# EQUALITY caseIgnoreMatch
+# SUBSTR caseIgnoreSubstringsMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
+#
+# Deprecated by enhancedSearchGuide
+olcAttributeTypes: ( 2.5.4.14 NAME 'searchGuide'
+ DESC 'RFC2256: search guide, deprecated by enhancedSearchGuide'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 )
+#
+olcAttributeTypes: ( 2.5.4.15 NAME 'businessCategory'
+ DESC 'RFC2256: business category'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+#
+olcAttributeTypes: ( 2.5.4.16 NAME 'postalAddress'
+ DESC 'RFC2256: postal address'
+ EQUALITY caseIgnoreListMatch
+ SUBSTR caseIgnoreListSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+#
+olcAttributeTypes: ( 2.5.4.17 NAME 'postalCode'
+ DESC 'RFC2256: postal code'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
+#
+olcAttributeTypes: ( 2.5.4.18 NAME 'postOfficeBox'
+ DESC 'RFC2256: Post Office Box'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
+#
+olcAttributeTypes: ( 2.5.4.19 NAME 'physicalDeliveryOfficeName'
+ DESC 'RFC2256: Physical Delivery Office Name'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+#
+olcAttributeTypes: ( 2.5.4.20 NAME 'telephoneNumber'
+ DESC 'RFC2256: Telephone Number'
+ EQUALITY telephoneNumberMatch
+ SUBSTR telephoneNumberSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} )
+#
+olcAttributeTypes: ( 2.5.4.21 NAME 'telexNumber'
+ DESC 'RFC2256: Telex Number'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 )
+#
+olcAttributeTypes: ( 2.5.4.22 NAME 'teletexTerminalIdentifier'
+ DESC 'RFC2256: Teletex Terminal Identifier'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 )
+#
+olcAttributeTypes: ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' )
+ DESC 'RFC2256: Facsimile (Fax) Telephone Number'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 )
+#
+olcAttributeTypes: ( 2.5.4.24 NAME 'x121Address'
+ DESC 'RFC2256: X.121 Address'
+ EQUALITY numericStringMatch
+ SUBSTR numericStringSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} )
+#
+olcAttributeTypes: ( 2.5.4.25 NAME 'internationaliSDNNumber'
+ DESC 'RFC2256: international ISDN number'
+ EQUALITY numericStringMatch
+ SUBSTR numericStringSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} )
+#
+olcAttributeTypes: ( 2.5.4.26 NAME 'registeredAddress'
+ DESC 'RFC2256: registered postal address'
+ SUP postalAddress
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+#
+olcAttributeTypes: ( 2.5.4.27 NAME 'destinationIndicator'
+ DESC 'RFC2256: destination indicator'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} )
+#
+olcAttributeTypes: ( 2.5.4.28 NAME 'preferredDeliveryMethod'
+ DESC 'RFC2256: preferred delivery method'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.14
+ SINGLE-VALUE )
+#
+olcAttributeTypes: ( 2.5.4.29 NAME 'presentationAddress'
+ DESC 'RFC2256: presentation address'
+ EQUALITY presentationAddressMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.43
+ SINGLE-VALUE )
+#
+olcAttributeTypes: ( 2.5.4.30 NAME 'supportedApplicationContext'
+ DESC 'RFC2256: supported application context'
+ EQUALITY objectIdentifierMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
+#
+olcAttributeTypes: ( 2.5.4.31 NAME 'member'
+ DESC 'RFC2256: member of a group'
+ SUP distinguishedName )
+#
+olcAttributeTypes: ( 2.5.4.32 NAME 'owner'
+ DESC 'RFC2256: owner (of the object)'
+ SUP distinguishedName )
+#
+olcAttributeTypes: ( 2.5.4.33 NAME 'roleOccupant'
+ DESC 'RFC2256: occupant of role'
+ SUP distinguishedName )
+#
+# system schema
+#olcAttributeTypes: ( 2.5.4.34 NAME 'seeAlso'
+# DESC 'RFC2256: DN of related object'
+# SUP distinguishedName )
+#
+# system schema
+#olcAttributeTypes: ( 2.5.4.35 NAME 'userPassword'
+# DESC 'RFC2256/2307: password of user'
+# EQUALITY octetStringMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
+#
+# Must be transferred using ;binary
+# with certificateExactMatch rule (per X.509)
+olcAttributeTypes: ( 2.5.4.36 NAME 'userCertificate'
+ DESC 'RFC2256: X.509 user certificate, use ;binary'
+ EQUALITY certificateExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
+#
+# Must be transferred using ;binary
+# with certificateExactMatch rule (per X.509)
+olcAttributeTypes: ( 2.5.4.37 NAME 'cACertificate'
+ DESC 'RFC2256: X.509 CA certificate, use ;binary'
+ EQUALITY certificateExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
+#
+# Must be transferred using ;binary
+olcAttributeTypes: ( 2.5.4.38 NAME 'authorityRevocationList'
+ DESC 'RFC2256: X.509 authority revocation list, use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+#
+# Must be transferred using ;binary
+olcAttributeTypes: ( 2.5.4.39 NAME 'certificateRevocationList'
+ DESC 'RFC2256: X.509 certificate revocation list, use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+#
+# Must be stored and requested in the binary form
+olcAttributeTypes: ( 2.5.4.40 NAME 'crossCertificatePair'
+ DESC 'RFC2256: X.509 cross certificate pair, use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 )
+#
+# 2.5.4.41 is defined above as it's used for subtyping
+#olcAttributeTypes: ( 2.5.4.41 NAME 'name'
+# EQUALITY caseIgnoreMatch
+# SUBSTR caseIgnoreSubstringsMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+#
+olcAttributeTypes: ( 2.5.4.42 NAME ( 'givenName' 'gn' )
+ DESC 'RFC2256: first name(s) for which the entity is known by'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.43 NAME 'initials'
+ DESC 'RFC2256: initials of some or all of names, but not the surname(s).'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.44 NAME 'generationQualifier'
+ DESC 'RFC2256: name qualifier indicating a generation'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.45 NAME 'x500UniqueIdentifier'
+ DESC 'RFC2256: X.500 unique identifier'
+ EQUALITY bitStringMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )
+#
+olcAttributeTypes: ( 2.5.4.46 NAME 'dnQualifier'
+ DESC 'RFC2256: DN qualifier'
+ EQUALITY caseIgnoreMatch
+ ORDERING caseIgnoreOrderingMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
+#
+olcAttributeTypes: ( 2.5.4.47 NAME 'enhancedSearchGuide'
+ DESC 'RFC2256: enhanced search guide'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 )
+#
+olcAttributeTypes: ( 2.5.4.48 NAME 'protocolInformation'
+ DESC 'RFC2256: protocol information'
+ EQUALITY protocolInformationMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 )
+#
+# 2.5.4.49 is defined above as it's used for subtyping
+#olcAttributeTypes: ( 2.5.4.49 NAME 'distinguishedName'
+# EQUALITY distinguishedNameMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+#
+olcAttributeTypes: ( 2.5.4.50 NAME 'uniqueMember'
+ DESC 'RFC2256: unique member of a group'
+ EQUALITY uniqueMemberMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 )
+#
+olcAttributeTypes: ( 2.5.4.51 NAME 'houseIdentifier'
+ DESC 'RFC2256: house identifier'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+#
+# Must be transferred using ;binary
+olcAttributeTypes: ( 2.5.4.52 NAME 'supportedAlgorithms'
+ DESC 'RFC2256: supported algorithms'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 )
+#
+# Must be transferred using ;binary
+olcAttributeTypes: ( 2.5.4.53 NAME 'deltaRevocationList'
+ DESC 'RFC2256: delta revocation list; use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+#
+olcAttributeTypes: ( 2.5.4.54 NAME 'dmdName'
+ DESC 'RFC2256: name of DMD'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.65 NAME 'pseudonym'
+ DESC 'X.520(4th): pseudonym for the object'
+ SUP name )
+#
+# Standard object classes from RFC2256
+#
+# system schema
+#olcObjectClasses: ( 2.5.6.1 NAME 'alias'
+# DESC 'RFC2256: an alias'
+# SUP top STRUCTURAL
+# MUST aliasedObjectName )
+#
+olcObjectClasses: ( 2.5.6.2 NAME 'country'
+ DESC 'RFC2256: a country'
+ SUP top STRUCTURAL
+ MUST c
+ MAY ( searchGuide $ description ) )
+#
+olcObjectClasses: ( 2.5.6.3 NAME 'locality'
+ DESC 'RFC2256: a locality'
+ SUP top STRUCTURAL
+ MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) )
+#
+olcObjectClasses: ( 2.5.6.4 NAME 'organization'
+ DESC 'RFC2256: an organization'
+ SUP top STRUCTURAL
+ MUST o
+ MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
+ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
+#
+olcObjectClasses: ( 2.5.6.5 NAME 'organizationalUnit'
+ DESC 'RFC2256: an organizational unit'
+ SUP top STRUCTURAL
+ MUST ou
+ MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
+ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
+#
+olcObjectClasses: ( 2.5.6.6 NAME 'person'
+ DESC 'RFC2256: a person'
+ SUP top STRUCTURAL
+ MUST ( sn $ cn )
+ MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) )
+#
+olcObjectClasses: ( 2.5.6.7 NAME 'organizationalPerson'
+ DESC 'RFC2256: an organizational person'
+ SUP person STRUCTURAL
+ MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
+ postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) )
+#
+olcObjectClasses: ( 2.5.6.8 NAME 'organizationalRole'
+ DESC 'RFC2256: an organizational role'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
+ seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $
+ postOfficeBox $ postalCode $ postalAddress $
+ physicalDeliveryOfficeName $ ou $ st $ l $ description ) )
+#
+olcObjectClasses: ( 2.5.6.9 NAME 'groupOfNames'
+ DESC 'RFC2256: a group of names (DNs)'
+ SUP top STRUCTURAL
+ MUST ( member $ cn )
+ MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
+#
+olcObjectClasses: ( 2.5.6.10 NAME 'residentialPerson'
+ DESC 'RFC2256: an residential person'
+ SUP person STRUCTURAL
+ MUST l
+ MAY ( businessCategory $ x121Address $ registeredAddress $
+ destinationIndicator $ preferredDeliveryMethod $ telexNumber $
+ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ preferredDeliveryMethod $ street $
+ postOfficeBox $ postalCode $ postalAddress $
+ physicalDeliveryOfficeName $ st $ l ) )
+#
+olcObjectClasses: ( 2.5.6.11 NAME 'applicationProcess'
+ DESC 'RFC2256: an application process'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( seeAlso $ ou $ l $ description ) )
+#
+olcObjectClasses: ( 2.5.6.12 NAME 'applicationEntity'
+ DESC 'RFC2256: an application entity'
+ SUP top STRUCTURAL
+ MUST ( presentationAddress $ cn )
+ MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $
+ description ) )
+#
+olcObjectClasses: ( 2.5.6.13 NAME 'dSA'
+ DESC 'RFC2256: a directory system agent (a server)'
+ SUP applicationEntity STRUCTURAL
+ MAY knowledgeInformation )
+#
+olcObjectClasses: ( 2.5.6.14 NAME 'device'
+ DESC 'RFC2256: a device'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) )
+#
+olcObjectClasses: ( 2.5.6.15 NAME 'strongAuthenticationUser'
+ DESC 'RFC2256: a strong authentication user'
+ SUP top AUXILIARY
+ MUST userCertificate )
+#
+olcObjectClasses: ( 2.5.6.16 NAME 'certificationAuthority'
+ DESC 'RFC2256: a certificate authority'
+ SUP top AUXILIARY
+ MUST ( authorityRevocationList $ certificateRevocationList $
+ cACertificate ) MAY crossCertificatePair )
+#
+olcObjectClasses: ( 2.5.6.17 NAME 'groupOfUniqueNames'
+ DESC 'RFC2256: a group of unique names (DN and Unique Identifier)'
+ SUP top STRUCTURAL
+ MUST ( uniqueMember $ cn )
+ MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
+#
+olcObjectClasses: ( 2.5.6.18 NAME 'userSecurityInformation'
+ DESC 'RFC2256: a user security information'
+ SUP top AUXILIARY
+ MAY ( supportedAlgorithms ) )
+#
+olcObjectClasses: ( 2.5.6.16.2 NAME 'certificationAuthority-V2'
+ SUP certificationAuthority
+ AUXILIARY MAY ( deltaRevocationList ) )
+#
+olcObjectClasses: ( 2.5.6.19 NAME 'cRLDistributionPoint'
+ SUP top STRUCTURAL
+ MUST ( cn )
+ MAY ( certificateRevocationList $ authorityRevocationList $
+ deltaRevocationList ) )
+#
+olcObjectClasses: ( 2.5.6.20 NAME 'dmd'
+ SUP top STRUCTURAL
+ MUST ( dmdName )
+ MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
+ street $ postOfficeBox $ postalCode $ postalAddress $
+ physicalDeliveryOfficeName $ st $ l $ description ) )
+#
+#
+# Object Classes from RFC 2587
+#
+olcObjectClasses: ( 2.5.6.21 NAME 'pkiUser'
+ DESC 'RFC2587: a PKI user'
+ SUP top AUXILIARY
+ MAY userCertificate )
+#
+olcObjectClasses: ( 2.5.6.22 NAME 'pkiCA'
+ DESC 'RFC2587: PKI certificate authority'
+ SUP top AUXILIARY
+ MAY ( authorityRevocationList $ certificateRevocationList $
+ cACertificate $ crossCertificatePair ) )
+#
+olcObjectClasses: ( 2.5.6.23 NAME 'deltaCRL'
+ DESC 'RFC2587: PKI user'
+ SUP top AUXILIARY
+ MAY deltaRevocationList )
+#
+#
+# Standard Track URI label schema from RFC 2079
+# system schema
+#olcAttributeTypes: ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI'
+# DESC 'RFC2079: Uniform Resource Identifier with optional label'
+# EQUALITY caseExactMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+#
+olcObjectClasses: ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject'
+ DESC 'RFC2079: object that contains the URI attribute type'
+ MAY ( labeledURI )
+ SUP top AUXILIARY )
+#
+#
+# Derived from RFC 1274, but with new "short names"
+#
+#olcAttributeTypes: ( 0.9.2342.19200300.100.1.1
+# NAME ( 'uid' 'userid' )
+# DESC 'RFC1274: user identifier'
+# EQUALITY caseIgnoreMatch
+# SUBSTR caseIgnoreSubstringsMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+#
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.3
+ NAME ( 'mail' 'rfc822Mailbox' )
+ DESC 'RFC1274: RFC822 Mailbox'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+#
+olcObjectClasses: ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
+ DESC 'RFC1274: simple security object'
+ SUP top AUXILIARY
+ MUST userPassword )
+#
+# RFC 1274 + RFC 2247
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.25
+ NAME ( 'dc' 'domainComponent' )
+ DESC 'RFC1274/2247: domain component'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+#
+# RFC 2247
+olcObjectClasses: ( 1.3.6.1.4.1.1466.344 NAME 'dcObject'
+ DESC 'RFC2247: domain component object'
+ SUP top AUXILIARY MUST dc )
+#
+# RFC 2377
+olcObjectClasses: ( 1.3.6.1.1.3.1 NAME 'uidObject'
+ DESC 'RFC2377: uid object'
+ SUP top AUXILIARY MUST uid )
+#
+# From COSINE Pilot
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.37
+ NAME 'associatedDomain'
+ DESC 'RFC1274: domain associated with object'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+#
+# RFC 2459 -- deprecated in favor of 'mail' (in cosine.schema)
+olcAttributeTypes: ( 1.2.840.113549.1.9.1
+ NAME ( 'email' 'emailAddress' 'pkcs9email' )
+ DESC 'RFC3280: legacy attribute for email addresses in DNs'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
+#
--- /dev/null
+# OpenLDAP Core schema
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2011 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+## Portions Copyright (C) The Internet Society (1997-2003).
+## All Rights Reserved.
+##
+## This document and translations of it may be copied and furnished to
+## others, and derivative works that comment on or otherwise explain it
+## or assist in its implementation may be prepared, copied, published
+## and distributed, in whole or in part, without restriction of any
+## kind, provided that the above copyright notice and this paragraph are
+## included on all such copies and derivative works. However, this
+## document itself may not be modified in any way, such as by removing
+## the copyright notice or references to the Internet Society or other
+## Internet organizations, except as needed for the purpose of
+## developing Internet standards in which case the procedures for
+## copyrights defined in the Internet Standards process must be
+## followed, or as required to translate it into languages other than
+## English.
+##
+## The limited permissions granted above are perpetual and will not be
+## revoked by the Internet Society or its successors or assigns.
+##
+## This document and the information contained herein is provided on an
+## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
+## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+#
+#
+#
+# Includes LDAPv3 schema items from:
+# RFC 2252/2256 (LDAPv3)
+#
+# Select standard track schema items:
+# RFC 1274 (uid/dc)
+# RFC 2079 (URI)
+# RFC 2247 (dc/dcObject)
+# RFC 2587 (PKI)
+# RFC 2589 (Dynamic Directory Services)
+#
+# Select informational schema items:
+# RFC 2377 (uidObject)
+#
+#
+# Standard attribute types from RFC 2256
+#
+dn: cn=core,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: core
+#
+# system schema
+#olcAttributeTypes: ( 2.5.4.0 NAME 'objectClass'
+# DESC 'RFC2256: object classes of the entity'
+# EQUALITY objectIdentifierMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
+#
+# system schema
+#olcAttributeTypes: ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' )
+# DESC 'RFC2256: name of aliased object'
+# EQUALITY distinguishedNameMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
+#
+olcAttributeTypes: ( 2.5.4.2 NAME 'knowledgeInformation'
+ DESC 'RFC2256: knowledge information'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+#
+# system schema
+#olcAttributeTypes: ( 2.5.4.3 NAME ( 'cn' 'commonName' )
+# DESC 'RFC2256: common name(s) for which the entity is known by'
+# SUP name )
+#
+olcAttributeTypes: ( 2.5.4.4 NAME ( 'sn' 'surname' )
+ DESC 'RFC2256: last (family) name(s) for which the entity is known by'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.5 NAME 'serialNumber'
+ DESC 'RFC2256: serial number of the entity'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} )
+#
+# RFC 4519 definition ('countryName' in X.500 and RFC2256)
+olcAttributeTypes: ( 2.5.4.6 NAME ( 'c' 'countryName' )
+ DESC 'RFC4519: two-letter ISO-3166 country code'
+ SUP name
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.11
+ SINGLE-VALUE )
+#
+olcAttributeTypes: ( 2.5.4.7 NAME ( 'l' 'localityName' )
+ DESC 'RFC2256: locality which this object resides in'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' )
+ DESC 'RFC2256: state or province which this object resides in'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.9 NAME ( 'street' 'streetAddress' )
+ DESC 'RFC2256: street address of this object'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+#
+olcAttributeTypes: ( 2.5.4.10 NAME ( 'o' 'organizationName' )
+ DESC 'RFC2256: organization this object belongs to'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' )
+ DESC 'RFC2256: organizational unit this object belongs to'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.12 NAME 'title'
+ DESC 'RFC2256: title associated with the entity'
+ SUP name )
+#
+# system schema
+#olcAttributeTypes: ( 2.5.4.13 NAME 'description'
+# DESC 'RFC2256: descriptive information'
+# EQUALITY caseIgnoreMatch
+# SUBSTR caseIgnoreSubstringsMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
+#
+# Deprecated by enhancedSearchGuide
+olcAttributeTypes: ( 2.5.4.14 NAME 'searchGuide'
+ DESC 'RFC2256: search guide, deprecated by enhancedSearchGuide'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 )
+#
+olcAttributeTypes: ( 2.5.4.15 NAME 'businessCategory'
+ DESC 'RFC2256: business category'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+#
+olcAttributeTypes: ( 2.5.4.16 NAME 'postalAddress'
+ DESC 'RFC2256: postal address'
+ EQUALITY caseIgnoreListMatch
+ SUBSTR caseIgnoreListSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+#
+olcAttributeTypes: ( 2.5.4.17 NAME 'postalCode'
+ DESC 'RFC2256: postal code'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
+#
+olcAttributeTypes: ( 2.5.4.18 NAME 'postOfficeBox'
+ DESC 'RFC2256: Post Office Box'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
+#
+olcAttributeTypes: ( 2.5.4.19 NAME 'physicalDeliveryOfficeName'
+ DESC 'RFC2256: Physical Delivery Office Name'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+#
+olcAttributeTypes: ( 2.5.4.20 NAME 'telephoneNumber'
+ DESC 'RFC2256: Telephone Number'
+ EQUALITY telephoneNumberMatch
+ SUBSTR telephoneNumberSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} )
+#
+olcAttributeTypes: ( 2.5.4.21 NAME 'telexNumber'
+ DESC 'RFC2256: Telex Number'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 )
+#
+olcAttributeTypes: ( 2.5.4.22 NAME 'teletexTerminalIdentifier'
+ DESC 'RFC2256: Teletex Terminal Identifier'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 )
+#
+olcAttributeTypes: ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' )
+ DESC 'RFC2256: Facsimile (Fax) Telephone Number'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 )
+#
+olcAttributeTypes: ( 2.5.4.24 NAME 'x121Address'
+ DESC 'RFC2256: X.121 Address'
+ EQUALITY numericStringMatch
+ SUBSTR numericStringSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} )
+#
+olcAttributeTypes: ( 2.5.4.25 NAME 'internationaliSDNNumber'
+ DESC 'RFC2256: international ISDN number'
+ EQUALITY numericStringMatch
+ SUBSTR numericStringSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} )
+#
+olcAttributeTypes: ( 2.5.4.26 NAME 'registeredAddress'
+ DESC 'RFC2256: registered postal address'
+ SUP postalAddress
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+#
+olcAttributeTypes: ( 2.5.4.27 NAME 'destinationIndicator'
+ DESC 'RFC2256: destination indicator'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} )
+#
+olcAttributeTypes: ( 2.5.4.28 NAME 'preferredDeliveryMethod'
+ DESC 'RFC2256: preferred delivery method'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.14
+ SINGLE-VALUE )
+#
+olcAttributeTypes: ( 2.5.4.29 NAME 'presentationAddress'
+ DESC 'RFC2256: presentation address'
+ EQUALITY presentationAddressMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.43
+ SINGLE-VALUE )
+#
+olcAttributeTypes: ( 2.5.4.30 NAME 'supportedApplicationContext'
+ DESC 'RFC2256: supported application context'
+ EQUALITY objectIdentifierMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
+#
+olcAttributeTypes: ( 2.5.4.31 NAME 'member'
+ DESC 'RFC2256: member of a group'
+ SUP distinguishedName )
+#
+olcAttributeTypes: ( 2.5.4.32 NAME 'owner'
+ DESC 'RFC2256: owner (of the object)'
+ SUP distinguishedName )
+#
+olcAttributeTypes: ( 2.5.4.33 NAME 'roleOccupant'
+ DESC 'RFC2256: occupant of role'
+ SUP distinguishedName )
+#
+# system schema
+#olcAttributeTypes: ( 2.5.4.34 NAME 'seeAlso'
+# DESC 'RFC2256: DN of related object'
+# SUP distinguishedName )
+#
+# system schema
+#olcAttributeTypes: ( 2.5.4.35 NAME 'userPassword'
+# DESC 'RFC2256/2307: password of user'
+# EQUALITY octetStringMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
+#
+# Must be transferred using ;binary
+# with certificateExactMatch rule (per X.509)
+olcAttributeTypes: ( 2.5.4.36 NAME 'userCertificate'
+ DESC 'RFC2256: X.509 user certificate, use ;binary'
+ EQUALITY certificateExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
+#
+# Must be transferred using ;binary
+# with certificateExactMatch rule (per X.509)
+olcAttributeTypes: ( 2.5.4.37 NAME 'cACertificate'
+ DESC 'RFC2256: X.509 CA certificate, use ;binary'
+ EQUALITY certificateExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
+#
+# Must be transferred using ;binary
+olcAttributeTypes: ( 2.5.4.38 NAME 'authorityRevocationList'
+ DESC 'RFC2256: X.509 authority revocation list, use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+#
+# Must be transferred using ;binary
+olcAttributeTypes: ( 2.5.4.39 NAME 'certificateRevocationList'
+ DESC 'RFC2256: X.509 certificate revocation list, use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+#
+# Must be stored and requested in the binary form
+olcAttributeTypes: ( 2.5.4.40 NAME 'crossCertificatePair'
+ DESC 'RFC2256: X.509 cross certificate pair, use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 )
+#
+# 2.5.4.41 is defined above as it's used for subtyping
+#olcAttributeTypes: ( 2.5.4.41 NAME 'name'
+# EQUALITY caseIgnoreMatch
+# SUBSTR caseIgnoreSubstringsMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+#
+olcAttributeTypes: ( 2.5.4.42 NAME ( 'givenName' 'gn' )
+ DESC 'RFC2256: first name(s) for which the entity is known by'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.43 NAME 'initials'
+ DESC 'RFC2256: initials of some or all of names, but not the surname(s).'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.44 NAME 'generationQualifier'
+ DESC 'RFC2256: name qualifier indicating a generation'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.45 NAME 'x500UniqueIdentifier'
+ DESC 'RFC2256: X.500 unique identifier'
+ EQUALITY bitStringMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )
+#
+olcAttributeTypes: ( 2.5.4.46 NAME 'dnQualifier'
+ DESC 'RFC2256: DN qualifier'
+ EQUALITY caseIgnoreMatch
+ ORDERING caseIgnoreOrderingMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
+#
+olcAttributeTypes: ( 2.5.4.47 NAME 'enhancedSearchGuide'
+ DESC 'RFC2256: enhanced search guide'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 )
+#
+olcAttributeTypes: ( 2.5.4.48 NAME 'protocolInformation'
+ DESC 'RFC2256: protocol information'
+ EQUALITY protocolInformationMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 )
+#
+# 2.5.4.49 is defined above as it's used for subtyping
+#olcAttributeTypes: ( 2.5.4.49 NAME 'distinguishedName'
+# EQUALITY distinguishedNameMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+#
+olcAttributeTypes: ( 2.5.4.50 NAME 'uniqueMember'
+ DESC 'RFC2256: unique member of a group'
+ EQUALITY uniqueMemberMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 )
+#
+olcAttributeTypes: ( 2.5.4.51 NAME 'houseIdentifier'
+ DESC 'RFC2256: house identifier'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+#
+# Must be transferred using ;binary
+olcAttributeTypes: ( 2.5.4.52 NAME 'supportedAlgorithms'
+ DESC 'RFC2256: supported algorithms'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 )
+#
+# Must be transferred using ;binary
+olcAttributeTypes: ( 2.5.4.53 NAME 'deltaRevocationList'
+ DESC 'RFC2256: delta revocation list; use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+#
+olcAttributeTypes: ( 2.5.4.54 NAME 'dmdName'
+ DESC 'RFC2256: name of DMD'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.65 NAME 'pseudonym'
+ DESC 'X.520(4th): pseudonym for the object'
+ SUP name )
+#
+# Standard object classes from RFC2256
+#
+# system schema
+#olcObjectClasses: ( 2.5.6.1 NAME 'alias'
+# DESC 'RFC2256: an alias'
+# SUP top STRUCTURAL
+# MUST aliasedObjectName )
+#
+olcObjectClasses: ( 2.5.6.2 NAME 'country'
+ DESC 'RFC2256: a country'
+ SUP top STRUCTURAL
+ MUST c
+ MAY ( searchGuide $ description ) )
+#
+olcObjectClasses: ( 2.5.6.3 NAME 'locality'
+ DESC 'RFC2256: a locality'
+ SUP top STRUCTURAL
+ MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) )
+#
+olcObjectClasses: ( 2.5.6.4 NAME 'organization'
+ DESC 'RFC2256: an organization'
+ SUP top STRUCTURAL
+ MUST o
+ MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
+ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
+#
+olcObjectClasses: ( 2.5.6.5 NAME 'organizationalUnit'
+ DESC 'RFC2256: an organizational unit'
+ SUP top STRUCTURAL
+ MUST ou
+ MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
+ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
+#
+olcObjectClasses: ( 2.5.6.6 NAME 'person'
+ DESC 'RFC2256: a person'
+ SUP top STRUCTURAL
+ MUST ( sn $ cn )
+ MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) )
+#
+olcObjectClasses: ( 2.5.6.7 NAME 'organizationalPerson'
+ DESC 'RFC2256: an organizational person'
+ SUP person STRUCTURAL
+ MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
+ postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) )
+#
+olcObjectClasses: ( 2.5.6.8 NAME 'organizationalRole'
+ DESC 'RFC2256: an organizational role'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
+ seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $
+ postOfficeBox $ postalCode $ postalAddress $
+ physicalDeliveryOfficeName $ ou $ st $ l $ description ) )
+#
+olcObjectClasses: ( 2.5.6.9 NAME 'groupOfNames'
+ DESC 'RFC2256: a group of names (DNs)'
+ SUP top STRUCTURAL
+ MUST ( member $ cn )
+ MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
+#
+olcObjectClasses: ( 2.5.6.10 NAME 'residentialPerson'
+ DESC 'RFC2256: an residential person'
+ SUP person STRUCTURAL
+ MUST l
+ MAY ( businessCategory $ x121Address $ registeredAddress $
+ destinationIndicator $ preferredDeliveryMethod $ telexNumber $
+ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ preferredDeliveryMethod $ street $
+ postOfficeBox $ postalCode $ postalAddress $
+ physicalDeliveryOfficeName $ st $ l ) )
+#
+olcObjectClasses: ( 2.5.6.11 NAME 'applicationProcess'
+ DESC 'RFC2256: an application process'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( seeAlso $ ou $ l $ description ) )
+#
+olcObjectClasses: ( 2.5.6.12 NAME 'applicationEntity'
+ DESC 'RFC2256: an application entity'
+ SUP top STRUCTURAL
+ MUST ( presentationAddress $ cn )
+ MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $
+ description ) )
+#
+olcObjectClasses: ( 2.5.6.13 NAME 'dSA'
+ DESC 'RFC2256: a directory system agent (a server)'
+ SUP applicationEntity STRUCTURAL
+ MAY knowledgeInformation )
+#
+olcObjectClasses: ( 2.5.6.14 NAME 'device'
+ DESC 'RFC2256: a device'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) )
+#
+olcObjectClasses: ( 2.5.6.15 NAME 'strongAuthenticationUser'
+ DESC 'RFC2256: a strong authentication user'
+ SUP top AUXILIARY
+ MUST userCertificate )
+#
+olcObjectClasses: ( 2.5.6.16 NAME 'certificationAuthority'
+ DESC 'RFC2256: a certificate authority'
+ SUP top AUXILIARY
+ MUST ( authorityRevocationList $ certificateRevocationList $
+ cACertificate ) MAY crossCertificatePair )
+#
+olcObjectClasses: ( 2.5.6.17 NAME 'groupOfUniqueNames'
+ DESC 'RFC2256: a group of unique names (DN and Unique Identifier)'
+ SUP top STRUCTURAL
+ MUST ( uniqueMember $ cn )
+ MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
+#
+olcObjectClasses: ( 2.5.6.18 NAME 'userSecurityInformation'
+ DESC 'RFC2256: a user security information'
+ SUP top AUXILIARY
+ MAY ( supportedAlgorithms ) )
+#
+olcObjectClasses: ( 2.5.6.16.2 NAME 'certificationAuthority-V2'
+ SUP certificationAuthority
+ AUXILIARY MAY ( deltaRevocationList ) )
+#
+olcObjectClasses: ( 2.5.6.19 NAME 'cRLDistributionPoint'
+ SUP top STRUCTURAL
+ MUST ( cn )
+ MAY ( certificateRevocationList $ authorityRevocationList $
+ deltaRevocationList ) )
+#
+olcObjectClasses: ( 2.5.6.20 NAME 'dmd'
+ SUP top STRUCTURAL
+ MUST ( dmdName )
+ MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
+ street $ postOfficeBox $ postalCode $ postalAddress $
+ physicalDeliveryOfficeName $ st $ l $ description ) )
+#
+#
+# Object Classes from RFC 2587
+#
+olcObjectClasses: ( 2.5.6.21 NAME 'pkiUser'
+ DESC 'RFC2587: a PKI user'
+ SUP top AUXILIARY
+ MAY userCertificate )
+#
+olcObjectClasses: ( 2.5.6.22 NAME 'pkiCA'
+ DESC 'RFC2587: PKI certificate authority'
+ SUP top AUXILIARY
+ MAY ( authorityRevocationList $ certificateRevocationList $
+ cACertificate $ crossCertificatePair ) )
+#
+olcObjectClasses: ( 2.5.6.23 NAME 'deltaCRL'
+ DESC 'RFC2587: PKI user'
+ SUP top AUXILIARY
+ MAY deltaRevocationList )
+#
+#
+# Standard Track URI label schema from RFC 2079
+# system schema
+#olcAttributeTypes: ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI'
+# DESC 'RFC2079: Uniform Resource Identifier with optional label'
+# EQUALITY caseExactMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+#
+olcObjectClasses: ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject'
+ DESC 'RFC2079: object that contains the URI attribute type'
+ MAY ( labeledURI )
+ SUP top AUXILIARY )
+#
+#
+# Derived from RFC 1274, but with new "short names"
+#
+#olcAttributeTypes: ( 0.9.2342.19200300.100.1.1
+# NAME ( 'uid' 'userid' )
+# DESC 'RFC1274: user identifier'
+# EQUALITY caseIgnoreMatch
+# SUBSTR caseIgnoreSubstringsMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+#
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.3
+ NAME ( 'mail' 'rfc822Mailbox' )
+ DESC 'RFC1274: RFC822 Mailbox'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+#
+olcObjectClasses: ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
+ DESC 'RFC1274: simple security object'
+ SUP top AUXILIARY
+ MUST userPassword )
+#
+# RFC 1274 + RFC 2247
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.25
+ NAME ( 'dc' 'domainComponent' )
+ DESC 'RFC1274/2247: domain component'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+#
+# RFC 2247
+olcObjectClasses: ( 1.3.6.1.4.1.1466.344 NAME 'dcObject'
+ DESC 'RFC2247: domain component object'
+ SUP top AUXILIARY MUST dc )
+#
+# RFC 2377
+olcObjectClasses: ( 1.3.6.1.1.3.1 NAME 'uidObject'
+ DESC 'RFC2377: uid object'
+ SUP top AUXILIARY MUST uid )
+#
+# From COSINE Pilot
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.37
+ NAME 'associatedDomain'
+ DESC 'RFC1274: domain associated with object'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+#
+# RFC 2459 -- deprecated in favor of 'mail' (in cosine.schema)
+olcAttributeTypes: ( 1.2.840.113549.1.9.1
+ NAME ( 'email' 'emailAddress' 'pkcs9email' )
+ DESC 'RFC3280: legacy attribute for email addresses in DNs'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
+#
--- /dev/null
+# OpenLDAP Core schema
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/core.schema,v 1.88.2.9 2011/01/04 23:50:51 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2011 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+## Portions Copyright (C) The Internet Society (1997-2006).
+## All Rights Reserved.
+##
+## This document and translations of it may be copied and furnished to
+## others, and derivative works that comment on or otherwise explain it
+## or assist in its implementation may be prepared, copied, published
+## and distributed, in whole or in part, without restriction of any
+## kind, provided that the above copyright notice and this paragraph are
+## included on all such copies and derivative works. However, this
+## document itself may not be modified in any way, such as by removing
+## the copyright notice or references to the Internet Society or other
+## Internet organizations, except as needed for the purpose of
+## developing Internet standards in which case the procedures for
+## copyrights defined in the Internet Standards process must be
+## followed, or as required to translate it into languages other than
+## English.
+##
+## The limited permissions granted above are perpetual and will not be
+## revoked by the Internet Society or its successors or assigns.
+##
+## This document and the information contained herein is provided on an
+## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
+## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+#
+#
+# Includes LDAPv3 schema items from:
+# RFC 2252/2256 (LDAPv3)
+#
+# Select standard track schema items:
+# RFC 1274 (uid/dc)
+# RFC 2079 (URI)
+# RFC 2247 (dc/dcObject)
+# RFC 2587 (PKI)
+# RFC 2589 (Dynamic Directory Services)
+# RFC 4524 (associatedDomain)
+#
+# Select informational schema items:
+# RFC 2377 (uidObject)
+
+#
+# Standard attribute types from RFC 2256
+#
+
+# system schema
+#attributetype ( 2.5.4.0 NAME 'objectClass'
+# DESC 'RFC2256: object classes of the entity'
+# EQUALITY objectIdentifierMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
+
+# system schema
+#attributetype ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' )
+# DESC 'RFC2256: name of aliased object'
+# EQUALITY distinguishedNameMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
+
+attributetype ( 2.5.4.2 NAME 'knowledgeInformation'
+ DESC 'RFC2256: knowledge information'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+
+# system schema
+#attributetype ( 2.5.4.3 NAME ( 'cn' 'commonName' )
+# DESC 'RFC2256: common name(s) for which the entity is known by'
+# SUP name )
+
+attributetype ( 2.5.4.4 NAME ( 'sn' 'surname' )
+ DESC 'RFC2256: last (family) name(s) for which the entity is known by'
+ SUP name )
+
+attributetype ( 2.5.4.5 NAME 'serialNumber'
+ DESC 'RFC2256: serial number of the entity'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} )
+
+# RFC 4519 definition ('countryName' in X.500 and RFC2256)
+attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' )
+ DESC 'RFC4519: two-letter ISO-3166 country code'
+ SUP name
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.11
+ SINGLE-VALUE )
+
+#attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' )
+# DESC 'RFC2256: ISO-3166 country 2-letter code'
+# SUP name SINGLE-VALUE )
+
+attributetype ( 2.5.4.7 NAME ( 'l' 'localityName' )
+ DESC 'RFC2256: locality which this object resides in'
+ SUP name )
+
+attributetype ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' )
+ DESC 'RFC2256: state or province which this object resides in'
+ SUP name )
+
+attributetype ( 2.5.4.9 NAME ( 'street' 'streetAddress' )
+ DESC 'RFC2256: street address of this object'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+
+attributetype ( 2.5.4.10 NAME ( 'o' 'organizationName' )
+ DESC 'RFC2256: organization this object belongs to'
+ SUP name )
+
+attributetype ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' )
+ DESC 'RFC2256: organizational unit this object belongs to'
+ SUP name )
+
+attributetype ( 2.5.4.12 NAME 'title'
+ DESC 'RFC2256: title associated with the entity'
+ SUP name )
+
+# system schema
+#attributetype ( 2.5.4.13 NAME 'description'
+# DESC 'RFC2256: descriptive information'
+# EQUALITY caseIgnoreMatch
+# SUBSTR caseIgnoreSubstringsMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
+
+# Deprecated by enhancedSearchGuide
+attributetype ( 2.5.4.14 NAME 'searchGuide'
+ DESC 'RFC2256: search guide, deprecated by enhancedSearchGuide'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 )
+
+attributetype ( 2.5.4.15 NAME 'businessCategory'
+ DESC 'RFC2256: business category'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+
+attributetype ( 2.5.4.16 NAME 'postalAddress'
+ DESC 'RFC2256: postal address'
+ EQUALITY caseIgnoreListMatch
+ SUBSTR caseIgnoreListSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+
+attributetype ( 2.5.4.17 NAME 'postalCode'
+ DESC 'RFC2256: postal code'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
+
+attributetype ( 2.5.4.18 NAME 'postOfficeBox'
+ DESC 'RFC2256: Post Office Box'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
+
+attributetype ( 2.5.4.19 NAME 'physicalDeliveryOfficeName'
+ DESC 'RFC2256: Physical Delivery Office Name'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+
+attributetype ( 2.5.4.20 NAME 'telephoneNumber'
+ DESC 'RFC2256: Telephone Number'
+ EQUALITY telephoneNumberMatch
+ SUBSTR telephoneNumberSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} )
+
+attributetype ( 2.5.4.21 NAME 'telexNumber'
+ DESC 'RFC2256: Telex Number'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 )
+
+attributetype ( 2.5.4.22 NAME 'teletexTerminalIdentifier'
+ DESC 'RFC2256: Teletex Terminal Identifier'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 )
+
+attributetype ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' )
+ DESC 'RFC2256: Facsimile (Fax) Telephone Number'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 )
+
+attributetype ( 2.5.4.24 NAME 'x121Address'
+ DESC 'RFC2256: X.121 Address'
+ EQUALITY numericStringMatch
+ SUBSTR numericStringSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} )
+
+attributetype ( 2.5.4.25 NAME 'internationaliSDNNumber'
+ DESC 'RFC2256: international ISDN number'
+ EQUALITY numericStringMatch
+ SUBSTR numericStringSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} )
+
+attributetype ( 2.5.4.26 NAME 'registeredAddress'
+ DESC 'RFC2256: registered postal address'
+ SUP postalAddress
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+
+attributetype ( 2.5.4.27 NAME 'destinationIndicator'
+ DESC 'RFC2256: destination indicator'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} )
+
+attributetype ( 2.5.4.28 NAME 'preferredDeliveryMethod'
+ DESC 'RFC2256: preferred delivery method'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.14
+ SINGLE-VALUE )
+
+attributetype ( 2.5.4.29 NAME 'presentationAddress'
+ DESC 'RFC2256: presentation address'
+ EQUALITY presentationAddressMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.43
+ SINGLE-VALUE )
+
+attributetype ( 2.5.4.30 NAME 'supportedApplicationContext'
+ DESC 'RFC2256: supported application context'
+ EQUALITY objectIdentifierMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
+
+attributetype ( 2.5.4.31 NAME 'member'
+ DESC 'RFC2256: member of a group'
+ SUP distinguishedName )
+
+attributetype ( 2.5.4.32 NAME 'owner'
+ DESC 'RFC2256: owner (of the object)'
+ SUP distinguishedName )
+
+attributetype ( 2.5.4.33 NAME 'roleOccupant'
+ DESC 'RFC2256: occupant of role'
+ SUP distinguishedName )
+
+# system schema
+#attributetype ( 2.5.4.34 NAME 'seeAlso'
+# DESC 'RFC2256: DN of related object'
+# SUP distinguishedName )
+
+# system schema
+#attributetype ( 2.5.4.35 NAME 'userPassword'
+# DESC 'RFC2256/2307: password of user'
+# EQUALITY octetStringMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
+
+# Must be transferred using ;binary
+# with certificateExactMatch rule (per X.509)
+attributetype ( 2.5.4.36 NAME 'userCertificate'
+ DESC 'RFC2256: X.509 user certificate, use ;binary'
+ EQUALITY certificateExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
+
+# Must be transferred using ;binary
+# with certificateExactMatch rule (per X.509)
+attributetype ( 2.5.4.37 NAME 'cACertificate'
+ DESC 'RFC2256: X.509 CA certificate, use ;binary'
+ EQUALITY certificateExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
+
+# Must be transferred using ;binary
+attributetype ( 2.5.4.38 NAME 'authorityRevocationList'
+ DESC 'RFC2256: X.509 authority revocation list, use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+
+# Must be transferred using ;binary
+attributetype ( 2.5.4.39 NAME 'certificateRevocationList'
+ DESC 'RFC2256: X.509 certificate revocation list, use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+
+# Must be stored and requested in the binary form
+attributetype ( 2.5.4.40 NAME 'crossCertificatePair'
+ DESC 'RFC2256: X.509 cross certificate pair, use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 )
+
+# system schema
+#attributetype ( 2.5.4.41 NAME 'name'
+# EQUALITY caseIgnoreMatch
+# SUBSTR caseIgnoreSubstringsMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+
+attributetype ( 2.5.4.42 NAME ( 'givenName' 'gn' )
+ DESC 'RFC2256: first name(s) for which the entity is known by'
+ SUP name )
+
+attributetype ( 2.5.4.43 NAME 'initials'
+ DESC 'RFC2256: initials of some or all of names, but not the surname(s).'
+ SUP name )
+
+attributetype ( 2.5.4.44 NAME 'generationQualifier'
+ DESC 'RFC2256: name qualifier indicating a generation'
+ SUP name )
+
+attributetype ( 2.5.4.45 NAME 'x500UniqueIdentifier'
+ DESC 'RFC2256: X.500 unique identifier'
+ EQUALITY bitStringMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )
+
+attributetype ( 2.5.4.46 NAME 'dnQualifier'
+ DESC 'RFC2256: DN qualifier'
+ EQUALITY caseIgnoreMatch
+ ORDERING caseIgnoreOrderingMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
+
+attributetype ( 2.5.4.47 NAME 'enhancedSearchGuide'
+ DESC 'RFC2256: enhanced search guide'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 )
+
+attributetype ( 2.5.4.48 NAME 'protocolInformation'
+ DESC 'RFC2256: protocol information'
+ EQUALITY protocolInformationMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 )
+
+# system schema
+#attributetype ( 2.5.4.49 NAME 'distinguishedName'
+# EQUALITY distinguishedNameMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 2.5.4.50 NAME 'uniqueMember'
+ DESC 'RFC2256: unique member of a group'
+ EQUALITY uniqueMemberMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 )
+
+attributetype ( 2.5.4.51 NAME 'houseIdentifier'
+ DESC 'RFC2256: house identifier'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+
+# Must be transferred using ;binary
+attributetype ( 2.5.4.52 NAME 'supportedAlgorithms'
+ DESC 'RFC2256: supported algorithms'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 )
+
+# Must be transferred using ;binary
+attributetype ( 2.5.4.53 NAME 'deltaRevocationList'
+ DESC 'RFC2256: delta revocation list; use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+
+attributetype ( 2.5.4.54 NAME 'dmdName'
+ DESC 'RFC2256: name of DMD'
+ SUP name )
+
+attributetype ( 2.5.4.65 NAME 'pseudonym'
+ DESC 'X.520(4th): pseudonym for the object'
+ SUP name )
+
+# Standard object classes from RFC2256
+
+# system schema
+#objectclass ( 2.5.6.0 NAME 'top'
+# DESC 'RFC2256: top of the superclass chain'
+# ABSTRACT
+# MUST objectClass )
+
+# system schema
+#objectclass ( 2.5.6.1 NAME 'alias'
+# DESC 'RFC2256: an alias'
+# SUP top STRUCTURAL
+# MUST aliasedObjectName )
+
+objectclass ( 2.5.6.2 NAME 'country'
+ DESC 'RFC2256: a country'
+ SUP top STRUCTURAL
+ MUST c
+ MAY ( searchGuide $ description ) )
+
+objectclass ( 2.5.6.3 NAME 'locality'
+ DESC 'RFC2256: a locality'
+ SUP top STRUCTURAL
+ MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) )
+
+objectclass ( 2.5.6.4 NAME 'organization'
+ DESC 'RFC2256: an organization'
+ SUP top STRUCTURAL
+ MUST o
+ MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
+ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
+
+objectclass ( 2.5.6.5 NAME 'organizationalUnit'
+ DESC 'RFC2256: an organizational unit'
+ SUP top STRUCTURAL
+ MUST ou
+ MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
+ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
+
+objectclass ( 2.5.6.6 NAME 'person'
+ DESC 'RFC2256: a person'
+ SUP top STRUCTURAL
+ MUST ( sn $ cn )
+ MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) )
+
+objectclass ( 2.5.6.7 NAME 'organizationalPerson'
+ DESC 'RFC2256: an organizational person'
+ SUP person STRUCTURAL
+ MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
+ postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) )
+
+objectclass ( 2.5.6.8 NAME 'organizationalRole'
+ DESC 'RFC2256: an organizational role'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
+ seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $
+ postOfficeBox $ postalCode $ postalAddress $
+ physicalDeliveryOfficeName $ ou $ st $ l $ description ) )
+
+objectclass ( 2.5.6.9 NAME 'groupOfNames'
+ DESC 'RFC2256: a group of names (DNs)'
+ SUP top STRUCTURAL
+ MUST ( member $ cn )
+ MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
+
+objectclass ( 2.5.6.10 NAME 'residentialPerson'
+ DESC 'RFC2256: an residential person'
+ SUP person STRUCTURAL
+ MUST l
+ MAY ( businessCategory $ x121Address $ registeredAddress $
+ destinationIndicator $ preferredDeliveryMethod $ telexNumber $
+ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ preferredDeliveryMethod $ street $
+ postOfficeBox $ postalCode $ postalAddress $
+ physicalDeliveryOfficeName $ st $ l ) )
+
+objectclass ( 2.5.6.11 NAME 'applicationProcess'
+ DESC 'RFC2256: an application process'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( seeAlso $ ou $ l $ description ) )
+
+objectclass ( 2.5.6.12 NAME 'applicationEntity'
+ DESC 'RFC2256: an application entity'
+ SUP top STRUCTURAL
+ MUST ( presentationAddress $ cn )
+ MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $
+ description ) )
+
+objectclass ( 2.5.6.13 NAME 'dSA'
+ DESC 'RFC2256: a directory system agent (a server)'
+ SUP applicationEntity STRUCTURAL
+ MAY knowledgeInformation )
+
+objectclass ( 2.5.6.14 NAME 'device'
+ DESC 'RFC2256: a device'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) )
+
+objectclass ( 2.5.6.15 NAME 'strongAuthenticationUser'
+ DESC 'RFC2256: a strong authentication user'
+ SUP top AUXILIARY
+ MUST userCertificate )
+
+objectclass ( 2.5.6.16 NAME 'certificationAuthority'
+ DESC 'RFC2256: a certificate authority'
+ SUP top AUXILIARY
+ MUST ( authorityRevocationList $ certificateRevocationList $
+ cACertificate ) MAY crossCertificatePair )
+
+objectclass ( 2.5.6.17 NAME 'groupOfUniqueNames'
+ DESC 'RFC2256: a group of unique names (DN and Unique Identifier)'
+ SUP top STRUCTURAL
+ MUST ( uniqueMember $ cn )
+ MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
+
+objectclass ( 2.5.6.18 NAME 'userSecurityInformation'
+ DESC 'RFC2256: a user security information'
+ SUP top AUXILIARY
+ MAY ( supportedAlgorithms ) )
+
+objectclass ( 2.5.6.16.2 NAME 'certificationAuthority-V2'
+ SUP certificationAuthority
+ AUXILIARY MAY ( deltaRevocationList ) )
+
+objectclass ( 2.5.6.19 NAME 'cRLDistributionPoint'
+ SUP top STRUCTURAL
+ MUST ( cn )
+ MAY ( certificateRevocationList $ authorityRevocationList $
+ deltaRevocationList ) )
+
+objectclass ( 2.5.6.20 NAME 'dmd'
+ SUP top STRUCTURAL
+ MUST ( dmdName )
+ MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
+ street $ postOfficeBox $ postalCode $ postalAddress $
+ physicalDeliveryOfficeName $ st $ l $ description ) )
+
+#
+# Object Classes from RFC 2587
+#
+objectclass ( 2.5.6.21 NAME 'pkiUser'
+ DESC 'RFC2587: a PKI user'
+ SUP top AUXILIARY
+ MAY userCertificate )
+
+objectclass ( 2.5.6.22 NAME 'pkiCA'
+ DESC 'RFC2587: PKI certificate authority'
+ SUP top AUXILIARY
+ MAY ( authorityRevocationList $ certificateRevocationList $
+ cACertificate $ crossCertificatePair ) )
+
+objectclass ( 2.5.6.23 NAME 'deltaCRL'
+ DESC 'RFC2587: PKI user'
+ SUP top AUXILIARY
+ MAY deltaRevocationList )
+
+#
+# Standard Track URI label schema from RFC 2079
+# system schema
+#attributetype ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI'
+# DESC 'RFC2079: Uniform Resource Identifier with optional label'
+# EQUALITY caseExactMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectclass ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject'
+ DESC 'RFC2079: object that contains the URI attribute type'
+ SUP top AUXILIARY
+ MAY ( labeledURI ) )
+
+#
+# Derived from RFC 1274, but with new "short names"
+#
+#attributetype ( 0.9.2342.19200300.100.1.1
+# NAME ( 'uid' 'userid' )
+# DESC 'RFC1274: user identifier'
+# EQUALITY caseIgnoreMatch
+# SUBSTR caseIgnoreSubstringsMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.3
+ NAME ( 'mail' 'rfc822Mailbox' )
+ DESC 'RFC1274: RFC822 Mailbox'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
+ DESC 'RFC1274: simple security object'
+ SUP top AUXILIARY
+ MUST userPassword )
+
+# RFC 1274 + RFC 2247
+attributetype ( 0.9.2342.19200300.100.1.25
+ NAME ( 'dc' 'domainComponent' )
+ DESC 'RFC1274/2247: domain component'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+# RFC 2247
+objectclass ( 1.3.6.1.4.1.1466.344 NAME 'dcObject'
+ DESC 'RFC2247: domain component object'
+ SUP top AUXILIARY MUST dc )
+
+# RFC 2377
+objectclass ( 1.3.6.1.1.3.1 NAME 'uidObject'
+ DESC 'RFC2377: uid object'
+ SUP top AUXILIARY MUST uid )
+
+# RFC 4524
+# The 'associatedDomain' attribute specifies DNS [RFC1034][RFC2181]
+# host names [RFC1123] that are associated with an object. That is,
+# values of this attribute should conform to the following ABNF:
+#
+# domain = root / label *( DOT label )
+# root = SPACE
+# label = LETDIG [ *61( LETDIG / HYPHEN ) LETDIG ]
+# LETDIG = %x30-39 / %x41-5A / %x61-7A ; "0" - "9" / "A"-"Z" / "a"-"z"
+# SPACE = %x20 ; space (" ")
+# HYPHEN = %x2D ; hyphen ("-")
+# DOT = %x2E ; period (".")
+attributetype ( 0.9.2342.19200300.100.1.37
+ NAME 'associatedDomain'
+ DESC 'RFC1274: domain associated with object'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+# RFC 2459 -- deprecated in favor of 'mail' (in cosine.schema)
+attributetype ( 1.2.840.113549.1.9.1
+ NAME ( 'email' 'emailAddress' 'pkcs9email' )
+ DESC 'RFC3280: legacy attribute for email addresses in DNs'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
+
--- /dev/null
+# OpenLDAP Core schema
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2011 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+## Portions Copyright (C) The Internet Society (1997-2006).
+## All Rights Reserved.
+##
+## This document and translations of it may be copied and furnished to
+## others, and derivative works that comment on or otherwise explain it
+## or assist in its implementation may be prepared, copied, published
+## and distributed, in whole or in part, without restriction of any
+## kind, provided that the above copyright notice and this paragraph are
+## included on all such copies and derivative works. However, this
+## document itself may not be modified in any way, such as by removing
+## the copyright notice or references to the Internet Society or other
+## Internet organizations, except as needed for the purpose of
+## developing Internet standards in which case the procedures for
+## copyrights defined in the Internet Standards process must be
+## followed, or as required to translate it into languages other than
+## English.
+##
+## The limited permissions granted above are perpetual and will not be
+## revoked by the Internet Society or its successors or assigns.
+##
+## This document and the information contained herein is provided on an
+## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
+## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+#
+#
+# Includes LDAPv3 schema items from:
+# RFC 2252/2256 (LDAPv3)
+#
+# Select standard track schema items:
+# RFC 1274 (uid/dc)
+# RFC 2079 (URI)
+# RFC 2247 (dc/dcObject)
+# RFC 2587 (PKI)
+# RFC 2589 (Dynamic Directory Services)
+# RFC 4524 (associatedDomain)
+#
+# Select informational schema items:
+# RFC 2377 (uidObject)
+
+#
+# Standard attribute types from RFC 2256
+#
+
+# system schema
+#attributetype ( 2.5.4.0 NAME 'objectClass'
+# DESC 'RFC2256: object classes of the entity'
+# EQUALITY objectIdentifierMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
+
+# system schema
+#attributetype ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' )
+# DESC 'RFC2256: name of aliased object'
+# EQUALITY distinguishedNameMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
+
+attributetype ( 2.5.4.2 NAME 'knowledgeInformation'
+ DESC 'RFC2256: knowledge information'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+
+# system schema
+#attributetype ( 2.5.4.3 NAME ( 'cn' 'commonName' )
+# DESC 'RFC2256: common name(s) for which the entity is known by'
+# SUP name )
+
+attributetype ( 2.5.4.4 NAME ( 'sn' 'surname' )
+ DESC 'RFC2256: last (family) name(s) for which the entity is known by'
+ SUP name )
+
+attributetype ( 2.5.4.5 NAME 'serialNumber'
+ DESC 'RFC2256: serial number of the entity'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} )
+
+# RFC 4519 definition ('countryName' in X.500 and RFC2256)
+attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' )
+ DESC 'RFC4519: two-letter ISO-3166 country code'
+ SUP name
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.11
+ SINGLE-VALUE )
+
+#attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' )
+# DESC 'RFC2256: ISO-3166 country 2-letter code'
+# SUP name SINGLE-VALUE )
+
+attributetype ( 2.5.4.7 NAME ( 'l' 'localityName' )
+ DESC 'RFC2256: locality which this object resides in'
+ SUP name )
+
+attributetype ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' )
+ DESC 'RFC2256: state or province which this object resides in'
+ SUP name )
+
+attributetype ( 2.5.4.9 NAME ( 'street' 'streetAddress' )
+ DESC 'RFC2256: street address of this object'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+
+attributetype ( 2.5.4.10 NAME ( 'o' 'organizationName' )
+ DESC 'RFC2256: organization this object belongs to'
+ SUP name )
+
+attributetype ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' )
+ DESC 'RFC2256: organizational unit this object belongs to'
+ SUP name )
+
+attributetype ( 2.5.4.12 NAME 'title'
+ DESC 'RFC2256: title associated with the entity'
+ SUP name )
+
+# system schema
+#attributetype ( 2.5.4.13 NAME 'description'
+# DESC 'RFC2256: descriptive information'
+# EQUALITY caseIgnoreMatch
+# SUBSTR caseIgnoreSubstringsMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
+
+# Deprecated by enhancedSearchGuide
+attributetype ( 2.5.4.14 NAME 'searchGuide'
+ DESC 'RFC2256: search guide, deprecated by enhancedSearchGuide'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 )
+
+attributetype ( 2.5.4.15 NAME 'businessCategory'
+ DESC 'RFC2256: business category'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+
+attributetype ( 2.5.4.16 NAME 'postalAddress'
+ DESC 'RFC2256: postal address'
+ EQUALITY caseIgnoreListMatch
+ SUBSTR caseIgnoreListSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+
+attributetype ( 2.5.4.17 NAME 'postalCode'
+ DESC 'RFC2256: postal code'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
+
+attributetype ( 2.5.4.18 NAME 'postOfficeBox'
+ DESC 'RFC2256: Post Office Box'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
+
+attributetype ( 2.5.4.19 NAME 'physicalDeliveryOfficeName'
+ DESC 'RFC2256: Physical Delivery Office Name'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+
+attributetype ( 2.5.4.20 NAME 'telephoneNumber'
+ DESC 'RFC2256: Telephone Number'
+ EQUALITY telephoneNumberMatch
+ SUBSTR telephoneNumberSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} )
+
+attributetype ( 2.5.4.21 NAME 'telexNumber'
+ DESC 'RFC2256: Telex Number'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 )
+
+attributetype ( 2.5.4.22 NAME 'teletexTerminalIdentifier'
+ DESC 'RFC2256: Teletex Terminal Identifier'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 )
+
+attributetype ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' )
+ DESC 'RFC2256: Facsimile (Fax) Telephone Number'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 )
+
+attributetype ( 2.5.4.24 NAME 'x121Address'
+ DESC 'RFC2256: X.121 Address'
+ EQUALITY numericStringMatch
+ SUBSTR numericStringSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} )
+
+attributetype ( 2.5.4.25 NAME 'internationaliSDNNumber'
+ DESC 'RFC2256: international ISDN number'
+ EQUALITY numericStringMatch
+ SUBSTR numericStringSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} )
+
+attributetype ( 2.5.4.26 NAME 'registeredAddress'
+ DESC 'RFC2256: registered postal address'
+ SUP postalAddress
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+
+attributetype ( 2.5.4.27 NAME 'destinationIndicator'
+ DESC 'RFC2256: destination indicator'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} )
+
+attributetype ( 2.5.4.28 NAME 'preferredDeliveryMethod'
+ DESC 'RFC2256: preferred delivery method'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.14
+ SINGLE-VALUE )
+
+attributetype ( 2.5.4.29 NAME 'presentationAddress'
+ DESC 'RFC2256: presentation address'
+ EQUALITY presentationAddressMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.43
+ SINGLE-VALUE )
+
+attributetype ( 2.5.4.30 NAME 'supportedApplicationContext'
+ DESC 'RFC2256: supported application context'
+ EQUALITY objectIdentifierMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
+
+attributetype ( 2.5.4.31 NAME 'member'
+ DESC 'RFC2256: member of a group'
+ SUP distinguishedName )
+
+attributetype ( 2.5.4.32 NAME 'owner'
+ DESC 'RFC2256: owner (of the object)'
+ SUP distinguishedName )
+
+attributetype ( 2.5.4.33 NAME 'roleOccupant'
+ DESC 'RFC2256: occupant of role'
+ SUP distinguishedName )
+
+# system schema
+#attributetype ( 2.5.4.34 NAME 'seeAlso'
+# DESC 'RFC2256: DN of related object'
+# SUP distinguishedName )
+
+# system schema
+#attributetype ( 2.5.4.35 NAME 'userPassword'
+# DESC 'RFC2256/2307: password of user'
+# EQUALITY octetStringMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
+
+# Must be transferred using ;binary
+# with certificateExactMatch rule (per X.509)
+attributetype ( 2.5.4.36 NAME 'userCertificate'
+ DESC 'RFC2256: X.509 user certificate, use ;binary'
+ EQUALITY certificateExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
+
+# Must be transferred using ;binary
+# with certificateExactMatch rule (per X.509)
+attributetype ( 2.5.4.37 NAME 'cACertificate'
+ DESC 'RFC2256: X.509 CA certificate, use ;binary'
+ EQUALITY certificateExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
+
+# Must be transferred using ;binary
+attributetype ( 2.5.4.38 NAME 'authorityRevocationList'
+ DESC 'RFC2256: X.509 authority revocation list, use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+
+# Must be transferred using ;binary
+attributetype ( 2.5.4.39 NAME 'certificateRevocationList'
+ DESC 'RFC2256: X.509 certificate revocation list, use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+
+# Must be stored and requested in the binary form
+attributetype ( 2.5.4.40 NAME 'crossCertificatePair'
+ DESC 'RFC2256: X.509 cross certificate pair, use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 )
+
+# system schema
+#attributetype ( 2.5.4.41 NAME 'name'
+# EQUALITY caseIgnoreMatch
+# SUBSTR caseIgnoreSubstringsMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+
+attributetype ( 2.5.4.42 NAME ( 'givenName' 'gn' )
+ DESC 'RFC2256: first name(s) for which the entity is known by'
+ SUP name )
+
+attributetype ( 2.5.4.43 NAME 'initials'
+ DESC 'RFC2256: initials of some or all of names, but not the surname(s).'
+ SUP name )
+
+attributetype ( 2.5.4.44 NAME 'generationQualifier'
+ DESC 'RFC2256: name qualifier indicating a generation'
+ SUP name )
+
+attributetype ( 2.5.4.45 NAME 'x500UniqueIdentifier'
+ DESC 'RFC2256: X.500 unique identifier'
+ EQUALITY bitStringMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )
+
+attributetype ( 2.5.4.46 NAME 'dnQualifier'
+ DESC 'RFC2256: DN qualifier'
+ EQUALITY caseIgnoreMatch
+ ORDERING caseIgnoreOrderingMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
+
+attributetype ( 2.5.4.47 NAME 'enhancedSearchGuide'
+ DESC 'RFC2256: enhanced search guide'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 )
+
+attributetype ( 2.5.4.48 NAME 'protocolInformation'
+ DESC 'RFC2256: protocol information'
+ EQUALITY protocolInformationMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 )
+
+# system schema
+#attributetype ( 2.5.4.49 NAME 'distinguishedName'
+# EQUALITY distinguishedNameMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 2.5.4.50 NAME 'uniqueMember'
+ DESC 'RFC2256: unique member of a group'
+ EQUALITY uniqueMemberMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 )
+
+attributetype ( 2.5.4.51 NAME 'houseIdentifier'
+ DESC 'RFC2256: house identifier'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+
+# Must be transferred using ;binary
+attributetype ( 2.5.4.52 NAME 'supportedAlgorithms'
+ DESC 'RFC2256: supported algorithms'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 )
+
+# Must be transferred using ;binary
+attributetype ( 2.5.4.53 NAME 'deltaRevocationList'
+ DESC 'RFC2256: delta revocation list; use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+
+attributetype ( 2.5.4.54 NAME 'dmdName'
+ DESC 'RFC2256: name of DMD'
+ SUP name )
+
+attributetype ( 2.5.4.65 NAME 'pseudonym'
+ DESC 'X.520(4th): pseudonym for the object'
+ SUP name )
+
+# Standard object classes from RFC2256
+
+# system schema
+#objectclass ( 2.5.6.0 NAME 'top'
+# DESC 'RFC2256: top of the superclass chain'
+# ABSTRACT
+# MUST objectClass )
+
+# system schema
+#objectclass ( 2.5.6.1 NAME 'alias'
+# DESC 'RFC2256: an alias'
+# SUP top STRUCTURAL
+# MUST aliasedObjectName )
+
+objectclass ( 2.5.6.2 NAME 'country'
+ DESC 'RFC2256: a country'
+ SUP top STRUCTURAL
+ MUST c
+ MAY ( searchGuide $ description ) )
+
+objectclass ( 2.5.6.3 NAME 'locality'
+ DESC 'RFC2256: a locality'
+ SUP top STRUCTURAL
+ MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) )
+
+objectclass ( 2.5.6.4 NAME 'organization'
+ DESC 'RFC2256: an organization'
+ SUP top STRUCTURAL
+ MUST o
+ MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
+ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
+
+objectclass ( 2.5.6.5 NAME 'organizationalUnit'
+ DESC 'RFC2256: an organizational unit'
+ SUP top STRUCTURAL
+ MUST ou
+ MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
+ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
+
+objectclass ( 2.5.6.6 NAME 'person'
+ DESC 'RFC2256: a person'
+ SUP top STRUCTURAL
+ MUST ( sn $ cn )
+ MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) )
+
+objectclass ( 2.5.6.7 NAME 'organizationalPerson'
+ DESC 'RFC2256: an organizational person'
+ SUP person STRUCTURAL
+ MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
+ postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) )
+
+objectclass ( 2.5.6.8 NAME 'organizationalRole'
+ DESC 'RFC2256: an organizational role'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
+ seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $
+ postOfficeBox $ postalCode $ postalAddress $
+ physicalDeliveryOfficeName $ ou $ st $ l $ description ) )
+
+objectclass ( 2.5.6.9 NAME 'groupOfNames'
+ DESC 'RFC2256: a group of names (DNs)'
+ SUP top STRUCTURAL
+ MUST ( member $ cn )
+ MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
+
+objectclass ( 2.5.6.10 NAME 'residentialPerson'
+ DESC 'RFC2256: an residential person'
+ SUP person STRUCTURAL
+ MUST l
+ MAY ( businessCategory $ x121Address $ registeredAddress $
+ destinationIndicator $ preferredDeliveryMethod $ telexNumber $
+ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ preferredDeliveryMethod $ street $
+ postOfficeBox $ postalCode $ postalAddress $
+ physicalDeliveryOfficeName $ st $ l ) )
+
+objectclass ( 2.5.6.11 NAME 'applicationProcess'
+ DESC 'RFC2256: an application process'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( seeAlso $ ou $ l $ description ) )
+
+objectclass ( 2.5.6.12 NAME 'applicationEntity'
+ DESC 'RFC2256: an application entity'
+ SUP top STRUCTURAL
+ MUST ( presentationAddress $ cn )
+ MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $
+ description ) )
+
+objectclass ( 2.5.6.13 NAME 'dSA'
+ DESC 'RFC2256: a directory system agent (a server)'
+ SUP applicationEntity STRUCTURAL
+ MAY knowledgeInformation )
+
+objectclass ( 2.5.6.14 NAME 'device'
+ DESC 'RFC2256: a device'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) )
+
+objectclass ( 2.5.6.15 NAME 'strongAuthenticationUser'
+ DESC 'RFC2256: a strong authentication user'
+ SUP top AUXILIARY
+ MUST userCertificate )
+
+objectclass ( 2.5.6.16 NAME 'certificationAuthority'
+ DESC 'RFC2256: a certificate authority'
+ SUP top AUXILIARY
+ MUST ( authorityRevocationList $ certificateRevocationList $
+ cACertificate ) MAY crossCertificatePair )
+
+objectclass ( 2.5.6.17 NAME 'groupOfUniqueNames'
+ DESC 'RFC2256: a group of unique names (DN and Unique Identifier)'
+ SUP top STRUCTURAL
+ MUST ( uniqueMember $ cn )
+ MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
+
+objectclass ( 2.5.6.18 NAME 'userSecurityInformation'
+ DESC 'RFC2256: a user security information'
+ SUP top AUXILIARY
+ MAY ( supportedAlgorithms ) )
+
+objectclass ( 2.5.6.16.2 NAME 'certificationAuthority-V2'
+ SUP certificationAuthority
+ AUXILIARY MAY ( deltaRevocationList ) )
+
+objectclass ( 2.5.6.19 NAME 'cRLDistributionPoint'
+ SUP top STRUCTURAL
+ MUST ( cn )
+ MAY ( certificateRevocationList $ authorityRevocationList $
+ deltaRevocationList ) )
+
+objectclass ( 2.5.6.20 NAME 'dmd'
+ SUP top STRUCTURAL
+ MUST ( dmdName )
+ MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
+ street $ postOfficeBox $ postalCode $ postalAddress $
+ physicalDeliveryOfficeName $ st $ l $ description ) )
+
+#
+# Object Classes from RFC 2587
+#
+objectclass ( 2.5.6.21 NAME 'pkiUser'
+ DESC 'RFC2587: a PKI user'
+ SUP top AUXILIARY
+ MAY userCertificate )
+
+objectclass ( 2.5.6.22 NAME 'pkiCA'
+ DESC 'RFC2587: PKI certificate authority'
+ SUP top AUXILIARY
+ MAY ( authorityRevocationList $ certificateRevocationList $
+ cACertificate $ crossCertificatePair ) )
+
+objectclass ( 2.5.6.23 NAME 'deltaCRL'
+ DESC 'RFC2587: PKI user'
+ SUP top AUXILIARY
+ MAY deltaRevocationList )
+
+#
+# Standard Track URI label schema from RFC 2079
+# system schema
+#attributetype ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI'
+# DESC 'RFC2079: Uniform Resource Identifier with optional label'
+# EQUALITY caseExactMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectclass ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject'
+ DESC 'RFC2079: object that contains the URI attribute type'
+ SUP top AUXILIARY
+ MAY ( labeledURI ) )
+
+#
+# Derived from RFC 1274, but with new "short names"
+#
+#attributetype ( 0.9.2342.19200300.100.1.1
+# NAME ( 'uid' 'userid' )
+# DESC 'RFC1274: user identifier'
+# EQUALITY caseIgnoreMatch
+# SUBSTR caseIgnoreSubstringsMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.3
+ NAME ( 'mail' 'rfc822Mailbox' )
+ DESC 'RFC1274: RFC822 Mailbox'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
+ DESC 'RFC1274: simple security object'
+ SUP top AUXILIARY
+ MUST userPassword )
+
+# RFC 1274 + RFC 2247
+attributetype ( 0.9.2342.19200300.100.1.25
+ NAME ( 'dc' 'domainComponent' )
+ DESC 'RFC1274/2247: domain component'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+# RFC 2247
+objectclass ( 1.3.6.1.4.1.1466.344 NAME 'dcObject'
+ DESC 'RFC2247: domain component object'
+ SUP top AUXILIARY MUST dc )
+
+# RFC 2377
+objectclass ( 1.3.6.1.1.3.1 NAME 'uidObject'
+ DESC 'RFC2377: uid object'
+ SUP top AUXILIARY MUST uid )
+
+# RFC 4524
+# The 'associatedDomain' attribute specifies DNS [RFC1034][RFC2181]
+# host names [RFC1123] that are associated with an object. That is,
+# values of this attribute should conform to the following ABNF:
+#
+# domain = root / label *( DOT label )
+# root = SPACE
+# label = LETDIG [ *61( LETDIG / HYPHEN ) LETDIG ]
+# LETDIG = %x30-39 / %x41-5A / %x61-7A ; "0" - "9" / "A"-"Z" / "a"-"z"
+# SPACE = %x20 ; space (" ")
+# HYPHEN = %x2D ; hyphen ("-")
+# DOT = %x2E ; period (".")
+attributetype ( 0.9.2342.19200300.100.1.37
+ NAME 'associatedDomain'
+ DESC 'RFC1274: domain associated with object'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+# RFC 2459 -- deprecated in favor of 'mail' (in cosine.schema)
+attributetype ( 1.2.840.113549.1.9.1
+ NAME ( 'email' 'emailAddress' 'pkcs9email' )
+ DESC 'RFC3280: legacy attribute for email addresses in DNs'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
+
--- /dev/null
+# RFC1274: Cosine and Internet X.500 schema
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/cosine.ldif,v 1.1.2.6 2011/01/04 23:50:51 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2011 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+# RFC1274: Cosine and Internet X.500 schema
+#
+# This file contains LDAPv3 schema derived from X.500 COSINE "pilot"
+# schema. As this schema was defined for X.500(89), some
+# oddities were introduced in the mapping to LDAPv3. The
+# mappings were based upon: draft-ietf-asid-ldapv3-attributes-03.txt
+# (a work in progress)
+#
+# Note: It seems that the pilot schema evolved beyond what was
+# described in RFC1274. However, this document attempts to describes
+# RFC1274 as published.
+#
+# Depends on core.ldif
+#
+# This file was automatically generated from cosine.schema; see that
+# file for complete background.
+#
+dn: cn=cosine,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: cosine
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress'
+ EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.
+ 1466.115.121.1.15{256} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.4 NAME 'info' DESC 'RFC1274: g
+ eneral information' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.5 NAME ( 'drink' 'favouriteDri
+ nk' ) DESC 'RFC1274: favorite drink' EQUALITY caseIgnoreMatch SUBSTR caseIgno
+ reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' DESC 'RFC1
+ 274: room number' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch S
+ YNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.7 NAME 'photo' DESC 'RFC1274:
+ photo (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.8 NAME 'userClass' DESC 'RFC12
+ 74: category of user' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMat
+ ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.9 NAME 'host' DESC 'RFC1274: h
+ ost computer' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTA
+ X 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.10 NAME 'manager' DESC 'RFC127
+ 4: DN of manager' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115
+ .121.1.12 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier' D
+ ESC 'RFC1274: unique identifier of document' EQUALITY caseIgnoreMatch SUBSTR
+ caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle' DESC '
+ RFC1274: title of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstri
+ ngsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion' DES
+ C 'RFC1274: version of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSu
+ bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor' DESC
+ 'RFC1274: DN of author of document' EQUALITY distinguishedNameMatch SYNTAX 1
+ .3.6.1.4.1.1466.115.121.1.12 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation' DE
+ SC 'RFC1274: location of document original' EQUALITY caseIgnoreMatch SUBSTR c
+ aseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.20 NAME ( 'homePhone' 'homeTe
+ lephoneNumber' ) DESC 'RFC1274: home telephone number' EQUALITY telephoneNumb
+ erMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121
+ .1.50 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.21 NAME 'secretary' DESC 'RFC
+ 1274: DN of secretary' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.146
+ 6.115.121.1.12 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox' SYNTAX
+ 1.3.6.1.4.1.1466.115.121.1.39 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.26 NAME 'aRecord' EQUALITY ca
+ seIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.27 NAME 'mDRecord' EQUALITY c
+ aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.28 NAME 'mXRecord' EQUALITY c
+ aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.29 NAME 'nSRecord' EQUALITY c
+ aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.30 NAME 'sOARecord' EQUALITY
+ caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord' EQUALIT
+ Y caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.38 NAME 'associatedName' DESC
+ 'RFC1274: DN of entry associated with domain' EQUALITY distinguishedNameMatc
+ h SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress' D
+ ESC 'RFC1274: home postal address' EQUALITY caseIgnoreListMatch SUBSTR caseIg
+ noreListSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.40 NAME 'personalTitle' DESC
+ 'RFC1274: personal title' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring
+ sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.41 NAME ( 'mobile' 'mobileTel
+ ephoneNumber' ) DESC 'RFC1274: mobile telephone number' EQUALITY telephoneNum
+ berMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12
+ 1.1.50 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.42 NAME ( 'pager' 'pagerTelep
+ honeNumber' ) DESC 'RFC1274: pager telephone number' EQUALITY telephoneNumber
+ Match SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1
+ .50 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.43 NAME ( 'co' 'friendlyCount
+ ryName' ) DESC 'RFC1274: friendly country name' EQUALITY caseIgnoreMatch SUBS
+ TR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier' DE
+ SC 'RFC1274: unique identifer' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.14
+ 66.115.121.1.15{256} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus
+ ' DESC 'RFC1274: organizational status' EQUALITY caseIgnoreMatch SUBSTR caseI
+ gnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox' DESC '
+ RFC1274: Janet mailbox' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Subst
+ ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.47 NAME 'mailPreferenceOption
+ ' DESC 'RFC1274: mail preference option' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.48 NAME 'buildingName' DESC '
+ RFC1274: name of building' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrin
+ gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.49 NAME 'dSAQuality' DESC 'RF
+ C1274: DSA Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.19 SINGLE-VALUE )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.50 NAME 'singleLevelQuality'
+ DESC 'RFC1274: Single Level Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SIN
+ GLE-VALUE )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.51 NAME 'subtreeMinimumQualit
+ y' DESC 'RFC1274: Subtree Mininum Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.
+ 13 SINGLE-VALUE )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.52 NAME 'subtreeMaximumQualit
+ y' DESC 'RFC1274: Subtree Maximun Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.
+ 13 SINGLE-VALUE )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.53 NAME 'personalSignature' D
+ ESC 'RFC1274: Personal Signature (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.
+ 23 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect' DESC 'R
+ FC1274: DIT Redirect' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466
+ .115.121.1.12 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.55 NAME 'audio' DESC 'RFC1274
+ : audio (u-law)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.4{25000} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher' D
+ ESC 'RFC1274: publisher of document' EQUALITY caseIgnoreMatch SUBSTR caseIgno
+ reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+olcObjectClasses: ( 0.9.2342.19200300.100.4.4 NAME ( 'pilotPerson' 'newPilo
+ tPerson' ) SUP person STRUCTURAL MAY ( userid $ textEncodedORAddress $ rfc822
+ Mailbox $ favouriteDrink $ roomNumber $ userClass $ homeTelephoneNumber $ hom
+ ePostalAddress $ secretary $ personalTitle $ preferredDeliveryMethod $ busine
+ ssCategory $ janetMailbox $ otherMailbox $ mobileTelephoneNumber $ pagerTelep
+ honeNumber $ organizationalStatus $ mailPreferenceOption $ personalSignature
+ ) )
+olcObjectClasses: ( 0.9.2342.19200300.100.4.5 NAME 'account' SUP top STRUCT
+ URAL MUST userid MAY ( description $ seeAlso $ localityName $ organizationNam
+ e $ organizationalUnitName $ host ) )
+olcObjectClasses: ( 0.9.2342.19200300.100.4.6 NAME 'document' SUP top STRUC
+ TURAL MUST documentIdentifier MAY ( commonName $ description $ seeAlso $ loca
+ lityName $ organizationName $ organizationalUnitName $ documentTitle $ docume
+ ntVersion $ documentAuthor $ documentLocation $ documentPublisher ) )
+olcObjectClasses: ( 0.9.2342.19200300.100.4.7 NAME 'room' SUP top STRUCTURA
+ L MUST commonName MAY ( roomNumber $ description $ seeAlso $ telephoneNumber
+ ) )
+olcObjectClasses: ( 0.9.2342.19200300.100.4.9 NAME 'documentSeries' SUP top
+ STRUCTURAL MUST commonName MAY ( description $ seeAlso $ telephonenumber $ l
+ ocalityName $ organizationName $ organizationalUnitName ) )
+olcObjectClasses: ( 0.9.2342.19200300.100.4.13 NAME 'domain' SUP top STRUCT
+ URAL MUST domainComponent MAY ( associatedName $ organizationName $ descripti
+ on $ businessCategory $ seeAlso $ searchGuide $ userPassword $ localityName $
+ stateOrProvinceName $ streetAddress $ physicalDeliveryOfficeName $ postalAdd
+ ress $ postalCode $ postOfficeBox $ streetAddress $ facsimileTelephoneNumber
+ $ internationalISDNNumber $ telephoneNumber $ teletexTerminalIdentifier $ tel
+ exNumber $ preferredDeliveryMethod $ destinationIndicator $ registeredAddress
+ $ x121Address ) )
+olcObjectClasses: ( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart' SUP d
+ omain STRUCTURAL MAY ( commonName $ surname $ description $ seeAlso $ telepho
+ neNumber $ physicalDeliveryOfficeName $ postalAddress $ postalCode $ postOffi
+ ceBox $ streetAddress $ facsimileTelephoneNumber $ internationalISDNNumber $
+ telephoneNumber $ teletexTerminalIdentifier $ telexNumber $ preferredDelivery
+ Method $ destinationIndicator $ registeredAddress $ x121Address ) )
+olcObjectClasses: ( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain' SUP domain
+ STRUCTURAL MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $ SOARecord $ CNAME
+ Record ) )
+olcObjectClasses: ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject' D
+ ESC 'RFC1274: an object related to an domain' SUP top AUXILIARY MUST associat
+ edDomain )
+olcObjectClasses: ( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry' SUP c
+ ountry STRUCTURAL MUST friendlyCountryName )
+olcObjectClasses: ( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization' SU
+ P ( organization $ organizationalUnit ) STRUCTURAL MAY buildingName )
+olcObjectClasses: ( 0.9.2342.19200300.100.4.21 NAME 'pilotDSA' SUP dsa STR
+ UCTURAL MAY dSAQuality )
+olcObjectClasses: ( 0.9.2342.19200300.100.4.22 NAME 'qualityLabelledData'
+ SUP top AUXILIARY MUST dsaQuality MAY ( subtreeMinimumQuality $ subtreeMaximu
+ mQuality ) )
--- /dev/null
+# RFC1274: Cosine and Internet X.500 schema
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2011 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+# RFC1274: Cosine and Internet X.500 schema
+#
+# This file contains LDAPv3 schema derived from X.500 COSINE "pilot"
+# schema. As this schema was defined for X.500(89), some
+# oddities were introduced in the mapping to LDAPv3. The
+# mappings were based upon: draft-ietf-asid-ldapv3-attributes-03.txt
+# (a work in progress)
+#
+# Note: It seems that the pilot schema evolved beyond what was
+# described in RFC1274. However, this document attempts to describes
+# RFC1274 as published.
+#
+# Depends on core.ldif
+#
+# This file was automatically generated from cosine.schema; see that
+# file for complete background.
+#
+dn: cn=cosine,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: cosine
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress'
+ EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.
+ 1466.115.121.1.15{256} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.4 NAME 'info' DESC 'RFC1274: g
+ eneral information' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.5 NAME ( 'drink' 'favouriteDri
+ nk' ) DESC 'RFC1274: favorite drink' EQUALITY caseIgnoreMatch SUBSTR caseIgno
+ reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' DESC 'RFC1
+ 274: room number' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch S
+ YNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.7 NAME 'photo' DESC 'RFC1274:
+ photo (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.8 NAME 'userClass' DESC 'RFC12
+ 74: category of user' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMat
+ ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.9 NAME 'host' DESC 'RFC1274: h
+ ost computer' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTA
+ X 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.10 NAME 'manager' DESC 'RFC127
+ 4: DN of manager' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115
+ .121.1.12 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier' D
+ ESC 'RFC1274: unique identifier of document' EQUALITY caseIgnoreMatch SUBSTR
+ caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle' DESC '
+ RFC1274: title of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstri
+ ngsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion' DES
+ C 'RFC1274: version of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSu
+ bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor' DESC
+ 'RFC1274: DN of author of document' EQUALITY distinguishedNameMatch SYNTAX 1
+ .3.6.1.4.1.1466.115.121.1.12 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation' DE
+ SC 'RFC1274: location of document original' EQUALITY caseIgnoreMatch SUBSTR c
+ aseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.20 NAME ( 'homePhone' 'homeTe
+ lephoneNumber' ) DESC 'RFC1274: home telephone number' EQUALITY telephoneNumb
+ erMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121
+ .1.50 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.21 NAME 'secretary' DESC 'RFC
+ 1274: DN of secretary' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.146
+ 6.115.121.1.12 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox' SYNTAX
+ 1.3.6.1.4.1.1466.115.121.1.39 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.26 NAME 'aRecord' EQUALITY ca
+ seIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.27 NAME 'mDRecord' EQUALITY c
+ aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.28 NAME 'mXRecord' EQUALITY c
+ aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.29 NAME 'nSRecord' EQUALITY c
+ aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.30 NAME 'sOARecord' EQUALITY
+ caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord' EQUALIT
+ Y caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.38 NAME 'associatedName' DESC
+ 'RFC1274: DN of entry associated with domain' EQUALITY distinguishedNameMatc
+ h SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress' D
+ ESC 'RFC1274: home postal address' EQUALITY caseIgnoreListMatch SUBSTR caseIg
+ noreListSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.40 NAME 'personalTitle' DESC
+ 'RFC1274: personal title' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring
+ sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.41 NAME ( 'mobile' 'mobileTel
+ ephoneNumber' ) DESC 'RFC1274: mobile telephone number' EQUALITY telephoneNum
+ berMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12
+ 1.1.50 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.42 NAME ( 'pager' 'pagerTelep
+ honeNumber' ) DESC 'RFC1274: pager telephone number' EQUALITY telephoneNumber
+ Match SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1
+ .50 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.43 NAME ( 'co' 'friendlyCount
+ ryName' ) DESC 'RFC1274: friendly country name' EQUALITY caseIgnoreMatch SUBS
+ TR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier' DE
+ SC 'RFC1274: unique identifer' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.14
+ 66.115.121.1.15{256} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus
+ ' DESC 'RFC1274: organizational status' EQUALITY caseIgnoreMatch SUBSTR caseI
+ gnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox' DESC '
+ RFC1274: Janet mailbox' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Subst
+ ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.47 NAME 'mailPreferenceOption
+ ' DESC 'RFC1274: mail preference option' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.48 NAME 'buildingName' DESC '
+ RFC1274: name of building' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrin
+ gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.49 NAME 'dSAQuality' DESC 'RF
+ C1274: DSA Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.19 SINGLE-VALUE )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.50 NAME 'singleLevelQuality'
+ DESC 'RFC1274: Single Level Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SIN
+ GLE-VALUE )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.51 NAME 'subtreeMinimumQualit
+ y' DESC 'RFC1274: Subtree Mininum Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.
+ 13 SINGLE-VALUE )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.52 NAME 'subtreeMaximumQualit
+ y' DESC 'RFC1274: Subtree Maximun Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.
+ 13 SINGLE-VALUE )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.53 NAME 'personalSignature' D
+ ESC 'RFC1274: Personal Signature (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.
+ 23 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect' DESC 'R
+ FC1274: DIT Redirect' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466
+ .115.121.1.12 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.55 NAME 'audio' DESC 'RFC1274
+ : audio (u-law)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.4{25000} )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher' D
+ ESC 'RFC1274: publisher of document' EQUALITY caseIgnoreMatch SUBSTR caseIgno
+ reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+olcObjectClasses: ( 0.9.2342.19200300.100.4.4 NAME ( 'pilotPerson' 'newPilo
+ tPerson' ) SUP person STRUCTURAL MAY ( userid $ textEncodedORAddress $ rfc822
+ Mailbox $ favouriteDrink $ roomNumber $ userClass $ homeTelephoneNumber $ hom
+ ePostalAddress $ secretary $ personalTitle $ preferredDeliveryMethod $ busine
+ ssCategory $ janetMailbox $ otherMailbox $ mobileTelephoneNumber $ pagerTelep
+ honeNumber $ organizationalStatus $ mailPreferenceOption $ personalSignature
+ ) )
+olcObjectClasses: ( 0.9.2342.19200300.100.4.5 NAME 'account' SUP top STRUCT
+ URAL MUST userid MAY ( description $ seeAlso $ localityName $ organizationNam
+ e $ organizationalUnitName $ host ) )
+olcObjectClasses: ( 0.9.2342.19200300.100.4.6 NAME 'document' SUP top STRUC
+ TURAL MUST documentIdentifier MAY ( commonName $ description $ seeAlso $ loca
+ lityName $ organizationName $ organizationalUnitName $ documentTitle $ docume
+ ntVersion $ documentAuthor $ documentLocation $ documentPublisher ) )
+olcObjectClasses: ( 0.9.2342.19200300.100.4.7 NAME 'room' SUP top STRUCTURA
+ L MUST commonName MAY ( roomNumber $ description $ seeAlso $ telephoneNumber
+ ) )
+olcObjectClasses: ( 0.9.2342.19200300.100.4.9 NAME 'documentSeries' SUP top
+ STRUCTURAL MUST commonName MAY ( description $ seeAlso $ telephonenumber $ l
+ ocalityName $ organizationName $ organizationalUnitName ) )
+olcObjectClasses: ( 0.9.2342.19200300.100.4.13 NAME 'domain' SUP top STRUCT
+ URAL MUST domainComponent MAY ( associatedName $ organizationName $ descripti
+ on $ businessCategory $ seeAlso $ searchGuide $ userPassword $ localityName $
+ stateOrProvinceName $ streetAddress $ physicalDeliveryOfficeName $ postalAdd
+ ress $ postalCode $ postOfficeBox $ streetAddress $ facsimileTelephoneNumber
+ $ internationalISDNNumber $ telephoneNumber $ teletexTerminalIdentifier $ tel
+ exNumber $ preferredDeliveryMethod $ destinationIndicator $ registeredAddress
+ $ x121Address ) )
+olcObjectClasses: ( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart' SUP d
+ omain STRUCTURAL MAY ( commonName $ surname $ description $ seeAlso $ telepho
+ neNumber $ physicalDeliveryOfficeName $ postalAddress $ postalCode $ postOffi
+ ceBox $ streetAddress $ facsimileTelephoneNumber $ internationalISDNNumber $
+ telephoneNumber $ teletexTerminalIdentifier $ telexNumber $ preferredDelivery
+ Method $ destinationIndicator $ registeredAddress $ x121Address ) )
+olcObjectClasses: ( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain' SUP domain
+ STRUCTURAL MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $ SOARecord $ CNAME
+ Record ) )
+olcObjectClasses: ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject' D
+ ESC 'RFC1274: an object related to an domain' SUP top AUXILIARY MUST associat
+ edDomain )
+olcObjectClasses: ( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry' SUP c
+ ountry STRUCTURAL MUST friendlyCountryName )
+olcObjectClasses: ( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization' SU
+ P ( organization $ organizationalUnit ) STRUCTURAL MAY buildingName )
+olcObjectClasses: ( 0.9.2342.19200300.100.4.21 NAME 'pilotDSA' SUP dsa STR
+ UCTURAL MAY dSAQuality )
+olcObjectClasses: ( 0.9.2342.19200300.100.4.22 NAME 'qualityLabelledData'
+ SUP top AUXILIARY MUST dsaQuality MAY ( subtreeMinimumQuality $ subtreeMaximu
+ mQuality ) )
--- /dev/null
+# RFC1274: Cosine and Internet X.500 schema
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/cosine.schema,v 1.23.2.6 2011/01/04 23:50:51 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2011 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+# RFC1274: Cosine and Internet X.500 schema
+#
+# This file contains LDAPv3 schema derived from X.500 COSINE "pilot"
+# schema. As this schema was defined for X.500(89), some
+# oddities were introduced in the mapping to LDAPv3. The
+# mappings were based upon: draft-ietf-asid-ldapv3-attributes-03.txt
+# (a work in progress)
+#
+# Note: It seems that the pilot schema evolved beyond what was
+# described in RFC1274. However, this document attempts to describes
+# RFC1274 as published.
+#
+# Depends on core.schema
+
+
+# Network Working Group P. Barker
+# Request for Comments: 1274 S. Kille
+# University College London
+# November 1991
+#
+# The COSINE and Internet X.500 Schema
+#
+# [trimmed]
+#
+# Abstract
+#
+# This document suggests an X.500 Directory Schema, or Naming
+# Architecture, for use in the COSINE and Internet X.500 pilots. The
+# schema is independent of any specific implementation. As well as
+# indicating support for the standard object classes and attributes, a
+# large number of generally useful object classes and attributes are
+# also defined. An appendix to this document includes a machine
+# processable version of the schema.
+#
+# [trimmed]
+
+# 7. Object Identifiers
+#
+# Some additional object identifiers are defined for this schema.
+# These are also reproduced in Appendix C.
+#
+# data OBJECT IDENTIFIER ::= {ccitt 9}
+# pss OBJECT IDENTIFIER ::= {data 2342}
+# ucl OBJECT IDENTIFIER ::= {pss 19200300}
+# pilot OBJECT IDENTIFIER ::= {ucl 100}
+#
+# pilotAttributeType OBJECT IDENTIFIER ::= {pilot 1}
+# pilotAttributeSyntax OBJECT IDENTIFIER ::= {pilot 3}
+# pilotObjectClass OBJECT IDENTIFIER ::= {pilot 4}
+# pilotGroups OBJECT IDENTIFIER ::= {pilot 10}
+#
+# iA5StringSyntax OBJECT IDENTIFIER ::= {pilotAttributeSyntax 4}
+# caseIgnoreIA5StringSyntax OBJECT IDENTIFIER ::=
+# {pilotAttributeSyntax 5}
+#
+# 8. Object Classes
+# [relocated after 9]
+
+#
+# 9. Attribute Types
+#
+# 9.1. X.500 standard attribute types
+#
+# A number of generally useful attribute types are defined in X.520,
+# and these are supported. Refer to that document for descriptions of
+# the suggested usage of these attribute types. The ASN.1 for these
+# attribute types is reproduced for completeness in Appendix C.
+#
+# 9.2. X.400 standard attribute types
+#
+# The standard X.400 attribute types are supported. See X.402 for full
+# details. The ASN.1 for these attribute types is reproduced in
+# Appendix C.
+#
+# 9.3. COSINE/Internet attribute types
+#
+# This section describes all the attribute types defined for use in the
+# COSINE and Internet pilots. Descriptions are given as to the
+# suggested usage of these attribute types. The ASN.1 for these
+# attribute types is reproduced in Appendix C.
+#
+# 9.3.1. Userid
+#
+# The Userid attribute type specifies a computer system login name.
+#
+# userid ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-user-identifier))
+# ::= {pilotAttributeType 1}
+#
+#(in core.schema)
+##attributetype ( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' )
+## EQUALITY caseIgnoreMatch
+## SUBSTR caseIgnoreSubstringsMatch
+## SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+# 9.3.2. Text Encoded O/R Address
+#
+# The Text Encoded O/R Address attribute type specifies a text encoding
+# of an X.400 O/R address, as specified in RFC 987. The use of this
+# attribute is deprecated as the attribute is intended for interim use
+# only. This attribute will be the first candidate for the attribute
+# expiry mechanisms!
+#
+# textEncodedORAddress ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-text-encoded-or-address))
+# ::= {pilotAttributeType 2}
+#
+attributetype ( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+# 9.3.3. RFC 822 Mailbox
+#
+# The RFC822 Mailbox attribute type specifies an electronic mailbox
+# attribute following the syntax specified in RFC 822. Note that this
+# attribute should not be used for greybook or other non-Internet order
+# mailboxes.
+#
+# rfc822Mailbox ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreIA5StringSyntax
+# (SIZE (1 .. ub-rfc822-mailbox))
+# ::= {pilotAttributeType 3}
+#
+#(in core.schema)
+##attributetype ( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822Mailbox' )
+## EQUALITY caseIgnoreIA5Match
+## SUBSTR caseIgnoreIA5SubstringsMatch
+## SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+# 9.3.4. Information
+#
+# The Information attribute type specifies any general information
+# pertinent to an object. It is recommended that specific usage of
+# this attribute type is avoided, and that specific requirements are
+# met by other (possibly additional) attribute types.
+#
+# info ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-information))
+# ::= {pilotAttributeType 4}
+#
+attributetype ( 0.9.2342.19200300.100.1.4 NAME 'info'
+ DESC 'RFC1274: general information'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} )
+
+
+# 9.3.5. Favourite Drink
+#
+# The Favourite Drink attribute type specifies the favourite drink of
+# an object (or person).
+#
+# favouriteDrink ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-favourite-drink))
+# ::= {pilotAttributeType 5}
+#
+attributetype ( 0.9.2342.19200300.100.1.5
+ NAME ( 'drink' 'favouriteDrink' )
+ DESC 'RFC1274: favorite drink'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+# 9.3.6. Room Number
+#
+# The Room Number attribute type specifies the room number of an
+# object. Note that the commonName attribute should be used for naming
+# room objects.
+#
+# roomNumber ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-room-number))
+# ::= {pilotAttributeType 6}
+#
+attributetype ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber'
+ DESC 'RFC1274: room number'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+# 9.3.7. Photo
+#
+# The Photo attribute type specifies a "photograph" for an object.
+# This should be encoded in G3 fax as explained in recommendation T.4,
+# with an ASN.1 wrapper to make it compatible with an X.400 BodyPart as
+# defined in X.420.
+#
+# IMPORT G3FacsimileBodyPart FROM { mhs-motis ipms modules
+# information-objects }
+#
+# photo ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# CHOICE {
+# g3-facsimile [3] G3FacsimileBodyPart
+# }
+# (SIZE (1 .. ub-photo))
+# ::= {pilotAttributeType 7}
+#
+attributetype ( 0.9.2342.19200300.100.1.7 NAME 'photo'
+ DESC 'RFC1274: photo (G3 fax)'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000} )
+
+# 9.3.8. User Class
+#
+# The User Class attribute type specifies a category of computer user.
+# The semantics placed on this attribute are for local interpretation.
+# Examples of current usage od this attribute in academia are
+# undergraduate student, researcher, lecturer, etc. Note that the
+# organizationalStatus attribute may now often be preferred as it makes
+# no distinction between computer users and others.
+#
+# userClass ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-user-class))
+# ::= {pilotAttributeType 8}
+#
+attributetype ( 0.9.2342.19200300.100.1.8 NAME 'userClass'
+ DESC 'RFC1274: category of user'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+# 9.3.9. Host
+#
+# The Host attribute type specifies a host computer.
+#
+# host ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-host))
+# ::= {pilotAttributeType 9}
+#
+attributetype ( 0.9.2342.19200300.100.1.9 NAME 'host'
+ DESC 'RFC1274: host computer'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+# 9.3.10. Manager
+#
+# The Manager attribute type specifies the manager of an object
+# represented by an entry.
+#
+# manager ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# distinguishedNameSyntax
+# ::= {pilotAttributeType 10}
+#
+attributetype ( 0.9.2342.19200300.100.1.10 NAME 'manager'
+ DESC 'RFC1274: DN of manager'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+# 9.3.11. Document Identifier
+#
+# The Document Identifier attribute type specifies a unique identifier
+# for a document.
+#
+# documentIdentifier ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-document-identifier))
+# ::= {pilotAttributeType 11}
+#
+attributetype ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier'
+ DESC 'RFC1274: unique identifier of document'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+# 9.3.12. Document Title
+#
+# The Document Title attribute type specifies the title of a document.
+#
+# documentTitle ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-document-title))
+# ::= {pilotAttributeType 12}
+#
+attributetype ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle'
+ DESC 'RFC1274: title of document'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+# 9.3.13. Document Version
+#
+# The Document Version attribute type specifies the version number of a
+# document.
+#
+# documentVersion ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-document-version))
+# ::= {pilotAttributeType 13}
+#
+attributetype ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion'
+ DESC 'RFC1274: version of document'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+# 9.3.14. Document Author
+#
+# The Document Author attribute type specifies the distinguished name
+# of the author of a document.
+#
+# documentAuthor ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# distinguishedNameSyntax
+# ::= {pilotAttributeType 14}
+#
+attributetype ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor'
+ DESC 'RFC1274: DN of author of document'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+# 9.3.15. Document Location
+#
+# The Document Location attribute type specifies the location of the
+# document original.
+#
+# documentLocation ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-document-location))
+# ::= {pilotAttributeType 15}
+#
+attributetype ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation'
+ DESC 'RFC1274: location of document original'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+# 9.3.16. Home Telephone Number
+#
+# The Home Telephone Number attribute type specifies a home telephone
+# number associated with a person. Attribute values should follow the
+# agreed format for international telephone numbers: i.e., "+44 71 123
+# 4567".
+#
+# homeTelephoneNumber ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# telephoneNumberSyntax
+# ::= {pilotAttributeType 20}
+#
+attributetype ( 0.9.2342.19200300.100.1.20
+ NAME ( 'homePhone' 'homeTelephoneNumber' )
+ DESC 'RFC1274: home telephone number'
+ EQUALITY telephoneNumberMatch
+ SUBSTR telephoneNumberSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
+
+# 9.3.17. Secretary
+#
+# The Secretary attribute type specifies the secretary of a person.
+# The attribute value for Secretary is a distinguished name.
+#
+# secretary ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# distinguishedNameSyntax
+# ::= {pilotAttributeType 21}
+#
+attributetype ( 0.9.2342.19200300.100.1.21 NAME 'secretary'
+ DESC 'RFC1274: DN of secretary'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+# 9.3.18. Other Mailbox
+#
+# The Other Mailbox attribute type specifies values for electronic
+# mailbox types other than X.400 and rfc822.
+#
+# otherMailbox ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# SEQUENCE {
+# mailboxType PrintableString, -- e.g. Telemail
+# mailbox IA5String -- e.g. X378:Joe
+# }
+# ::= {pilotAttributeType 22}
+#
+attributetype ( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.39 )
+
+# 9.3.19. Last Modified Time
+#
+# The Last Modified Time attribute type specifies the last time, in UTC
+# time, that an entry was modified. Ideally, this attribute should be
+# maintained by the DSA.
+#
+# lastModifiedTime ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# uTCTimeSyntax
+# ::= {pilotAttributeType 23}
+#
+## Deprecated in favor of modifyTimeStamp
+#attributetype ( 0.9.2342.19200300.100.1.23 NAME 'lastModifiedTime'
+# DESC 'RFC1274: time of last modify, replaced by modifyTimestamp'
+# OBSOLETE
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.53
+# USAGE directoryOperation )
+
+# 9.3.20. Last Modified By
+#
+# The Last Modified By attribute specifies the distinguished name of
+# the last user to modify the associated entry. Ideally, this
+# attribute should be maintained by the DSA.
+#
+# lastModifiedBy ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# distinguishedNameSyntax
+# ::= {pilotAttributeType 24}
+#
+## Deprecated in favor of modifiersName
+#attributetype ( 0.9.2342.19200300.100.1.24 NAME 'lastModifiedBy'
+# DESC 'RFC1274: last modifier, replaced by modifiersName'
+# OBSOLETE
+# EQUALITY distinguishedNameMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+# USAGE directoryOperation )
+
+# 9.3.21. Domain Component
+#
+# The Domain Component attribute type specifies a DNS/NRS domain. For
+# example, "uk" or "ac".
+#
+# domainComponent ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreIA5StringSyntax
+# SINGLE VALUE
+# ::= {pilotAttributeType 25}
+#
+##(in core.schema)
+##attributetype ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domainComponent' )
+## EQUALITY caseIgnoreIA5Match
+## SUBSTR caseIgnoreIA5SubstringsMatch
+## SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+# 9.3.22. DNS ARecord
+#
+# The A Record attribute type specifies a type A (Address) DNS resource
+# record [6] [7].
+#
+# aRecord ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# DNSRecordSyntax
+# ::= {pilotAttributeType 26}
+#
+## incorrect syntax?
+attributetype ( 0.9.2342.19200300.100.1.26 NAME 'aRecord'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+## missing from RFC1274
+## incorrect syntax?
+attributetype ( 0.9.2342.19200300.100.1.27 NAME 'mDRecord'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+# 9.3.23. MX Record
+#
+# The MX Record attribute type specifies a type MX (Mail Exchange) DNS
+# resource record [6] [7].
+#
+# mXRecord ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# DNSRecordSyntax
+# ::= {pilotAttributeType 28}
+#
+## incorrect syntax!!
+attributetype ( 0.9.2342.19200300.100.1.28 NAME 'mXRecord'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+# 9.3.24. NS Record
+#
+# The NS Record attribute type specifies an NS (Name Server) DNS
+# resource record [6] [7].
+#
+# nSRecord ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# DNSRecordSyntax
+# ::= {pilotAttributeType 29}
+#
+## incorrect syntax!!
+attributetype ( 0.9.2342.19200300.100.1.29 NAME 'nSRecord'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+# 9.3.25. SOA Record
+#
+# The SOA Record attribute type specifies a type SOA (Start of
+# Authority) DNS resorce record [6] [7].
+#
+# sOARecord ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# DNSRecordSyntax
+# ::= {pilotAttributeType 30}
+#
+## incorrect syntax!!
+attributetype ( 0.9.2342.19200300.100.1.30 NAME 'sOARecord'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+# 9.3.26. CNAME Record
+#
+# The CNAME Record attribute type specifies a type CNAME (Canonical
+# Name) DNS resource record [6] [7].
+#
+# cNAMERecord ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# iA5StringSyntax
+# ::= {pilotAttributeType 31}
+#
+## incorrect syntax!!
+attributetype ( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+# 9.3.27. Associated Domain
+#
+# The Associated Domain attribute type specifies a DNS or NRS domain
+# which is associated with an object in the DIT. For example, the entry
+# in the DIT with a distinguished name "C=GB, O=University College
+# London" would have an associated domain of "UCL.AC.UK. Note that all
+# domains should be represented in rfc822 order. See [3] for more
+# details of usage of this attribute.
+#
+# associatedDomain ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreIA5StringSyntax
+# ::= {pilotAttributeType 37}
+#
+#attributetype ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain'
+# EQUALITY caseIgnoreIA5Match
+# SUBSTR caseIgnoreIA5SubstringsMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+# 9.3.28. Associated Name
+#
+# The Associated Name attribute type specifies an entry in the
+# organisational DIT associated with a DNS/NRS domain. See [3] for
+# more details of usage of this attribute.
+#
+# associatedName ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# distinguishedNameSyntax
+# ::= {pilotAttributeType 38}
+#
+attributetype ( 0.9.2342.19200300.100.1.38 NAME 'associatedName'
+ DESC 'RFC1274: DN of entry associated with domain'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+# 9.3.29. Home postal address
+#
+# The Home postal address attribute type specifies a home postal
+# address for an object. This should be limited to up to 6 lines of 30
+# characters each.
+#
+# homePostalAddress ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# postalAddress
+# MATCHES FOR EQUALITY
+# ::= {pilotAttributeType 39}
+#
+attributetype ( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress'
+ DESC 'RFC1274: home postal address'
+ EQUALITY caseIgnoreListMatch
+ SUBSTR caseIgnoreListSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+
+# 9.3.30. Personal Title
+#
+# The Personal Title attribute type specifies a personal title for a
+# person. Examples of personal titles are "Ms", "Dr", "Prof" and "Rev".
+#
+# personalTitle ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-personal-title))
+# ::= {pilotAttributeType 40}
+#
+attributetype ( 0.9.2342.19200300.100.1.40 NAME 'personalTitle'
+ DESC 'RFC1274: personal title'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+# 9.3.31. Mobile Telephone Number
+#
+# The Mobile Telephone Number attribute type specifies a mobile
+# telephone number associated with a person. Attribute values should
+# follow the agreed format for international telephone numbers: i.e.,
+# "+44 71 123 4567".
+#
+# mobileTelephoneNumber ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# telephoneNumberSyntax
+# ::= {pilotAttributeType 41}
+#
+attributetype ( 0.9.2342.19200300.100.1.41
+ NAME ( 'mobile' 'mobileTelephoneNumber' )
+ DESC 'RFC1274: mobile telephone number'
+ EQUALITY telephoneNumberMatch
+ SUBSTR telephoneNumberSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
+
+# 9.3.32. Pager Telephone Number
+#
+# The Pager Telephone Number attribute type specifies a pager telephone
+# number for an object. Attribute values should follow the agreed
+# format for international telephone numbers: i.e., "+44 71 123 4567".
+#
+# pagerTelephoneNumber ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# telephoneNumberSyntax
+# ::= {pilotAttributeType 42}
+#
+attributetype ( 0.9.2342.19200300.100.1.42
+ NAME ( 'pager' 'pagerTelephoneNumber' )
+ DESC 'RFC1274: pager telephone number'
+ EQUALITY telephoneNumberMatch
+ SUBSTR telephoneNumberSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
+
+# 9.3.33. Friendly Country Name
+#
+# The Friendly Country Name attribute type specifies names of countries
+# in human readable format. The standard attribute country name must
+# be one of the two-letter codes defined in ISO 3166.
+#
+# friendlyCountryName ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# ::= {pilotAttributeType 43}
+#
+attributetype ( 0.9.2342.19200300.100.1.43
+ NAME ( 'co' 'friendlyCountryName' )
+ DESC 'RFC1274: friendly country name'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+# 9.3.34. Unique Identifier
+#
+# The Unique Identifier attribute type specifies a "unique identifier"
+# for an object represented in the Directory. The domain within which
+# the identifier is unique, and the exact semantics of the identifier,
+# are for local definition. For a person, this might be an
+# institution-wide payroll number. For an organisational unit, it
+# might be a department code.
+#
+# uniqueIdentifier ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-unique-identifier))
+# ::= {pilotAttributeType 44}
+#
+attributetype ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier'
+ DESC 'RFC1274: unique identifer'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+# 9.3.35. Organisational Status
+#
+# The Organisational Status attribute type specifies a category by
+# which a person is often referred to in an organisation. Examples of
+# usage in academia might include undergraduate student, researcher,
+# lecturer, etc.
+#
+# A Directory administrator should probably consider carefully the
+# distinctions between this and the title and userClass attributes.
+#
+# organizationalStatus ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-organizational-status))
+# ::= {pilotAttributeType 45}
+#
+attributetype ( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus'
+ DESC 'RFC1274: organizational status'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+# 9.3.36. Janet Mailbox
+#
+# The Janet Mailbox attribute type specifies an electronic mailbox
+# attribute following the syntax specified in the Grey Book of the
+# Coloured Book series. This attribute is intended for the convenience
+# of U.K users unfamiliar with rfc822 and little-endian mail addresses.
+# Entries using this attribute MUST also include an rfc822Mailbox
+# attribute.
+#
+# janetMailbox ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreIA5StringSyntax
+# (SIZE (1 .. ub-janet-mailbox))
+# ::= {pilotAttributeType 46}
+#
+attributetype ( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox'
+ DESC 'RFC1274: Janet mailbox'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+# 9.3.37. Mail Preference Option
+#
+# An attribute to allow users to indicate a preference for inclusion of
+# their names on mailing lists (electronic or physical). The absence
+# of such an attribute should be interpreted as if the attribute was
+# present with value "no-list-inclusion". This attribute should be
+# interpreted by anyone using the directory to derive mailing lists,
+# and its value respected.
+#
+# mailPreferenceOption ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX ENUMERATED {
+# no-list-inclusion(0),
+# any-list-inclusion(1), -- may be added to any lists
+# professional-list-inclusion(2)
+# -- may be added to lists
+# -- which the list provider
+# -- views as related to the
+# -- users professional inter-
+# -- ests, perhaps evaluated
+# -- from the business of the
+# -- organisation or keywords
+# -- in the entry.
+# }
+# ::= {pilotAttributeType 47}
+#
+attributetype ( 0.9.2342.19200300.100.1.47
+ NAME 'mailPreferenceOption'
+ DESC 'RFC1274: mail preference option'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+# 9.3.38. Building Name
+#
+# The Building Name attribute type specifies the name of the building
+# where an organisation or organisational unit is based.
+#
+# buildingName ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-building-name))
+# ::= {pilotAttributeType 48}
+#
+attributetype ( 0.9.2342.19200300.100.1.48 NAME 'buildingName'
+ DESC 'RFC1274: name of building'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+# 9.3.39. DSA Quality
+#
+# The DSA Quality attribute type specifies the purported quality of a
+# DSA. It allows a DSA manager to indicate the expected level of
+# availability of the DSA. See [8] for details of the syntax.
+#
+# dSAQuality ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX DSAQualitySyntax
+# SINGLE VALUE
+# ::= {pilotAttributeType 49}
+#
+attributetype ( 0.9.2342.19200300.100.1.49 NAME 'dSAQuality'
+ DESC 'RFC1274: DSA Quality'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.19 SINGLE-VALUE )
+
+# 9.3.40. Single Level Quality
+#
+# The Single Level Quality attribute type specifies the purported data
+# quality at the level immediately below in the DIT. See [8] for
+# details of the syntax.
+#
+# singleLevelQuality ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX DataQualitySyntax
+# SINGLE VALUE
+# ::= {pilotAttributeType 50}
+#
+attributetype ( 0.9.2342.19200300.100.1.50 NAME 'singleLevelQuality'
+ DESC 'RFC1274: Single Level Quality'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE )
+
+# 9.3.41. Subtree Minimum Quality
+#
+# The Subtree Minimum Quality attribute type specifies the purported
+# minimum data quality for a DIT subtree. See [8] for more discussion
+# and details of the syntax.
+#
+# subtreeMinimumQuality ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX DataQualitySyntax
+# SINGLE VALUE
+# -- Defaults to singleLevelQuality
+# ::= {pilotAttributeType 51}
+#
+attributetype ( 0.9.2342.19200300.100.1.51 NAME 'subtreeMinimumQuality'
+ DESC 'RFC1274: Subtree Mininum Quality'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE )
+
+# 9.3.42. Subtree Maximum Quality
+#
+# The Subtree Maximum Quality attribute type specifies the purported
+# maximum data quality for a DIT subtree. See [8] for more discussion
+# and details of the syntax.
+#
+# subtreeMaximumQuality ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX DataQualitySyntax
+# SINGLE VALUE
+# -- Defaults to singleLevelQuality
+# ::= {pilotAttributeType 52}
+#
+attributetype ( 0.9.2342.19200300.100.1.52 NAME 'subtreeMaximumQuality'
+ DESC 'RFC1274: Subtree Maximun Quality'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE )
+
+# 9.3.43. Personal Signature
+#
+# The Personal Signature attribute type allows for a representation of
+# a person's signature. This should be encoded in G3 fax as explained
+# in recommendation T.4, with an ASN.1 wrapper to make it compatible
+# with an X.400 BodyPart as defined in X.420.
+#
+# IMPORT G3FacsimileBodyPart FROM { mhs-motis ipms modules
+# information-objects }
+#
+# personalSignature ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# CHOICE {
+# g3-facsimile [3] G3FacsimileBodyPart
+# }
+# (SIZE (1 .. ub-personal-signature))
+# ::= {pilotAttributeType 53}
+#
+attributetype ( 0.9.2342.19200300.100.1.53 NAME 'personalSignature'
+ DESC 'RFC1274: Personal Signature (G3 fax)'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.23 )
+
+# 9.3.44. DIT Redirect
+#
+# The DIT Redirect attribute type is used to indicate that the object
+# described by one entry now has a newer entry in the DIT. The entry
+# containing the redirection attribute should be expired after a
+# suitable grace period. This attribute may be used when an individual
+# changes his/her place of work, and thus acquires a new organisational
+# DN.
+#
+# dITRedirect ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# distinguishedNameSyntax
+# ::= {pilotAttributeType 54}
+#
+attributetype ( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect'
+ DESC 'RFC1274: DIT Redirect'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+# 9.3.45. Audio
+#
+# The Audio attribute type allows the storing of sounds in the
+# Directory. The attribute uses a u-law encoded sound file as used by
+# the "play" utility on a Sun 4. This is an interim format.
+#
+# audio ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# Audio
+# (SIZE (1 .. ub-audio))
+# ::= {pilotAttributeType 55}
+#
+attributetype ( 0.9.2342.19200300.100.1.55 NAME 'audio'
+ DESC 'RFC1274: audio (u-law)'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.4{25000} )
+
+# 9.3.46. Publisher of Document
+#
+#
+# The Publisher of Document attribute is the person and/or organization
+# that published a document.
+#
+# documentPublisher ATTRIBUTE
+# WITH ATTRIBUTE SYNTAX caseIgnoreStringSyntax
+# ::= {pilotAttributeType 56}
+#
+attributetype ( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher'
+ DESC 'RFC1274: publisher of document'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+# 9.4. Generally useful syntaxes
+#
+# caseIgnoreIA5StringSyntax ATTRIBUTE-SYNTAX
+# IA5String
+# MATCHES FOR EQUALITY SUBSTRINGS
+#
+# iA5StringSyntax ATTRIBUTE-SYNTAX
+# IA5String
+# MATCHES FOR EQUALITY SUBSTRINGS
+#
+#
+# -- Syntaxes to support the DNS attributes
+#
+# DNSRecordSyntax ATTRIBUTE-SYNTAX
+# IA5String
+# MATCHES FOR EQUALITY
+#
+#
+# NRSInformationSyntax ATTRIBUTE-SYNTAX
+# NRSInformation
+# MATCHES FOR EQUALITY
+#
+#
+# NRSInformation ::= SET {
+# [0] Context,
+# [1] Address-space-id,
+# routes [2] SEQUENCE OF SEQUENCE {
+# Route-cost,
+# Addressing-info }
+# }
+#
+#
+# 9.5. Upper bounds on length of attribute values
+#
+#
+# ub-document-identifier INTEGER ::= 256
+#
+# ub-document-location INTEGER ::= 256
+#
+# ub-document-title INTEGER ::= 256
+#
+# ub-document-version INTEGER ::= 256
+#
+# ub-favourite-drink INTEGER ::= 256
+#
+# ub-host INTEGER ::= 256
+#
+# ub-information INTEGER ::= 2048
+#
+# ub-unique-identifier INTEGER ::= 256
+#
+# ub-personal-title INTEGER ::= 256
+#
+# ub-photo INTEGER ::= 250000
+#
+# ub-rfc822-mailbox INTEGER ::= 256
+#
+# ub-room-number INTEGER ::= 256
+#
+# ub-text-or-address INTEGER ::= 256
+#
+# ub-user-class INTEGER ::= 256
+#
+# ub-user-identifier INTEGER ::= 256
+#
+# ub-organizational-status INTEGER ::= 256
+#
+# ub-janet-mailbox INTEGER ::= 256
+#
+# ub-building-name INTEGER ::= 256
+#
+# ub-personal-signature ::= 50000
+#
+# ub-audio INTEGER ::= 250000
+#
+
+# [back to 8]
+# 8. Object Classes
+#
+# 8.1. X.500 standard object classes
+#
+# A number of generally useful object classes are defined in X.521, and
+# these are supported. Refer to that document for descriptions of the
+# suggested usage of these object classes. The ASN.1 for these object
+# classes is reproduced for completeness in Appendix C.
+#
+# 8.2. X.400 standard object classes
+#
+# A number of object classes defined in X.400 are supported. Refer to
+# X.402 for descriptions of the usage of these object classes. The
+# ASN.1 for these object classes is reproduced for completeness in
+# Appendix C.
+#
+# 8.3. COSINE/Internet object classes
+#
+# This section attempts to fuse together the object classes designed
+# for use in the COSINE and Internet pilot activities. Descriptions
+# are given of the suggested usage of these object classes. The ASN.1
+# for these object classes is also reproduced in Appendix C.
+#
+# 8.3.1. Pilot Object
+#
+# The PilotObject object class is used as a sub-class to allow some
+# common, useful attributes to be assigned to entries of all other
+# object classes.
+#
+# pilotObject OBJECT-CLASS
+# SUBCLASS OF top
+# MAY CONTAIN {
+# info,
+# photo,
+# manager,
+# uniqueIdentifier,
+# lastModifiedTime,
+# lastModifiedBy,
+# dITRedirect,
+# audio}
+# ::= {pilotObjectClass 3}
+#
+#objectclass ( 0.9.2342.19200300.100.4.3 NAME 'pilotObject'
+# DESC 'RFC1274: pilot object'
+# SUP top AUXILIARY
+# MAY ( info $ photo $ manager $ uniqueIdentifier $
+# lastModifiedTime $ lastModifiedBy $ dITRedirect $ audio )
+# )
+
+# 8.3.2. Pilot Person
+#
+# The PilotPerson object class is used as a sub-class of person, to
+# allow the use of a number of additional attributes to be assigned to
+# entries of object class person.
+#
+# pilotPerson OBJECT-CLASS
+# SUBCLASS OF person
+# MAY CONTAIN {
+# userid,
+# textEncodedORAddress,
+# rfc822Mailbox,
+# favouriteDrink,
+# roomNumber,
+# userClass,
+# homeTelephoneNumber,
+# homePostalAddress,
+# secretary,
+# personalTitle,
+# preferredDeliveryMethod,
+# businessCategory,
+# janetMailbox,
+# otherMailbox,
+# mobileTelephoneNumber,
+# pagerTelephoneNumber,
+# organizationalStatus,
+# mailPreferenceOption,
+# personalSignature}
+# ::= {pilotObjectClass 4}
+#
+objectclass ( 0.9.2342.19200300.100.4.4
+ NAME ( 'pilotPerson' 'newPilotPerson' )
+ SUP person STRUCTURAL
+ MAY ( userid $ textEncodedORAddress $ rfc822Mailbox $
+ favouriteDrink $ roomNumber $ userClass $
+ homeTelephoneNumber $ homePostalAddress $ secretary $
+ personalTitle $ preferredDeliveryMethod $ businessCategory $
+ janetMailbox $ otherMailbox $ mobileTelephoneNumber $
+ pagerTelephoneNumber $ organizationalStatus $
+ mailPreferenceOption $ personalSignature )
+ )
+
+# 8.3.3. Account
+#
+# The Account object class is used to define entries representing
+# computer accounts. The userid attribute should be used for naming
+# entries of this object class.
+#
+# account OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# userid}
+# MAY CONTAIN {
+# description,
+# seeAlso,
+# localityName,
+# organizationName,
+# organizationalUnitName,
+# host}
+# ::= {pilotObjectClass 5}
+#
+objectclass ( 0.9.2342.19200300.100.4.5 NAME 'account'
+ SUP top STRUCTURAL
+ MUST userid
+ MAY ( description $ seeAlso $ localityName $
+ organizationName $ organizationalUnitName $ host )
+ )
+
+# 8.3.4. Document
+#
+# The Document object class is used to define entries which represent
+# documents.
+#
+# document OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# documentIdentifier}
+# MAY CONTAIN {
+# commonName,
+# description,
+# seeAlso,
+# localityName,
+# organizationName,
+# organizationalUnitName,
+# documentTitle,
+# documentVersion,
+# documentAuthor,
+# documentLocation,
+# documentPublisher}
+# ::= {pilotObjectClass 6}
+#
+objectclass ( 0.9.2342.19200300.100.4.6 NAME 'document'
+ SUP top STRUCTURAL
+ MUST documentIdentifier
+ MAY ( commonName $ description $ seeAlso $ localityName $
+ organizationName $ organizationalUnitName $
+ documentTitle $ documentVersion $ documentAuthor $
+ documentLocation $ documentPublisher )
+ )
+
+# 8.3.5. Room
+#
+# The Room object class is used to define entries representing rooms.
+# The commonName attribute should be used for naming pentries of this
+# object class.
+#
+# room OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# commonName}
+# MAY CONTAIN {
+# roomNumber,
+# description,
+# seeAlso,
+# telephoneNumber}
+# ::= {pilotObjectClass 7}
+#
+objectclass ( 0.9.2342.19200300.100.4.7 NAME 'room'
+ SUP top STRUCTURAL
+ MUST commonName
+ MAY ( roomNumber $ description $ seeAlso $ telephoneNumber )
+ )
+
+# 8.3.6. Document Series
+#
+# The Document Series object class is used to define an entry which
+# represents a series of documents (e.g., The Request For Comments
+# papers).
+#
+# documentSeries OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# commonName}
+# MAY CONTAIN {
+# description,
+# seeAlso,
+# telephoneNumber,
+# localityName,
+# organizationName,
+# organizationalUnitName}
+# ::= {pilotObjectClass 9}
+#
+objectclass ( 0.9.2342.19200300.100.4.9 NAME 'documentSeries'
+ SUP top STRUCTURAL
+ MUST commonName
+ MAY ( description $ seeAlso $ telephonenumber $
+ localityName $ organizationName $ organizationalUnitName )
+ )
+
+# 8.3.7. Domain
+#
+# The Domain object class is used to define entries which represent DNS
+# or NRS domains. The domainComponent attribute should be used for
+# naming entries of this object class. The usage of this object class
+# is described in more detail in [3].
+#
+# domain OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# domainComponent}
+# MAY CONTAIN {
+# associatedName,
+# organizationName,
+# organizationalAttributeSet}
+# ::= {pilotObjectClass 13}
+#
+objectclass ( 0.9.2342.19200300.100.4.13 NAME 'domain'
+ SUP top STRUCTURAL
+ MUST domainComponent
+ MAY ( associatedName $ organizationName $ description $
+ businessCategory $ seeAlso $ searchGuide $ userPassword $
+ localityName $ stateOrProvinceName $ streetAddress $
+ physicalDeliveryOfficeName $ postalAddress $ postalCode $
+ postOfficeBox $ streetAddress $
+ facsimileTelephoneNumber $ internationalISDNNumber $
+ telephoneNumber $ teletexTerminalIdentifier $ telexNumber $
+ preferredDeliveryMethod $ destinationIndicator $
+ registeredAddress $ x121Address )
+ )
+
+# 8.3.8. RFC822 Local Part
+#
+# The RFC822 Local Part object class is used to define entries which
+# represent the local part of RFC822 mail addresses. This treats this
+# part of an RFC822 address as a domain. The usage of this object
+# class is described in more detail in [3].
+#
+# rFC822localPart OBJECT-CLASS
+# SUBCLASS OF domain
+# MAY CONTAIN {
+# commonName,
+# surname,
+# description,
+# seeAlso,
+# telephoneNumber,
+# postalAttributeSet,
+# telecommunicationAttributeSet}
+# ::= {pilotObjectClass 14}
+#
+objectclass ( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart'
+ SUP domain STRUCTURAL
+ MAY ( commonName $ surname $ description $ seeAlso $ telephoneNumber $
+ physicalDeliveryOfficeName $ postalAddress $ postalCode $
+ postOfficeBox $ streetAddress $
+ facsimileTelephoneNumber $ internationalISDNNumber $
+ telephoneNumber $ teletexTerminalIdentifier $
+ telexNumber $ preferredDeliveryMethod $ destinationIndicator $
+ registeredAddress $ x121Address )
+ )
+
+# 8.3.9. DNS Domain
+#
+# The DNS Domain (Domain NameServer) object class is used to define
+# entries for DNS domains. The usage of this object class is described
+# in more detail in [3].
+#
+# dNSDomain OBJECT-CLASS
+# SUBCLASS OF domain
+# MAY CONTAIN {
+# ARecord,
+# MDRecord,
+# MXRecord,
+# NSRecord,
+# SOARecord,
+# CNAMERecord}
+# ::= {pilotObjectClass 15}
+#
+objectclass ( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain'
+ SUP domain STRUCTURAL
+ MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $
+ SOARecord $ CNAMERecord )
+ )
+
+# 8.3.10. Domain Related Object
+#
+# The Domain Related Object object class is used to define entries
+# which represent DNS/NRS domains which are "equivalent" to an X.500
+# domain: e.g., an organisation or organisational unit. The usage of
+# this object class is described in more detail in [3].
+#
+# domainRelatedObject OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# associatedDomain}
+# ::= {pilotObjectClass 17}
+#
+objectclass ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject'
+ DESC 'RFC1274: an object related to an domain'
+ SUP top AUXILIARY
+ MUST associatedDomain )
+
+# 8.3.11. Friendly Country
+#
+# The Friendly Country object class is used to define country entries
+# in the DIT. The object class is used to allow friendlier naming of
+# countries than that allowed by the object class country. The naming
+# attribute of object class country, countryName, has to be a 2 letter
+# string defined in ISO 3166.
+#
+# friendlyCountry OBJECT-CLASS
+# SUBCLASS OF country
+# MUST CONTAIN {
+# friendlyCountryName}
+# ::= {pilotObjectClass 18}
+#
+objectclass ( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry'
+ SUP country STRUCTURAL
+ MUST friendlyCountryName )
+
+# 8.3.12. Simple Security Object
+#
+# The Simple Security Object object class is used to allow an entry to
+# have a userPassword attribute when an entry's principal object
+# classes do not allow userPassword as an attribute type.
+#
+# simpleSecurityObject OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# userPassword }
+# ::= {pilotObjectClass 19}
+#
+## (in core.schema)
+## objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
+## SUP top AUXILIARY
+## MUST userPassword )
+
+# 8.3.13. Pilot Organization
+#
+# The PilotOrganization object class is used as a sub-class of
+# organization and organizationalUnit to allow a number of additional
+# attributes to be assigned to entries of object classes organization
+# and organizationalUnit.
+#
+# pilotOrganization OBJECT-CLASS
+# SUBCLASS OF organization, organizationalUnit
+# MAY CONTAIN {
+# buildingName}
+# ::= {pilotObjectClass 20}
+#
+objectclass ( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization'
+ SUP ( organization $ organizationalUnit ) STRUCTURAL
+ MAY buildingName )
+
+# 8.3.14. Pilot DSA
+#
+# The PilotDSA object class is used as a sub-class of the dsa object
+# class to allow additional attributes to be assigned to entries for
+# DSAs.
+#
+# pilotDSA OBJECT-CLASS
+# SUBCLASS OF dsa
+# MUST CONTAIN {
+# dSAQuality}
+# ::= {pilotObjectClass 21}
+#
+objectclass ( 0.9.2342.19200300.100.4.21 NAME 'pilotDSA'
+ SUP dsa STRUCTURAL
+ MAY dSAQuality )
+
+# 8.3.15. Quality Labelled Data
+#
+# The Quality Labelled Data object class is used to allow the
+# assignment of the data quality attributes to subtrees in the DIT.
+#
+# See [8] for more details.
+#
+# qualityLabelledData OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# dSAQuality}
+# MAY CONTAIN {
+# subtreeMinimumQuality,
+# subtreeMaximumQuality}
+# ::= {pilotObjectClass 22}
+objectclass ( 0.9.2342.19200300.100.4.22 NAME 'qualityLabelledData'
+ SUP top AUXILIARY
+ MUST dsaQuality
+ MAY ( subtreeMinimumQuality $ subtreeMaximumQuality )
+ )
+
+
+# References
+#
+# [1] CCITT/ISO, "X.500, The Directory - overview of concepts,
+# models and services, CCITT /ISO IS 9594.
+#
+# [2] Kille, S., "The THORN and RARE X.500 Naming Architecture, in
+# University College London, Department of Computer Science
+# Research Note 89/48, May 1989.
+#
+# [3] Kille, S., "X.500 and Domains", RFC 1279, University College
+# London, November 1991.
+#
+# [4] Rose, M., "PSI/NYSERNet White Pages Pilot Project: Status
+# Report", Technical Report 90-09-10-1, published by NYSERNet
+# Inc, 1990.
+#
+# [5] Craigie, J., "UK Academic Community Directory Service Pilot
+# Project, pp. 305-310 in Computer Networks and ISDN Systems
+# 17 (1989), published by North Holland.
+#
+# [6] Mockapetris, P., "Domain Names - Concepts and Facilities",
+# RFC 1034, USC/Information Sciences Institute, November 1987.
+#
+# [7] Mockapetris, P., "Domain Names - Implementation and
+# Specification, RFC 1035, USC/Information Sciences Institute,
+# November 1987.
+#
+# [8] Kille, S., "Handling QOS (Quality of service) in the
+# Directory," publication in process, March 1991.
+#
+#
+# APPENDIX C - Summary of all Object Classes and Attribute Types
+#
+# -- Some Important Object Identifiers
+#
+# data OBJECT IDENTIFIER ::= {ccitt 9}
+# pss OBJECT IDENTIFIER ::= {data 2342}
+# ucl OBJECT IDENTIFIER ::= {pss 19200300}
+# pilot OBJECT IDENTIFIER ::= {ucl 100}
+#
+# pilotAttributeType OBJECT IDENTIFIER ::= {pilot 1}
+# pilotAttributeSyntax OBJECT IDENTIFIER ::= {pilot 3}
+# pilotObjectClass OBJECT IDENTIFIER ::= {pilot 4}
+# pilotGroups OBJECT IDENTIFIER ::= {pilot 10}
+#
+# iA5StringSyntax OBJECT IDENTIFIER ::= {pilotAttributeSyntax 4}
+# caseIgnoreIA5StringSyntax OBJECT IDENTIFIER ::=
+# {pilotAttributeSyntax 5}
+#
+# -- Standard Object Classes
+#
+# top OBJECT-CLASS
+# MUST CONTAIN {
+# objectClass}
+# ::= {objectClass 0}
+#
+#
+# alias OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# aliasedObjectName}
+# ::= {objectClass 1}
+#
+#
+# country OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# countryName}
+# MAY CONTAIN {
+# description,
+# searchGuide}
+# ::= {objectClass 2}
+#
+#
+# locality OBJECT-CLASS
+# SUBCLASS OF top
+# MAY CONTAIN {
+# description,
+# localityName,
+# stateOrProvinceName,
+# searchGuide,
+# seeAlso,
+# streetAddress}
+# ::= {objectClass 3}
+#
+#
+# organization OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# organizationName}
+# MAY CONTAIN {
+# organizationalAttributeSet}
+# ::= {objectClass 4}
+#
+#
+# organizationalUnit OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# organizationalUnitName}
+# MAY CONTAIN {
+# organizationalAttributeSet}
+# ::= {objectClass 5}
+#
+#
+# person OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# commonName,
+# surname}
+# MAY CONTAIN {
+# description,
+# seeAlso,
+# telephoneNumber,
+# userPassword}
+# ::= {objectClass 6}
+#
+#
+# organizationalPerson OBJECT-CLASS
+# SUBCLASS OF person
+# MAY CONTAIN {
+# localeAttributeSet,
+# organizationalUnitName,
+# postalAttributeSet,
+# telecommunicationAttributeSet,
+# title}
+# ::= {objectClass 7}
+#
+#
+# organizationalRole OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# commonName}
+# MAY CONTAIN {
+# description,
+# localeAttributeSet,
+# organizationalUnitName,
+# postalAttributeSet,
+# preferredDeliveryMethod,
+# roleOccupant,
+# seeAlso,
+# telecommunicationAttributeSet}
+# ::= {objectClass 8}
+#
+#
+# groupOfNames OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# commonName,
+# member}
+# MAY CONTAIN {
+# description,
+# organizationName,
+# organizationalUnitName,
+# owner,
+# seeAlso,
+# businessCategory}
+# ::= {objectClass 9}
+#
+#
+# residentialPerson OBJECT-CLASS
+# SUBCLASS OF person
+# MUST CONTAIN {
+# localityName}
+# MAY CONTAIN {
+# localeAttributeSet,
+# postalAttributeSet,
+# preferredDeliveryMethod,
+# telecommunicationAttributeSet,
+# businessCategory}
+# ::= {objectClass 10}
+#
+#
+# applicationProcess OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# commonName}
+# MAY CONTAIN {
+# description,
+# localityName,
+# organizationalUnitName,
+# seeAlso}
+# ::= {objectClass 11}
+#
+#
+# applicationEntity OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# commonName,
+# presentationAddress}
+# MAY CONTAIN {
+# description,
+# localityName,
+# organizationName,
+# organizationalUnitName,
+# seeAlso,
+# supportedApplicationContext}
+# ::= {objectClass 12}
+#
+#
+# dSA OBJECT-CLASS
+# SUBCLASS OF applicationEntity
+# MAY CONTAIN {
+# knowledgeInformation}
+# ::= {objectClass 13}
+#
+#
+# device OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# commonName}
+# MAY CONTAIN {
+# description,
+# localityName,
+# organizationName,
+# organizationalUnitName,
+# owner,
+# seeAlso,
+# serialNumber}
+# ::= {objectClass 14}
+#
+#
+# strongAuthenticationUser OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# userCertificate}
+# ::= {objectClass 15}
+#
+#
+# certificationAuthority OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# cACertificate,
+# certificateRevocationList,
+# authorityRevocationList}
+# MAY CONTAIN {
+# crossCertificatePair}
+# ::= {objectClass 16}
+#
+# -- Standard MHS Object Classes
+#
+# mhsDistributionList OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# commonName,
+# mhsDLSubmitPermissions,
+# mhsORAddresses}
+# MAY CONTAIN {
+# description,
+# organizationName,
+# organizationalUnitName,
+# owner,
+# seeAlso,
+# mhsDeliverableContentTypes,
+# mhsdeliverableEits,
+# mhsDLMembers,
+# mhsPreferredDeliveryMethods}
+# ::= {mhsObjectClass 0}
+#
+#
+# mhsMessageStore OBJECT-CLASS
+# SUBCLASS OF applicationEntity
+# MAY CONTAIN {
+# description,
+# owner,
+# mhsSupportedOptionalAttributes,
+# mhsSupportedAutomaticActions,
+# mhsSupportedContentTypes}
+# ::= {mhsObjectClass 1}
+#
+#
+# mhsMessageTransferAgent OBJECT-CLASS
+# SUBCLASS OF applicationEntity
+# MAY CONTAIN {
+# description,
+# owner,
+# mhsDeliverableContentLength}
+# ::= {mhsObjectClass 2}
+#
+#
+# mhsOrganizationalUser OBJECT-CLASS
+# SUBCLASS OF organizationalPerson
+# MUST CONTAIN {
+# mhsORAddresses}
+# MAY CONTAIN {
+# mhsDeliverableContentLength,
+# mhsDeliverableContentTypes,
+# mhsDeliverableEits,
+# mhsMessageStoreName,
+# mhsPreferredDeliveryMethods }
+# ::= {mhsObjectClass 3}
+#
+#
+# mhsResidentialUser OBJECT-CLASS
+# SUBCLASS OF residentialPerson
+# MUST CONTAIN {
+# mhsORAddresses}
+# MAY CONTAIN {
+# mhsDeliverableContentLength,
+# mhsDeliverableContentTypes,
+# mhsDeliverableEits,
+# mhsMessageStoreName,
+# mhsPreferredDeliveryMethods }
+# ::= {mhsObjectClass 4}
+#
+#
+# mhsUserAgent OBJECT-CLASS
+# SUBCLASS OF applicationEntity
+# MAY CONTAIN {
+# mhsDeliverableContentLength,
+# mhsDeliverableContentTypes,
+# mhsDeliverableEits,
+# mhsORAddresses,
+# owner}
+# ::= {mhsObjectClass 5}
+#
+#
+#
+#
+# -- Pilot Object Classes
+#
+# pilotObject OBJECT-CLASS
+# SUBCLASS OF top
+# MAY CONTAIN {
+# info,
+# photo,
+# manager,
+# uniqueIdentifier,
+# lastModifiedTime,
+# lastModifiedBy,
+# dITRedirect,
+# audio}
+# ::= {pilotObjectClass 3}
+# pilotPerson OBJECT-CLASS
+# SUBCLASS OF person
+# MAY CONTAIN {
+# userid,
+# textEncodedORAddress,
+# rfc822Mailbox,
+# favouriteDrink,
+# roomNumber,
+# userClass,
+# homeTelephoneNumber,
+# homePostalAddress,
+# secretary,
+# personalTitle,
+# preferredDeliveryMethod,
+# businessCategory,
+# janetMailbox,
+# otherMailbox,
+# mobileTelephoneNumber,
+# pagerTelephoneNumber,
+# organizationalStatus,
+# mailPreferenceOption,
+# personalSignature}
+# ::= {pilotObjectClass 4}
+#
+#
+# account OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# userid}
+# MAY CONTAIN {
+# description,
+# seeAlso,
+# localityName,
+# organizationName,
+# organizationalUnitName,
+# host}
+# ::= {pilotObjectClass 5}
+#
+#
+# document OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# documentIdentifier}
+# MAY CONTAIN {
+# commonName,
+# description,
+# seeAlso,
+# localityName,
+# organizationName,
+# organizationalUnitName,
+# documentTitle,
+# documentVersion,
+# documentAuthor,
+# documentLocation,
+# documentPublisher}
+# ::= {pilotObjectClass 6}
+#
+#
+# room OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# commonName}
+# MAY CONTAIN {
+# roomNumber,
+# description,
+# seeAlso,
+# telephoneNumber}
+# ::= {pilotObjectClass 7}
+#
+#
+# documentSeries OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# commonName}
+# MAY CONTAIN {
+# description,
+# seeAlso,
+# telephoneNumber,
+# localityName,
+# organizationName,
+# organizationalUnitName}
+# ::= {pilotObjectClass 9}
+#
+#
+# domain OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# domainComponent}
+# MAY CONTAIN {
+# associatedName,
+# organizationName,
+# organizationalAttributeSet}
+# ::= {pilotObjectClass 13}
+#
+#
+# rFC822localPart OBJECT-CLASS
+# SUBCLASS OF domain
+# MAY CONTAIN {
+# commonName,
+# surname,
+# description,
+# seeAlso,
+# telephoneNumber,
+# postalAttributeSet,
+# telecommunicationAttributeSet}
+# ::= {pilotObjectClass 14}
+#
+#
+# dNSDomain OBJECT-CLASS
+# SUBCLASS OF domain
+# MAY CONTAIN {
+# ARecord,
+# MDRecord,
+# MXRecord,
+# NSRecord,
+# SOARecord,
+# CNAMERecord}
+# ::= {pilotObjectClass 15}
+#
+#
+# domainRelatedObject OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# associatedDomain}
+# ::= {pilotObjectClass 17}
+#
+#
+# friendlyCountry OBJECT-CLASS
+# SUBCLASS OF country
+# MUST CONTAIN {
+# friendlyCountryName}
+# ::= {pilotObjectClass 18}
+#
+#
+# simpleSecurityObject OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# userPassword }
+# ::= {pilotObjectClass 19}
+#
+#
+# pilotOrganization OBJECT-CLASS
+# SUBCLASS OF organization, organizationalUnit
+# MAY CONTAIN {
+# buildingName}
+# ::= {pilotObjectClass 20}
+#
+#
+# pilotDSA OBJECT-CLASS
+# SUBCLASS OF dsa
+# MUST CONTAIN {
+# dSAQuality}
+# ::= {pilotObjectClass 21}
+#
+#
+# qualityLabelledData OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# dSAQuality}
+# MAY CONTAIN {
+# subtreeMinimumQuality,
+# subtreeMaximumQuality}
+# ::= {pilotObjectClass 22}
+#
+#
+#
+#
+# -- Standard Attribute Types
+#
+# objectClass ObjectClass
+# ::= {attributeType 0}
+#
+#
+# aliasedObjectName AliasedObjectName
+# ::= {attributeType 1}
+#
+#
+# knowledgeInformation ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX caseIgnoreString
+# ::= {attributeType 2}
+#
+#
+# commonName ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
+# (SIZE (1..ub-common-name))
+# ::= {attributeType 3}
+#
+#
+# surname ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
+# (SIZE (1..ub-surname))
+# ::= {attributeType 4}
+#
+#
+# serialNumber ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX printableStringSyntax
+# (SIZE (1..ub-serial-number))
+# ::= {attributeType 5}
+#
+#
+# countryName ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX PrintableString
+# (SIZE (1..ub-country-code))
+# SINGLE VALUE
+# ::= {attributeType 6}
+#
+#
+# localityName ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
+# (SIZE (1..ub-locality-name))
+# ::= {attributeType 7}
+#
+#
+# stateOrProvinceName ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
+# (SIZE (1..ub-state-name))
+# ::= {attributeType 8}
+#
+#
+# streetAddress ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
+# (SIZE (1..ub-street-address))
+# ::= {attributeType 9}
+#
+#
+# organizationName ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
+# (SIZE (1..ub-organization-name))
+# ::= {attributeType 10}
+#
+#
+# organizationalUnitName ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
+# (SIZE (1..ub-organizational-unit-name))
+# ::= {attributeType 11}
+#
+#
+# title ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
+# (SIZE (1..ub-title))
+# ::= {attributeType 12}
+#
+#
+# description ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
+# (SIZE (1..ub-description))
+# ::= {attributeType 13}
+#
+#
+# searchGuide ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX Guide
+# ::= {attributeType 14}
+#
+#
+# businessCategory ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
+# (SIZE (1..ub-business-category))
+# ::= {attributeType 15}
+#
+#
+# postalAddress ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX PostalAddress
+# MATCHES FOR EQUALITY
+# ::= {attributeType 16}
+#
+#
+# postalCode ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
+# (SIZE (1..ub-postal-code))
+# ::= {attributeType 17}
+#
+#
+# postOfficeBox ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
+# (SIZE (1..ub-post-office-box))
+# ::= {attributeType 18}
+#
+#
+# physicalDeliveryOfficeName ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
+# (SIZE (1..ub-physical-office-name))
+# ::= {attributeType 19}
+#
+#
+# telephoneNumber ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX telephoneNumberSyntax
+# (SIZE (1..ub-telephone-number))
+# ::= {attributeType 20}
+#
+#
+# telexNumber ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX TelexNumber
+# (SIZE (1..ub-telex))
+# ::= {attributeType 21}
+#
+#
+# teletexTerminalIdentifier ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX TeletexTerminalIdentifier
+# (SIZE (1..ub-teletex-terminal-id))
+# ::= {attributeType 22}
+#
+#
+# facsimileTelephoneNumber ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX FacsimileTelephoneNumber
+# ::= {attributeType 23}
+#
+#
+# x121Address ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX NumericString
+# (SIZE (1..ub-x121-address))
+# ::= {attributeType 24}
+#
+#
+# internationaliSDNNumber ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX NumericString
+# (SIZE (1..ub-isdn-address))
+# ::= {attributeType 25}
+#
+#
+# registeredAddress ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX PostalAddress
+# ::= {attributeType 26}
+#
+#
+# destinationIndicator ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX PrintableString
+# (SIZE (1..ub-destination-indicator))
+# MATCHES FOR EQUALITY SUBSTRINGS
+# ::= {attributeType 27}
+#
+#
+# preferredDeliveryMethod ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX deliveryMethod
+# ::= {attributeType 28}
+#
+#
+# presentationAddress ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX PresentationAddress
+# MATCHES FOR EQUALITY
+# ::= {attributeType 29}
+#
+#
+# supportedApplicationContext ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX objectIdentifierSyntax
+# ::= {attributeType 30}
+#
+#
+# member ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax
+# ::= {attributeType 31}
+#
+#
+# owner ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax
+# ::= {attributeType 32}
+#
+#
+# roleOccupant ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax
+# ::= {attributeType 33}
+#
+#
+# seeAlso ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax
+# ::= {attributeType 34}
+#
+#
+# userPassword ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX Userpassword
+# ::= {attributeType 35}
+#
+#
+# userCertificate ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX UserCertificate
+# ::= {attributeType 36}
+#
+#
+# cACertificate ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX cACertificate
+# ::= {attributeType 37}
+#
+#
+# authorityRevocationList ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX AuthorityRevocationList
+# ::= {attributeType 38}
+#
+#
+# certificateRevocationList ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX CertificateRevocationList
+# ::= {attributeType 39}
+#
+#
+# crossCertificatePair ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX CrossCertificatePair
+# ::= {attributeType 40}
+#
+#
+#
+#
+# -- Standard MHS Attribute Types
+#
+# mhsDeliverableContentLength ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX integer
+# ::= {mhsAttributeType 0}
+#
+#
+# mhsDeliverableContentTypes ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX oID
+# ::= {mhsAttributeType 1}
+#
+#
+# mhsDeliverableEits ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX oID
+# ::= {mhsAttributeType 2}
+#
+#
+# mhsDLMembers ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX oRName
+# ::= {mhsAttributeType 3}
+#
+#
+# mhsDLSubmitPermissions ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX dLSubmitPermission
+# ::= {mhsAttributeType 4}
+#
+#
+# mhsMessageStoreName ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX dN
+# ::= {mhsAttributeType 5}
+#
+#
+# mhsORAddresses ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX oRAddress
+# ::= {mhsAttributeType 6}
+#
+#
+# mhsPreferredDeliveryMethods ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX deliveryMethod
+# ::= {mhsAttributeType 7}
+#
+#
+# mhsSupportedAutomaticActions ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX oID
+# ::= {mhsAttributeType 8}
+#
+#
+# mhsSupportedContentTypes ATTRIBUTE
+#
+# WITH ATTRIBUTE-SYNTAX oID
+# ::= {mhsAttributeType 9}
+#
+#
+# mhsSupportedOptionalAttributes ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX oID
+# ::= {mhsAttributeType 10}
+#
+#
+#
+#
+# -- Pilot Attribute Types
+#
+# userid ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-user-identifier))
+# ::= {pilotAttributeType 1}
+#
+#
+# textEncodedORAddress ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-text-encoded-or-address))
+# ::= {pilotAttributeType 2}
+#
+#
+# rfc822Mailbox ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreIA5StringSyntax
+# (SIZE (1 .. ub-rfc822-mailbox))
+# ::= {pilotAttributeType 3}
+#
+#
+# info ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-information))
+# ::= {pilotAttributeType 4}
+#
+#
+# favouriteDrink ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-favourite-drink))
+# ::= {pilotAttributeType 5}
+#
+#
+# roomNumber ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-room-number))
+# ::= {pilotAttributeType 6}
+#
+#
+# photo ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# CHOICE {
+# g3-facsimile [3] G3FacsimileBodyPart
+# }
+# (SIZE (1 .. ub-photo))
+# ::= {pilotAttributeType 7}
+#
+#
+# userClass ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-user-class))
+# ::= {pilotAttributeType 8}
+#
+#
+# host ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-host))
+# ::= {pilotAttributeType 9}
+#
+#
+# manager ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# distinguishedNameSyntax
+# ::= {pilotAttributeType 10}
+#
+#
+# documentIdentifier ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-document-identifier))
+# ::= {pilotAttributeType 11}
+#
+#
+# documentTitle ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-document-title))
+# ::= {pilotAttributeType 12}
+#
+#
+# documentVersion ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-document-version))
+# ::= {pilotAttributeType 13}
+#
+#
+# documentAuthor ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# distinguishedNameSyntax
+# ::= {pilotAttributeType 14}
+#
+#
+# documentLocation ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-document-location))
+# ::= {pilotAttributeType 15}
+#
+#
+# homeTelephoneNumber ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# telephoneNumberSyntax
+# ::= {pilotAttributeType 20}
+#
+#
+# secretary ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# distinguishedNameSyntax
+# ::= {pilotAttributeType 21}
+#
+#
+# otherMailbox ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# SEQUENCE {
+# mailboxType PrintableString, -- e.g. Telemail
+# mailbox IA5String -- e.g. X378:Joe
+# }
+# ::= {pilotAttributeType 22}
+#
+#
+# lastModifiedTime ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# uTCTimeSyntax
+# ::= {pilotAttributeType 23}
+#
+#
+# lastModifiedBy ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# distinguishedNameSyntax
+# ::= {pilotAttributeType 24}
+#
+#
+# domainComponent ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreIA5StringSyntax
+# SINGLE VALUE
+# ::= {pilotAttributeType 25}
+#
+#
+# aRecord ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# DNSRecordSyntax
+# ::= {pilotAttributeType 26}
+#
+#
+# mXRecord ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# DNSRecordSyntax
+# ::= {pilotAttributeType 28}
+#
+#
+# nSRecord ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# DNSRecordSyntax
+# ::= {pilotAttributeType 29}
+#
+# sOARecord ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# DNSRecordSyntax
+# ::= {pilotAttributeType 30}
+#
+#
+# cNAMERecord ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# iA5StringSyntax
+# ::= {pilotAttributeType 31}
+#
+#
+# associatedDomain ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreIA5StringSyntax
+# ::= {pilotAttributeType 37}
+#
+#
+# associatedName ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# distinguishedNameSyntax
+# ::= {pilotAttributeType 38}
+#
+#
+# homePostalAddress ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# postalAddress
+# MATCHES FOR EQUALITY
+# ::= {pilotAttributeType 39}
+#
+#
+# personalTitle ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-personal-title))
+# ::= {pilotAttributeType 40}
+#
+#
+# mobileTelephoneNumber ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# telephoneNumberSyntax
+# ::= {pilotAttributeType 41}
+#
+#
+# pagerTelephoneNumber ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# telephoneNumberSyntax
+# ::= {pilotAttributeType 42}
+#
+#
+# friendlyCountryName ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# ::= {pilotAttributeType 43}
+#
+#
+# uniqueIdentifier ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-unique-identifier))
+# ::= {pilotAttributeType 44}
+#
+#
+# organizationalStatus ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-organizational-status))
+# ::= {pilotAttributeType 45}
+#
+#
+# janetMailbox ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreIA5StringSyntax
+# (SIZE (1 .. ub-janet-mailbox))
+# ::= {pilotAttributeType 46}
+#
+#
+# mailPreferenceOption ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX ENUMERATED {
+# no-list-inclusion(0),
+# any-list-inclusion(1), -- may be added to any lists
+# professional-list-inclusion(2)
+# -- may be added to lists
+# -- which the list provider
+# -- views as related to the
+# -- users professional inter-
+# -- ests, perhaps evaluated
+# -- from the business of the
+# -- organisation or keywords
+# -- in the entry.
+# }
+# ::= {pilotAttributeType 47}
+#
+#
+# buildingName ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-building-name))
+# ::= {pilotAttributeType 48}
+#
+#
+# dSAQuality ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX DSAQualitySyntax
+# SINGLE VALUE
+# ::= {pilotAttributeType 49}
+#
+#
+# singleLevelQuality ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX DataQualitySyntax
+# SINGLE VALUE
+#
+#
+# subtreeMinimumQuality ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX DataQualitySyntax
+# SINGLE VALUE
+# -- Defaults to singleLevelQuality
+# ::= {pilotAttributeType 51}
+#
+#
+# subtreeMaximumQuality ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX DataQualitySyntax
+# SINGLE VALUE
+# -- Defaults to singleLevelQuality
+# ::= {pilotAttributeType 52}
+#
+#
+# personalSignature ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# CHOICE {
+# g3-facsimile [3] G3FacsimileBodyPart
+# }
+# (SIZE (1 .. ub-personal-signature))
+# ::= {pilotAttributeType 53}
+#
+#
+# dITRedirect ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# distinguishedNameSyntax
+# ::= {pilotAttributeType 54}
+#
+#
+# audio ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# Audio
+# (SIZE (1 .. ub-audio))
+# ::= {pilotAttributeType 55}
+#
+# documentPublisher ATTRIBUTE
+# WITH ATTRIBUTE SYNTAX caseIgnoreStringSyntax
+# ::= {pilotAttributeType 56}
+#
+#
+#
+# -- Generally useful syntaxes
+#
+#
+# caseIgnoreIA5StringSyntax ATTRIBUTE-SYNTAX
+# IA5String
+# MATCHES FOR EQUALITY SUBSTRINGS
+#
+#
+# iA5StringSyntax ATTRIBUTE-SYNTAX
+# IA5String
+# MATCHES FOR EQUALITY SUBSTRINGS
+#
+#
+# -- Syntaxes to support the DNS attributes
+#
+# DNSRecordSyntax ATTRIBUTE-SYNTAX
+# IA5String
+# MATCHES FOR EQUALITY
+#
+#
+# NRSInformationSyntax ATTRIBUTE-SYNTAX
+# NRSInformation
+# MATCHES FOR EQUALITY
+#
+#
+# NRSInformation ::= SET {
+# [0] Context,
+# [1] Address-space-id,
+# routes [2] SEQUENCE OF SEQUENCE {
+# Route-cost,
+# Addressing-info }
+# }
+#
+#
+# -- Upper bounds on length of attribute values
+#
+#
+# ub-document-identifier INTEGER ::= 256
+#
+# ub-document-location INTEGER ::= 256
+#
+# ub-document-title INTEGER ::= 256
+#
+# ub-document-version INTEGER ::= 256
+#
+# ub-favourite-drink INTEGER ::= 256
+#
+# ub-host INTEGER ::= 256
+#
+# ub-information INTEGER ::= 2048
+#
+# ub-unique-identifier INTEGER ::= 256
+#
+# ub-personal-title INTEGER ::= 256
+#
+# ub-photo INTEGER ::= 250000
+#
+# ub-rfc822-mailbox INTEGER ::= 256
+#
+# ub-room-number INTEGER ::= 256
+#
+# ub-text-or-address INTEGER ::= 256
+#
+# ub-user-class INTEGER ::= 256
+#
+# ub-user-identifier INTEGER ::= 256
+#
+# ub-organizational-status INTEGER ::= 256
+#
+# ub-janet-mailbox INTEGER ::= 256
+#
+# ub-building-name INTEGER ::= 256
+#
+# ub-personal-signature ::= 50000
+#
+# ub-audio INTEGER ::= 250000
+#
+# [remainder of memo trimmed]
+
--- /dev/null
+# RFC1274: Cosine and Internet X.500 schema
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2011 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+# RFC1274: Cosine and Internet X.500 schema
+#
+# This file contains LDAPv3 schema derived from X.500 COSINE "pilot"
+# schema. As this schema was defined for X.500(89), some
+# oddities were introduced in the mapping to LDAPv3. The
+# mappings were based upon: draft-ietf-asid-ldapv3-attributes-03.txt
+# (a work in progress)
+#
+# Note: It seems that the pilot schema evolved beyond what was
+# described in RFC1274. However, this document attempts to describes
+# RFC1274 as published.
+#
+# Depends on core.schema
+
+
+# Network Working Group P. Barker
+# Request for Comments: 1274 S. Kille
+# University College London
+# November 1991
+#
+# The COSINE and Internet X.500 Schema
+#
+# [trimmed]
+#
+# Abstract
+#
+# This document suggests an X.500 Directory Schema, or Naming
+# Architecture, for use in the COSINE and Internet X.500 pilots. The
+# schema is independent of any specific implementation. As well as
+# indicating support for the standard object classes and attributes, a
+# large number of generally useful object classes and attributes are
+# also defined. An appendix to this document includes a machine
+# processable version of the schema.
+#
+# [trimmed]
+
+# 7. Object Identifiers
+#
+# Some additional object identifiers are defined for this schema.
+# These are also reproduced in Appendix C.
+#
+# data OBJECT IDENTIFIER ::= {ccitt 9}
+# pss OBJECT IDENTIFIER ::= {data 2342}
+# ucl OBJECT IDENTIFIER ::= {pss 19200300}
+# pilot OBJECT IDENTIFIER ::= {ucl 100}
+#
+# pilotAttributeType OBJECT IDENTIFIER ::= {pilot 1}
+# pilotAttributeSyntax OBJECT IDENTIFIER ::= {pilot 3}
+# pilotObjectClass OBJECT IDENTIFIER ::= {pilot 4}
+# pilotGroups OBJECT IDENTIFIER ::= {pilot 10}
+#
+# iA5StringSyntax OBJECT IDENTIFIER ::= {pilotAttributeSyntax 4}
+# caseIgnoreIA5StringSyntax OBJECT IDENTIFIER ::=
+# {pilotAttributeSyntax 5}
+#
+# 8. Object Classes
+# [relocated after 9]
+
+#
+# 9. Attribute Types
+#
+# 9.1. X.500 standard attribute types
+#
+# A number of generally useful attribute types are defined in X.520,
+# and these are supported. Refer to that document for descriptions of
+# the suggested usage of these attribute types. The ASN.1 for these
+# attribute types is reproduced for completeness in Appendix C.
+#
+# 9.2. X.400 standard attribute types
+#
+# The standard X.400 attribute types are supported. See X.402 for full
+# details. The ASN.1 for these attribute types is reproduced in
+# Appendix C.
+#
+# 9.3. COSINE/Internet attribute types
+#
+# This section describes all the attribute types defined for use in the
+# COSINE and Internet pilots. Descriptions are given as to the
+# suggested usage of these attribute types. The ASN.1 for these
+# attribute types is reproduced in Appendix C.
+#
+# 9.3.1. Userid
+#
+# The Userid attribute type specifies a computer system login name.
+#
+# userid ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-user-identifier))
+# ::= {pilotAttributeType 1}
+#
+#(in core.schema)
+##attributetype ( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' )
+## EQUALITY caseIgnoreMatch
+## SUBSTR caseIgnoreSubstringsMatch
+## SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+# 9.3.2. Text Encoded O/R Address
+#
+# The Text Encoded O/R Address attribute type specifies a text encoding
+# of an X.400 O/R address, as specified in RFC 987. The use of this
+# attribute is deprecated as the attribute is intended for interim use
+# only. This attribute will be the first candidate for the attribute
+# expiry mechanisms!
+#
+# textEncodedORAddress ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-text-encoded-or-address))
+# ::= {pilotAttributeType 2}
+#
+attributetype ( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+# 9.3.3. RFC 822 Mailbox
+#
+# The RFC822 Mailbox attribute type specifies an electronic mailbox
+# attribute following the syntax specified in RFC 822. Note that this
+# attribute should not be used for greybook or other non-Internet order
+# mailboxes.
+#
+# rfc822Mailbox ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreIA5StringSyntax
+# (SIZE (1 .. ub-rfc822-mailbox))
+# ::= {pilotAttributeType 3}
+#
+#(in core.schema)
+##attributetype ( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822Mailbox' )
+## EQUALITY caseIgnoreIA5Match
+## SUBSTR caseIgnoreIA5SubstringsMatch
+## SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+# 9.3.4. Information
+#
+# The Information attribute type specifies any general information
+# pertinent to an object. It is recommended that specific usage of
+# this attribute type is avoided, and that specific requirements are
+# met by other (possibly additional) attribute types.
+#
+# info ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-information))
+# ::= {pilotAttributeType 4}
+#
+attributetype ( 0.9.2342.19200300.100.1.4 NAME 'info'
+ DESC 'RFC1274: general information'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} )
+
+
+# 9.3.5. Favourite Drink
+#
+# The Favourite Drink attribute type specifies the favourite drink of
+# an object (or person).
+#
+# favouriteDrink ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-favourite-drink))
+# ::= {pilotAttributeType 5}
+#
+attributetype ( 0.9.2342.19200300.100.1.5
+ NAME ( 'drink' 'favouriteDrink' )
+ DESC 'RFC1274: favorite drink'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+# 9.3.6. Room Number
+#
+# The Room Number attribute type specifies the room number of an
+# object. Note that the commonName attribute should be used for naming
+# room objects.
+#
+# roomNumber ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-room-number))
+# ::= {pilotAttributeType 6}
+#
+attributetype ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber'
+ DESC 'RFC1274: room number'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+# 9.3.7. Photo
+#
+# The Photo attribute type specifies a "photograph" for an object.
+# This should be encoded in G3 fax as explained in recommendation T.4,
+# with an ASN.1 wrapper to make it compatible with an X.400 BodyPart as
+# defined in X.420.
+#
+# IMPORT G3FacsimileBodyPart FROM { mhs-motis ipms modules
+# information-objects }
+#
+# photo ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# CHOICE {
+# g3-facsimile [3] G3FacsimileBodyPart
+# }
+# (SIZE (1 .. ub-photo))
+# ::= {pilotAttributeType 7}
+#
+attributetype ( 0.9.2342.19200300.100.1.7 NAME 'photo'
+ DESC 'RFC1274: photo (G3 fax)'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000} )
+
+# 9.3.8. User Class
+#
+# The User Class attribute type specifies a category of computer user.
+# The semantics placed on this attribute are for local interpretation.
+# Examples of current usage od this attribute in academia are
+# undergraduate student, researcher, lecturer, etc. Note that the
+# organizationalStatus attribute may now often be preferred as it makes
+# no distinction between computer users and others.
+#
+# userClass ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-user-class))
+# ::= {pilotAttributeType 8}
+#
+attributetype ( 0.9.2342.19200300.100.1.8 NAME 'userClass'
+ DESC 'RFC1274: category of user'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+# 9.3.9. Host
+#
+# The Host attribute type specifies a host computer.
+#
+# host ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-host))
+# ::= {pilotAttributeType 9}
+#
+attributetype ( 0.9.2342.19200300.100.1.9 NAME 'host'
+ DESC 'RFC1274: host computer'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+# 9.3.10. Manager
+#
+# The Manager attribute type specifies the manager of an object
+# represented by an entry.
+#
+# manager ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# distinguishedNameSyntax
+# ::= {pilotAttributeType 10}
+#
+attributetype ( 0.9.2342.19200300.100.1.10 NAME 'manager'
+ DESC 'RFC1274: DN of manager'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+# 9.3.11. Document Identifier
+#
+# The Document Identifier attribute type specifies a unique identifier
+# for a document.
+#
+# documentIdentifier ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-document-identifier))
+# ::= {pilotAttributeType 11}
+#
+attributetype ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier'
+ DESC 'RFC1274: unique identifier of document'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+# 9.3.12. Document Title
+#
+# The Document Title attribute type specifies the title of a document.
+#
+# documentTitle ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-document-title))
+# ::= {pilotAttributeType 12}
+#
+attributetype ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle'
+ DESC 'RFC1274: title of document'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+# 9.3.13. Document Version
+#
+# The Document Version attribute type specifies the version number of a
+# document.
+#
+# documentVersion ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-document-version))
+# ::= {pilotAttributeType 13}
+#
+attributetype ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion'
+ DESC 'RFC1274: version of document'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+# 9.3.14. Document Author
+#
+# The Document Author attribute type specifies the distinguished name
+# of the author of a document.
+#
+# documentAuthor ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# distinguishedNameSyntax
+# ::= {pilotAttributeType 14}
+#
+attributetype ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor'
+ DESC 'RFC1274: DN of author of document'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+# 9.3.15. Document Location
+#
+# The Document Location attribute type specifies the location of the
+# document original.
+#
+# documentLocation ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-document-location))
+# ::= {pilotAttributeType 15}
+#
+attributetype ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation'
+ DESC 'RFC1274: location of document original'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+# 9.3.16. Home Telephone Number
+#
+# The Home Telephone Number attribute type specifies a home telephone
+# number associated with a person. Attribute values should follow the
+# agreed format for international telephone numbers: i.e., "+44 71 123
+# 4567".
+#
+# homeTelephoneNumber ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# telephoneNumberSyntax
+# ::= {pilotAttributeType 20}
+#
+attributetype ( 0.9.2342.19200300.100.1.20
+ NAME ( 'homePhone' 'homeTelephoneNumber' )
+ DESC 'RFC1274: home telephone number'
+ EQUALITY telephoneNumberMatch
+ SUBSTR telephoneNumberSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
+
+# 9.3.17. Secretary
+#
+# The Secretary attribute type specifies the secretary of a person.
+# The attribute value for Secretary is a distinguished name.
+#
+# secretary ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# distinguishedNameSyntax
+# ::= {pilotAttributeType 21}
+#
+attributetype ( 0.9.2342.19200300.100.1.21 NAME 'secretary'
+ DESC 'RFC1274: DN of secretary'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+# 9.3.18. Other Mailbox
+#
+# The Other Mailbox attribute type specifies values for electronic
+# mailbox types other than X.400 and rfc822.
+#
+# otherMailbox ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# SEQUENCE {
+# mailboxType PrintableString, -- e.g. Telemail
+# mailbox IA5String -- e.g. X378:Joe
+# }
+# ::= {pilotAttributeType 22}
+#
+attributetype ( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.39 )
+
+# 9.3.19. Last Modified Time
+#
+# The Last Modified Time attribute type specifies the last time, in UTC
+# time, that an entry was modified. Ideally, this attribute should be
+# maintained by the DSA.
+#
+# lastModifiedTime ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# uTCTimeSyntax
+# ::= {pilotAttributeType 23}
+#
+## Deprecated in favor of modifyTimeStamp
+#attributetype ( 0.9.2342.19200300.100.1.23 NAME 'lastModifiedTime'
+# DESC 'RFC1274: time of last modify, replaced by modifyTimestamp'
+# OBSOLETE
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.53
+# USAGE directoryOperation )
+
+# 9.3.20. Last Modified By
+#
+# The Last Modified By attribute specifies the distinguished name of
+# the last user to modify the associated entry. Ideally, this
+# attribute should be maintained by the DSA.
+#
+# lastModifiedBy ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# distinguishedNameSyntax
+# ::= {pilotAttributeType 24}
+#
+## Deprecated in favor of modifiersName
+#attributetype ( 0.9.2342.19200300.100.1.24 NAME 'lastModifiedBy'
+# DESC 'RFC1274: last modifier, replaced by modifiersName'
+# OBSOLETE
+# EQUALITY distinguishedNameMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+# USAGE directoryOperation )
+
+# 9.3.21. Domain Component
+#
+# The Domain Component attribute type specifies a DNS/NRS domain. For
+# example, "uk" or "ac".
+#
+# domainComponent ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreIA5StringSyntax
+# SINGLE VALUE
+# ::= {pilotAttributeType 25}
+#
+##(in core.schema)
+##attributetype ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domainComponent' )
+## EQUALITY caseIgnoreIA5Match
+## SUBSTR caseIgnoreIA5SubstringsMatch
+## SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+# 9.3.22. DNS ARecord
+#
+# The A Record attribute type specifies a type A (Address) DNS resource
+# record [6] [7].
+#
+# aRecord ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# DNSRecordSyntax
+# ::= {pilotAttributeType 26}
+#
+## incorrect syntax?
+attributetype ( 0.9.2342.19200300.100.1.26 NAME 'aRecord'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+## missing from RFC1274
+## incorrect syntax?
+attributetype ( 0.9.2342.19200300.100.1.27 NAME 'mDRecord'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+# 9.3.23. MX Record
+#
+# The MX Record attribute type specifies a type MX (Mail Exchange) DNS
+# resource record [6] [7].
+#
+# mXRecord ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# DNSRecordSyntax
+# ::= {pilotAttributeType 28}
+#
+## incorrect syntax!!
+attributetype ( 0.9.2342.19200300.100.1.28 NAME 'mXRecord'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+# 9.3.24. NS Record
+#
+# The NS Record attribute type specifies an NS (Name Server) DNS
+# resource record [6] [7].
+#
+# nSRecord ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# DNSRecordSyntax
+# ::= {pilotAttributeType 29}
+#
+## incorrect syntax!!
+attributetype ( 0.9.2342.19200300.100.1.29 NAME 'nSRecord'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+# 9.3.25. SOA Record
+#
+# The SOA Record attribute type specifies a type SOA (Start of
+# Authority) DNS resorce record [6] [7].
+#
+# sOARecord ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# DNSRecordSyntax
+# ::= {pilotAttributeType 30}
+#
+## incorrect syntax!!
+attributetype ( 0.9.2342.19200300.100.1.30 NAME 'sOARecord'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+# 9.3.26. CNAME Record
+#
+# The CNAME Record attribute type specifies a type CNAME (Canonical
+# Name) DNS resource record [6] [7].
+#
+# cNAMERecord ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# iA5StringSyntax
+# ::= {pilotAttributeType 31}
+#
+## incorrect syntax!!
+attributetype ( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+# 9.3.27. Associated Domain
+#
+# The Associated Domain attribute type specifies a DNS or NRS domain
+# which is associated with an object in the DIT. For example, the entry
+# in the DIT with a distinguished name "C=GB, O=University College
+# London" would have an associated domain of "UCL.AC.UK. Note that all
+# domains should be represented in rfc822 order. See [3] for more
+# details of usage of this attribute.
+#
+# associatedDomain ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreIA5StringSyntax
+# ::= {pilotAttributeType 37}
+#
+#attributetype ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain'
+# EQUALITY caseIgnoreIA5Match
+# SUBSTR caseIgnoreIA5SubstringsMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+# 9.3.28. Associated Name
+#
+# The Associated Name attribute type specifies an entry in the
+# organisational DIT associated with a DNS/NRS domain. See [3] for
+# more details of usage of this attribute.
+#
+# associatedName ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# distinguishedNameSyntax
+# ::= {pilotAttributeType 38}
+#
+attributetype ( 0.9.2342.19200300.100.1.38 NAME 'associatedName'
+ DESC 'RFC1274: DN of entry associated with domain'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+# 9.3.29. Home postal address
+#
+# The Home postal address attribute type specifies a home postal
+# address for an object. This should be limited to up to 6 lines of 30
+# characters each.
+#
+# homePostalAddress ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# postalAddress
+# MATCHES FOR EQUALITY
+# ::= {pilotAttributeType 39}
+#
+attributetype ( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress'
+ DESC 'RFC1274: home postal address'
+ EQUALITY caseIgnoreListMatch
+ SUBSTR caseIgnoreListSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+
+# 9.3.30. Personal Title
+#
+# The Personal Title attribute type specifies a personal title for a
+# person. Examples of personal titles are "Ms", "Dr", "Prof" and "Rev".
+#
+# personalTitle ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-personal-title))
+# ::= {pilotAttributeType 40}
+#
+attributetype ( 0.9.2342.19200300.100.1.40 NAME 'personalTitle'
+ DESC 'RFC1274: personal title'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+# 9.3.31. Mobile Telephone Number
+#
+# The Mobile Telephone Number attribute type specifies a mobile
+# telephone number associated with a person. Attribute values should
+# follow the agreed format for international telephone numbers: i.e.,
+# "+44 71 123 4567".
+#
+# mobileTelephoneNumber ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# telephoneNumberSyntax
+# ::= {pilotAttributeType 41}
+#
+attributetype ( 0.9.2342.19200300.100.1.41
+ NAME ( 'mobile' 'mobileTelephoneNumber' )
+ DESC 'RFC1274: mobile telephone number'
+ EQUALITY telephoneNumberMatch
+ SUBSTR telephoneNumberSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
+
+# 9.3.32. Pager Telephone Number
+#
+# The Pager Telephone Number attribute type specifies a pager telephone
+# number for an object. Attribute values should follow the agreed
+# format for international telephone numbers: i.e., "+44 71 123 4567".
+#
+# pagerTelephoneNumber ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# telephoneNumberSyntax
+# ::= {pilotAttributeType 42}
+#
+attributetype ( 0.9.2342.19200300.100.1.42
+ NAME ( 'pager' 'pagerTelephoneNumber' )
+ DESC 'RFC1274: pager telephone number'
+ EQUALITY telephoneNumberMatch
+ SUBSTR telephoneNumberSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
+
+# 9.3.33. Friendly Country Name
+#
+# The Friendly Country Name attribute type specifies names of countries
+# in human readable format. The standard attribute country name must
+# be one of the two-letter codes defined in ISO 3166.
+#
+# friendlyCountryName ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# ::= {pilotAttributeType 43}
+#
+attributetype ( 0.9.2342.19200300.100.1.43
+ NAME ( 'co' 'friendlyCountryName' )
+ DESC 'RFC1274: friendly country name'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+# 9.3.34. Unique Identifier
+#
+# The Unique Identifier attribute type specifies a "unique identifier"
+# for an object represented in the Directory. The domain within which
+# the identifier is unique, and the exact semantics of the identifier,
+# are for local definition. For a person, this might be an
+# institution-wide payroll number. For an organisational unit, it
+# might be a department code.
+#
+# uniqueIdentifier ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-unique-identifier))
+# ::= {pilotAttributeType 44}
+#
+attributetype ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier'
+ DESC 'RFC1274: unique identifer'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+# 9.3.35. Organisational Status
+#
+# The Organisational Status attribute type specifies a category by
+# which a person is often referred to in an organisation. Examples of
+# usage in academia might include undergraduate student, researcher,
+# lecturer, etc.
+#
+# A Directory administrator should probably consider carefully the
+# distinctions between this and the title and userClass attributes.
+#
+# organizationalStatus ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-organizational-status))
+# ::= {pilotAttributeType 45}
+#
+attributetype ( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus'
+ DESC 'RFC1274: organizational status'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+# 9.3.36. Janet Mailbox
+#
+# The Janet Mailbox attribute type specifies an electronic mailbox
+# attribute following the syntax specified in the Grey Book of the
+# Coloured Book series. This attribute is intended for the convenience
+# of U.K users unfamiliar with rfc822 and little-endian mail addresses.
+# Entries using this attribute MUST also include an rfc822Mailbox
+# attribute.
+#
+# janetMailbox ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreIA5StringSyntax
+# (SIZE (1 .. ub-janet-mailbox))
+# ::= {pilotAttributeType 46}
+#
+attributetype ( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox'
+ DESC 'RFC1274: Janet mailbox'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+# 9.3.37. Mail Preference Option
+#
+# An attribute to allow users to indicate a preference for inclusion of
+# their names on mailing lists (electronic or physical). The absence
+# of such an attribute should be interpreted as if the attribute was
+# present with value "no-list-inclusion". This attribute should be
+# interpreted by anyone using the directory to derive mailing lists,
+# and its value respected.
+#
+# mailPreferenceOption ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX ENUMERATED {
+# no-list-inclusion(0),
+# any-list-inclusion(1), -- may be added to any lists
+# professional-list-inclusion(2)
+# -- may be added to lists
+# -- which the list provider
+# -- views as related to the
+# -- users professional inter-
+# -- ests, perhaps evaluated
+# -- from the business of the
+# -- organisation or keywords
+# -- in the entry.
+# }
+# ::= {pilotAttributeType 47}
+#
+attributetype ( 0.9.2342.19200300.100.1.47
+ NAME 'mailPreferenceOption'
+ DESC 'RFC1274: mail preference option'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+# 9.3.38. Building Name
+#
+# The Building Name attribute type specifies the name of the building
+# where an organisation or organisational unit is based.
+#
+# buildingName ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-building-name))
+# ::= {pilotAttributeType 48}
+#
+attributetype ( 0.9.2342.19200300.100.1.48 NAME 'buildingName'
+ DESC 'RFC1274: name of building'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+# 9.3.39. DSA Quality
+#
+# The DSA Quality attribute type specifies the purported quality of a
+# DSA. It allows a DSA manager to indicate the expected level of
+# availability of the DSA. See [8] for details of the syntax.
+#
+# dSAQuality ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX DSAQualitySyntax
+# SINGLE VALUE
+# ::= {pilotAttributeType 49}
+#
+attributetype ( 0.9.2342.19200300.100.1.49 NAME 'dSAQuality'
+ DESC 'RFC1274: DSA Quality'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.19 SINGLE-VALUE )
+
+# 9.3.40. Single Level Quality
+#
+# The Single Level Quality attribute type specifies the purported data
+# quality at the level immediately below in the DIT. See [8] for
+# details of the syntax.
+#
+# singleLevelQuality ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX DataQualitySyntax
+# SINGLE VALUE
+# ::= {pilotAttributeType 50}
+#
+attributetype ( 0.9.2342.19200300.100.1.50 NAME 'singleLevelQuality'
+ DESC 'RFC1274: Single Level Quality'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE )
+
+# 9.3.41. Subtree Minimum Quality
+#
+# The Subtree Minimum Quality attribute type specifies the purported
+# minimum data quality for a DIT subtree. See [8] for more discussion
+# and details of the syntax.
+#
+# subtreeMinimumQuality ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX DataQualitySyntax
+# SINGLE VALUE
+# -- Defaults to singleLevelQuality
+# ::= {pilotAttributeType 51}
+#
+attributetype ( 0.9.2342.19200300.100.1.51 NAME 'subtreeMinimumQuality'
+ DESC 'RFC1274: Subtree Mininum Quality'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE )
+
+# 9.3.42. Subtree Maximum Quality
+#
+# The Subtree Maximum Quality attribute type specifies the purported
+# maximum data quality for a DIT subtree. See [8] for more discussion
+# and details of the syntax.
+#
+# subtreeMaximumQuality ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX DataQualitySyntax
+# SINGLE VALUE
+# -- Defaults to singleLevelQuality
+# ::= {pilotAttributeType 52}
+#
+attributetype ( 0.9.2342.19200300.100.1.52 NAME 'subtreeMaximumQuality'
+ DESC 'RFC1274: Subtree Maximun Quality'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE )
+
+# 9.3.43. Personal Signature
+#
+# The Personal Signature attribute type allows for a representation of
+# a person's signature. This should be encoded in G3 fax as explained
+# in recommendation T.4, with an ASN.1 wrapper to make it compatible
+# with an X.400 BodyPart as defined in X.420.
+#
+# IMPORT G3FacsimileBodyPart FROM { mhs-motis ipms modules
+# information-objects }
+#
+# personalSignature ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# CHOICE {
+# g3-facsimile [3] G3FacsimileBodyPart
+# }
+# (SIZE (1 .. ub-personal-signature))
+# ::= {pilotAttributeType 53}
+#
+attributetype ( 0.9.2342.19200300.100.1.53 NAME 'personalSignature'
+ DESC 'RFC1274: Personal Signature (G3 fax)'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.23 )
+
+# 9.3.44. DIT Redirect
+#
+# The DIT Redirect attribute type is used to indicate that the object
+# described by one entry now has a newer entry in the DIT. The entry
+# containing the redirection attribute should be expired after a
+# suitable grace period. This attribute may be used when an individual
+# changes his/her place of work, and thus acquires a new organisational
+# DN.
+#
+# dITRedirect ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# distinguishedNameSyntax
+# ::= {pilotAttributeType 54}
+#
+attributetype ( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect'
+ DESC 'RFC1274: DIT Redirect'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+# 9.3.45. Audio
+#
+# The Audio attribute type allows the storing of sounds in the
+# Directory. The attribute uses a u-law encoded sound file as used by
+# the "play" utility on a Sun 4. This is an interim format.
+#
+# audio ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# Audio
+# (SIZE (1 .. ub-audio))
+# ::= {pilotAttributeType 55}
+#
+attributetype ( 0.9.2342.19200300.100.1.55 NAME 'audio'
+ DESC 'RFC1274: audio (u-law)'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.4{25000} )
+
+# 9.3.46. Publisher of Document
+#
+#
+# The Publisher of Document attribute is the person and/or organization
+# that published a document.
+#
+# documentPublisher ATTRIBUTE
+# WITH ATTRIBUTE SYNTAX caseIgnoreStringSyntax
+# ::= {pilotAttributeType 56}
+#
+attributetype ( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher'
+ DESC 'RFC1274: publisher of document'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+# 9.4. Generally useful syntaxes
+#
+# caseIgnoreIA5StringSyntax ATTRIBUTE-SYNTAX
+# IA5String
+# MATCHES FOR EQUALITY SUBSTRINGS
+#
+# iA5StringSyntax ATTRIBUTE-SYNTAX
+# IA5String
+# MATCHES FOR EQUALITY SUBSTRINGS
+#
+#
+# -- Syntaxes to support the DNS attributes
+#
+# DNSRecordSyntax ATTRIBUTE-SYNTAX
+# IA5String
+# MATCHES FOR EQUALITY
+#
+#
+# NRSInformationSyntax ATTRIBUTE-SYNTAX
+# NRSInformation
+# MATCHES FOR EQUALITY
+#
+#
+# NRSInformation ::= SET {
+# [0] Context,
+# [1] Address-space-id,
+# routes [2] SEQUENCE OF SEQUENCE {
+# Route-cost,
+# Addressing-info }
+# }
+#
+#
+# 9.5. Upper bounds on length of attribute values
+#
+#
+# ub-document-identifier INTEGER ::= 256
+#
+# ub-document-location INTEGER ::= 256
+#
+# ub-document-title INTEGER ::= 256
+#
+# ub-document-version INTEGER ::= 256
+#
+# ub-favourite-drink INTEGER ::= 256
+#
+# ub-host INTEGER ::= 256
+#
+# ub-information INTEGER ::= 2048
+#
+# ub-unique-identifier INTEGER ::= 256
+#
+# ub-personal-title INTEGER ::= 256
+#
+# ub-photo INTEGER ::= 250000
+#
+# ub-rfc822-mailbox INTEGER ::= 256
+#
+# ub-room-number INTEGER ::= 256
+#
+# ub-text-or-address INTEGER ::= 256
+#
+# ub-user-class INTEGER ::= 256
+#
+# ub-user-identifier INTEGER ::= 256
+#
+# ub-organizational-status INTEGER ::= 256
+#
+# ub-janet-mailbox INTEGER ::= 256
+#
+# ub-building-name INTEGER ::= 256
+#
+# ub-personal-signature ::= 50000
+#
+# ub-audio INTEGER ::= 250000
+#
+
+# [back to 8]
+# 8. Object Classes
+#
+# 8.1. X.500 standard object classes
+#
+# A number of generally useful object classes are defined in X.521, and
+# these are supported. Refer to that document for descriptions of the
+# suggested usage of these object classes. The ASN.1 for these object
+# classes is reproduced for completeness in Appendix C.
+#
+# 8.2. X.400 standard object classes
+#
+# A number of object classes defined in X.400 are supported. Refer to
+# X.402 for descriptions of the usage of these object classes. The
+# ASN.1 for these object classes is reproduced for completeness in
+# Appendix C.
+#
+# 8.3. COSINE/Internet object classes
+#
+# This section attempts to fuse together the object classes designed
+# for use in the COSINE and Internet pilot activities. Descriptions
+# are given of the suggested usage of these object classes. The ASN.1
+# for these object classes is also reproduced in Appendix C.
+#
+# 8.3.1. Pilot Object
+#
+# The PilotObject object class is used as a sub-class to allow some
+# common, useful attributes to be assigned to entries of all other
+# object classes.
+#
+# pilotObject OBJECT-CLASS
+# SUBCLASS OF top
+# MAY CONTAIN {
+# info,
+# photo,
+# manager,
+# uniqueIdentifier,
+# lastModifiedTime,
+# lastModifiedBy,
+# dITRedirect,
+# audio}
+# ::= {pilotObjectClass 3}
+#
+#objectclass ( 0.9.2342.19200300.100.4.3 NAME 'pilotObject'
+# DESC 'RFC1274: pilot object'
+# SUP top AUXILIARY
+# MAY ( info $ photo $ manager $ uniqueIdentifier $
+# lastModifiedTime $ lastModifiedBy $ dITRedirect $ audio )
+# )
+
+# 8.3.2. Pilot Person
+#
+# The PilotPerson object class is used as a sub-class of person, to
+# allow the use of a number of additional attributes to be assigned to
+# entries of object class person.
+#
+# pilotPerson OBJECT-CLASS
+# SUBCLASS OF person
+# MAY CONTAIN {
+# userid,
+# textEncodedORAddress,
+# rfc822Mailbox,
+# favouriteDrink,
+# roomNumber,
+# userClass,
+# homeTelephoneNumber,
+# homePostalAddress,
+# secretary,
+# personalTitle,
+# preferredDeliveryMethod,
+# businessCategory,
+# janetMailbox,
+# otherMailbox,
+# mobileTelephoneNumber,
+# pagerTelephoneNumber,
+# organizationalStatus,
+# mailPreferenceOption,
+# personalSignature}
+# ::= {pilotObjectClass 4}
+#
+objectclass ( 0.9.2342.19200300.100.4.4
+ NAME ( 'pilotPerson' 'newPilotPerson' )
+ SUP person STRUCTURAL
+ MAY ( userid $ textEncodedORAddress $ rfc822Mailbox $
+ favouriteDrink $ roomNumber $ userClass $
+ homeTelephoneNumber $ homePostalAddress $ secretary $
+ personalTitle $ preferredDeliveryMethod $ businessCategory $
+ janetMailbox $ otherMailbox $ mobileTelephoneNumber $
+ pagerTelephoneNumber $ organizationalStatus $
+ mailPreferenceOption $ personalSignature )
+ )
+
+# 8.3.3. Account
+#
+# The Account object class is used to define entries representing
+# computer accounts. The userid attribute should be used for naming
+# entries of this object class.
+#
+# account OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# userid}
+# MAY CONTAIN {
+# description,
+# seeAlso,
+# localityName,
+# organizationName,
+# organizationalUnitName,
+# host}
+# ::= {pilotObjectClass 5}
+#
+objectclass ( 0.9.2342.19200300.100.4.5 NAME 'account'
+ SUP top STRUCTURAL
+ MUST userid
+ MAY ( description $ seeAlso $ localityName $
+ organizationName $ organizationalUnitName $ host )
+ )
+
+# 8.3.4. Document
+#
+# The Document object class is used to define entries which represent
+# documents.
+#
+# document OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# documentIdentifier}
+# MAY CONTAIN {
+# commonName,
+# description,
+# seeAlso,
+# localityName,
+# organizationName,
+# organizationalUnitName,
+# documentTitle,
+# documentVersion,
+# documentAuthor,
+# documentLocation,
+# documentPublisher}
+# ::= {pilotObjectClass 6}
+#
+objectclass ( 0.9.2342.19200300.100.4.6 NAME 'document'
+ SUP top STRUCTURAL
+ MUST documentIdentifier
+ MAY ( commonName $ description $ seeAlso $ localityName $
+ organizationName $ organizationalUnitName $
+ documentTitle $ documentVersion $ documentAuthor $
+ documentLocation $ documentPublisher )
+ )
+
+# 8.3.5. Room
+#
+# The Room object class is used to define entries representing rooms.
+# The commonName attribute should be used for naming pentries of this
+# object class.
+#
+# room OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# commonName}
+# MAY CONTAIN {
+# roomNumber,
+# description,
+# seeAlso,
+# telephoneNumber}
+# ::= {pilotObjectClass 7}
+#
+objectclass ( 0.9.2342.19200300.100.4.7 NAME 'room'
+ SUP top STRUCTURAL
+ MUST commonName
+ MAY ( roomNumber $ description $ seeAlso $ telephoneNumber )
+ )
+
+# 8.3.6. Document Series
+#
+# The Document Series object class is used to define an entry which
+# represents a series of documents (e.g., The Request For Comments
+# papers).
+#
+# documentSeries OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# commonName}
+# MAY CONTAIN {
+# description,
+# seeAlso,
+# telephoneNumber,
+# localityName,
+# organizationName,
+# organizationalUnitName}
+# ::= {pilotObjectClass 9}
+#
+objectclass ( 0.9.2342.19200300.100.4.9 NAME 'documentSeries'
+ SUP top STRUCTURAL
+ MUST commonName
+ MAY ( description $ seeAlso $ telephonenumber $
+ localityName $ organizationName $ organizationalUnitName )
+ )
+
+# 8.3.7. Domain
+#
+# The Domain object class is used to define entries which represent DNS
+# or NRS domains. The domainComponent attribute should be used for
+# naming entries of this object class. The usage of this object class
+# is described in more detail in [3].
+#
+# domain OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# domainComponent}
+# MAY CONTAIN {
+# associatedName,
+# organizationName,
+# organizationalAttributeSet}
+# ::= {pilotObjectClass 13}
+#
+objectclass ( 0.9.2342.19200300.100.4.13 NAME 'domain'
+ SUP top STRUCTURAL
+ MUST domainComponent
+ MAY ( associatedName $ organizationName $ description $
+ businessCategory $ seeAlso $ searchGuide $ userPassword $
+ localityName $ stateOrProvinceName $ streetAddress $
+ physicalDeliveryOfficeName $ postalAddress $ postalCode $
+ postOfficeBox $ streetAddress $
+ facsimileTelephoneNumber $ internationalISDNNumber $
+ telephoneNumber $ teletexTerminalIdentifier $ telexNumber $
+ preferredDeliveryMethod $ destinationIndicator $
+ registeredAddress $ x121Address )
+ )
+
+# 8.3.8. RFC822 Local Part
+#
+# The RFC822 Local Part object class is used to define entries which
+# represent the local part of RFC822 mail addresses. This treats this
+# part of an RFC822 address as a domain. The usage of this object
+# class is described in more detail in [3].
+#
+# rFC822localPart OBJECT-CLASS
+# SUBCLASS OF domain
+# MAY CONTAIN {
+# commonName,
+# surname,
+# description,
+# seeAlso,
+# telephoneNumber,
+# postalAttributeSet,
+# telecommunicationAttributeSet}
+# ::= {pilotObjectClass 14}
+#
+objectclass ( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart'
+ SUP domain STRUCTURAL
+ MAY ( commonName $ surname $ description $ seeAlso $ telephoneNumber $
+ physicalDeliveryOfficeName $ postalAddress $ postalCode $
+ postOfficeBox $ streetAddress $
+ facsimileTelephoneNumber $ internationalISDNNumber $
+ telephoneNumber $ teletexTerminalIdentifier $
+ telexNumber $ preferredDeliveryMethod $ destinationIndicator $
+ registeredAddress $ x121Address )
+ )
+
+# 8.3.9. DNS Domain
+#
+# The DNS Domain (Domain NameServer) object class is used to define
+# entries for DNS domains. The usage of this object class is described
+# in more detail in [3].
+#
+# dNSDomain OBJECT-CLASS
+# SUBCLASS OF domain
+# MAY CONTAIN {
+# ARecord,
+# MDRecord,
+# MXRecord,
+# NSRecord,
+# SOARecord,
+# CNAMERecord}
+# ::= {pilotObjectClass 15}
+#
+objectclass ( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain'
+ SUP domain STRUCTURAL
+ MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $
+ SOARecord $ CNAMERecord )
+ )
+
+# 8.3.10. Domain Related Object
+#
+# The Domain Related Object object class is used to define entries
+# which represent DNS/NRS domains which are "equivalent" to an X.500
+# domain: e.g., an organisation or organisational unit. The usage of
+# this object class is described in more detail in [3].
+#
+# domainRelatedObject OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# associatedDomain}
+# ::= {pilotObjectClass 17}
+#
+objectclass ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject'
+ DESC 'RFC1274: an object related to an domain'
+ SUP top AUXILIARY
+ MUST associatedDomain )
+
+# 8.3.11. Friendly Country
+#
+# The Friendly Country object class is used to define country entries
+# in the DIT. The object class is used to allow friendlier naming of
+# countries than that allowed by the object class country. The naming
+# attribute of object class country, countryName, has to be a 2 letter
+# string defined in ISO 3166.
+#
+# friendlyCountry OBJECT-CLASS
+# SUBCLASS OF country
+# MUST CONTAIN {
+# friendlyCountryName}
+# ::= {pilotObjectClass 18}
+#
+objectclass ( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry'
+ SUP country STRUCTURAL
+ MUST friendlyCountryName )
+
+# 8.3.12. Simple Security Object
+#
+# The Simple Security Object object class is used to allow an entry to
+# have a userPassword attribute when an entry's principal object
+# classes do not allow userPassword as an attribute type.
+#
+# simpleSecurityObject OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# userPassword }
+# ::= {pilotObjectClass 19}
+#
+## (in core.schema)
+## objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
+## SUP top AUXILIARY
+## MUST userPassword )
+
+# 8.3.13. Pilot Organization
+#
+# The PilotOrganization object class is used as a sub-class of
+# organization and organizationalUnit to allow a number of additional
+# attributes to be assigned to entries of object classes organization
+# and organizationalUnit.
+#
+# pilotOrganization OBJECT-CLASS
+# SUBCLASS OF organization, organizationalUnit
+# MAY CONTAIN {
+# buildingName}
+# ::= {pilotObjectClass 20}
+#
+objectclass ( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization'
+ SUP ( organization $ organizationalUnit ) STRUCTURAL
+ MAY buildingName )
+
+# 8.3.14. Pilot DSA
+#
+# The PilotDSA object class is used as a sub-class of the dsa object
+# class to allow additional attributes to be assigned to entries for
+# DSAs.
+#
+# pilotDSA OBJECT-CLASS
+# SUBCLASS OF dsa
+# MUST CONTAIN {
+# dSAQuality}
+# ::= {pilotObjectClass 21}
+#
+objectclass ( 0.9.2342.19200300.100.4.21 NAME 'pilotDSA'
+ SUP dsa STRUCTURAL
+ MAY dSAQuality )
+
+# 8.3.15. Quality Labelled Data
+#
+# The Quality Labelled Data object class is used to allow the
+# assignment of the data quality attributes to subtrees in the DIT.
+#
+# See [8] for more details.
+#
+# qualityLabelledData OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# dSAQuality}
+# MAY CONTAIN {
+# subtreeMinimumQuality,
+# subtreeMaximumQuality}
+# ::= {pilotObjectClass 22}
+objectclass ( 0.9.2342.19200300.100.4.22 NAME 'qualityLabelledData'
+ SUP top AUXILIARY
+ MUST dsaQuality
+ MAY ( subtreeMinimumQuality $ subtreeMaximumQuality )
+ )
+
+
+# References
+#
+# [1] CCITT/ISO, "X.500, The Directory - overview of concepts,
+# models and services, CCITT /ISO IS 9594.
+#
+# [2] Kille, S., "The THORN and RARE X.500 Naming Architecture, in
+# University College London, Department of Computer Science
+# Research Note 89/48, May 1989.
+#
+# [3] Kille, S., "X.500 and Domains", RFC 1279, University College
+# London, November 1991.
+#
+# [4] Rose, M., "PSI/NYSERNet White Pages Pilot Project: Status
+# Report", Technical Report 90-09-10-1, published by NYSERNet
+# Inc, 1990.
+#
+# [5] Craigie, J., "UK Academic Community Directory Service Pilot
+# Project, pp. 305-310 in Computer Networks and ISDN Systems
+# 17 (1989), published by North Holland.
+#
+# [6] Mockapetris, P., "Domain Names - Concepts and Facilities",
+# RFC 1034, USC/Information Sciences Institute, November 1987.
+#
+# [7] Mockapetris, P., "Domain Names - Implementation and
+# Specification, RFC 1035, USC/Information Sciences Institute,
+# November 1987.
+#
+# [8] Kille, S., "Handling QOS (Quality of service) in the
+# Directory," publication in process, March 1991.
+#
+#
+# APPENDIX C - Summary of all Object Classes and Attribute Types
+#
+# -- Some Important Object Identifiers
+#
+# data OBJECT IDENTIFIER ::= {ccitt 9}
+# pss OBJECT IDENTIFIER ::= {data 2342}
+# ucl OBJECT IDENTIFIER ::= {pss 19200300}
+# pilot OBJECT IDENTIFIER ::= {ucl 100}
+#
+# pilotAttributeType OBJECT IDENTIFIER ::= {pilot 1}
+# pilotAttributeSyntax OBJECT IDENTIFIER ::= {pilot 3}
+# pilotObjectClass OBJECT IDENTIFIER ::= {pilot 4}
+# pilotGroups OBJECT IDENTIFIER ::= {pilot 10}
+#
+# iA5StringSyntax OBJECT IDENTIFIER ::= {pilotAttributeSyntax 4}
+# caseIgnoreIA5StringSyntax OBJECT IDENTIFIER ::=
+# {pilotAttributeSyntax 5}
+#
+# -- Standard Object Classes
+#
+# top OBJECT-CLASS
+# MUST CONTAIN {
+# objectClass}
+# ::= {objectClass 0}
+#
+#
+# alias OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# aliasedObjectName}
+# ::= {objectClass 1}
+#
+#
+# country OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# countryName}
+# MAY CONTAIN {
+# description,
+# searchGuide}
+# ::= {objectClass 2}
+#
+#
+# locality OBJECT-CLASS
+# SUBCLASS OF top
+# MAY CONTAIN {
+# description,
+# localityName,
+# stateOrProvinceName,
+# searchGuide,
+# seeAlso,
+# streetAddress}
+# ::= {objectClass 3}
+#
+#
+# organization OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# organizationName}
+# MAY CONTAIN {
+# organizationalAttributeSet}
+# ::= {objectClass 4}
+#
+#
+# organizationalUnit OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# organizationalUnitName}
+# MAY CONTAIN {
+# organizationalAttributeSet}
+# ::= {objectClass 5}
+#
+#
+# person OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# commonName,
+# surname}
+# MAY CONTAIN {
+# description,
+# seeAlso,
+# telephoneNumber,
+# userPassword}
+# ::= {objectClass 6}
+#
+#
+# organizationalPerson OBJECT-CLASS
+# SUBCLASS OF person
+# MAY CONTAIN {
+# localeAttributeSet,
+# organizationalUnitName,
+# postalAttributeSet,
+# telecommunicationAttributeSet,
+# title}
+# ::= {objectClass 7}
+#
+#
+# organizationalRole OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# commonName}
+# MAY CONTAIN {
+# description,
+# localeAttributeSet,
+# organizationalUnitName,
+# postalAttributeSet,
+# preferredDeliveryMethod,
+# roleOccupant,
+# seeAlso,
+# telecommunicationAttributeSet}
+# ::= {objectClass 8}
+#
+#
+# groupOfNames OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# commonName,
+# member}
+# MAY CONTAIN {
+# description,
+# organizationName,
+# organizationalUnitName,
+# owner,
+# seeAlso,
+# businessCategory}
+# ::= {objectClass 9}
+#
+#
+# residentialPerson OBJECT-CLASS
+# SUBCLASS OF person
+# MUST CONTAIN {
+# localityName}
+# MAY CONTAIN {
+# localeAttributeSet,
+# postalAttributeSet,
+# preferredDeliveryMethod,
+# telecommunicationAttributeSet,
+# businessCategory}
+# ::= {objectClass 10}
+#
+#
+# applicationProcess OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# commonName}
+# MAY CONTAIN {
+# description,
+# localityName,
+# organizationalUnitName,
+# seeAlso}
+# ::= {objectClass 11}
+#
+#
+# applicationEntity OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# commonName,
+# presentationAddress}
+# MAY CONTAIN {
+# description,
+# localityName,
+# organizationName,
+# organizationalUnitName,
+# seeAlso,
+# supportedApplicationContext}
+# ::= {objectClass 12}
+#
+#
+# dSA OBJECT-CLASS
+# SUBCLASS OF applicationEntity
+# MAY CONTAIN {
+# knowledgeInformation}
+# ::= {objectClass 13}
+#
+#
+# device OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# commonName}
+# MAY CONTAIN {
+# description,
+# localityName,
+# organizationName,
+# organizationalUnitName,
+# owner,
+# seeAlso,
+# serialNumber}
+# ::= {objectClass 14}
+#
+#
+# strongAuthenticationUser OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# userCertificate}
+# ::= {objectClass 15}
+#
+#
+# certificationAuthority OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# cACertificate,
+# certificateRevocationList,
+# authorityRevocationList}
+# MAY CONTAIN {
+# crossCertificatePair}
+# ::= {objectClass 16}
+#
+# -- Standard MHS Object Classes
+#
+# mhsDistributionList OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# commonName,
+# mhsDLSubmitPermissions,
+# mhsORAddresses}
+# MAY CONTAIN {
+# description,
+# organizationName,
+# organizationalUnitName,
+# owner,
+# seeAlso,
+# mhsDeliverableContentTypes,
+# mhsdeliverableEits,
+# mhsDLMembers,
+# mhsPreferredDeliveryMethods}
+# ::= {mhsObjectClass 0}
+#
+#
+# mhsMessageStore OBJECT-CLASS
+# SUBCLASS OF applicationEntity
+# MAY CONTAIN {
+# description,
+# owner,
+# mhsSupportedOptionalAttributes,
+# mhsSupportedAutomaticActions,
+# mhsSupportedContentTypes}
+# ::= {mhsObjectClass 1}
+#
+#
+# mhsMessageTransferAgent OBJECT-CLASS
+# SUBCLASS OF applicationEntity
+# MAY CONTAIN {
+# description,
+# owner,
+# mhsDeliverableContentLength}
+# ::= {mhsObjectClass 2}
+#
+#
+# mhsOrganizationalUser OBJECT-CLASS
+# SUBCLASS OF organizationalPerson
+# MUST CONTAIN {
+# mhsORAddresses}
+# MAY CONTAIN {
+# mhsDeliverableContentLength,
+# mhsDeliverableContentTypes,
+# mhsDeliverableEits,
+# mhsMessageStoreName,
+# mhsPreferredDeliveryMethods }
+# ::= {mhsObjectClass 3}
+#
+#
+# mhsResidentialUser OBJECT-CLASS
+# SUBCLASS OF residentialPerson
+# MUST CONTAIN {
+# mhsORAddresses}
+# MAY CONTAIN {
+# mhsDeliverableContentLength,
+# mhsDeliverableContentTypes,
+# mhsDeliverableEits,
+# mhsMessageStoreName,
+# mhsPreferredDeliveryMethods }
+# ::= {mhsObjectClass 4}
+#
+#
+# mhsUserAgent OBJECT-CLASS
+# SUBCLASS OF applicationEntity
+# MAY CONTAIN {
+# mhsDeliverableContentLength,
+# mhsDeliverableContentTypes,
+# mhsDeliverableEits,
+# mhsORAddresses,
+# owner}
+# ::= {mhsObjectClass 5}
+#
+#
+#
+#
+# -- Pilot Object Classes
+#
+# pilotObject OBJECT-CLASS
+# SUBCLASS OF top
+# MAY CONTAIN {
+# info,
+# photo,
+# manager,
+# uniqueIdentifier,
+# lastModifiedTime,
+# lastModifiedBy,
+# dITRedirect,
+# audio}
+# ::= {pilotObjectClass 3}
+# pilotPerson OBJECT-CLASS
+# SUBCLASS OF person
+# MAY CONTAIN {
+# userid,
+# textEncodedORAddress,
+# rfc822Mailbox,
+# favouriteDrink,
+# roomNumber,
+# userClass,
+# homeTelephoneNumber,
+# homePostalAddress,
+# secretary,
+# personalTitle,
+# preferredDeliveryMethod,
+# businessCategory,
+# janetMailbox,
+# otherMailbox,
+# mobileTelephoneNumber,
+# pagerTelephoneNumber,
+# organizationalStatus,
+# mailPreferenceOption,
+# personalSignature}
+# ::= {pilotObjectClass 4}
+#
+#
+# account OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# userid}
+# MAY CONTAIN {
+# description,
+# seeAlso,
+# localityName,
+# organizationName,
+# organizationalUnitName,
+# host}
+# ::= {pilotObjectClass 5}
+#
+#
+# document OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# documentIdentifier}
+# MAY CONTAIN {
+# commonName,
+# description,
+# seeAlso,
+# localityName,
+# organizationName,
+# organizationalUnitName,
+# documentTitle,
+# documentVersion,
+# documentAuthor,
+# documentLocation,
+# documentPublisher}
+# ::= {pilotObjectClass 6}
+#
+#
+# room OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# commonName}
+# MAY CONTAIN {
+# roomNumber,
+# description,
+# seeAlso,
+# telephoneNumber}
+# ::= {pilotObjectClass 7}
+#
+#
+# documentSeries OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# commonName}
+# MAY CONTAIN {
+# description,
+# seeAlso,
+# telephoneNumber,
+# localityName,
+# organizationName,
+# organizationalUnitName}
+# ::= {pilotObjectClass 9}
+#
+#
+# domain OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# domainComponent}
+# MAY CONTAIN {
+# associatedName,
+# organizationName,
+# organizationalAttributeSet}
+# ::= {pilotObjectClass 13}
+#
+#
+# rFC822localPart OBJECT-CLASS
+# SUBCLASS OF domain
+# MAY CONTAIN {
+# commonName,
+# surname,
+# description,
+# seeAlso,
+# telephoneNumber,
+# postalAttributeSet,
+# telecommunicationAttributeSet}
+# ::= {pilotObjectClass 14}
+#
+#
+# dNSDomain OBJECT-CLASS
+# SUBCLASS OF domain
+# MAY CONTAIN {
+# ARecord,
+# MDRecord,
+# MXRecord,
+# NSRecord,
+# SOARecord,
+# CNAMERecord}
+# ::= {pilotObjectClass 15}
+#
+#
+# domainRelatedObject OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# associatedDomain}
+# ::= {pilotObjectClass 17}
+#
+#
+# friendlyCountry OBJECT-CLASS
+# SUBCLASS OF country
+# MUST CONTAIN {
+# friendlyCountryName}
+# ::= {pilotObjectClass 18}
+#
+#
+# simpleSecurityObject OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# userPassword }
+# ::= {pilotObjectClass 19}
+#
+#
+# pilotOrganization OBJECT-CLASS
+# SUBCLASS OF organization, organizationalUnit
+# MAY CONTAIN {
+# buildingName}
+# ::= {pilotObjectClass 20}
+#
+#
+# pilotDSA OBJECT-CLASS
+# SUBCLASS OF dsa
+# MUST CONTAIN {
+# dSAQuality}
+# ::= {pilotObjectClass 21}
+#
+#
+# qualityLabelledData OBJECT-CLASS
+# SUBCLASS OF top
+# MUST CONTAIN {
+# dSAQuality}
+# MAY CONTAIN {
+# subtreeMinimumQuality,
+# subtreeMaximumQuality}
+# ::= {pilotObjectClass 22}
+#
+#
+#
+#
+# -- Standard Attribute Types
+#
+# objectClass ObjectClass
+# ::= {attributeType 0}
+#
+#
+# aliasedObjectName AliasedObjectName
+# ::= {attributeType 1}
+#
+#
+# knowledgeInformation ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX caseIgnoreString
+# ::= {attributeType 2}
+#
+#
+# commonName ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
+# (SIZE (1..ub-common-name))
+# ::= {attributeType 3}
+#
+#
+# surname ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
+# (SIZE (1..ub-surname))
+# ::= {attributeType 4}
+#
+#
+# serialNumber ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX printableStringSyntax
+# (SIZE (1..ub-serial-number))
+# ::= {attributeType 5}
+#
+#
+# countryName ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX PrintableString
+# (SIZE (1..ub-country-code))
+# SINGLE VALUE
+# ::= {attributeType 6}
+#
+#
+# localityName ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
+# (SIZE (1..ub-locality-name))
+# ::= {attributeType 7}
+#
+#
+# stateOrProvinceName ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
+# (SIZE (1..ub-state-name))
+# ::= {attributeType 8}
+#
+#
+# streetAddress ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
+# (SIZE (1..ub-street-address))
+# ::= {attributeType 9}
+#
+#
+# organizationName ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
+# (SIZE (1..ub-organization-name))
+# ::= {attributeType 10}
+#
+#
+# organizationalUnitName ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
+# (SIZE (1..ub-organizational-unit-name))
+# ::= {attributeType 11}
+#
+#
+# title ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
+# (SIZE (1..ub-title))
+# ::= {attributeType 12}
+#
+#
+# description ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
+# (SIZE (1..ub-description))
+# ::= {attributeType 13}
+#
+#
+# searchGuide ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX Guide
+# ::= {attributeType 14}
+#
+#
+# businessCategory ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
+# (SIZE (1..ub-business-category))
+# ::= {attributeType 15}
+#
+#
+# postalAddress ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX PostalAddress
+# MATCHES FOR EQUALITY
+# ::= {attributeType 16}
+#
+#
+# postalCode ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
+# (SIZE (1..ub-postal-code))
+# ::= {attributeType 17}
+#
+#
+# postOfficeBox ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
+# (SIZE (1..ub-post-office-box))
+# ::= {attributeType 18}
+#
+#
+# physicalDeliveryOfficeName ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
+# (SIZE (1..ub-physical-office-name))
+# ::= {attributeType 19}
+#
+#
+# telephoneNumber ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX telephoneNumberSyntax
+# (SIZE (1..ub-telephone-number))
+# ::= {attributeType 20}
+#
+#
+# telexNumber ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX TelexNumber
+# (SIZE (1..ub-telex))
+# ::= {attributeType 21}
+#
+#
+# teletexTerminalIdentifier ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX TeletexTerminalIdentifier
+# (SIZE (1..ub-teletex-terminal-id))
+# ::= {attributeType 22}
+#
+#
+# facsimileTelephoneNumber ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX FacsimileTelephoneNumber
+# ::= {attributeType 23}
+#
+#
+# x121Address ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX NumericString
+# (SIZE (1..ub-x121-address))
+# ::= {attributeType 24}
+#
+#
+# internationaliSDNNumber ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX NumericString
+# (SIZE (1..ub-isdn-address))
+# ::= {attributeType 25}
+#
+#
+# registeredAddress ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX PostalAddress
+# ::= {attributeType 26}
+#
+#
+# destinationIndicator ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX PrintableString
+# (SIZE (1..ub-destination-indicator))
+# MATCHES FOR EQUALITY SUBSTRINGS
+# ::= {attributeType 27}
+#
+#
+# preferredDeliveryMethod ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX deliveryMethod
+# ::= {attributeType 28}
+#
+#
+# presentationAddress ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX PresentationAddress
+# MATCHES FOR EQUALITY
+# ::= {attributeType 29}
+#
+#
+# supportedApplicationContext ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX objectIdentifierSyntax
+# ::= {attributeType 30}
+#
+#
+# member ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax
+# ::= {attributeType 31}
+#
+#
+# owner ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax
+# ::= {attributeType 32}
+#
+#
+# roleOccupant ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax
+# ::= {attributeType 33}
+#
+#
+# seeAlso ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax
+# ::= {attributeType 34}
+#
+#
+# userPassword ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX Userpassword
+# ::= {attributeType 35}
+#
+#
+# userCertificate ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX UserCertificate
+# ::= {attributeType 36}
+#
+#
+# cACertificate ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX cACertificate
+# ::= {attributeType 37}
+#
+#
+# authorityRevocationList ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX AuthorityRevocationList
+# ::= {attributeType 38}
+#
+#
+# certificateRevocationList ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX CertificateRevocationList
+# ::= {attributeType 39}
+#
+#
+# crossCertificatePair ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX CrossCertificatePair
+# ::= {attributeType 40}
+#
+#
+#
+#
+# -- Standard MHS Attribute Types
+#
+# mhsDeliverableContentLength ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX integer
+# ::= {mhsAttributeType 0}
+#
+#
+# mhsDeliverableContentTypes ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX oID
+# ::= {mhsAttributeType 1}
+#
+#
+# mhsDeliverableEits ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX oID
+# ::= {mhsAttributeType 2}
+#
+#
+# mhsDLMembers ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX oRName
+# ::= {mhsAttributeType 3}
+#
+#
+# mhsDLSubmitPermissions ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX dLSubmitPermission
+# ::= {mhsAttributeType 4}
+#
+#
+# mhsMessageStoreName ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX dN
+# ::= {mhsAttributeType 5}
+#
+#
+# mhsORAddresses ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX oRAddress
+# ::= {mhsAttributeType 6}
+#
+#
+# mhsPreferredDeliveryMethods ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX deliveryMethod
+# ::= {mhsAttributeType 7}
+#
+#
+# mhsSupportedAutomaticActions ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX oID
+# ::= {mhsAttributeType 8}
+#
+#
+# mhsSupportedContentTypes ATTRIBUTE
+#
+# WITH ATTRIBUTE-SYNTAX oID
+# ::= {mhsAttributeType 9}
+#
+#
+# mhsSupportedOptionalAttributes ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX oID
+# ::= {mhsAttributeType 10}
+#
+#
+#
+#
+# -- Pilot Attribute Types
+#
+# userid ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-user-identifier))
+# ::= {pilotAttributeType 1}
+#
+#
+# textEncodedORAddress ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-text-encoded-or-address))
+# ::= {pilotAttributeType 2}
+#
+#
+# rfc822Mailbox ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreIA5StringSyntax
+# (SIZE (1 .. ub-rfc822-mailbox))
+# ::= {pilotAttributeType 3}
+#
+#
+# info ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-information))
+# ::= {pilotAttributeType 4}
+#
+#
+# favouriteDrink ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-favourite-drink))
+# ::= {pilotAttributeType 5}
+#
+#
+# roomNumber ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-room-number))
+# ::= {pilotAttributeType 6}
+#
+#
+# photo ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# CHOICE {
+# g3-facsimile [3] G3FacsimileBodyPart
+# }
+# (SIZE (1 .. ub-photo))
+# ::= {pilotAttributeType 7}
+#
+#
+# userClass ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-user-class))
+# ::= {pilotAttributeType 8}
+#
+#
+# host ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-host))
+# ::= {pilotAttributeType 9}
+#
+#
+# manager ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# distinguishedNameSyntax
+# ::= {pilotAttributeType 10}
+#
+#
+# documentIdentifier ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-document-identifier))
+# ::= {pilotAttributeType 11}
+#
+#
+# documentTitle ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-document-title))
+# ::= {pilotAttributeType 12}
+#
+#
+# documentVersion ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-document-version))
+# ::= {pilotAttributeType 13}
+#
+#
+# documentAuthor ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# distinguishedNameSyntax
+# ::= {pilotAttributeType 14}
+#
+#
+# documentLocation ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-document-location))
+# ::= {pilotAttributeType 15}
+#
+#
+# homeTelephoneNumber ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# telephoneNumberSyntax
+# ::= {pilotAttributeType 20}
+#
+#
+# secretary ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# distinguishedNameSyntax
+# ::= {pilotAttributeType 21}
+#
+#
+# otherMailbox ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# SEQUENCE {
+# mailboxType PrintableString, -- e.g. Telemail
+# mailbox IA5String -- e.g. X378:Joe
+# }
+# ::= {pilotAttributeType 22}
+#
+#
+# lastModifiedTime ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# uTCTimeSyntax
+# ::= {pilotAttributeType 23}
+#
+#
+# lastModifiedBy ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# distinguishedNameSyntax
+# ::= {pilotAttributeType 24}
+#
+#
+# domainComponent ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreIA5StringSyntax
+# SINGLE VALUE
+# ::= {pilotAttributeType 25}
+#
+#
+# aRecord ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# DNSRecordSyntax
+# ::= {pilotAttributeType 26}
+#
+#
+# mXRecord ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# DNSRecordSyntax
+# ::= {pilotAttributeType 28}
+#
+#
+# nSRecord ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# DNSRecordSyntax
+# ::= {pilotAttributeType 29}
+#
+# sOARecord ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# DNSRecordSyntax
+# ::= {pilotAttributeType 30}
+#
+#
+# cNAMERecord ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# iA5StringSyntax
+# ::= {pilotAttributeType 31}
+#
+#
+# associatedDomain ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreIA5StringSyntax
+# ::= {pilotAttributeType 37}
+#
+#
+# associatedName ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# distinguishedNameSyntax
+# ::= {pilotAttributeType 38}
+#
+#
+# homePostalAddress ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# postalAddress
+# MATCHES FOR EQUALITY
+# ::= {pilotAttributeType 39}
+#
+#
+# personalTitle ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-personal-title))
+# ::= {pilotAttributeType 40}
+#
+#
+# mobileTelephoneNumber ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# telephoneNumberSyntax
+# ::= {pilotAttributeType 41}
+#
+#
+# pagerTelephoneNumber ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# telephoneNumberSyntax
+# ::= {pilotAttributeType 42}
+#
+#
+# friendlyCountryName ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# ::= {pilotAttributeType 43}
+#
+#
+# uniqueIdentifier ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-unique-identifier))
+# ::= {pilotAttributeType 44}
+#
+#
+# organizationalStatus ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-organizational-status))
+# ::= {pilotAttributeType 45}
+#
+#
+# janetMailbox ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreIA5StringSyntax
+# (SIZE (1 .. ub-janet-mailbox))
+# ::= {pilotAttributeType 46}
+#
+#
+# mailPreferenceOption ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX ENUMERATED {
+# no-list-inclusion(0),
+# any-list-inclusion(1), -- may be added to any lists
+# professional-list-inclusion(2)
+# -- may be added to lists
+# -- which the list provider
+# -- views as related to the
+# -- users professional inter-
+# -- ests, perhaps evaluated
+# -- from the business of the
+# -- organisation or keywords
+# -- in the entry.
+# }
+# ::= {pilotAttributeType 47}
+#
+#
+# buildingName ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# caseIgnoreStringSyntax
+# (SIZE (1 .. ub-building-name))
+# ::= {pilotAttributeType 48}
+#
+#
+# dSAQuality ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX DSAQualitySyntax
+# SINGLE VALUE
+# ::= {pilotAttributeType 49}
+#
+#
+# singleLevelQuality ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX DataQualitySyntax
+# SINGLE VALUE
+#
+#
+# subtreeMinimumQuality ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX DataQualitySyntax
+# SINGLE VALUE
+# -- Defaults to singleLevelQuality
+# ::= {pilotAttributeType 51}
+#
+#
+# subtreeMaximumQuality ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX DataQualitySyntax
+# SINGLE VALUE
+# -- Defaults to singleLevelQuality
+# ::= {pilotAttributeType 52}
+#
+#
+# personalSignature ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# CHOICE {
+# g3-facsimile [3] G3FacsimileBodyPart
+# }
+# (SIZE (1 .. ub-personal-signature))
+# ::= {pilotAttributeType 53}
+#
+#
+# dITRedirect ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# distinguishedNameSyntax
+# ::= {pilotAttributeType 54}
+#
+#
+# audio ATTRIBUTE
+# WITH ATTRIBUTE-SYNTAX
+# Audio
+# (SIZE (1 .. ub-audio))
+# ::= {pilotAttributeType 55}
+#
+# documentPublisher ATTRIBUTE
+# WITH ATTRIBUTE SYNTAX caseIgnoreStringSyntax
+# ::= {pilotAttributeType 56}
+#
+#
+#
+# -- Generally useful syntaxes
+#
+#
+# caseIgnoreIA5StringSyntax ATTRIBUTE-SYNTAX
+# IA5String
+# MATCHES FOR EQUALITY SUBSTRINGS
+#
+#
+# iA5StringSyntax ATTRIBUTE-SYNTAX
+# IA5String
+# MATCHES FOR EQUALITY SUBSTRINGS
+#
+#
+# -- Syntaxes to support the DNS attributes
+#
+# DNSRecordSyntax ATTRIBUTE-SYNTAX
+# IA5String
+# MATCHES FOR EQUALITY
+#
+#
+# NRSInformationSyntax ATTRIBUTE-SYNTAX
+# NRSInformation
+# MATCHES FOR EQUALITY
+#
+#
+# NRSInformation ::= SET {
+# [0] Context,
+# [1] Address-space-id,
+# routes [2] SEQUENCE OF SEQUENCE {
+# Route-cost,
+# Addressing-info }
+# }
+#
+#
+# -- Upper bounds on length of attribute values
+#
+#
+# ub-document-identifier INTEGER ::= 256
+#
+# ub-document-location INTEGER ::= 256
+#
+# ub-document-title INTEGER ::= 256
+#
+# ub-document-version INTEGER ::= 256
+#
+# ub-favourite-drink INTEGER ::= 256
+#
+# ub-host INTEGER ::= 256
+#
+# ub-information INTEGER ::= 2048
+#
+# ub-unique-identifier INTEGER ::= 256
+#
+# ub-personal-title INTEGER ::= 256
+#
+# ub-photo INTEGER ::= 250000
+#
+# ub-rfc822-mailbox INTEGER ::= 256
+#
+# ub-room-number INTEGER ::= 256
+#
+# ub-text-or-address INTEGER ::= 256
+#
+# ub-user-class INTEGER ::= 256
+#
+# ub-user-identifier INTEGER ::= 256
+#
+# ub-organizational-status INTEGER ::= 256
+#
+# ub-janet-mailbox INTEGER ::= 256
+#
+# ub-building-name INTEGER ::= 256
+#
+# ub-personal-signature ::= 50000
+#
+# ub-audio INTEGER ::= 250000
+#
+# [remainder of memo trimmed]
+
--- /dev/null
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/duaconf.schema,v 1.5.2.6 2011/01/04 23:50:51 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2011 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+# DUA schema from draft-joslin-config-schema (a work in progress)
+
+# Contents of this file are subject to change (including deletion)
+# without notice.
+#
+# Not recommended for production use!
+# Use with extreme caution!
+
+## Notes:
+## - The matching rule for attributes followReferrals and dereferenceAliases
+## has been changed to booleanMatch since their syntax is boolean
+## - There was a typo in the name of the dereferenceAliases attributeType
+## in the DUAConfigProfile objectClass definition
+## - Credit goes to the original Authors
+
+#
+# Application Working Group M. Ansari
+# INTERNET-DRAFT Sun Microsystems, Inc.
+# Expires Febuary 2003 L. Howard
+# PADL Software Pty. Ltd.
+# B. Joslin [ed.]
+# Hewlett-Packard Company
+#
+# September 15th, 2003
+# Intended Category: Informational
+#
+#
+# A Configuration Schema for LDAP Based
+# Directory User Agents
+# <draft-joslin-config-schema-07.txt>
+#
+#Status of this Memo
+#
+# This memo provides information for the Internet community. This
+# memo does not specify an Internet standard of any kind. Distribu-
+# tion of this memo is unlimited.
+#
+# This document is an Internet-Draft and is in full conformance with
+# all provisions of Section 10 of RFC2026.
+#
+# This document is an Internet-Draft. Internet-Drafts are working
+# documents of the Internet Engineering Task Force (IETF), its areas,
+# and its working groups. Note that other groups may also distribute
+# working documents as Internet-Drafts.
+#
+# Internet-Drafts are draft documents valid for a maximum of six
+# months. Internet-Drafts may be updated, replaced, or made obsolete
+# by other documents at any time. It is not appropriate to use
+# Internet-Drafts as reference material or to cite them other than as
+# a "working draft" or "work in progress".
+#
+# To learn the current status of any Internet-Draft, please check the
+# 1id-abstracts.txt listing contained in the Internet-Drafts Shadow
+# Directories on ds.internic.net (US East Coast), nic.nordu.net
+# (Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific
+# Rim).
+#
+# Distribution of this document is unlimited.
+#
+#
+# Abstract
+#
+# This document describes a mechanism for global configuration of
+# similar directory user agents. This document defines a schema for
+# configuration of these DUAs that may be discovered using the Light-
+# weight Directory Access Protocol in RFC 2251[17]. A set of attri-
+# bute types and an objectclass are proposed, along with specific
+# guidelines for interpreting them. A significant feature of the
+# global configuration policy for DUAs is a mechanism that allows
+# DUAs to re-configure their schema to that of the end user's
+# environment. This configuration is achieved through attribute and
+# objectclass mapping. This document is intended to be a skeleton
+# for future documents that describe configuration of specific DUA
+# services.
+#
+#
+# [trimmed]
+#
+#
+# 2. General Issues
+#
+# The schema defined by this document is defined under the "DUA Con-
+# figuration Schema." This schema is derived from the OID: iso (1)
+# org (3) dod (6) internet (1) private (4) enterprises (1) Hewlett-
+# Packard Company (11) directory (1) LDAP-UX Integration Project (3)
+# DUA Configuration Schema (1). This OID is represented in this
+# document by the keystring "DUAConfSchemaOID"
+# (1.3.6.1.4.1.11.1.3.1).
+objectidentifier DUAConfSchemaOID 1.3.6.1.4.1.11.1.3.1
+#
+# 2.2 Attributes
+#
+# The attributes and classes defined in this document are summarized
+# below.
+#
+# The following attributes are defined in this document:
+#
+# preferredServerList
+# defaultServerList
+# defaultSearchBase
+# defaultSearchScope
+# authenticationMethod
+# credentialLevel
+# serviceSearchDescriptor
+#
+#
+#
+# Joslin [Page 3]
+# Internet-Draft DUA Configuration Schema October 2002
+#
+#
+# serviceCredentialLevel
+# serviceAuthenticationMethod
+# attributeMap
+# objectclassMap
+# searchTimeLimit
+# bindTimeLimit
+# followReferrals
+# dereferenceAliases
+# profileTTL
+#
+# 2.3 Object Classes
+#
+# The following object class is defined in this document:
+#
+# DUAConfigProfile
+#
+#
+attributeType ( DUAConfSchemaOID:1.0 NAME 'defaultServerList'
+ DESC 'Default LDAP server host address used by a DUA'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.1 NAME 'defaultSearchBase'
+ DESC 'Default LDAP base DN used by a DUA'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.2 NAME 'preferredServerList'
+ DESC 'Preferred LDAP server host addresses to be used by a
+ DUA'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.3 NAME 'searchTimeLimit'
+ DESC 'Maximum time in seconds a DUA should allow for a
+ search to complete'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.4 NAME 'bindTimeLimit'
+ DESC 'Maximum time in seconds a DUA should allow for the
+ bind operation to complete'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.5 NAME 'followReferrals'
+ DESC 'Tells DUA if it should follow referrals
+ returned by a DSA search result'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.16 NAME 'dereferenceAliases'
+ DESC 'Tells DUA if it should dereference aliases'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.6 NAME 'authenticationMethod'
+ DESC 'A keystring which identifies the type of
+ authentication method used to contact the DSA'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.7 NAME 'profileTTL'
+ DESC 'Time to live, in seconds, before a client DUA
+ should re-read this configuration profile'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.14 NAME 'serviceSearchDescriptor'
+ DESC 'LDAP search descriptor list used by a DUA'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributeType ( DUAConfSchemaOID:1.9 NAME 'attributeMap'
+ DESC 'Attribute mappings used by a DUA'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributeType ( DUAConfSchemaOID:1.10 NAME 'credentialLevel'
+ DESC 'Identifies type of credentials a DUA should
+ use when binding to the LDAP server'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.11 NAME 'objectclassMap'
+ DESC 'Objectclass mappings used by a DUA'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributeType ( DUAConfSchemaOID:1.12 NAME 'defaultSearchScope'
+ DESC 'Default search scope used by a DUA'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.13 NAME 'serviceCredentialLevel'
+ DESC 'Identifies type of credentials a DUA
+ should use when binding to the LDAP server for a
+ specific service'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributeType ( DUAConfSchemaOID:1.15 NAME 'serviceAuthenticationMethod'
+ DESC 'Authentication method used by a service of the DUA'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+#
+# 4. Class Definition
+#
+# The objectclass below is constructed from the attributes defined in
+# 3, with the exception of the cn attribute, which is defined in RFC
+# 2256 [8]. cn is used to represent the name of the DUA configura-
+# tion profile.
+#
+objectClass ( DUAConfSchemaOID:2.5 NAME 'DUAConfigProfile'
+ SUP top STRUCTURAL
+ DESC 'Abstraction of a base configuration for a DUA'
+ MUST ( cn )
+ MAY ( defaultServerList $ preferredServerList $
+ defaultSearchBase $ defaultSearchScope $
+ searchTimeLimit $ bindTimeLimit $
+ credentialLevel $ authenticationMethod $
+ followReferrals $ dereferenceAliases $
+ serviceSearchDescriptor $ serviceCredentialLevel $
+ serviceAuthenticationMethod $ objectclassMap $
+ attributeMap $ profileTTL ) )
--- /dev/null
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2011 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+# DUA schema from draft-joslin-config-schema (a work in progress)
+
+# Contents of this file are subject to change (including deletion)
+# without notice.
+#
+# Not recommended for production use!
+# Use with extreme caution!
+
+## Notes:
+## - The matching rule for attributes followReferrals and dereferenceAliases
+## has been changed to booleanMatch since their syntax is boolean
+## - There was a typo in the name of the dereferenceAliases attributeType
+## in the DUAConfigProfile objectClass definition
+## - Credit goes to the original Authors
+
+#
+# Application Working Group M. Ansari
+# INTERNET-DRAFT Sun Microsystems, Inc.
+# Expires Febuary 2003 L. Howard
+# PADL Software Pty. Ltd.
+# B. Joslin [ed.]
+# Hewlett-Packard Company
+#
+# September 15th, 2003
+# Intended Category: Informational
+#
+#
+# A Configuration Schema for LDAP Based
+# Directory User Agents
+# <draft-joslin-config-schema-07.txt>
+#
+#Status of this Memo
+#
+# This memo provides information for the Internet community. This
+# memo does not specify an Internet standard of any kind. Distribu-
+# tion of this memo is unlimited.
+#
+# This document is an Internet-Draft and is in full conformance with
+# all provisions of Section 10 of RFC2026.
+#
+# This document is an Internet-Draft. Internet-Drafts are working
+# documents of the Internet Engineering Task Force (IETF), its areas,
+# and its working groups. Note that other groups may also distribute
+# working documents as Internet-Drafts.
+#
+# Internet-Drafts are draft documents valid for a maximum of six
+# months. Internet-Drafts may be updated, replaced, or made obsolete
+# by other documents at any time. It is not appropriate to use
+# Internet-Drafts as reference material or to cite them other than as
+# a "working draft" or "work in progress".
+#
+# To learn the current status of any Internet-Draft, please check the
+# 1id-abstracts.txt listing contained in the Internet-Drafts Shadow
+# Directories on ds.internic.net (US East Coast), nic.nordu.net
+# (Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific
+# Rim).
+#
+# Distribution of this document is unlimited.
+#
+#
+# Abstract
+#
+# This document describes a mechanism for global configuration of
+# similar directory user agents. This document defines a schema for
+# configuration of these DUAs that may be discovered using the Light-
+# weight Directory Access Protocol in RFC 2251[17]. A set of attri-
+# bute types and an objectclass are proposed, along with specific
+# guidelines for interpreting them. A significant feature of the
+# global configuration policy for DUAs is a mechanism that allows
+# DUAs to re-configure their schema to that of the end user's
+# environment. This configuration is achieved through attribute and
+# objectclass mapping. This document is intended to be a skeleton
+# for future documents that describe configuration of specific DUA
+# services.
+#
+#
+# [trimmed]
+#
+#
+# 2. General Issues
+#
+# The schema defined by this document is defined under the "DUA Con-
+# figuration Schema." This schema is derived from the OID: iso (1)
+# org (3) dod (6) internet (1) private (4) enterprises (1) Hewlett-
+# Packard Company (11) directory (1) LDAP-UX Integration Project (3)
+# DUA Configuration Schema (1). This OID is represented in this
+# document by the keystring "DUAConfSchemaOID"
+# (1.3.6.1.4.1.11.1.3.1).
+objectidentifier DUAConfSchemaOID 1.3.6.1.4.1.11.1.3.1
+#
+# 2.2 Attributes
+#
+# The attributes and classes defined in this document are summarized
+# below.
+#
+# The following attributes are defined in this document:
+#
+# preferredServerList
+# defaultServerList
+# defaultSearchBase
+# defaultSearchScope
+# authenticationMethod
+# credentialLevel
+# serviceSearchDescriptor
+#
+#
+#
+# Joslin [Page 3]
+# Internet-Draft DUA Configuration Schema October 2002
+#
+#
+# serviceCredentialLevel
+# serviceAuthenticationMethod
+# attributeMap
+# objectclassMap
+# searchTimeLimit
+# bindTimeLimit
+# followReferrals
+# dereferenceAliases
+# profileTTL
+#
+# 2.3 Object Classes
+#
+# The following object class is defined in this document:
+#
+# DUAConfigProfile
+#
+#
+attributeType ( DUAConfSchemaOID:1.0 NAME 'defaultServerList'
+ DESC 'Default LDAP server host address used by a DUA'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.1 NAME 'defaultSearchBase'
+ DESC 'Default LDAP base DN used by a DUA'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.2 NAME 'preferredServerList'
+ DESC 'Preferred LDAP server host addresses to be used by a
+ DUA'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.3 NAME 'searchTimeLimit'
+ DESC 'Maximum time in seconds a DUA should allow for a
+ search to complete'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.4 NAME 'bindTimeLimit'
+ DESC 'Maximum time in seconds a DUA should allow for the
+ bind operation to complete'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.5 NAME 'followReferrals'
+ DESC 'Tells DUA if it should follow referrals
+ returned by a DSA search result'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.16 NAME 'dereferenceAliases'
+ DESC 'Tells DUA if it should dereference aliases'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.6 NAME 'authenticationMethod'
+ DESC 'A keystring which identifies the type of
+ authentication method used to contact the DSA'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.7 NAME 'profileTTL'
+ DESC 'Time to live, in seconds, before a client DUA
+ should re-read this configuration profile'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.14 NAME 'serviceSearchDescriptor'
+ DESC 'LDAP search descriptor list used by a DUA'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributeType ( DUAConfSchemaOID:1.9 NAME 'attributeMap'
+ DESC 'Attribute mappings used by a DUA'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributeType ( DUAConfSchemaOID:1.10 NAME 'credentialLevel'
+ DESC 'Identifies type of credentials a DUA should
+ use when binding to the LDAP server'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.11 NAME 'objectclassMap'
+ DESC 'Objectclass mappings used by a DUA'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributeType ( DUAConfSchemaOID:1.12 NAME 'defaultSearchScope'
+ DESC 'Default search scope used by a DUA'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.13 NAME 'serviceCredentialLevel'
+ DESC 'Identifies type of credentials a DUA
+ should use when binding to the LDAP server for a
+ specific service'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributeType ( DUAConfSchemaOID:1.15 NAME 'serviceAuthenticationMethod'
+ DESC 'Authentication method used by a service of the DUA'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+#
+# 4. Class Definition
+#
+# The objectclass below is constructed from the attributes defined in
+# 3, with the exception of the cn attribute, which is defined in RFC
+# 2256 [8]. cn is used to represent the name of the DUA configura-
+# tion profile.
+#
+objectClass ( DUAConfSchemaOID:2.5 NAME 'DUAConfigProfile'
+ SUP top STRUCTURAL
+ DESC 'Abstraction of a base configuration for a DUA'
+ MUST ( cn )
+ MAY ( defaultServerList $ preferredServerList $
+ defaultSearchBase $ defaultSearchScope $
+ searchTimeLimit $ bindTimeLimit $
+ credentialLevel $ authenticationMethod $
+ followReferrals $ dereferenceAliases $
+ serviceSearchDescriptor $ serviceCredentialLevel $
+ serviceAuthenticationMethod $ objectclassMap $
+ attributeMap $ profileTTL ) )
--- /dev/null
+# dyngroup.schema -- Dynamic Group schema
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/dyngroup.ldif,v 1.1.2.3 2011/01/04 23:50:51 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2011 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+# Dynamic Group schema (experimental), as defined by Netscape. See
+# http://www.redhat.com/docs/manuals/ent-server/pdf/esadmin611.pdf
+# page 70 for details on how these groups were used.
+#
+# A description of the objectclass definition is available here:
+# http://www.redhat.com/docs/manuals/dir-server/schema/7.1/oc_dir.html#1303745
+#
+# depends upon:
+# core.schema
+#
+# These definitions are considered experimental due to the lack of
+# a formal specification (e.g., RFC).
+#
+# NOT RECOMMENDED FOR PRODUCTION USE! USE WITH CAUTION!
+#
+# The Netscape documentation describes this as an auxiliary objectclass
+# but their implementations have always defined it as a structural class.
+# The sloppiness here is because Netscape-derived servers don't actually
+# implement the X.500 data model, and they don't honor the distinction
+# between structural and auxiliary classes. This fact is noted here:
+# http://forum.java.sun.com/thread.jspa?threadID=5016864&messageID=9034636
+#
+# In accordance with other existing implementations, we define it as a
+# structural class.
+#
+# Our definition of memberURL also does not match theirs but again
+# their published definition and what works in practice do not agree.
+# In other words, the Netscape definitions are broken and interoperability
+# is not guaranteed.
+#
+# Also see the new DynGroup proposed spec at
+# http://tools.ietf.org/html/draft-haripriya-dynamicgroup-02
+dn: cn=dyngroup,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: dyngroup
+olcObjectIdentifier: {0}NetscapeRoot 2.16.840.1.113730
+olcObjectIdentifier: {1}NetscapeLDAP NetscapeRoot:3
+olcObjectIdentifier: {2}NetscapeLDAPattributeType NetscapeLDAP:1
+olcObjectIdentifier: {3}NetscapeLDAPobjectClass NetscapeLDAP:2
+olcObjectIdentifier: {4}OpenLDAPExp11 1.3.6.1.4.1.4203.666.11
+olcObjectIdentifier: {5}DynGroupBase OpenLDAPExp11:8
+olcObjectIdentifier: {6}DynGroupAttr DynGroupBase:1
+olcObjectIdentifier: {7}DynGroupOC DynGroupBase:2
+olcAttributeTypes: {0}( NetscapeLDAPattributeType:198 NAME 'memberURL' DESC 'I
+ dentifies an URL associated with each member of a group. Any type of labeled
+ URL can be used.' SUP labeledURI )
+olcAttributeTypes: {1}( DynGroupAttr:1 NAME 'dgIdentity' DESC 'Identity to use
+ when processing the memberURL' SUP distinguishedName SINGLE-VALUE )
+olcAttributeTypes: {2}( DynGroupAttr:2 NAME 'dgAuthz' DESC 'Optional authoriza
+ tion rules that determine who is allowed to assume the dgIdentity' EQUALITY a
+ uthzMatch SYNTAX 1.3.6.1.4.1.4203.666.2.7 X-ORDERED 'VALUES' )
+olcObjectClasses: {0}( NetscapeLDAPobjectClass:33 NAME 'groupOfURLs' SUP top S
+ TRUCTURAL MUST cn MAY ( memberURL $ businessCategory $ description $ o $ ou $
+ owner $ seeAlso ) )
+olcObjectClasses: {1}( DynGroupOC:1 NAME 'dgIdentityAux' SUP top AUXILIARY MAY
+ ( dgIdentity $ dgAuthz ) )
--- /dev/null
+# dyngroup.schema -- Dynamic Group schema
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2011 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+# Dynamic Group schema (experimental), as defined by Netscape. See
+# http://www.redhat.com/docs/manuals/ent-server/pdf/esadmin611.pdf
+# page 70 for details on how these groups were used.
+#
+# A description of the objectclass definition is available here:
+# http://www.redhat.com/docs/manuals/dir-server/schema/7.1/oc_dir.html#1303745
+#
+# depends upon:
+# core.schema
+#
+# These definitions are considered experimental due to the lack of
+# a formal specification (e.g., RFC).
+#
+# NOT RECOMMENDED FOR PRODUCTION USE! USE WITH CAUTION!
+#
+# The Netscape documentation describes this as an auxiliary objectclass
+# but their implementations have always defined it as a structural class.
+# The sloppiness here is because Netscape-derived servers don't actually
+# implement the X.500 data model, and they don't honor the distinction
+# between structural and auxiliary classes. This fact is noted here:
+# http://forum.java.sun.com/thread.jspa?threadID=5016864&messageID=9034636
+#
+# In accordance with other existing implementations, we define it as a
+# structural class.
+#
+# Our definition of memberURL also does not match theirs but again
+# their published definition and what works in practice do not agree.
+# In other words, the Netscape definitions are broken and interoperability
+# is not guaranteed.
+#
+# Also see the new DynGroup proposed spec at
+# http://tools.ietf.org/html/draft-haripriya-dynamicgroup-02
+dn: cn=dyngroup,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: dyngroup
+olcObjectIdentifier: {0}NetscapeRoot 2.16.840.1.113730
+olcObjectIdentifier: {1}NetscapeLDAP NetscapeRoot:3
+olcObjectIdentifier: {2}NetscapeLDAPattributeType NetscapeLDAP:1
+olcObjectIdentifier: {3}NetscapeLDAPobjectClass NetscapeLDAP:2
+olcObjectIdentifier: {4}OpenLDAPExp11 1.3.6.1.4.1.4203.666.11
+olcObjectIdentifier: {5}DynGroupBase OpenLDAPExp11:8
+olcObjectIdentifier: {6}DynGroupAttr DynGroupBase:1
+olcObjectIdentifier: {7}DynGroupOC DynGroupBase:2
+olcAttributeTypes: {0}( NetscapeLDAPattributeType:198 NAME 'memberURL' DESC 'I
+ dentifies an URL associated with each member of a group. Any type of labeled
+ URL can be used.' SUP labeledURI )
+olcAttributeTypes: {1}( DynGroupAttr:1 NAME 'dgIdentity' DESC 'Identity to use
+ when processing the memberURL' SUP distinguishedName SINGLE-VALUE )
+olcAttributeTypes: {2}( DynGroupAttr:2 NAME 'dgAuthz' DESC 'Optional authoriza
+ tion rules that determine who is allowed to assume the dgIdentity' EQUALITY a
+ uthzMatch SYNTAX 1.3.6.1.4.1.4203.666.2.7 X-ORDERED 'VALUES' )
+olcObjectClasses: {0}( NetscapeLDAPobjectClass:33 NAME 'groupOfURLs' SUP top S
+ TRUCTURAL MUST cn MAY ( memberURL $ businessCategory $ description $ o $ ou $
+ owner $ seeAlso ) )
+olcObjectClasses: {1}( DynGroupOC:1 NAME 'dgIdentityAux' SUP top AUXILIARY MAY
+ ( dgIdentity $ dgAuthz ) )
--- /dev/null
+# dyngroup.schema -- Dynamic Group schema
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/dyngroup.schema,v 1.6.2.7 2011/01/04 23:50:51 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2011 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+# Dynamic Group schema (experimental), as defined by Netscape. See
+# http://www.redhat.com/docs/manuals/ent-server/pdf/esadmin611.pdf
+# page 70 for details on how these groups were used.
+#
+# A description of the objectclass definition is available here:
+# http://www.redhat.com/docs/manuals/dir-server/schema/7.1/oc_dir.html#1303745
+#
+# depends upon:
+# core.schema
+#
+# These definitions are considered experimental due to the lack of
+# a formal specification (e.g., RFC).
+#
+# NOT RECOMMENDED FOR PRODUCTION USE! USE WITH CAUTION!
+#
+# The Netscape documentation describes this as an auxiliary objectclass
+# but their implementations have always defined it as a structural class.
+# The sloppiness here is because Netscape-derived servers don't actually
+# implement the X.500 data model, and they don't honor the distinction
+# between structural and auxiliary classes. This fact is noted here:
+# http://forum.java.sun.com/thread.jspa?threadID=5016864&messageID=9034636
+#
+# In accordance with other existing implementations, we define it as a
+# structural class.
+#
+# Our definition of memberURL also does not match theirs but again
+# their published definition and what works in practice do not agree.
+# In other words, the Netscape definitions are broken and interoperability
+# is not guaranteed.
+#
+# Also see the new DynGroup proposed spec at
+# http://tools.ietf.org/html/draft-haripriya-dynamicgroup-02
+
+objectIdentifier NetscapeRoot 2.16.840.1.113730
+
+objectIdentifier NetscapeLDAP NetscapeRoot:3
+objectIdentifier NetscapeLDAPattributeType NetscapeLDAP:1
+objectIdentifier NetscapeLDAPobjectClass NetscapeLDAP:2
+
+objectIdentifier OpenLDAPExp11 1.3.6.1.4.1.4203.666.11
+objectIdentifier DynGroupBase OpenLDAPExp11:8
+objectIdentifier DynGroupAttr DynGroupBase:1
+objectIdentifier DynGroupOC DynGroupBase:2
+
+attributetype ( NetscapeLDAPattributeType:198
+ NAME 'memberURL'
+ DESC 'Identifies an URL associated with each member of a group. Any type of labeled URL can be used.'
+ SUP labeledURI )
+
+attributetype ( DynGroupAttr:1
+ NAME 'dgIdentity'
+ DESC 'Identity to use when processing the memberURL'
+ SUP distinguishedName SINGLE-VALUE )
+
+attributeType ( DynGroupAttr:2
+ NAME 'dgAuthz'
+ DESC 'Optional authorization rules that determine who is allowed to assume the dgIdentity'
+ EQUALITY authzMatch
+ SYNTAX 1.3.6.1.4.1.4203.666.2.7
+ X-ORDERED 'VALUES' )
+
+objectClass ( NetscapeLDAPobjectClass:33
+ NAME 'groupOfURLs'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( memberURL $ businessCategory $ description $ o $ ou $
+ owner $ seeAlso ) )
+
+# The Haripriya dyngroup schema still needs a lot of work.
+# We're just adding support for the dgIdentity attribute for now...
+objectClass ( DynGroupOC:1
+ NAME 'dgIdentityAux'
+ SUP top AUXILIARY
+ MAY ( dgIdentity $ dgAuthz ) )
+
+
--- /dev/null
+# dyngroup.schema -- Dynamic Group schema
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2011 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+# Dynamic Group schema (experimental), as defined by Netscape. See
+# http://www.redhat.com/docs/manuals/ent-server/pdf/esadmin611.pdf
+# page 70 for details on how these groups were used.
+#
+# A description of the objectclass definition is available here:
+# http://www.redhat.com/docs/manuals/dir-server/schema/7.1/oc_dir.html#1303745
+#
+# depends upon:
+# core.schema
+#
+# These definitions are considered experimental due to the lack of
+# a formal specification (e.g., RFC).
+#
+# NOT RECOMMENDED FOR PRODUCTION USE! USE WITH CAUTION!
+#
+# The Netscape documentation describes this as an auxiliary objectclass
+# but their implementations have always defined it as a structural class.
+# The sloppiness here is because Netscape-derived servers don't actually
+# implement the X.500 data model, and they don't honor the distinction
+# between structural and auxiliary classes. This fact is noted here:
+# http://forum.java.sun.com/thread.jspa?threadID=5016864&messageID=9034636
+#
+# In accordance with other existing implementations, we define it as a
+# structural class.
+#
+# Our definition of memberURL also does not match theirs but again
+# their published definition and what works in practice do not agree.
+# In other words, the Netscape definitions are broken and interoperability
+# is not guaranteed.
+#
+# Also see the new DynGroup proposed spec at
+# http://tools.ietf.org/html/draft-haripriya-dynamicgroup-02
+
+objectIdentifier NetscapeRoot 2.16.840.1.113730
+
+objectIdentifier NetscapeLDAP NetscapeRoot:3
+objectIdentifier NetscapeLDAPattributeType NetscapeLDAP:1
+objectIdentifier NetscapeLDAPobjectClass NetscapeLDAP:2
+
+objectIdentifier OpenLDAPExp11 1.3.6.1.4.1.4203.666.11
+objectIdentifier DynGroupBase OpenLDAPExp11:8
+objectIdentifier DynGroupAttr DynGroupBase:1
+objectIdentifier DynGroupOC DynGroupBase:2
+
+attributetype ( NetscapeLDAPattributeType:198
+ NAME 'memberURL'
+ DESC 'Identifies an URL associated with each member of a group. Any type of labeled URL can be used.'
+ SUP labeledURI )
+
+attributetype ( DynGroupAttr:1
+ NAME 'dgIdentity'
+ DESC 'Identity to use when processing the memberURL'
+ SUP distinguishedName SINGLE-VALUE )
+
+attributeType ( DynGroupAttr:2
+ NAME 'dgAuthz'
+ DESC 'Optional authorization rules that determine who is allowed to assume the dgIdentity'
+ EQUALITY authzMatch
+ SYNTAX 1.3.6.1.4.1.4203.666.2.7
+ X-ORDERED 'VALUES' )
+
+objectClass ( NetscapeLDAPobjectClass:33
+ NAME 'groupOfURLs'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( memberURL $ businessCategory $ description $ o $ ou $
+ owner $ seeAlso ) )
+
+# The Haripriya dyngroup schema still needs a lot of work.
+# We're just adding support for the dgIdentity attribute for now...
+objectClass ( DynGroupOC:1
+ NAME 'dgIdentityAux'
+ SUP top AUXILIARY
+ MAY ( dgIdentity $ dgAuthz ) )
+
+
--- /dev/null
+# InetOrgPerson (RFC2798)
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/inetorgperson.ldif,v 1.1.2.6 2011/01/04 23:50:52 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2011 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+# InetOrgPerson (RFC2798)
+#
+# Depends upon
+# Definition of an X.500 Attribute Type and an Object Class to Hold
+# Uniform Resource Identifiers (URIs) [RFC2079]
+# (core.ldif)
+#
+# A Summary of the X.500(96) User Schema for use with LDAPv3 [RFC2256]
+# (core.ldif)
+#
+# The COSINE and Internet X.500 Schema [RFC1274] (cosine.ldif)
+#
+# This file was automatically generated from inetorgperson.schema; see
+# that file for complete references.
+#
+dn: cn=inetorgperson,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: inetorgperson
+olcAttributeTypes: ( 2.16.840.1.113730.3.1.1 NAME 'carLicense' DESC 'RFC279
+ 8: vehicle license or registration plate' EQUALITY caseIgnoreMatch SUBSTR cas
+ eIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+olcAttributeTypes: ( 2.16.840.1.113730.3.1.2 NAME 'departmentNumber' DESC '
+ RFC2798: identifies a department within an organization' EQUALITY caseIgnoreM
+ atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+olcAttributeTypes: ( 2.16.840.1.113730.3.1.241 NAME 'displayName' DESC 'RFC
+ 2798: preferred name to be used when displaying entries' EQUALITY caseIgnoreM
+ atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI
+ NGLE-VALUE )
+olcAttributeTypes: ( 2.16.840.1.113730.3.1.3 NAME 'employeeNumber' DESC 'RF
+ C2798: numerically identifies an employee within an organization' EQUALITY ca
+ seIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12
+ 1.1.15 SINGLE-VALUE )
+olcAttributeTypes: ( 2.16.840.1.113730.3.1.4 NAME 'employeeType' DESC 'RFC2
+ 798: type of employment for a person' EQUALITY caseIgnoreMatch SUBSTR caseIgn
+ oreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' DESC 'RFC2
+ 798: a JPEG image' SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 )
+olcAttributeTypes: ( 2.16.840.1.113730.3.1.39 NAME 'preferredLanguage' DESC
+ 'RFC2798: preferred written or spoken language for a person' EQUALITY caseIg
+ noreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.
+ 15 SINGLE-VALUE )
+olcAttributeTypes: ( 2.16.840.1.113730.3.1.40 NAME 'userSMIMECertificate' D
+ ESC 'RFC2798: PKCS#7 SignedData used to support S/MIME' SYNTAX 1.3.6.1.4.1.14
+ 66.115.121.1.5 )
+olcAttributeTypes: ( 2.16.840.1.113730.3.1.216 NAME 'userPKCS12' DESC 'RFC2
+ 798: personal identity information, a PKCS #12 PFX' SYNTAX 1.3.6.1.4.1.1466.1
+ 15.121.1.5 )
+olcObjectClasses: ( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson' DESC 'RFC2
+ 798: Internet Organizational Person' SUP organizationalPerson STRUCTURAL MAY
+ ( audio $ businessCategory $ carLicense $ departmentNumber $ displayName $ em
+ ployeeNumber $ employeeType $ givenName $ homePhone $ homePostalAddress $ ini
+ tials $ jpegPhoto $ labeledURI $ mail $ manager $ mobile $ o $ pager $ photo
+ $ roomNumber $ secretary $ uid $ userCertificate $ x500uniqueIdentifier $ pre
+ ferredLanguage $ userSMIMECertificate $ userPKCS12 ) )
--- /dev/null
+# InetOrgPerson (RFC2798)
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2011 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+# InetOrgPerson (RFC2798)
+#
+# Depends upon
+# Definition of an X.500 Attribute Type and an Object Class to Hold
+# Uniform Resource Identifiers (URIs) [RFC2079]
+# (core.ldif)
+#
+# A Summary of the X.500(96) User Schema for use with LDAPv3 [RFC2256]
+# (core.ldif)
+#
+# The COSINE and Internet X.500 Schema [RFC1274] (cosine.ldif)
+#
+# This file was automatically generated from inetorgperson.schema; see
+# that file for complete references.
+#
+dn: cn=inetorgperson,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: inetorgperson
+olcAttributeTypes: ( 2.16.840.1.113730.3.1.1 NAME 'carLicense' DESC 'RFC279
+ 8: vehicle license or registration plate' EQUALITY caseIgnoreMatch SUBSTR cas
+ eIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+olcAttributeTypes: ( 2.16.840.1.113730.3.1.2 NAME 'departmentNumber' DESC '
+ RFC2798: identifies a department within an organization' EQUALITY caseIgnoreM
+ atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+olcAttributeTypes: ( 2.16.840.1.113730.3.1.241 NAME 'displayName' DESC 'RFC
+ 2798: preferred name to be used when displaying entries' EQUALITY caseIgnoreM
+ atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI
+ NGLE-VALUE )
+olcAttributeTypes: ( 2.16.840.1.113730.3.1.3 NAME 'employeeNumber' DESC 'RF
+ C2798: numerically identifies an employee within an organization' EQUALITY ca
+ seIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12
+ 1.1.15 SINGLE-VALUE )
+olcAttributeTypes: ( 2.16.840.1.113730.3.1.4 NAME 'employeeType' DESC 'RFC2
+ 798: type of employment for a person' EQUALITY caseIgnoreMatch SUBSTR caseIgn
+ oreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' DESC 'RFC2
+ 798: a JPEG image' SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 )
+olcAttributeTypes: ( 2.16.840.1.113730.3.1.39 NAME 'preferredLanguage' DESC
+ 'RFC2798: preferred written or spoken language for a person' EQUALITY caseIg
+ noreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.
+ 15 SINGLE-VALUE )
+olcAttributeTypes: ( 2.16.840.1.113730.3.1.40 NAME 'userSMIMECertificate' D
+ ESC 'RFC2798: PKCS#7 SignedData used to support S/MIME' SYNTAX 1.3.6.1.4.1.14
+ 66.115.121.1.5 )
+olcAttributeTypes: ( 2.16.840.1.113730.3.1.216 NAME 'userPKCS12' DESC 'RFC2
+ 798: personal identity information, a PKCS #12 PFX' SYNTAX 1.3.6.1.4.1.1466.1
+ 15.121.1.5 )
+olcObjectClasses: ( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson' DESC 'RFC2
+ 798: Internet Organizational Person' SUP organizationalPerson STRUCTURAL MAY
+ ( audio $ businessCategory $ carLicense $ departmentNumber $ displayName $ em
+ ployeeNumber $ employeeType $ givenName $ homePhone $ homePostalAddress $ ini
+ tials $ jpegPhoto $ labeledURI $ mail $ manager $ mobile $ o $ pager $ photo
+ $ roomNumber $ secretary $ uid $ userCertificate $ x500uniqueIdentifier $ pre
+ ferredLanguage $ userSMIMECertificate $ userPKCS12 ) )
--- /dev/null
+# inetorgperson.schema -- InetOrgPerson (RFC2798)
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/inetorgperson.schema,v 1.18.2.6 2011/01/04 23:50:52 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2011 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+# InetOrgPerson (RFC2798)
+#
+# Depends upon
+# Definition of an X.500 Attribute Type and an Object Class to Hold
+# Uniform Resource Identifiers (URIs) [RFC2079]
+# (core.schema)
+#
+# A Summary of the X.500(96) User Schema for use with LDAPv3 [RFC2256]
+# (core.schema)
+#
+# The COSINE and Internet X.500 Schema [RFC1274] (cosine.schema)
+
+# carLicense
+# This multivalued field is used to record the values of the license or
+# registration plate associated with an individual.
+attributetype ( 2.16.840.1.113730.3.1.1
+ NAME 'carLicense'
+ DESC 'RFC2798: vehicle license or registration plate'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+# departmentNumber
+# Code for department to which a person belongs. This can also be
+# strictly numeric (e.g., 1234) or alphanumeric (e.g., ABC/123).
+attributetype ( 2.16.840.1.113730.3.1.2
+ NAME 'departmentNumber'
+ DESC 'RFC2798: identifies a department within an organization'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+# displayName
+# When displaying an entry, especially within a one-line summary list, it
+# is useful to be able to identify a name to be used. Since other attri-
+# bute types such as 'cn' are multivalued, an additional attribute type is
+# needed. Display name is defined for this purpose.
+attributetype ( 2.16.840.1.113730.3.1.241
+ NAME 'displayName'
+ DESC 'RFC2798: preferred name to be used when displaying entries'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+# employeeNumber
+# Numeric or alphanumeric identifier assigned to a person, typically based
+# on order of hire or association with an organization. Single valued.
+attributetype ( 2.16.840.1.113730.3.1.3
+ NAME 'employeeNumber'
+ DESC 'RFC2798: numerically identifies an employee within an organization'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+# employeeType
+# Used to identify the employer to employee relationship. Typical values
+# used will be "Contractor", "Employee", "Intern", "Temp", "External", and
+# "Unknown" but any value may be used.
+attributetype ( 2.16.840.1.113730.3.1.4
+ NAME 'employeeType'
+ DESC 'RFC2798: type of employment for a person'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+# jpegPhoto
+# Used to store one or more images of a person using the JPEG File
+# Interchange Format [JFIF].
+# Note that the jpegPhoto attribute type was defined for use in the
+# Internet X.500 pilots but no referencable definition for it could be
+# located.
+attributetype ( 0.9.2342.19200300.100.1.60
+ NAME 'jpegPhoto'
+ DESC 'RFC2798: a JPEG image'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 )
+
+# preferredLanguage
+# Used to indicate an individual's preferred written or spoken
+# language. This is useful for international correspondence or human-
+# computer interaction. Values for this attribute type MUST conform to
+# the definition of the Accept-Language header field defined in
+# [RFC2068] with one exception: the sequence "Accept-Language" ":"
+# should be omitted. This is a single valued attribute type.
+attributetype ( 2.16.840.1.113730.3.1.39
+ NAME 'preferredLanguage'
+ DESC 'RFC2798: preferred written or spoken language for a person'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+# userSMIMECertificate
+# A PKCS#7 [RFC2315] SignedData, where the content that is signed is
+# ignored by consumers of userSMIMECertificate values. It is
+# recommended that values have a `contentType' of data with an absent
+# `content' field. Values of this attribute contain a person's entire
+# certificate chain and an smimeCapabilities field [RFC2633] that at a
+# minimum describes their SMIME algorithm capabilities. Values for
+# this attribute are to be stored and requested in binary form, as
+# 'userSMIMECertificate;binary'. If available, this attribute is
+# preferred over the userCertificate attribute for S/MIME applications.
+## OpenLDAP note: ";binary" transfer should NOT be used as syntax is binary
+attributetype ( 2.16.840.1.113730.3.1.40
+ NAME 'userSMIMECertificate'
+ DESC 'RFC2798: PKCS#7 SignedData used to support S/MIME'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
+
+# userPKCS12
+# PKCS #12 [PKCS12] provides a format for exchange of personal identity
+# information. When such information is stored in a directory service,
+# the userPKCS12 attribute should be used. This attribute is to be stored
+# and requested in binary form, as 'userPKCS12;binary'. The attribute
+# values are PFX PDUs stored as binary data.
+## OpenLDAP note: ";binary" transfer should NOT be used as syntax is binary
+attributetype ( 2.16.840.1.113730.3.1.216
+ NAME 'userPKCS12'
+ DESC 'RFC2798: personal identity information, a PKCS #12 PFX'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
+
+
+# inetOrgPerson
+# The inetOrgPerson represents people who are associated with an
+# organization in some way. It is a structural class and is derived
+# from the organizationalPerson which is defined in X.521 [X521].
+objectclass ( 2.16.840.1.113730.3.2.2
+ NAME 'inetOrgPerson'
+ DESC 'RFC2798: Internet Organizational Person'
+ SUP organizationalPerson
+ STRUCTURAL
+ MAY (
+ audio $ businessCategory $ carLicense $ departmentNumber $
+ displayName $ employeeNumber $ employeeType $ givenName $
+ homePhone $ homePostalAddress $ initials $ jpegPhoto $
+ labeledURI $ mail $ manager $ mobile $ o $ pager $
+ photo $ roomNumber $ secretary $ uid $ userCertificate $
+ x500uniqueIdentifier $ preferredLanguage $
+ userSMIMECertificate $ userPKCS12 )
+ )
--- /dev/null
+# inetorgperson.schema -- InetOrgPerson (RFC2798)
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2011 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+# InetOrgPerson (RFC2798)
+#
+# Depends upon
+# Definition of an X.500 Attribute Type and an Object Class to Hold
+# Uniform Resource Identifiers (URIs) [RFC2079]
+# (core.schema)
+#
+# A Summary of the X.500(96) User Schema for use with LDAPv3 [RFC2256]
+# (core.schema)
+#
+# The COSINE and Internet X.500 Schema [RFC1274] (cosine.schema)
+
+# carLicense
+# This multivalued field is used to record the values of the license or
+# registration plate associated with an individual.
+attributetype ( 2.16.840.1.113730.3.1.1
+ NAME 'carLicense'
+ DESC 'RFC2798: vehicle license or registration plate'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+# departmentNumber
+# Code for department to which a person belongs. This can also be
+# strictly numeric (e.g., 1234) or alphanumeric (e.g., ABC/123).
+attributetype ( 2.16.840.1.113730.3.1.2
+ NAME 'departmentNumber'
+ DESC 'RFC2798: identifies a department within an organization'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+# displayName
+# When displaying an entry, especially within a one-line summary list, it
+# is useful to be able to identify a name to be used. Since other attri-
+# bute types such as 'cn' are multivalued, an additional attribute type is
+# needed. Display name is defined for this purpose.
+attributetype ( 2.16.840.1.113730.3.1.241
+ NAME 'displayName'
+ DESC 'RFC2798: preferred name to be used when displaying entries'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+# employeeNumber
+# Numeric or alphanumeric identifier assigned to a person, typically based
+# on order of hire or association with an organization. Single valued.
+attributetype ( 2.16.840.1.113730.3.1.3
+ NAME 'employeeNumber'
+ DESC 'RFC2798: numerically identifies an employee within an organization'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+# employeeType
+# Used to identify the employer to employee relationship. Typical values
+# used will be "Contractor", "Employee", "Intern", "Temp", "External", and
+# "Unknown" but any value may be used.
+attributetype ( 2.16.840.1.113730.3.1.4
+ NAME 'employeeType'
+ DESC 'RFC2798: type of employment for a person'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+# jpegPhoto
+# Used to store one or more images of a person using the JPEG File
+# Interchange Format [JFIF].
+# Note that the jpegPhoto attribute type was defined for use in the
+# Internet X.500 pilots but no referencable definition for it could be
+# located.
+attributetype ( 0.9.2342.19200300.100.1.60
+ NAME 'jpegPhoto'
+ DESC 'RFC2798: a JPEG image'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 )
+
+# preferredLanguage
+# Used to indicate an individual's preferred written or spoken
+# language. This is useful for international correspondence or human-
+# computer interaction. Values for this attribute type MUST conform to
+# the definition of the Accept-Language header field defined in
+# [RFC2068] with one exception: the sequence "Accept-Language" ":"
+# should be omitted. This is a single valued attribute type.
+attributetype ( 2.16.840.1.113730.3.1.39
+ NAME 'preferredLanguage'
+ DESC 'RFC2798: preferred written or spoken language for a person'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+# userSMIMECertificate
+# A PKCS#7 [RFC2315] SignedData, where the content that is signed is
+# ignored by consumers of userSMIMECertificate values. It is
+# recommended that values have a `contentType' of data with an absent
+# `content' field. Values of this attribute contain a person's entire
+# certificate chain and an smimeCapabilities field [RFC2633] that at a
+# minimum describes their SMIME algorithm capabilities. Values for
+# this attribute are to be stored and requested in binary form, as
+# 'userSMIMECertificate;binary'. If available, this attribute is
+# preferred over the userCertificate attribute for S/MIME applications.
+## OpenLDAP note: ";binary" transfer should NOT be used as syntax is binary
+attributetype ( 2.16.840.1.113730.3.1.40
+ NAME 'userSMIMECertificate'
+ DESC 'RFC2798: PKCS#7 SignedData used to support S/MIME'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
+
+# userPKCS12
+# PKCS #12 [PKCS12] provides a format for exchange of personal identity
+# information. When such information is stored in a directory service,
+# the userPKCS12 attribute should be used. This attribute is to be stored
+# and requested in binary form, as 'userPKCS12;binary'. The attribute
+# values are PFX PDUs stored as binary data.
+## OpenLDAP note: ";binary" transfer should NOT be used as syntax is binary
+attributetype ( 2.16.840.1.113730.3.1.216
+ NAME 'userPKCS12'
+ DESC 'RFC2798: personal identity information, a PKCS #12 PFX'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
+
+
+# inetOrgPerson
+# The inetOrgPerson represents people who are associated with an
+# organization in some way. It is a structural class and is derived
+# from the organizationalPerson which is defined in X.521 [X521].
+objectclass ( 2.16.840.1.113730.3.2.2
+ NAME 'inetOrgPerson'
+ DESC 'RFC2798: Internet Organizational Person'
+ SUP organizationalPerson
+ STRUCTURAL
+ MAY (
+ audio $ businessCategory $ carLicense $ departmentNumber $
+ displayName $ employeeNumber $ employeeType $ givenName $
+ homePhone $ homePostalAddress $ initials $ jpegPhoto $
+ labeledURI $ mail $ manager $ mobile $ o $ pager $
+ photo $ roomNumber $ secretary $ uid $ userCertificate $
+ x500uniqueIdentifier $ preferredLanguage $
+ userSMIMECertificate $ userPKCS12 )
+ )
--- /dev/null
+# java.schema -- Java Object Schema
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/java.schema,v 1.7.2.6 2011/01/04 23:50:52 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2011 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+# Java Object Schema (defined in RFC 2713)
+# depends upon core.schema
+#
+
+# Network Working Group V. Ryan
+# Request for Comments: 2713 S. Seligman
+# Category: Informational R. Lee
+# Sun Microsystems, Inc.
+# October 1999
+#
+#
+# Schema for Representing Java(tm) Objects in an LDAP Directory
+#
+# Status of this Memo
+#
+# This memo provides information for the Internet community. It does
+# not specify an Internet standard of any kind. Distribution of this
+# memo is unlimited.
+#
+# Copyright Notice
+#
+# Copyright (C) The Internet Society (1999). All Rights Reserved.
+#
+# Abstract
+#
+# This document defines the schema for representing Java(tm) objects in
+# an LDAP directory [LDAPv3]. It defines schema elements to represent
+# a Java serialized object [Serial], a Java marshalled object [RMI], a
+# Java remote object [RMI], and a JNDI reference [JNDI].
+#
+
+# [trimmed]
+
+# 3 Attribute Type Definitions
+#
+# The following attribute types are defined in this document:
+#
+# javaClassName
+# javaClassNames
+# javaCodebase
+# javaSerializedData
+# javaFactory
+# javaReferenceAddress
+# javaDoc
+#
+# 3.1 javaClassName
+#
+# This attribute stores the fully qualified name of the Java object's
+# "distinguished" class or interface (for example, "java.lang.String").
+# It is a single-valued attribute. This attribute's syntax is '
+# Directory String' and its case is significant.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.1.6
+# NAME 'javaClassName'
+# DESC 'Fully qualified name of distinguished Java class or
+# interface'
+# EQUALITY caseExactMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+# SINGLE-VALUE
+# )
+#
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.6
+ NAME 'javaClassName'
+ DESC 'Fully qualified name of distinguished Java class or interface'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+# 3.2 javaCodebase
+#
+# This attribute stores the Java class definition's locations. It
+# specifies the locations from which to load the class definition for
+# the class specified by the javaClassName attribute. Each value of
+# the attribute contains an ordered list of URLs, separated by spaces.
+# For example, a value of "url1 url2 url3" means that the three
+# (possibly interdependent) URLs (url1, url2, and url3) form the
+# codebase for loading in the Java class definition.
+#
+# If the javaCodebase attribute contains more than one value, each
+# value is an independent codebase. That is, there is no relationship
+# between the URLs in one value and those in another; each value can be
+# viewed as an alternate source for loading the Java class definition.
+# See [Java] for information regarding class loading.
+#
+# This attribute's syntax is 'IA5 String' and its case is significant.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.1.7
+# NAME 'javaCodebase'
+# DESC 'URL(s) specifying the location of class definition'
+# EQUALITY caseExactIA5Match
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+# )
+#
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.7
+ NAME 'javaCodebase'
+ DESC 'URL(s) specifying the location of class definition'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+# 3.3 javaClassNames
+#
+# This attribute stores the Java object's fully qualified class or
+# interface names (for example, "java.lang.String"). It is a
+# multivalued attribute. When more than one value is present, each is
+# the name of a class or interface, or ancestor class or interface, of
+# this object.
+#
+# This attribute's syntax is 'Directory String' and its case is
+# significant.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.1.13
+# NAME 'javaClassNames'
+# DESC 'Fully qualified Java class or interface name'
+# EQUALITY caseExactMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+# )
+#
+#
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.13
+ NAME 'javaClassNames'
+ DESC 'Fully qualified Java class or interface name'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+# 3.4 javaSerializedData
+#
+# This attribute stores the serialized form of a Java object. The
+# serialized form is described in [Serial].
+#
+# This attribute's syntax is 'Octet String'.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.1.8
+# NAME 'javaSerializedData
+# DESC 'Serialized form of a Java object'
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+# SINGLE-VALUE
+# )
+#
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.8
+ NAME 'javaSerializedData'
+ DESC 'Serialized form of a Java object'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+ SINGLE-VALUE )
+
+# 3.5 javaFactory
+#
+# This attribute stores the fully qualified class name of the object
+# factory (for example, "com.wiz.jndi.WizObjectFactory") that can be
+# used to create an instance of the object identified by the
+# javaClassName attribute.
+#
+# This attribute's syntax is 'Directory String' and its case is
+# significant.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.1.10
+# NAME 'javaFactory'
+# DESC 'Fully qualified Java class name of a JNDI object factory'
+# EQUALITY caseExactMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+# SINGLE-VALUE
+# )
+#
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.10
+ NAME 'javaFactory'
+ DESC 'Fully qualified Java class name of a JNDI object factory'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+# 3.6 javaReferenceAddress
+#
+# This attribute represents the sequence of addresses of a JNDI
+# reference. Each of its values represents one address, a Java object
+# of type javax.naming.RefAddr. Its value is a concatenation of the
+# address type and address contents, preceded by a sequence number (the
+# order of addresses in a JNDI reference is significant). For example:
+#
+# #0#TypeA#ValA
+# #1#TypeB#ValB
+# #2#TypeC##rO0ABXNyABpq...
+#
+# In more detail, the value is encoded as follows:
+#
+# The delimiter is the first character of the value. For readability
+# the character '#' is recommended when it is not otherwise used
+# anywhere in the value, but any character may be used subject to
+# restrictions given below.
+#
+# The first delimiter is followed by the sequence number. The sequence
+# number of an address is its position in the JNDI reference, with the
+# first address being numbered 0. It is represented by its shortest
+# string form, in decimal notation.
+#
+# The sequence number is followed by a delimiter, then by the address
+# type, and then by another delimiter. If the address is of Java class
+# javax.naming.StringRefAddr, then this delimiter is followed by the
+# value of the address contents (which is a string). Otherwise, this
+# delimiter is followed immediately by another delimiter, and then by
+# the Base64 encoding of the serialized form of the entire address.
+#
+# The delimiter may be any character other than a digit or a character
+# contained in the address type. In addition, if the address contents
+# is a string, the delimiter may not be the first character of that
+# string.
+#
+# This attribute's syntax is 'Directory String' and its case is
+# significant. It can contain multiple values.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.1.11
+# NAME 'javaReferenceAddress'
+# DESC 'Addresses associated with a JNDI Reference'
+# EQUALITY caseExactMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+# )
+#
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.11
+ NAME 'javaReferenceAddress'
+ DESC 'Addresses associated with a JNDI Reference'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+# 3.7 javaDoc
+#
+# This attribute stores a pointer to the Java documentation for the
+# class. It's value is a URL. For example, the following URL points to
+# the specification of the java.lang.String class:
+# http://java.sun.com/products/jdk/1.2/docs/api/java/lang/String.html
+#
+# This attribute's syntax is 'IA5 String' and its case is significant.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.1.12
+# NAME 'javaDoc'
+# DESC 'The Java documentation for the class'
+# EQUALITY caseExactIA5Match
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+# )
+#
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.12
+ NAME 'javaDoc'
+ DESC 'The Java documentation for the class'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+# 4 Object Class Definitions
+#
+# The following object classes are defined in this document:
+#
+# javaContainer
+# javaObject
+# javaSerializedObject
+# javaMarshalledObject
+# javaNamingReference
+#
+# 4.1 javaContainer
+#
+# This structural object class represents a container for a Java
+# object.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.2.1
+# NAME 'javaContainer'
+# DESC 'Container for a Java object'
+# SUP top
+# STRUCTURAL
+# MUST ( cn )
+# )
+#
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.1
+ NAME 'javaContainer'
+ DESC 'Container for a Java object'
+ SUP top
+ STRUCTURAL
+ MUST cn )
+
+# 4.2 javaObject
+#
+# This abstract object class represents a Java object. A javaObject
+# cannot exist in the directory; only auxiliary or structural
+# subclasses of it can exist in the directory.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.2.4
+# NAME 'javaObject'
+# DESC 'Java object representation'
+# SUP top
+# ABSTRACT
+# MUST ( javaClassName )
+# MAY ( javaClassNames $
+# javaCodebase $
+# javaDoc $
+# description )
+# )
+#
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.4
+ NAME 'javaObject'
+ DESC 'Java object representation'
+ SUP top
+ ABSTRACT
+ MUST javaClassName
+ MAY ( javaClassNames $ javaCodebase $
+ javaDoc $ description ) )
+
+# 4.3 javaSerializedObject
+#
+# This auxiliary object class represents a Java serialized object. It
+# must be mixed in with a structural object class.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.2.5
+# NAME 'javaSerializedObject'
+# DESC 'Java serialized object'
+# SUP javaObject
+# AUXILIARY
+# MUST ( javaSerializedData )
+# )
+#
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.5
+ NAME 'javaSerializedObject'
+ DESC 'Java serialized object'
+ SUP javaObject
+ AUXILIARY
+ MUST javaSerializedData )
+
+# 4.4 javaMarshalledObject
+#
+# This auxiliary object class represents a Java marshalled object. It
+# must be mixed in with a structural object class.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.2.8
+# NAME 'javaMarshalledObject'
+# DESC 'Java marshalled object'
+# SUP javaObject
+# AUXILIARY
+# MUST ( javaSerializedData )
+# )
+#
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.8
+ NAME 'javaMarshalledObject'
+ DESC 'Java marshalled object'
+ SUP javaObject
+ AUXILIARY
+ MUST javaSerializedData )
+
+# 4.5 javaNamingReference
+#
+# This auxiliary object class represents a JNDI reference. It must be
+# mixed in with a structural object class.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.2.7
+# NAME 'javaNamingReference'
+# DESC 'JNDI reference'
+# SUP javaObject
+# AUXILIARY
+# MAY ( javaReferenceAddress $
+# javaFactory )
+# )
+#
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.7
+ NAME 'javaNamingReference'
+ DESC 'JNDI reference'
+ SUP javaObject
+ AUXILIARY
+ MAY ( javaReferenceAddress $ javaFactory ) )
+
+# Full Copyright Statement
+#
+# Copyright (C) The Internet Society (1999). All Rights Reserved.
+#
+# This document and translations of it may be copied and furnished to
+# others, and derivative works that comment on or otherwise explain it
+# or assist in its implementation may be prepared, copied, published
+# and distributed, in whole or in part, without restriction of any
+# kind, provided that the above copyright notice and this paragraph are
+# included on all such copies and derivative works. However, this
+# document itself may not be modified in any way, such as by removing
+# the copyright notice or references to the Internet Society or other
+# Internet organizations, except as needed for the purpose of
+# developing Internet standards in which case the procedures for
+# copyrights defined in the Internet Standards process must be
+# followed, or as required to translate it into languages other than
+# English.
+#
+# The limited permissions granted above are perpetual and will not be
+# revoked by the Internet Society or its successors or assigns.
+#
+# This document and the information contained herein is provided on an
+# "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+# TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+# BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
+# HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+# MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
--- /dev/null
+# java.schema -- Java Object Schema
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2011 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+# Java Object Schema (defined in RFC 2713)
+# depends upon core.schema
+#
+
+# Network Working Group V. Ryan
+# Request for Comments: 2713 S. Seligman
+# Category: Informational R. Lee
+# Sun Microsystems, Inc.
+# October 1999
+#
+#
+# Schema for Representing Java(tm) Objects in an LDAP Directory
+#
+# Status of this Memo
+#
+# This memo provides information for the Internet community. It does
+# not specify an Internet standard of any kind. Distribution of this
+# memo is unlimited.
+#
+# Copyright Notice
+#
+# Copyright (C) The Internet Society (1999). All Rights Reserved.
+#
+# Abstract
+#
+# This document defines the schema for representing Java(tm) objects in
+# an LDAP directory [LDAPv3]. It defines schema elements to represent
+# a Java serialized object [Serial], a Java marshalled object [RMI], a
+# Java remote object [RMI], and a JNDI reference [JNDI].
+#
+
+# [trimmed]
+
+# 3 Attribute Type Definitions
+#
+# The following attribute types are defined in this document:
+#
+# javaClassName
+# javaClassNames
+# javaCodebase
+# javaSerializedData
+# javaFactory
+# javaReferenceAddress
+# javaDoc
+#
+# 3.1 javaClassName
+#
+# This attribute stores the fully qualified name of the Java object's
+# "distinguished" class or interface (for example, "java.lang.String").
+# It is a single-valued attribute. This attribute's syntax is '
+# Directory String' and its case is significant.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.1.6
+# NAME 'javaClassName'
+# DESC 'Fully qualified name of distinguished Java class or
+# interface'
+# EQUALITY caseExactMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+# SINGLE-VALUE
+# )
+#
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.6
+ NAME 'javaClassName'
+ DESC 'Fully qualified name of distinguished Java class or interface'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+# 3.2 javaCodebase
+#
+# This attribute stores the Java class definition's locations. It
+# specifies the locations from which to load the class definition for
+# the class specified by the javaClassName attribute. Each value of
+# the attribute contains an ordered list of URLs, separated by spaces.
+# For example, a value of "url1 url2 url3" means that the three
+# (possibly interdependent) URLs (url1, url2, and url3) form the
+# codebase for loading in the Java class definition.
+#
+# If the javaCodebase attribute contains more than one value, each
+# value is an independent codebase. That is, there is no relationship
+# between the URLs in one value and those in another; each value can be
+# viewed as an alternate source for loading the Java class definition.
+# See [Java] for information regarding class loading.
+#
+# This attribute's syntax is 'IA5 String' and its case is significant.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.1.7
+# NAME 'javaCodebase'
+# DESC 'URL(s) specifying the location of class definition'
+# EQUALITY caseExactIA5Match
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+# )
+#
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.7
+ NAME 'javaCodebase'
+ DESC 'URL(s) specifying the location of class definition'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+# 3.3 javaClassNames
+#
+# This attribute stores the Java object's fully qualified class or
+# interface names (for example, "java.lang.String"). It is a
+# multivalued attribute. When more than one value is present, each is
+# the name of a class or interface, or ancestor class or interface, of
+# this object.
+#
+# This attribute's syntax is 'Directory String' and its case is
+# significant.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.1.13
+# NAME 'javaClassNames'
+# DESC 'Fully qualified Java class or interface name'
+# EQUALITY caseExactMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+# )
+#
+#
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.13
+ NAME 'javaClassNames'
+ DESC 'Fully qualified Java class or interface name'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+# 3.4 javaSerializedData
+#
+# This attribute stores the serialized form of a Java object. The
+# serialized form is described in [Serial].
+#
+# This attribute's syntax is 'Octet String'.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.1.8
+# NAME 'javaSerializedData
+# DESC 'Serialized form of a Java object'
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+# SINGLE-VALUE
+# )
+#
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.8
+ NAME 'javaSerializedData'
+ DESC 'Serialized form of a Java object'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+ SINGLE-VALUE )
+
+# 3.5 javaFactory
+#
+# This attribute stores the fully qualified class name of the object
+# factory (for example, "com.wiz.jndi.WizObjectFactory") that can be
+# used to create an instance of the object identified by the
+# javaClassName attribute.
+#
+# This attribute's syntax is 'Directory String' and its case is
+# significant.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.1.10
+# NAME 'javaFactory'
+# DESC 'Fully qualified Java class name of a JNDI object factory'
+# EQUALITY caseExactMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+# SINGLE-VALUE
+# )
+#
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.10
+ NAME 'javaFactory'
+ DESC 'Fully qualified Java class name of a JNDI object factory'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+# 3.6 javaReferenceAddress
+#
+# This attribute represents the sequence of addresses of a JNDI
+# reference. Each of its values represents one address, a Java object
+# of type javax.naming.RefAddr. Its value is a concatenation of the
+# address type and address contents, preceded by a sequence number (the
+# order of addresses in a JNDI reference is significant). For example:
+#
+# #0#TypeA#ValA
+# #1#TypeB#ValB
+# #2#TypeC##rO0ABXNyABpq...
+#
+# In more detail, the value is encoded as follows:
+#
+# The delimiter is the first character of the value. For readability
+# the character '#' is recommended when it is not otherwise used
+# anywhere in the value, but any character may be used subject to
+# restrictions given below.
+#
+# The first delimiter is followed by the sequence number. The sequence
+# number of an address is its position in the JNDI reference, with the
+# first address being numbered 0. It is represented by its shortest
+# string form, in decimal notation.
+#
+# The sequence number is followed by a delimiter, then by the address
+# type, and then by another delimiter. If the address is of Java class
+# javax.naming.StringRefAddr, then this delimiter is followed by the
+# value of the address contents (which is a string). Otherwise, this
+# delimiter is followed immediately by another delimiter, and then by
+# the Base64 encoding of the serialized form of the entire address.
+#
+# The delimiter may be any character other than a digit or a character
+# contained in the address type. In addition, if the address contents
+# is a string, the delimiter may not be the first character of that
+# string.
+#
+# This attribute's syntax is 'Directory String' and its case is
+# significant. It can contain multiple values.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.1.11
+# NAME 'javaReferenceAddress'
+# DESC 'Addresses associated with a JNDI Reference'
+# EQUALITY caseExactMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+# )
+#
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.11
+ NAME 'javaReferenceAddress'
+ DESC 'Addresses associated with a JNDI Reference'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+# 3.7 javaDoc
+#
+# This attribute stores a pointer to the Java documentation for the
+# class. It's value is a URL. For example, the following URL points to
+# the specification of the java.lang.String class:
+# http://java.sun.com/products/jdk/1.2/docs/api/java/lang/String.html
+#
+# This attribute's syntax is 'IA5 String' and its case is significant.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.1.12
+# NAME 'javaDoc'
+# DESC 'The Java documentation for the class'
+# EQUALITY caseExactIA5Match
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+# )
+#
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.12
+ NAME 'javaDoc'
+ DESC 'The Java documentation for the class'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+# 4 Object Class Definitions
+#
+# The following object classes are defined in this document:
+#
+# javaContainer
+# javaObject
+# javaSerializedObject
+# javaMarshalledObject
+# javaNamingReference
+#
+# 4.1 javaContainer
+#
+# This structural object class represents a container for a Java
+# object.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.2.1
+# NAME 'javaContainer'
+# DESC 'Container for a Java object'
+# SUP top
+# STRUCTURAL
+# MUST ( cn )
+# )
+#
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.1
+ NAME 'javaContainer'
+ DESC 'Container for a Java object'
+ SUP top
+ STRUCTURAL
+ MUST cn )
+
+# 4.2 javaObject
+#
+# This abstract object class represents a Java object. A javaObject
+# cannot exist in the directory; only auxiliary or structural
+# subclasses of it can exist in the directory.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.2.4
+# NAME 'javaObject'
+# DESC 'Java object representation'
+# SUP top
+# ABSTRACT
+# MUST ( javaClassName )
+# MAY ( javaClassNames $
+# javaCodebase $
+# javaDoc $
+# description )
+# )
+#
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.4
+ NAME 'javaObject'
+ DESC 'Java object representation'
+ SUP top
+ ABSTRACT
+ MUST javaClassName
+ MAY ( javaClassNames $ javaCodebase $
+ javaDoc $ description ) )
+
+# 4.3 javaSerializedObject
+#
+# This auxiliary object class represents a Java serialized object. It
+# must be mixed in with a structural object class.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.2.5
+# NAME 'javaSerializedObject'
+# DESC 'Java serialized object'
+# SUP javaObject
+# AUXILIARY
+# MUST ( javaSerializedData )
+# )
+#
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.5
+ NAME 'javaSerializedObject'
+ DESC 'Java serialized object'
+ SUP javaObject
+ AUXILIARY
+ MUST javaSerializedData )
+
+# 4.4 javaMarshalledObject
+#
+# This auxiliary object class represents a Java marshalled object. It
+# must be mixed in with a structural object class.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.2.8
+# NAME 'javaMarshalledObject'
+# DESC 'Java marshalled object'
+# SUP javaObject
+# AUXILIARY
+# MUST ( javaSerializedData )
+# )
+#
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.8
+ NAME 'javaMarshalledObject'
+ DESC 'Java marshalled object'
+ SUP javaObject
+ AUXILIARY
+ MUST javaSerializedData )
+
+# 4.5 javaNamingReference
+#
+# This auxiliary object class represents a JNDI reference. It must be
+# mixed in with a structural object class.
+#
+# ( 1.3.6.1.4.1.42.2.27.4.2.7
+# NAME 'javaNamingReference'
+# DESC 'JNDI reference'
+# SUP javaObject
+# AUXILIARY
+# MAY ( javaReferenceAddress $
+# javaFactory )
+# )
+#
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.7
+ NAME 'javaNamingReference'
+ DESC 'JNDI reference'
+ SUP javaObject
+ AUXILIARY
+ MAY ( javaReferenceAddress $ javaFactory ) )
+
+# Full Copyright Statement
+#
+# Copyright (C) The Internet Society (1999). All Rights Reserved.
+#
+# This document and translations of it may be copied and furnished to
+# others, and derivative works that comment on or otherwise explain it
+# or assist in its implementation may be prepared, copied, published
+# and distributed, in whole or in part, without restriction of any
+# kind, provided that the above copyright notice and this paragraph are
+# included on all such copies and derivative works. However, this
+# document itself may not be modified in any way, such as by removing
+# the copyright notice or references to the Internet Society or other
+# Internet organizations, except as needed for the purpose of
+# developing Internet standards in which case the procedures for
+# copyrights defined in the Internet Standards process must be
+# followed, or as required to translate it into languages other than
+# English.
+#
+# The limited permissions granted above are perpetual and will not be
+# revoked by the Internet Society or its successors or assigns.
+#
+# This document and the information contained herein is provided on an
+# "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+# TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+# BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
+# HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+# MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
--- /dev/null
+# misc.schema -- assorted schema definitions
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/misc.schema,v 1.30.2.6 2011/01/04 23:50:52 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2011 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+# Assorted definitions from several sources, including
+# ''works in progress''. Contents of this file are
+# subject to change (including deletion) without notice.
+#
+# Not recommended for production use!
+# Use with extreme caution!
+
+#-----------------------------------------------------------
+# draft-lachman-laser-ldap-mail-routing-02.txt !!!EXPIRED!!!
+# (a work in progress)
+#
+attributetype ( 2.16.840.1.113730.3.1.13
+ NAME 'mailLocalAddress'
+ DESC 'RFC822 email address of this recipient'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+attributetype ( 2.16.840.1.113730.3.1.18
+ NAME 'mailHost'
+ DESC 'FQDN of the SMTP/MTA of this recipient'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
+ SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113730.3.1.47
+ NAME 'mailRoutingAddress'
+ DESC 'RFC822 routing address of this recipient'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
+ SINGLE-VALUE )
+
+# I-D leaves this OID TBD.
+# iPlanet uses 2.16.840.1.113.730.3.2.147 but that is an
+# improperly delegated OID. A typo is likely.
+objectclass ( 2.16.840.1.113730.3.2.147
+ NAME 'inetLocalMailRecipient'
+ DESC 'Internet local mail recipient'
+ SUP top AUXILIARY
+ MAY ( mailLocalAddress $ mailHost $ mailRoutingAddress ) )
+
+#-----------------------------------------------------------
+# draft-srivastava-ldap-mail-00.txt !!!EXPIRED!!!
+# (a work in progress)
+#
+attributetype ( 1.3.6.1.4.1.42.2.27.2.1.15
+ NAME 'rfc822MailMember'
+ DESC 'rfc822 mail address of group member(s)'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+#-----------------------------------------------------------
+# !!!no I-D!!!
+# (a work in progress)
+#
+objectclass ( 1.3.6.1.4.1.42.2.27.1.2.5
+ NAME 'nisMailAlias'
+ DESC 'NIS mail alias'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY rfc822MailMember )
--- /dev/null
+# misc.schema -- assorted schema definitions
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2011 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+# Assorted definitions from several sources, including
+# ''works in progress''. Contents of this file are
+# subject to change (including deletion) without notice.
+#
+# Not recommended for production use!
+# Use with extreme caution!
+
+#-----------------------------------------------------------
+# draft-lachman-laser-ldap-mail-routing-02.txt !!!EXPIRED!!!
+# (a work in progress)
+#
+attributetype ( 2.16.840.1.113730.3.1.13
+ NAME 'mailLocalAddress'
+ DESC 'RFC822 email address of this recipient'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+attributetype ( 2.16.840.1.113730.3.1.18
+ NAME 'mailHost'
+ DESC 'FQDN of the SMTP/MTA of this recipient'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
+ SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113730.3.1.47
+ NAME 'mailRoutingAddress'
+ DESC 'RFC822 routing address of this recipient'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
+ SINGLE-VALUE )
+
+# I-D leaves this OID TBD.
+# iPlanet uses 2.16.840.1.113.730.3.2.147 but that is an
+# improperly delegated OID. A typo is likely.
+objectclass ( 2.16.840.1.113730.3.2.147
+ NAME 'inetLocalMailRecipient'
+ DESC 'Internet local mail recipient'
+ SUP top AUXILIARY
+ MAY ( mailLocalAddress $ mailHost $ mailRoutingAddress ) )
+
+#-----------------------------------------------------------
+# draft-srivastava-ldap-mail-00.txt !!!EXPIRED!!!
+# (a work in progress)
+#
+attributetype ( 1.3.6.1.4.1.42.2.27.2.1.15
+ NAME 'rfc822MailMember'
+ DESC 'rfc822 mail address of group member(s)'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+#-----------------------------------------------------------
+# !!!no I-D!!!
+# (a work in progress)
+#
+objectclass ( 1.3.6.1.4.1.42.2.27.1.2.5
+ NAME 'nisMailAlias'
+ DESC 'NIS mail alias'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY rfc822MailMember )
--- /dev/null
+# NIS (RFC2307)
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/nis.ldif,v 1.1.2.6 2011/01/04 23:50:52 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2011 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+# Definitions from RFC2307 (Experimental)
+# An Approach for Using LDAP as a Network Information Service
+#
+# Depends upon core.ldif and cosine.ldif
+#
+# This file was automatically generated from nis.schema; see that file
+# for complete references.
+#
+dn: cn=nis,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: nis
+olcAttributeTypes: ( 1.3.6.1.1.1.1.2 NAME 'gecos' DESC 'The GECOS field; th
+ e common name' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatc
+ h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory' DESC 'The absolut
+ e path to the home directory' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1
+ 466.115.121.1.26 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.4 NAME 'loginShell' DESC 'The path to th
+ e login shell' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.2
+ 6 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' EQUALITY integ
+ erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.6 NAME 'shadowMin' EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.7 NAME 'shadowMax' EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning' EQUALITY integerM
+ atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive' EQUALITY integer
+ Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire' EQUALITY integerM
+ atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag' EQUALITY integerMat
+ ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.12 NAME 'memberUid' EQUALITY caseExactI
+ A5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.
+ 26 )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup' EQUALITY ca
+ seExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.11
+ 5.121.1.26 )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' DESC 'Netgr
+ oup triple' SYNTAX 1.3.6.1.1.1.0.0 )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort' EQUALITY intege
+ rMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol' SUP name )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber' EQUALITY int
+ egerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber' EQUALITY integer
+ Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber' DESC 'IP address
+ ' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber' DESC 'IP netw
+ ork' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SI
+ NGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber' DESC 'IP netm
+ ask' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SI
+ NGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.22 NAME 'macAddress' DESC 'MAC address'
+ EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.23 NAME 'bootParameter' DESC 'rpc.bootp
+ aramd parameter' SYNTAX 1.3.6.1.1.1.0.1 )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.24 NAME 'bootFile' DESC 'Boot image nam
+ e' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.26 NAME 'nisMapName' SUP name )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry' EQUALITY caseExac
+ tIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.
+ 1.26{1024} SINGLE-VALUE )
+olcObjectClasses: ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' DESC 'Abstraction o
+ f an account with POSIX attributes' SUP top AUXILIARY MUST ( cn $ uid $ uidNu
+ mber $ gidNumber $ homeDirectory ) MAY ( userPassword $ loginShell $ gecos $
+ description ) )
+olcObjectClasses: ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' DESC 'Additional a
+ ttributes for shadow passwords' SUP top AUXILIARY MUST uid MAY ( userPassword
+ $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive
+ $ shadowExpire $ shadowFlag $ description ) )
+olcObjectClasses: ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' DESC 'Abstraction of
+ a group of accounts' SUP top STRUCTURAL MUST ( cn $ gidNumber ) MAY ( userPas
+ sword $ memberUid $ description ) )
+olcObjectClasses: ( 1.3.6.1.1.1.2.3 NAME 'ipService' DESC 'Abstraction an I
+ nternet Protocol service' SUP top STRUCTURAL MUST ( cn $ ipServicePort $ ipSe
+ rviceProtocol ) MAY description )
+olcObjectClasses: ( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' DESC 'Abstraction of
+ an IP protocol' SUP top STRUCTURAL MUST ( cn $ ipProtocolNumber $ description
+ ) MAY description )
+olcObjectClasses: ( 1.3.6.1.1.1.2.5 NAME 'oncRpc' DESC 'Abstraction of an O
+ NC/RPC binding' SUP top STRUCTURAL MUST ( cn $ oncRpcNumber $ description ) M
+ AY description )
+olcObjectClasses: ( 1.3.6.1.1.1.2.6 NAME 'ipHost' DESC 'Abstraction of a ho
+ st, an IP device' SUP top AUXILIARY MUST ( cn $ ipHostNumber ) MAY ( l $ desc
+ ription $ manager ) )
+olcObjectClasses: ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' DESC 'Abstraction of a
+ n IP network' SUP top STRUCTURAL MUST ( cn $ ipNetworkNumber ) MAY ( ipNetmas
+ kNumber $ l $ description $ manager ) )
+olcObjectClasses: ( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' DESC 'Abstraction of
+ a netgroup' SUP top STRUCTURAL MUST cn MAY ( nisNetgroupTriple $ memberNisNe
+ tgroup $ description ) )
+olcObjectClasses: ( 1.3.6.1.1.1.2.9 NAME 'nisMap' DESC 'A generic abstracti
+ on of a NIS map' SUP top STRUCTURAL MUST nisMapName MAY description )
+olcObjectClasses: ( 1.3.6.1.1.1.2.10 NAME 'nisObject' DESC 'An entry in a
+ NIS map' SUP top STRUCTURAL MUST ( cn $ nisMapEntry $ nisMapName ) MAY descri
+ ption )
+olcObjectClasses: ( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' DESC 'A device w
+ ith a MAC address' SUP top AUXILIARY MAY macAddress )
+olcObjectClasses: ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' DESC 'A device
+ with boot parameters' SUP top AUXILIARY MAY ( bootFile $ bootParameter ) )
--- /dev/null
+# NIS (RFC2307)
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2011 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+# Definitions from RFC2307 (Experimental)
+# An Approach for Using LDAP as a Network Information Service
+#
+# Depends upon core.ldif and cosine.ldif
+#
+# This file was automatically generated from nis.schema; see that file
+# for complete references.
+#
+dn: cn=nis,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: nis
+olcAttributeTypes: ( 1.3.6.1.1.1.1.2 NAME 'gecos' DESC 'The GECOS field; th
+ e common name' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatc
+ h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory' DESC 'The absolut
+ e path to the home directory' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1
+ 466.115.121.1.26 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.4 NAME 'loginShell' DESC 'The path to th
+ e login shell' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.2
+ 6 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' EQUALITY integ
+ erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.6 NAME 'shadowMin' EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.7 NAME 'shadowMax' EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning' EQUALITY integerM
+ atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive' EQUALITY integer
+ Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire' EQUALITY integerM
+ atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag' EQUALITY integerMat
+ ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.12 NAME 'memberUid' EQUALITY caseExactI
+ A5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.
+ 26 )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup' EQUALITY ca
+ seExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.11
+ 5.121.1.26 )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' DESC 'Netgr
+ oup triple' SYNTAX 1.3.6.1.1.1.0.0 )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort' EQUALITY intege
+ rMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol' SUP name )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber' EQUALITY int
+ egerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber' EQUALITY integer
+ Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber' DESC 'IP address
+ ' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber' DESC 'IP netw
+ ork' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SI
+ NGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber' DESC 'IP netm
+ ask' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SI
+ NGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.22 NAME 'macAddress' DESC 'MAC address'
+ EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.23 NAME 'bootParameter' DESC 'rpc.bootp
+ aramd parameter' SYNTAX 1.3.6.1.1.1.0.1 )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.24 NAME 'bootFile' DESC 'Boot image nam
+ e' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.26 NAME 'nisMapName' SUP name )
+olcAttributeTypes: ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry' EQUALITY caseExac
+ tIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.
+ 1.26{1024} SINGLE-VALUE )
+olcObjectClasses: ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' DESC 'Abstraction o
+ f an account with POSIX attributes' SUP top AUXILIARY MUST ( cn $ uid $ uidNu
+ mber $ gidNumber $ homeDirectory ) MAY ( userPassword $ loginShell $ gecos $
+ description ) )
+olcObjectClasses: ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' DESC 'Additional a
+ ttributes for shadow passwords' SUP top AUXILIARY MUST uid MAY ( userPassword
+ $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive
+ $ shadowExpire $ shadowFlag $ description ) )
+olcObjectClasses: ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' DESC 'Abstraction of
+ a group of accounts' SUP top STRUCTURAL MUST ( cn $ gidNumber ) MAY ( userPas
+ sword $ memberUid $ description ) )
+olcObjectClasses: ( 1.3.6.1.1.1.2.3 NAME 'ipService' DESC 'Abstraction an I
+ nternet Protocol service' SUP top STRUCTURAL MUST ( cn $ ipServicePort $ ipSe
+ rviceProtocol ) MAY description )
+olcObjectClasses: ( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' DESC 'Abstraction of
+ an IP protocol' SUP top STRUCTURAL MUST ( cn $ ipProtocolNumber $ description
+ ) MAY description )
+olcObjectClasses: ( 1.3.6.1.1.1.2.5 NAME 'oncRpc' DESC 'Abstraction of an O
+ NC/RPC binding' SUP top STRUCTURAL MUST ( cn $ oncRpcNumber $ description ) M
+ AY description )
+olcObjectClasses: ( 1.3.6.1.1.1.2.6 NAME 'ipHost' DESC 'Abstraction of a ho
+ st, an IP device' SUP top AUXILIARY MUST ( cn $ ipHostNumber ) MAY ( l $ desc
+ ription $ manager ) )
+olcObjectClasses: ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' DESC 'Abstraction of a
+ n IP network' SUP top STRUCTURAL MUST ( cn $ ipNetworkNumber ) MAY ( ipNetmas
+ kNumber $ l $ description $ manager ) )
+olcObjectClasses: ( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' DESC 'Abstraction of
+ a netgroup' SUP top STRUCTURAL MUST cn MAY ( nisNetgroupTriple $ memberNisNe
+ tgroup $ description ) )
+olcObjectClasses: ( 1.3.6.1.1.1.2.9 NAME 'nisMap' DESC 'A generic abstracti
+ on of a NIS map' SUP top STRUCTURAL MUST nisMapName MAY description )
+olcObjectClasses: ( 1.3.6.1.1.1.2.10 NAME 'nisObject' DESC 'An entry in a
+ NIS map' SUP top STRUCTURAL MUST ( cn $ nisMapEntry $ nisMapName ) MAY descri
+ ption )
+olcObjectClasses: ( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' DESC 'A device w
+ ith a MAC address' SUP top AUXILIARY MAY macAddress )
+olcObjectClasses: ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' DESC 'A device
+ with boot parameters' SUP top AUXILIARY MAY ( bootFile $ bootParameter ) )
--- /dev/null
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/nis.schema,v 1.15.2.6 2011/01/04 23:50:52 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2011 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+# Definitions from RFC2307 (Experimental)
+# An Approach for Using LDAP as a Network Information Service
+
+# Depends upon core.schema and cosine.schema
+
+# Note: The definitions in RFC2307 are given in syntaxes closely related
+# to those in RFC2252, however, some liberties are taken that are not
+# supported by RFC2252. This file has been written following RFC2252
+# strictly.
+
+# OID Base is iso(1) org(3) dod(6) internet(1) directory(1) nisSchema(1).
+# i.e. nisSchema in RFC2307 is 1.3.6.1.1.1
+#
+# Syntaxes are under 1.3.6.1.1.1.0 (two new syntaxes are defined)
+# validaters for these syntaxes are incomplete, they only
+# implement printable string validation (which is good as the
+# common use of these syntaxes violates the specification).
+# Attribute types are under 1.3.6.1.1.1.1
+# Object classes are under 1.3.6.1.1.1.2
+
+# Attribute Type Definitions
+
+# builtin
+#attributetype ( 1.3.6.1.1.1.1.0 NAME 'uidNumber'
+# DESC 'An integer uniquely identifying a user in an administrative domain'
+# EQUALITY integerMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+# builtin
+#attributetype ( 1.3.6.1.1.1.1.1 NAME 'gidNumber'
+# DESC 'An integer uniquely identifying a group in an administrative domain'
+# EQUALITY integerMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.2 NAME 'gecos'
+ DESC 'The GECOS field; the common name'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory'
+ DESC 'The absolute path to the home directory'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.4 NAME 'loginShell'
+ DESC 'The path to the login shell'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.6 NAME 'shadowMin'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.7 NAME 'shadowMax'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.12 NAME 'memberUid'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple'
+ DESC 'Netgroup triple'
+ SYNTAX 1.3.6.1.1.1.0.0 )
+
+attributetype ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol'
+ SUP name )
+
+attributetype ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber'
+ DESC 'IP address'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
+
+attributetype ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber'
+ DESC 'IP network'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber'
+ DESC 'IP netmask'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.22 NAME 'macAddress'
+ DESC 'MAC address'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
+
+attributetype ( 1.3.6.1.1.1.1.23 NAME 'bootParameter'
+ DESC 'rpc.bootparamd parameter'
+ SYNTAX 1.3.6.1.1.1.0.1 )
+
+attributetype ( 1.3.6.1.1.1.1.24 NAME 'bootFile'
+ DESC 'Boot image name'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.1.1.1.26 NAME 'nisMapName'
+ SUP name )
+
+attributetype ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1024} SINGLE-VALUE )
+
+# Object Class Definitions
+
+objectclass ( 1.3.6.1.1.1.2.0 NAME 'posixAccount'
+ DESC 'Abstraction of an account with POSIX attributes'
+ SUP top AUXILIARY
+ MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory )
+ MAY ( userPassword $ loginShell $ gecos $ description ) )
+
+objectclass ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount'
+ DESC 'Additional attributes for shadow passwords'
+ SUP top AUXILIARY
+ MUST uid
+ MAY ( userPassword $ shadowLastChange $ shadowMin $
+ shadowMax $ shadowWarning $ shadowInactive $
+ shadowExpire $ shadowFlag $ description ) )
+
+objectclass ( 1.3.6.1.1.1.2.2 NAME 'posixGroup'
+ DESC 'Abstraction of a group of accounts'
+ SUP top STRUCTURAL
+ MUST ( cn $ gidNumber )
+ MAY ( userPassword $ memberUid $ description ) )
+
+objectclass ( 1.3.6.1.1.1.2.3 NAME 'ipService'
+ DESC 'Abstraction an Internet Protocol service'
+ SUP top STRUCTURAL
+ MUST ( cn $ ipServicePort $ ipServiceProtocol )
+ MAY ( description ) )
+
+objectclass ( 1.3.6.1.1.1.2.4 NAME 'ipProtocol'
+ DESC 'Abstraction of an IP protocol'
+ SUP top STRUCTURAL
+ MUST ( cn $ ipProtocolNumber $ description )
+ MAY description )
+
+objectclass ( 1.3.6.1.1.1.2.5 NAME 'oncRpc'
+ DESC 'Abstraction of an ONC/RPC binding'
+ SUP top STRUCTURAL
+ MUST ( cn $ oncRpcNumber $ description )
+ MAY description )
+
+objectclass ( 1.3.6.1.1.1.2.6 NAME 'ipHost'
+ DESC 'Abstraction of a host, an IP device'
+ SUP top AUXILIARY
+ MUST ( cn $ ipHostNumber )
+ MAY ( l $ description $ manager ) )
+
+objectclass ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork'
+ DESC 'Abstraction of an IP network'
+ SUP top STRUCTURAL
+ MUST ( cn $ ipNetworkNumber )
+ MAY ( ipNetmaskNumber $ l $ description $ manager ) )
+
+objectclass ( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup'
+ DESC 'Abstraction of a netgroup'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( nisNetgroupTriple $ memberNisNetgroup $ description ) )
+
+objectclass ( 1.3.6.1.1.1.2.9 NAME 'nisMap'
+ DESC 'A generic abstraction of a NIS map'
+ SUP top STRUCTURAL
+ MUST nisMapName
+ MAY description )
+
+objectclass ( 1.3.6.1.1.1.2.10 NAME 'nisObject'
+ DESC 'An entry in a NIS map'
+ SUP top STRUCTURAL
+ MUST ( cn $ nisMapEntry $ nisMapName )
+ MAY description )
+
+objectclass ( 1.3.6.1.1.1.2.11 NAME 'ieee802Device'
+ DESC 'A device with a MAC address'
+ SUP top AUXILIARY
+ MAY macAddress )
+
+objectclass ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice'
+ DESC 'A device with boot parameters'
+ SUP top AUXILIARY
+ MAY ( bootFile $ bootParameter ) )
--- /dev/null
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2011 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+# Definitions from RFC2307 (Experimental)
+# An Approach for Using LDAP as a Network Information Service
+
+# Depends upon core.schema and cosine.schema
+
+# Note: The definitions in RFC2307 are given in syntaxes closely related
+# to those in RFC2252, however, some liberties are taken that are not
+# supported by RFC2252. This file has been written following RFC2252
+# strictly.
+
+# OID Base is iso(1) org(3) dod(6) internet(1) directory(1) nisSchema(1).
+# i.e. nisSchema in RFC2307 is 1.3.6.1.1.1
+#
+# Syntaxes are under 1.3.6.1.1.1.0 (two new syntaxes are defined)
+# validaters for these syntaxes are incomplete, they only
+# implement printable string validation (which is good as the
+# common use of these syntaxes violates the specification).
+# Attribute types are under 1.3.6.1.1.1.1
+# Object classes are under 1.3.6.1.1.1.2
+
+# Attribute Type Definitions
+
+# builtin
+#attributetype ( 1.3.6.1.1.1.1.0 NAME 'uidNumber'
+# DESC 'An integer uniquely identifying a user in an administrative domain'
+# EQUALITY integerMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+# builtin
+#attributetype ( 1.3.6.1.1.1.1.1 NAME 'gidNumber'
+# DESC 'An integer uniquely identifying a group in an administrative domain'
+# EQUALITY integerMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.2 NAME 'gecos'
+ DESC 'The GECOS field; the common name'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory'
+ DESC 'The absolute path to the home directory'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.4 NAME 'loginShell'
+ DESC 'The path to the login shell'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.6 NAME 'shadowMin'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.7 NAME 'shadowMax'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.12 NAME 'memberUid'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple'
+ DESC 'Netgroup triple'
+ SYNTAX 1.3.6.1.1.1.0.0 )
+
+attributetype ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol'
+ SUP name )
+
+attributetype ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber'
+ DESC 'IP address'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
+
+attributetype ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber'
+ DESC 'IP network'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber'
+ DESC 'IP netmask'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.22 NAME 'macAddress'
+ DESC 'MAC address'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
+
+attributetype ( 1.3.6.1.1.1.1.23 NAME 'bootParameter'
+ DESC 'rpc.bootparamd parameter'
+ SYNTAX 1.3.6.1.1.1.0.1 )
+
+attributetype ( 1.3.6.1.1.1.1.24 NAME 'bootFile'
+ DESC 'Boot image name'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.1.1.1.26 NAME 'nisMapName'
+ SUP name )
+
+attributetype ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1024} SINGLE-VALUE )
+
+# Object Class Definitions
+
+objectclass ( 1.3.6.1.1.1.2.0 NAME 'posixAccount'
+ DESC 'Abstraction of an account with POSIX attributes'
+ SUP top AUXILIARY
+ MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory )
+ MAY ( userPassword $ loginShell $ gecos $ description ) )
+
+objectclass ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount'
+ DESC 'Additional attributes for shadow passwords'
+ SUP top AUXILIARY
+ MUST uid
+ MAY ( userPassword $ shadowLastChange $ shadowMin $
+ shadowMax $ shadowWarning $ shadowInactive $
+ shadowExpire $ shadowFlag $ description ) )
+
+objectclass ( 1.3.6.1.1.1.2.2 NAME 'posixGroup'
+ DESC 'Abstraction of a group of accounts'
+ SUP top STRUCTURAL
+ MUST ( cn $ gidNumber )
+ MAY ( userPassword $ memberUid $ description ) )
+
+objectclass ( 1.3.6.1.1.1.2.3 NAME 'ipService'
+ DESC 'Abstraction an Internet Protocol service'
+ SUP top STRUCTURAL
+ MUST ( cn $ ipServicePort $ ipServiceProtocol )
+ MAY ( description ) )
+
+objectclass ( 1.3.6.1.1.1.2.4 NAME 'ipProtocol'
+ DESC 'Abstraction of an IP protocol'
+ SUP top STRUCTURAL
+ MUST ( cn $ ipProtocolNumber $ description )
+ MAY description )
+
+objectclass ( 1.3.6.1.1.1.2.5 NAME 'oncRpc'
+ DESC 'Abstraction of an ONC/RPC binding'
+ SUP top STRUCTURAL
+ MUST ( cn $ oncRpcNumber $ description )
+ MAY description )
+
+objectclass ( 1.3.6.1.1.1.2.6 NAME 'ipHost'
+ DESC 'Abstraction of a host, an IP device'
+ SUP top AUXILIARY
+ MUST ( cn $ ipHostNumber )
+ MAY ( l $ description $ manager ) )
+
+objectclass ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork'
+ DESC 'Abstraction of an IP network'
+ SUP top STRUCTURAL
+ MUST ( cn $ ipNetworkNumber )
+ MAY ( ipNetmaskNumber $ l $ description $ manager ) )
+
+objectclass ( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup'
+ DESC 'Abstraction of a netgroup'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( nisNetgroupTriple $ memberNisNetgroup $ description ) )
+
+objectclass ( 1.3.6.1.1.1.2.9 NAME 'nisMap'
+ DESC 'A generic abstraction of a NIS map'
+ SUP top STRUCTURAL
+ MUST nisMapName
+ MAY description )
+
+objectclass ( 1.3.6.1.1.1.2.10 NAME 'nisObject'
+ DESC 'An entry in a NIS map'
+ SUP top STRUCTURAL
+ MUST ( cn $ nisMapEntry $ nisMapName )
+ MAY description )
+
+objectclass ( 1.3.6.1.1.1.2.11 NAME 'ieee802Device'
+ DESC 'A device with a MAC address'
+ SUP top AUXILIARY
+ MAY macAddress )
+
+objectclass ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice'
+ DESC 'A device with boot parameters'
+ SUP top AUXILIARY
+ MAY ( bootFile $ bootParameter ) )
--- /dev/null
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/openldap.ldif,v 1.2.2.7 2011/01/04 23:50:52 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2011 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+#
+# OpenLDAP Project's directory schema items
+#
+# depends upon:
+# core.schema
+# cosine.schema
+# inetorgperson.schema
+#
+# These are provided for informational purposes only.
+#
+# This openldap.ldif file is provided as a demonstration of how to
+# convert a *.schema file into *.ldif format. The key points:
+# In LDIF, a blank line terminates an entry. Blank lines in a *.schema
+# file should be replaced with a single '#' to turn them into
+# comments, or they should just be removed.
+# In addition to the actual schema directives, the file needs a small
+# header to make it a valid LDAP entry. This header must provide the
+# dn of the entry, the objectClass, and the cn, as shown here:
+#
+dn: cn=openldap,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: openldap
+#
+# The schema directives need to be changed to LDAP Attributes.
+# First a basic string substitution can be done on each of the keywords:
+# objectIdentifier -> olcObjectIdentifier:
+# objectClass -> olcObjectClasses:
+# attributeType -> olcAttributeTypes:
+# Then leading whitespace must be fixed. The slapd.conf format allows
+# tabs or spaces to denote line continuation, while LDIF only allows
+# the space character.
+# Also slapd.conf preserves the continuation character, while LDIF strips
+# it out. So a single TAB/SPACE in slapd.conf must be replaced with
+# two SPACEs in LDIF, otherwise the continued text may get joined as
+# a single word.
+# The directives must be listed in a proper sequence:
+# All olcObjectIdentifiers must be first, so they may be referenced by
+# any following definitions.
+# All olcAttributeTypes must be next, so they may be referenced by any
+# following objectClass definitions.
+# All olcObjectClasses must be after the olcAttributeTypes.
+# And of course, any superior must occur before anything that inherits
+# from it.
+#
+olcObjectIdentifier: OpenLDAProot 1.3.6.1.4.1.4203
+#
+olcObjectIdentifier: OpenLDAP OpenLDAProot:1
+olcObjectIdentifier: OpenLDAPattributeType OpenLDAP:3
+olcObjectIdentifier: OpenLDAPobjectClass OpenLDAP:4
+#
+olcObjectClasses: ( OpenLDAPobjectClass:3
+ NAME 'OpenLDAPorg'
+ DESC 'OpenLDAP Organizational Object'
+ SUP organization
+ MAY ( buildingName $ displayName $ labeledURI ) )
+#
+olcObjectClasses: ( OpenLDAPobjectClass:4
+ NAME 'OpenLDAPou'
+ DESC 'OpenLDAP Organizational Unit Object'
+ SUP organizationalUnit
+ MAY ( buildingName $ displayName $ labeledURI $ o ) )
+#
+olcObjectClasses: ( OpenLDAPobjectClass:5
+ NAME 'OpenLDAPperson'
+ DESC 'OpenLDAP Person'
+ SUP ( pilotPerson $ inetOrgPerson )
+ MUST ( uid $ cn )
+ MAY ( givenName $ labeledURI $ o ) )
+#
+olcObjectClasses: ( OpenLDAPobjectClass:6
+ NAME 'OpenLDAPdisplayableObject'
+ DESC 'OpenLDAP Displayable Object'
+ AUXILIARY
+ MAY displayName )
--- /dev/null
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2011 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+#
+# OpenLDAP Project's directory schema items
+#
+# depends upon:
+# core.schema
+# cosine.schema
+# inetorgperson.schema
+#
+# These are provided for informational purposes only.
+#
+# This openldap.ldif file is provided as a demonstration of how to
+# convert a *.schema file into *.ldif format. The key points:
+# In LDIF, a blank line terminates an entry. Blank lines in a *.schema
+# file should be replaced with a single '#' to turn them into
+# comments, or they should just be removed.
+# In addition to the actual schema directives, the file needs a small
+# header to make it a valid LDAP entry. This header must provide the
+# dn of the entry, the objectClass, and the cn, as shown here:
+#
+dn: cn=openldap,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: openldap
+#
+# The schema directives need to be changed to LDAP Attributes.
+# First a basic string substitution can be done on each of the keywords:
+# objectIdentifier -> olcObjectIdentifier:
+# objectClass -> olcObjectClasses:
+# attributeType -> olcAttributeTypes:
+# Then leading whitespace must be fixed. The slapd.conf format allows
+# tabs or spaces to denote line continuation, while LDIF only allows
+# the space character.
+# Also slapd.conf preserves the continuation character, while LDIF strips
+# it out. So a single TAB/SPACE in slapd.conf must be replaced with
+# two SPACEs in LDIF, otherwise the continued text may get joined as
+# a single word.
+# The directives must be listed in a proper sequence:
+# All olcObjectIdentifiers must be first, so they may be referenced by
+# any following definitions.
+# All olcAttributeTypes must be next, so they may be referenced by any
+# following objectClass definitions.
+# All olcObjectClasses must be after the olcAttributeTypes.
+# And of course, any superior must occur before anything that inherits
+# from it.
+#
+olcObjectIdentifier: OpenLDAProot 1.3.6.1.4.1.4203
+#
+olcObjectIdentifier: OpenLDAP OpenLDAProot:1
+olcObjectIdentifier: OpenLDAPattributeType OpenLDAP:3
+olcObjectIdentifier: OpenLDAPobjectClass OpenLDAP:4
+#
+olcObjectClasses: ( OpenLDAPobjectClass:3
+ NAME 'OpenLDAPorg'
+ DESC 'OpenLDAP Organizational Object'
+ SUP organization
+ MAY ( buildingName $ displayName $ labeledURI ) )
+#
+olcObjectClasses: ( OpenLDAPobjectClass:4
+ NAME 'OpenLDAPou'
+ DESC 'OpenLDAP Organizational Unit Object'
+ SUP organizationalUnit
+ MAY ( buildingName $ displayName $ labeledURI $ o ) )
+#
+olcObjectClasses: ( OpenLDAPobjectClass:5
+ NAME 'OpenLDAPperson'
+ DESC 'OpenLDAP Person'
+ SUP ( pilotPerson $ inetOrgPerson )
+ MUST ( uid $ cn )
+ MAY ( givenName $ labeledURI $ o ) )
+#
+olcObjectClasses: ( OpenLDAPobjectClass:6
+ NAME 'OpenLDAPdisplayableObject'
+ DESC 'OpenLDAP Displayable Object'
+ AUXILIARY
+ MAY displayName )
--- /dev/null
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/openldap.schema,v 1.24.2.7 2011/01/04 23:50:52 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2011 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+#
+# OpenLDAP Project's directory schema items
+#
+# depends upon:
+# core.schema
+# cosine.schema
+# inetorgperson.schema
+#
+# These are provided for informational purposes only.
+
+objectIdentifier OpenLDAProot 1.3.6.1.4.1.4203
+
+objectIdentifier OpenLDAP OpenLDAProot:1
+objectIdentifier OpenLDAPattributeType OpenLDAP:3
+objectIdentifier OpenLDAPobjectClass OpenLDAP:4
+
+objectClass ( OpenLDAPobjectClass:3
+ NAME 'OpenLDAPorg'
+ DESC 'OpenLDAP Organizational Object'
+ SUP organization
+ MAY ( buildingName $ displayName $ labeledURI ) )
+
+objectClass ( OpenLDAPobjectClass:4
+ NAME 'OpenLDAPou'
+ DESC 'OpenLDAP Organizational Unit Object'
+ SUP organizationalUnit
+ MAY ( buildingName $ displayName $ labeledURI $ o ) )
+
+objectClass ( OpenLDAPobjectClass:5
+ NAME 'OpenLDAPperson'
+ DESC 'OpenLDAP Person'
+ SUP ( pilotPerson $ inetOrgPerson )
+ MUST ( uid $ cn )
+ MAY ( givenName $ labeledURI $ o ) )
+
+objectClass ( OpenLDAPobjectClass:6
+ NAME 'OpenLDAPdisplayableObject'
+ DESC 'OpenLDAP Displayable Object'
+ AUXILIARY
+ MAY displayName )
--- /dev/null
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2011 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+#
+# OpenLDAP Project's directory schema items
+#
+# depends upon:
+# core.schema
+# cosine.schema
+# inetorgperson.schema
+#
+# These are provided for informational purposes only.
+
+objectIdentifier OpenLDAProot 1.3.6.1.4.1.4203
+
+objectIdentifier OpenLDAP OpenLDAProot:1
+objectIdentifier OpenLDAPattributeType OpenLDAP:3
+objectIdentifier OpenLDAPobjectClass OpenLDAP:4
+
+objectClass ( OpenLDAPobjectClass:3
+ NAME 'OpenLDAPorg'
+ DESC 'OpenLDAP Organizational Object'
+ SUP organization
+ MAY ( buildingName $ displayName $ labeledURI ) )
+
+objectClass ( OpenLDAPobjectClass:4
+ NAME 'OpenLDAPou'
+ DESC 'OpenLDAP Organizational Unit Object'
+ SUP organizationalUnit
+ MAY ( buildingName $ displayName $ labeledURI $ o ) )
+
+objectClass ( OpenLDAPobjectClass:5
+ NAME 'OpenLDAPperson'
+ DESC 'OpenLDAP Person'
+ SUP ( pilotPerson $ inetOrgPerson )
+ MUST ( uid $ cn )
+ MAY ( givenName $ labeledURI $ o ) )
+
+objectClass ( OpenLDAPobjectClass:6
+ NAME 'OpenLDAPdisplayableObject'
+ DESC 'OpenLDAP Displayable Object'
+ AUXILIARY
+ MAY displayName )
--- /dev/null
+# OpenLDAP X.509 PMI schema
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/pmi.schema,v 1.1.2.4 2011/01/04 23:50:52 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2011 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+## Portions Copyright (C) The Internet Society (1997-2006).
+## All Rights Reserved.
+##
+## This document and translations of it may be copied and furnished to
+## others, and derivative works that comment on or otherwise explain it
+## or assist in its implementation may be prepared, copied, published
+## and distributed, in whole or in part, without restriction of any
+## kind, provided that the above copyright notice and this paragraph are
+## included on all such copies and derivative works. However, this
+## document itself may not be modified in any way, such as by removing
+## the copyright notice or references to the Internet Society or other
+## Internet organizations, except as needed for the purpose of
+## developing Internet standards in which case the procedures for
+## copyrights defined in the Internet Standards process must be
+## followed, or as required to translate it into languages other than
+## English.
+##
+## The limited permissions granted above are perpetual and will not be
+## revoked by the Internet Society or its successors or assigns.
+##
+## This document and the information contained herein is provided on an
+## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
+## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+#
+#
+# Includes LDAPv3 schema items from:
+# ITU X.509 (08/2005)
+#
+## X.509 (08/2005) pp. 120-121
+##
+## -- object identifier assignments --
+## -- object classes --
+## id-oc-pmiUser OBJECT IDENTIFIER ::= {id-oc 24}
+## id-oc-pmiAA OBJECT IDENTIFIER ::= {id-oc 25}
+## id-oc-pmiSOA OBJECT IDENTIFIER ::= {id-oc 26}
+## id-oc-attCertCRLDistributionPts OBJECT IDENTIFIER ::= {id-oc 27}
+## id-oc-privilegePolicy OBJECT IDENTIFIER ::= {id-oc 32}
+## id-oc-pmiDelegationPath OBJECT IDENTIFIER ::= {id-oc 33}
+## id-oc-protectedPrivilegePolicy OBJECT IDENTIFIER ::= {id-oc 34}
+## -- directory attributes --
+## id-at-attributeCertificate OBJECT IDENTIFIER ::= {id-at 58}
+## id-at-attributeCertificateRevocationList OBJECT IDENTIFIER ::= {id-at 59}
+## id-at-aACertificate OBJECT IDENTIFIER ::= {id-at 61}
+## id-at-attributeDescriptorCertificate OBJECT IDENTIFIER ::= {id-at 62}
+## id-at-attributeAuthorityRevocationList OBJECT IDENTIFIER ::= {id-at 63}
+## id-at-privPolicy OBJECT IDENTIFIER ::= {id-at 71}
+## id-at-role OBJECT IDENTIFIER ::= {id-at 72}
+## id-at-delegationPath OBJECT IDENTIFIER ::= {id-at 73}
+## id-at-protPrivPolicy OBJECT IDENTIFIER ::= {id-at 74}
+## id-at-xMLPrivilegeInfo OBJECT IDENTIFIER ::= {id-at 75}
+## id-at-xMLPprotPrivPolicy OBJECT IDENTIFIER ::= {id-at 76}
+## -- attribute certificate extensions --
+## id-ce-authorityAttributeIdentifier OBJECT IDENTIFIER ::= {id-ce 38}
+## id-ce-roleSpecCertIdentifier OBJECT IDENTIFIER ::= {id-ce 39}
+## id-ce-basicAttConstraints OBJECT IDENTIFIER ::= {id-ce 41}
+## id-ce-delegatedNameConstraints OBJECT IDENTIFIER ::= {id-ce 42}
+## id-ce-timeSpecification OBJECT IDENTIFIER ::= {id-ce 43}
+## id-ce-attributeDescriptor OBJECT IDENTIFIER ::= {id-ce 48}
+## id-ce-userNotice OBJECT IDENTIFIER ::= {id-ce 49}
+## id-ce-sOAIdentifier OBJECT IDENTIFIER ::= {id-ce 50}
+## id-ce-acceptableCertPolicies OBJECT IDENTIFIER ::= {id-ce 52}
+## id-ce-targetInformation OBJECT IDENTIFIER ::= {id-ce 55}
+## id-ce-noRevAvail OBJECT IDENTIFIER ::= {id-ce 56}
+## id-ce-acceptablePrivilegePolicies OBJECT IDENTIFIER ::= {id-ce 57}
+## id-ce-indirectIssuer OBJECT IDENTIFIER ::= {id-ce 61}
+## id-ce-noAssertion OBJECT IDENTIFIER ::= {id-ce 62}
+## id-ce-issuedOnBehalfOf OBJECT IDENTIFIER ::= {id-ce 64}
+## -- PMI matching rules --
+## id-mr-attributeCertificateMatch OBJECT IDENTIFIER ::= {id-mr 42}
+## id-mr-attributeCertificateExactMatch OBJECT IDENTIFIER ::= {id-mr 45}
+## id-mr-holderIssuerMatch OBJECT IDENTIFIER ::= {id-mr 46}
+## id-mr-authAttIdMatch OBJECT IDENTIFIER ::= {id-mr 53}
+## id-mr-roleSpecCertIdMatch OBJECT IDENTIFIER ::= {id-mr 54}
+## id-mr-basicAttConstraintsMatch OBJECT IDENTIFIER ::= {id-mr 55}
+## id-mr-delegatedNameConstraintsMatch OBJECT IDENTIFIER ::= {id-mr 56}
+## id-mr-timeSpecMatch OBJECT IDENTIFIER ::= {id-mr 57}
+## id-mr-attDescriptorMatch OBJECT IDENTIFIER ::= {id-mr 58}
+## id-mr-acceptableCertPoliciesMatch OBJECT IDENTIFIER ::= {id-mr 59}
+## id-mr-delegationPathMatch OBJECT IDENTIFIER ::= {id-mr 61}
+## id-mr-sOAIdentifierMatch OBJECT IDENTIFIER ::= {id-mr 66}
+## id-mr-indirectIssuerMatch OBJECT IDENTIFIER ::= {id-mr 67}
+##
+##
+## X.509 (08/2005) pp. 71, 86-89
+##
+## 14.4.1 Role attribute
+## role ATTRIBUTE ::= {
+## WITH SYNTAX RoleSyntax
+## ID id-at-role }
+## RoleSyntax ::= SEQUENCE {
+## roleAuthority [0] GeneralNames OPTIONAL,
+## roleName [1] GeneralName }
+##
+## 14.5 XML privilege information attribute
+## xmlPrivilegeInfo ATTRIBUTE ::= {
+## WITH SYNTAX UTF8String -- contains XML-encoded privilege information
+## ID id-at-xMLPrivilegeInfo }
+##
+## 17.1 PMI directory object classes
+##
+## 17.1.1 PMI user object class
+## pmiUser OBJECT-CLASS ::= {
+## -- a PMI user (i.e., a "holder")
+## SUBCLASS OF {top}
+## KIND auxiliary
+## MAY CONTAIN {attributeCertificateAttribute}
+## ID id-oc-pmiUser }
+##
+## 17.1.2 PMI AA object class
+## pmiAA OBJECT-CLASS ::= {
+## -- a PMI AA
+## SUBCLASS OF {top}
+## KIND auxiliary
+## MAY CONTAIN {aACertificate |
+## attributeCertificateRevocationList |
+## attributeAuthorityRevocationList}
+## ID id-oc-pmiAA }
+##
+## 17.1.3 PMI SOA object class
+## pmiSOA OBJECT-CLASS ::= { -- a PMI Source of Authority
+## SUBCLASS OF {top}
+## KIND auxiliary
+## MAY CONTAIN {attributeCertificateRevocationList |
+## attributeAuthorityRevocationList |
+## attributeDescriptorCertificate}
+## ID id-oc-pmiSOA }
+##
+## 17.1.4 Attribute certificate CRL distribution point object class
+## attCertCRLDistributionPt OBJECT-CLASS ::= {
+## SUBCLASS OF {top}
+## KIND auxiliary
+## MAY CONTAIN { attributeCertificateRevocationList |
+## attributeAuthorityRevocationList }
+## ID id-oc-attCertCRLDistributionPts }
+##
+## 17.1.5 PMI delegation path
+## pmiDelegationPath OBJECT-CLASS ::= {
+## SUBCLASS OF {top}
+## KIND auxiliary
+## MAY CONTAIN { delegationPath }
+## ID id-oc-pmiDelegationPath }
+##
+## 17.1.6 Privilege policy object class
+## privilegePolicy OBJECT-CLASS ::= {
+## SUBCLASS OF {top}
+## KIND auxiliary
+## MAY CONTAIN {privPolicy }
+## ID id-oc-privilegePolicy }
+##
+## 17.1.7 Protected privilege policy object class
+## protectedPrivilegePolicy OBJECT-CLASS ::= {
+## SUBCLASS OF {top}
+## KIND auxiliary
+## MAY CONTAIN {protPrivPolicy }
+## ID id-oc-protectedPrivilegePolicy }
+##
+## 17.2 PMI Directory attributes
+##
+## 17.2.1 Attribute certificate attribute
+## attributeCertificateAttribute ATTRIBUTE ::= {
+## WITH SYNTAX AttributeCertificate
+## EQUALITY MATCHING RULE attributeCertificateExactMatch
+## ID id-at-attributeCertificate }
+##
+## 17.2.2 AA certificate attribute
+## aACertificate ATTRIBUTE ::= {
+## WITH SYNTAX AttributeCertificate
+## EQUALITY MATCHING RULE attributeCertificateExactMatch
+## ID id-at-aACertificate }
+##
+## 17.2.3 Attribute descriptor certificate attribute
+## attributeDescriptorCertificate ATTRIBUTE ::= {
+## WITH SYNTAX AttributeCertificate
+## EQUALITY MATCHING RULE attributeCertificateExactMatch
+## ID id-at-attributeDescriptorCertificate }
+##
+## 17.2.4 Attribute certificate revocation list attribute
+## attributeCertificateRevocationList ATTRIBUTE ::= {
+## WITH SYNTAX CertificateList
+## EQUALITY MATCHING RULE certificateListExactMatch
+## ID id-at-attributeCertificateRevocationList}
+##
+## 17.2.5 AA certificate revocation list attribute
+## attributeAuthorityRevocationList ATTRIBUTE ::= {
+## WITH SYNTAX CertificateList
+## EQUALITY MATCHING RULE certificateListExactMatch
+## ID id-at-attributeAuthorityRevocationList }
+##
+## 17.2.6 Delegation path attribute
+## delegationPath ATTRIBUTE ::= {
+## WITH SYNTAX AttCertPath
+## ID id-at-delegationPath }
+## AttCertPath ::= SEQUENCE OF AttributeCertificate
+##
+## 17.2.7 Privilege policy attribute
+## privPolicy ATTRIBUTE ::= {
+## WITH SYNTAX PolicySyntax
+## ID id-at-privPolicy }
+##
+## 17.2.8 Protected privilege policy attribute
+## protPrivPolicy ATTRIBUTE ::= {
+## WITH SYNTAX AttributeCertificate
+## EQUALITY MATCHING RULE attributeCertificateExactMatch
+## ID id-at-protPrivPolicy }
+##
+## 17.2.9 XML Protected privilege policy attribute
+## xmlPrivPolicy ATTRIBUTE ::= {
+## WITH SYNTAX UTF8String -- contains XML-encoded privilege policy information
+## ID id-at-xMLPprotPrivPolicy }
+##
+
+## -- object identifier assignments --
+## -- object classes --
+objectidentifier id-oc-pmiUser 2.5.6.24
+objectidentifier id-oc-pmiAA 2.5.6.25
+objectidentifier id-oc-pmiSOA 2.5.6.26
+objectidentifier id-oc-attCertCRLDistributionPts 2.5.6.27
+objectidentifier id-oc-privilegePolicy 2.5.6.32
+objectidentifier id-oc-pmiDelegationPath 2.5.6.33
+objectidentifier id-oc-protectedPrivilegePolicy 2.5.6.34
+## -- directory attributes --
+objectidentifier id-at-attributeCertificate 2.5.4.58
+objectidentifier id-at-attributeCertificateRevocationList 2.5.4.59
+objectidentifier id-at-aACertificate 2.5.4.61
+objectidentifier id-at-attributeDescriptorCertificate 2.5.4.62
+objectidentifier id-at-attributeAuthorityRevocationList 2.5.4.63
+objectidentifier id-at-privPolicy 2.5.4.71
+objectidentifier id-at-role 2.5.4.72
+objectidentifier id-at-delegationPath 2.5.4.73
+objectidentifier id-at-protPrivPolicy 2.5.4.74
+objectidentifier id-at-xMLPrivilegeInfo 2.5.4.75
+objectidentifier id-at-xMLPprotPrivPolicy 2.5.4.76
+## -- attribute certificate extensions --
+## id-ce-authorityAttributeIdentifier OBJECT IDENTIFIER ::= {id-ce 38}
+## id-ce-roleSpecCertIdentifier OBJECT IDENTIFIER ::= {id-ce 39}
+## id-ce-basicAttConstraints OBJECT IDENTIFIER ::= {id-ce 41}
+## id-ce-delegatedNameConstraints OBJECT IDENTIFIER ::= {id-ce 42}
+## id-ce-timeSpecification OBJECT IDENTIFIER ::= {id-ce 43}
+## id-ce-attributeDescriptor OBJECT IDENTIFIER ::= {id-ce 48}
+## id-ce-userNotice OBJECT IDENTIFIER ::= {id-ce 49}
+## id-ce-sOAIdentifier OBJECT IDENTIFIER ::= {id-ce 50}
+## id-ce-acceptableCertPolicies OBJECT IDENTIFIER ::= {id-ce 52}
+## id-ce-targetInformation OBJECT IDENTIFIER ::= {id-ce 55}
+## id-ce-noRevAvail OBJECT IDENTIFIER ::= {id-ce 56}
+## id-ce-acceptablePrivilegePolicies OBJECT IDENTIFIER ::= {id-ce 57}
+## id-ce-indirectIssuer OBJECT IDENTIFIER ::= {id-ce 61}
+## id-ce-noAssertion OBJECT IDENTIFIER ::= {id-ce 62}
+## id-ce-issuedOnBehalfOf OBJECT IDENTIFIER ::= {id-ce 64}
+## -- PMI matching rules --
+objectidentifier id-mr 2.5.13
+objectidentifier id-mr-attributeCertificateMatch id-mr:42
+objectidentifier id-mr-attributeCertificateExactMatch id-mr:45
+objectidentifier id-mr-holderIssuerMatch id-mr:46
+objectidentifier id-mr-authAttIdMatch id-mr:53
+objectidentifier id-mr-roleSpecCertIdMatch id-mr:54
+objectidentifier id-mr-basicAttConstraintsMatch id-mr:55
+objectidentifier id-mr-delegatedNameConstraintsMatch id-mr:56
+objectidentifier id-mr-timeSpecMatch id-mr:57
+objectidentifier id-mr-attDescriptorMatch id-mr:58
+objectidentifier id-mr-acceptableCertPoliciesMatch id-mr:59
+objectidentifier id-mr-delegationPathMatch id-mr:61
+objectidentifier id-mr-sOAIdentifierMatch id-mr:66
+objectidentifier id-mr-indirectIssuerMatch id-mr:67
+## -- syntaxes --
+## NOTE: 1.3.6.1.4.1.4203.666.11.10 is the oid arc assigned by OpenLDAP
+## to this work in progress
+objectidentifier AttributeCertificate 1.3.6.1.4.1.4203.666.11.10.2.1
+objectidentifier CertificateList 1.3.6.1.4.1.1466.115.121.1.9
+objectidentifier AttCertPath 1.3.6.1.4.1.4203.666.11.10.2.4
+objectidentifier PolicySyntax 1.3.6.1.4.1.4203.666.11.10.2.5
+objectidentifier RoleSyntax 1.3.6.1.4.1.4203.666.11.10.2.6
+# NOTE: OIDs from <draft-ietf-pkix-ldap-schema-02.txt> (expired)
+#objectidentifier AttributeCertificate 1.2.826.0.1.3344810.7.5
+#objectidentifier AttCertPath 1.2.826.0.1.3344810.7.10
+#objectidentifier PolicySyntax 1.2.826.0.1.3344810.7.17
+#objectidentifier RoleSyntax 1.2.826.0.1.3344810.7.13
+##
+## Substitute syntaxes
+##
+## AttCertPath
+ldapsyntax ( 1.3.6.1.4.1.4203.666.11.10.2.4
+ NAME 'AttCertPath'
+ DESC 'X.509 PMI attribute cartificate path: SEQUENCE OF AttributeCertificate'
+ X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' )
+##
+## PolicySyntax
+ldapsyntax ( 1.3.6.1.4.1.4203.666.11.10.2.5
+ NAME 'PolicySyntax'
+ DESC 'X.509 PMI policy syntax'
+ X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' )
+##
+## RoleSyntax
+ldapsyntax ( 1.3.6.1.4.1.4203.666.11.10.2.6
+ NAME 'RoleSyntax'
+ DESC 'X.509 PMI role syntax'
+ X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' )
+##
+## X.509 (08/2005) pp. 71, 86-89
+##
+## 14.4.1 Role attribute
+attributeType ( id-at-role
+ NAME 'role'
+ DESC 'X.509 Role attribute, use ;binary'
+ SYNTAX RoleSyntax )
+##
+## 14.5 XML privilege information attribute
+## -- contains XML-encoded privilege information
+attributeType ( id-at-xMLPrivilegeInfo
+ NAME 'xmlPrivilegeInfo'
+ DESC 'X.509 XML privilege information attribute'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+##
+## 17.2 PMI Directory attributes
+##
+## 17.2.1 Attribute certificate attribute
+attributeType ( id-at-attributeCertificate
+ NAME 'attributeCertificateAttribute'
+ DESC 'X.509 Attribute certificate attribute, use ;binary'
+ SYNTAX AttributeCertificate
+ EQUALITY attributeCertificateExactMatch )
+##
+## 17.2.2 AA certificate attribute
+attributeType ( id-at-aACertificate
+ NAME 'aACertificate'
+ DESC 'X.509 AA certificate attribute, use ;binary'
+ SYNTAX AttributeCertificate
+ EQUALITY attributeCertificateExactMatch )
+##
+## 17.2.3 Attribute descriptor certificate attribute
+attributeType ( id-at-attributeDescriptorCertificate
+ NAME 'attributeDescriptorCertificate'
+ DESC 'X.509 Attribute descriptor certificate attribute, use ;binary'
+ SYNTAX AttributeCertificate
+ EQUALITY attributeCertificateExactMatch )
+##
+## 17.2.4 Attribute certificate revocation list attribute
+attributeType ( id-at-attributeCertificateRevocationList
+ NAME 'attributeCertificateRevocationList'
+ DESC 'X.509 Attribute certificate revocation list attribute, use ;binary'
+ SYNTAX CertificateList
+ X-EQUALITY 'certificateListExactMatch, not implemented yet' )
+##
+## 17.2.5 AA certificate revocation list attribute
+attributeType ( id-at-attributeAuthorityRevocationList
+ NAME 'attributeAuthorityRevocationList'
+ DESC 'X.509 AA certificate revocation list attribute, use ;binary'
+ SYNTAX CertificateList
+ X-EQUALITY 'certificateListExactMatch, not implemented yet' )
+##
+## 17.2.6 Delegation path attribute
+attributeType ( id-at-delegationPath
+ NAME 'delegationPath'
+ DESC 'X.509 Delegation path attribute, use ;binary'
+ SYNTAX AttCertPath )
+## AttCertPath ::= SEQUENCE OF AttributeCertificate
+##
+## 17.2.7 Privilege policy attribute
+attributeType ( id-at-privPolicy
+ NAME 'privPolicy'
+ DESC 'X.509 Privilege policy attribute, use ;binary'
+ SYNTAX PolicySyntax )
+##
+## 17.2.8 Protected privilege policy attribute
+attributeType ( id-at-protPrivPolicy
+ NAME 'protPrivPolicy'
+ DESC 'X.509 Protected privilege policy attribute, use ;binary'
+ SYNTAX AttributeCertificate
+ EQUALITY attributeCertificateExactMatch )
+##
+## 17.2.9 XML Protected privilege policy attribute
+## -- contains XML-encoded privilege policy information
+attributeType ( id-at-xMLPprotPrivPolicy
+ NAME 'xmlPrivPolicy'
+ DESC 'X.509 XML Protected privilege policy attribute'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+##
+## 17.1 PMI directory object classes
+##
+## 17.1.1 PMI user object class
+## -- a PMI user (i.e., a "holder")
+objectClass ( id-oc-pmiUser
+ NAME 'pmiUser'
+ DESC 'X.509 PMI user object class'
+ SUP top
+ AUXILIARY
+ MAY ( attributeCertificateAttribute ) )
+##
+## 17.1.2 PMI AA object class
+## -- a PMI AA
+objectClass ( id-oc-pmiAA
+ NAME 'pmiAA'
+ DESC 'X.509 PMI AA object class'
+ SUP top
+ AUXILIARY
+ MAY ( aACertificate $
+ attributeCertificateRevocationList $
+ attributeAuthorityRevocationList
+ ) )
+##
+## 17.1.3 PMI SOA object class
+## -- a PMI Source of Authority
+objectClass ( id-oc-pmiSOA
+ NAME 'pmiSOA'
+ DESC 'X.509 PMI SOA object class'
+ SUP top
+ AUXILIARY
+ MAY ( attributeCertificateRevocationList $
+ attributeAuthorityRevocationList $
+ attributeDescriptorCertificate
+ ) )
+##
+## 17.1.4 Attribute certificate CRL distribution point object class
+objectClass ( id-oc-attCertCRLDistributionPts
+ NAME 'attCertCRLDistributionPt'
+ DESC 'X.509 Attribute certificate CRL distribution point object class'
+ SUP top
+ AUXILIARY
+ MAY ( attributeCertificateRevocationList $
+ attributeAuthorityRevocationList
+ ) )
+##
+## 17.1.5 PMI delegation path
+objectClass ( id-oc-pmiDelegationPath
+ NAME 'pmiDelegationPath'
+ DESC 'X.509 PMI delegation path'
+ SUP top
+ AUXILIARY
+ MAY ( delegationPath ) )
+##
+## 17.1.6 Privilege policy object class
+objectClass ( id-oc-privilegePolicy
+ NAME 'privilegePolicy'
+ DESC 'X.509 Privilege policy object class'
+ SUP top
+ AUXILIARY
+ MAY ( privPolicy ) )
+##
+## 17.1.7 Protected privilege policy object class
+objectClass ( id-oc-protectedPrivilegePolicy
+ NAME 'protectedPrivilegePolicy'
+ DESC 'X.509 Protected privilege policy object class'
+ SUP top
+ AUXILIARY
+ MAY ( protPrivPolicy ) )
+
--- /dev/null
+# OpenLDAP X.509 PMI schema
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2011 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+## Portions Copyright (C) The Internet Society (1997-2006).
+## All Rights Reserved.
+##
+## This document and translations of it may be copied and furnished to
+## others, and derivative works that comment on or otherwise explain it
+## or assist in its implementation may be prepared, copied, published
+## and distributed, in whole or in part, without restriction of any
+## kind, provided that the above copyright notice and this paragraph are
+## included on all such copies and derivative works. However, this
+## document itself may not be modified in any way, such as by removing
+## the copyright notice or references to the Internet Society or other
+## Internet organizations, except as needed for the purpose of
+## developing Internet standards in which case the procedures for
+## copyrights defined in the Internet Standards process must be
+## followed, or as required to translate it into languages other than
+## English.
+##
+## The limited permissions granted above are perpetual and will not be
+## revoked by the Internet Society or its successors or assigns.
+##
+## This document and the information contained herein is provided on an
+## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
+## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+#
+#
+# Includes LDAPv3 schema items from:
+# ITU X.509 (08/2005)
+#
+## X.509 (08/2005) pp. 120-121
+##
+## -- object identifier assignments --
+## -- object classes --
+## id-oc-pmiUser OBJECT IDENTIFIER ::= {id-oc 24}
+## id-oc-pmiAA OBJECT IDENTIFIER ::= {id-oc 25}
+## id-oc-pmiSOA OBJECT IDENTIFIER ::= {id-oc 26}
+## id-oc-attCertCRLDistributionPts OBJECT IDENTIFIER ::= {id-oc 27}
+## id-oc-privilegePolicy OBJECT IDENTIFIER ::= {id-oc 32}
+## id-oc-pmiDelegationPath OBJECT IDENTIFIER ::= {id-oc 33}
+## id-oc-protectedPrivilegePolicy OBJECT IDENTIFIER ::= {id-oc 34}
+## -- directory attributes --
+## id-at-attributeCertificate OBJECT IDENTIFIER ::= {id-at 58}
+## id-at-attributeCertificateRevocationList OBJECT IDENTIFIER ::= {id-at 59}
+## id-at-aACertificate OBJECT IDENTIFIER ::= {id-at 61}
+## id-at-attributeDescriptorCertificate OBJECT IDENTIFIER ::= {id-at 62}
+## id-at-attributeAuthorityRevocationList OBJECT IDENTIFIER ::= {id-at 63}
+## id-at-privPolicy OBJECT IDENTIFIER ::= {id-at 71}
+## id-at-role OBJECT IDENTIFIER ::= {id-at 72}
+## id-at-delegationPath OBJECT IDENTIFIER ::= {id-at 73}
+## id-at-protPrivPolicy OBJECT IDENTIFIER ::= {id-at 74}
+## id-at-xMLPrivilegeInfo OBJECT IDENTIFIER ::= {id-at 75}
+## id-at-xMLPprotPrivPolicy OBJECT IDENTIFIER ::= {id-at 76}
+## -- attribute certificate extensions --
+## id-ce-authorityAttributeIdentifier OBJECT IDENTIFIER ::= {id-ce 38}
+## id-ce-roleSpecCertIdentifier OBJECT IDENTIFIER ::= {id-ce 39}
+## id-ce-basicAttConstraints OBJECT IDENTIFIER ::= {id-ce 41}
+## id-ce-delegatedNameConstraints OBJECT IDENTIFIER ::= {id-ce 42}
+## id-ce-timeSpecification OBJECT IDENTIFIER ::= {id-ce 43}
+## id-ce-attributeDescriptor OBJECT IDENTIFIER ::= {id-ce 48}
+## id-ce-userNotice OBJECT IDENTIFIER ::= {id-ce 49}
+## id-ce-sOAIdentifier OBJECT IDENTIFIER ::= {id-ce 50}
+## id-ce-acceptableCertPolicies OBJECT IDENTIFIER ::= {id-ce 52}
+## id-ce-targetInformation OBJECT IDENTIFIER ::= {id-ce 55}
+## id-ce-noRevAvail OBJECT IDENTIFIER ::= {id-ce 56}
+## id-ce-acceptablePrivilegePolicies OBJECT IDENTIFIER ::= {id-ce 57}
+## id-ce-indirectIssuer OBJECT IDENTIFIER ::= {id-ce 61}
+## id-ce-noAssertion OBJECT IDENTIFIER ::= {id-ce 62}
+## id-ce-issuedOnBehalfOf OBJECT IDENTIFIER ::= {id-ce 64}
+## -- PMI matching rules --
+## id-mr-attributeCertificateMatch OBJECT IDENTIFIER ::= {id-mr 42}
+## id-mr-attributeCertificateExactMatch OBJECT IDENTIFIER ::= {id-mr 45}
+## id-mr-holderIssuerMatch OBJECT IDENTIFIER ::= {id-mr 46}
+## id-mr-authAttIdMatch OBJECT IDENTIFIER ::= {id-mr 53}
+## id-mr-roleSpecCertIdMatch OBJECT IDENTIFIER ::= {id-mr 54}
+## id-mr-basicAttConstraintsMatch OBJECT IDENTIFIER ::= {id-mr 55}
+## id-mr-delegatedNameConstraintsMatch OBJECT IDENTIFIER ::= {id-mr 56}
+## id-mr-timeSpecMatch OBJECT IDENTIFIER ::= {id-mr 57}
+## id-mr-attDescriptorMatch OBJECT IDENTIFIER ::= {id-mr 58}
+## id-mr-acceptableCertPoliciesMatch OBJECT IDENTIFIER ::= {id-mr 59}
+## id-mr-delegationPathMatch OBJECT IDENTIFIER ::= {id-mr 61}
+## id-mr-sOAIdentifierMatch OBJECT IDENTIFIER ::= {id-mr 66}
+## id-mr-indirectIssuerMatch OBJECT IDENTIFIER ::= {id-mr 67}
+##
+##
+## X.509 (08/2005) pp. 71, 86-89
+##
+## 14.4.1 Role attribute
+## role ATTRIBUTE ::= {
+## WITH SYNTAX RoleSyntax
+## ID id-at-role }
+## RoleSyntax ::= SEQUENCE {
+## roleAuthority [0] GeneralNames OPTIONAL,
+## roleName [1] GeneralName }
+##
+## 14.5 XML privilege information attribute
+## xmlPrivilegeInfo ATTRIBUTE ::= {
+## WITH SYNTAX UTF8String -- contains XML-encoded privilege information
+## ID id-at-xMLPrivilegeInfo }
+##
+## 17.1 PMI directory object classes
+##
+## 17.1.1 PMI user object class
+## pmiUser OBJECT-CLASS ::= {
+## -- a PMI user (i.e., a "holder")
+## SUBCLASS OF {top}
+## KIND auxiliary
+## MAY CONTAIN {attributeCertificateAttribute}
+## ID id-oc-pmiUser }
+##
+## 17.1.2 PMI AA object class
+## pmiAA OBJECT-CLASS ::= {
+## -- a PMI AA
+## SUBCLASS OF {top}
+## KIND auxiliary
+## MAY CONTAIN {aACertificate |
+## attributeCertificateRevocationList |
+## attributeAuthorityRevocationList}
+## ID id-oc-pmiAA }
+##
+## 17.1.3 PMI SOA object class
+## pmiSOA OBJECT-CLASS ::= { -- a PMI Source of Authority
+## SUBCLASS OF {top}
+## KIND auxiliary
+## MAY CONTAIN {attributeCertificateRevocationList |
+## attributeAuthorityRevocationList |
+## attributeDescriptorCertificate}
+## ID id-oc-pmiSOA }
+##
+## 17.1.4 Attribute certificate CRL distribution point object class
+## attCertCRLDistributionPt OBJECT-CLASS ::= {
+## SUBCLASS OF {top}
+## KIND auxiliary
+## MAY CONTAIN { attributeCertificateRevocationList |
+## attributeAuthorityRevocationList }
+## ID id-oc-attCertCRLDistributionPts }
+##
+## 17.1.5 PMI delegation path
+## pmiDelegationPath OBJECT-CLASS ::= {
+## SUBCLASS OF {top}
+## KIND auxiliary
+## MAY CONTAIN { delegationPath }
+## ID id-oc-pmiDelegationPath }
+##
+## 17.1.6 Privilege policy object class
+## privilegePolicy OBJECT-CLASS ::= {
+## SUBCLASS OF {top}
+## KIND auxiliary
+## MAY CONTAIN {privPolicy }
+## ID id-oc-privilegePolicy }
+##
+## 17.1.7 Protected privilege policy object class
+## protectedPrivilegePolicy OBJECT-CLASS ::= {
+## SUBCLASS OF {top}
+## KIND auxiliary
+## MAY CONTAIN {protPrivPolicy }
+## ID id-oc-protectedPrivilegePolicy }
+##
+## 17.2 PMI Directory attributes
+##
+## 17.2.1 Attribute certificate attribute
+## attributeCertificateAttribute ATTRIBUTE ::= {
+## WITH SYNTAX AttributeCertificate
+## EQUALITY MATCHING RULE attributeCertificateExactMatch
+## ID id-at-attributeCertificate }
+##
+## 17.2.2 AA certificate attribute
+## aACertificate ATTRIBUTE ::= {
+## WITH SYNTAX AttributeCertificate
+## EQUALITY MATCHING RULE attributeCertificateExactMatch
+## ID id-at-aACertificate }
+##
+## 17.2.3 Attribute descriptor certificate attribute
+## attributeDescriptorCertificate ATTRIBUTE ::= {
+## WITH SYNTAX AttributeCertificate
+## EQUALITY MATCHING RULE attributeCertificateExactMatch
+## ID id-at-attributeDescriptorCertificate }
+##
+## 17.2.4 Attribute certificate revocation list attribute
+## attributeCertificateRevocationList ATTRIBUTE ::= {
+## WITH SYNTAX CertificateList
+## EQUALITY MATCHING RULE certificateListExactMatch
+## ID id-at-attributeCertificateRevocationList}
+##
+## 17.2.5 AA certificate revocation list attribute
+## attributeAuthorityRevocationList ATTRIBUTE ::= {
+## WITH SYNTAX CertificateList
+## EQUALITY MATCHING RULE certificateListExactMatch
+## ID id-at-attributeAuthorityRevocationList }
+##
+## 17.2.6 Delegation path attribute
+## delegationPath ATTRIBUTE ::= {
+## WITH SYNTAX AttCertPath
+## ID id-at-delegationPath }
+## AttCertPath ::= SEQUENCE OF AttributeCertificate
+##
+## 17.2.7 Privilege policy attribute
+## privPolicy ATTRIBUTE ::= {
+## WITH SYNTAX PolicySyntax
+## ID id-at-privPolicy }
+##
+## 17.2.8 Protected privilege policy attribute
+## protPrivPolicy ATTRIBUTE ::= {
+## WITH SYNTAX AttributeCertificate
+## EQUALITY MATCHING RULE attributeCertificateExactMatch
+## ID id-at-protPrivPolicy }
+##
+## 17.2.9 XML Protected privilege policy attribute
+## xmlPrivPolicy ATTRIBUTE ::= {
+## WITH SYNTAX UTF8String -- contains XML-encoded privilege policy information
+## ID id-at-xMLPprotPrivPolicy }
+##
+
+## -- object identifier assignments --
+## -- object classes --
+objectidentifier id-oc-pmiUser 2.5.6.24
+objectidentifier id-oc-pmiAA 2.5.6.25
+objectidentifier id-oc-pmiSOA 2.5.6.26
+objectidentifier id-oc-attCertCRLDistributionPts 2.5.6.27
+objectidentifier id-oc-privilegePolicy 2.5.6.32
+objectidentifier id-oc-pmiDelegationPath 2.5.6.33
+objectidentifier id-oc-protectedPrivilegePolicy 2.5.6.34
+## -- directory attributes --
+objectidentifier id-at-attributeCertificate 2.5.4.58
+objectidentifier id-at-attributeCertificateRevocationList 2.5.4.59
+objectidentifier id-at-aACertificate 2.5.4.61
+objectidentifier id-at-attributeDescriptorCertificate 2.5.4.62
+objectidentifier id-at-attributeAuthorityRevocationList 2.5.4.63
+objectidentifier id-at-privPolicy 2.5.4.71
+objectidentifier id-at-role 2.5.4.72
+objectidentifier id-at-delegationPath 2.5.4.73
+objectidentifier id-at-protPrivPolicy 2.5.4.74
+objectidentifier id-at-xMLPrivilegeInfo 2.5.4.75
+objectidentifier id-at-xMLPprotPrivPolicy 2.5.4.76
+## -- attribute certificate extensions --
+## id-ce-authorityAttributeIdentifier OBJECT IDENTIFIER ::= {id-ce 38}
+## id-ce-roleSpecCertIdentifier OBJECT IDENTIFIER ::= {id-ce 39}
+## id-ce-basicAttConstraints OBJECT IDENTIFIER ::= {id-ce 41}
+## id-ce-delegatedNameConstraints OBJECT IDENTIFIER ::= {id-ce 42}
+## id-ce-timeSpecification OBJECT IDENTIFIER ::= {id-ce 43}
+## id-ce-attributeDescriptor OBJECT IDENTIFIER ::= {id-ce 48}
+## id-ce-userNotice OBJECT IDENTIFIER ::= {id-ce 49}
+## id-ce-sOAIdentifier OBJECT IDENTIFIER ::= {id-ce 50}
+## id-ce-acceptableCertPolicies OBJECT IDENTIFIER ::= {id-ce 52}
+## id-ce-targetInformation OBJECT IDENTIFIER ::= {id-ce 55}
+## id-ce-noRevAvail OBJECT IDENTIFIER ::= {id-ce 56}
+## id-ce-acceptablePrivilegePolicies OBJECT IDENTIFIER ::= {id-ce 57}
+## id-ce-indirectIssuer OBJECT IDENTIFIER ::= {id-ce 61}
+## id-ce-noAssertion OBJECT IDENTIFIER ::= {id-ce 62}
+## id-ce-issuedOnBehalfOf OBJECT IDENTIFIER ::= {id-ce 64}
+## -- PMI matching rules --
+objectidentifier id-mr 2.5.13
+objectidentifier id-mr-attributeCertificateMatch id-mr:42
+objectidentifier id-mr-attributeCertificateExactMatch id-mr:45
+objectidentifier id-mr-holderIssuerMatch id-mr:46
+objectidentifier id-mr-authAttIdMatch id-mr:53
+objectidentifier id-mr-roleSpecCertIdMatch id-mr:54
+objectidentifier id-mr-basicAttConstraintsMatch id-mr:55
+objectidentifier id-mr-delegatedNameConstraintsMatch id-mr:56
+objectidentifier id-mr-timeSpecMatch id-mr:57
+objectidentifier id-mr-attDescriptorMatch id-mr:58
+objectidentifier id-mr-acceptableCertPoliciesMatch id-mr:59
+objectidentifier id-mr-delegationPathMatch id-mr:61
+objectidentifier id-mr-sOAIdentifierMatch id-mr:66
+objectidentifier id-mr-indirectIssuerMatch id-mr:67
+## -- syntaxes --
+## NOTE: 1.3.6.1.4.1.4203.666.11.10 is the oid arc assigned by OpenLDAP
+## to this work in progress
+objectidentifier AttributeCertificate 1.3.6.1.4.1.4203.666.11.10.2.1
+objectidentifier CertificateList 1.3.6.1.4.1.1466.115.121.1.9
+objectidentifier AttCertPath 1.3.6.1.4.1.4203.666.11.10.2.4
+objectidentifier PolicySyntax 1.3.6.1.4.1.4203.666.11.10.2.5
+objectidentifier RoleSyntax 1.3.6.1.4.1.4203.666.11.10.2.6
+# NOTE: OIDs from <draft-ietf-pkix-ldap-schema-02.txt> (expired)
+#objectidentifier AttributeCertificate 1.2.826.0.1.3344810.7.5
+#objectidentifier AttCertPath 1.2.826.0.1.3344810.7.10
+#objectidentifier PolicySyntax 1.2.826.0.1.3344810.7.17
+#objectidentifier RoleSyntax 1.2.826.0.1.3344810.7.13
+##
+## Substitute syntaxes
+##
+## AttCertPath
+ldapsyntax ( 1.3.6.1.4.1.4203.666.11.10.2.4
+ NAME 'AttCertPath'
+ DESC 'X.509 PMI attribute cartificate path: SEQUENCE OF AttributeCertificate'
+ X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' )
+##
+## PolicySyntax
+ldapsyntax ( 1.3.6.1.4.1.4203.666.11.10.2.5
+ NAME 'PolicySyntax'
+ DESC 'X.509 PMI policy syntax'
+ X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' )
+##
+## RoleSyntax
+ldapsyntax ( 1.3.6.1.4.1.4203.666.11.10.2.6
+ NAME 'RoleSyntax'
+ DESC 'X.509 PMI role syntax'
+ X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' )
+##
+## X.509 (08/2005) pp. 71, 86-89
+##
+## 14.4.1 Role attribute
+attributeType ( id-at-role
+ NAME 'role'
+ DESC 'X.509 Role attribute, use ;binary'
+ SYNTAX RoleSyntax )
+##
+## 14.5 XML privilege information attribute
+## -- contains XML-encoded privilege information
+attributeType ( id-at-xMLPrivilegeInfo
+ NAME 'xmlPrivilegeInfo'
+ DESC 'X.509 XML privilege information attribute'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+##
+## 17.2 PMI Directory attributes
+##
+## 17.2.1 Attribute certificate attribute
+attributeType ( id-at-attributeCertificate
+ NAME 'attributeCertificateAttribute'
+ DESC 'X.509 Attribute certificate attribute, use ;binary'
+ SYNTAX AttributeCertificate
+ EQUALITY attributeCertificateExactMatch )
+##
+## 17.2.2 AA certificate attribute
+attributeType ( id-at-aACertificate
+ NAME 'aACertificate'
+ DESC 'X.509 AA certificate attribute, use ;binary'
+ SYNTAX AttributeCertificate
+ EQUALITY attributeCertificateExactMatch )
+##
+## 17.2.3 Attribute descriptor certificate attribute
+attributeType ( id-at-attributeDescriptorCertificate
+ NAME 'attributeDescriptorCertificate'
+ DESC 'X.509 Attribute descriptor certificate attribute, use ;binary'
+ SYNTAX AttributeCertificate
+ EQUALITY attributeCertificateExactMatch )
+##
+## 17.2.4 Attribute certificate revocation list attribute
+attributeType ( id-at-attributeCertificateRevocationList
+ NAME 'attributeCertificateRevocationList'
+ DESC 'X.509 Attribute certificate revocation list attribute, use ;binary'
+ SYNTAX CertificateList
+ X-EQUALITY 'certificateListExactMatch, not implemented yet' )
+##
+## 17.2.5 AA certificate revocation list attribute
+attributeType ( id-at-attributeAuthorityRevocationList
+ NAME 'attributeAuthorityRevocationList'
+ DESC 'X.509 AA certificate revocation list attribute, use ;binary'
+ SYNTAX CertificateList
+ X-EQUALITY 'certificateListExactMatch, not implemented yet' )
+##
+## 17.2.6 Delegation path attribute
+attributeType ( id-at-delegationPath
+ NAME 'delegationPath'
+ DESC 'X.509 Delegation path attribute, use ;binary'
+ SYNTAX AttCertPath )
+## AttCertPath ::= SEQUENCE OF AttributeCertificate
+##
+## 17.2.7 Privilege policy attribute
+attributeType ( id-at-privPolicy
+ NAME 'privPolicy'
+ DESC 'X.509 Privilege policy attribute, use ;binary'
+ SYNTAX PolicySyntax )
+##
+## 17.2.8 Protected privilege policy attribute
+attributeType ( id-at-protPrivPolicy
+ NAME 'protPrivPolicy'
+ DESC 'X.509 Protected privilege policy attribute, use ;binary'
+ SYNTAX AttributeCertificate
+ EQUALITY attributeCertificateExactMatch )
+##
+## 17.2.9 XML Protected privilege policy attribute
+## -- contains XML-encoded privilege policy information
+attributeType ( id-at-xMLPprotPrivPolicy
+ NAME 'xmlPrivPolicy'
+ DESC 'X.509 XML Protected privilege policy attribute'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+##
+## 17.1 PMI directory object classes
+##
+## 17.1.1 PMI user object class
+## -- a PMI user (i.e., a "holder")
+objectClass ( id-oc-pmiUser
+ NAME 'pmiUser'
+ DESC 'X.509 PMI user object class'
+ SUP top
+ AUXILIARY
+ MAY ( attributeCertificateAttribute ) )
+##
+## 17.1.2 PMI AA object class
+## -- a PMI AA
+objectClass ( id-oc-pmiAA
+ NAME 'pmiAA'
+ DESC 'X.509 PMI AA object class'
+ SUP top
+ AUXILIARY
+ MAY ( aACertificate $
+ attributeCertificateRevocationList $
+ attributeAuthorityRevocationList
+ ) )
+##
+## 17.1.3 PMI SOA object class
+## -- a PMI Source of Authority
+objectClass ( id-oc-pmiSOA
+ NAME 'pmiSOA'
+ DESC 'X.509 PMI SOA object class'
+ SUP top
+ AUXILIARY
+ MAY ( attributeCertificateRevocationList $
+ attributeAuthorityRevocationList $
+ attributeDescriptorCertificate
+ ) )
+##
+## 17.1.4 Attribute certificate CRL distribution point object class
+objectClass ( id-oc-attCertCRLDistributionPts
+ NAME 'attCertCRLDistributionPt'
+ DESC 'X.509 Attribute certificate CRL distribution point object class'
+ SUP top
+ AUXILIARY
+ MAY ( attributeCertificateRevocationList $
+ attributeAuthorityRevocationList
+ ) )
+##
+## 17.1.5 PMI delegation path
+objectClass ( id-oc-pmiDelegationPath
+ NAME 'pmiDelegationPath'
+ DESC 'X.509 PMI delegation path'
+ SUP top
+ AUXILIARY
+ MAY ( delegationPath ) )
+##
+## 17.1.6 Privilege policy object class
+objectClass ( id-oc-privilegePolicy
+ NAME 'privilegePolicy'
+ DESC 'X.509 Privilege policy object class'
+ SUP top
+ AUXILIARY
+ MAY ( privPolicy ) )
+##
+## 17.1.7 Protected privilege policy object class
+objectClass ( id-oc-protectedPrivilegePolicy
+ NAME 'protectedPrivilegePolicy'
+ DESC 'X.509 Protected privilege policy object class'
+ SUP top
+ AUXILIARY
+ MAY ( protPrivPolicy ) )
+
--- /dev/null
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/ppolicy.schema,v 1.7.2.6 2011/01/04 23:50:52 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 2004-2011 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+## Portions Copyright (C) The Internet Society (2004).
+## Please see full copyright statement below.
+
+# Definitions from Draft behera-ldap-password-policy-07 (a work in progress)
+# Password Policy for LDAP Directories
+# With extensions from Hewlett-Packard:
+# pwdCheckModule etc.
+
+# Contents of this file are subject to change (including deletion)
+# without notice.
+#
+# Not recommended for production use!
+# Use with extreme caution!
+
+#Network Working Group J. Sermersheim
+#Internet-Draft Novell, Inc
+#Expires: April 24, 2005 L. Poitou
+# Sun Microsystems
+# October 24, 2004
+#
+#
+# Password Policy for LDAP Directories
+# draft-behera-ldap-password-policy-08.txt
+#
+#Status of this Memo
+#
+# This document is an Internet-Draft and is subject to all provisions
+# of section 3 of RFC 3667. By submitting this Internet-Draft, each
+# author represents that any applicable patent or other IPR claims of
+# which he or she is aware have been or will be disclosed, and any of
+# which he or she become aware will be disclosed, in accordance with
+# RFC 3668.
+#
+# Internet-Drafts are working documents of the Internet Engineering
+# Task Force (IETF), its areas, and its working groups. Note that
+# other groups may also distribute working documents as
+# Internet-Drafts.
+#
+# Internet-Drafts are draft documents valid for a maximum of six months
+# and may be updated, replaced, or obsoleted by other documents at any
+# time. It is inappropriate to use Internet-Drafts as reference
+# material or to cite them other than as "work in progress."
+#
+# The list of current Internet-Drafts can be accessed at
+# http://www.ietf.org/ietf/1id-abstracts.txt.
+#
+# The list of Internet-Draft Shadow Directories can be accessed at
+# http://www.ietf.org/shadow.html.
+#
+# This Internet-Draft will expire on April 24, 2005.
+#
+#Copyright Notice
+#
+# Copyright (C) The Internet Society (2004).
+#
+#Abstract
+#
+# Password policy as described in this document is a set of rules that
+# controls how passwords are used and administered in Lightweight
+# Directory Access Protocol (LDAP) based directories. In order to
+# improve the security of LDAP directories and make it difficult for
+# password cracking programs to break into directories, it is desirable
+# to enforce a set of rules on password usage. These rules are made to
+#
+# [trimmed]
+#
+#5. Schema used for Password Policy
+#
+# The schema elements defined here fall into two general categories. A
+# password policy object class is defined which contains a set of
+# administrative password policy attributes, and a set of operational
+# attributes are defined that hold general password policy state
+# information for each user.
+#
+#5.2 Attribute Types used in the pwdPolicy ObjectClass
+#
+# Following are the attribute types used by the pwdPolicy object class.
+#
+#5.2.1 pwdAttribute
+#
+# This holds the name of the attribute to which the password policy is
+# applied. For example, the password policy may be applied to the
+# userPassword attribute.
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.1
+ NAME 'pwdAttribute'
+ EQUALITY objectIdentifierMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
+
+#5.2.2 pwdMinAge
+#
+# This attribute holds the number of seconds that must elapse between
+# modifications to the password. If this attribute is not present, 0
+# seconds is assumed.
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.2
+ NAME 'pwdMinAge'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+#5.2.3 pwdMaxAge
+#
+# This attribute holds the number of seconds after which a modified
+# password will expire.
+#
+# If this attribute is not present, or if the value is 0 the password
+# does not expire. If not 0, the value must be greater than or equal
+# to the value of the pwdMinAge.
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.3
+ NAME 'pwdMaxAge'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+#5.2.4 pwdInHistory
+#
+# This attribute specifies the maximum number of used passwords stored
+# in the pwdHistory attribute.
+#
+# If this attribute is not present, or if the value is 0, used
+# passwords are not stored in the pwdHistory attribute and thus may be
+# reused.
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.4
+ NAME 'pwdInHistory'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+#5.2.5 pwdCheckQuality
+#
+# {TODO: Consider changing the syntax to OID. Each OID will list a
+# quality rule (like min len, # of special characters, etc). These
+# rules can be specified outsid ethis document.}
+#
+# {TODO: Note that even though this is meant to be a check that happens
+# during password modification, it may also be allowed to happen during
+# authN. This is useful for situations where the password is encrypted
+# when modified, but decrypted when used to authN.}
+#
+# This attribute indicates how the password quality will be verified
+# while being modified or added. If this attribute is not present, or
+# if the value is '0', quality checking will not be enforced. A value
+# of '1' indicates that the server will check the quality, and if the
+# server is unable to check it (due to a hashed password or other
+# reasons) it will be accepted. A value of '2' indicates that the
+# server will check the quality, and if the server is unable to verify
+# it, it will return an error refusing the password.
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.5
+ NAME 'pwdCheckQuality'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+#5.2.6 pwdMinLength
+#
+# When quality checking is enabled, this attribute holds the minimum
+# number of characters that must be used in a password. If this
+# attribute is not present, no minimum password length will be
+# enforced. If the server is unable to check the length (due to a
+# hashed password or otherwise), the server will, depending on the
+# value of the pwdCheckQuality attribute, either accept the password
+# without checking it ('0' or '1') or refuse it ('2').
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.6
+ NAME 'pwdMinLength'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+#5.2.7 pwdExpireWarning
+#
+# This attribute specifies the maximum number of seconds before a
+# password is due to expire that expiration warning messages will be
+# returned to an authenticating user.
+#
+# If this attribute is not present, or if the value is 0 no warnings
+# will be returned. If not 0, the value must be smaller than the value
+# of the pwdMaxAge attribute.
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.7
+ NAME 'pwdExpireWarning'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+#5.2.8 pwdGraceAuthNLimit
+#
+# This attribute specifies the number of times an expired password can
+# be used to authenticate. If this attribute is not present or if the
+# value is 0, authentication will fail.
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.8
+ NAME 'pwdGraceAuthNLimit'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+#5.2.9 pwdLockout
+#
+# This attribute indicates, when its value is "TRUE", that the password
+# may not be used to authenticate after a specified number of
+# consecutive failed bind attempts. The maximum number of consecutive
+# failed bind attempts is specified in pwdMaxFailure.
+#
+# If this attribute is not present, or if the value is "FALSE", the
+# password may be used to authenticate when the number of failed bind
+# attempts has been reached.
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.9
+ NAME 'pwdLockout'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+#5.2.10 pwdLockoutDuration
+#
+# This attribute holds the number of seconds that the password cannot
+# be used to authenticate due to too many failed bind attempts. If
+# this attribute is not present, or if the value is 0 the password
+# cannot be used to authenticate until reset by a password
+# administrator.
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.10
+ NAME 'pwdLockoutDuration'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+#5.2.11 pwdMaxFailure
+#
+# This attribute specifies the number of consecutive failed bind
+# attempts after which the password may not be used to authenticate.
+# If this attribute is not present, or if the value is 0, this policy
+# is not checked, and the value of pwdLockout will be ignored.
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.11
+ NAME 'pwdMaxFailure'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+#5.2.12 pwdFailureCountInterval
+#
+# This attribute holds the number of seconds after which the password
+# failures are purged from the failure counter, even though no
+# successful authentication occurred.
+#
+# If this attribute is not present, or if its value is 0, the failure
+# counter is only reset by a successful authentication.
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.12
+ NAME 'pwdFailureCountInterval'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+#5.2.13 pwdMustChange
+#
+# This attribute specifies with a value of "TRUE" that users must
+# change their passwords when they first bind to the directory after a
+# password is set or reset by a password administrator. If this
+# attribute is not present, or if the value is "FALSE", users are not
+# required to change their password upon binding after the password
+# administrator sets or resets the password. This attribute is not set
+# due to any actions specified by this document, it is typically set by
+# a password administrator after resetting a user's password.
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.13
+ NAME 'pwdMustChange'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+#5.2.14 pwdAllowUserChange
+#
+# This attribute indicates whether users can change their own
+# passwords, although the change operation is still subject to access
+# control. If this attribute is not present, a value of "TRUE" is
+# assumed. This attribute is intended to be used in the absense of an
+# access control mechanism.
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.14
+ NAME 'pwdAllowUserChange'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+#5.2.15 pwdSafeModify
+#
+# This attribute specifies whether or not the existing password must be
+# sent along with the new password when being changed. If this
+# attribute is not present, a "FALSE" value is assumed.
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.15
+ NAME 'pwdSafeModify'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+# HP extensions
+#
+# pwdCheckModule
+#
+# This attribute names a user-defined loadable module that provides
+# a check_password() function. If pwdCheckQuality is set to '1' or '2'
+# this function will be called after all of the internal password
+# quality checks have been passed. The function has this prototype:
+#
+# int check_password( char *password, char **errormessage, void *arg )
+#
+# The function should return LDAP_SUCCESS for a valid password.
+
+attributetype ( 1.3.6.1.4.1.4754.1.99.1
+ NAME 'pwdCheckModule'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ DESC 'Loadable module that instantiates "check_password() function'
+ SINGLE-VALUE )
+
+objectclass ( 1.3.6.1.4.1.4754.2.99.1
+ NAME 'pwdPolicyChecker'
+ SUP top
+ AUXILIARY
+ MAY ( pwdCheckModule ) )
+
+#5.1 The pwdPolicy Object Class
+#
+# This object class contains the attributes defining a password policy
+# in effect for a set of users. Section 10 describes the
+# administration of this object, and the relationship between it and
+# particular objects.
+#
+objectclass ( 1.3.6.1.4.1.42.2.27.8.2.1
+ NAME 'pwdPolicy'
+ SUP top
+ AUXILIARY
+ MUST ( pwdAttribute )
+ MAY ( pwdMinAge $ pwdMaxAge $ pwdInHistory $ pwdCheckQuality $
+ pwdMinLength $ pwdExpireWarning $ pwdGraceAuthNLimit $ pwdLockout
+ $ pwdLockoutDuration $ pwdMaxFailure $ pwdFailureCountInterval $
+ pwdMustChange $ pwdAllowUserChange $ pwdSafeModify ) )
+
+#5.3 Attribute Types for Password Policy State Information
+#
+# Password policy state information must be maintained for each user.
+# The information is located in each user entry as a set of operational
+# attributes. These operational attributes are: pwdChangedTime,
+# pwdAccountLockedTime, pwdFailureTime, pwdHistory, pwdGraceUseTime,
+# pwdReset, pwdPolicySubEntry.
+#
+#5.3.1 Password Policy State Attribute Option
+#
+# Since the password policy could apply to several attributes used to
+# store passwords, each of the above operational attributes must have
+# an option to specify which pwdAttribute it applies to. The password
+# policy option is defined as the following:
+#
+# pwd-<passwordAttribute>
+#
+# where passwordAttribute a string following the OID syntax
+# (1.3.6.1.4.1.1466.115.121.1.38). The attribute type descriptor
+# (short name) MUST be used.
+#
+# For example, if the pwdPolicy object has for pwdAttribute
+# "userPassword" then the pwdChangedTime operational attribute, in a
+# user entry, will be:
+#
+# pwdChangedTime;pwd-userPassword: 20000103121520Z
+#
+# This attribute option follows sub-typing semantics. If a client
+# requests a password policy state attribute to be returned in a search
+# operation, and does not specify an option, all subtypes of that
+# policy state attribute are returned.
+#
+#5.3.2 pwdChangedTime
+#
+# This attribute specifies the last time the entry's password was
+# changed. This is used by the password expiration policy. If this
+# attribute does not exist, the password will never expire.
+#
+# ( 1.3.6.1.4.1.42.2.27.8.1.16
+# NAME 'pwdChangedTime'
+# DESC 'The time the password was last changed'
+# EQUALITY generalizedTimeMatch
+# ORDERING generalizedTimeOrderingMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+# SINGLE-VALUE
+# USAGE directoryOperation )
+#
+#5.3.3 pwdAccountLockedTime
+#
+# This attribute holds the time that the user's account was locked. A
+# locked account means that the password may no longer be used to
+# authenticate. A 000001010000Z value means that the account has been
+# locked permanently, and that only a password administrator can unlock
+# the account.
+#
+# ( 1.3.6.1.4.1.42.2.27.8.1.17
+# NAME 'pwdAccountLockedTime'
+# DESC 'The time an user account was locked'
+# EQUALITY generalizedTimeMatch
+# ORDERING generalizedTimeOrderingMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+# SINGLE-VALUE
+# USAGE directoryOperation )
+#
+#5.3.4 pwdFailureTime
+#
+# This attribute holds the timestamps of the consecutive authentication
+# failures.
+#
+# ( 1.3.6.1.4.1.42.2.27.8.1.19
+# NAME 'pwdFailureTime'
+# DESC 'The timestamps of the last consecutive authentication
+# failures'
+# EQUALITY generalizedTimeMatch
+# ORDERING generalizedTimeOrderingMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+# USAGE directoryOperation )
+#
+#5.3.5 pwdHistory
+#
+# This attribute holds a history of previously used passwords. Values
+# of this attribute are transmitted in string format as given by the
+# following ABNF:
+#
+# pwdHistory = time "#" syntaxOID "#" length "#" data
+#
+# time = <generalizedTimeString as specified in 6.14
+# of [RFC2252]>
+#
+# syntaxOID = numericoid ; the string representation of the
+# ; dotted-decimal OID that defines the
+# ; syntax used to store the password.
+# ; numericoid is described in 4.1
+# ; of [RFC2252].
+#
+# length = numericstring ; the number of octets in data.
+# ; numericstring is described in 4.1
+# ; of [RFC2252].
+#
+# data = <octets representing the password in the format
+# specified by syntaxOID>.
+#
+# This format allows the server to store, and transmit a history of
+# passwords that have been used. In order for equality matching to
+# function properly, the time field needs to adhere to a consistent
+# format. For this purpose, the time field MUST be in GMT format.
+#
+# ( 1.3.6.1.4.1.42.2.27.8.1.20
+# NAME 'pwdHistory'
+# DESC 'The history of user s passwords'
+# EQUALITY octetStringMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+# USAGE directoryOperation )
+#
+#5.3.6 pwdGraceUseTime
+#
+# This attribute holds the timestamps of grace authentications after a
+# password has expired.
+#
+# ( 1.3.6.1.4.1.42.2.27.8.1.21
+# NAME 'pwdGraceUseTime'
+# DESC 'The timestamps of the grace authentication after the
+# password has expired'
+# EQUALITY generalizedTimeMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+#
+#5.3.7 pwdReset
+#
+# This attribute holds a flag to indicate (when TRUE) that the password
+# has been updated by the password administrator and must be changed by
+# the user on first authentication.
+#
+# ( 1.3.6.1.4.1.42.2.27.8.1.22
+# NAME 'pwdReset'
+# DESC 'The indication that the password has been reset'
+# EQUALITY booleanMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+# SINGLE-VALUE
+# USAGE directoryOperation )
+#
+#5.3.8 pwdPolicySubentry
+#
+# This attribute points to the pwdPolicy subentry in effect for this
+# object.
+#
+# ( 1.3.6.1.4.1.42.2.27.8.1.23
+# NAME 'pwdPolicySubentry'
+# DESC 'The pwdPolicy subentry in effect for this object'
+# EQUALITY distinguishedNameMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+# SINGLE-VALUE
+# USAGE directoryOperation )
+#
+#
+#Disclaimer of Validity
+#
+# This document and the information contained herein are provided on an
+# "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+# OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+# ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+# INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+# INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+# WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+#
+#
+#Copyright Statement
+#
+# Copyright (C) The Internet Society (2004). This document is subject
+# to the rights, licenses and restrictions contained in BCP 78, and
+# except as set forth therein, the authors retain all their rights.
+
--- /dev/null
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 2004-2011 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+## Portions Copyright (C) The Internet Society (2004).
+## Please see full copyright statement below.
+
+# Definitions from Draft behera-ldap-password-policy-07 (a work in progress)
+# Password Policy for LDAP Directories
+# With extensions from Hewlett-Packard:
+# pwdCheckModule etc.
+
+# Contents of this file are subject to change (including deletion)
+# without notice.
+#
+# Not recommended for production use!
+# Use with extreme caution!
+
+#Network Working Group J. Sermersheim
+#Internet-Draft Novell, Inc
+#Expires: April 24, 2005 L. Poitou
+# Sun Microsystems
+# October 24, 2004
+#
+#
+# Password Policy for LDAP Directories
+# draft-behera-ldap-password-policy-08.txt
+#
+#Status of this Memo
+#
+# This document is an Internet-Draft and is subject to all provisions
+# of section 3 of RFC 3667. By submitting this Internet-Draft, each
+# author represents that any applicable patent or other IPR claims of
+# which he or she is aware have been or will be disclosed, and any of
+# which he or she become aware will be disclosed, in accordance with
+# RFC 3668.
+#
+# Internet-Drafts are working documents of the Internet Engineering
+# Task Force (IETF), its areas, and its working groups. Note that
+# other groups may also distribute working documents as
+# Internet-Drafts.
+#
+# Internet-Drafts are draft documents valid for a maximum of six months
+# and may be updated, replaced, or obsoleted by other documents at any
+# time. It is inappropriate to use Internet-Drafts as reference
+# material or to cite them other than as "work in progress."
+#
+# The list of current Internet-Drafts can be accessed at
+# http://www.ietf.org/ietf/1id-abstracts.txt.
+#
+# The list of Internet-Draft Shadow Directories can be accessed at
+# http://www.ietf.org/shadow.html.
+#
+# This Internet-Draft will expire on April 24, 2005.
+#
+#Copyright Notice
+#
+# Copyright (C) The Internet Society (2004).
+#
+#Abstract
+#
+# Password policy as described in this document is a set of rules that
+# controls how passwords are used and administered in Lightweight
+# Directory Access Protocol (LDAP) based directories. In order to
+# improve the security of LDAP directories and make it difficult for
+# password cracking programs to break into directories, it is desirable
+# to enforce a set of rules on password usage. These rules are made to
+#
+# [trimmed]
+#
+#5. Schema used for Password Policy
+#
+# The schema elements defined here fall into two general categories. A
+# password policy object class is defined which contains a set of
+# administrative password policy attributes, and a set of operational
+# attributes are defined that hold general password policy state
+# information for each user.
+#
+#5.2 Attribute Types used in the pwdPolicy ObjectClass
+#
+# Following are the attribute types used by the pwdPolicy object class.
+#
+#5.2.1 pwdAttribute
+#
+# This holds the name of the attribute to which the password policy is
+# applied. For example, the password policy may be applied to the
+# userPassword attribute.
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.1
+ NAME 'pwdAttribute'
+ EQUALITY objectIdentifierMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
+
+#5.2.2 pwdMinAge
+#
+# This attribute holds the number of seconds that must elapse between
+# modifications to the password. If this attribute is not present, 0
+# seconds is assumed.
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.2
+ NAME 'pwdMinAge'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+#5.2.3 pwdMaxAge
+#
+# This attribute holds the number of seconds after which a modified
+# password will expire.
+#
+# If this attribute is not present, or if the value is 0 the password
+# does not expire. If not 0, the value must be greater than or equal
+# to the value of the pwdMinAge.
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.3
+ NAME 'pwdMaxAge'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+#5.2.4 pwdInHistory
+#
+# This attribute specifies the maximum number of used passwords stored
+# in the pwdHistory attribute.
+#
+# If this attribute is not present, or if the value is 0, used
+# passwords are not stored in the pwdHistory attribute and thus may be
+# reused.
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.4
+ NAME 'pwdInHistory'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+#5.2.5 pwdCheckQuality
+#
+# {TODO: Consider changing the syntax to OID. Each OID will list a
+# quality rule (like min len, # of special characters, etc). These
+# rules can be specified outsid ethis document.}
+#
+# {TODO: Note that even though this is meant to be a check that happens
+# during password modification, it may also be allowed to happen during
+# authN. This is useful for situations where the password is encrypted
+# when modified, but decrypted when used to authN.}
+#
+# This attribute indicates how the password quality will be verified
+# while being modified or added. If this attribute is not present, or
+# if the value is '0', quality checking will not be enforced. A value
+# of '1' indicates that the server will check the quality, and if the
+# server is unable to check it (due to a hashed password or other
+# reasons) it will be accepted. A value of '2' indicates that the
+# server will check the quality, and if the server is unable to verify
+# it, it will return an error refusing the password.
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.5
+ NAME 'pwdCheckQuality'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+#5.2.6 pwdMinLength
+#
+# When quality checking is enabled, this attribute holds the minimum
+# number of characters that must be used in a password. If this
+# attribute is not present, no minimum password length will be
+# enforced. If the server is unable to check the length (due to a
+# hashed password or otherwise), the server will, depending on the
+# value of the pwdCheckQuality attribute, either accept the password
+# without checking it ('0' or '1') or refuse it ('2').
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.6
+ NAME 'pwdMinLength'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+#5.2.7 pwdExpireWarning
+#
+# This attribute specifies the maximum number of seconds before a
+# password is due to expire that expiration warning messages will be
+# returned to an authenticating user.
+#
+# If this attribute is not present, or if the value is 0 no warnings
+# will be returned. If not 0, the value must be smaller than the value
+# of the pwdMaxAge attribute.
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.7
+ NAME 'pwdExpireWarning'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+#5.2.8 pwdGraceAuthNLimit
+#
+# This attribute specifies the number of times an expired password can
+# be used to authenticate. If this attribute is not present or if the
+# value is 0, authentication will fail.
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.8
+ NAME 'pwdGraceAuthNLimit'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+#5.2.9 pwdLockout
+#
+# This attribute indicates, when its value is "TRUE", that the password
+# may not be used to authenticate after a specified number of
+# consecutive failed bind attempts. The maximum number of consecutive
+# failed bind attempts is specified in pwdMaxFailure.
+#
+# If this attribute is not present, or if the value is "FALSE", the
+# password may be used to authenticate when the number of failed bind
+# attempts has been reached.
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.9
+ NAME 'pwdLockout'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+#5.2.10 pwdLockoutDuration
+#
+# This attribute holds the number of seconds that the password cannot
+# be used to authenticate due to too many failed bind attempts. If
+# this attribute is not present, or if the value is 0 the password
+# cannot be used to authenticate until reset by a password
+# administrator.
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.10
+ NAME 'pwdLockoutDuration'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+#5.2.11 pwdMaxFailure
+#
+# This attribute specifies the number of consecutive failed bind
+# attempts after which the password may not be used to authenticate.
+# If this attribute is not present, or if the value is 0, this policy
+# is not checked, and the value of pwdLockout will be ignored.
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.11
+ NAME 'pwdMaxFailure'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+#5.2.12 pwdFailureCountInterval
+#
+# This attribute holds the number of seconds after which the password
+# failures are purged from the failure counter, even though no
+# successful authentication occurred.
+#
+# If this attribute is not present, or if its value is 0, the failure
+# counter is only reset by a successful authentication.
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.12
+ NAME 'pwdFailureCountInterval'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+#5.2.13 pwdMustChange
+#
+# This attribute specifies with a value of "TRUE" that users must
+# change their passwords when they first bind to the directory after a
+# password is set or reset by a password administrator. If this
+# attribute is not present, or if the value is "FALSE", users are not
+# required to change their password upon binding after the password
+# administrator sets or resets the password. This attribute is not set
+# due to any actions specified by this document, it is typically set by
+# a password administrator after resetting a user's password.
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.13
+ NAME 'pwdMustChange'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+#5.2.14 pwdAllowUserChange
+#
+# This attribute indicates whether users can change their own
+# passwords, although the change operation is still subject to access
+# control. If this attribute is not present, a value of "TRUE" is
+# assumed. This attribute is intended to be used in the absense of an
+# access control mechanism.
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.14
+ NAME 'pwdAllowUserChange'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+#5.2.15 pwdSafeModify
+#
+# This attribute specifies whether or not the existing password must be
+# sent along with the new password when being changed. If this
+# attribute is not present, a "FALSE" value is assumed.
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.15
+ NAME 'pwdSafeModify'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+# HP extensions
+#
+# pwdCheckModule
+#
+# This attribute names a user-defined loadable module that provides
+# a check_password() function. If pwdCheckQuality is set to '1' or '2'
+# this function will be called after all of the internal password
+# quality checks have been passed. The function has this prototype:
+#
+# int check_password( char *password, char **errormessage, void *arg )
+#
+# The function should return LDAP_SUCCESS for a valid password.
+
+attributetype ( 1.3.6.1.4.1.4754.1.99.1
+ NAME 'pwdCheckModule'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ DESC 'Loadable module that instantiates "check_password() function'
+ SINGLE-VALUE )
+
+objectclass ( 1.3.6.1.4.1.4754.2.99.1
+ NAME 'pwdPolicyChecker'
+ SUP top
+ AUXILIARY
+ MAY ( pwdCheckModule ) )
+
+#5.1 The pwdPolicy Object Class
+#
+# This object class contains the attributes defining a password policy
+# in effect for a set of users. Section 10 describes the
+# administration of this object, and the relationship between it and
+# particular objects.
+#
+objectclass ( 1.3.6.1.4.1.42.2.27.8.2.1
+ NAME 'pwdPolicy'
+ SUP top
+ AUXILIARY
+ MUST ( pwdAttribute )
+ MAY ( pwdMinAge $ pwdMaxAge $ pwdInHistory $ pwdCheckQuality $
+ pwdMinLength $ pwdExpireWarning $ pwdGraceAuthNLimit $ pwdLockout
+ $ pwdLockoutDuration $ pwdMaxFailure $ pwdFailureCountInterval $
+ pwdMustChange $ pwdAllowUserChange $ pwdSafeModify ) )
+
+#5.3 Attribute Types for Password Policy State Information
+#
+# Password policy state information must be maintained for each user.
+# The information is located in each user entry as a set of operational
+# attributes. These operational attributes are: pwdChangedTime,
+# pwdAccountLockedTime, pwdFailureTime, pwdHistory, pwdGraceUseTime,
+# pwdReset, pwdPolicySubEntry.
+#
+#5.3.1 Password Policy State Attribute Option
+#
+# Since the password policy could apply to several attributes used to
+# store passwords, each of the above operational attributes must have
+# an option to specify which pwdAttribute it applies to. The password
+# policy option is defined as the following:
+#
+# pwd-<passwordAttribute>
+#
+# where passwordAttribute a string following the OID syntax
+# (1.3.6.1.4.1.1466.115.121.1.38). The attribute type descriptor
+# (short name) MUST be used.
+#
+# For example, if the pwdPolicy object has for pwdAttribute
+# "userPassword" then the pwdChangedTime operational attribute, in a
+# user entry, will be:
+#
+# pwdChangedTime;pwd-userPassword: 20000103121520Z
+#
+# This attribute option follows sub-typing semantics. If a client
+# requests a password policy state attribute to be returned in a search
+# operation, and does not specify an option, all subtypes of that
+# policy state attribute are returned.
+#
+#5.3.2 pwdChangedTime
+#
+# This attribute specifies the last time the entry's password was
+# changed. This is used by the password expiration policy. If this
+# attribute does not exist, the password will never expire.
+#
+# ( 1.3.6.1.4.1.42.2.27.8.1.16
+# NAME 'pwdChangedTime'
+# DESC 'The time the password was last changed'
+# EQUALITY generalizedTimeMatch
+# ORDERING generalizedTimeOrderingMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+# SINGLE-VALUE
+# USAGE directoryOperation )
+#
+#5.3.3 pwdAccountLockedTime
+#
+# This attribute holds the time that the user's account was locked. A
+# locked account means that the password may no longer be used to
+# authenticate. A 000001010000Z value means that the account has been
+# locked permanently, and that only a password administrator can unlock
+# the account.
+#
+# ( 1.3.6.1.4.1.42.2.27.8.1.17
+# NAME 'pwdAccountLockedTime'
+# DESC 'The time an user account was locked'
+# EQUALITY generalizedTimeMatch
+# ORDERING generalizedTimeOrderingMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+# SINGLE-VALUE
+# USAGE directoryOperation )
+#
+#5.3.4 pwdFailureTime
+#
+# This attribute holds the timestamps of the consecutive authentication
+# failures.
+#
+# ( 1.3.6.1.4.1.42.2.27.8.1.19
+# NAME 'pwdFailureTime'
+# DESC 'The timestamps of the last consecutive authentication
+# failures'
+# EQUALITY generalizedTimeMatch
+# ORDERING generalizedTimeOrderingMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+# USAGE directoryOperation )
+#
+#5.3.5 pwdHistory
+#
+# This attribute holds a history of previously used passwords. Values
+# of this attribute are transmitted in string format as given by the
+# following ABNF:
+#
+# pwdHistory = time "#" syntaxOID "#" length "#" data
+#
+# time = <generalizedTimeString as specified in 6.14
+# of [RFC2252]>
+#
+# syntaxOID = numericoid ; the string representation of the
+# ; dotted-decimal OID that defines the
+# ; syntax used to store the password.
+# ; numericoid is described in 4.1
+# ; of [RFC2252].
+#
+# length = numericstring ; the number of octets in data.
+# ; numericstring is described in 4.1
+# ; of [RFC2252].
+#
+# data = <octets representing the password in the format
+# specified by syntaxOID>.
+#
+# This format allows the server to store, and transmit a history of
+# passwords that have been used. In order for equality matching to
+# function properly, the time field needs to adhere to a consistent
+# format. For this purpose, the time field MUST be in GMT format.
+#
+# ( 1.3.6.1.4.1.42.2.27.8.1.20
+# NAME 'pwdHistory'
+# DESC 'The history of user s passwords'
+# EQUALITY octetStringMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+# USAGE directoryOperation )
+#
+#5.3.6 pwdGraceUseTime
+#
+# This attribute holds the timestamps of grace authentications after a
+# password has expired.
+#
+# ( 1.3.6.1.4.1.42.2.27.8.1.21
+# NAME 'pwdGraceUseTime'
+# DESC 'The timestamps of the grace authentication after the
+# password has expired'
+# EQUALITY generalizedTimeMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+#
+#5.3.7 pwdReset
+#
+# This attribute holds a flag to indicate (when TRUE) that the password
+# has been updated by the password administrator and must be changed by
+# the user on first authentication.
+#
+# ( 1.3.6.1.4.1.42.2.27.8.1.22
+# NAME 'pwdReset'
+# DESC 'The indication that the password has been reset'
+# EQUALITY booleanMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+# SINGLE-VALUE
+# USAGE directoryOperation )
+#
+#5.3.8 pwdPolicySubentry
+#
+# This attribute points to the pwdPolicy subentry in effect for this
+# object.
+#
+# ( 1.3.6.1.4.1.42.2.27.8.1.23
+# NAME 'pwdPolicySubentry'
+# DESC 'The pwdPolicy subentry in effect for this object'
+# EQUALITY distinguishedNameMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+# SINGLE-VALUE
+# USAGE directoryOperation )
+#
+#
+#Disclaimer of Validity
+#
+# This document and the information contained herein are provided on an
+# "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+# OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+# ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+# INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+# INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+# WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+#
+#
+#Copyright Statement
+#
+# Copyright (C) The Internet Society (2004). This document is subject
+# to the rights, licenses and restrictions contained in BCP 78, and
+# except as set forth therein, the authors retain all their rights.
+
+++ /dev/null
-#!/sbin/runscript
-# Copyright 1999-2012 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/files/slapd-initd-2.4.28-r1,v 1.2 2012/02/12 21:35:04 robbat2 Exp $
-
-extra_commands="checkconfig"
-
-[ -z "$INSTANCE" ] && INSTANCE="openldap${SVCNAME#slapd}"
-
-depend() {
- need net
- before dbus hald
- provide ldap
-}
-
-start() {
- if ! checkconfig -Q ; then
- eerror "There is a problem with your slapd.conf!"
- return 1
- fi
- ebegin "Starting ldap-server"
- [ -n "$KRB5_KTNAME" ] && export KRB5_KTNAME
- eval start-stop-daemon --start --pidfile /var/run/openldap/${SVCNAME}.pid --exec /usr/lib64/openldap/slapd -- -u ldap -g ldap "${OPTS}"
- eend $?
-}
-
-stop() {
- ebegin "Stopping ldap-server"
- start-stop-daemon --stop --signal 2 --quiet --pidfile /var/run/openldap/${SVCNAME}.pid
- eend $?
-}
-
-checkconfig() {
- /usr/sbin/slaptest -u "$@" ${OPTS_CONF}
-}
#!/sbin/runscript
-# Copyright 1999-2004 Gentoo Foundation
+# Copyright 1999-2012 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/files/slapd-initd2,v 1.1 2010/04/11 15:14:48 jokey Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/files/slapd-initd-2.4.28-r1,v 1.2 2012/02/12 21:35:04 robbat2 Exp $
+
+extra_commands="checkconfig"
+
+[ -z "$INSTANCE" ] && INSTANCE="openldap${SVCNAME#slapd}"
depend() {
need net
- before dbus hald avahi-daemon
+ before dbus hald
provide ldap
}
start() {
+ if ! checkconfig -Q ; then
+ eerror "There is a problem with your slapd.conf!"
+ return 1
+ fi
ebegin "Starting ldap-server"
- eval start-stop-daemon --start --pidfile /var/run/openldap/slapd.pid --exec /usr/lib64/openldap/slapd -- -u ldap -g ldap "${OPTS}"
+ [ -n "$KRB5_KTNAME" ] && export KRB5_KTNAME
+ eval start-stop-daemon --start --pidfile /var/run/openldap/${SVCNAME}.pid --exec /usr/lib64/openldap/slapd -- -u ldap -g ldap "${OPTS}"
eend $?
}
stop() {
ebegin "Stopping ldap-server"
- start-stop-daemon --stop --signal 2 --quiet --pidfile /var/run/openldap/slapd.pid
+ start-stop-daemon --stop --signal 2 --quiet --pidfile /var/run/openldap/${SVCNAME}.pid
eend $?
}
+
+checkconfig() {
+ /usr/sbin/slaptest -u "$@" ${OPTS_CONF}
+}
-/usr/lib/jvm/icedtea6-bin
\ No newline at end of file
+/usr/lib/jvm/icedtea-bin-6
\ No newline at end of file
[defaults]
base_features = sparse_super,filetype,resize_inode,dir_index,ext_attr
+ default_mntopts = acl,user_xattr
+ enable_periodic_fsck = 0
blocksize = 4096
inode_size = 256
inode_ratio = 16384
}
ext4 = {
features = has_journal,extent,huge_file,flex_bg,uninit_bg,dir_nlink,extra_isize
+ auto_64-bit_support = 1
inode_size = 256
}
ext4dev = {
inode_size = 128
inode_ratio = 8192
}
+ big = {
+ inode_ratio = 32768
+ }
+ huge = {
+ inode_ratio = 65536
+ }
news = {
inode_ratio = 4096
}
+++ /dev/null
-# $OpenLDAP$
-# Example DB_CONFIG file for use with slapd(8) BDB/HDB databases.
-#
-# See the Oracle Berkeley DB documentation
-# <http://www.oracle.com/technology/documentation/berkeley-db/db/ref/env/db_config.html>
-# for detail description of DB_CONFIG syntax and semantics.
-#
-# Hints can also be found in the OpenLDAP Software FAQ
-# <http://www.openldap.org/faq/index.cgi?file=2>
-# in particular:
-# <http://www.openldap.org/faq/index.cgi?file=1075>
-
-# Note: most DB_CONFIG settings will take effect only upon rebuilding
-# the DB environment.
-
-# one 0.25 GB cache
-set_cachesize 0 268435456 1
-
-# Data Directory
-#set_data_dir db
-
-# Transaction Log settings
-set_lg_regionmax 262144
-set_lg_bsize 2097152
-#set_lg_dir logs
-
-# Note: special DB_CONFIG flags are no longer needed for "quick"
-# slapadd(8) or slapindex(8) access (see their -q option).
-# $OpenLDAP: pkg/ldap/servers/slapd/DB_CONFIG,v 1.3.2.4 2007/12/18 11:53:27 ghenry Exp $
+# $OpenLDAP$
# Example DB_CONFIG file for use with slapd(8) BDB/HDB databases.
#
# See the Oracle Berkeley DB documentation
+++ /dev/null
-This directory contains user application schema definitions for use
-with slapd(8).
-
-File Description
----- -----------
-collective.schema Collective attributes (experimental)
-corba.schema Corba Object
-core.schema OpenLDAP "core"
-cosine.schema COSINE Pilot
-duaconf.schema Client Configuration (work in progress)
-dyngroup.schema Dynamic Group (experimental)
-inetorgperson.schema InetOrgPerson
-java.schema Java Object
-misc.schema Miscellaneous Schema (experimental)
-nadf.schema North American Directory Forum (obsolete)
-nis.schema Network Information Service (experimental)
-openldap.schema OpenLDAP Project (FYI)
-ppolicy.schema Password Policy Schema (work in progress)
-
-Additional "generally useful" schema definitions can be submitted
-using the OpenLDAP Issue Tracking System <http://www.openldap.org/its/>.
-Submissions should include a stable reference to a mature, open
-technical specification (e.g., an RFC) for the schema.
-
-The core.ldif and openldap.ldif files are equivalent to their
-corresponding .schema files. They have been provided as examples
-for use with the dynamic configuration backend. These example files
-are not actually necessary since slapd will automatically convert any
-included *.schema files into LDIF when converting a slapd.conf file
-to a configuration database, but they serve as a model of how to
-convert schema files in general.
-
----
-
-This notice applies to all files in this directory.
-
-Copyright 1998-2011 The OpenLDAP Foundation, Redwood City, California, USA
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted only as authorized by the OpenLDAP
-Public License. A copy of this license is available at
-http://www.OpenLDAP.org/license.html or in file LICENSE in the
-top-level directory of the distribution.
-
----
-
-This notice applies to all schema in this directory which are derived
-from RFCs and other IETF documents.
-
-Portions Copyright 1991-2004, The Internet Society. All Rights Reserved.
-
-This document and translations of it may be copied and furnished
-to others, and derivative works that comment on or otherwise explain
-it or assist in its implementation may be prepared, copied, published
-and distributed, in whole or in part, without restriction of any
-kind, provided that the above copyright notice and this paragraph
-are included on all such copies and derivative works. However,
-this document itself may not be modified in any way, such as by
-removing the copyright notice or references to the Internet Society
-or other Internet organizations, except as needed for the purpose
-of developing Internet standards in which case the procedures for
-copyrights defined in the Internet Standards process must be
-followed, or as required to translate it into languages other than
-English.
-
-The limited permissions granted above are perpetual and will not
-be revoked by the Internet Society or its successors or assigns.
-
-This document and the information contained herein is provided on
-an "AS IS" basis and THE AUTHORS, THE INTERNET SOCIETY, AND THE
-INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS
-OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE
-OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY
-IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR
-PURPOSE.
-
-
----
-$OpenLDAP$
+++ /dev/null
-# collective.schema -- Collective attribute schema
-# $OpenLDAP$
-## This work is part of OpenLDAP Software <http://www.openldap.org/>.
-##
-## Copyright 1998-2011 The OpenLDAP Foundation.
-## All rights reserved.
-##
-## Redistribution and use in source and binary forms, with or without
-## modification, are permitted only as authorized by the OpenLDAP
-## Public License.
-##
-## A copy of this license is available in the file LICENSE in the
-## top-level directory of the distribution or, alternatively, at
-## <http://www.OpenLDAP.org/license.html>.
-#
-## Portions Copyright (C) The Internet Society (2003).
-## Please see full copyright statement below.
-
-# From RFC 3671 [portions trimmed]:
-# Collective Attributes in LDAP
-
-#Abstract
-#
-# X.500 collective attributes allow common characteristics to be shared
-# between collections of entries. This document summarizes the X.500
-# information model for collective attributes and describes use of
-# collective attributes in LDAP (Lightweight Directory Access Protocol).
-# This document provides schema definitions for collective attributes
-# for use in LDAP.
-
-#3. Collective Attribute Types
-#
-# A userApplications attribute type can be defined to be COLLECTIVE
-# [RFC2252]. This indicates that the same attribute values will appear
-# in the entries of an entry collection subject to the use of the
-# collectiveExclusions attribute and other administrative controls.
-#
-# Collective attribute types are commonly defined as subtypes of non-
-# collective attribute types. By convention, collective attributes are
-# named by prefixing the name of their non-collective supertype with
-# "c-". For example, the collective telephone attribute is named
-# c-TelephoneNumber after its non-collective supertype telephoneNumber.
-#
-# Non-collective attributes types SHALL NOT subtype collective
-# attributes.
-#
-# Collective attributes SHALL NOT be SINGLE-VALUED. Collective
-# attribute types SHALL NOT appear in the attribute types of an object
-# class definition.
-#
-# Operational attributes SHALL NOT be defined to be collective.
-#
-# The remainder of section provides a summary of collective attributes
-# derived from those defined in [X.520]. Implementations of this
-# specification SHOULD support the following collective attributes and
-# MAY support additional collective attributes.
-#
-#
-#3.1. Collective Locality Name
-#
-# The c-l attribute type specifies a locality name for a collection of
-# entries.
-#
-attributeType ( 2.5.4.7.1 NAME 'c-l'
- SUP l COLLECTIVE )
-#
-#
-#3.2. Collective State or Province Name
-#
-# The c-st attribute type specifies a state or province name for a
-# collection of entries.
-#
-attributeType ( 2.5.4.8.1 NAME 'c-st'
- SUP st COLLECTIVE )
-#
-#
-#3.3. Collective Street Address
-#
-# The c-street attribute type specifies a street address for a
-# collection of entries.
-#
-attributeType ( 2.5.4.9.1 NAME 'c-street'
- SUP street COLLECTIVE )
-#
-#
-#3.4. Collective Organization Name
-#
-# The c-o attribute type specifies an organization name for a collection
-# of entries.
-#
-attributeType ( 2.5.4.10.1 NAME 'c-o'
- SUP o COLLECTIVE )
-#
-#
-#3.5. Collective Organizational Unit Name
-#
-# The c-ou attribute type specifies an organizational unit name for a
-# collection of entries.
-#
-attributeType ( 2.5.4.11.1 NAME 'c-ou'
- SUP ou COLLECTIVE )
-#
-#
-#3.6. Collective Postal Address
-#
-# The c-PostalAddress attribute type specifies a postal address for a
-# collection of entries.
-#
-attributeType ( 2.5.4.16.1 NAME 'c-PostalAddress'
- SUP postalAddress COLLECTIVE )
-#
-#
-#3.7. Collective Postal Code
-#
-# The c-PostalCode attribute type specifies a postal code for a
-# collection of entries.
-#
-attributeType ( 2.5.4.17.1 NAME 'c-PostalCode'
- SUP postalCode COLLECTIVE )
-#
-#
-#3.8. Collective Post Office Box
-#
-# The c-PostOfficeBox attribute type specifies a post office box for a
-# collection of entries.
-#
-attributeType ( 2.5.4.18.1 NAME 'c-PostOfficeBox'
- SUP postOfficeBox COLLECTIVE )
-#
-#
-#3.9. Collective Physical Delivery Office Name
-#
-# The c-PhysicalDeliveryOfficeName attribute type specifies a physical
-# delivery office name for a collection of entries.
-#
-attributeType ( 2.5.4.19.1 NAME 'c-PhysicalDeliveryOfficeName'
- SUP physicalDeliveryOfficeName COLLECTIVE )
-#
-#
-#3.10. Collective Telephone Number
-#
-# The c-TelephoneNumber attribute type specifies a telephone number for
-# a collection of entries.
-#
-attributeType ( 2.5.4.20.1 NAME 'c-TelephoneNumber'
- SUP telephoneNumber COLLECTIVE )
-#
-#
-#3.11. Collective Telex Number
-#
-# The c-TelexNumber attribute type specifies a telex number for a
-# collection of entries.
-#
-attributeType ( 2.5.4.21.1 NAME 'c-TelexNumber'
- SUP telexNumber COLLECTIVE )
-#
-#
-#3.13. Collective Facsimile Telephone Number
-#
-# The c-FacsimileTelephoneNumber attribute type specifies a facsimile
-# telephone number for a collection of entries.
-#
-attributeType ( 2.5.4.23.1 NAME 'c-FacsimileTelephoneNumber'
- SUP facsimileTelephoneNumber COLLECTIVE )
-#
-#
-#3.14. Collective International ISDN Number
-#
-# The c-InternationalISDNNumber attribute type specifies an
-# international ISDN number for a collection of entries.
-#
-attributeType ( 2.5.4.25.1 NAME 'c-InternationalISDNNumber'
- SUP internationalISDNNumber COLLECTIVE )
-
-# Full Copyright
-#
-# Copyright (C) The Internet Society (2003). All Rights Reserved.
-#
-# This document and translations of it may be copied and furnished
-# to others, and derivative works that comment on or otherwise explain
-# it or assist in its implmentation may be prepared, copied, published
-# and distributed, in whole or in part, without restriction of any
-# kind, provided that the above copyright notice and this paragraph
-# are included on all such copies and derivative works. However,
-# this document itself may not be modified in any way, such as by
-# removing the copyright notice or references to the Internet Society
-# or other Internet organizations, except as needed for the purpose
-# of developing Internet standards in which case the procedures for
-# copyrights defined in the Internet Standards process must be followed,
-# or as required to translate it into languages other than English.
+++ /dev/null
-# corba.schema -- Corba Object Schema
-# depends upon core.schema
-# $OpenLDAP$
-# $OpenLDAP$
-## This work is part of OpenLDAP Software <http://www.openldap.org/>.
-##
-## Copyright 1998-2011 The OpenLDAP Foundation.
-## All rights reserved.
-##
-## Redistribution and use in source and binary forms, with or without
-## modification, are permitted only as authorized by the OpenLDAP
-## Public License.
-##
-## A copy of this license is available in the file LICENSE in the
-## top-level directory of the distribution or, alternatively, at
-## <http://www.OpenLDAP.org/license.html>.
-#
-## Portions Copyright (C) The Internet Society (1999).
-## Please see full copyright statement below.
-
-
-# Network Working Group V. Ryan
-# Request for Comments: 2714 R. Lee
-# Category: Informational S. Seligman
-# Sun Microsystems, Inc.
-# October 1999
-#
-#
-# Schema for Representing CORBA Object References in an LDAP Directory
-#
-# Status of this Memo
-#
-# This memo provides information for the Internet community. It does
-# not specify an Internet standard of any kind. Distribution of this
-# memo is unlimited.
-#
-# Copyright Notice
-#
-# Copyright (C) The Internet Society (1999). All Rights Reserved.
-#
-# Abstract
-#
-# CORBA [CORBA] is the Common Object Request Broker Architecture
-# defined by the Object Management Group. This document defines the
-# schema for representing CORBA object references in an LDAP directory
-# [LDAPv3].
-#
-# [trimmed]
-
-# 3. Attribute Type Definitions
-#
-# The following attribute types are defined in this document:
-#
-# corbaIor
-# corbaRepositoryId
-#
-# 3.1 corbaIor
-#
-# This attribute stores the string representation of the interoperable
-# object reference (IOR) for a CORBA object. An IOR is an opaque handle
-# for the object which contains the information necessary to locate the
-# object, even if the object is in another ORB.
-#
-# This attribute's syntax is 'IA5 String' and its case is
-# insignificant.
-#
-# ( 1.3.6.1.4.1.42.2.27.4.1.14
-# NAME 'corbaIor'
-# DESC 'Stringified interoperable object reference of a CORBA object'
-# EQUALITY caseIgnoreIA5Match
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-# SINGLE-VALUE
-# )
-#
-attributetype ( 1.3.6.1.4.1.42.2.27.4.1.14
- NAME 'corbaIor'
- DESC 'Stringified interoperable object reference of a CORBA object'
- EQUALITY caseIgnoreIA5Match
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
- SINGLE-VALUE )
-
-# 3.2 corbaRepositoryId
-#
-# Each CORBA interface has a unique "repository id" (also called "type
-# id") that identifies the interface. A CORBA object has one or more
-# repository ids, one for each interface that it implements.
-#
-# The format of a repository id can be any string, but the OMG
-# specifies four standard formats:
-#
-# a. IDL-style
-#
-# IDL:Prefix/ModuleName/InterfaceName:VersionNumber
-#
-# For example, the repository id for the "NamingContext" in OMG's COS
-# Naming module is: "IDL:omg.org/CosNaming/NamingContext:1.0".
-#
-# b. RMI-style
-#
-# RMI:ClassName:HashCode[:SUID]
-#
-# This format is used by RMI-IIOP remote objects [RMI-IIOP].
-# "ClassName" is the fully qualified name of the class (for example,
-# "java.lang.String"). "HashCode" is the object's hash code (that is,
-# that obtained by invoking the "hashCode()" method). "SUID" is the
-# "stream unique identifier", which is a 64-bit number that uniquely
-# identifies the serialization version of the class; SUID is optional
-# in the repository id.
-#
-# c. DCE-style
-#
-# DCE:UUID
-#
-# This format is used for DCE/CORBA interoperability [CORBA-DCE].
-# "UUID" represents a DCE UUID.
-#
-# d. "local"
-#
-# This format is defined by the local Object Request Broker (ORB).
-#
-# The corbaRepositoryId attribute is a multivalued attribute; each
-# value records a single repository id of an interface implemented by
-# the CORBA object. This attribute need not contain a complete list of
-# the interfaces implemented by the CORBA object.
-#
-# This attribute's syntax is 'Directory String' and its case is
-# significant. The values of this attribute are encoded using UTF-8.
-# Some values may require translation from their native representation
-# in order to be correctly encoded using UTF-8.
-#
-# ( 1.3.6.1.4.1.42.2.27.4.1.15
-# NAME 'corbaRepositoryId'
-# DESC 'Repository ids of interfaces implemented by a CORBA object'
-# EQUALITY caseExactMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-# )
-#
-#
-attributetype ( 1.3.6.1.4.1.42.2.27.4.1.15
- NAME 'corbaRepositoryId'
- DESC 'Repository ids of interfaces implemented by a CORBA object'
- EQUALITY caseExactMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-
-# 4. Object Class Definitions
-#
-# The following object classes are defined in this document:
-#
-# corbaContainer
-# corbaObject
-# corbaObjectReference
-#
-# 4.1 corbaContainer
-#
-# This structural object class represents a container for a CORBA
-# object.
-#
-# ( 1.3.6.1.4.1.42.2.27.4.2.10
-# NAME 'corbaContainer'
-# DESC 'Container for a CORBA object'
-# SUP top
-# STRUCTURAL
-# MUST ( cn )
-# )
-#
-objectclass ( 1.3.6.1.4.1.42.2.27.4.2.10
- NAME 'corbaContainer'
- DESC 'Container for a CORBA object'
- SUP top
- STRUCTURAL
- MUST cn )
-
-# 4.2 corbaObject
-#
-# This abstract object class is the root class for representing a CORBA
-# object.
-#
-# ( 1.3.6.1.4.1.42.2.27.4.2.9
-# NAME 'corbaObject'
-# DESC 'CORBA object representation'
-# SUP top
-# ABSTRACT
-# MAY ( corbaRepositoryId $ description )
-# )
-#
-objectclass ( 1.3.6.1.4.1.42.2.27.4.2.9
- NAME 'corbaObject'
- DESC 'CORBA object representation'
- SUP top
- ABSTRACT
- MAY ( corbaRepositoryId $ description ) )
-
-# 4.3 corbaObjectReference
-#
-# This auxiliary object class represents a CORBA object reference. It
-# must be mixed in with a structural object class.
-#
-# ( 1.3.6.1.4.1.42.2.27.4.2.11
-# NAME 'corbaObjectReference'
-# DESC 'CORBA interoperable object reference'
-# SUP corbaObject
-# AUXILIARY
-# MUST ( corbaIor )
-# )
-#
-objectclass ( 1.3.6.1.4.1.42.2.27.4.2.11
- NAME 'corbaObjectReference'
- DESC 'CORBA interoperable object reference'
- SUP corbaObject
- AUXILIARY
- MUST corbaIor )
-
-# 10. Full Copyright Statement
-#
-# Copyright (C) The Internet Society (1999). All Rights Reserved.
-#
-# This document and translations of it may be copied and furnished to
-# others, and derivative works that comment on or otherwise explain it
-# or assist in its implementation may be prepared, copied, published
-# and distributed, in whole or in part, without restriction of any
-# kind, provided that the above copyright notice and this paragraph are
-# included on all such copies and derivative works. However, this
-# document itself may not be modified in any way, such as by removing
-# the copyright notice or references to the Internet Society or other
-# Internet organizations, except as needed for the purpose of
-# developing Internet standards in which case the procedures for
-# copyrights defined in the Internet Standards process must be
-# followed, or as required to translate it into languages other than
-# English.
-#
-# The limited permissions granted above are perpetual and will not be
-# revoked by the Internet Society or its successors or assigns.
-#
-# This document and the information contained herein is provided on an
-# "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
-# TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
-# BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
-# HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
-# MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+++ /dev/null
-# OpenLDAP Core schema
-# $OpenLDAP$
-## This work is part of OpenLDAP Software <http://www.openldap.org/>.
-##
-## Copyright 1998-2011 The OpenLDAP Foundation.
-## All rights reserved.
-##
-## Redistribution and use in source and binary forms, with or without
-## modification, are permitted only as authorized by the OpenLDAP
-## Public License.
-##
-## A copy of this license is available in the file LICENSE in the
-## top-level directory of the distribution or, alternatively, at
-## <http://www.OpenLDAP.org/license.html>.
-#
-## Portions Copyright (C) The Internet Society (1997-2003).
-## All Rights Reserved.
-##
-## This document and translations of it may be copied and furnished to
-## others, and derivative works that comment on or otherwise explain it
-## or assist in its implementation may be prepared, copied, published
-## and distributed, in whole or in part, without restriction of any
-## kind, provided that the above copyright notice and this paragraph are
-## included on all such copies and derivative works. However, this
-## document itself may not be modified in any way, such as by removing
-## the copyright notice or references to the Internet Society or other
-## Internet organizations, except as needed for the purpose of
-## developing Internet standards in which case the procedures for
-## copyrights defined in the Internet Standards process must be
-## followed, or as required to translate it into languages other than
-## English.
-##
-## The limited permissions granted above are perpetual and will not be
-## revoked by the Internet Society or its successors or assigns.
-##
-## This document and the information contained herein is provided on an
-## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
-## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
-## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
-## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
-## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
-#
-#
-#
-# Includes LDAPv3 schema items from:
-# RFC 2252/2256 (LDAPv3)
-#
-# Select standard track schema items:
-# RFC 1274 (uid/dc)
-# RFC 2079 (URI)
-# RFC 2247 (dc/dcObject)
-# RFC 2587 (PKI)
-# RFC 2589 (Dynamic Directory Services)
-#
-# Select informational schema items:
-# RFC 2377 (uidObject)
-#
-#
-# Standard attribute types from RFC 2256
-#
-dn: cn=core,cn=schema,cn=config
-objectClass: olcSchemaConfig
-cn: core
-#
-# system schema
-#olcAttributeTypes: ( 2.5.4.0 NAME 'objectClass'
-# DESC 'RFC2256: object classes of the entity'
-# EQUALITY objectIdentifierMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
-#
-# system schema
-#olcAttributeTypes: ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' )
-# DESC 'RFC2256: name of aliased object'
-# EQUALITY distinguishedNameMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
-#
-olcAttributeTypes: ( 2.5.4.2 NAME 'knowledgeInformation'
- DESC 'RFC2256: knowledge information'
- EQUALITY caseIgnoreMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
-#
-# system schema
-#olcAttributeTypes: ( 2.5.4.3 NAME ( 'cn' 'commonName' )
-# DESC 'RFC2256: common name(s) for which the entity is known by'
-# SUP name )
-#
-olcAttributeTypes: ( 2.5.4.4 NAME ( 'sn' 'surname' )
- DESC 'RFC2256: last (family) name(s) for which the entity is known by'
- SUP name )
-#
-olcAttributeTypes: ( 2.5.4.5 NAME 'serialNumber'
- DESC 'RFC2256: serial number of the entity'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} )
-#
-# RFC 4519 definition ('countryName' in X.500 and RFC2256)
-olcAttributeTypes: ( 2.5.4.6 NAME ( 'c' 'countryName' )
- DESC 'RFC4519: two-letter ISO-3166 country code'
- SUP name
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.11
- SINGLE-VALUE )
-#
-olcAttributeTypes: ( 2.5.4.7 NAME ( 'l' 'localityName' )
- DESC 'RFC2256: locality which this object resides in'
- SUP name )
-#
-olcAttributeTypes: ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' )
- DESC 'RFC2256: state or province which this object resides in'
- SUP name )
-#
-olcAttributeTypes: ( 2.5.4.9 NAME ( 'street' 'streetAddress' )
- DESC 'RFC2256: street address of this object'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
-#
-olcAttributeTypes: ( 2.5.4.10 NAME ( 'o' 'organizationName' )
- DESC 'RFC2256: organization this object belongs to'
- SUP name )
-#
-olcAttributeTypes: ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' )
- DESC 'RFC2256: organizational unit this object belongs to'
- SUP name )
-#
-olcAttributeTypes: ( 2.5.4.12 NAME 'title'
- DESC 'RFC2256: title associated with the entity'
- SUP name )
-#
-# system schema
-#olcAttributeTypes: ( 2.5.4.13 NAME 'description'
-# DESC 'RFC2256: descriptive information'
-# EQUALITY caseIgnoreMatch
-# SUBSTR caseIgnoreSubstringsMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
-#
-# Deprecated by enhancedSearchGuide
-olcAttributeTypes: ( 2.5.4.14 NAME 'searchGuide'
- DESC 'RFC2256: search guide, deprecated by enhancedSearchGuide'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 )
-#
-olcAttributeTypes: ( 2.5.4.15 NAME 'businessCategory'
- DESC 'RFC2256: business category'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
-#
-olcAttributeTypes: ( 2.5.4.16 NAME 'postalAddress'
- DESC 'RFC2256: postal address'
- EQUALITY caseIgnoreListMatch
- SUBSTR caseIgnoreListSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
-#
-olcAttributeTypes: ( 2.5.4.17 NAME 'postalCode'
- DESC 'RFC2256: postal code'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
-#
-olcAttributeTypes: ( 2.5.4.18 NAME 'postOfficeBox'
- DESC 'RFC2256: Post Office Box'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
-#
-olcAttributeTypes: ( 2.5.4.19 NAME 'physicalDeliveryOfficeName'
- DESC 'RFC2256: Physical Delivery Office Name'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
-#
-olcAttributeTypes: ( 2.5.4.20 NAME 'telephoneNumber'
- DESC 'RFC2256: Telephone Number'
- EQUALITY telephoneNumberMatch
- SUBSTR telephoneNumberSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} )
-#
-olcAttributeTypes: ( 2.5.4.21 NAME 'telexNumber'
- DESC 'RFC2256: Telex Number'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 )
-#
-olcAttributeTypes: ( 2.5.4.22 NAME 'teletexTerminalIdentifier'
- DESC 'RFC2256: Teletex Terminal Identifier'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 )
-#
-olcAttributeTypes: ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' )
- DESC 'RFC2256: Facsimile (Fax) Telephone Number'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 )
-#
-olcAttributeTypes: ( 2.5.4.24 NAME 'x121Address'
- DESC 'RFC2256: X.121 Address'
- EQUALITY numericStringMatch
- SUBSTR numericStringSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} )
-#
-olcAttributeTypes: ( 2.5.4.25 NAME 'internationaliSDNNumber'
- DESC 'RFC2256: international ISDN number'
- EQUALITY numericStringMatch
- SUBSTR numericStringSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} )
-#
-olcAttributeTypes: ( 2.5.4.26 NAME 'registeredAddress'
- DESC 'RFC2256: registered postal address'
- SUP postalAddress
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
-#
-olcAttributeTypes: ( 2.5.4.27 NAME 'destinationIndicator'
- DESC 'RFC2256: destination indicator'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} )
-#
-olcAttributeTypes: ( 2.5.4.28 NAME 'preferredDeliveryMethod'
- DESC 'RFC2256: preferred delivery method'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.14
- SINGLE-VALUE )
-#
-olcAttributeTypes: ( 2.5.4.29 NAME 'presentationAddress'
- DESC 'RFC2256: presentation address'
- EQUALITY presentationAddressMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.43
- SINGLE-VALUE )
-#
-olcAttributeTypes: ( 2.5.4.30 NAME 'supportedApplicationContext'
- DESC 'RFC2256: supported application context'
- EQUALITY objectIdentifierMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
-#
-olcAttributeTypes: ( 2.5.4.31 NAME 'member'
- DESC 'RFC2256: member of a group'
- SUP distinguishedName )
-#
-olcAttributeTypes: ( 2.5.4.32 NAME 'owner'
- DESC 'RFC2256: owner (of the object)'
- SUP distinguishedName )
-#
-olcAttributeTypes: ( 2.5.4.33 NAME 'roleOccupant'
- DESC 'RFC2256: occupant of role'
- SUP distinguishedName )
-#
-# system schema
-#olcAttributeTypes: ( 2.5.4.34 NAME 'seeAlso'
-# DESC 'RFC2256: DN of related object'
-# SUP distinguishedName )
-#
-# system schema
-#olcAttributeTypes: ( 2.5.4.35 NAME 'userPassword'
-# DESC 'RFC2256/2307: password of user'
-# EQUALITY octetStringMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
-#
-# Must be transferred using ;binary
-# with certificateExactMatch rule (per X.509)
-olcAttributeTypes: ( 2.5.4.36 NAME 'userCertificate'
- DESC 'RFC2256: X.509 user certificate, use ;binary'
- EQUALITY certificateExactMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
-#
-# Must be transferred using ;binary
-# with certificateExactMatch rule (per X.509)
-olcAttributeTypes: ( 2.5.4.37 NAME 'cACertificate'
- DESC 'RFC2256: X.509 CA certificate, use ;binary'
- EQUALITY certificateExactMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
-#
-# Must be transferred using ;binary
-olcAttributeTypes: ( 2.5.4.38 NAME 'authorityRevocationList'
- DESC 'RFC2256: X.509 authority revocation list, use ;binary'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
-#
-# Must be transferred using ;binary
-olcAttributeTypes: ( 2.5.4.39 NAME 'certificateRevocationList'
- DESC 'RFC2256: X.509 certificate revocation list, use ;binary'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
-#
-# Must be stored and requested in the binary form
-olcAttributeTypes: ( 2.5.4.40 NAME 'crossCertificatePair'
- DESC 'RFC2256: X.509 cross certificate pair, use ;binary'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 )
-#
-# 2.5.4.41 is defined above as it's used for subtyping
-#olcAttributeTypes: ( 2.5.4.41 NAME 'name'
-# EQUALITY caseIgnoreMatch
-# SUBSTR caseIgnoreSubstringsMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
-#
-olcAttributeTypes: ( 2.5.4.42 NAME ( 'givenName' 'gn' )
- DESC 'RFC2256: first name(s) for which the entity is known by'
- SUP name )
-#
-olcAttributeTypes: ( 2.5.4.43 NAME 'initials'
- DESC 'RFC2256: initials of some or all of names, but not the surname(s).'
- SUP name )
-#
-olcAttributeTypes: ( 2.5.4.44 NAME 'generationQualifier'
- DESC 'RFC2256: name qualifier indicating a generation'
- SUP name )
-#
-olcAttributeTypes: ( 2.5.4.45 NAME 'x500UniqueIdentifier'
- DESC 'RFC2256: X.500 unique identifier'
- EQUALITY bitStringMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )
-#
-olcAttributeTypes: ( 2.5.4.46 NAME 'dnQualifier'
- DESC 'RFC2256: DN qualifier'
- EQUALITY caseIgnoreMatch
- ORDERING caseIgnoreOrderingMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
-#
-olcAttributeTypes: ( 2.5.4.47 NAME 'enhancedSearchGuide'
- DESC 'RFC2256: enhanced search guide'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 )
-#
-olcAttributeTypes: ( 2.5.4.48 NAME 'protocolInformation'
- DESC 'RFC2256: protocol information'
- EQUALITY protocolInformationMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 )
-#
-# 2.5.4.49 is defined above as it's used for subtyping
-#olcAttributeTypes: ( 2.5.4.49 NAME 'distinguishedName'
-# EQUALITY distinguishedNameMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
-#
-olcAttributeTypes: ( 2.5.4.50 NAME 'uniqueMember'
- DESC 'RFC2256: unique member of a group'
- EQUALITY uniqueMemberMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 )
-#
-olcAttributeTypes: ( 2.5.4.51 NAME 'houseIdentifier'
- DESC 'RFC2256: house identifier'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
-#
-# Must be transferred using ;binary
-olcAttributeTypes: ( 2.5.4.52 NAME 'supportedAlgorithms'
- DESC 'RFC2256: supported algorithms'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 )
-#
-# Must be transferred using ;binary
-olcAttributeTypes: ( 2.5.4.53 NAME 'deltaRevocationList'
- DESC 'RFC2256: delta revocation list; use ;binary'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
-#
-olcAttributeTypes: ( 2.5.4.54 NAME 'dmdName'
- DESC 'RFC2256: name of DMD'
- SUP name )
-#
-olcAttributeTypes: ( 2.5.4.65 NAME 'pseudonym'
- DESC 'X.520(4th): pseudonym for the object'
- SUP name )
-#
-# Standard object classes from RFC2256
-#
-# system schema
-#olcObjectClasses: ( 2.5.6.1 NAME 'alias'
-# DESC 'RFC2256: an alias'
-# SUP top STRUCTURAL
-# MUST aliasedObjectName )
-#
-olcObjectClasses: ( 2.5.6.2 NAME 'country'
- DESC 'RFC2256: a country'
- SUP top STRUCTURAL
- MUST c
- MAY ( searchGuide $ description ) )
-#
-olcObjectClasses: ( 2.5.6.3 NAME 'locality'
- DESC 'RFC2256: a locality'
- SUP top STRUCTURAL
- MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) )
-#
-olcObjectClasses: ( 2.5.6.4 NAME 'organization'
- DESC 'RFC2256: an organization'
- SUP top STRUCTURAL
- MUST o
- MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
- x121Address $ registeredAddress $ destinationIndicator $
- preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
- telephoneNumber $ internationaliSDNNumber $
- facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
- postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
-#
-olcObjectClasses: ( 2.5.6.5 NAME 'organizationalUnit'
- DESC 'RFC2256: an organizational unit'
- SUP top STRUCTURAL
- MUST ou
- MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
- x121Address $ registeredAddress $ destinationIndicator $
- preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
- telephoneNumber $ internationaliSDNNumber $
- facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
- postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
-#
-olcObjectClasses: ( 2.5.6.6 NAME 'person'
- DESC 'RFC2256: a person'
- SUP top STRUCTURAL
- MUST ( sn $ cn )
- MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) )
-#
-olcObjectClasses: ( 2.5.6.7 NAME 'organizationalPerson'
- DESC 'RFC2256: an organizational person'
- SUP person STRUCTURAL
- MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $
- preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
- telephoneNumber $ internationaliSDNNumber $
- facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
- postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) )
-#
-olcObjectClasses: ( 2.5.6.8 NAME 'organizationalRole'
- DESC 'RFC2256: an organizational role'
- SUP top STRUCTURAL
- MUST cn
- MAY ( x121Address $ registeredAddress $ destinationIndicator $
- preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
- telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
- seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $
- postOfficeBox $ postalCode $ postalAddress $
- physicalDeliveryOfficeName $ ou $ st $ l $ description ) )
-#
-olcObjectClasses: ( 2.5.6.9 NAME 'groupOfNames'
- DESC 'RFC2256: a group of names (DNs)'
- SUP top STRUCTURAL
- MUST ( member $ cn )
- MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
-#
-olcObjectClasses: ( 2.5.6.10 NAME 'residentialPerson'
- DESC 'RFC2256: an residential person'
- SUP person STRUCTURAL
- MUST l
- MAY ( businessCategory $ x121Address $ registeredAddress $
- destinationIndicator $ preferredDeliveryMethod $ telexNumber $
- teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $
- facsimileTelephoneNumber $ preferredDeliveryMethod $ street $
- postOfficeBox $ postalCode $ postalAddress $
- physicalDeliveryOfficeName $ st $ l ) )
-#
-olcObjectClasses: ( 2.5.6.11 NAME 'applicationProcess'
- DESC 'RFC2256: an application process'
- SUP top STRUCTURAL
- MUST cn
- MAY ( seeAlso $ ou $ l $ description ) )
-#
-olcObjectClasses: ( 2.5.6.12 NAME 'applicationEntity'
- DESC 'RFC2256: an application entity'
- SUP top STRUCTURAL
- MUST ( presentationAddress $ cn )
- MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $
- description ) )
-#
-olcObjectClasses: ( 2.5.6.13 NAME 'dSA'
- DESC 'RFC2256: a directory system agent (a server)'
- SUP applicationEntity STRUCTURAL
- MAY knowledgeInformation )
-#
-olcObjectClasses: ( 2.5.6.14 NAME 'device'
- DESC 'RFC2256: a device'
- SUP top STRUCTURAL
- MUST cn
- MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) )
-#
-olcObjectClasses: ( 2.5.6.15 NAME 'strongAuthenticationUser'
- DESC 'RFC2256: a strong authentication user'
- SUP top AUXILIARY
- MUST userCertificate )
-#
-olcObjectClasses: ( 2.5.6.16 NAME 'certificationAuthority'
- DESC 'RFC2256: a certificate authority'
- SUP top AUXILIARY
- MUST ( authorityRevocationList $ certificateRevocationList $
- cACertificate ) MAY crossCertificatePair )
-#
-olcObjectClasses: ( 2.5.6.17 NAME 'groupOfUniqueNames'
- DESC 'RFC2256: a group of unique names (DN and Unique Identifier)'
- SUP top STRUCTURAL
- MUST ( uniqueMember $ cn )
- MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
-#
-olcObjectClasses: ( 2.5.6.18 NAME 'userSecurityInformation'
- DESC 'RFC2256: a user security information'
- SUP top AUXILIARY
- MAY ( supportedAlgorithms ) )
-#
-olcObjectClasses: ( 2.5.6.16.2 NAME 'certificationAuthority-V2'
- SUP certificationAuthority
- AUXILIARY MAY ( deltaRevocationList ) )
-#
-olcObjectClasses: ( 2.5.6.19 NAME 'cRLDistributionPoint'
- SUP top STRUCTURAL
- MUST ( cn )
- MAY ( certificateRevocationList $ authorityRevocationList $
- deltaRevocationList ) )
-#
-olcObjectClasses: ( 2.5.6.20 NAME 'dmd'
- SUP top STRUCTURAL
- MUST ( dmdName )
- MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
- x121Address $ registeredAddress $ destinationIndicator $
- preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
- telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
- street $ postOfficeBox $ postalCode $ postalAddress $
- physicalDeliveryOfficeName $ st $ l $ description ) )
-#
-#
-# Object Classes from RFC 2587
-#
-olcObjectClasses: ( 2.5.6.21 NAME 'pkiUser'
- DESC 'RFC2587: a PKI user'
- SUP top AUXILIARY
- MAY userCertificate )
-#
-olcObjectClasses: ( 2.5.6.22 NAME 'pkiCA'
- DESC 'RFC2587: PKI certificate authority'
- SUP top AUXILIARY
- MAY ( authorityRevocationList $ certificateRevocationList $
- cACertificate $ crossCertificatePair ) )
-#
-olcObjectClasses: ( 2.5.6.23 NAME 'deltaCRL'
- DESC 'RFC2587: PKI user'
- SUP top AUXILIARY
- MAY deltaRevocationList )
-#
-#
-# Standard Track URI label schema from RFC 2079
-# system schema
-#olcAttributeTypes: ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI'
-# DESC 'RFC2079: Uniform Resource Identifier with optional label'
-# EQUALITY caseExactMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-#
-olcObjectClasses: ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject'
- DESC 'RFC2079: object that contains the URI attribute type'
- MAY ( labeledURI )
- SUP top AUXILIARY )
-#
-#
-# Derived from RFC 1274, but with new "short names"
-#
-#olcAttributeTypes: ( 0.9.2342.19200300.100.1.1
-# NAME ( 'uid' 'userid' )
-# DESC 'RFC1274: user identifier'
-# EQUALITY caseIgnoreMatch
-# SUBSTR caseIgnoreSubstringsMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-#
-olcAttributeTypes: ( 0.9.2342.19200300.100.1.3
- NAME ( 'mail' 'rfc822Mailbox' )
- DESC 'RFC1274: RFC822 Mailbox'
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
-#
-olcObjectClasses: ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
- DESC 'RFC1274: simple security object'
- SUP top AUXILIARY
- MUST userPassword )
-#
-# RFC 1274 + RFC 2247
-olcAttributeTypes: ( 0.9.2342.19200300.100.1.25
- NAME ( 'dc' 'domainComponent' )
- DESC 'RFC1274/2247: domain component'
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
-#
-# RFC 2247
-olcObjectClasses: ( 1.3.6.1.4.1.1466.344 NAME 'dcObject'
- DESC 'RFC2247: domain component object'
- SUP top AUXILIARY MUST dc )
-#
-# RFC 2377
-olcObjectClasses: ( 1.3.6.1.1.3.1 NAME 'uidObject'
- DESC 'RFC2377: uid object'
- SUP top AUXILIARY MUST uid )
-#
-# From COSINE Pilot
-olcAttributeTypes: ( 0.9.2342.19200300.100.1.37
- NAME 'associatedDomain'
- DESC 'RFC1274: domain associated with object'
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-#
-# RFC 2459 -- deprecated in favor of 'mail' (in cosine.schema)
-olcAttributeTypes: ( 1.2.840.113549.1.9.1
- NAME ( 'email' 'emailAddress' 'pkcs9email' )
- DESC 'RFC3280: legacy attribute for email addresses in DNs'
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
-#
+++ /dev/null
-# OpenLDAP Core schema
-# $OpenLDAP$
-## This work is part of OpenLDAP Software <http://www.openldap.org/>.
-##
-## Copyright 1998-2011 The OpenLDAP Foundation.
-## All rights reserved.
-##
-## Redistribution and use in source and binary forms, with or without
-## modification, are permitted only as authorized by the OpenLDAP
-## Public License.
-##
-## A copy of this license is available in the file LICENSE in the
-## top-level directory of the distribution or, alternatively, at
-## <http://www.OpenLDAP.org/license.html>.
-#
-## Portions Copyright (C) The Internet Society (1997-2006).
-## All Rights Reserved.
-##
-## This document and translations of it may be copied and furnished to
-## others, and derivative works that comment on or otherwise explain it
-## or assist in its implementation may be prepared, copied, published
-## and distributed, in whole or in part, without restriction of any
-## kind, provided that the above copyright notice and this paragraph are
-## included on all such copies and derivative works. However, this
-## document itself may not be modified in any way, such as by removing
-## the copyright notice or references to the Internet Society or other
-## Internet organizations, except as needed for the purpose of
-## developing Internet standards in which case the procedures for
-## copyrights defined in the Internet Standards process must be
-## followed, or as required to translate it into languages other than
-## English.
-##
-## The limited permissions granted above are perpetual and will not be
-## revoked by the Internet Society or its successors or assigns.
-##
-## This document and the information contained herein is provided on an
-## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
-## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
-## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
-## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
-## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
-
-#
-#
-# Includes LDAPv3 schema items from:
-# RFC 2252/2256 (LDAPv3)
-#
-# Select standard track schema items:
-# RFC 1274 (uid/dc)
-# RFC 2079 (URI)
-# RFC 2247 (dc/dcObject)
-# RFC 2587 (PKI)
-# RFC 2589 (Dynamic Directory Services)
-# RFC 4524 (associatedDomain)
-#
-# Select informational schema items:
-# RFC 2377 (uidObject)
-
-#
-# Standard attribute types from RFC 2256
-#
-
-# system schema
-#attributetype ( 2.5.4.0 NAME 'objectClass'
-# DESC 'RFC2256: object classes of the entity'
-# EQUALITY objectIdentifierMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
-
-# system schema
-#attributetype ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' )
-# DESC 'RFC2256: name of aliased object'
-# EQUALITY distinguishedNameMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
-
-attributetype ( 2.5.4.2 NAME 'knowledgeInformation'
- DESC 'RFC2256: knowledge information'
- EQUALITY caseIgnoreMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
-
-# system schema
-#attributetype ( 2.5.4.3 NAME ( 'cn' 'commonName' )
-# DESC 'RFC2256: common name(s) for which the entity is known by'
-# SUP name )
-
-attributetype ( 2.5.4.4 NAME ( 'sn' 'surname' )
- DESC 'RFC2256: last (family) name(s) for which the entity is known by'
- SUP name )
-
-attributetype ( 2.5.4.5 NAME 'serialNumber'
- DESC 'RFC2256: serial number of the entity'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} )
-
-# RFC 4519 definition ('countryName' in X.500 and RFC2256)
-attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' )
- DESC 'RFC4519: two-letter ISO-3166 country code'
- SUP name
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.11
- SINGLE-VALUE )
-
-#attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' )
-# DESC 'RFC2256: ISO-3166 country 2-letter code'
-# SUP name SINGLE-VALUE )
-
-attributetype ( 2.5.4.7 NAME ( 'l' 'localityName' )
- DESC 'RFC2256: locality which this object resides in'
- SUP name )
-
-attributetype ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' )
- DESC 'RFC2256: state or province which this object resides in'
- SUP name )
-
-attributetype ( 2.5.4.9 NAME ( 'street' 'streetAddress' )
- DESC 'RFC2256: street address of this object'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
-
-attributetype ( 2.5.4.10 NAME ( 'o' 'organizationName' )
- DESC 'RFC2256: organization this object belongs to'
- SUP name )
-
-attributetype ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' )
- DESC 'RFC2256: organizational unit this object belongs to'
- SUP name )
-
-attributetype ( 2.5.4.12 NAME 'title'
- DESC 'RFC2256: title associated with the entity'
- SUP name )
-
-# system schema
-#attributetype ( 2.5.4.13 NAME 'description'
-# DESC 'RFC2256: descriptive information'
-# EQUALITY caseIgnoreMatch
-# SUBSTR caseIgnoreSubstringsMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
-
-# Deprecated by enhancedSearchGuide
-attributetype ( 2.5.4.14 NAME 'searchGuide'
- DESC 'RFC2256: search guide, deprecated by enhancedSearchGuide'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 )
-
-attributetype ( 2.5.4.15 NAME 'businessCategory'
- DESC 'RFC2256: business category'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
-
-attributetype ( 2.5.4.16 NAME 'postalAddress'
- DESC 'RFC2256: postal address'
- EQUALITY caseIgnoreListMatch
- SUBSTR caseIgnoreListSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
-
-attributetype ( 2.5.4.17 NAME 'postalCode'
- DESC 'RFC2256: postal code'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
-
-attributetype ( 2.5.4.18 NAME 'postOfficeBox'
- DESC 'RFC2256: Post Office Box'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
-
-attributetype ( 2.5.4.19 NAME 'physicalDeliveryOfficeName'
- DESC 'RFC2256: Physical Delivery Office Name'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
-
-attributetype ( 2.5.4.20 NAME 'telephoneNumber'
- DESC 'RFC2256: Telephone Number'
- EQUALITY telephoneNumberMatch
- SUBSTR telephoneNumberSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} )
-
-attributetype ( 2.5.4.21 NAME 'telexNumber'
- DESC 'RFC2256: Telex Number'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 )
-
-attributetype ( 2.5.4.22 NAME 'teletexTerminalIdentifier'
- DESC 'RFC2256: Teletex Terminal Identifier'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 )
-
-attributetype ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' )
- DESC 'RFC2256: Facsimile (Fax) Telephone Number'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 )
-
-attributetype ( 2.5.4.24 NAME 'x121Address'
- DESC 'RFC2256: X.121 Address'
- EQUALITY numericStringMatch
- SUBSTR numericStringSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} )
-
-attributetype ( 2.5.4.25 NAME 'internationaliSDNNumber'
- DESC 'RFC2256: international ISDN number'
- EQUALITY numericStringMatch
- SUBSTR numericStringSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} )
-
-attributetype ( 2.5.4.26 NAME 'registeredAddress'
- DESC 'RFC2256: registered postal address'
- SUP postalAddress
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
-
-attributetype ( 2.5.4.27 NAME 'destinationIndicator'
- DESC 'RFC2256: destination indicator'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} )
-
-attributetype ( 2.5.4.28 NAME 'preferredDeliveryMethod'
- DESC 'RFC2256: preferred delivery method'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.14
- SINGLE-VALUE )
-
-attributetype ( 2.5.4.29 NAME 'presentationAddress'
- DESC 'RFC2256: presentation address'
- EQUALITY presentationAddressMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.43
- SINGLE-VALUE )
-
-attributetype ( 2.5.4.30 NAME 'supportedApplicationContext'
- DESC 'RFC2256: supported application context'
- EQUALITY objectIdentifierMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
-
-attributetype ( 2.5.4.31 NAME 'member'
- DESC 'RFC2256: member of a group'
- SUP distinguishedName )
-
-attributetype ( 2.5.4.32 NAME 'owner'
- DESC 'RFC2256: owner (of the object)'
- SUP distinguishedName )
-
-attributetype ( 2.5.4.33 NAME 'roleOccupant'
- DESC 'RFC2256: occupant of role'
- SUP distinguishedName )
-
-# system schema
-#attributetype ( 2.5.4.34 NAME 'seeAlso'
-# DESC 'RFC2256: DN of related object'
-# SUP distinguishedName )
-
-# system schema
-#attributetype ( 2.5.4.35 NAME 'userPassword'
-# DESC 'RFC2256/2307: password of user'
-# EQUALITY octetStringMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
-
-# Must be transferred using ;binary
-# with certificateExactMatch rule (per X.509)
-attributetype ( 2.5.4.36 NAME 'userCertificate'
- DESC 'RFC2256: X.509 user certificate, use ;binary'
- EQUALITY certificateExactMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
-
-# Must be transferred using ;binary
-# with certificateExactMatch rule (per X.509)
-attributetype ( 2.5.4.37 NAME 'cACertificate'
- DESC 'RFC2256: X.509 CA certificate, use ;binary'
- EQUALITY certificateExactMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
-
-# Must be transferred using ;binary
-attributetype ( 2.5.4.38 NAME 'authorityRevocationList'
- DESC 'RFC2256: X.509 authority revocation list, use ;binary'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
-
-# Must be transferred using ;binary
-attributetype ( 2.5.4.39 NAME 'certificateRevocationList'
- DESC 'RFC2256: X.509 certificate revocation list, use ;binary'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
-
-# Must be stored and requested in the binary form
-attributetype ( 2.5.4.40 NAME 'crossCertificatePair'
- DESC 'RFC2256: X.509 cross certificate pair, use ;binary'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 )
-
-# system schema
-#attributetype ( 2.5.4.41 NAME 'name'
-# EQUALITY caseIgnoreMatch
-# SUBSTR caseIgnoreSubstringsMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
-
-attributetype ( 2.5.4.42 NAME ( 'givenName' 'gn' )
- DESC 'RFC2256: first name(s) for which the entity is known by'
- SUP name )
-
-attributetype ( 2.5.4.43 NAME 'initials'
- DESC 'RFC2256: initials of some or all of names, but not the surname(s).'
- SUP name )
-
-attributetype ( 2.5.4.44 NAME 'generationQualifier'
- DESC 'RFC2256: name qualifier indicating a generation'
- SUP name )
-
-attributetype ( 2.5.4.45 NAME 'x500UniqueIdentifier'
- DESC 'RFC2256: X.500 unique identifier'
- EQUALITY bitStringMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )
-
-attributetype ( 2.5.4.46 NAME 'dnQualifier'
- DESC 'RFC2256: DN qualifier'
- EQUALITY caseIgnoreMatch
- ORDERING caseIgnoreOrderingMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
-
-attributetype ( 2.5.4.47 NAME 'enhancedSearchGuide'
- DESC 'RFC2256: enhanced search guide'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 )
-
-attributetype ( 2.5.4.48 NAME 'protocolInformation'
- DESC 'RFC2256: protocol information'
- EQUALITY protocolInformationMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 )
-
-# system schema
-#attributetype ( 2.5.4.49 NAME 'distinguishedName'
-# EQUALITY distinguishedNameMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
-
-attributetype ( 2.5.4.50 NAME 'uniqueMember'
- DESC 'RFC2256: unique member of a group'
- EQUALITY uniqueMemberMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 )
-
-attributetype ( 2.5.4.51 NAME 'houseIdentifier'
- DESC 'RFC2256: house identifier'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
-
-# Must be transferred using ;binary
-attributetype ( 2.5.4.52 NAME 'supportedAlgorithms'
- DESC 'RFC2256: supported algorithms'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 )
-
-# Must be transferred using ;binary
-attributetype ( 2.5.4.53 NAME 'deltaRevocationList'
- DESC 'RFC2256: delta revocation list; use ;binary'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
-
-attributetype ( 2.5.4.54 NAME 'dmdName'
- DESC 'RFC2256: name of DMD'
- SUP name )
-
-attributetype ( 2.5.4.65 NAME 'pseudonym'
- DESC 'X.520(4th): pseudonym for the object'
- SUP name )
-
-# Standard object classes from RFC2256
-
-# system schema
-#objectclass ( 2.5.6.0 NAME 'top'
-# DESC 'RFC2256: top of the superclass chain'
-# ABSTRACT
-# MUST objectClass )
-
-# system schema
-#objectclass ( 2.5.6.1 NAME 'alias'
-# DESC 'RFC2256: an alias'
-# SUP top STRUCTURAL
-# MUST aliasedObjectName )
-
-objectclass ( 2.5.6.2 NAME 'country'
- DESC 'RFC2256: a country'
- SUP top STRUCTURAL
- MUST c
- MAY ( searchGuide $ description ) )
-
-objectclass ( 2.5.6.3 NAME 'locality'
- DESC 'RFC2256: a locality'
- SUP top STRUCTURAL
- MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) )
-
-objectclass ( 2.5.6.4 NAME 'organization'
- DESC 'RFC2256: an organization'
- SUP top STRUCTURAL
- MUST o
- MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
- x121Address $ registeredAddress $ destinationIndicator $
- preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
- telephoneNumber $ internationaliSDNNumber $
- facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
- postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
-
-objectclass ( 2.5.6.5 NAME 'organizationalUnit'
- DESC 'RFC2256: an organizational unit'
- SUP top STRUCTURAL
- MUST ou
- MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
- x121Address $ registeredAddress $ destinationIndicator $
- preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
- telephoneNumber $ internationaliSDNNumber $
- facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
- postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
-
-objectclass ( 2.5.6.6 NAME 'person'
- DESC 'RFC2256: a person'
- SUP top STRUCTURAL
- MUST ( sn $ cn )
- MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) )
-
-objectclass ( 2.5.6.7 NAME 'organizationalPerson'
- DESC 'RFC2256: an organizational person'
- SUP person STRUCTURAL
- MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $
- preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
- telephoneNumber $ internationaliSDNNumber $
- facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
- postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) )
-
-objectclass ( 2.5.6.8 NAME 'organizationalRole'
- DESC 'RFC2256: an organizational role'
- SUP top STRUCTURAL
- MUST cn
- MAY ( x121Address $ registeredAddress $ destinationIndicator $
- preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
- telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
- seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $
- postOfficeBox $ postalCode $ postalAddress $
- physicalDeliveryOfficeName $ ou $ st $ l $ description ) )
-
-objectclass ( 2.5.6.9 NAME 'groupOfNames'
- DESC 'RFC2256: a group of names (DNs)'
- SUP top STRUCTURAL
- MUST ( member $ cn )
- MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
-
-objectclass ( 2.5.6.10 NAME 'residentialPerson'
- DESC 'RFC2256: an residential person'
- SUP person STRUCTURAL
- MUST l
- MAY ( businessCategory $ x121Address $ registeredAddress $
- destinationIndicator $ preferredDeliveryMethod $ telexNumber $
- teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $
- facsimileTelephoneNumber $ preferredDeliveryMethod $ street $
- postOfficeBox $ postalCode $ postalAddress $
- physicalDeliveryOfficeName $ st $ l ) )
-
-objectclass ( 2.5.6.11 NAME 'applicationProcess'
- DESC 'RFC2256: an application process'
- SUP top STRUCTURAL
- MUST cn
- MAY ( seeAlso $ ou $ l $ description ) )
-
-objectclass ( 2.5.6.12 NAME 'applicationEntity'
- DESC 'RFC2256: an application entity'
- SUP top STRUCTURAL
- MUST ( presentationAddress $ cn )
- MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $
- description ) )
-
-objectclass ( 2.5.6.13 NAME 'dSA'
- DESC 'RFC2256: a directory system agent (a server)'
- SUP applicationEntity STRUCTURAL
- MAY knowledgeInformation )
-
-objectclass ( 2.5.6.14 NAME 'device'
- DESC 'RFC2256: a device'
- SUP top STRUCTURAL
- MUST cn
- MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) )
-
-objectclass ( 2.5.6.15 NAME 'strongAuthenticationUser'
- DESC 'RFC2256: a strong authentication user'
- SUP top AUXILIARY
- MUST userCertificate )
-
-objectclass ( 2.5.6.16 NAME 'certificationAuthority'
- DESC 'RFC2256: a certificate authority'
- SUP top AUXILIARY
- MUST ( authorityRevocationList $ certificateRevocationList $
- cACertificate ) MAY crossCertificatePair )
-
-objectclass ( 2.5.6.17 NAME 'groupOfUniqueNames'
- DESC 'RFC2256: a group of unique names (DN and Unique Identifier)'
- SUP top STRUCTURAL
- MUST ( uniqueMember $ cn )
- MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
-
-objectclass ( 2.5.6.18 NAME 'userSecurityInformation'
- DESC 'RFC2256: a user security information'
- SUP top AUXILIARY
- MAY ( supportedAlgorithms ) )
-
-objectclass ( 2.5.6.16.2 NAME 'certificationAuthority-V2'
- SUP certificationAuthority
- AUXILIARY MAY ( deltaRevocationList ) )
-
-objectclass ( 2.5.6.19 NAME 'cRLDistributionPoint'
- SUP top STRUCTURAL
- MUST ( cn )
- MAY ( certificateRevocationList $ authorityRevocationList $
- deltaRevocationList ) )
-
-objectclass ( 2.5.6.20 NAME 'dmd'
- SUP top STRUCTURAL
- MUST ( dmdName )
- MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
- x121Address $ registeredAddress $ destinationIndicator $
- preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
- telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
- street $ postOfficeBox $ postalCode $ postalAddress $
- physicalDeliveryOfficeName $ st $ l $ description ) )
-
-#
-# Object Classes from RFC 2587
-#
-objectclass ( 2.5.6.21 NAME 'pkiUser'
- DESC 'RFC2587: a PKI user'
- SUP top AUXILIARY
- MAY userCertificate )
-
-objectclass ( 2.5.6.22 NAME 'pkiCA'
- DESC 'RFC2587: PKI certificate authority'
- SUP top AUXILIARY
- MAY ( authorityRevocationList $ certificateRevocationList $
- cACertificate $ crossCertificatePair ) )
-
-objectclass ( 2.5.6.23 NAME 'deltaCRL'
- DESC 'RFC2587: PKI user'
- SUP top AUXILIARY
- MAY deltaRevocationList )
-
-#
-# Standard Track URI label schema from RFC 2079
-# system schema
-#attributetype ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI'
-# DESC 'RFC2079: Uniform Resource Identifier with optional label'
-# EQUALITY caseExactMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-
-objectclass ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject'
- DESC 'RFC2079: object that contains the URI attribute type'
- SUP top AUXILIARY
- MAY ( labeledURI ) )
-
-#
-# Derived from RFC 1274, but with new "short names"
-#
-#attributetype ( 0.9.2342.19200300.100.1.1
-# NAME ( 'uid' 'userid' )
-# DESC 'RFC1274: user identifier'
-# EQUALITY caseIgnoreMatch
-# SUBSTR caseIgnoreSubstringsMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-
-attributetype ( 0.9.2342.19200300.100.1.3
- NAME ( 'mail' 'rfc822Mailbox' )
- DESC 'RFC1274: RFC822 Mailbox'
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
-
-objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
- DESC 'RFC1274: simple security object'
- SUP top AUXILIARY
- MUST userPassword )
-
-# RFC 1274 + RFC 2247
-attributetype ( 0.9.2342.19200300.100.1.25
- NAME ( 'dc' 'domainComponent' )
- DESC 'RFC1274/2247: domain component'
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
-
-# RFC 2247
-objectclass ( 1.3.6.1.4.1.1466.344 NAME 'dcObject'
- DESC 'RFC2247: domain component object'
- SUP top AUXILIARY MUST dc )
-
-# RFC 2377
-objectclass ( 1.3.6.1.1.3.1 NAME 'uidObject'
- DESC 'RFC2377: uid object'
- SUP top AUXILIARY MUST uid )
-
-# RFC 4524
-# The 'associatedDomain' attribute specifies DNS [RFC1034][RFC2181]
-# host names [RFC1123] that are associated with an object. That is,
-# values of this attribute should conform to the following ABNF:
-#
-# domain = root / label *( DOT label )
-# root = SPACE
-# label = LETDIG [ *61( LETDIG / HYPHEN ) LETDIG ]
-# LETDIG = %x30-39 / %x41-5A / %x61-7A ; "0" - "9" / "A"-"Z" / "a"-"z"
-# SPACE = %x20 ; space (" ")
-# HYPHEN = %x2D ; hyphen ("-")
-# DOT = %x2E ; period (".")
-attributetype ( 0.9.2342.19200300.100.1.37
- NAME 'associatedDomain'
- DESC 'RFC1274: domain associated with object'
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-# RFC 2459 -- deprecated in favor of 'mail' (in cosine.schema)
-attributetype ( 1.2.840.113549.1.9.1
- NAME ( 'email' 'emailAddress' 'pkcs9email' )
- DESC 'RFC3280: legacy attribute for email addresses in DNs'
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
-
+++ /dev/null
-# RFC1274: Cosine and Internet X.500 schema
-# $OpenLDAP$
-## This work is part of OpenLDAP Software <http://www.openldap.org/>.
-##
-## Copyright 1998-2011 The OpenLDAP Foundation.
-## All rights reserved.
-##
-## Redistribution and use in source and binary forms, with or without
-## modification, are permitted only as authorized by the OpenLDAP
-## Public License.
-##
-## A copy of this license is available in the file LICENSE in the
-## top-level directory of the distribution or, alternatively, at
-## <http://www.OpenLDAP.org/license.html>.
-#
-# RFC1274: Cosine and Internet X.500 schema
-#
-# This file contains LDAPv3 schema derived from X.500 COSINE "pilot"
-# schema. As this schema was defined for X.500(89), some
-# oddities were introduced in the mapping to LDAPv3. The
-# mappings were based upon: draft-ietf-asid-ldapv3-attributes-03.txt
-# (a work in progress)
-#
-# Note: It seems that the pilot schema evolved beyond what was
-# described in RFC1274. However, this document attempts to describes
-# RFC1274 as published.
-#
-# Depends on core.ldif
-#
-# This file was automatically generated from cosine.schema; see that
-# file for complete background.
-#
-dn: cn=cosine,cn=schema,cn=config
-objectClass: olcSchemaConfig
-cn: cosine
-olcAttributeTypes: ( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress'
- EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.
- 1466.115.121.1.15{256} )
-olcAttributeTypes: ( 0.9.2342.19200300.100.1.4 NAME 'info' DESC 'RFC1274: g
- eneral information' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} )
-olcAttributeTypes: ( 0.9.2342.19200300.100.1.5 NAME ( 'drink' 'favouriteDri
- nk' ) DESC 'RFC1274: favorite drink' EQUALITY caseIgnoreMatch SUBSTR caseIgno
- reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-olcAttributeTypes: ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' DESC 'RFC1
- 274: room number' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch S
- YNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-olcAttributeTypes: ( 0.9.2342.19200300.100.1.7 NAME 'photo' DESC 'RFC1274:
- photo (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000} )
-olcAttributeTypes: ( 0.9.2342.19200300.100.1.8 NAME 'userClass' DESC 'RFC12
- 74: category of user' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMat
- ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-olcAttributeTypes: ( 0.9.2342.19200300.100.1.9 NAME 'host' DESC 'RFC1274: h
- ost computer' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTA
- X 1.3.6.1.4.1.1466.115.121.1.15{256} )
-olcAttributeTypes: ( 0.9.2342.19200300.100.1.10 NAME 'manager' DESC 'RFC127
- 4: DN of manager' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115
- .121.1.12 )
-olcAttributeTypes: ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier' D
- ESC 'RFC1274: unique identifier of document' EQUALITY caseIgnoreMatch SUBSTR
- caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-olcAttributeTypes: ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle' DESC '
- RFC1274: title of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstri
- ngsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-olcAttributeTypes: ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion' DES
- C 'RFC1274: version of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSu
- bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-olcAttributeTypes: ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor' DESC
- 'RFC1274: DN of author of document' EQUALITY distinguishedNameMatch SYNTAX 1
- .3.6.1.4.1.1466.115.121.1.12 )
-olcAttributeTypes: ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation' DE
- SC 'RFC1274: location of document original' EQUALITY caseIgnoreMatch SUBSTR c
- aseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-olcAttributeTypes: ( 0.9.2342.19200300.100.1.20 NAME ( 'homePhone' 'homeTe
- lephoneNumber' ) DESC 'RFC1274: home telephone number' EQUALITY telephoneNumb
- erMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121
- .1.50 )
-olcAttributeTypes: ( 0.9.2342.19200300.100.1.21 NAME 'secretary' DESC 'RFC
- 1274: DN of secretary' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.146
- 6.115.121.1.12 )
-olcAttributeTypes: ( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox' SYNTAX
- 1.3.6.1.4.1.1466.115.121.1.39 )
-olcAttributeTypes: ( 0.9.2342.19200300.100.1.26 NAME 'aRecord' EQUALITY ca
- seIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-olcAttributeTypes: ( 0.9.2342.19200300.100.1.27 NAME 'mDRecord' EQUALITY c
- aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-olcAttributeTypes: ( 0.9.2342.19200300.100.1.28 NAME 'mXRecord' EQUALITY c
- aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-olcAttributeTypes: ( 0.9.2342.19200300.100.1.29 NAME 'nSRecord' EQUALITY c
- aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-olcAttributeTypes: ( 0.9.2342.19200300.100.1.30 NAME 'sOARecord' EQUALITY
- caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-olcAttributeTypes: ( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord' EQUALIT
- Y caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-olcAttributeTypes: ( 0.9.2342.19200300.100.1.38 NAME 'associatedName' DESC
- 'RFC1274: DN of entry associated with domain' EQUALITY distinguishedNameMatc
- h SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
-olcAttributeTypes: ( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress' D
- ESC 'RFC1274: home postal address' EQUALITY caseIgnoreListMatch SUBSTR caseIg
- noreListSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
-olcAttributeTypes: ( 0.9.2342.19200300.100.1.40 NAME 'personalTitle' DESC
- 'RFC1274: personal title' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring
- sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-olcAttributeTypes: ( 0.9.2342.19200300.100.1.41 NAME ( 'mobile' 'mobileTel
- ephoneNumber' ) DESC 'RFC1274: mobile telephone number' EQUALITY telephoneNum
- berMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12
- 1.1.50 )
-olcAttributeTypes: ( 0.9.2342.19200300.100.1.42 NAME ( 'pager' 'pagerTelep
- honeNumber' ) DESC 'RFC1274: pager telephone number' EQUALITY telephoneNumber
- Match SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1
- .50 )
-olcAttributeTypes: ( 0.9.2342.19200300.100.1.43 NAME ( 'co' 'friendlyCount
- ryName' ) DESC 'RFC1274: friendly country name' EQUALITY caseIgnoreMatch SUBS
- TR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-olcAttributeTypes: ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier' DE
- SC 'RFC1274: unique identifer' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.14
- 66.115.121.1.15{256} )
-olcAttributeTypes: ( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus
- ' DESC 'RFC1274: organizational status' EQUALITY caseIgnoreMatch SUBSTR caseI
- gnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-olcAttributeTypes: ( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox' DESC '
- RFC1274: Janet mailbox' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Subst
- ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
-olcAttributeTypes: ( 0.9.2342.19200300.100.1.47 NAME 'mailPreferenceOption
- ' DESC 'RFC1274: mail preference option' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- )
-olcAttributeTypes: ( 0.9.2342.19200300.100.1.48 NAME 'buildingName' DESC '
- RFC1274: name of building' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrin
- gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-olcAttributeTypes: ( 0.9.2342.19200300.100.1.49 NAME 'dSAQuality' DESC 'RF
- C1274: DSA Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.19 SINGLE-VALUE )
-olcAttributeTypes: ( 0.9.2342.19200300.100.1.50 NAME 'singleLevelQuality'
- DESC 'RFC1274: Single Level Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SIN
- GLE-VALUE )
-olcAttributeTypes: ( 0.9.2342.19200300.100.1.51 NAME 'subtreeMinimumQualit
- y' DESC 'RFC1274: Subtree Mininum Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.
- 13 SINGLE-VALUE )
-olcAttributeTypes: ( 0.9.2342.19200300.100.1.52 NAME 'subtreeMaximumQualit
- y' DESC 'RFC1274: Subtree Maximun Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.
- 13 SINGLE-VALUE )
-olcAttributeTypes: ( 0.9.2342.19200300.100.1.53 NAME 'personalSignature' D
- ESC 'RFC1274: Personal Signature (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.
- 23 )
-olcAttributeTypes: ( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect' DESC 'R
- FC1274: DIT Redirect' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466
- .115.121.1.12 )
-olcAttributeTypes: ( 0.9.2342.19200300.100.1.55 NAME 'audio' DESC 'RFC1274
- : audio (u-law)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.4{25000} )
-olcAttributeTypes: ( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher' D
- ESC 'RFC1274: publisher of document' EQUALITY caseIgnoreMatch SUBSTR caseIgno
- reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-olcObjectClasses: ( 0.9.2342.19200300.100.4.4 NAME ( 'pilotPerson' 'newPilo
- tPerson' ) SUP person STRUCTURAL MAY ( userid $ textEncodedORAddress $ rfc822
- Mailbox $ favouriteDrink $ roomNumber $ userClass $ homeTelephoneNumber $ hom
- ePostalAddress $ secretary $ personalTitle $ preferredDeliveryMethod $ busine
- ssCategory $ janetMailbox $ otherMailbox $ mobileTelephoneNumber $ pagerTelep
- honeNumber $ organizationalStatus $ mailPreferenceOption $ personalSignature
- ) )
-olcObjectClasses: ( 0.9.2342.19200300.100.4.5 NAME 'account' SUP top STRUCT
- URAL MUST userid MAY ( description $ seeAlso $ localityName $ organizationNam
- e $ organizationalUnitName $ host ) )
-olcObjectClasses: ( 0.9.2342.19200300.100.4.6 NAME 'document' SUP top STRUC
- TURAL MUST documentIdentifier MAY ( commonName $ description $ seeAlso $ loca
- lityName $ organizationName $ organizationalUnitName $ documentTitle $ docume
- ntVersion $ documentAuthor $ documentLocation $ documentPublisher ) )
-olcObjectClasses: ( 0.9.2342.19200300.100.4.7 NAME 'room' SUP top STRUCTURA
- L MUST commonName MAY ( roomNumber $ description $ seeAlso $ telephoneNumber
- ) )
-olcObjectClasses: ( 0.9.2342.19200300.100.4.9 NAME 'documentSeries' SUP top
- STRUCTURAL MUST commonName MAY ( description $ seeAlso $ telephonenumber $ l
- ocalityName $ organizationName $ organizationalUnitName ) )
-olcObjectClasses: ( 0.9.2342.19200300.100.4.13 NAME 'domain' SUP top STRUCT
- URAL MUST domainComponent MAY ( associatedName $ organizationName $ descripti
- on $ businessCategory $ seeAlso $ searchGuide $ userPassword $ localityName $
- stateOrProvinceName $ streetAddress $ physicalDeliveryOfficeName $ postalAdd
- ress $ postalCode $ postOfficeBox $ streetAddress $ facsimileTelephoneNumber
- $ internationalISDNNumber $ telephoneNumber $ teletexTerminalIdentifier $ tel
- exNumber $ preferredDeliveryMethod $ destinationIndicator $ registeredAddress
- $ x121Address ) )
-olcObjectClasses: ( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart' SUP d
- omain STRUCTURAL MAY ( commonName $ surname $ description $ seeAlso $ telepho
- neNumber $ physicalDeliveryOfficeName $ postalAddress $ postalCode $ postOffi
- ceBox $ streetAddress $ facsimileTelephoneNumber $ internationalISDNNumber $
- telephoneNumber $ teletexTerminalIdentifier $ telexNumber $ preferredDelivery
- Method $ destinationIndicator $ registeredAddress $ x121Address ) )
-olcObjectClasses: ( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain' SUP domain
- STRUCTURAL MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $ SOARecord $ CNAME
- Record ) )
-olcObjectClasses: ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject' D
- ESC 'RFC1274: an object related to an domain' SUP top AUXILIARY MUST associat
- edDomain )
-olcObjectClasses: ( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry' SUP c
- ountry STRUCTURAL MUST friendlyCountryName )
-olcObjectClasses: ( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization' SU
- P ( organization $ organizationalUnit ) STRUCTURAL MAY buildingName )
-olcObjectClasses: ( 0.9.2342.19200300.100.4.21 NAME 'pilotDSA' SUP dsa STR
- UCTURAL MAY dSAQuality )
-olcObjectClasses: ( 0.9.2342.19200300.100.4.22 NAME 'qualityLabelledData'
- SUP top AUXILIARY MUST dsaQuality MAY ( subtreeMinimumQuality $ subtreeMaximu
- mQuality ) )
+++ /dev/null
-# RFC1274: Cosine and Internet X.500 schema
-# $OpenLDAP$
-## This work is part of OpenLDAP Software <http://www.openldap.org/>.
-##
-## Copyright 1998-2011 The OpenLDAP Foundation.
-## All rights reserved.
-##
-## Redistribution and use in source and binary forms, with or without
-## modification, are permitted only as authorized by the OpenLDAP
-## Public License.
-##
-## A copy of this license is available in the file LICENSE in the
-## top-level directory of the distribution or, alternatively, at
-## <http://www.OpenLDAP.org/license.html>.
-#
-# RFC1274: Cosine and Internet X.500 schema
-#
-# This file contains LDAPv3 schema derived from X.500 COSINE "pilot"
-# schema. As this schema was defined for X.500(89), some
-# oddities were introduced in the mapping to LDAPv3. The
-# mappings were based upon: draft-ietf-asid-ldapv3-attributes-03.txt
-# (a work in progress)
-#
-# Note: It seems that the pilot schema evolved beyond what was
-# described in RFC1274. However, this document attempts to describes
-# RFC1274 as published.
-#
-# Depends on core.schema
-
-
-# Network Working Group P. Barker
-# Request for Comments: 1274 S. Kille
-# University College London
-# November 1991
-#
-# The COSINE and Internet X.500 Schema
-#
-# [trimmed]
-#
-# Abstract
-#
-# This document suggests an X.500 Directory Schema, or Naming
-# Architecture, for use in the COSINE and Internet X.500 pilots. The
-# schema is independent of any specific implementation. As well as
-# indicating support for the standard object classes and attributes, a
-# large number of generally useful object classes and attributes are
-# also defined. An appendix to this document includes a machine
-# processable version of the schema.
-#
-# [trimmed]
-
-# 7. Object Identifiers
-#
-# Some additional object identifiers are defined for this schema.
-# These are also reproduced in Appendix C.
-#
-# data OBJECT IDENTIFIER ::= {ccitt 9}
-# pss OBJECT IDENTIFIER ::= {data 2342}
-# ucl OBJECT IDENTIFIER ::= {pss 19200300}
-# pilot OBJECT IDENTIFIER ::= {ucl 100}
-#
-# pilotAttributeType OBJECT IDENTIFIER ::= {pilot 1}
-# pilotAttributeSyntax OBJECT IDENTIFIER ::= {pilot 3}
-# pilotObjectClass OBJECT IDENTIFIER ::= {pilot 4}
-# pilotGroups OBJECT IDENTIFIER ::= {pilot 10}
-#
-# iA5StringSyntax OBJECT IDENTIFIER ::= {pilotAttributeSyntax 4}
-# caseIgnoreIA5StringSyntax OBJECT IDENTIFIER ::=
-# {pilotAttributeSyntax 5}
-#
-# 8. Object Classes
-# [relocated after 9]
-
-#
-# 9. Attribute Types
-#
-# 9.1. X.500 standard attribute types
-#
-# A number of generally useful attribute types are defined in X.520,
-# and these are supported. Refer to that document for descriptions of
-# the suggested usage of these attribute types. The ASN.1 for these
-# attribute types is reproduced for completeness in Appendix C.
-#
-# 9.2. X.400 standard attribute types
-#
-# The standard X.400 attribute types are supported. See X.402 for full
-# details. The ASN.1 for these attribute types is reproduced in
-# Appendix C.
-#
-# 9.3. COSINE/Internet attribute types
-#
-# This section describes all the attribute types defined for use in the
-# COSINE and Internet pilots. Descriptions are given as to the
-# suggested usage of these attribute types. The ASN.1 for these
-# attribute types is reproduced in Appendix C.
-#
-# 9.3.1. Userid
-#
-# The Userid attribute type specifies a computer system login name.
-#
-# userid ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-user-identifier))
-# ::= {pilotAttributeType 1}
-#
-#(in core.schema)
-##attributetype ( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' )
-## EQUALITY caseIgnoreMatch
-## SUBSTR caseIgnoreSubstringsMatch
-## SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-
-# 9.3.2. Text Encoded O/R Address
-#
-# The Text Encoded O/R Address attribute type specifies a text encoding
-# of an X.400 O/R address, as specified in RFC 987. The use of this
-# attribute is deprecated as the attribute is intended for interim use
-# only. This attribute will be the first candidate for the attribute
-# expiry mechanisms!
-#
-# textEncodedORAddress ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-text-encoded-or-address))
-# ::= {pilotAttributeType 2}
-#
-attributetype ( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-
-# 9.3.3. RFC 822 Mailbox
-#
-# The RFC822 Mailbox attribute type specifies an electronic mailbox
-# attribute following the syntax specified in RFC 822. Note that this
-# attribute should not be used for greybook or other non-Internet order
-# mailboxes.
-#
-# rfc822Mailbox ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreIA5StringSyntax
-# (SIZE (1 .. ub-rfc822-mailbox))
-# ::= {pilotAttributeType 3}
-#
-#(in core.schema)
-##attributetype ( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822Mailbox' )
-## EQUALITY caseIgnoreIA5Match
-## SUBSTR caseIgnoreIA5SubstringsMatch
-## SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
-
-# 9.3.4. Information
-#
-# The Information attribute type specifies any general information
-# pertinent to an object. It is recommended that specific usage of
-# this attribute type is avoided, and that specific requirements are
-# met by other (possibly additional) attribute types.
-#
-# info ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-information))
-# ::= {pilotAttributeType 4}
-#
-attributetype ( 0.9.2342.19200300.100.1.4 NAME 'info'
- DESC 'RFC1274: general information'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} )
-
-
-# 9.3.5. Favourite Drink
-#
-# The Favourite Drink attribute type specifies the favourite drink of
-# an object (or person).
-#
-# favouriteDrink ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-favourite-drink))
-# ::= {pilotAttributeType 5}
-#
-attributetype ( 0.9.2342.19200300.100.1.5
- NAME ( 'drink' 'favouriteDrink' )
- DESC 'RFC1274: favorite drink'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-
-# 9.3.6. Room Number
-#
-# The Room Number attribute type specifies the room number of an
-# object. Note that the commonName attribute should be used for naming
-# room objects.
-#
-# roomNumber ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-room-number))
-# ::= {pilotAttributeType 6}
-#
-attributetype ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber'
- DESC 'RFC1274: room number'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-
-# 9.3.7. Photo
-#
-# The Photo attribute type specifies a "photograph" for an object.
-# This should be encoded in G3 fax as explained in recommendation T.4,
-# with an ASN.1 wrapper to make it compatible with an X.400 BodyPart as
-# defined in X.420.
-#
-# IMPORT G3FacsimileBodyPart FROM { mhs-motis ipms modules
-# information-objects }
-#
-# photo ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# CHOICE {
-# g3-facsimile [3] G3FacsimileBodyPart
-# }
-# (SIZE (1 .. ub-photo))
-# ::= {pilotAttributeType 7}
-#
-attributetype ( 0.9.2342.19200300.100.1.7 NAME 'photo'
- DESC 'RFC1274: photo (G3 fax)'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000} )
-
-# 9.3.8. User Class
-#
-# The User Class attribute type specifies a category of computer user.
-# The semantics placed on this attribute are for local interpretation.
-# Examples of current usage od this attribute in academia are
-# undergraduate student, researcher, lecturer, etc. Note that the
-# organizationalStatus attribute may now often be preferred as it makes
-# no distinction between computer users and others.
-#
-# userClass ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-user-class))
-# ::= {pilotAttributeType 8}
-#
-attributetype ( 0.9.2342.19200300.100.1.8 NAME 'userClass'
- DESC 'RFC1274: category of user'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-
-# 9.3.9. Host
-#
-# The Host attribute type specifies a host computer.
-#
-# host ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-host))
-# ::= {pilotAttributeType 9}
-#
-attributetype ( 0.9.2342.19200300.100.1.9 NAME 'host'
- DESC 'RFC1274: host computer'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-
-# 9.3.10. Manager
-#
-# The Manager attribute type specifies the manager of an object
-# represented by an entry.
-#
-# manager ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# distinguishedNameSyntax
-# ::= {pilotAttributeType 10}
-#
-attributetype ( 0.9.2342.19200300.100.1.10 NAME 'manager'
- DESC 'RFC1274: DN of manager'
- EQUALITY distinguishedNameMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
-
-# 9.3.11. Document Identifier
-#
-# The Document Identifier attribute type specifies a unique identifier
-# for a document.
-#
-# documentIdentifier ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-document-identifier))
-# ::= {pilotAttributeType 11}
-#
-attributetype ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier'
- DESC 'RFC1274: unique identifier of document'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-
-# 9.3.12. Document Title
-#
-# The Document Title attribute type specifies the title of a document.
-#
-# documentTitle ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-document-title))
-# ::= {pilotAttributeType 12}
-#
-attributetype ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle'
- DESC 'RFC1274: title of document'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-
-# 9.3.13. Document Version
-#
-# The Document Version attribute type specifies the version number of a
-# document.
-#
-# documentVersion ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-document-version))
-# ::= {pilotAttributeType 13}
-#
-attributetype ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion'
- DESC 'RFC1274: version of document'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-
-# 9.3.14. Document Author
-#
-# The Document Author attribute type specifies the distinguished name
-# of the author of a document.
-#
-# documentAuthor ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# distinguishedNameSyntax
-# ::= {pilotAttributeType 14}
-#
-attributetype ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor'
- DESC 'RFC1274: DN of author of document'
- EQUALITY distinguishedNameMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
-
-# 9.3.15. Document Location
-#
-# The Document Location attribute type specifies the location of the
-# document original.
-#
-# documentLocation ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-document-location))
-# ::= {pilotAttributeType 15}
-#
-attributetype ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation'
- DESC 'RFC1274: location of document original'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-
-# 9.3.16. Home Telephone Number
-#
-# The Home Telephone Number attribute type specifies a home telephone
-# number associated with a person. Attribute values should follow the
-# agreed format for international telephone numbers: i.e., "+44 71 123
-# 4567".
-#
-# homeTelephoneNumber ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# telephoneNumberSyntax
-# ::= {pilotAttributeType 20}
-#
-attributetype ( 0.9.2342.19200300.100.1.20
- NAME ( 'homePhone' 'homeTelephoneNumber' )
- DESC 'RFC1274: home telephone number'
- EQUALITY telephoneNumberMatch
- SUBSTR telephoneNumberSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
-
-# 9.3.17. Secretary
-#
-# The Secretary attribute type specifies the secretary of a person.
-# The attribute value for Secretary is a distinguished name.
-#
-# secretary ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# distinguishedNameSyntax
-# ::= {pilotAttributeType 21}
-#
-attributetype ( 0.9.2342.19200300.100.1.21 NAME 'secretary'
- DESC 'RFC1274: DN of secretary'
- EQUALITY distinguishedNameMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
-
-# 9.3.18. Other Mailbox
-#
-# The Other Mailbox attribute type specifies values for electronic
-# mailbox types other than X.400 and rfc822.
-#
-# otherMailbox ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# SEQUENCE {
-# mailboxType PrintableString, -- e.g. Telemail
-# mailbox IA5String -- e.g. X378:Joe
-# }
-# ::= {pilotAttributeType 22}
-#
-attributetype ( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.39 )
-
-# 9.3.19. Last Modified Time
-#
-# The Last Modified Time attribute type specifies the last time, in UTC
-# time, that an entry was modified. Ideally, this attribute should be
-# maintained by the DSA.
-#
-# lastModifiedTime ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# uTCTimeSyntax
-# ::= {pilotAttributeType 23}
-#
-## Deprecated in favor of modifyTimeStamp
-#attributetype ( 0.9.2342.19200300.100.1.23 NAME 'lastModifiedTime'
-# DESC 'RFC1274: time of last modify, replaced by modifyTimestamp'
-# OBSOLETE
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.53
-# USAGE directoryOperation )
-
-# 9.3.20. Last Modified By
-#
-# The Last Modified By attribute specifies the distinguished name of
-# the last user to modify the associated entry. Ideally, this
-# attribute should be maintained by the DSA.
-#
-# lastModifiedBy ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# distinguishedNameSyntax
-# ::= {pilotAttributeType 24}
-#
-## Deprecated in favor of modifiersName
-#attributetype ( 0.9.2342.19200300.100.1.24 NAME 'lastModifiedBy'
-# DESC 'RFC1274: last modifier, replaced by modifiersName'
-# OBSOLETE
-# EQUALITY distinguishedNameMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-# USAGE directoryOperation )
-
-# 9.3.21. Domain Component
-#
-# The Domain Component attribute type specifies a DNS/NRS domain. For
-# example, "uk" or "ac".
-#
-# domainComponent ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreIA5StringSyntax
-# SINGLE VALUE
-# ::= {pilotAttributeType 25}
-#
-##(in core.schema)
-##attributetype ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domainComponent' )
-## EQUALITY caseIgnoreIA5Match
-## SUBSTR caseIgnoreIA5SubstringsMatch
-## SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
-
-# 9.3.22. DNS ARecord
-#
-# The A Record attribute type specifies a type A (Address) DNS resource
-# record [6] [7].
-#
-# aRecord ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# DNSRecordSyntax
-# ::= {pilotAttributeType 26}
-#
-## incorrect syntax?
-attributetype ( 0.9.2342.19200300.100.1.26 NAME 'aRecord'
- EQUALITY caseIgnoreIA5Match
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-## missing from RFC1274
-## incorrect syntax?
-attributetype ( 0.9.2342.19200300.100.1.27 NAME 'mDRecord'
- EQUALITY caseIgnoreIA5Match
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-# 9.3.23. MX Record
-#
-# The MX Record attribute type specifies a type MX (Mail Exchange) DNS
-# resource record [6] [7].
-#
-# mXRecord ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# DNSRecordSyntax
-# ::= {pilotAttributeType 28}
-#
-## incorrect syntax!!
-attributetype ( 0.9.2342.19200300.100.1.28 NAME 'mXRecord'
- EQUALITY caseIgnoreIA5Match
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-# 9.3.24. NS Record
-#
-# The NS Record attribute type specifies an NS (Name Server) DNS
-# resource record [6] [7].
-#
-# nSRecord ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# DNSRecordSyntax
-# ::= {pilotAttributeType 29}
-#
-## incorrect syntax!!
-attributetype ( 0.9.2342.19200300.100.1.29 NAME 'nSRecord'
- EQUALITY caseIgnoreIA5Match
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-# 9.3.25. SOA Record
-#
-# The SOA Record attribute type specifies a type SOA (Start of
-# Authority) DNS resorce record [6] [7].
-#
-# sOARecord ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# DNSRecordSyntax
-# ::= {pilotAttributeType 30}
-#
-## incorrect syntax!!
-attributetype ( 0.9.2342.19200300.100.1.30 NAME 'sOARecord'
- EQUALITY caseIgnoreIA5Match
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-# 9.3.26. CNAME Record
-#
-# The CNAME Record attribute type specifies a type CNAME (Canonical
-# Name) DNS resource record [6] [7].
-#
-# cNAMERecord ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# iA5StringSyntax
-# ::= {pilotAttributeType 31}
-#
-## incorrect syntax!!
-attributetype ( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord'
- EQUALITY caseIgnoreIA5Match
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-# 9.3.27. Associated Domain
-#
-# The Associated Domain attribute type specifies a DNS or NRS domain
-# which is associated with an object in the DIT. For example, the entry
-# in the DIT with a distinguished name "C=GB, O=University College
-# London" would have an associated domain of "UCL.AC.UK. Note that all
-# domains should be represented in rfc822 order. See [3] for more
-# details of usage of this attribute.
-#
-# associatedDomain ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreIA5StringSyntax
-# ::= {pilotAttributeType 37}
-#
-#attributetype ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain'
-# EQUALITY caseIgnoreIA5Match
-# SUBSTR caseIgnoreIA5SubstringsMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-# 9.3.28. Associated Name
-#
-# The Associated Name attribute type specifies an entry in the
-# organisational DIT associated with a DNS/NRS domain. See [3] for
-# more details of usage of this attribute.
-#
-# associatedName ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# distinguishedNameSyntax
-# ::= {pilotAttributeType 38}
-#
-attributetype ( 0.9.2342.19200300.100.1.38 NAME 'associatedName'
- DESC 'RFC1274: DN of entry associated with domain'
- EQUALITY distinguishedNameMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
-
-# 9.3.29. Home postal address
-#
-# The Home postal address attribute type specifies a home postal
-# address for an object. This should be limited to up to 6 lines of 30
-# characters each.
-#
-# homePostalAddress ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# postalAddress
-# MATCHES FOR EQUALITY
-# ::= {pilotAttributeType 39}
-#
-attributetype ( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress'
- DESC 'RFC1274: home postal address'
- EQUALITY caseIgnoreListMatch
- SUBSTR caseIgnoreListSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
-
-# 9.3.30. Personal Title
-#
-# The Personal Title attribute type specifies a personal title for a
-# person. Examples of personal titles are "Ms", "Dr", "Prof" and "Rev".
-#
-# personalTitle ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-personal-title))
-# ::= {pilotAttributeType 40}
-#
-attributetype ( 0.9.2342.19200300.100.1.40 NAME 'personalTitle'
- DESC 'RFC1274: personal title'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-
-# 9.3.31. Mobile Telephone Number
-#
-# The Mobile Telephone Number attribute type specifies a mobile
-# telephone number associated with a person. Attribute values should
-# follow the agreed format for international telephone numbers: i.e.,
-# "+44 71 123 4567".
-#
-# mobileTelephoneNumber ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# telephoneNumberSyntax
-# ::= {pilotAttributeType 41}
-#
-attributetype ( 0.9.2342.19200300.100.1.41
- NAME ( 'mobile' 'mobileTelephoneNumber' )
- DESC 'RFC1274: mobile telephone number'
- EQUALITY telephoneNumberMatch
- SUBSTR telephoneNumberSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
-
-# 9.3.32. Pager Telephone Number
-#
-# The Pager Telephone Number attribute type specifies a pager telephone
-# number for an object. Attribute values should follow the agreed
-# format for international telephone numbers: i.e., "+44 71 123 4567".
-#
-# pagerTelephoneNumber ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# telephoneNumberSyntax
-# ::= {pilotAttributeType 42}
-#
-attributetype ( 0.9.2342.19200300.100.1.42
- NAME ( 'pager' 'pagerTelephoneNumber' )
- DESC 'RFC1274: pager telephone number'
- EQUALITY telephoneNumberMatch
- SUBSTR telephoneNumberSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
-
-# 9.3.33. Friendly Country Name
-#
-# The Friendly Country Name attribute type specifies names of countries
-# in human readable format. The standard attribute country name must
-# be one of the two-letter codes defined in ISO 3166.
-#
-# friendlyCountryName ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# ::= {pilotAttributeType 43}
-#
-attributetype ( 0.9.2342.19200300.100.1.43
- NAME ( 'co' 'friendlyCountryName' )
- DESC 'RFC1274: friendly country name'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-
-# 9.3.34. Unique Identifier
-#
-# The Unique Identifier attribute type specifies a "unique identifier"
-# for an object represented in the Directory. The domain within which
-# the identifier is unique, and the exact semantics of the identifier,
-# are for local definition. For a person, this might be an
-# institution-wide payroll number. For an organisational unit, it
-# might be a department code.
-#
-# uniqueIdentifier ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-unique-identifier))
-# ::= {pilotAttributeType 44}
-#
-attributetype ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier'
- DESC 'RFC1274: unique identifer'
- EQUALITY caseIgnoreMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-
-# 9.3.35. Organisational Status
-#
-# The Organisational Status attribute type specifies a category by
-# which a person is often referred to in an organisation. Examples of
-# usage in academia might include undergraduate student, researcher,
-# lecturer, etc.
-#
-# A Directory administrator should probably consider carefully the
-# distinctions between this and the title and userClass attributes.
-#
-# organizationalStatus ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-organizational-status))
-# ::= {pilotAttributeType 45}
-#
-attributetype ( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus'
- DESC 'RFC1274: organizational status'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-
-# 9.3.36. Janet Mailbox
-#
-# The Janet Mailbox attribute type specifies an electronic mailbox
-# attribute following the syntax specified in the Grey Book of the
-# Coloured Book series. This attribute is intended for the convenience
-# of U.K users unfamiliar with rfc822 and little-endian mail addresses.
-# Entries using this attribute MUST also include an rfc822Mailbox
-# attribute.
-#
-# janetMailbox ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreIA5StringSyntax
-# (SIZE (1 .. ub-janet-mailbox))
-# ::= {pilotAttributeType 46}
-#
-attributetype ( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox'
- DESC 'RFC1274: Janet mailbox'
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
-
-# 9.3.37. Mail Preference Option
-#
-# An attribute to allow users to indicate a preference for inclusion of
-# their names on mailing lists (electronic or physical). The absence
-# of such an attribute should be interpreted as if the attribute was
-# present with value "no-list-inclusion". This attribute should be
-# interpreted by anyone using the directory to derive mailing lists,
-# and its value respected.
-#
-# mailPreferenceOption ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX ENUMERATED {
-# no-list-inclusion(0),
-# any-list-inclusion(1), -- may be added to any lists
-# professional-list-inclusion(2)
-# -- may be added to lists
-# -- which the list provider
-# -- views as related to the
-# -- users professional inter-
-# -- ests, perhaps evaluated
-# -- from the business of the
-# -- organisation or keywords
-# -- in the entry.
-# }
-# ::= {pilotAttributeType 47}
-#
-attributetype ( 0.9.2342.19200300.100.1.47
- NAME 'mailPreferenceOption'
- DESC 'RFC1274: mail preference option'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
-
-# 9.3.38. Building Name
-#
-# The Building Name attribute type specifies the name of the building
-# where an organisation or organisational unit is based.
-#
-# buildingName ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-building-name))
-# ::= {pilotAttributeType 48}
-#
-attributetype ( 0.9.2342.19200300.100.1.48 NAME 'buildingName'
- DESC 'RFC1274: name of building'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-
-# 9.3.39. DSA Quality
-#
-# The DSA Quality attribute type specifies the purported quality of a
-# DSA. It allows a DSA manager to indicate the expected level of
-# availability of the DSA. See [8] for details of the syntax.
-#
-# dSAQuality ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX DSAQualitySyntax
-# SINGLE VALUE
-# ::= {pilotAttributeType 49}
-#
-attributetype ( 0.9.2342.19200300.100.1.49 NAME 'dSAQuality'
- DESC 'RFC1274: DSA Quality'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.19 SINGLE-VALUE )
-
-# 9.3.40. Single Level Quality
-#
-# The Single Level Quality attribute type specifies the purported data
-# quality at the level immediately below in the DIT. See [8] for
-# details of the syntax.
-#
-# singleLevelQuality ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX DataQualitySyntax
-# SINGLE VALUE
-# ::= {pilotAttributeType 50}
-#
-attributetype ( 0.9.2342.19200300.100.1.50 NAME 'singleLevelQuality'
- DESC 'RFC1274: Single Level Quality'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE )
-
-# 9.3.41. Subtree Minimum Quality
-#
-# The Subtree Minimum Quality attribute type specifies the purported
-# minimum data quality for a DIT subtree. See [8] for more discussion
-# and details of the syntax.
-#
-# subtreeMinimumQuality ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX DataQualitySyntax
-# SINGLE VALUE
-# -- Defaults to singleLevelQuality
-# ::= {pilotAttributeType 51}
-#
-attributetype ( 0.9.2342.19200300.100.1.51 NAME 'subtreeMinimumQuality'
- DESC 'RFC1274: Subtree Mininum Quality'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE )
-
-# 9.3.42. Subtree Maximum Quality
-#
-# The Subtree Maximum Quality attribute type specifies the purported
-# maximum data quality for a DIT subtree. See [8] for more discussion
-# and details of the syntax.
-#
-# subtreeMaximumQuality ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX DataQualitySyntax
-# SINGLE VALUE
-# -- Defaults to singleLevelQuality
-# ::= {pilotAttributeType 52}
-#
-attributetype ( 0.9.2342.19200300.100.1.52 NAME 'subtreeMaximumQuality'
- DESC 'RFC1274: Subtree Maximun Quality'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE )
-
-# 9.3.43. Personal Signature
-#
-# The Personal Signature attribute type allows for a representation of
-# a person's signature. This should be encoded in G3 fax as explained
-# in recommendation T.4, with an ASN.1 wrapper to make it compatible
-# with an X.400 BodyPart as defined in X.420.
-#
-# IMPORT G3FacsimileBodyPart FROM { mhs-motis ipms modules
-# information-objects }
-#
-# personalSignature ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# CHOICE {
-# g3-facsimile [3] G3FacsimileBodyPart
-# }
-# (SIZE (1 .. ub-personal-signature))
-# ::= {pilotAttributeType 53}
-#
-attributetype ( 0.9.2342.19200300.100.1.53 NAME 'personalSignature'
- DESC 'RFC1274: Personal Signature (G3 fax)'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.23 )
-
-# 9.3.44. DIT Redirect
-#
-# The DIT Redirect attribute type is used to indicate that the object
-# described by one entry now has a newer entry in the DIT. The entry
-# containing the redirection attribute should be expired after a
-# suitable grace period. This attribute may be used when an individual
-# changes his/her place of work, and thus acquires a new organisational
-# DN.
-#
-# dITRedirect ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# distinguishedNameSyntax
-# ::= {pilotAttributeType 54}
-#
-attributetype ( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect'
- DESC 'RFC1274: DIT Redirect'
- EQUALITY distinguishedNameMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
-
-# 9.3.45. Audio
-#
-# The Audio attribute type allows the storing of sounds in the
-# Directory. The attribute uses a u-law encoded sound file as used by
-# the "play" utility on a Sun 4. This is an interim format.
-#
-# audio ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# Audio
-# (SIZE (1 .. ub-audio))
-# ::= {pilotAttributeType 55}
-#
-attributetype ( 0.9.2342.19200300.100.1.55 NAME 'audio'
- DESC 'RFC1274: audio (u-law)'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.4{25000} )
-
-# 9.3.46. Publisher of Document
-#
-#
-# The Publisher of Document attribute is the person and/or organization
-# that published a document.
-#
-# documentPublisher ATTRIBUTE
-# WITH ATTRIBUTE SYNTAX caseIgnoreStringSyntax
-# ::= {pilotAttributeType 56}
-#
-attributetype ( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher'
- DESC 'RFC1274: publisher of document'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-
-# 9.4. Generally useful syntaxes
-#
-# caseIgnoreIA5StringSyntax ATTRIBUTE-SYNTAX
-# IA5String
-# MATCHES FOR EQUALITY SUBSTRINGS
-#
-# iA5StringSyntax ATTRIBUTE-SYNTAX
-# IA5String
-# MATCHES FOR EQUALITY SUBSTRINGS
-#
-#
-# -- Syntaxes to support the DNS attributes
-#
-# DNSRecordSyntax ATTRIBUTE-SYNTAX
-# IA5String
-# MATCHES FOR EQUALITY
-#
-#
-# NRSInformationSyntax ATTRIBUTE-SYNTAX
-# NRSInformation
-# MATCHES FOR EQUALITY
-#
-#
-# NRSInformation ::= SET {
-# [0] Context,
-# [1] Address-space-id,
-# routes [2] SEQUENCE OF SEQUENCE {
-# Route-cost,
-# Addressing-info }
-# }
-#
-#
-# 9.5. Upper bounds on length of attribute values
-#
-#
-# ub-document-identifier INTEGER ::= 256
-#
-# ub-document-location INTEGER ::= 256
-#
-# ub-document-title INTEGER ::= 256
-#
-# ub-document-version INTEGER ::= 256
-#
-# ub-favourite-drink INTEGER ::= 256
-#
-# ub-host INTEGER ::= 256
-#
-# ub-information INTEGER ::= 2048
-#
-# ub-unique-identifier INTEGER ::= 256
-#
-# ub-personal-title INTEGER ::= 256
-#
-# ub-photo INTEGER ::= 250000
-#
-# ub-rfc822-mailbox INTEGER ::= 256
-#
-# ub-room-number INTEGER ::= 256
-#
-# ub-text-or-address INTEGER ::= 256
-#
-# ub-user-class INTEGER ::= 256
-#
-# ub-user-identifier INTEGER ::= 256
-#
-# ub-organizational-status INTEGER ::= 256
-#
-# ub-janet-mailbox INTEGER ::= 256
-#
-# ub-building-name INTEGER ::= 256
-#
-# ub-personal-signature ::= 50000
-#
-# ub-audio INTEGER ::= 250000
-#
-
-# [back to 8]
-# 8. Object Classes
-#
-# 8.1. X.500 standard object classes
-#
-# A number of generally useful object classes are defined in X.521, and
-# these are supported. Refer to that document for descriptions of the
-# suggested usage of these object classes. The ASN.1 for these object
-# classes is reproduced for completeness in Appendix C.
-#
-# 8.2. X.400 standard object classes
-#
-# A number of object classes defined in X.400 are supported. Refer to
-# X.402 for descriptions of the usage of these object classes. The
-# ASN.1 for these object classes is reproduced for completeness in
-# Appendix C.
-#
-# 8.3. COSINE/Internet object classes
-#
-# This section attempts to fuse together the object classes designed
-# for use in the COSINE and Internet pilot activities. Descriptions
-# are given of the suggested usage of these object classes. The ASN.1
-# for these object classes is also reproduced in Appendix C.
-#
-# 8.3.1. Pilot Object
-#
-# The PilotObject object class is used as a sub-class to allow some
-# common, useful attributes to be assigned to entries of all other
-# object classes.
-#
-# pilotObject OBJECT-CLASS
-# SUBCLASS OF top
-# MAY CONTAIN {
-# info,
-# photo,
-# manager,
-# uniqueIdentifier,
-# lastModifiedTime,
-# lastModifiedBy,
-# dITRedirect,
-# audio}
-# ::= {pilotObjectClass 3}
-#
-#objectclass ( 0.9.2342.19200300.100.4.3 NAME 'pilotObject'
-# DESC 'RFC1274: pilot object'
-# SUP top AUXILIARY
-# MAY ( info $ photo $ manager $ uniqueIdentifier $
-# lastModifiedTime $ lastModifiedBy $ dITRedirect $ audio )
-# )
-
-# 8.3.2. Pilot Person
-#
-# The PilotPerson object class is used as a sub-class of person, to
-# allow the use of a number of additional attributes to be assigned to
-# entries of object class person.
-#
-# pilotPerson OBJECT-CLASS
-# SUBCLASS OF person
-# MAY CONTAIN {
-# userid,
-# textEncodedORAddress,
-# rfc822Mailbox,
-# favouriteDrink,
-# roomNumber,
-# userClass,
-# homeTelephoneNumber,
-# homePostalAddress,
-# secretary,
-# personalTitle,
-# preferredDeliveryMethod,
-# businessCategory,
-# janetMailbox,
-# otherMailbox,
-# mobileTelephoneNumber,
-# pagerTelephoneNumber,
-# organizationalStatus,
-# mailPreferenceOption,
-# personalSignature}
-# ::= {pilotObjectClass 4}
-#
-objectclass ( 0.9.2342.19200300.100.4.4
- NAME ( 'pilotPerson' 'newPilotPerson' )
- SUP person STRUCTURAL
- MAY ( userid $ textEncodedORAddress $ rfc822Mailbox $
- favouriteDrink $ roomNumber $ userClass $
- homeTelephoneNumber $ homePostalAddress $ secretary $
- personalTitle $ preferredDeliveryMethod $ businessCategory $
- janetMailbox $ otherMailbox $ mobileTelephoneNumber $
- pagerTelephoneNumber $ organizationalStatus $
- mailPreferenceOption $ personalSignature )
- )
-
-# 8.3.3. Account
-#
-# The Account object class is used to define entries representing
-# computer accounts. The userid attribute should be used for naming
-# entries of this object class.
-#
-# account OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# userid}
-# MAY CONTAIN {
-# description,
-# seeAlso,
-# localityName,
-# organizationName,
-# organizationalUnitName,
-# host}
-# ::= {pilotObjectClass 5}
-#
-objectclass ( 0.9.2342.19200300.100.4.5 NAME 'account'
- SUP top STRUCTURAL
- MUST userid
- MAY ( description $ seeAlso $ localityName $
- organizationName $ organizationalUnitName $ host )
- )
-
-# 8.3.4. Document
-#
-# The Document object class is used to define entries which represent
-# documents.
-#
-# document OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# documentIdentifier}
-# MAY CONTAIN {
-# commonName,
-# description,
-# seeAlso,
-# localityName,
-# organizationName,
-# organizationalUnitName,
-# documentTitle,
-# documentVersion,
-# documentAuthor,
-# documentLocation,
-# documentPublisher}
-# ::= {pilotObjectClass 6}
-#
-objectclass ( 0.9.2342.19200300.100.4.6 NAME 'document'
- SUP top STRUCTURAL
- MUST documentIdentifier
- MAY ( commonName $ description $ seeAlso $ localityName $
- organizationName $ organizationalUnitName $
- documentTitle $ documentVersion $ documentAuthor $
- documentLocation $ documentPublisher )
- )
-
-# 8.3.5. Room
-#
-# The Room object class is used to define entries representing rooms.
-# The commonName attribute should be used for naming pentries of this
-# object class.
-#
-# room OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# commonName}
-# MAY CONTAIN {
-# roomNumber,
-# description,
-# seeAlso,
-# telephoneNumber}
-# ::= {pilotObjectClass 7}
-#
-objectclass ( 0.9.2342.19200300.100.4.7 NAME 'room'
- SUP top STRUCTURAL
- MUST commonName
- MAY ( roomNumber $ description $ seeAlso $ telephoneNumber )
- )
-
-# 8.3.6. Document Series
-#
-# The Document Series object class is used to define an entry which
-# represents a series of documents (e.g., The Request For Comments
-# papers).
-#
-# documentSeries OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# commonName}
-# MAY CONTAIN {
-# description,
-# seeAlso,
-# telephoneNumber,
-# localityName,
-# organizationName,
-# organizationalUnitName}
-# ::= {pilotObjectClass 9}
-#
-objectclass ( 0.9.2342.19200300.100.4.9 NAME 'documentSeries'
- SUP top STRUCTURAL
- MUST commonName
- MAY ( description $ seeAlso $ telephonenumber $
- localityName $ organizationName $ organizationalUnitName )
- )
-
-# 8.3.7. Domain
-#
-# The Domain object class is used to define entries which represent DNS
-# or NRS domains. The domainComponent attribute should be used for
-# naming entries of this object class. The usage of this object class
-# is described in more detail in [3].
-#
-# domain OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# domainComponent}
-# MAY CONTAIN {
-# associatedName,
-# organizationName,
-# organizationalAttributeSet}
-# ::= {pilotObjectClass 13}
-#
-objectclass ( 0.9.2342.19200300.100.4.13 NAME 'domain'
- SUP top STRUCTURAL
- MUST domainComponent
- MAY ( associatedName $ organizationName $ description $
- businessCategory $ seeAlso $ searchGuide $ userPassword $
- localityName $ stateOrProvinceName $ streetAddress $
- physicalDeliveryOfficeName $ postalAddress $ postalCode $
- postOfficeBox $ streetAddress $
- facsimileTelephoneNumber $ internationalISDNNumber $
- telephoneNumber $ teletexTerminalIdentifier $ telexNumber $
- preferredDeliveryMethod $ destinationIndicator $
- registeredAddress $ x121Address )
- )
-
-# 8.3.8. RFC822 Local Part
-#
-# The RFC822 Local Part object class is used to define entries which
-# represent the local part of RFC822 mail addresses. This treats this
-# part of an RFC822 address as a domain. The usage of this object
-# class is described in more detail in [3].
-#
-# rFC822localPart OBJECT-CLASS
-# SUBCLASS OF domain
-# MAY CONTAIN {
-# commonName,
-# surname,
-# description,
-# seeAlso,
-# telephoneNumber,
-# postalAttributeSet,
-# telecommunicationAttributeSet}
-# ::= {pilotObjectClass 14}
-#
-objectclass ( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart'
- SUP domain STRUCTURAL
- MAY ( commonName $ surname $ description $ seeAlso $ telephoneNumber $
- physicalDeliveryOfficeName $ postalAddress $ postalCode $
- postOfficeBox $ streetAddress $
- facsimileTelephoneNumber $ internationalISDNNumber $
- telephoneNumber $ teletexTerminalIdentifier $
- telexNumber $ preferredDeliveryMethod $ destinationIndicator $
- registeredAddress $ x121Address )
- )
-
-# 8.3.9. DNS Domain
-#
-# The DNS Domain (Domain NameServer) object class is used to define
-# entries for DNS domains. The usage of this object class is described
-# in more detail in [3].
-#
-# dNSDomain OBJECT-CLASS
-# SUBCLASS OF domain
-# MAY CONTAIN {
-# ARecord,
-# MDRecord,
-# MXRecord,
-# NSRecord,
-# SOARecord,
-# CNAMERecord}
-# ::= {pilotObjectClass 15}
-#
-objectclass ( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain'
- SUP domain STRUCTURAL
- MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $
- SOARecord $ CNAMERecord )
- )
-
-# 8.3.10. Domain Related Object
-#
-# The Domain Related Object object class is used to define entries
-# which represent DNS/NRS domains which are "equivalent" to an X.500
-# domain: e.g., an organisation or organisational unit. The usage of
-# this object class is described in more detail in [3].
-#
-# domainRelatedObject OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# associatedDomain}
-# ::= {pilotObjectClass 17}
-#
-objectclass ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject'
- DESC 'RFC1274: an object related to an domain'
- SUP top AUXILIARY
- MUST associatedDomain )
-
-# 8.3.11. Friendly Country
-#
-# The Friendly Country object class is used to define country entries
-# in the DIT. The object class is used to allow friendlier naming of
-# countries than that allowed by the object class country. The naming
-# attribute of object class country, countryName, has to be a 2 letter
-# string defined in ISO 3166.
-#
-# friendlyCountry OBJECT-CLASS
-# SUBCLASS OF country
-# MUST CONTAIN {
-# friendlyCountryName}
-# ::= {pilotObjectClass 18}
-#
-objectclass ( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry'
- SUP country STRUCTURAL
- MUST friendlyCountryName )
-
-# 8.3.12. Simple Security Object
-#
-# The Simple Security Object object class is used to allow an entry to
-# have a userPassword attribute when an entry's principal object
-# classes do not allow userPassword as an attribute type.
-#
-# simpleSecurityObject OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# userPassword }
-# ::= {pilotObjectClass 19}
-#
-## (in core.schema)
-## objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
-## SUP top AUXILIARY
-## MUST userPassword )
-
-# 8.3.13. Pilot Organization
-#
-# The PilotOrganization object class is used as a sub-class of
-# organization and organizationalUnit to allow a number of additional
-# attributes to be assigned to entries of object classes organization
-# and organizationalUnit.
-#
-# pilotOrganization OBJECT-CLASS
-# SUBCLASS OF organization, organizationalUnit
-# MAY CONTAIN {
-# buildingName}
-# ::= {pilotObjectClass 20}
-#
-objectclass ( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization'
- SUP ( organization $ organizationalUnit ) STRUCTURAL
- MAY buildingName )
-
-# 8.3.14. Pilot DSA
-#
-# The PilotDSA object class is used as a sub-class of the dsa object
-# class to allow additional attributes to be assigned to entries for
-# DSAs.
-#
-# pilotDSA OBJECT-CLASS
-# SUBCLASS OF dsa
-# MUST CONTAIN {
-# dSAQuality}
-# ::= {pilotObjectClass 21}
-#
-objectclass ( 0.9.2342.19200300.100.4.21 NAME 'pilotDSA'
- SUP dsa STRUCTURAL
- MAY dSAQuality )
-
-# 8.3.15. Quality Labelled Data
-#
-# The Quality Labelled Data object class is used to allow the
-# assignment of the data quality attributes to subtrees in the DIT.
-#
-# See [8] for more details.
-#
-# qualityLabelledData OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# dSAQuality}
-# MAY CONTAIN {
-# subtreeMinimumQuality,
-# subtreeMaximumQuality}
-# ::= {pilotObjectClass 22}
-objectclass ( 0.9.2342.19200300.100.4.22 NAME 'qualityLabelledData'
- SUP top AUXILIARY
- MUST dsaQuality
- MAY ( subtreeMinimumQuality $ subtreeMaximumQuality )
- )
-
-
-# References
-#
-# [1] CCITT/ISO, "X.500, The Directory - overview of concepts,
-# models and services, CCITT /ISO IS 9594.
-#
-# [2] Kille, S., "The THORN and RARE X.500 Naming Architecture, in
-# University College London, Department of Computer Science
-# Research Note 89/48, May 1989.
-#
-# [3] Kille, S., "X.500 and Domains", RFC 1279, University College
-# London, November 1991.
-#
-# [4] Rose, M., "PSI/NYSERNet White Pages Pilot Project: Status
-# Report", Technical Report 90-09-10-1, published by NYSERNet
-# Inc, 1990.
-#
-# [5] Craigie, J., "UK Academic Community Directory Service Pilot
-# Project, pp. 305-310 in Computer Networks and ISDN Systems
-# 17 (1989), published by North Holland.
-#
-# [6] Mockapetris, P., "Domain Names - Concepts and Facilities",
-# RFC 1034, USC/Information Sciences Institute, November 1987.
-#
-# [7] Mockapetris, P., "Domain Names - Implementation and
-# Specification, RFC 1035, USC/Information Sciences Institute,
-# November 1987.
-#
-# [8] Kille, S., "Handling QOS (Quality of service) in the
-# Directory," publication in process, March 1991.
-#
-#
-# APPENDIX C - Summary of all Object Classes and Attribute Types
-#
-# -- Some Important Object Identifiers
-#
-# data OBJECT IDENTIFIER ::= {ccitt 9}
-# pss OBJECT IDENTIFIER ::= {data 2342}
-# ucl OBJECT IDENTIFIER ::= {pss 19200300}
-# pilot OBJECT IDENTIFIER ::= {ucl 100}
-#
-# pilotAttributeType OBJECT IDENTIFIER ::= {pilot 1}
-# pilotAttributeSyntax OBJECT IDENTIFIER ::= {pilot 3}
-# pilotObjectClass OBJECT IDENTIFIER ::= {pilot 4}
-# pilotGroups OBJECT IDENTIFIER ::= {pilot 10}
-#
-# iA5StringSyntax OBJECT IDENTIFIER ::= {pilotAttributeSyntax 4}
-# caseIgnoreIA5StringSyntax OBJECT IDENTIFIER ::=
-# {pilotAttributeSyntax 5}
-#
-# -- Standard Object Classes
-#
-# top OBJECT-CLASS
-# MUST CONTAIN {
-# objectClass}
-# ::= {objectClass 0}
-#
-#
-# alias OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# aliasedObjectName}
-# ::= {objectClass 1}
-#
-#
-# country OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# countryName}
-# MAY CONTAIN {
-# description,
-# searchGuide}
-# ::= {objectClass 2}
-#
-#
-# locality OBJECT-CLASS
-# SUBCLASS OF top
-# MAY CONTAIN {
-# description,
-# localityName,
-# stateOrProvinceName,
-# searchGuide,
-# seeAlso,
-# streetAddress}
-# ::= {objectClass 3}
-#
-#
-# organization OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# organizationName}
-# MAY CONTAIN {
-# organizationalAttributeSet}
-# ::= {objectClass 4}
-#
-#
-# organizationalUnit OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# organizationalUnitName}
-# MAY CONTAIN {
-# organizationalAttributeSet}
-# ::= {objectClass 5}
-#
-#
-# person OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# commonName,
-# surname}
-# MAY CONTAIN {
-# description,
-# seeAlso,
-# telephoneNumber,
-# userPassword}
-# ::= {objectClass 6}
-#
-#
-# organizationalPerson OBJECT-CLASS
-# SUBCLASS OF person
-# MAY CONTAIN {
-# localeAttributeSet,
-# organizationalUnitName,
-# postalAttributeSet,
-# telecommunicationAttributeSet,
-# title}
-# ::= {objectClass 7}
-#
-#
-# organizationalRole OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# commonName}
-# MAY CONTAIN {
-# description,
-# localeAttributeSet,
-# organizationalUnitName,
-# postalAttributeSet,
-# preferredDeliveryMethod,
-# roleOccupant,
-# seeAlso,
-# telecommunicationAttributeSet}
-# ::= {objectClass 8}
-#
-#
-# groupOfNames OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# commonName,
-# member}
-# MAY CONTAIN {
-# description,
-# organizationName,
-# organizationalUnitName,
-# owner,
-# seeAlso,
-# businessCategory}
-# ::= {objectClass 9}
-#
-#
-# residentialPerson OBJECT-CLASS
-# SUBCLASS OF person
-# MUST CONTAIN {
-# localityName}
-# MAY CONTAIN {
-# localeAttributeSet,
-# postalAttributeSet,
-# preferredDeliveryMethod,
-# telecommunicationAttributeSet,
-# businessCategory}
-# ::= {objectClass 10}
-#
-#
-# applicationProcess OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# commonName}
-# MAY CONTAIN {
-# description,
-# localityName,
-# organizationalUnitName,
-# seeAlso}
-# ::= {objectClass 11}
-#
-#
-# applicationEntity OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# commonName,
-# presentationAddress}
-# MAY CONTAIN {
-# description,
-# localityName,
-# organizationName,
-# organizationalUnitName,
-# seeAlso,
-# supportedApplicationContext}
-# ::= {objectClass 12}
-#
-#
-# dSA OBJECT-CLASS
-# SUBCLASS OF applicationEntity
-# MAY CONTAIN {
-# knowledgeInformation}
-# ::= {objectClass 13}
-#
-#
-# device OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# commonName}
-# MAY CONTAIN {
-# description,
-# localityName,
-# organizationName,
-# organizationalUnitName,
-# owner,
-# seeAlso,
-# serialNumber}
-# ::= {objectClass 14}
-#
-#
-# strongAuthenticationUser OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# userCertificate}
-# ::= {objectClass 15}
-#
-#
-# certificationAuthority OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# cACertificate,
-# certificateRevocationList,
-# authorityRevocationList}
-# MAY CONTAIN {
-# crossCertificatePair}
-# ::= {objectClass 16}
-#
-# -- Standard MHS Object Classes
-#
-# mhsDistributionList OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# commonName,
-# mhsDLSubmitPermissions,
-# mhsORAddresses}
-# MAY CONTAIN {
-# description,
-# organizationName,
-# organizationalUnitName,
-# owner,
-# seeAlso,
-# mhsDeliverableContentTypes,
-# mhsdeliverableEits,
-# mhsDLMembers,
-# mhsPreferredDeliveryMethods}
-# ::= {mhsObjectClass 0}
-#
-#
-# mhsMessageStore OBJECT-CLASS
-# SUBCLASS OF applicationEntity
-# MAY CONTAIN {
-# description,
-# owner,
-# mhsSupportedOptionalAttributes,
-# mhsSupportedAutomaticActions,
-# mhsSupportedContentTypes}
-# ::= {mhsObjectClass 1}
-#
-#
-# mhsMessageTransferAgent OBJECT-CLASS
-# SUBCLASS OF applicationEntity
-# MAY CONTAIN {
-# description,
-# owner,
-# mhsDeliverableContentLength}
-# ::= {mhsObjectClass 2}
-#
-#
-# mhsOrganizationalUser OBJECT-CLASS
-# SUBCLASS OF organizationalPerson
-# MUST CONTAIN {
-# mhsORAddresses}
-# MAY CONTAIN {
-# mhsDeliverableContentLength,
-# mhsDeliverableContentTypes,
-# mhsDeliverableEits,
-# mhsMessageStoreName,
-# mhsPreferredDeliveryMethods }
-# ::= {mhsObjectClass 3}
-#
-#
-# mhsResidentialUser OBJECT-CLASS
-# SUBCLASS OF residentialPerson
-# MUST CONTAIN {
-# mhsORAddresses}
-# MAY CONTAIN {
-# mhsDeliverableContentLength,
-# mhsDeliverableContentTypes,
-# mhsDeliverableEits,
-# mhsMessageStoreName,
-# mhsPreferredDeliveryMethods }
-# ::= {mhsObjectClass 4}
-#
-#
-# mhsUserAgent OBJECT-CLASS
-# SUBCLASS OF applicationEntity
-# MAY CONTAIN {
-# mhsDeliverableContentLength,
-# mhsDeliverableContentTypes,
-# mhsDeliverableEits,
-# mhsORAddresses,
-# owner}
-# ::= {mhsObjectClass 5}
-#
-#
-#
-#
-# -- Pilot Object Classes
-#
-# pilotObject OBJECT-CLASS
-# SUBCLASS OF top
-# MAY CONTAIN {
-# info,
-# photo,
-# manager,
-# uniqueIdentifier,
-# lastModifiedTime,
-# lastModifiedBy,
-# dITRedirect,
-# audio}
-# ::= {pilotObjectClass 3}
-# pilotPerson OBJECT-CLASS
-# SUBCLASS OF person
-# MAY CONTAIN {
-# userid,
-# textEncodedORAddress,
-# rfc822Mailbox,
-# favouriteDrink,
-# roomNumber,
-# userClass,
-# homeTelephoneNumber,
-# homePostalAddress,
-# secretary,
-# personalTitle,
-# preferredDeliveryMethod,
-# businessCategory,
-# janetMailbox,
-# otherMailbox,
-# mobileTelephoneNumber,
-# pagerTelephoneNumber,
-# organizationalStatus,
-# mailPreferenceOption,
-# personalSignature}
-# ::= {pilotObjectClass 4}
-#
-#
-# account OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# userid}
-# MAY CONTAIN {
-# description,
-# seeAlso,
-# localityName,
-# organizationName,
-# organizationalUnitName,
-# host}
-# ::= {pilotObjectClass 5}
-#
-#
-# document OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# documentIdentifier}
-# MAY CONTAIN {
-# commonName,
-# description,
-# seeAlso,
-# localityName,
-# organizationName,
-# organizationalUnitName,
-# documentTitle,
-# documentVersion,
-# documentAuthor,
-# documentLocation,
-# documentPublisher}
-# ::= {pilotObjectClass 6}
-#
-#
-# room OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# commonName}
-# MAY CONTAIN {
-# roomNumber,
-# description,
-# seeAlso,
-# telephoneNumber}
-# ::= {pilotObjectClass 7}
-#
-#
-# documentSeries OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# commonName}
-# MAY CONTAIN {
-# description,
-# seeAlso,
-# telephoneNumber,
-# localityName,
-# organizationName,
-# organizationalUnitName}
-# ::= {pilotObjectClass 9}
-#
-#
-# domain OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# domainComponent}
-# MAY CONTAIN {
-# associatedName,
-# organizationName,
-# organizationalAttributeSet}
-# ::= {pilotObjectClass 13}
-#
-#
-# rFC822localPart OBJECT-CLASS
-# SUBCLASS OF domain
-# MAY CONTAIN {
-# commonName,
-# surname,
-# description,
-# seeAlso,
-# telephoneNumber,
-# postalAttributeSet,
-# telecommunicationAttributeSet}
-# ::= {pilotObjectClass 14}
-#
-#
-# dNSDomain OBJECT-CLASS
-# SUBCLASS OF domain
-# MAY CONTAIN {
-# ARecord,
-# MDRecord,
-# MXRecord,
-# NSRecord,
-# SOARecord,
-# CNAMERecord}
-# ::= {pilotObjectClass 15}
-#
-#
-# domainRelatedObject OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# associatedDomain}
-# ::= {pilotObjectClass 17}
-#
-#
-# friendlyCountry OBJECT-CLASS
-# SUBCLASS OF country
-# MUST CONTAIN {
-# friendlyCountryName}
-# ::= {pilotObjectClass 18}
-#
-#
-# simpleSecurityObject OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# userPassword }
-# ::= {pilotObjectClass 19}
-#
-#
-# pilotOrganization OBJECT-CLASS
-# SUBCLASS OF organization, organizationalUnit
-# MAY CONTAIN {
-# buildingName}
-# ::= {pilotObjectClass 20}
-#
-#
-# pilotDSA OBJECT-CLASS
-# SUBCLASS OF dsa
-# MUST CONTAIN {
-# dSAQuality}
-# ::= {pilotObjectClass 21}
-#
-#
-# qualityLabelledData OBJECT-CLASS
-# SUBCLASS OF top
-# MUST CONTAIN {
-# dSAQuality}
-# MAY CONTAIN {
-# subtreeMinimumQuality,
-# subtreeMaximumQuality}
-# ::= {pilotObjectClass 22}
-#
-#
-#
-#
-# -- Standard Attribute Types
-#
-# objectClass ObjectClass
-# ::= {attributeType 0}
-#
-#
-# aliasedObjectName AliasedObjectName
-# ::= {attributeType 1}
-#
-#
-# knowledgeInformation ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX caseIgnoreString
-# ::= {attributeType 2}
-#
-#
-# commonName ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
-# (SIZE (1..ub-common-name))
-# ::= {attributeType 3}
-#
-#
-# surname ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
-# (SIZE (1..ub-surname))
-# ::= {attributeType 4}
-#
-#
-# serialNumber ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX printableStringSyntax
-# (SIZE (1..ub-serial-number))
-# ::= {attributeType 5}
-#
-#
-# countryName ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX PrintableString
-# (SIZE (1..ub-country-code))
-# SINGLE VALUE
-# ::= {attributeType 6}
-#
-#
-# localityName ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
-# (SIZE (1..ub-locality-name))
-# ::= {attributeType 7}
-#
-#
-# stateOrProvinceName ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
-# (SIZE (1..ub-state-name))
-# ::= {attributeType 8}
-#
-#
-# streetAddress ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
-# (SIZE (1..ub-street-address))
-# ::= {attributeType 9}
-#
-#
-# organizationName ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
-# (SIZE (1..ub-organization-name))
-# ::= {attributeType 10}
-#
-#
-# organizationalUnitName ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
-# (SIZE (1..ub-organizational-unit-name))
-# ::= {attributeType 11}
-#
-#
-# title ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
-# (SIZE (1..ub-title))
-# ::= {attributeType 12}
-#
-#
-# description ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
-# (SIZE (1..ub-description))
-# ::= {attributeType 13}
-#
-#
-# searchGuide ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX Guide
-# ::= {attributeType 14}
-#
-#
-# businessCategory ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
-# (SIZE (1..ub-business-category))
-# ::= {attributeType 15}
-#
-#
-# postalAddress ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX PostalAddress
-# MATCHES FOR EQUALITY
-# ::= {attributeType 16}
-#
-#
-# postalCode ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
-# (SIZE (1..ub-postal-code))
-# ::= {attributeType 17}
-#
-#
-# postOfficeBox ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
-# (SIZE (1..ub-post-office-box))
-# ::= {attributeType 18}
-#
-#
-# physicalDeliveryOfficeName ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
-# (SIZE (1..ub-physical-office-name))
-# ::= {attributeType 19}
-#
-#
-# telephoneNumber ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX telephoneNumberSyntax
-# (SIZE (1..ub-telephone-number))
-# ::= {attributeType 20}
-#
-#
-# telexNumber ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX TelexNumber
-# (SIZE (1..ub-telex))
-# ::= {attributeType 21}
-#
-#
-# teletexTerminalIdentifier ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX TeletexTerminalIdentifier
-# (SIZE (1..ub-teletex-terminal-id))
-# ::= {attributeType 22}
-#
-#
-# facsimileTelephoneNumber ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX FacsimileTelephoneNumber
-# ::= {attributeType 23}
-#
-#
-# x121Address ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX NumericString
-# (SIZE (1..ub-x121-address))
-# ::= {attributeType 24}
-#
-#
-# internationaliSDNNumber ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX NumericString
-# (SIZE (1..ub-isdn-address))
-# ::= {attributeType 25}
-#
-#
-# registeredAddress ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX PostalAddress
-# ::= {attributeType 26}
-#
-#
-# destinationIndicator ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX PrintableString
-# (SIZE (1..ub-destination-indicator))
-# MATCHES FOR EQUALITY SUBSTRINGS
-# ::= {attributeType 27}
-#
-#
-# preferredDeliveryMethod ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX deliveryMethod
-# ::= {attributeType 28}
-#
-#
-# presentationAddress ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX PresentationAddress
-# MATCHES FOR EQUALITY
-# ::= {attributeType 29}
-#
-#
-# supportedApplicationContext ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX objectIdentifierSyntax
-# ::= {attributeType 30}
-#
-#
-# member ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax
-# ::= {attributeType 31}
-#
-#
-# owner ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax
-# ::= {attributeType 32}
-#
-#
-# roleOccupant ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax
-# ::= {attributeType 33}
-#
-#
-# seeAlso ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax
-# ::= {attributeType 34}
-#
-#
-# userPassword ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX Userpassword
-# ::= {attributeType 35}
-#
-#
-# userCertificate ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX UserCertificate
-# ::= {attributeType 36}
-#
-#
-# cACertificate ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX cACertificate
-# ::= {attributeType 37}
-#
-#
-# authorityRevocationList ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX AuthorityRevocationList
-# ::= {attributeType 38}
-#
-#
-# certificateRevocationList ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX CertificateRevocationList
-# ::= {attributeType 39}
-#
-#
-# crossCertificatePair ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX CrossCertificatePair
-# ::= {attributeType 40}
-#
-#
-#
-#
-# -- Standard MHS Attribute Types
-#
-# mhsDeliverableContentLength ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX integer
-# ::= {mhsAttributeType 0}
-#
-#
-# mhsDeliverableContentTypes ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX oID
-# ::= {mhsAttributeType 1}
-#
-#
-# mhsDeliverableEits ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX oID
-# ::= {mhsAttributeType 2}
-#
-#
-# mhsDLMembers ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX oRName
-# ::= {mhsAttributeType 3}
-#
-#
-# mhsDLSubmitPermissions ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX dLSubmitPermission
-# ::= {mhsAttributeType 4}
-#
-#
-# mhsMessageStoreName ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX dN
-# ::= {mhsAttributeType 5}
-#
-#
-# mhsORAddresses ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX oRAddress
-# ::= {mhsAttributeType 6}
-#
-#
-# mhsPreferredDeliveryMethods ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX deliveryMethod
-# ::= {mhsAttributeType 7}
-#
-#
-# mhsSupportedAutomaticActions ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX oID
-# ::= {mhsAttributeType 8}
-#
-#
-# mhsSupportedContentTypes ATTRIBUTE
-#
-# WITH ATTRIBUTE-SYNTAX oID
-# ::= {mhsAttributeType 9}
-#
-#
-# mhsSupportedOptionalAttributes ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX oID
-# ::= {mhsAttributeType 10}
-#
-#
-#
-#
-# -- Pilot Attribute Types
-#
-# userid ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-user-identifier))
-# ::= {pilotAttributeType 1}
-#
-#
-# textEncodedORAddress ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-text-encoded-or-address))
-# ::= {pilotAttributeType 2}
-#
-#
-# rfc822Mailbox ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreIA5StringSyntax
-# (SIZE (1 .. ub-rfc822-mailbox))
-# ::= {pilotAttributeType 3}
-#
-#
-# info ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-information))
-# ::= {pilotAttributeType 4}
-#
-#
-# favouriteDrink ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-favourite-drink))
-# ::= {pilotAttributeType 5}
-#
-#
-# roomNumber ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-room-number))
-# ::= {pilotAttributeType 6}
-#
-#
-# photo ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# CHOICE {
-# g3-facsimile [3] G3FacsimileBodyPart
-# }
-# (SIZE (1 .. ub-photo))
-# ::= {pilotAttributeType 7}
-#
-#
-# userClass ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-user-class))
-# ::= {pilotAttributeType 8}
-#
-#
-# host ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-host))
-# ::= {pilotAttributeType 9}
-#
-#
-# manager ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# distinguishedNameSyntax
-# ::= {pilotAttributeType 10}
-#
-#
-# documentIdentifier ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-document-identifier))
-# ::= {pilotAttributeType 11}
-#
-#
-# documentTitle ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-document-title))
-# ::= {pilotAttributeType 12}
-#
-#
-# documentVersion ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-document-version))
-# ::= {pilotAttributeType 13}
-#
-#
-# documentAuthor ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# distinguishedNameSyntax
-# ::= {pilotAttributeType 14}
-#
-#
-# documentLocation ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-document-location))
-# ::= {pilotAttributeType 15}
-#
-#
-# homeTelephoneNumber ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# telephoneNumberSyntax
-# ::= {pilotAttributeType 20}
-#
-#
-# secretary ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# distinguishedNameSyntax
-# ::= {pilotAttributeType 21}
-#
-#
-# otherMailbox ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# SEQUENCE {
-# mailboxType PrintableString, -- e.g. Telemail
-# mailbox IA5String -- e.g. X378:Joe
-# }
-# ::= {pilotAttributeType 22}
-#
-#
-# lastModifiedTime ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# uTCTimeSyntax
-# ::= {pilotAttributeType 23}
-#
-#
-# lastModifiedBy ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# distinguishedNameSyntax
-# ::= {pilotAttributeType 24}
-#
-#
-# domainComponent ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreIA5StringSyntax
-# SINGLE VALUE
-# ::= {pilotAttributeType 25}
-#
-#
-# aRecord ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# DNSRecordSyntax
-# ::= {pilotAttributeType 26}
-#
-#
-# mXRecord ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# DNSRecordSyntax
-# ::= {pilotAttributeType 28}
-#
-#
-# nSRecord ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# DNSRecordSyntax
-# ::= {pilotAttributeType 29}
-#
-# sOARecord ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# DNSRecordSyntax
-# ::= {pilotAttributeType 30}
-#
-#
-# cNAMERecord ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# iA5StringSyntax
-# ::= {pilotAttributeType 31}
-#
-#
-# associatedDomain ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreIA5StringSyntax
-# ::= {pilotAttributeType 37}
-#
-#
-# associatedName ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# distinguishedNameSyntax
-# ::= {pilotAttributeType 38}
-#
-#
-# homePostalAddress ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# postalAddress
-# MATCHES FOR EQUALITY
-# ::= {pilotAttributeType 39}
-#
-#
-# personalTitle ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-personal-title))
-# ::= {pilotAttributeType 40}
-#
-#
-# mobileTelephoneNumber ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# telephoneNumberSyntax
-# ::= {pilotAttributeType 41}
-#
-#
-# pagerTelephoneNumber ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# telephoneNumberSyntax
-# ::= {pilotAttributeType 42}
-#
-#
-# friendlyCountryName ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# ::= {pilotAttributeType 43}
-#
-#
-# uniqueIdentifier ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-unique-identifier))
-# ::= {pilotAttributeType 44}
-#
-#
-# organizationalStatus ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-organizational-status))
-# ::= {pilotAttributeType 45}
-#
-#
-# janetMailbox ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreIA5StringSyntax
-# (SIZE (1 .. ub-janet-mailbox))
-# ::= {pilotAttributeType 46}
-#
-#
-# mailPreferenceOption ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX ENUMERATED {
-# no-list-inclusion(0),
-# any-list-inclusion(1), -- may be added to any lists
-# professional-list-inclusion(2)
-# -- may be added to lists
-# -- which the list provider
-# -- views as related to the
-# -- users professional inter-
-# -- ests, perhaps evaluated
-# -- from the business of the
-# -- organisation or keywords
-# -- in the entry.
-# }
-# ::= {pilotAttributeType 47}
-#
-#
-# buildingName ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# caseIgnoreStringSyntax
-# (SIZE (1 .. ub-building-name))
-# ::= {pilotAttributeType 48}
-#
-#
-# dSAQuality ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX DSAQualitySyntax
-# SINGLE VALUE
-# ::= {pilotAttributeType 49}
-#
-#
-# singleLevelQuality ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX DataQualitySyntax
-# SINGLE VALUE
-#
-#
-# subtreeMinimumQuality ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX DataQualitySyntax
-# SINGLE VALUE
-# -- Defaults to singleLevelQuality
-# ::= {pilotAttributeType 51}
-#
-#
-# subtreeMaximumQuality ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX DataQualitySyntax
-# SINGLE VALUE
-# -- Defaults to singleLevelQuality
-# ::= {pilotAttributeType 52}
-#
-#
-# personalSignature ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# CHOICE {
-# g3-facsimile [3] G3FacsimileBodyPart
-# }
-# (SIZE (1 .. ub-personal-signature))
-# ::= {pilotAttributeType 53}
-#
-#
-# dITRedirect ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# distinguishedNameSyntax
-# ::= {pilotAttributeType 54}
-#
-#
-# audio ATTRIBUTE
-# WITH ATTRIBUTE-SYNTAX
-# Audio
-# (SIZE (1 .. ub-audio))
-# ::= {pilotAttributeType 55}
-#
-# documentPublisher ATTRIBUTE
-# WITH ATTRIBUTE SYNTAX caseIgnoreStringSyntax
-# ::= {pilotAttributeType 56}
-#
-#
-#
-# -- Generally useful syntaxes
-#
-#
-# caseIgnoreIA5StringSyntax ATTRIBUTE-SYNTAX
-# IA5String
-# MATCHES FOR EQUALITY SUBSTRINGS
-#
-#
-# iA5StringSyntax ATTRIBUTE-SYNTAX
-# IA5String
-# MATCHES FOR EQUALITY SUBSTRINGS
-#
-#
-# -- Syntaxes to support the DNS attributes
-#
-# DNSRecordSyntax ATTRIBUTE-SYNTAX
-# IA5String
-# MATCHES FOR EQUALITY
-#
-#
-# NRSInformationSyntax ATTRIBUTE-SYNTAX
-# NRSInformation
-# MATCHES FOR EQUALITY
-#
-#
-# NRSInformation ::= SET {
-# [0] Context,
-# [1] Address-space-id,
-# routes [2] SEQUENCE OF SEQUENCE {
-# Route-cost,
-# Addressing-info }
-# }
-#
-#
-# -- Upper bounds on length of attribute values
-#
-#
-# ub-document-identifier INTEGER ::= 256
-#
-# ub-document-location INTEGER ::= 256
-#
-# ub-document-title INTEGER ::= 256
-#
-# ub-document-version INTEGER ::= 256
-#
-# ub-favourite-drink INTEGER ::= 256
-#
-# ub-host INTEGER ::= 256
-#
-# ub-information INTEGER ::= 2048
-#
-# ub-unique-identifier INTEGER ::= 256
-#
-# ub-personal-title INTEGER ::= 256
-#
-# ub-photo INTEGER ::= 250000
-#
-# ub-rfc822-mailbox INTEGER ::= 256
-#
-# ub-room-number INTEGER ::= 256
-#
-# ub-text-or-address INTEGER ::= 256
-#
-# ub-user-class INTEGER ::= 256
-#
-# ub-user-identifier INTEGER ::= 256
-#
-# ub-organizational-status INTEGER ::= 256
-#
-# ub-janet-mailbox INTEGER ::= 256
-#
-# ub-building-name INTEGER ::= 256
-#
-# ub-personal-signature ::= 50000
-#
-# ub-audio INTEGER ::= 250000
-#
-# [remainder of memo trimmed]
-
+++ /dev/null
-# $OpenLDAP$
-## This work is part of OpenLDAP Software <http://www.openldap.org/>.
-##
-## Copyright 1998-2011 The OpenLDAP Foundation.
-## All rights reserved.
-##
-## Redistribution and use in source and binary forms, with or without
-## modification, are permitted only as authorized by the OpenLDAP
-## Public License.
-##
-## A copy of this license is available in the file LICENSE in the
-## top-level directory of the distribution or, alternatively, at
-## <http://www.OpenLDAP.org/license.html>.
-
-# DUA schema from draft-joslin-config-schema (a work in progress)
-
-# Contents of this file are subject to change (including deletion)
-# without notice.
-#
-# Not recommended for production use!
-# Use with extreme caution!
-
-## Notes:
-## - The matching rule for attributes followReferrals and dereferenceAliases
-## has been changed to booleanMatch since their syntax is boolean
-## - There was a typo in the name of the dereferenceAliases attributeType
-## in the DUAConfigProfile objectClass definition
-## - Credit goes to the original Authors
-
-#
-# Application Working Group M. Ansari
-# INTERNET-DRAFT Sun Microsystems, Inc.
-# Expires Febuary 2003 L. Howard
-# PADL Software Pty. Ltd.
-# B. Joslin [ed.]
-# Hewlett-Packard Company
-#
-# September 15th, 2003
-# Intended Category: Informational
-#
-#
-# A Configuration Schema for LDAP Based
-# Directory User Agents
-# <draft-joslin-config-schema-07.txt>
-#
-#Status of this Memo
-#
-# This memo provides information for the Internet community. This
-# memo does not specify an Internet standard of any kind. Distribu-
-# tion of this memo is unlimited.
-#
-# This document is an Internet-Draft and is in full conformance with
-# all provisions of Section 10 of RFC2026.
-#
-# This document is an Internet-Draft. Internet-Drafts are working
-# documents of the Internet Engineering Task Force (IETF), its areas,
-# and its working groups. Note that other groups may also distribute
-# working documents as Internet-Drafts.
-#
-# Internet-Drafts are draft documents valid for a maximum of six
-# months. Internet-Drafts may be updated, replaced, or made obsolete
-# by other documents at any time. It is not appropriate to use
-# Internet-Drafts as reference material or to cite them other than as
-# a "working draft" or "work in progress".
-#
-# To learn the current status of any Internet-Draft, please check the
-# 1id-abstracts.txt listing contained in the Internet-Drafts Shadow
-# Directories on ds.internic.net (US East Coast), nic.nordu.net
-# (Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific
-# Rim).
-#
-# Distribution of this document is unlimited.
-#
-#
-# Abstract
-#
-# This document describes a mechanism for global configuration of
-# similar directory user agents. This document defines a schema for
-# configuration of these DUAs that may be discovered using the Light-
-# weight Directory Access Protocol in RFC 2251[17]. A set of attri-
-# bute types and an objectclass are proposed, along with specific
-# guidelines for interpreting them. A significant feature of the
-# global configuration policy for DUAs is a mechanism that allows
-# DUAs to re-configure their schema to that of the end user's
-# environment. This configuration is achieved through attribute and
-# objectclass mapping. This document is intended to be a skeleton
-# for future documents that describe configuration of specific DUA
-# services.
-#
-#
-# [trimmed]
-#
-#
-# 2. General Issues
-#
-# The schema defined by this document is defined under the "DUA Con-
-# figuration Schema." This schema is derived from the OID: iso (1)
-# org (3) dod (6) internet (1) private (4) enterprises (1) Hewlett-
-# Packard Company (11) directory (1) LDAP-UX Integration Project (3)
-# DUA Configuration Schema (1). This OID is represented in this
-# document by the keystring "DUAConfSchemaOID"
-# (1.3.6.1.4.1.11.1.3.1).
-objectidentifier DUAConfSchemaOID 1.3.6.1.4.1.11.1.3.1
-#
-# 2.2 Attributes
-#
-# The attributes and classes defined in this document are summarized
-# below.
-#
-# The following attributes are defined in this document:
-#
-# preferredServerList
-# defaultServerList
-# defaultSearchBase
-# defaultSearchScope
-# authenticationMethod
-# credentialLevel
-# serviceSearchDescriptor
-#
-#
-#
-# Joslin [Page 3]
-# Internet-Draft DUA Configuration Schema October 2002
-#
-#
-# serviceCredentialLevel
-# serviceAuthenticationMethod
-# attributeMap
-# objectclassMap
-# searchTimeLimit
-# bindTimeLimit
-# followReferrals
-# dereferenceAliases
-# profileTTL
-#
-# 2.3 Object Classes
-#
-# The following object class is defined in this document:
-#
-# DUAConfigProfile
-#
-#
-attributeType ( DUAConfSchemaOID:1.0 NAME 'defaultServerList'
- DESC 'Default LDAP server host address used by a DUA'
- EQUALITY caseIgnoreMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
- SINGLE-VALUE )
-
-attributeType ( DUAConfSchemaOID:1.1 NAME 'defaultSearchBase'
- DESC 'Default LDAP base DN used by a DUA'
- EQUALITY distinguishedNameMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
- SINGLE-VALUE )
-
-attributeType ( DUAConfSchemaOID:1.2 NAME 'preferredServerList'
- DESC 'Preferred LDAP server host addresses to be used by a
- DUA'
- EQUALITY caseIgnoreMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
- SINGLE-VALUE )
-
-attributeType ( DUAConfSchemaOID:1.3 NAME 'searchTimeLimit'
- DESC 'Maximum time in seconds a DUA should allow for a
- search to complete'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
-
-attributeType ( DUAConfSchemaOID:1.4 NAME 'bindTimeLimit'
- DESC 'Maximum time in seconds a DUA should allow for the
- bind operation to complete'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
-
-attributeType ( DUAConfSchemaOID:1.5 NAME 'followReferrals'
- DESC 'Tells DUA if it should follow referrals
- returned by a DSA search result'
- EQUALITY booleanMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
- SINGLE-VALUE )
-
-attributeType ( DUAConfSchemaOID:1.16 NAME 'dereferenceAliases'
- DESC 'Tells DUA if it should dereference aliases'
- EQUALITY booleanMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
- SINGLE-VALUE )
-
-attributeType ( DUAConfSchemaOID:1.6 NAME 'authenticationMethod'
- DESC 'A keystring which identifies the type of
- authentication method used to contact the DSA'
- EQUALITY caseIgnoreMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
- SINGLE-VALUE )
-
-attributeType ( DUAConfSchemaOID:1.7 NAME 'profileTTL'
- DESC 'Time to live, in seconds, before a client DUA
- should re-read this configuration profile'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
-
-attributeType ( DUAConfSchemaOID:1.14 NAME 'serviceSearchDescriptor'
- DESC 'LDAP search descriptor list used by a DUA'
- EQUALITY caseExactMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-
-attributeType ( DUAConfSchemaOID:1.9 NAME 'attributeMap'
- DESC 'Attribute mappings used by a DUA'
- EQUALITY caseIgnoreIA5Match
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-attributeType ( DUAConfSchemaOID:1.10 NAME 'credentialLevel'
- DESC 'Identifies type of credentials a DUA should
- use when binding to the LDAP server'
- EQUALITY caseIgnoreIA5Match
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
- SINGLE-VALUE )
-
-attributeType ( DUAConfSchemaOID:1.11 NAME 'objectclassMap'
- DESC 'Objectclass mappings used by a DUA'
- EQUALITY caseIgnoreIA5Match
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-attributeType ( DUAConfSchemaOID:1.12 NAME 'defaultSearchScope'
- DESC 'Default search scope used by a DUA'
- EQUALITY caseIgnoreIA5Match
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
- SINGLE-VALUE )
-
-attributeType ( DUAConfSchemaOID:1.13 NAME 'serviceCredentialLevel'
- DESC 'Identifies type of credentials a DUA
- should use when binding to the LDAP server for a
- specific service'
- EQUALITY caseIgnoreIA5Match
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-attributeType ( DUAConfSchemaOID:1.15 NAME 'serviceAuthenticationMethod'
- DESC 'Authentication method used by a service of the DUA'
- EQUALITY caseIgnoreMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-#
-# 4. Class Definition
-#
-# The objectclass below is constructed from the attributes defined in
-# 3, with the exception of the cn attribute, which is defined in RFC
-# 2256 [8]. cn is used to represent the name of the DUA configura-
-# tion profile.
-#
-objectClass ( DUAConfSchemaOID:2.5 NAME 'DUAConfigProfile'
- SUP top STRUCTURAL
- DESC 'Abstraction of a base configuration for a DUA'
- MUST ( cn )
- MAY ( defaultServerList $ preferredServerList $
- defaultSearchBase $ defaultSearchScope $
- searchTimeLimit $ bindTimeLimit $
- credentialLevel $ authenticationMethod $
- followReferrals $ dereferenceAliases $
- serviceSearchDescriptor $ serviceCredentialLevel $
- serviceAuthenticationMethod $ objectclassMap $
- attributeMap $ profileTTL ) )
+++ /dev/null
-# dyngroup.schema -- Dynamic Group schema
-# $OpenLDAP$
-## This work is part of OpenLDAP Software <http://www.openldap.org/>.
-##
-## Copyright 1998-2011 The OpenLDAP Foundation.
-## All rights reserved.
-##
-## Redistribution and use in source and binary forms, with or without
-## modification, are permitted only as authorized by the OpenLDAP
-## Public License.
-##
-## A copy of this license is available in the file LICENSE in the
-## top-level directory of the distribution or, alternatively, at
-## <http://www.OpenLDAP.org/license.html>.
-#
-# Dynamic Group schema (experimental), as defined by Netscape. See
-# http://www.redhat.com/docs/manuals/ent-server/pdf/esadmin611.pdf
-# page 70 for details on how these groups were used.
-#
-# A description of the objectclass definition is available here:
-# http://www.redhat.com/docs/manuals/dir-server/schema/7.1/oc_dir.html#1303745
-#
-# depends upon:
-# core.schema
-#
-# These definitions are considered experimental due to the lack of
-# a formal specification (e.g., RFC).
-#
-# NOT RECOMMENDED FOR PRODUCTION USE! USE WITH CAUTION!
-#
-# The Netscape documentation describes this as an auxiliary objectclass
-# but their implementations have always defined it as a structural class.
-# The sloppiness here is because Netscape-derived servers don't actually
-# implement the X.500 data model, and they don't honor the distinction
-# between structural and auxiliary classes. This fact is noted here:
-# http://forum.java.sun.com/thread.jspa?threadID=5016864&messageID=9034636
-#
-# In accordance with other existing implementations, we define it as a
-# structural class.
-#
-# Our definition of memberURL also does not match theirs but again
-# their published definition and what works in practice do not agree.
-# In other words, the Netscape definitions are broken and interoperability
-# is not guaranteed.
-#
-# Also see the new DynGroup proposed spec at
-# http://tools.ietf.org/html/draft-haripriya-dynamicgroup-02
-dn: cn=dyngroup,cn=schema,cn=config
-objectClass: olcSchemaConfig
-cn: dyngroup
-olcObjectIdentifier: {0}NetscapeRoot 2.16.840.1.113730
-olcObjectIdentifier: {1}NetscapeLDAP NetscapeRoot:3
-olcObjectIdentifier: {2}NetscapeLDAPattributeType NetscapeLDAP:1
-olcObjectIdentifier: {3}NetscapeLDAPobjectClass NetscapeLDAP:2
-olcObjectIdentifier: {4}OpenLDAPExp11 1.3.6.1.4.1.4203.666.11
-olcObjectIdentifier: {5}DynGroupBase OpenLDAPExp11:8
-olcObjectIdentifier: {6}DynGroupAttr DynGroupBase:1
-olcObjectIdentifier: {7}DynGroupOC DynGroupBase:2
-olcAttributeTypes: {0}( NetscapeLDAPattributeType:198 NAME 'memberURL' DESC 'I
- dentifies an URL associated with each member of a group. Any type of labeled
- URL can be used.' SUP labeledURI )
-olcAttributeTypes: {1}( DynGroupAttr:1 NAME 'dgIdentity' DESC 'Identity to use
- when processing the memberURL' SUP distinguishedName SINGLE-VALUE )
-olcAttributeTypes: {2}( DynGroupAttr:2 NAME 'dgAuthz' DESC 'Optional authoriza
- tion rules that determine who is allowed to assume the dgIdentity' EQUALITY a
- uthzMatch SYNTAX 1.3.6.1.4.1.4203.666.2.7 X-ORDERED 'VALUES' )
-olcObjectClasses: {0}( NetscapeLDAPobjectClass:33 NAME 'groupOfURLs' SUP top S
- TRUCTURAL MUST cn MAY ( memberURL $ businessCategory $ description $ o $ ou $
- owner $ seeAlso ) )
-olcObjectClasses: {1}( DynGroupOC:1 NAME 'dgIdentityAux' SUP top AUXILIARY MAY
- ( dgIdentity $ dgAuthz ) )
+++ /dev/null
-# dyngroup.schema -- Dynamic Group schema
-# $OpenLDAP$
-## This work is part of OpenLDAP Software <http://www.openldap.org/>.
-##
-## Copyright 1998-2011 The OpenLDAP Foundation.
-## All rights reserved.
-##
-## Redistribution and use in source and binary forms, with or without
-## modification, are permitted only as authorized by the OpenLDAP
-## Public License.
-##
-## A copy of this license is available in the file LICENSE in the
-## top-level directory of the distribution or, alternatively, at
-## <http://www.OpenLDAP.org/license.html>.
-#
-# Dynamic Group schema (experimental), as defined by Netscape. See
-# http://www.redhat.com/docs/manuals/ent-server/pdf/esadmin611.pdf
-# page 70 for details on how these groups were used.
-#
-# A description of the objectclass definition is available here:
-# http://www.redhat.com/docs/manuals/dir-server/schema/7.1/oc_dir.html#1303745
-#
-# depends upon:
-# core.schema
-#
-# These definitions are considered experimental due to the lack of
-# a formal specification (e.g., RFC).
-#
-# NOT RECOMMENDED FOR PRODUCTION USE! USE WITH CAUTION!
-#
-# The Netscape documentation describes this as an auxiliary objectclass
-# but their implementations have always defined it as a structural class.
-# The sloppiness here is because Netscape-derived servers don't actually
-# implement the X.500 data model, and they don't honor the distinction
-# between structural and auxiliary classes. This fact is noted here:
-# http://forum.java.sun.com/thread.jspa?threadID=5016864&messageID=9034636
-#
-# In accordance with other existing implementations, we define it as a
-# structural class.
-#
-# Our definition of memberURL also does not match theirs but again
-# their published definition and what works in practice do not agree.
-# In other words, the Netscape definitions are broken and interoperability
-# is not guaranteed.
-#
-# Also see the new DynGroup proposed spec at
-# http://tools.ietf.org/html/draft-haripriya-dynamicgroup-02
-
-objectIdentifier NetscapeRoot 2.16.840.1.113730
-
-objectIdentifier NetscapeLDAP NetscapeRoot:3
-objectIdentifier NetscapeLDAPattributeType NetscapeLDAP:1
-objectIdentifier NetscapeLDAPobjectClass NetscapeLDAP:2
-
-objectIdentifier OpenLDAPExp11 1.3.6.1.4.1.4203.666.11
-objectIdentifier DynGroupBase OpenLDAPExp11:8
-objectIdentifier DynGroupAttr DynGroupBase:1
-objectIdentifier DynGroupOC DynGroupBase:2
-
-attributetype ( NetscapeLDAPattributeType:198
- NAME 'memberURL'
- DESC 'Identifies an URL associated with each member of a group. Any type of labeled URL can be used.'
- SUP labeledURI )
-
-attributetype ( DynGroupAttr:1
- NAME 'dgIdentity'
- DESC 'Identity to use when processing the memberURL'
- SUP distinguishedName SINGLE-VALUE )
-
-attributeType ( DynGroupAttr:2
- NAME 'dgAuthz'
- DESC 'Optional authorization rules that determine who is allowed to assume the dgIdentity'
- EQUALITY authzMatch
- SYNTAX 1.3.6.1.4.1.4203.666.2.7
- X-ORDERED 'VALUES' )
-
-objectClass ( NetscapeLDAPobjectClass:33
- NAME 'groupOfURLs'
- SUP top STRUCTURAL
- MUST cn
- MAY ( memberURL $ businessCategory $ description $ o $ ou $
- owner $ seeAlso ) )
-
-# The Haripriya dyngroup schema still needs a lot of work.
-# We're just adding support for the dgIdentity attribute for now...
-objectClass ( DynGroupOC:1
- NAME 'dgIdentityAux'
- SUP top AUXILIARY
- MAY ( dgIdentity $ dgAuthz ) )
-
-
+++ /dev/null
-# InetOrgPerson (RFC2798)
-# $OpenLDAP$
-## This work is part of OpenLDAP Software <http://www.openldap.org/>.
-##
-## Copyright 1998-2011 The OpenLDAP Foundation.
-## All rights reserved.
-##
-## Redistribution and use in source and binary forms, with or without
-## modification, are permitted only as authorized by the OpenLDAP
-## Public License.
-##
-## A copy of this license is available in the file LICENSE in the
-## top-level directory of the distribution or, alternatively, at
-## <http://www.OpenLDAP.org/license.html>.
-#
-# InetOrgPerson (RFC2798)
-#
-# Depends upon
-# Definition of an X.500 Attribute Type and an Object Class to Hold
-# Uniform Resource Identifiers (URIs) [RFC2079]
-# (core.ldif)
-#
-# A Summary of the X.500(96) User Schema for use with LDAPv3 [RFC2256]
-# (core.ldif)
-#
-# The COSINE and Internet X.500 Schema [RFC1274] (cosine.ldif)
-#
-# This file was automatically generated from inetorgperson.schema; see
-# that file for complete references.
-#
-dn: cn=inetorgperson,cn=schema,cn=config
-objectClass: olcSchemaConfig
-cn: inetorgperson
-olcAttributeTypes: ( 2.16.840.1.113730.3.1.1 NAME 'carLicense' DESC 'RFC279
- 8: vehicle license or registration plate' EQUALITY caseIgnoreMatch SUBSTR cas
- eIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-olcAttributeTypes: ( 2.16.840.1.113730.3.1.2 NAME 'departmentNumber' DESC '
- RFC2798: identifies a department within an organization' EQUALITY caseIgnoreM
- atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-olcAttributeTypes: ( 2.16.840.1.113730.3.1.241 NAME 'displayName' DESC 'RFC
- 2798: preferred name to be used when displaying entries' EQUALITY caseIgnoreM
- atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI
- NGLE-VALUE )
-olcAttributeTypes: ( 2.16.840.1.113730.3.1.3 NAME 'employeeNumber' DESC 'RF
- C2798: numerically identifies an employee within an organization' EQUALITY ca
- seIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12
- 1.1.15 SINGLE-VALUE )
-olcAttributeTypes: ( 2.16.840.1.113730.3.1.4 NAME 'employeeType' DESC 'RFC2
- 798: type of employment for a person' EQUALITY caseIgnoreMatch SUBSTR caseIgn
- oreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-olcAttributeTypes: ( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' DESC 'RFC2
- 798: a JPEG image' SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 )
-olcAttributeTypes: ( 2.16.840.1.113730.3.1.39 NAME 'preferredLanguage' DESC
- 'RFC2798: preferred written or spoken language for a person' EQUALITY caseIg
- noreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.
- 15 SINGLE-VALUE )
-olcAttributeTypes: ( 2.16.840.1.113730.3.1.40 NAME 'userSMIMECertificate' D
- ESC 'RFC2798: PKCS#7 SignedData used to support S/MIME' SYNTAX 1.3.6.1.4.1.14
- 66.115.121.1.5 )
-olcAttributeTypes: ( 2.16.840.1.113730.3.1.216 NAME 'userPKCS12' DESC 'RFC2
- 798: personal identity information, a PKCS #12 PFX' SYNTAX 1.3.6.1.4.1.1466.1
- 15.121.1.5 )
-olcObjectClasses: ( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson' DESC 'RFC2
- 798: Internet Organizational Person' SUP organizationalPerson STRUCTURAL MAY
- ( audio $ businessCategory $ carLicense $ departmentNumber $ displayName $ em
- ployeeNumber $ employeeType $ givenName $ homePhone $ homePostalAddress $ ini
- tials $ jpegPhoto $ labeledURI $ mail $ manager $ mobile $ o $ pager $ photo
- $ roomNumber $ secretary $ uid $ userCertificate $ x500uniqueIdentifier $ pre
- ferredLanguage $ userSMIMECertificate $ userPKCS12 ) )
+++ /dev/null
-# inetorgperson.schema -- InetOrgPerson (RFC2798)
-# $OpenLDAP$
-## This work is part of OpenLDAP Software <http://www.openldap.org/>.
-##
-## Copyright 1998-2011 The OpenLDAP Foundation.
-## All rights reserved.
-##
-## Redistribution and use in source and binary forms, with or without
-## modification, are permitted only as authorized by the OpenLDAP
-## Public License.
-##
-## A copy of this license is available in the file LICENSE in the
-## top-level directory of the distribution or, alternatively, at
-## <http://www.OpenLDAP.org/license.html>.
-#
-# InetOrgPerson (RFC2798)
-#
-# Depends upon
-# Definition of an X.500 Attribute Type and an Object Class to Hold
-# Uniform Resource Identifiers (URIs) [RFC2079]
-# (core.schema)
-#
-# A Summary of the X.500(96) User Schema for use with LDAPv3 [RFC2256]
-# (core.schema)
-#
-# The COSINE and Internet X.500 Schema [RFC1274] (cosine.schema)
-
-# carLicense
-# This multivalued field is used to record the values of the license or
-# registration plate associated with an individual.
-attributetype ( 2.16.840.1.113730.3.1.1
- NAME 'carLicense'
- DESC 'RFC2798: vehicle license or registration plate'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-
-# departmentNumber
-# Code for department to which a person belongs. This can also be
-# strictly numeric (e.g., 1234) or alphanumeric (e.g., ABC/123).
-attributetype ( 2.16.840.1.113730.3.1.2
- NAME 'departmentNumber'
- DESC 'RFC2798: identifies a department within an organization'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-
-# displayName
-# When displaying an entry, especially within a one-line summary list, it
-# is useful to be able to identify a name to be used. Since other attri-
-# bute types such as 'cn' are multivalued, an additional attribute type is
-# needed. Display name is defined for this purpose.
-attributetype ( 2.16.840.1.113730.3.1.241
- NAME 'displayName'
- DESC 'RFC2798: preferred name to be used when displaying entries'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
- SINGLE-VALUE )
-
-# employeeNumber
-# Numeric or alphanumeric identifier assigned to a person, typically based
-# on order of hire or association with an organization. Single valued.
-attributetype ( 2.16.840.1.113730.3.1.3
- NAME 'employeeNumber'
- DESC 'RFC2798: numerically identifies an employee within an organization'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
- SINGLE-VALUE )
-
-# employeeType
-# Used to identify the employer to employee relationship. Typical values
-# used will be "Contractor", "Employee", "Intern", "Temp", "External", and
-# "Unknown" but any value may be used.
-attributetype ( 2.16.840.1.113730.3.1.4
- NAME 'employeeType'
- DESC 'RFC2798: type of employment for a person'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-
-# jpegPhoto
-# Used to store one or more images of a person using the JPEG File
-# Interchange Format [JFIF].
-# Note that the jpegPhoto attribute type was defined for use in the
-# Internet X.500 pilots but no referencable definition for it could be
-# located.
-attributetype ( 0.9.2342.19200300.100.1.60
- NAME 'jpegPhoto'
- DESC 'RFC2798: a JPEG image'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 )
-
-# preferredLanguage
-# Used to indicate an individual's preferred written or spoken
-# language. This is useful for international correspondence or human-
-# computer interaction. Values for this attribute type MUST conform to
-# the definition of the Accept-Language header field defined in
-# [RFC2068] with one exception: the sequence "Accept-Language" ":"
-# should be omitted. This is a single valued attribute type.
-attributetype ( 2.16.840.1.113730.3.1.39
- NAME 'preferredLanguage'
- DESC 'RFC2798: preferred written or spoken language for a person'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
- SINGLE-VALUE )
-
-# userSMIMECertificate
-# A PKCS#7 [RFC2315] SignedData, where the content that is signed is
-# ignored by consumers of userSMIMECertificate values. It is
-# recommended that values have a `contentType' of data with an absent
-# `content' field. Values of this attribute contain a person's entire
-# certificate chain and an smimeCapabilities field [RFC2633] that at a
-# minimum describes their SMIME algorithm capabilities. Values for
-# this attribute are to be stored and requested in binary form, as
-# 'userSMIMECertificate;binary'. If available, this attribute is
-# preferred over the userCertificate attribute for S/MIME applications.
-## OpenLDAP note: ";binary" transfer should NOT be used as syntax is binary
-attributetype ( 2.16.840.1.113730.3.1.40
- NAME 'userSMIMECertificate'
- DESC 'RFC2798: PKCS#7 SignedData used to support S/MIME'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
-
-# userPKCS12
-# PKCS #12 [PKCS12] provides a format for exchange of personal identity
-# information. When such information is stored in a directory service,
-# the userPKCS12 attribute should be used. This attribute is to be stored
-# and requested in binary form, as 'userPKCS12;binary'. The attribute
-# values are PFX PDUs stored as binary data.
-## OpenLDAP note: ";binary" transfer should NOT be used as syntax is binary
-attributetype ( 2.16.840.1.113730.3.1.216
- NAME 'userPKCS12'
- DESC 'RFC2798: personal identity information, a PKCS #12 PFX'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
-
-
-# inetOrgPerson
-# The inetOrgPerson represents people who are associated with an
-# organization in some way. It is a structural class and is derived
-# from the organizationalPerson which is defined in X.521 [X521].
-objectclass ( 2.16.840.1.113730.3.2.2
- NAME 'inetOrgPerson'
- DESC 'RFC2798: Internet Organizational Person'
- SUP organizationalPerson
- STRUCTURAL
- MAY (
- audio $ businessCategory $ carLicense $ departmentNumber $
- displayName $ employeeNumber $ employeeType $ givenName $
- homePhone $ homePostalAddress $ initials $ jpegPhoto $
- labeledURI $ mail $ manager $ mobile $ o $ pager $
- photo $ roomNumber $ secretary $ uid $ userCertificate $
- x500uniqueIdentifier $ preferredLanguage $
- userSMIMECertificate $ userPKCS12 )
- )
+++ /dev/null
-# java.schema -- Java Object Schema
-# $OpenLDAP$
-## This work is part of OpenLDAP Software <http://www.openldap.org/>.
-##
-## Copyright 1998-2011 The OpenLDAP Foundation.
-## All rights reserved.
-##
-## Redistribution and use in source and binary forms, with or without
-## modification, are permitted only as authorized by the OpenLDAP
-## Public License.
-##
-## A copy of this license is available in the file LICENSE in the
-## top-level directory of the distribution or, alternatively, at
-## <http://www.OpenLDAP.org/license.html>.
-#
-# Java Object Schema (defined in RFC 2713)
-# depends upon core.schema
-#
-
-# Network Working Group V. Ryan
-# Request for Comments: 2713 S. Seligman
-# Category: Informational R. Lee
-# Sun Microsystems, Inc.
-# October 1999
-#
-#
-# Schema for Representing Java(tm) Objects in an LDAP Directory
-#
-# Status of this Memo
-#
-# This memo provides information for the Internet community. It does
-# not specify an Internet standard of any kind. Distribution of this
-# memo is unlimited.
-#
-# Copyright Notice
-#
-# Copyright (C) The Internet Society (1999). All Rights Reserved.
-#
-# Abstract
-#
-# This document defines the schema for representing Java(tm) objects in
-# an LDAP directory [LDAPv3]. It defines schema elements to represent
-# a Java serialized object [Serial], a Java marshalled object [RMI], a
-# Java remote object [RMI], and a JNDI reference [JNDI].
-#
-
-# [trimmed]
-
-# 3 Attribute Type Definitions
-#
-# The following attribute types are defined in this document:
-#
-# javaClassName
-# javaClassNames
-# javaCodebase
-# javaSerializedData
-# javaFactory
-# javaReferenceAddress
-# javaDoc
-#
-# 3.1 javaClassName
-#
-# This attribute stores the fully qualified name of the Java object's
-# "distinguished" class or interface (for example, "java.lang.String").
-# It is a single-valued attribute. This attribute's syntax is '
-# Directory String' and its case is significant.
-#
-# ( 1.3.6.1.4.1.42.2.27.4.1.6
-# NAME 'javaClassName'
-# DESC 'Fully qualified name of distinguished Java class or
-# interface'
-# EQUALITY caseExactMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-# SINGLE-VALUE
-# )
-#
-attributetype ( 1.3.6.1.4.1.42.2.27.4.1.6
- NAME 'javaClassName'
- DESC 'Fully qualified name of distinguished Java class or interface'
- EQUALITY caseExactMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
- SINGLE-VALUE )
-
-# 3.2 javaCodebase
-#
-# This attribute stores the Java class definition's locations. It
-# specifies the locations from which to load the class definition for
-# the class specified by the javaClassName attribute. Each value of
-# the attribute contains an ordered list of URLs, separated by spaces.
-# For example, a value of "url1 url2 url3" means that the three
-# (possibly interdependent) URLs (url1, url2, and url3) form the
-# codebase for loading in the Java class definition.
-#
-# If the javaCodebase attribute contains more than one value, each
-# value is an independent codebase. That is, there is no relationship
-# between the URLs in one value and those in another; each value can be
-# viewed as an alternate source for loading the Java class definition.
-# See [Java] for information regarding class loading.
-#
-# This attribute's syntax is 'IA5 String' and its case is significant.
-#
-# ( 1.3.6.1.4.1.42.2.27.4.1.7
-# NAME 'javaCodebase'
-# DESC 'URL(s) specifying the location of class definition'
-# EQUALITY caseExactIA5Match
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-# )
-#
-attributetype ( 1.3.6.1.4.1.42.2.27.4.1.7
- NAME 'javaCodebase'
- DESC 'URL(s) specifying the location of class definition'
- EQUALITY caseExactIA5Match
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-# 3.3 javaClassNames
-#
-# This attribute stores the Java object's fully qualified class or
-# interface names (for example, "java.lang.String"). It is a
-# multivalued attribute. When more than one value is present, each is
-# the name of a class or interface, or ancestor class or interface, of
-# this object.
-#
-# This attribute's syntax is 'Directory String' and its case is
-# significant.
-#
-# ( 1.3.6.1.4.1.42.2.27.4.1.13
-# NAME 'javaClassNames'
-# DESC 'Fully qualified Java class or interface name'
-# EQUALITY caseExactMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-# )
-#
-#
-attributetype ( 1.3.6.1.4.1.42.2.27.4.1.13
- NAME 'javaClassNames'
- DESC 'Fully qualified Java class or interface name'
- EQUALITY caseExactMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-
-# 3.4 javaSerializedData
-#
-# This attribute stores the serialized form of a Java object. The
-# serialized form is described in [Serial].
-#
-# This attribute's syntax is 'Octet String'.
-#
-# ( 1.3.6.1.4.1.42.2.27.4.1.8
-# NAME 'javaSerializedData
-# DESC 'Serialized form of a Java object'
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-# SINGLE-VALUE
-# )
-#
-attributetype ( 1.3.6.1.4.1.42.2.27.4.1.8
- NAME 'javaSerializedData'
- DESC 'Serialized form of a Java object'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
- SINGLE-VALUE )
-
-# 3.5 javaFactory
-#
-# This attribute stores the fully qualified class name of the object
-# factory (for example, "com.wiz.jndi.WizObjectFactory") that can be
-# used to create an instance of the object identified by the
-# javaClassName attribute.
-#
-# This attribute's syntax is 'Directory String' and its case is
-# significant.
-#
-# ( 1.3.6.1.4.1.42.2.27.4.1.10
-# NAME 'javaFactory'
-# DESC 'Fully qualified Java class name of a JNDI object factory'
-# EQUALITY caseExactMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-# SINGLE-VALUE
-# )
-#
-attributetype ( 1.3.6.1.4.1.42.2.27.4.1.10
- NAME 'javaFactory'
- DESC 'Fully qualified Java class name of a JNDI object factory'
- EQUALITY caseExactMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
- SINGLE-VALUE )
-
-# 3.6 javaReferenceAddress
-#
-# This attribute represents the sequence of addresses of a JNDI
-# reference. Each of its values represents one address, a Java object
-# of type javax.naming.RefAddr. Its value is a concatenation of the
-# address type and address contents, preceded by a sequence number (the
-# order of addresses in a JNDI reference is significant). For example:
-#
-# #0#TypeA#ValA
-# #1#TypeB#ValB
-# #2#TypeC##rO0ABXNyABpq...
-#
-# In more detail, the value is encoded as follows:
-#
-# The delimiter is the first character of the value. For readability
-# the character '#' is recommended when it is not otherwise used
-# anywhere in the value, but any character may be used subject to
-# restrictions given below.
-#
-# The first delimiter is followed by the sequence number. The sequence
-# number of an address is its position in the JNDI reference, with the
-# first address being numbered 0. It is represented by its shortest
-# string form, in decimal notation.
-#
-# The sequence number is followed by a delimiter, then by the address
-# type, and then by another delimiter. If the address is of Java class
-# javax.naming.StringRefAddr, then this delimiter is followed by the
-# value of the address contents (which is a string). Otherwise, this
-# delimiter is followed immediately by another delimiter, and then by
-# the Base64 encoding of the serialized form of the entire address.
-#
-# The delimiter may be any character other than a digit or a character
-# contained in the address type. In addition, if the address contents
-# is a string, the delimiter may not be the first character of that
-# string.
-#
-# This attribute's syntax is 'Directory String' and its case is
-# significant. It can contain multiple values.
-#
-# ( 1.3.6.1.4.1.42.2.27.4.1.11
-# NAME 'javaReferenceAddress'
-# DESC 'Addresses associated with a JNDI Reference'
-# EQUALITY caseExactMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-# )
-#
-attributetype ( 1.3.6.1.4.1.42.2.27.4.1.11
- NAME 'javaReferenceAddress'
- DESC 'Addresses associated with a JNDI Reference'
- EQUALITY caseExactMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-
-# 3.7 javaDoc
-#
-# This attribute stores a pointer to the Java documentation for the
-# class. It's value is a URL. For example, the following URL points to
-# the specification of the java.lang.String class:
-# http://java.sun.com/products/jdk/1.2/docs/api/java/lang/String.html
-#
-# This attribute's syntax is 'IA5 String' and its case is significant.
-#
-# ( 1.3.6.1.4.1.42.2.27.4.1.12
-# NAME 'javaDoc'
-# DESC 'The Java documentation for the class'
-# EQUALITY caseExactIA5Match
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-# )
-#
-attributetype ( 1.3.6.1.4.1.42.2.27.4.1.12
- NAME 'javaDoc'
- DESC 'The Java documentation for the class'
- EQUALITY caseExactIA5Match
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-# 4 Object Class Definitions
-#
-# The following object classes are defined in this document:
-#
-# javaContainer
-# javaObject
-# javaSerializedObject
-# javaMarshalledObject
-# javaNamingReference
-#
-# 4.1 javaContainer
-#
-# This structural object class represents a container for a Java
-# object.
-#
-# ( 1.3.6.1.4.1.42.2.27.4.2.1
-# NAME 'javaContainer'
-# DESC 'Container for a Java object'
-# SUP top
-# STRUCTURAL
-# MUST ( cn )
-# )
-#
-objectclass ( 1.3.6.1.4.1.42.2.27.4.2.1
- NAME 'javaContainer'
- DESC 'Container for a Java object'
- SUP top
- STRUCTURAL
- MUST cn )
-
-# 4.2 javaObject
-#
-# This abstract object class represents a Java object. A javaObject
-# cannot exist in the directory; only auxiliary or structural
-# subclasses of it can exist in the directory.
-#
-# ( 1.3.6.1.4.1.42.2.27.4.2.4
-# NAME 'javaObject'
-# DESC 'Java object representation'
-# SUP top
-# ABSTRACT
-# MUST ( javaClassName )
-# MAY ( javaClassNames $
-# javaCodebase $
-# javaDoc $
-# description )
-# )
-#
-objectclass ( 1.3.6.1.4.1.42.2.27.4.2.4
- NAME 'javaObject'
- DESC 'Java object representation'
- SUP top
- ABSTRACT
- MUST javaClassName
- MAY ( javaClassNames $ javaCodebase $
- javaDoc $ description ) )
-
-# 4.3 javaSerializedObject
-#
-# This auxiliary object class represents a Java serialized object. It
-# must be mixed in with a structural object class.
-#
-# ( 1.3.6.1.4.1.42.2.27.4.2.5
-# NAME 'javaSerializedObject'
-# DESC 'Java serialized object'
-# SUP javaObject
-# AUXILIARY
-# MUST ( javaSerializedData )
-# )
-#
-objectclass ( 1.3.6.1.4.1.42.2.27.4.2.5
- NAME 'javaSerializedObject'
- DESC 'Java serialized object'
- SUP javaObject
- AUXILIARY
- MUST javaSerializedData )
-
-# 4.4 javaMarshalledObject
-#
-# This auxiliary object class represents a Java marshalled object. It
-# must be mixed in with a structural object class.
-#
-# ( 1.3.6.1.4.1.42.2.27.4.2.8
-# NAME 'javaMarshalledObject'
-# DESC 'Java marshalled object'
-# SUP javaObject
-# AUXILIARY
-# MUST ( javaSerializedData )
-# )
-#
-objectclass ( 1.3.6.1.4.1.42.2.27.4.2.8
- NAME 'javaMarshalledObject'
- DESC 'Java marshalled object'
- SUP javaObject
- AUXILIARY
- MUST javaSerializedData )
-
-# 4.5 javaNamingReference
-#
-# This auxiliary object class represents a JNDI reference. It must be
-# mixed in with a structural object class.
-#
-# ( 1.3.6.1.4.1.42.2.27.4.2.7
-# NAME 'javaNamingReference'
-# DESC 'JNDI reference'
-# SUP javaObject
-# AUXILIARY
-# MAY ( javaReferenceAddress $
-# javaFactory )
-# )
-#
-objectclass ( 1.3.6.1.4.1.42.2.27.4.2.7
- NAME 'javaNamingReference'
- DESC 'JNDI reference'
- SUP javaObject
- AUXILIARY
- MAY ( javaReferenceAddress $ javaFactory ) )
-
-# Full Copyright Statement
-#
-# Copyright (C) The Internet Society (1999). All Rights Reserved.
-#
-# This document and translations of it may be copied and furnished to
-# others, and derivative works that comment on or otherwise explain it
-# or assist in its implementation may be prepared, copied, published
-# and distributed, in whole or in part, without restriction of any
-# kind, provided that the above copyright notice and this paragraph are
-# included on all such copies and derivative works. However, this
-# document itself may not be modified in any way, such as by removing
-# the copyright notice or references to the Internet Society or other
-# Internet organizations, except as needed for the purpose of
-# developing Internet standards in which case the procedures for
-# copyrights defined in the Internet Standards process must be
-# followed, or as required to translate it into languages other than
-# English.
-#
-# The limited permissions granted above are perpetual and will not be
-# revoked by the Internet Society or its successors or assigns.
-#
-# This document and the information contained herein is provided on an
-# "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
-# TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
-# BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
-# HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
-# MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+++ /dev/null
-# misc.schema -- assorted schema definitions
-# $OpenLDAP$
-## This work is part of OpenLDAP Software <http://www.openldap.org/>.
-##
-## Copyright 1998-2011 The OpenLDAP Foundation.
-## All rights reserved.
-##
-## Redistribution and use in source and binary forms, with or without
-## modification, are permitted only as authorized by the OpenLDAP
-## Public License.
-##
-## A copy of this license is available in the file LICENSE in the
-## top-level directory of the distribution or, alternatively, at
-## <http://www.OpenLDAP.org/license.html>.
-#
-# Assorted definitions from several sources, including
-# ''works in progress''. Contents of this file are
-# subject to change (including deletion) without notice.
-#
-# Not recommended for production use!
-# Use with extreme caution!
-
-#-----------------------------------------------------------
-# draft-lachman-laser-ldap-mail-routing-02.txt !!!EXPIRED!!!
-# (a work in progress)
-#
-attributetype ( 2.16.840.1.113730.3.1.13
- NAME 'mailLocalAddress'
- DESC 'RFC822 email address of this recipient'
- EQUALITY caseIgnoreIA5Match
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
-
-attributetype ( 2.16.840.1.113730.3.1.18
- NAME 'mailHost'
- DESC 'FQDN of the SMTP/MTA of this recipient'
- EQUALITY caseIgnoreIA5Match
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
- SINGLE-VALUE )
-
-attributetype ( 2.16.840.1.113730.3.1.47
- NAME 'mailRoutingAddress'
- DESC 'RFC822 routing address of this recipient'
- EQUALITY caseIgnoreIA5Match
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
- SINGLE-VALUE )
-
-# I-D leaves this OID TBD.
-# iPlanet uses 2.16.840.1.113.730.3.2.147 but that is an
-# improperly delegated OID. A typo is likely.
-objectclass ( 2.16.840.1.113730.3.2.147
- NAME 'inetLocalMailRecipient'
- DESC 'Internet local mail recipient'
- SUP top AUXILIARY
- MAY ( mailLocalAddress $ mailHost $ mailRoutingAddress ) )
-
-#-----------------------------------------------------------
-# draft-srivastava-ldap-mail-00.txt !!!EXPIRED!!!
-# (a work in progress)
-#
-attributetype ( 1.3.6.1.4.1.42.2.27.2.1.15
- NAME 'rfc822MailMember'
- DESC 'rfc822 mail address of group member(s)'
- EQUALITY caseIgnoreIA5Match
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-#-----------------------------------------------------------
-# !!!no I-D!!!
-# (a work in progress)
-#
-objectclass ( 1.3.6.1.4.1.42.2.27.1.2.5
- NAME 'nisMailAlias'
- DESC 'NIS mail alias'
- SUP top STRUCTURAL
- MUST cn
- MAY rfc822MailMember )
+++ /dev/null
-# NIS (RFC2307)
-# $OpenLDAP$
-## This work is part of OpenLDAP Software <http://www.openldap.org/>.
-##
-## Copyright 1998-2011 The OpenLDAP Foundation.
-## All rights reserved.
-##
-## Redistribution and use in source and binary forms, with or without
-## modification, are permitted only as authorized by the OpenLDAP
-## Public License.
-##
-## A copy of this license is available in the file LICENSE in the
-## top-level directory of the distribution or, alternatively, at
-## <http://www.OpenLDAP.org/license.html>.
-#
-# Definitions from RFC2307 (Experimental)
-# An Approach for Using LDAP as a Network Information Service
-#
-# Depends upon core.ldif and cosine.ldif
-#
-# This file was automatically generated from nis.schema; see that file
-# for complete references.
-#
-dn: cn=nis,cn=schema,cn=config
-objectClass: olcSchemaConfig
-cn: nis
-olcAttributeTypes: ( 1.3.6.1.1.1.1.2 NAME 'gecos' DESC 'The GECOS field; th
- e common name' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatc
- h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
-olcAttributeTypes: ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory' DESC 'The absolut
- e path to the home directory' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1
- 466.115.121.1.26 SINGLE-VALUE )
-olcAttributeTypes: ( 1.3.6.1.1.1.1.4 NAME 'loginShell' DESC 'The path to th
- e login shell' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.2
- 6 SINGLE-VALUE )
-olcAttributeTypes: ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' EQUALITY integ
- erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-olcAttributeTypes: ( 1.3.6.1.1.1.1.6 NAME 'shadowMin' EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-olcAttributeTypes: ( 1.3.6.1.1.1.1.7 NAME 'shadowMax' EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-olcAttributeTypes: ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning' EQUALITY integerM
- atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-olcAttributeTypes: ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive' EQUALITY integer
- Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-olcAttributeTypes: ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire' EQUALITY integerM
- atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-olcAttributeTypes: ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag' EQUALITY integerMat
- ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-olcAttributeTypes: ( 1.3.6.1.1.1.1.12 NAME 'memberUid' EQUALITY caseExactI
- A5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.
- 26 )
-olcAttributeTypes: ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup' EQUALITY ca
- seExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.11
- 5.121.1.26 )
-olcAttributeTypes: ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' DESC 'Netgr
- oup triple' SYNTAX 1.3.6.1.1.1.0.0 )
-olcAttributeTypes: ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort' EQUALITY intege
- rMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-olcAttributeTypes: ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol' SUP name )
-olcAttributeTypes: ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber' EQUALITY int
- egerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-olcAttributeTypes: ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber' EQUALITY integer
- Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-olcAttributeTypes: ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber' DESC 'IP address
- ' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
-olcAttributeTypes: ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber' DESC 'IP netw
- ork' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SI
- NGLE-VALUE )
-olcAttributeTypes: ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber' DESC 'IP netm
- ask' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SI
- NGLE-VALUE )
-olcAttributeTypes: ( 1.3.6.1.1.1.1.22 NAME 'macAddress' DESC 'MAC address'
- EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
-olcAttributeTypes: ( 1.3.6.1.1.1.1.23 NAME 'bootParameter' DESC 'rpc.bootp
- aramd parameter' SYNTAX 1.3.6.1.1.1.0.1 )
-olcAttributeTypes: ( 1.3.6.1.1.1.1.24 NAME 'bootFile' DESC 'Boot image nam
- e' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-olcAttributeTypes: ( 1.3.6.1.1.1.1.26 NAME 'nisMapName' SUP name )
-olcAttributeTypes: ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry' EQUALITY caseExac
- tIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.
- 1.26{1024} SINGLE-VALUE )
-olcObjectClasses: ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' DESC 'Abstraction o
- f an account with POSIX attributes' SUP top AUXILIARY MUST ( cn $ uid $ uidNu
- mber $ gidNumber $ homeDirectory ) MAY ( userPassword $ loginShell $ gecos $
- description ) )
-olcObjectClasses: ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' DESC 'Additional a
- ttributes for shadow passwords' SUP top AUXILIARY MUST uid MAY ( userPassword
- $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive
- $ shadowExpire $ shadowFlag $ description ) )
-olcObjectClasses: ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' DESC 'Abstraction of
- a group of accounts' SUP top STRUCTURAL MUST ( cn $ gidNumber ) MAY ( userPas
- sword $ memberUid $ description ) )
-olcObjectClasses: ( 1.3.6.1.1.1.2.3 NAME 'ipService' DESC 'Abstraction an I
- nternet Protocol service' SUP top STRUCTURAL MUST ( cn $ ipServicePort $ ipSe
- rviceProtocol ) MAY description )
-olcObjectClasses: ( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' DESC 'Abstraction of
- an IP protocol' SUP top STRUCTURAL MUST ( cn $ ipProtocolNumber $ description
- ) MAY description )
-olcObjectClasses: ( 1.3.6.1.1.1.2.5 NAME 'oncRpc' DESC 'Abstraction of an O
- NC/RPC binding' SUP top STRUCTURAL MUST ( cn $ oncRpcNumber $ description ) M
- AY description )
-olcObjectClasses: ( 1.3.6.1.1.1.2.6 NAME 'ipHost' DESC 'Abstraction of a ho
- st, an IP device' SUP top AUXILIARY MUST ( cn $ ipHostNumber ) MAY ( l $ desc
- ription $ manager ) )
-olcObjectClasses: ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' DESC 'Abstraction of a
- n IP network' SUP top STRUCTURAL MUST ( cn $ ipNetworkNumber ) MAY ( ipNetmas
- kNumber $ l $ description $ manager ) )
-olcObjectClasses: ( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' DESC 'Abstraction of
- a netgroup' SUP top STRUCTURAL MUST cn MAY ( nisNetgroupTriple $ memberNisNe
- tgroup $ description ) )
-olcObjectClasses: ( 1.3.6.1.1.1.2.9 NAME 'nisMap' DESC 'A generic abstracti
- on of a NIS map' SUP top STRUCTURAL MUST nisMapName MAY description )
-olcObjectClasses: ( 1.3.6.1.1.1.2.10 NAME 'nisObject' DESC 'An entry in a
- NIS map' SUP top STRUCTURAL MUST ( cn $ nisMapEntry $ nisMapName ) MAY descri
- ption )
-olcObjectClasses: ( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' DESC 'A device w
- ith a MAC address' SUP top AUXILIARY MAY macAddress )
-olcObjectClasses: ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' DESC 'A device
- with boot parameters' SUP top AUXILIARY MAY ( bootFile $ bootParameter ) )
+++ /dev/null
-# $OpenLDAP$
-## This work is part of OpenLDAP Software <http://www.openldap.org/>.
-##
-## Copyright 1998-2011 The OpenLDAP Foundation.
-## All rights reserved.
-##
-## Redistribution and use in source and binary forms, with or without
-## modification, are permitted only as authorized by the OpenLDAP
-## Public License.
-##
-## A copy of this license is available in the file LICENSE in the
-## top-level directory of the distribution or, alternatively, at
-## <http://www.OpenLDAP.org/license.html>.
-
-# Definitions from RFC2307 (Experimental)
-# An Approach for Using LDAP as a Network Information Service
-
-# Depends upon core.schema and cosine.schema
-
-# Note: The definitions in RFC2307 are given in syntaxes closely related
-# to those in RFC2252, however, some liberties are taken that are not
-# supported by RFC2252. This file has been written following RFC2252
-# strictly.
-
-# OID Base is iso(1) org(3) dod(6) internet(1) directory(1) nisSchema(1).
-# i.e. nisSchema in RFC2307 is 1.3.6.1.1.1
-#
-# Syntaxes are under 1.3.6.1.1.1.0 (two new syntaxes are defined)
-# validaters for these syntaxes are incomplete, they only
-# implement printable string validation (which is good as the
-# common use of these syntaxes violates the specification).
-# Attribute types are under 1.3.6.1.1.1.1
-# Object classes are under 1.3.6.1.1.1.2
-
-# Attribute Type Definitions
-
-# builtin
-#attributetype ( 1.3.6.1.1.1.1.0 NAME 'uidNumber'
-# DESC 'An integer uniquely identifying a user in an administrative domain'
-# EQUALITY integerMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-# builtin
-#attributetype ( 1.3.6.1.1.1.1.1 NAME 'gidNumber'
-# DESC 'An integer uniquely identifying a group in an administrative domain'
-# EQUALITY integerMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.1.1.1.2 NAME 'gecos'
- DESC 'The GECOS field; the common name'
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory'
- DESC 'The absolute path to the home directory'
- EQUALITY caseExactIA5Match
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.1.1.1.4 NAME 'loginShell'
- DESC 'The path to the login shell'
- EQUALITY caseExactIA5Match
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.1.1.1.6 NAME 'shadowMin'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.1.1.1.7 NAME 'shadowMax'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.1.1.1.12 NAME 'memberUid'
- EQUALITY caseExactIA5Match
- SUBSTR caseExactIA5SubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-attributetype ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup'
- EQUALITY caseExactIA5Match
- SUBSTR caseExactIA5SubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-attributetype ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple'
- DESC 'Netgroup triple'
- SYNTAX 1.3.6.1.1.1.0.0 )
-
-attributetype ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol'
- SUP name )
-
-attributetype ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber'
- DESC 'IP address'
- EQUALITY caseIgnoreIA5Match
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
-
-attributetype ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber'
- DESC 'IP network'
- EQUALITY caseIgnoreIA5Match
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber'
- DESC 'IP netmask'
- EQUALITY caseIgnoreIA5Match
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.1.1.1.22 NAME 'macAddress'
- DESC 'MAC address'
- EQUALITY caseIgnoreIA5Match
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
-
-attributetype ( 1.3.6.1.1.1.1.23 NAME 'bootParameter'
- DESC 'rpc.bootparamd parameter'
- SYNTAX 1.3.6.1.1.1.0.1 )
-
-attributetype ( 1.3.6.1.1.1.1.24 NAME 'bootFile'
- DESC 'Boot image name'
- EQUALITY caseExactIA5Match
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-attributetype ( 1.3.6.1.1.1.1.26 NAME 'nisMapName'
- SUP name )
-
-attributetype ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry'
- EQUALITY caseExactIA5Match
- SUBSTR caseExactIA5SubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1024} SINGLE-VALUE )
-
-# Object Class Definitions
-
-objectclass ( 1.3.6.1.1.1.2.0 NAME 'posixAccount'
- DESC 'Abstraction of an account with POSIX attributes'
- SUP top AUXILIARY
- MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory )
- MAY ( userPassword $ loginShell $ gecos $ description ) )
-
-objectclass ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount'
- DESC 'Additional attributes for shadow passwords'
- SUP top AUXILIARY
- MUST uid
- MAY ( userPassword $ shadowLastChange $ shadowMin $
- shadowMax $ shadowWarning $ shadowInactive $
- shadowExpire $ shadowFlag $ description ) )
-
-objectclass ( 1.3.6.1.1.1.2.2 NAME 'posixGroup'
- DESC 'Abstraction of a group of accounts'
- SUP top STRUCTURAL
- MUST ( cn $ gidNumber )
- MAY ( userPassword $ memberUid $ description ) )
-
-objectclass ( 1.3.6.1.1.1.2.3 NAME 'ipService'
- DESC 'Abstraction an Internet Protocol service'
- SUP top STRUCTURAL
- MUST ( cn $ ipServicePort $ ipServiceProtocol )
- MAY ( description ) )
-
-objectclass ( 1.3.6.1.1.1.2.4 NAME 'ipProtocol'
- DESC 'Abstraction of an IP protocol'
- SUP top STRUCTURAL
- MUST ( cn $ ipProtocolNumber $ description )
- MAY description )
-
-objectclass ( 1.3.6.1.1.1.2.5 NAME 'oncRpc'
- DESC 'Abstraction of an ONC/RPC binding'
- SUP top STRUCTURAL
- MUST ( cn $ oncRpcNumber $ description )
- MAY description )
-
-objectclass ( 1.3.6.1.1.1.2.6 NAME 'ipHost'
- DESC 'Abstraction of a host, an IP device'
- SUP top AUXILIARY
- MUST ( cn $ ipHostNumber )
- MAY ( l $ description $ manager ) )
-
-objectclass ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork'
- DESC 'Abstraction of an IP network'
- SUP top STRUCTURAL
- MUST ( cn $ ipNetworkNumber )
- MAY ( ipNetmaskNumber $ l $ description $ manager ) )
-
-objectclass ( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup'
- DESC 'Abstraction of a netgroup'
- SUP top STRUCTURAL
- MUST cn
- MAY ( nisNetgroupTriple $ memberNisNetgroup $ description ) )
-
-objectclass ( 1.3.6.1.1.1.2.9 NAME 'nisMap'
- DESC 'A generic abstraction of a NIS map'
- SUP top STRUCTURAL
- MUST nisMapName
- MAY description )
-
-objectclass ( 1.3.6.1.1.1.2.10 NAME 'nisObject'
- DESC 'An entry in a NIS map'
- SUP top STRUCTURAL
- MUST ( cn $ nisMapEntry $ nisMapName )
- MAY description )
-
-objectclass ( 1.3.6.1.1.1.2.11 NAME 'ieee802Device'
- DESC 'A device with a MAC address'
- SUP top AUXILIARY
- MAY macAddress )
-
-objectclass ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice'
- DESC 'A device with boot parameters'
- SUP top AUXILIARY
- MAY ( bootFile $ bootParameter ) )
+++ /dev/null
-# $OpenLDAP$
-## This work is part of OpenLDAP Software <http://www.openldap.org/>.
-##
-## Copyright 1998-2011 The OpenLDAP Foundation.
-## All rights reserved.
-##
-## Redistribution and use in source and binary forms, with or without
-## modification, are permitted only as authorized by the OpenLDAP
-## Public License.
-##
-## A copy of this license is available in the file LICENSE in the
-## top-level directory of the distribution or, alternatively, at
-## <http://www.OpenLDAP.org/license.html>.
-#
-#
-# OpenLDAP Project's directory schema items
-#
-# depends upon:
-# core.schema
-# cosine.schema
-# inetorgperson.schema
-#
-# These are provided for informational purposes only.
-#
-# This openldap.ldif file is provided as a demonstration of how to
-# convert a *.schema file into *.ldif format. The key points:
-# In LDIF, a blank line terminates an entry. Blank lines in a *.schema
-# file should be replaced with a single '#' to turn them into
-# comments, or they should just be removed.
-# In addition to the actual schema directives, the file needs a small
-# header to make it a valid LDAP entry. This header must provide the
-# dn of the entry, the objectClass, and the cn, as shown here:
-#
-dn: cn=openldap,cn=schema,cn=config
-objectClass: olcSchemaConfig
-cn: openldap
-#
-# The schema directives need to be changed to LDAP Attributes.
-# First a basic string substitution can be done on each of the keywords:
-# objectIdentifier -> olcObjectIdentifier:
-# objectClass -> olcObjectClasses:
-# attributeType -> olcAttributeTypes:
-# Then leading whitespace must be fixed. The slapd.conf format allows
-# tabs or spaces to denote line continuation, while LDIF only allows
-# the space character.
-# Also slapd.conf preserves the continuation character, while LDIF strips
-# it out. So a single TAB/SPACE in slapd.conf must be replaced with
-# two SPACEs in LDIF, otherwise the continued text may get joined as
-# a single word.
-# The directives must be listed in a proper sequence:
-# All olcObjectIdentifiers must be first, so they may be referenced by
-# any following definitions.
-# All olcAttributeTypes must be next, so they may be referenced by any
-# following objectClass definitions.
-# All olcObjectClasses must be after the olcAttributeTypes.
-# And of course, any superior must occur before anything that inherits
-# from it.
-#
-olcObjectIdentifier: OpenLDAProot 1.3.6.1.4.1.4203
-#
-olcObjectIdentifier: OpenLDAP OpenLDAProot:1
-olcObjectIdentifier: OpenLDAPattributeType OpenLDAP:3
-olcObjectIdentifier: OpenLDAPobjectClass OpenLDAP:4
-#
-olcObjectClasses: ( OpenLDAPobjectClass:3
- NAME 'OpenLDAPorg'
- DESC 'OpenLDAP Organizational Object'
- SUP organization
- MAY ( buildingName $ displayName $ labeledURI ) )
-#
-olcObjectClasses: ( OpenLDAPobjectClass:4
- NAME 'OpenLDAPou'
- DESC 'OpenLDAP Organizational Unit Object'
- SUP organizationalUnit
- MAY ( buildingName $ displayName $ labeledURI $ o ) )
-#
-olcObjectClasses: ( OpenLDAPobjectClass:5
- NAME 'OpenLDAPperson'
- DESC 'OpenLDAP Person'
- SUP ( pilotPerson $ inetOrgPerson )
- MUST ( uid $ cn )
- MAY ( givenName $ labeledURI $ o ) )
-#
-olcObjectClasses: ( OpenLDAPobjectClass:6
- NAME 'OpenLDAPdisplayableObject'
- DESC 'OpenLDAP Displayable Object'
- AUXILIARY
- MAY displayName )
+++ /dev/null
-# $OpenLDAP$
-## This work is part of OpenLDAP Software <http://www.openldap.org/>.
-##
-## Copyright 1998-2011 The OpenLDAP Foundation.
-## All rights reserved.
-##
-## Redistribution and use in source and binary forms, with or without
-## modification, are permitted only as authorized by the OpenLDAP
-## Public License.
-##
-## A copy of this license is available in the file LICENSE in the
-## top-level directory of the distribution or, alternatively, at
-## <http://www.OpenLDAP.org/license.html>.
-
-#
-# OpenLDAP Project's directory schema items
-#
-# depends upon:
-# core.schema
-# cosine.schema
-# inetorgperson.schema
-#
-# These are provided for informational purposes only.
-
-objectIdentifier OpenLDAProot 1.3.6.1.4.1.4203
-
-objectIdentifier OpenLDAP OpenLDAProot:1
-objectIdentifier OpenLDAPattributeType OpenLDAP:3
-objectIdentifier OpenLDAPobjectClass OpenLDAP:4
-
-objectClass ( OpenLDAPobjectClass:3
- NAME 'OpenLDAPorg'
- DESC 'OpenLDAP Organizational Object'
- SUP organization
- MAY ( buildingName $ displayName $ labeledURI ) )
-
-objectClass ( OpenLDAPobjectClass:4
- NAME 'OpenLDAPou'
- DESC 'OpenLDAP Organizational Unit Object'
- SUP organizationalUnit
- MAY ( buildingName $ displayName $ labeledURI $ o ) )
-
-objectClass ( OpenLDAPobjectClass:5
- NAME 'OpenLDAPperson'
- DESC 'OpenLDAP Person'
- SUP ( pilotPerson $ inetOrgPerson )
- MUST ( uid $ cn )
- MAY ( givenName $ labeledURI $ o ) )
-
-objectClass ( OpenLDAPobjectClass:6
- NAME 'OpenLDAPdisplayableObject'
- DESC 'OpenLDAP Displayable Object'
- AUXILIARY
- MAY displayName )
+++ /dev/null
-# OpenLDAP X.509 PMI schema
-# $OpenLDAP$
-## This work is part of OpenLDAP Software <http://www.openldap.org/>.
-##
-## Copyright 1998-2011 The OpenLDAP Foundation.
-## All rights reserved.
-##
-## Redistribution and use in source and binary forms, with or without
-## modification, are permitted only as authorized by the OpenLDAP
-## Public License.
-##
-## A copy of this license is available in the file LICENSE in the
-## top-level directory of the distribution or, alternatively, at
-## <http://www.OpenLDAP.org/license.html>.
-#
-## Portions Copyright (C) The Internet Society (1997-2006).
-## All Rights Reserved.
-##
-## This document and translations of it may be copied and furnished to
-## others, and derivative works that comment on or otherwise explain it
-## or assist in its implementation may be prepared, copied, published
-## and distributed, in whole or in part, without restriction of any
-## kind, provided that the above copyright notice and this paragraph are
-## included on all such copies and derivative works. However, this
-## document itself may not be modified in any way, such as by removing
-## the copyright notice or references to the Internet Society or other
-## Internet organizations, except as needed for the purpose of
-## developing Internet standards in which case the procedures for
-## copyrights defined in the Internet Standards process must be
-## followed, or as required to translate it into languages other than
-## English.
-##
-## The limited permissions granted above are perpetual and will not be
-## revoked by the Internet Society or its successors or assigns.
-##
-## This document and the information contained herein is provided on an
-## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
-## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
-## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
-## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
-## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
-
-#
-#
-# Includes LDAPv3 schema items from:
-# ITU X.509 (08/2005)
-#
-## X.509 (08/2005) pp. 120-121
-##
-## -- object identifier assignments --
-## -- object classes --
-## id-oc-pmiUser OBJECT IDENTIFIER ::= {id-oc 24}
-## id-oc-pmiAA OBJECT IDENTIFIER ::= {id-oc 25}
-## id-oc-pmiSOA OBJECT IDENTIFIER ::= {id-oc 26}
-## id-oc-attCertCRLDistributionPts OBJECT IDENTIFIER ::= {id-oc 27}
-## id-oc-privilegePolicy OBJECT IDENTIFIER ::= {id-oc 32}
-## id-oc-pmiDelegationPath OBJECT IDENTIFIER ::= {id-oc 33}
-## id-oc-protectedPrivilegePolicy OBJECT IDENTIFIER ::= {id-oc 34}
-## -- directory attributes --
-## id-at-attributeCertificate OBJECT IDENTIFIER ::= {id-at 58}
-## id-at-attributeCertificateRevocationList OBJECT IDENTIFIER ::= {id-at 59}
-## id-at-aACertificate OBJECT IDENTIFIER ::= {id-at 61}
-## id-at-attributeDescriptorCertificate OBJECT IDENTIFIER ::= {id-at 62}
-## id-at-attributeAuthorityRevocationList OBJECT IDENTIFIER ::= {id-at 63}
-## id-at-privPolicy OBJECT IDENTIFIER ::= {id-at 71}
-## id-at-role OBJECT IDENTIFIER ::= {id-at 72}
-## id-at-delegationPath OBJECT IDENTIFIER ::= {id-at 73}
-## id-at-protPrivPolicy OBJECT IDENTIFIER ::= {id-at 74}
-## id-at-xMLPrivilegeInfo OBJECT IDENTIFIER ::= {id-at 75}
-## id-at-xMLPprotPrivPolicy OBJECT IDENTIFIER ::= {id-at 76}
-## -- attribute certificate extensions --
-## id-ce-authorityAttributeIdentifier OBJECT IDENTIFIER ::= {id-ce 38}
-## id-ce-roleSpecCertIdentifier OBJECT IDENTIFIER ::= {id-ce 39}
-## id-ce-basicAttConstraints OBJECT IDENTIFIER ::= {id-ce 41}
-## id-ce-delegatedNameConstraints OBJECT IDENTIFIER ::= {id-ce 42}
-## id-ce-timeSpecification OBJECT IDENTIFIER ::= {id-ce 43}
-## id-ce-attributeDescriptor OBJECT IDENTIFIER ::= {id-ce 48}
-## id-ce-userNotice OBJECT IDENTIFIER ::= {id-ce 49}
-## id-ce-sOAIdentifier OBJECT IDENTIFIER ::= {id-ce 50}
-## id-ce-acceptableCertPolicies OBJECT IDENTIFIER ::= {id-ce 52}
-## id-ce-targetInformation OBJECT IDENTIFIER ::= {id-ce 55}
-## id-ce-noRevAvail OBJECT IDENTIFIER ::= {id-ce 56}
-## id-ce-acceptablePrivilegePolicies OBJECT IDENTIFIER ::= {id-ce 57}
-## id-ce-indirectIssuer OBJECT IDENTIFIER ::= {id-ce 61}
-## id-ce-noAssertion OBJECT IDENTIFIER ::= {id-ce 62}
-## id-ce-issuedOnBehalfOf OBJECT IDENTIFIER ::= {id-ce 64}
-## -- PMI matching rules --
-## id-mr-attributeCertificateMatch OBJECT IDENTIFIER ::= {id-mr 42}
-## id-mr-attributeCertificateExactMatch OBJECT IDENTIFIER ::= {id-mr 45}
-## id-mr-holderIssuerMatch OBJECT IDENTIFIER ::= {id-mr 46}
-## id-mr-authAttIdMatch OBJECT IDENTIFIER ::= {id-mr 53}
-## id-mr-roleSpecCertIdMatch OBJECT IDENTIFIER ::= {id-mr 54}
-## id-mr-basicAttConstraintsMatch OBJECT IDENTIFIER ::= {id-mr 55}
-## id-mr-delegatedNameConstraintsMatch OBJECT IDENTIFIER ::= {id-mr 56}
-## id-mr-timeSpecMatch OBJECT IDENTIFIER ::= {id-mr 57}
-## id-mr-attDescriptorMatch OBJECT IDENTIFIER ::= {id-mr 58}
-## id-mr-acceptableCertPoliciesMatch OBJECT IDENTIFIER ::= {id-mr 59}
-## id-mr-delegationPathMatch OBJECT IDENTIFIER ::= {id-mr 61}
-## id-mr-sOAIdentifierMatch OBJECT IDENTIFIER ::= {id-mr 66}
-## id-mr-indirectIssuerMatch OBJECT IDENTIFIER ::= {id-mr 67}
-##
-##
-## X.509 (08/2005) pp. 71, 86-89
-##
-## 14.4.1 Role attribute
-## role ATTRIBUTE ::= {
-## WITH SYNTAX RoleSyntax
-## ID id-at-role }
-## RoleSyntax ::= SEQUENCE {
-## roleAuthority [0] GeneralNames OPTIONAL,
-## roleName [1] GeneralName }
-##
-## 14.5 XML privilege information attribute
-## xmlPrivilegeInfo ATTRIBUTE ::= {
-## WITH SYNTAX UTF8String -- contains XML-encoded privilege information
-## ID id-at-xMLPrivilegeInfo }
-##
-## 17.1 PMI directory object classes
-##
-## 17.1.1 PMI user object class
-## pmiUser OBJECT-CLASS ::= {
-## -- a PMI user (i.e., a "holder")
-## SUBCLASS OF {top}
-## KIND auxiliary
-## MAY CONTAIN {attributeCertificateAttribute}
-## ID id-oc-pmiUser }
-##
-## 17.1.2 PMI AA object class
-## pmiAA OBJECT-CLASS ::= {
-## -- a PMI AA
-## SUBCLASS OF {top}
-## KIND auxiliary
-## MAY CONTAIN {aACertificate |
-## attributeCertificateRevocationList |
-## attributeAuthorityRevocationList}
-## ID id-oc-pmiAA }
-##
-## 17.1.3 PMI SOA object class
-## pmiSOA OBJECT-CLASS ::= { -- a PMI Source of Authority
-## SUBCLASS OF {top}
-## KIND auxiliary
-## MAY CONTAIN {attributeCertificateRevocationList |
-## attributeAuthorityRevocationList |
-## attributeDescriptorCertificate}
-## ID id-oc-pmiSOA }
-##
-## 17.1.4 Attribute certificate CRL distribution point object class
-## attCertCRLDistributionPt OBJECT-CLASS ::= {
-## SUBCLASS OF {top}
-## KIND auxiliary
-## MAY CONTAIN { attributeCertificateRevocationList |
-## attributeAuthorityRevocationList }
-## ID id-oc-attCertCRLDistributionPts }
-##
-## 17.1.5 PMI delegation path
-## pmiDelegationPath OBJECT-CLASS ::= {
-## SUBCLASS OF {top}
-## KIND auxiliary
-## MAY CONTAIN { delegationPath }
-## ID id-oc-pmiDelegationPath }
-##
-## 17.1.6 Privilege policy object class
-## privilegePolicy OBJECT-CLASS ::= {
-## SUBCLASS OF {top}
-## KIND auxiliary
-## MAY CONTAIN {privPolicy }
-## ID id-oc-privilegePolicy }
-##
-## 17.1.7 Protected privilege policy object class
-## protectedPrivilegePolicy OBJECT-CLASS ::= {
-## SUBCLASS OF {top}
-## KIND auxiliary
-## MAY CONTAIN {protPrivPolicy }
-## ID id-oc-protectedPrivilegePolicy }
-##
-## 17.2 PMI Directory attributes
-##
-## 17.2.1 Attribute certificate attribute
-## attributeCertificateAttribute ATTRIBUTE ::= {
-## WITH SYNTAX AttributeCertificate
-## EQUALITY MATCHING RULE attributeCertificateExactMatch
-## ID id-at-attributeCertificate }
-##
-## 17.2.2 AA certificate attribute
-## aACertificate ATTRIBUTE ::= {
-## WITH SYNTAX AttributeCertificate
-## EQUALITY MATCHING RULE attributeCertificateExactMatch
-## ID id-at-aACertificate }
-##
-## 17.2.3 Attribute descriptor certificate attribute
-## attributeDescriptorCertificate ATTRIBUTE ::= {
-## WITH SYNTAX AttributeCertificate
-## EQUALITY MATCHING RULE attributeCertificateExactMatch
-## ID id-at-attributeDescriptorCertificate }
-##
-## 17.2.4 Attribute certificate revocation list attribute
-## attributeCertificateRevocationList ATTRIBUTE ::= {
-## WITH SYNTAX CertificateList
-## EQUALITY MATCHING RULE certificateListExactMatch
-## ID id-at-attributeCertificateRevocationList}
-##
-## 17.2.5 AA certificate revocation list attribute
-## attributeAuthorityRevocationList ATTRIBUTE ::= {
-## WITH SYNTAX CertificateList
-## EQUALITY MATCHING RULE certificateListExactMatch
-## ID id-at-attributeAuthorityRevocationList }
-##
-## 17.2.6 Delegation path attribute
-## delegationPath ATTRIBUTE ::= {
-## WITH SYNTAX AttCertPath
-## ID id-at-delegationPath }
-## AttCertPath ::= SEQUENCE OF AttributeCertificate
-##
-## 17.2.7 Privilege policy attribute
-## privPolicy ATTRIBUTE ::= {
-## WITH SYNTAX PolicySyntax
-## ID id-at-privPolicy }
-##
-## 17.2.8 Protected privilege policy attribute
-## protPrivPolicy ATTRIBUTE ::= {
-## WITH SYNTAX AttributeCertificate
-## EQUALITY MATCHING RULE attributeCertificateExactMatch
-## ID id-at-protPrivPolicy }
-##
-## 17.2.9 XML Protected privilege policy attribute
-## xmlPrivPolicy ATTRIBUTE ::= {
-## WITH SYNTAX UTF8String -- contains XML-encoded privilege policy information
-## ID id-at-xMLPprotPrivPolicy }
-##
-
-## -- object identifier assignments --
-## -- object classes --
-objectidentifier id-oc-pmiUser 2.5.6.24
-objectidentifier id-oc-pmiAA 2.5.6.25
-objectidentifier id-oc-pmiSOA 2.5.6.26
-objectidentifier id-oc-attCertCRLDistributionPts 2.5.6.27
-objectidentifier id-oc-privilegePolicy 2.5.6.32
-objectidentifier id-oc-pmiDelegationPath 2.5.6.33
-objectidentifier id-oc-protectedPrivilegePolicy 2.5.6.34
-## -- directory attributes --
-objectidentifier id-at-attributeCertificate 2.5.4.58
-objectidentifier id-at-attributeCertificateRevocationList 2.5.4.59
-objectidentifier id-at-aACertificate 2.5.4.61
-objectidentifier id-at-attributeDescriptorCertificate 2.5.4.62
-objectidentifier id-at-attributeAuthorityRevocationList 2.5.4.63
-objectidentifier id-at-privPolicy 2.5.4.71
-objectidentifier id-at-role 2.5.4.72
-objectidentifier id-at-delegationPath 2.5.4.73
-objectidentifier id-at-protPrivPolicy 2.5.4.74
-objectidentifier id-at-xMLPrivilegeInfo 2.5.4.75
-objectidentifier id-at-xMLPprotPrivPolicy 2.5.4.76
-## -- attribute certificate extensions --
-## id-ce-authorityAttributeIdentifier OBJECT IDENTIFIER ::= {id-ce 38}
-## id-ce-roleSpecCertIdentifier OBJECT IDENTIFIER ::= {id-ce 39}
-## id-ce-basicAttConstraints OBJECT IDENTIFIER ::= {id-ce 41}
-## id-ce-delegatedNameConstraints OBJECT IDENTIFIER ::= {id-ce 42}
-## id-ce-timeSpecification OBJECT IDENTIFIER ::= {id-ce 43}
-## id-ce-attributeDescriptor OBJECT IDENTIFIER ::= {id-ce 48}
-## id-ce-userNotice OBJECT IDENTIFIER ::= {id-ce 49}
-## id-ce-sOAIdentifier OBJECT IDENTIFIER ::= {id-ce 50}
-## id-ce-acceptableCertPolicies OBJECT IDENTIFIER ::= {id-ce 52}
-## id-ce-targetInformation OBJECT IDENTIFIER ::= {id-ce 55}
-## id-ce-noRevAvail OBJECT IDENTIFIER ::= {id-ce 56}
-## id-ce-acceptablePrivilegePolicies OBJECT IDENTIFIER ::= {id-ce 57}
-## id-ce-indirectIssuer OBJECT IDENTIFIER ::= {id-ce 61}
-## id-ce-noAssertion OBJECT IDENTIFIER ::= {id-ce 62}
-## id-ce-issuedOnBehalfOf OBJECT IDENTIFIER ::= {id-ce 64}
-## -- PMI matching rules --
-objectidentifier id-mr 2.5.13
-objectidentifier id-mr-attributeCertificateMatch id-mr:42
-objectidentifier id-mr-attributeCertificateExactMatch id-mr:45
-objectidentifier id-mr-holderIssuerMatch id-mr:46
-objectidentifier id-mr-authAttIdMatch id-mr:53
-objectidentifier id-mr-roleSpecCertIdMatch id-mr:54
-objectidentifier id-mr-basicAttConstraintsMatch id-mr:55
-objectidentifier id-mr-delegatedNameConstraintsMatch id-mr:56
-objectidentifier id-mr-timeSpecMatch id-mr:57
-objectidentifier id-mr-attDescriptorMatch id-mr:58
-objectidentifier id-mr-acceptableCertPoliciesMatch id-mr:59
-objectidentifier id-mr-delegationPathMatch id-mr:61
-objectidentifier id-mr-sOAIdentifierMatch id-mr:66
-objectidentifier id-mr-indirectIssuerMatch id-mr:67
-## -- syntaxes --
-## NOTE: 1.3.6.1.4.1.4203.666.11.10 is the oid arc assigned by OpenLDAP
-## to this work in progress
-objectidentifier AttributeCertificate 1.3.6.1.4.1.4203.666.11.10.2.1
-objectidentifier CertificateList 1.3.6.1.4.1.1466.115.121.1.9
-objectidentifier AttCertPath 1.3.6.1.4.1.4203.666.11.10.2.4
-objectidentifier PolicySyntax 1.3.6.1.4.1.4203.666.11.10.2.5
-objectidentifier RoleSyntax 1.3.6.1.4.1.4203.666.11.10.2.6
-# NOTE: OIDs from <draft-ietf-pkix-ldap-schema-02.txt> (expired)
-#objectidentifier AttributeCertificate 1.2.826.0.1.3344810.7.5
-#objectidentifier AttCertPath 1.2.826.0.1.3344810.7.10
-#objectidentifier PolicySyntax 1.2.826.0.1.3344810.7.17
-#objectidentifier RoleSyntax 1.2.826.0.1.3344810.7.13
-##
-## Substitute syntaxes
-##
-## AttCertPath
-ldapsyntax ( 1.3.6.1.4.1.4203.666.11.10.2.4
- NAME 'AttCertPath'
- DESC 'X.509 PMI attribute cartificate path: SEQUENCE OF AttributeCertificate'
- X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' )
-##
-## PolicySyntax
-ldapsyntax ( 1.3.6.1.4.1.4203.666.11.10.2.5
- NAME 'PolicySyntax'
- DESC 'X.509 PMI policy syntax'
- X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' )
-##
-## RoleSyntax
-ldapsyntax ( 1.3.6.1.4.1.4203.666.11.10.2.6
- NAME 'RoleSyntax'
- DESC 'X.509 PMI role syntax'
- X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' )
-##
-## X.509 (08/2005) pp. 71, 86-89
-##
-## 14.4.1 Role attribute
-attributeType ( id-at-role
- NAME 'role'
- DESC 'X.509 Role attribute, use ;binary'
- SYNTAX RoleSyntax )
-##
-## 14.5 XML privilege information attribute
-## -- contains XML-encoded privilege information
-attributeType ( id-at-xMLPrivilegeInfo
- NAME 'xmlPrivilegeInfo'
- DESC 'X.509 XML privilege information attribute'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-##
-## 17.2 PMI Directory attributes
-##
-## 17.2.1 Attribute certificate attribute
-attributeType ( id-at-attributeCertificate
- NAME 'attributeCertificateAttribute'
- DESC 'X.509 Attribute certificate attribute, use ;binary'
- SYNTAX AttributeCertificate
- EQUALITY attributeCertificateExactMatch )
-##
-## 17.2.2 AA certificate attribute
-attributeType ( id-at-aACertificate
- NAME 'aACertificate'
- DESC 'X.509 AA certificate attribute, use ;binary'
- SYNTAX AttributeCertificate
- EQUALITY attributeCertificateExactMatch )
-##
-## 17.2.3 Attribute descriptor certificate attribute
-attributeType ( id-at-attributeDescriptorCertificate
- NAME 'attributeDescriptorCertificate'
- DESC 'X.509 Attribute descriptor certificate attribute, use ;binary'
- SYNTAX AttributeCertificate
- EQUALITY attributeCertificateExactMatch )
-##
-## 17.2.4 Attribute certificate revocation list attribute
-attributeType ( id-at-attributeCertificateRevocationList
- NAME 'attributeCertificateRevocationList'
- DESC 'X.509 Attribute certificate revocation list attribute, use ;binary'
- SYNTAX CertificateList
- X-EQUALITY 'certificateListExactMatch, not implemented yet' )
-##
-## 17.2.5 AA certificate revocation list attribute
-attributeType ( id-at-attributeAuthorityRevocationList
- NAME 'attributeAuthorityRevocationList'
- DESC 'X.509 AA certificate revocation list attribute, use ;binary'
- SYNTAX CertificateList
- X-EQUALITY 'certificateListExactMatch, not implemented yet' )
-##
-## 17.2.6 Delegation path attribute
-attributeType ( id-at-delegationPath
- NAME 'delegationPath'
- DESC 'X.509 Delegation path attribute, use ;binary'
- SYNTAX AttCertPath )
-## AttCertPath ::= SEQUENCE OF AttributeCertificate
-##
-## 17.2.7 Privilege policy attribute
-attributeType ( id-at-privPolicy
- NAME 'privPolicy'
- DESC 'X.509 Privilege policy attribute, use ;binary'
- SYNTAX PolicySyntax )
-##
-## 17.2.8 Protected privilege policy attribute
-attributeType ( id-at-protPrivPolicy
- NAME 'protPrivPolicy'
- DESC 'X.509 Protected privilege policy attribute, use ;binary'
- SYNTAX AttributeCertificate
- EQUALITY attributeCertificateExactMatch )
-##
-## 17.2.9 XML Protected privilege policy attribute
-## -- contains XML-encoded privilege policy information
-attributeType ( id-at-xMLPprotPrivPolicy
- NAME 'xmlPrivPolicy'
- DESC 'X.509 XML Protected privilege policy attribute'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-##
-## 17.1 PMI directory object classes
-##
-## 17.1.1 PMI user object class
-## -- a PMI user (i.e., a "holder")
-objectClass ( id-oc-pmiUser
- NAME 'pmiUser'
- DESC 'X.509 PMI user object class'
- SUP top
- AUXILIARY
- MAY ( attributeCertificateAttribute ) )
-##
-## 17.1.2 PMI AA object class
-## -- a PMI AA
-objectClass ( id-oc-pmiAA
- NAME 'pmiAA'
- DESC 'X.509 PMI AA object class'
- SUP top
- AUXILIARY
- MAY ( aACertificate $
- attributeCertificateRevocationList $
- attributeAuthorityRevocationList
- ) )
-##
-## 17.1.3 PMI SOA object class
-## -- a PMI Source of Authority
-objectClass ( id-oc-pmiSOA
- NAME 'pmiSOA'
- DESC 'X.509 PMI SOA object class'
- SUP top
- AUXILIARY
- MAY ( attributeCertificateRevocationList $
- attributeAuthorityRevocationList $
- attributeDescriptorCertificate
- ) )
-##
-## 17.1.4 Attribute certificate CRL distribution point object class
-objectClass ( id-oc-attCertCRLDistributionPts
- NAME 'attCertCRLDistributionPt'
- DESC 'X.509 Attribute certificate CRL distribution point object class'
- SUP top
- AUXILIARY
- MAY ( attributeCertificateRevocationList $
- attributeAuthorityRevocationList
- ) )
-##
-## 17.1.5 PMI delegation path
-objectClass ( id-oc-pmiDelegationPath
- NAME 'pmiDelegationPath'
- DESC 'X.509 PMI delegation path'
- SUP top
- AUXILIARY
- MAY ( delegationPath ) )
-##
-## 17.1.6 Privilege policy object class
-objectClass ( id-oc-privilegePolicy
- NAME 'privilegePolicy'
- DESC 'X.509 Privilege policy object class'
- SUP top
- AUXILIARY
- MAY ( privPolicy ) )
-##
-## 17.1.7 Protected privilege policy object class
-objectClass ( id-oc-protectedPrivilegePolicy
- NAME 'protectedPrivilegePolicy'
- DESC 'X.509 Protected privilege policy object class'
- SUP top
- AUXILIARY
- MAY ( protPrivPolicy ) )
-
+++ /dev/null
-# $OpenLDAP$
-## This work is part of OpenLDAP Software <http://www.openldap.org/>.
-##
-## Copyright 2004-2011 The OpenLDAP Foundation.
-## All rights reserved.
-##
-## Redistribution and use in source and binary forms, with or without
-## modification, are permitted only as authorized by the OpenLDAP
-## Public License.
-##
-## A copy of this license is available in the file LICENSE in the
-## top-level directory of the distribution or, alternatively, at
-## <http://www.OpenLDAP.org/license.html>.
-#
-## Portions Copyright (C) The Internet Society (2004).
-## Please see full copyright statement below.
-
-# Definitions from Draft behera-ldap-password-policy-07 (a work in progress)
-# Password Policy for LDAP Directories
-# With extensions from Hewlett-Packard:
-# pwdCheckModule etc.
-
-# Contents of this file are subject to change (including deletion)
-# without notice.
-#
-# Not recommended for production use!
-# Use with extreme caution!
-
-#Network Working Group J. Sermersheim
-#Internet-Draft Novell, Inc
-#Expires: April 24, 2005 L. Poitou
-# Sun Microsystems
-# October 24, 2004
-#
-#
-# Password Policy for LDAP Directories
-# draft-behera-ldap-password-policy-08.txt
-#
-#Status of this Memo
-#
-# This document is an Internet-Draft and is subject to all provisions
-# of section 3 of RFC 3667. By submitting this Internet-Draft, each
-# author represents that any applicable patent or other IPR claims of
-# which he or she is aware have been or will be disclosed, and any of
-# which he or she become aware will be disclosed, in accordance with
-# RFC 3668.
-#
-# Internet-Drafts are working documents of the Internet Engineering
-# Task Force (IETF), its areas, and its working groups. Note that
-# other groups may also distribute working documents as
-# Internet-Drafts.
-#
-# Internet-Drafts are draft documents valid for a maximum of six months
-# and may be updated, replaced, or obsoleted by other documents at any
-# time. It is inappropriate to use Internet-Drafts as reference
-# material or to cite them other than as "work in progress."
-#
-# The list of current Internet-Drafts can be accessed at
-# http://www.ietf.org/ietf/1id-abstracts.txt.
-#
-# The list of Internet-Draft Shadow Directories can be accessed at
-# http://www.ietf.org/shadow.html.
-#
-# This Internet-Draft will expire on April 24, 2005.
-#
-#Copyright Notice
-#
-# Copyright (C) The Internet Society (2004).
-#
-#Abstract
-#
-# Password policy as described in this document is a set of rules that
-# controls how passwords are used and administered in Lightweight
-# Directory Access Protocol (LDAP) based directories. In order to
-# improve the security of LDAP directories and make it difficult for
-# password cracking programs to break into directories, it is desirable
-# to enforce a set of rules on password usage. These rules are made to
-#
-# [trimmed]
-#
-#5. Schema used for Password Policy
-#
-# The schema elements defined here fall into two general categories. A
-# password policy object class is defined which contains a set of
-# administrative password policy attributes, and a set of operational
-# attributes are defined that hold general password policy state
-# information for each user.
-#
-#5.2 Attribute Types used in the pwdPolicy ObjectClass
-#
-# Following are the attribute types used by the pwdPolicy object class.
-#
-#5.2.1 pwdAttribute
-#
-# This holds the name of the attribute to which the password policy is
-# applied. For example, the password policy may be applied to the
-# userPassword attribute.
-
-attributetype ( 1.3.6.1.4.1.42.2.27.8.1.1
- NAME 'pwdAttribute'
- EQUALITY objectIdentifierMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
-
-#5.2.2 pwdMinAge
-#
-# This attribute holds the number of seconds that must elapse between
-# modifications to the password. If this attribute is not present, 0
-# seconds is assumed.
-
-attributetype ( 1.3.6.1.4.1.42.2.27.8.1.2
- NAME 'pwdMinAge'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
-
-#5.2.3 pwdMaxAge
-#
-# This attribute holds the number of seconds after which a modified
-# password will expire.
-#
-# If this attribute is not present, or if the value is 0 the password
-# does not expire. If not 0, the value must be greater than or equal
-# to the value of the pwdMinAge.
-
-attributetype ( 1.3.6.1.4.1.42.2.27.8.1.3
- NAME 'pwdMaxAge'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
-
-#5.2.4 pwdInHistory
-#
-# This attribute specifies the maximum number of used passwords stored
-# in the pwdHistory attribute.
-#
-# If this attribute is not present, or if the value is 0, used
-# passwords are not stored in the pwdHistory attribute and thus may be
-# reused.
-
-attributetype ( 1.3.6.1.4.1.42.2.27.8.1.4
- NAME 'pwdInHistory'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
-
-#5.2.5 pwdCheckQuality
-#
-# {TODO: Consider changing the syntax to OID. Each OID will list a
-# quality rule (like min len, # of special characters, etc). These
-# rules can be specified outsid ethis document.}
-#
-# {TODO: Note that even though this is meant to be a check that happens
-# during password modification, it may also be allowed to happen during
-# authN. This is useful for situations where the password is encrypted
-# when modified, but decrypted when used to authN.}
-#
-# This attribute indicates how the password quality will be verified
-# while being modified or added. If this attribute is not present, or
-# if the value is '0', quality checking will not be enforced. A value
-# of '1' indicates that the server will check the quality, and if the
-# server is unable to check it (due to a hashed password or other
-# reasons) it will be accepted. A value of '2' indicates that the
-# server will check the quality, and if the server is unable to verify
-# it, it will return an error refusing the password.
-
-attributetype ( 1.3.6.1.4.1.42.2.27.8.1.5
- NAME 'pwdCheckQuality'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
-
-#5.2.6 pwdMinLength
-#
-# When quality checking is enabled, this attribute holds the minimum
-# number of characters that must be used in a password. If this
-# attribute is not present, no minimum password length will be
-# enforced. If the server is unable to check the length (due to a
-# hashed password or otherwise), the server will, depending on the
-# value of the pwdCheckQuality attribute, either accept the password
-# without checking it ('0' or '1') or refuse it ('2').
-
-attributetype ( 1.3.6.1.4.1.42.2.27.8.1.6
- NAME 'pwdMinLength'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
-
-#5.2.7 pwdExpireWarning
-#
-# This attribute specifies the maximum number of seconds before a
-# password is due to expire that expiration warning messages will be
-# returned to an authenticating user.
-#
-# If this attribute is not present, or if the value is 0 no warnings
-# will be returned. If not 0, the value must be smaller than the value
-# of the pwdMaxAge attribute.
-
-attributetype ( 1.3.6.1.4.1.42.2.27.8.1.7
- NAME 'pwdExpireWarning'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
-
-#5.2.8 pwdGraceAuthNLimit
-#
-# This attribute specifies the number of times an expired password can
-# be used to authenticate. If this attribute is not present or if the
-# value is 0, authentication will fail.
-
-attributetype ( 1.3.6.1.4.1.42.2.27.8.1.8
- NAME 'pwdGraceAuthNLimit'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
-
-#5.2.9 pwdLockout
-#
-# This attribute indicates, when its value is "TRUE", that the password
-# may not be used to authenticate after a specified number of
-# consecutive failed bind attempts. The maximum number of consecutive
-# failed bind attempts is specified in pwdMaxFailure.
-#
-# If this attribute is not present, or if the value is "FALSE", the
-# password may be used to authenticate when the number of failed bind
-# attempts has been reached.
-
-attributetype ( 1.3.6.1.4.1.42.2.27.8.1.9
- NAME 'pwdLockout'
- EQUALITY booleanMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
- SINGLE-VALUE )
-
-#5.2.10 pwdLockoutDuration
-#
-# This attribute holds the number of seconds that the password cannot
-# be used to authenticate due to too many failed bind attempts. If
-# this attribute is not present, or if the value is 0 the password
-# cannot be used to authenticate until reset by a password
-# administrator.
-
-attributetype ( 1.3.6.1.4.1.42.2.27.8.1.10
- NAME 'pwdLockoutDuration'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
-
-#5.2.11 pwdMaxFailure
-#
-# This attribute specifies the number of consecutive failed bind
-# attempts after which the password may not be used to authenticate.
-# If this attribute is not present, or if the value is 0, this policy
-# is not checked, and the value of pwdLockout will be ignored.
-
-attributetype ( 1.3.6.1.4.1.42.2.27.8.1.11
- NAME 'pwdMaxFailure'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
-
-#5.2.12 pwdFailureCountInterval
-#
-# This attribute holds the number of seconds after which the password
-# failures are purged from the failure counter, even though no
-# successful authentication occurred.
-#
-# If this attribute is not present, or if its value is 0, the failure
-# counter is only reset by a successful authentication.
-
-attributetype ( 1.3.6.1.4.1.42.2.27.8.1.12
- NAME 'pwdFailureCountInterval'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
-
-#5.2.13 pwdMustChange
-#
-# This attribute specifies with a value of "TRUE" that users must
-# change their passwords when they first bind to the directory after a
-# password is set or reset by a password administrator. If this
-# attribute is not present, or if the value is "FALSE", users are not
-# required to change their password upon binding after the password
-# administrator sets or resets the password. This attribute is not set
-# due to any actions specified by this document, it is typically set by
-# a password administrator after resetting a user's password.
-
-attributetype ( 1.3.6.1.4.1.42.2.27.8.1.13
- NAME 'pwdMustChange'
- EQUALITY booleanMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
- SINGLE-VALUE )
-
-#5.2.14 pwdAllowUserChange
-#
-# This attribute indicates whether users can change their own
-# passwords, although the change operation is still subject to access
-# control. If this attribute is not present, a value of "TRUE" is
-# assumed. This attribute is intended to be used in the absense of an
-# access control mechanism.
-
-attributetype ( 1.3.6.1.4.1.42.2.27.8.1.14
- NAME 'pwdAllowUserChange'
- EQUALITY booleanMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
- SINGLE-VALUE )
-
-#5.2.15 pwdSafeModify
-#
-# This attribute specifies whether or not the existing password must be
-# sent along with the new password when being changed. If this
-# attribute is not present, a "FALSE" value is assumed.
-
-attributetype ( 1.3.6.1.4.1.42.2.27.8.1.15
- NAME 'pwdSafeModify'
- EQUALITY booleanMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
- SINGLE-VALUE )
-
-# HP extensions
-#
-# pwdCheckModule
-#
-# This attribute names a user-defined loadable module that provides
-# a check_password() function. If pwdCheckQuality is set to '1' or '2'
-# this function will be called after all of the internal password
-# quality checks have been passed. The function has this prototype:
-#
-# int check_password( char *password, char **errormessage, void *arg )
-#
-# The function should return LDAP_SUCCESS for a valid password.
-
-attributetype ( 1.3.6.1.4.1.4754.1.99.1
- NAME 'pwdCheckModule'
- EQUALITY caseExactIA5Match
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
- DESC 'Loadable module that instantiates "check_password() function'
- SINGLE-VALUE )
-
-objectclass ( 1.3.6.1.4.1.4754.2.99.1
- NAME 'pwdPolicyChecker'
- SUP top
- AUXILIARY
- MAY ( pwdCheckModule ) )
-
-#5.1 The pwdPolicy Object Class
-#
-# This object class contains the attributes defining a password policy
-# in effect for a set of users. Section 10 describes the
-# administration of this object, and the relationship between it and
-# particular objects.
-#
-objectclass ( 1.3.6.1.4.1.42.2.27.8.2.1
- NAME 'pwdPolicy'
- SUP top
- AUXILIARY
- MUST ( pwdAttribute )
- MAY ( pwdMinAge $ pwdMaxAge $ pwdInHistory $ pwdCheckQuality $
- pwdMinLength $ pwdExpireWarning $ pwdGraceAuthNLimit $ pwdLockout
- $ pwdLockoutDuration $ pwdMaxFailure $ pwdFailureCountInterval $
- pwdMustChange $ pwdAllowUserChange $ pwdSafeModify ) )
-
-#5.3 Attribute Types for Password Policy State Information
-#
-# Password policy state information must be maintained for each user.
-# The information is located in each user entry as a set of operational
-# attributes. These operational attributes are: pwdChangedTime,
-# pwdAccountLockedTime, pwdFailureTime, pwdHistory, pwdGraceUseTime,
-# pwdReset, pwdPolicySubEntry.
-#
-#5.3.1 Password Policy State Attribute Option
-#
-# Since the password policy could apply to several attributes used to
-# store passwords, each of the above operational attributes must have
-# an option to specify which pwdAttribute it applies to. The password
-# policy option is defined as the following:
-#
-# pwd-<passwordAttribute>
-#
-# where passwordAttribute a string following the OID syntax
-# (1.3.6.1.4.1.1466.115.121.1.38). The attribute type descriptor
-# (short name) MUST be used.
-#
-# For example, if the pwdPolicy object has for pwdAttribute
-# "userPassword" then the pwdChangedTime operational attribute, in a
-# user entry, will be:
-#
-# pwdChangedTime;pwd-userPassword: 20000103121520Z
-#
-# This attribute option follows sub-typing semantics. If a client
-# requests a password policy state attribute to be returned in a search
-# operation, and does not specify an option, all subtypes of that
-# policy state attribute are returned.
-#
-#5.3.2 pwdChangedTime
-#
-# This attribute specifies the last time the entry's password was
-# changed. This is used by the password expiration policy. If this
-# attribute does not exist, the password will never expire.
-#
-# ( 1.3.6.1.4.1.42.2.27.8.1.16
-# NAME 'pwdChangedTime'
-# DESC 'The time the password was last changed'
-# EQUALITY generalizedTimeMatch
-# ORDERING generalizedTimeOrderingMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
-# SINGLE-VALUE
-# USAGE directoryOperation )
-#
-#5.3.3 pwdAccountLockedTime
-#
-# This attribute holds the time that the user's account was locked. A
-# locked account means that the password may no longer be used to
-# authenticate. A 000001010000Z value means that the account has been
-# locked permanently, and that only a password administrator can unlock
-# the account.
-#
-# ( 1.3.6.1.4.1.42.2.27.8.1.17
-# NAME 'pwdAccountLockedTime'
-# DESC 'The time an user account was locked'
-# EQUALITY generalizedTimeMatch
-# ORDERING generalizedTimeOrderingMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
-# SINGLE-VALUE
-# USAGE directoryOperation )
-#
-#5.3.4 pwdFailureTime
-#
-# This attribute holds the timestamps of the consecutive authentication
-# failures.
-#
-# ( 1.3.6.1.4.1.42.2.27.8.1.19
-# NAME 'pwdFailureTime'
-# DESC 'The timestamps of the last consecutive authentication
-# failures'
-# EQUALITY generalizedTimeMatch
-# ORDERING generalizedTimeOrderingMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
-# USAGE directoryOperation )
-#
-#5.3.5 pwdHistory
-#
-# This attribute holds a history of previously used passwords. Values
-# of this attribute are transmitted in string format as given by the
-# following ABNF:
-#
-# pwdHistory = time "#" syntaxOID "#" length "#" data
-#
-# time = <generalizedTimeString as specified in 6.14
-# of [RFC2252]>
-#
-# syntaxOID = numericoid ; the string representation of the
-# ; dotted-decimal OID that defines the
-# ; syntax used to store the password.
-# ; numericoid is described in 4.1
-# ; of [RFC2252].
-#
-# length = numericstring ; the number of octets in data.
-# ; numericstring is described in 4.1
-# ; of [RFC2252].
-#
-# data = <octets representing the password in the format
-# specified by syntaxOID>.
-#
-# This format allows the server to store, and transmit a history of
-# passwords that have been used. In order for equality matching to
-# function properly, the time field needs to adhere to a consistent
-# format. For this purpose, the time field MUST be in GMT format.
-#
-# ( 1.3.6.1.4.1.42.2.27.8.1.20
-# NAME 'pwdHistory'
-# DESC 'The history of user s passwords'
-# EQUALITY octetStringMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-# USAGE directoryOperation )
-#
-#5.3.6 pwdGraceUseTime
-#
-# This attribute holds the timestamps of grace authentications after a
-# password has expired.
-#
-# ( 1.3.6.1.4.1.42.2.27.8.1.21
-# NAME 'pwdGraceUseTime'
-# DESC 'The timestamps of the grace authentication after the
-# password has expired'
-# EQUALITY generalizedTimeMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
-#
-#5.3.7 pwdReset
-#
-# This attribute holds a flag to indicate (when TRUE) that the password
-# has been updated by the password administrator and must be changed by
-# the user on first authentication.
-#
-# ( 1.3.6.1.4.1.42.2.27.8.1.22
-# NAME 'pwdReset'
-# DESC 'The indication that the password has been reset'
-# EQUALITY booleanMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-# SINGLE-VALUE
-# USAGE directoryOperation )
-#
-#5.3.8 pwdPolicySubentry
-#
-# This attribute points to the pwdPolicy subentry in effect for this
-# object.
-#
-# ( 1.3.6.1.4.1.42.2.27.8.1.23
-# NAME 'pwdPolicySubentry'
-# DESC 'The pwdPolicy subentry in effect for this object'
-# EQUALITY distinguishedNameMatch
-# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-# SINGLE-VALUE
-# USAGE directoryOperation )
-#
-#
-#Disclaimer of Validity
-#
-# This document and the information contained herein are provided on an
-# "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
-# OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
-# ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
-# INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
-# INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
-# WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
-#
-#
-#Copyright Statement
-#
-# Copyright (C) The Internet Society (2004). This document is subject
-# to the rights, licenses and restrictions contained in BCP 78, and
-# except as set forth therein, the authors retain all their rights.
-
---
-$OpenLDAP: pkg/ldap/servers/slapd/schema/README,v 1.29.2.6 2011/01/04 23:50:51 kurt Exp $
+$OpenLDAP$
# collective.schema -- Collective attribute schema
-# $OpenLDAP: pkg/ldap/servers/slapd/schema/collective.schema,v 1.12.2.6 2011/01/04 23:50:51 kurt Exp $
+# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2011 The OpenLDAP Foundation.
# corba.schema -- Corba Object Schema
# depends upon core.schema
-# $OpenLDAP: pkg/ldap/servers/slapd/schema/corba.schema,v 1.7.2.6 2011/01/04 23:50:51 kurt Exp $
-# $OpenLDAP: pkg/ldap/servers/slapd/schema/corba.schema,v 1.7.2.6 2011/01/04 23:50:51 kurt Exp $
+# $OpenLDAP$
+# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2011 The OpenLDAP Foundation.
# OpenLDAP Core schema
-# $OpenLDAP: pkg/ldap/servers/slapd/schema/core.ldif,v 1.2.2.8 2011/01/04 23:50:51 kurt Exp $
+# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2011 The OpenLDAP Foundation.
# OpenLDAP Core schema
-# $OpenLDAP: pkg/ldap/servers/slapd/schema/core.schema,v 1.88.2.9 2011/01/04 23:50:51 kurt Exp $
+# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2011 The OpenLDAP Foundation.
# RFC1274: Cosine and Internet X.500 schema
-# $OpenLDAP: pkg/ldap/servers/slapd/schema/cosine.ldif,v 1.1.2.6 2011/01/04 23:50:51 kurt Exp $
+# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2011 The OpenLDAP Foundation.
# RFC1274: Cosine and Internet X.500 schema
-# $OpenLDAP: pkg/ldap/servers/slapd/schema/cosine.schema,v 1.23.2.6 2011/01/04 23:50:51 kurt Exp $
+# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2011 The OpenLDAP Foundation.
-# $OpenLDAP: pkg/ldap/servers/slapd/schema/duaconf.schema,v 1.5.2.6 2011/01/04 23:50:51 kurt Exp $
+# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2011 The OpenLDAP Foundation.
# dyngroup.schema -- Dynamic Group schema
-# $OpenLDAP: pkg/ldap/servers/slapd/schema/dyngroup.ldif,v 1.1.2.3 2011/01/04 23:50:51 kurt Exp $
+# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2011 The OpenLDAP Foundation.
# dyngroup.schema -- Dynamic Group schema
-# $OpenLDAP: pkg/ldap/servers/slapd/schema/dyngroup.schema,v 1.6.2.7 2011/01/04 23:50:51 kurt Exp $
+# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2011 The OpenLDAP Foundation.
# InetOrgPerson (RFC2798)
-# $OpenLDAP: pkg/ldap/servers/slapd/schema/inetorgperson.ldif,v 1.1.2.6 2011/01/04 23:50:52 kurt Exp $
+# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2011 The OpenLDAP Foundation.
# inetorgperson.schema -- InetOrgPerson (RFC2798)
-# $OpenLDAP: pkg/ldap/servers/slapd/schema/inetorgperson.schema,v 1.18.2.6 2011/01/04 23:50:52 kurt Exp $
+# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2011 The OpenLDAP Foundation.
# java.schema -- Java Object Schema
-# $OpenLDAP: pkg/ldap/servers/slapd/schema/java.schema,v 1.7.2.6 2011/01/04 23:50:52 kurt Exp $
+# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2011 The OpenLDAP Foundation.
# misc.schema -- assorted schema definitions
-# $OpenLDAP: pkg/ldap/servers/slapd/schema/misc.schema,v 1.30.2.6 2011/01/04 23:50:52 kurt Exp $
+# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2011 The OpenLDAP Foundation.
# NIS (RFC2307)
-# $OpenLDAP: pkg/ldap/servers/slapd/schema/nis.ldif,v 1.1.2.6 2011/01/04 23:50:52 kurt Exp $
+# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2011 The OpenLDAP Foundation.
-# $OpenLDAP: pkg/ldap/servers/slapd/schema/nis.schema,v 1.15.2.6 2011/01/04 23:50:52 kurt Exp $
+# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2011 The OpenLDAP Foundation.
-# $OpenLDAP: pkg/ldap/servers/slapd/schema/openldap.ldif,v 1.2.2.7 2011/01/04 23:50:52 kurt Exp $
+# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2011 The OpenLDAP Foundation.
-# $OpenLDAP: pkg/ldap/servers/slapd/schema/openldap.schema,v 1.24.2.7 2011/01/04 23:50:52 kurt Exp $
+# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2011 The OpenLDAP Foundation.
# OpenLDAP X.509 PMI schema
-# $OpenLDAP: pkg/ldap/servers/slapd/schema/pmi.schema,v 1.1.2.4 2011/01/04 23:50:52 kurt Exp $
+# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2011 The OpenLDAP Foundation.
-# $OpenLDAP: pkg/ldap/servers/slapd/schema/ppolicy.schema,v 1.7.2.6 2011/01/04 23:50:52 kurt Exp $
+# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 2004-2011 The OpenLDAP Foundation.
net-analyzer/wireshark adns gcrypt geoip profile smi
# ODBC-Header not found ...
-net-dns/bind dlz geoip gssapi -odbc pkcs11 sdb-ldap urandom
+#net-dns/bind dlz geoip gssapi -odbc pkcs11 sdb-ldap urandom
+net-dns/bind dlz geoip gssapi -odbc -pkcs11 -sdb-ldap urandom
net-dns/bind-tools gssapi pkcs11 urandom
net-dns/libidn -java
projects / config / uhu1 / etc.git / commitdiff