From: frank Date: Wed, 29 Feb 2012 13:22:47 +0000 (+0100) Subject: saving uncommitted changes in /etc prior to emerge run X-Git-Url: https://git.uhu-banane.net/?a=commitdiff_plain;h=78ec28c6c1659130888a0629542bf30fb9693af9;p=config%2Fbruni%2Fetc.git saving uncommitted changes in /etc prior to emerge run --- diff --git a/._cfg0000_mke2fs.conf b/._cfg0000_mke2fs.conf deleted file mode 100644 index 0871f777..00000000 --- a/._cfg0000_mke2fs.conf +++ /dev/null @@ -1,53 +0,0 @@ -[defaults] - base_features = sparse_super,filetype,resize_inode,dir_index,ext_attr - default_mntopts = acl,user_xattr - enable_periodic_fsck = 0 - blocksize = 4096 - inode_size = 256 - inode_ratio = 16384 - -[fs_types] - ext3 = { - features = has_journal - } - ext4 = { - features = has_journal,extent,huge_file,flex_bg,uninit_bg,dir_nlink,extra_isize - auto_64-bit_support = 1 - inode_size = 256 - } - ext4dev = { - features = has_journal,extent,huge_file,flex_bg,uninit_bg,dir_nlink,extra_isize - inode_size = 256 - options = test_fs=1 - } - small = { - blocksize = 1024 - inode_size = 128 - inode_ratio = 4096 - } - floppy = { - blocksize = 1024 - inode_size = 128 - inode_ratio = 8192 - } - big = { - inode_ratio = 32768 - } - huge = { - inode_ratio = 65536 - } - news = { - inode_ratio = 4096 - } - largefile = { - inode_ratio = 1048576 - blocksize = -1 - } - largefile4 = { - inode_ratio = 4194304 - blocksize = -1 - } - hurd = { - blocksize = 4096 - inode_size = 128 - } diff --git a/conf.d/._cfg0000_slapd b/conf.d/._cfg0000_slapd deleted file mode 100644 index ef19899a..00000000 --- a/conf.d/._cfg0000_slapd +++ /dev/null @@ -1,26 +0,0 @@ -# conf.d file for openldap -# -# To enable both the standard unciphered server and the ssl encrypted -# one uncomment this line or set any other server starting options -# you may desire. - -# If you have multiple slapd instances per #376699, this will provide a default config -INSTANCE="openldap${SVCNAME#slapd}" - -# If you use the classical configuration file: -OPTS_CONF="-f /etc/${INSTANCE}/slapd.conf" -# Uncomment this instead to use the new slapd.d configuration directory for openldap 2.3 -#OPTS_CONF="-F /etc/${INSTANCE}/slapd.d" -# (the OPTS_CONF variable is also passed to slaptest during startup) - -OPTS="${OPTS_CONF} -h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'" -# Optional connectionless LDAP: -#OPTS="${OPTS_CONF} -h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock cldap://'" - -# If you change the above listen statement to bind on a specific IP for -# listening, you should ensure that interface is up here (change eth0 as -# needed). -#rc_need="net.eth0" - -# Specify the kerberos keytab file -#KRB5_KTNAME=/etc/openldap/krb5-ldap.keytab diff --git a/conf.d/slapd b/conf.d/slapd index 2240ad3f..ef19899a 100644 --- a/conf.d/slapd +++ b/conf.d/slapd @@ -3,7 +3,24 @@ # To enable both the standard unciphered server and the ssl encrypted # one uncomment this line or set any other server starting options # you may desire. -# -# OPTS="-h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'" -# Uncomment the below to use the new slapd configuration for openldap 2.3 -#OPTS="-F /etc/openldap/slapd.d -h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'" + +# If you have multiple slapd instances per #376699, this will provide a default config +INSTANCE="openldap${SVCNAME#slapd}" + +# If you use the classical configuration file: +OPTS_CONF="-f /etc/${INSTANCE}/slapd.conf" +# Uncomment this instead to use the new slapd.d configuration directory for openldap 2.3 +#OPTS_CONF="-F /etc/${INSTANCE}/slapd.d" +# (the OPTS_CONF variable is also passed to slaptest during startup) + +OPTS="${OPTS_CONF} -h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'" +# Optional connectionless LDAP: +#OPTS="${OPTS_CONF} -h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock cldap://'" + +# If you change the above listen statement to bind on a specific IP for +# listening, you should ensure that interface is up here (change eth0 as +# needed). +#rc_need="net.eth0" + +# Specify the kerberos keytab file +#KRB5_KTNAME=/etc/openldap/krb5-ldap.keytab diff --git a/config-archive/etc/conf.d/slapd b/config-archive/etc/conf.d/slapd new file mode 100644 index 00000000..2240ad3f --- /dev/null +++ b/config-archive/etc/conf.d/slapd @@ -0,0 +1,9 @@ +# conf.d file for openldap +# +# To enable both the standard unciphered server and the ssl encrypted +# one uncomment this line or set any other server starting options +# you may desire. +# +# OPTS="-h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'" +# Uncomment the below to use the new slapd configuration for openldap 2.3 +#OPTS="-F /etc/openldap/slapd.d -h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'" diff --git a/config-archive/etc/conf.d/slapd.dist b/config-archive/etc/conf.d/slapd.dist new file mode 100644 index 00000000..ef19899a --- /dev/null +++ b/config-archive/etc/conf.d/slapd.dist @@ -0,0 +1,26 @@ +# conf.d file for openldap +# +# To enable both the standard unciphered server and the ssl encrypted +# one uncomment this line or set any other server starting options +# you may desire. + +# If you have multiple slapd instances per #376699, this will provide a default config +INSTANCE="openldap${SVCNAME#slapd}" + +# If you use the classical configuration file: +OPTS_CONF="-f /etc/${INSTANCE}/slapd.conf" +# Uncomment this instead to use the new slapd.d configuration directory for openldap 2.3 +#OPTS_CONF="-F /etc/${INSTANCE}/slapd.d" +# (the OPTS_CONF variable is also passed to slaptest during startup) + +OPTS="${OPTS_CONF} -h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'" +# Optional connectionless LDAP: +#OPTS="${OPTS_CONF} -h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock cldap://'" + +# If you change the above listen statement to bind on a specific IP for +# listening, you should ensure that interface is up here (change eth0 as +# needed). +#rc_need="net.eth0" + +# Specify the kerberos keytab file +#KRB5_KTNAME=/etc/openldap/krb5-ldap.keytab diff --git a/config-archive/etc/init.d/slapd b/config-archive/etc/init.d/slapd new file mode 100755 index 00000000..a4329446 --- /dev/null +++ b/config-archive/etc/init.d/slapd @@ -0,0 +1,22 @@ +#!/sbin/runscript +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/files/slapd-initd2,v 1.1 2010/04/11 15:14:48 jokey Exp $ + +depend() { + need net + before dbus hald avahi-daemon + provide ldap +} + +start() { + ebegin "Starting ldap-server" + eval start-stop-daemon --start --pidfile /var/run/openldap/slapd.pid --exec /usr/lib64/openldap/slapd -- -u ldap -g ldap "${OPTS}" + eend $? +} + +stop() { + ebegin "Stopping ldap-server" + start-stop-daemon --stop --signal 2 --quiet --pidfile /var/run/openldap/slapd.pid + eend $? +} diff --git a/config-archive/etc/init.d/slapd.dist b/config-archive/etc/init.d/slapd.dist new file mode 100755 index 00000000..005a3c10 --- /dev/null +++ b/config-archive/etc/init.d/slapd.dist @@ -0,0 +1,35 @@ +#!/sbin/runscript +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/files/slapd-initd-2.4.28-r1,v 1.2 2012/02/12 21:35:04 robbat2 Exp $ + +extra_commands="checkconfig" + +[ -z "$INSTANCE" ] && INSTANCE="openldap${SVCNAME#slapd}" + +depend() { + need net + before dbus hald avahi-daemon + provide ldap +} + +start() { + if ! checkconfig -Q ; then + eerror "There is a problem with your slapd.conf!" + return 1 + fi + ebegin "Starting ldap-server" + [ -n "$KRB5_KTNAME" ] && export KRB5_KTNAME + eval start-stop-daemon --start --pidfile /var/run/openldap/${SVCNAME}.pid --exec /usr/lib64/openldap/slapd -- -u ldap -g ldap "${OPTS}" + eend $? +} + +stop() { + ebegin "Stopping ldap-server" + start-stop-daemon --stop --signal 2 --quiet --pidfile /var/run/openldap/${SVCNAME}.pid + eend $? +} + +checkconfig() { + /usr/sbin/slaptest -u "$@" ${OPTS_CONF} +} diff --git a/config-archive/etc/mke2fs.conf b/config-archive/etc/mke2fs.conf new file mode 100644 index 00000000..52fe58ed --- /dev/null +++ b/config-archive/etc/mke2fs.conf @@ -0,0 +1,44 @@ +[defaults] + base_features = sparse_super,filetype,resize_inode,dir_index,ext_attr + blocksize = 4096 + inode_size = 256 + inode_ratio = 16384 + +[fs_types] + ext3 = { + features = has_journal + } + ext4 = { + features = has_journal,extent,huge_file,flex_bg,uninit_bg,dir_nlink,extra_isize + inode_size = 256 + } + ext4dev = { + features = has_journal,extent,huge_file,flex_bg,uninit_bg,dir_nlink,extra_isize + inode_size = 256 + options = test_fs=1 + } + small = { + blocksize = 1024 + inode_size = 128 + inode_ratio = 4096 + } + floppy = { + blocksize = 1024 + inode_size = 128 + inode_ratio = 8192 + } + news = { + inode_ratio = 4096 + } + largefile = { + inode_ratio = 1048576 + blocksize = -1 + } + largefile4 = { + inode_ratio = 4194304 + blocksize = -1 + } + hurd = { + blocksize = 4096 + inode_size = 128 + } diff --git a/config-archive/etc/mke2fs.conf.dist b/config-archive/etc/mke2fs.conf.dist new file mode 100644 index 00000000..0871f777 --- /dev/null +++ b/config-archive/etc/mke2fs.conf.dist @@ -0,0 +1,53 @@ +[defaults] + base_features = sparse_super,filetype,resize_inode,dir_index,ext_attr + default_mntopts = acl,user_xattr + enable_periodic_fsck = 0 + blocksize = 4096 + inode_size = 256 + inode_ratio = 16384 + +[fs_types] + ext3 = { + features = has_journal + } + ext4 = { + features = has_journal,extent,huge_file,flex_bg,uninit_bg,dir_nlink,extra_isize + auto_64-bit_support = 1 + inode_size = 256 + } + ext4dev = { + features = has_journal,extent,huge_file,flex_bg,uninit_bg,dir_nlink,extra_isize + inode_size = 256 + options = test_fs=1 + } + small = { + blocksize = 1024 + inode_size = 128 + inode_ratio = 4096 + } + floppy = { + blocksize = 1024 + inode_size = 128 + inode_ratio = 8192 + } + big = { + inode_ratio = 32768 + } + huge = { + inode_ratio = 65536 + } + news = { + inode_ratio = 4096 + } + largefile = { + inode_ratio = 1048576 + blocksize = -1 + } + largefile4 = { + inode_ratio = 4194304 + blocksize = -1 + } + hurd = { + blocksize = 4096 + inode_size = 128 + } diff --git a/config-archive/etc/openldap/DB_CONFIG.example b/config-archive/etc/openldap/DB_CONFIG.example new file mode 100644 index 00000000..e7cf5baf --- /dev/null +++ b/config-archive/etc/openldap/DB_CONFIG.example @@ -0,0 +1,28 @@ +# $OpenLDAP: pkg/ldap/servers/slapd/DB_CONFIG,v 1.3.2.4 2007/12/18 11:53:27 ghenry Exp $ +# Example DB_CONFIG file for use with slapd(8) BDB/HDB databases. +# +# See the Oracle Berkeley DB documentation +# +# for detail description of DB_CONFIG syntax and semantics. +# +# Hints can also be found in the OpenLDAP Software FAQ +# +# in particular: +# + +# Note: most DB_CONFIG settings will take effect only upon rebuilding +# the DB environment. + +# one 0.25 GB cache +set_cachesize 0 268435456 1 + +# Data Directory +#set_data_dir db + +# Transaction Log settings +set_lg_regionmax 262144 +set_lg_bsize 2097152 +#set_lg_dir logs + +# Note: special DB_CONFIG flags are no longer needed for "quick" +# slapadd(8) or slapindex(8) access (see their -q option). diff --git a/config-archive/etc/openldap/DB_CONFIG.example.dist b/config-archive/etc/openldap/DB_CONFIG.example.dist new file mode 100644 index 00000000..d0f2c682 --- /dev/null +++ b/config-archive/etc/openldap/DB_CONFIG.example.dist @@ -0,0 +1,28 @@ +# $OpenLDAP$ +# Example DB_CONFIG file for use with slapd(8) BDB/HDB databases. +# +# See the Oracle Berkeley DB documentation +# +# for detail description of DB_CONFIG syntax and semantics. +# +# Hints can also be found in the OpenLDAP Software FAQ +# +# in particular: +# + +# Note: most DB_CONFIG settings will take effect only upon rebuilding +# the DB environment. + +# one 0.25 GB cache +set_cachesize 0 268435456 1 + +# Data Directory +#set_data_dir db + +# Transaction Log settings +set_lg_regionmax 262144 +set_lg_bsize 2097152 +#set_lg_dir logs + +# Note: special DB_CONFIG flags are no longer needed for "quick" +# slapadd(8) or slapindex(8) access (see their -q option). diff --git a/config-archive/etc/openldap/schema/README b/config-archive/etc/openldap/schema/README new file mode 100644 index 00000000..e4a20126 --- /dev/null +++ b/config-archive/etc/openldap/schema/README @@ -0,0 +1,80 @@ +This directory contains user application schema definitions for use +with slapd(8). + +File Description +---- ----------- +collective.schema Collective attributes (experimental) +corba.schema Corba Object +core.schema OpenLDAP "core" +cosine.schema COSINE Pilot +duaconf.schema Client Configuration (work in progress) +dyngroup.schema Dynamic Group (experimental) +inetorgperson.schema InetOrgPerson +java.schema Java Object +misc.schema Miscellaneous Schema (experimental) +nadf.schema North American Directory Forum (obsolete) +nis.schema Network Information Service (experimental) +openldap.schema OpenLDAP Project (FYI) +ppolicy.schema Password Policy Schema (work in progress) + +Additional "generally useful" schema definitions can be submitted +using the OpenLDAP Issue Tracking System . +Submissions should include a stable reference to a mature, open +technical specification (e.g., an RFC) for the schema. + +The core.ldif and openldap.ldif files are equivalent to their +corresponding .schema files. They have been provided as examples +for use with the dynamic configuration backend. These example files +are not actually necessary since slapd will automatically convert any +included *.schema files into LDIF when converting a slapd.conf file +to a configuration database, but they serve as a model of how to +convert schema files in general. + +--- + +This notice applies to all files in this directory. + +Copyright 1998-2011 The OpenLDAP Foundation, Redwood City, California, USA +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted only as authorized by the OpenLDAP +Public License. A copy of this license is available at +http://www.OpenLDAP.org/license.html or in file LICENSE in the +top-level directory of the distribution. + +--- + +This notice applies to all schema in this directory which are derived +from RFCs and other IETF documents. + +Portions Copyright 1991-2004, The Internet Society. All Rights Reserved. + +This document and translations of it may be copied and furnished +to others, and derivative works that comment on or otherwise explain +it or assist in its implementation may be prepared, copied, published +and distributed, in whole or in part, without restriction of any +kind, provided that the above copyright notice and this paragraph +are included on all such copies and derivative works. However, +this document itself may not be modified in any way, such as by +removing the copyright notice or references to the Internet Society +or other Internet organizations, except as needed for the purpose +of developing Internet standards in which case the procedures for +copyrights defined in the Internet Standards process must be +followed, or as required to translate it into languages other than +English. + +The limited permissions granted above are perpetual and will not +be revoked by the Internet Society or its successors or assigns. + +This document and the information contained herein is provided on +an "AS IS" basis and THE AUTHORS, THE INTERNET SOCIETY, AND THE +INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS +OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE +OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY +IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR +PURPOSE. + + +--- +$OpenLDAP: pkg/ldap/servers/slapd/schema/README,v 1.29.2.6 2011/01/04 23:50:51 kurt Exp $ diff --git a/config-archive/etc/openldap/schema/README.dist b/config-archive/etc/openldap/schema/README.dist new file mode 100644 index 00000000..a2f61a12 --- /dev/null +++ b/config-archive/etc/openldap/schema/README.dist @@ -0,0 +1,80 @@ +This directory contains user application schema definitions for use +with slapd(8). + +File Description +---- ----------- +collective.schema Collective attributes (experimental) +corba.schema Corba Object +core.schema OpenLDAP "core" +cosine.schema COSINE Pilot +duaconf.schema Client Configuration (work in progress) +dyngroup.schema Dynamic Group (experimental) +inetorgperson.schema InetOrgPerson +java.schema Java Object +misc.schema Miscellaneous Schema (experimental) +nadf.schema North American Directory Forum (obsolete) +nis.schema Network Information Service (experimental) +openldap.schema OpenLDAP Project (FYI) +ppolicy.schema Password Policy Schema (work in progress) + +Additional "generally useful" schema definitions can be submitted +using the OpenLDAP Issue Tracking System . +Submissions should include a stable reference to a mature, open +technical specification (e.g., an RFC) for the schema. + +The core.ldif and openldap.ldif files are equivalent to their +corresponding .schema files. They have been provided as examples +for use with the dynamic configuration backend. These example files +are not actually necessary since slapd will automatically convert any +included *.schema files into LDIF when converting a slapd.conf file +to a configuration database, but they serve as a model of how to +convert schema files in general. + +--- + +This notice applies to all files in this directory. + +Copyright 1998-2011 The OpenLDAP Foundation, Redwood City, California, USA +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted only as authorized by the OpenLDAP +Public License. A copy of this license is available at +http://www.OpenLDAP.org/license.html or in file LICENSE in the +top-level directory of the distribution. + +--- + +This notice applies to all schema in this directory which are derived +from RFCs and other IETF documents. + +Portions Copyright 1991-2004, The Internet Society. All Rights Reserved. + +This document and translations of it may be copied and furnished +to others, and derivative works that comment on or otherwise explain +it or assist in its implementation may be prepared, copied, published +and distributed, in whole or in part, without restriction of any +kind, provided that the above copyright notice and this paragraph +are included on all such copies and derivative works. However, +this document itself may not be modified in any way, such as by +removing the copyright notice or references to the Internet Society +or other Internet organizations, except as needed for the purpose +of developing Internet standards in which case the procedures for +copyrights defined in the Internet Standards process must be +followed, or as required to translate it into languages other than +English. + +The limited permissions granted above are perpetual and will not +be revoked by the Internet Society or its successors or assigns. + +This document and the information contained herein is provided on +an "AS IS" basis and THE AUTHORS, THE INTERNET SOCIETY, AND THE +INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS +OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE +OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY +IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR +PURPOSE. + + +--- +$OpenLDAP$ diff --git a/config-archive/etc/openldap/schema/collective.schema b/config-archive/etc/openldap/schema/collective.schema new file mode 100644 index 00000000..15c8194c --- /dev/null +++ b/config-archive/etc/openldap/schema/collective.schema @@ -0,0 +1,190 @@ +# collective.schema -- Collective attribute schema +# $OpenLDAP: pkg/ldap/servers/slapd/schema/collective.schema,v 1.12.2.6 2011/01/04 23:50:51 kurt Exp $ +## This work is part of OpenLDAP Software . +## +## Copyright 1998-2011 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## . +# +## Portions Copyright (C) The Internet Society (2003). +## Please see full copyright statement below. + +# From RFC 3671 [portions trimmed]: +# Collective Attributes in LDAP + +#Abstract +# +# X.500 collective attributes allow common characteristics to be shared +# between collections of entries. This document summarizes the X.500 +# information model for collective attributes and describes use of +# collective attributes in LDAP (Lightweight Directory Access Protocol). +# This document provides schema definitions for collective attributes +# for use in LDAP. + +#3. Collective Attribute Types +# +# A userApplications attribute type can be defined to be COLLECTIVE +# [RFC2252]. This indicates that the same attribute values will appear +# in the entries of an entry collection subject to the use of the +# collectiveExclusions attribute and other administrative controls. +# +# Collective attribute types are commonly defined as subtypes of non- +# collective attribute types. By convention, collective attributes are +# named by prefixing the name of their non-collective supertype with +# "c-". For example, the collective telephone attribute is named +# c-TelephoneNumber after its non-collective supertype telephoneNumber. +# +# Non-collective attributes types SHALL NOT subtype collective +# attributes. +# +# Collective attributes SHALL NOT be SINGLE-VALUED. Collective +# attribute types SHALL NOT appear in the attribute types of an object +# class definition. +# +# Operational attributes SHALL NOT be defined to be collective. +# +# The remainder of section provides a summary of collective attributes +# derived from those defined in [X.520]. Implementations of this +# specification SHOULD support the following collective attributes and +# MAY support additional collective attributes. +# +# +#3.1. Collective Locality Name +# +# The c-l attribute type specifies a locality name for a collection of +# entries. +# +attributeType ( 2.5.4.7.1 NAME 'c-l' + SUP l COLLECTIVE ) +# +# +#3.2. Collective State or Province Name +# +# The c-st attribute type specifies a state or province name for a +# collection of entries. +# +attributeType ( 2.5.4.8.1 NAME 'c-st' + SUP st COLLECTIVE ) +# +# +#3.3. Collective Street Address +# +# The c-street attribute type specifies a street address for a +# collection of entries. +# +attributeType ( 2.5.4.9.1 NAME 'c-street' + SUP street COLLECTIVE ) +# +# +#3.4. Collective Organization Name +# +# The c-o attribute type specifies an organization name for a collection +# of entries. +# +attributeType ( 2.5.4.10.1 NAME 'c-o' + SUP o COLLECTIVE ) +# +# +#3.5. Collective Organizational Unit Name +# +# The c-ou attribute type specifies an organizational unit name for a +# collection of entries. +# +attributeType ( 2.5.4.11.1 NAME 'c-ou' + SUP ou COLLECTIVE ) +# +# +#3.6. Collective Postal Address +# +# The c-PostalAddress attribute type specifies a postal address for a +# collection of entries. +# +attributeType ( 2.5.4.16.1 NAME 'c-PostalAddress' + SUP postalAddress COLLECTIVE ) +# +# +#3.7. Collective Postal Code +# +# The c-PostalCode attribute type specifies a postal code for a +# collection of entries. +# +attributeType ( 2.5.4.17.1 NAME 'c-PostalCode' + SUP postalCode COLLECTIVE ) +# +# +#3.8. Collective Post Office Box +# +# The c-PostOfficeBox attribute type specifies a post office box for a +# collection of entries. +# +attributeType ( 2.5.4.18.1 NAME 'c-PostOfficeBox' + SUP postOfficeBox COLLECTIVE ) +# +# +#3.9. Collective Physical Delivery Office Name +# +# The c-PhysicalDeliveryOfficeName attribute type specifies a physical +# delivery office name for a collection of entries. +# +attributeType ( 2.5.4.19.1 NAME 'c-PhysicalDeliveryOfficeName' + SUP physicalDeliveryOfficeName COLLECTIVE ) +# +# +#3.10. Collective Telephone Number +# +# The c-TelephoneNumber attribute type specifies a telephone number for +# a collection of entries. +# +attributeType ( 2.5.4.20.1 NAME 'c-TelephoneNumber' + SUP telephoneNumber COLLECTIVE ) +# +# +#3.11. Collective Telex Number +# +# The c-TelexNumber attribute type specifies a telex number for a +# collection of entries. +# +attributeType ( 2.5.4.21.1 NAME 'c-TelexNumber' + SUP telexNumber COLLECTIVE ) +# +# +#3.13. Collective Facsimile Telephone Number +# +# The c-FacsimileTelephoneNumber attribute type specifies a facsimile +# telephone number for a collection of entries. +# +attributeType ( 2.5.4.23.1 NAME 'c-FacsimileTelephoneNumber' + SUP facsimileTelephoneNumber COLLECTIVE ) +# +# +#3.14. Collective International ISDN Number +# +# The c-InternationalISDNNumber attribute type specifies an +# international ISDN number for a collection of entries. +# +attributeType ( 2.5.4.25.1 NAME 'c-InternationalISDNNumber' + SUP internationalISDNNumber COLLECTIVE ) + +# Full Copyright +# +# Copyright (C) The Internet Society (2003). All Rights Reserved. +# +# This document and translations of it may be copied and furnished +# to others, and derivative works that comment on or otherwise explain +# it or assist in its implmentation may be prepared, copied, published +# and distributed, in whole or in part, without restriction of any +# kind, provided that the above copyright notice and this paragraph +# are included on all such copies and derivative works. However, +# this document itself may not be modified in any way, such as by +# removing the copyright notice or references to the Internet Society +# or other Internet organizations, except as needed for the purpose +# of developing Internet standards in which case the procedures for +# copyrights defined in the Internet Standards process must be followed, +# or as required to translate it into languages other than English. diff --git a/config-archive/etc/openldap/schema/collective.schema.dist b/config-archive/etc/openldap/schema/collective.schema.dist new file mode 100644 index 00000000..63cad87b --- /dev/null +++ b/config-archive/etc/openldap/schema/collective.schema.dist @@ -0,0 +1,190 @@ +# collective.schema -- Collective attribute schema +# $OpenLDAP$ +## This work is part of OpenLDAP Software . +## +## Copyright 1998-2011 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## . +# +## Portions Copyright (C) The Internet Society (2003). +## Please see full copyright statement below. + +# From RFC 3671 [portions trimmed]: +# Collective Attributes in LDAP + +#Abstract +# +# X.500 collective attributes allow common characteristics to be shared +# between collections of entries. This document summarizes the X.500 +# information model for collective attributes and describes use of +# collective attributes in LDAP (Lightweight Directory Access Protocol). +# This document provides schema definitions for collective attributes +# for use in LDAP. + +#3. Collective Attribute Types +# +# A userApplications attribute type can be defined to be COLLECTIVE +# [RFC2252]. This indicates that the same attribute values will appear +# in the entries of an entry collection subject to the use of the +# collectiveExclusions attribute and other administrative controls. +# +# Collective attribute types are commonly defined as subtypes of non- +# collective attribute types. By convention, collective attributes are +# named by prefixing the name of their non-collective supertype with +# "c-". For example, the collective telephone attribute is named +# c-TelephoneNumber after its non-collective supertype telephoneNumber. +# +# Non-collective attributes types SHALL NOT subtype collective +# attributes. +# +# Collective attributes SHALL NOT be SINGLE-VALUED. Collective +# attribute types SHALL NOT appear in the attribute types of an object +# class definition. +# +# Operational attributes SHALL NOT be defined to be collective. +# +# The remainder of section provides a summary of collective attributes +# derived from those defined in [X.520]. Implementations of this +# specification SHOULD support the following collective attributes and +# MAY support additional collective attributes. +# +# +#3.1. Collective Locality Name +# +# The c-l attribute type specifies a locality name for a collection of +# entries. +# +attributeType ( 2.5.4.7.1 NAME 'c-l' + SUP l COLLECTIVE ) +# +# +#3.2. Collective State or Province Name +# +# The c-st attribute type specifies a state or province name for a +# collection of entries. +# +attributeType ( 2.5.4.8.1 NAME 'c-st' + SUP st COLLECTIVE ) +# +# +#3.3. Collective Street Address +# +# The c-street attribute type specifies a street address for a +# collection of entries. +# +attributeType ( 2.5.4.9.1 NAME 'c-street' + SUP street COLLECTIVE ) +# +# +#3.4. Collective Organization Name +# +# The c-o attribute type specifies an organization name for a collection +# of entries. +# +attributeType ( 2.5.4.10.1 NAME 'c-o' + SUP o COLLECTIVE ) +# +# +#3.5. Collective Organizational Unit Name +# +# The c-ou attribute type specifies an organizational unit name for a +# collection of entries. +# +attributeType ( 2.5.4.11.1 NAME 'c-ou' + SUP ou COLLECTIVE ) +# +# +#3.6. Collective Postal Address +# +# The c-PostalAddress attribute type specifies a postal address for a +# collection of entries. +# +attributeType ( 2.5.4.16.1 NAME 'c-PostalAddress' + SUP postalAddress COLLECTIVE ) +# +# +#3.7. Collective Postal Code +# +# The c-PostalCode attribute type specifies a postal code for a +# collection of entries. +# +attributeType ( 2.5.4.17.1 NAME 'c-PostalCode' + SUP postalCode COLLECTIVE ) +# +# +#3.8. Collective Post Office Box +# +# The c-PostOfficeBox attribute type specifies a post office box for a +# collection of entries. +# +attributeType ( 2.5.4.18.1 NAME 'c-PostOfficeBox' + SUP postOfficeBox COLLECTIVE ) +# +# +#3.9. Collective Physical Delivery Office Name +# +# The c-PhysicalDeliveryOfficeName attribute type specifies a physical +# delivery office name for a collection of entries. +# +attributeType ( 2.5.4.19.1 NAME 'c-PhysicalDeliveryOfficeName' + SUP physicalDeliveryOfficeName COLLECTIVE ) +# +# +#3.10. Collective Telephone Number +# +# The c-TelephoneNumber attribute type specifies a telephone number for +# a collection of entries. +# +attributeType ( 2.5.4.20.1 NAME 'c-TelephoneNumber' + SUP telephoneNumber COLLECTIVE ) +# +# +#3.11. Collective Telex Number +# +# The c-TelexNumber attribute type specifies a telex number for a +# collection of entries. +# +attributeType ( 2.5.4.21.1 NAME 'c-TelexNumber' + SUP telexNumber COLLECTIVE ) +# +# +#3.13. Collective Facsimile Telephone Number +# +# The c-FacsimileTelephoneNumber attribute type specifies a facsimile +# telephone number for a collection of entries. +# +attributeType ( 2.5.4.23.1 NAME 'c-FacsimileTelephoneNumber' + SUP facsimileTelephoneNumber COLLECTIVE ) +# +# +#3.14. Collective International ISDN Number +# +# The c-InternationalISDNNumber attribute type specifies an +# international ISDN number for a collection of entries. +# +attributeType ( 2.5.4.25.1 NAME 'c-InternationalISDNNumber' + SUP internationalISDNNumber COLLECTIVE ) + +# Full Copyright +# +# Copyright (C) The Internet Society (2003). All Rights Reserved. +# +# This document and translations of it may be copied and furnished +# to others, and derivative works that comment on or otherwise explain +# it or assist in its implmentation may be prepared, copied, published +# and distributed, in whole or in part, without restriction of any +# kind, provided that the above copyright notice and this paragraph +# are included on all such copies and derivative works. However, +# this document itself may not be modified in any way, such as by +# removing the copyright notice or references to the Internet Society +# or other Internet organizations, except as needed for the purpose +# of developing Internet standards in which case the procedures for +# copyrights defined in the Internet Standards process must be followed, +# or as required to translate it into languages other than English. diff --git a/config-archive/etc/openldap/schema/corba.schema b/config-archive/etc/openldap/schema/corba.schema new file mode 100644 index 00000000..a5800b6a --- /dev/null +++ b/config-archive/etc/openldap/schema/corba.schema @@ -0,0 +1,239 @@ +# corba.schema -- Corba Object Schema +# depends upon core.schema +# $OpenLDAP: pkg/ldap/servers/slapd/schema/corba.schema,v 1.7.2.6 2011/01/04 23:50:51 kurt Exp $ +# $OpenLDAP: pkg/ldap/servers/slapd/schema/corba.schema,v 1.7.2.6 2011/01/04 23:50:51 kurt Exp $ +## This work is part of OpenLDAP Software . +## +## Copyright 1998-2011 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## . +# +## Portions Copyright (C) The Internet Society (1999). +## Please see full copyright statement below. + + +# Network Working Group V. Ryan +# Request for Comments: 2714 R. Lee +# Category: Informational S. Seligman +# Sun Microsystems, Inc. +# October 1999 +# +# +# Schema for Representing CORBA Object References in an LDAP Directory +# +# Status of this Memo +# +# This memo provides information for the Internet community. It does +# not specify an Internet standard of any kind. Distribution of this +# memo is unlimited. +# +# Copyright Notice +# +# Copyright (C) The Internet Society (1999). All Rights Reserved. +# +# Abstract +# +# CORBA [CORBA] is the Common Object Request Broker Architecture +# defined by the Object Management Group. This document defines the +# schema for representing CORBA object references in an LDAP directory +# [LDAPv3]. +# +# [trimmed] + +# 3. Attribute Type Definitions +# +# The following attribute types are defined in this document: +# +# corbaIor +# corbaRepositoryId +# +# 3.1 corbaIor +# +# This attribute stores the string representation of the interoperable +# object reference (IOR) for a CORBA object. An IOR is an opaque handle +# for the object which contains the information necessary to locate the +# object, even if the object is in another ORB. +# +# This attribute's syntax is 'IA5 String' and its case is +# insignificant. +# +# ( 1.3.6.1.4.1.42.2.27.4.1.14 +# NAME 'corbaIor' +# DESC 'Stringified interoperable object reference of a CORBA object' +# EQUALITY caseIgnoreIA5Match +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 +# SINGLE-VALUE +# ) +# +attributetype ( 1.3.6.1.4.1.42.2.27.4.1.14 + NAME 'corbaIor' + DESC 'Stringified interoperable object reference of a CORBA object' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE ) + +# 3.2 corbaRepositoryId +# +# Each CORBA interface has a unique "repository id" (also called "type +# id") that identifies the interface. A CORBA object has one or more +# repository ids, one for each interface that it implements. +# +# The format of a repository id can be any string, but the OMG +# specifies four standard formats: +# +# a. IDL-style +# +# IDL:Prefix/ModuleName/InterfaceName:VersionNumber +# +# For example, the repository id for the "NamingContext" in OMG's COS +# Naming module is: "IDL:omg.org/CosNaming/NamingContext:1.0". +# +# b. RMI-style +# +# RMI:ClassName:HashCode[:SUID] +# +# This format is used by RMI-IIOP remote objects [RMI-IIOP]. +# "ClassName" is the fully qualified name of the class (for example, +# "java.lang.String"). "HashCode" is the object's hash code (that is, +# that obtained by invoking the "hashCode()" method). "SUID" is the +# "stream unique identifier", which is a 64-bit number that uniquely +# identifies the serialization version of the class; SUID is optional +# in the repository id. +# +# c. DCE-style +# +# DCE:UUID +# +# This format is used for DCE/CORBA interoperability [CORBA-DCE]. +# "UUID" represents a DCE UUID. +# +# d. "local" +# +# This format is defined by the local Object Request Broker (ORB). +# +# The corbaRepositoryId attribute is a multivalued attribute; each +# value records a single repository id of an interface implemented by +# the CORBA object. This attribute need not contain a complete list of +# the interfaces implemented by the CORBA object. +# +# This attribute's syntax is 'Directory String' and its case is +# significant. The values of this attribute are encoded using UTF-8. +# Some values may require translation from their native representation +# in order to be correctly encoded using UTF-8. +# +# ( 1.3.6.1.4.1.42.2.27.4.1.15 +# NAME 'corbaRepositoryId' +# DESC 'Repository ids of interfaces implemented by a CORBA object' +# EQUALITY caseExactMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 +# ) +# +# +attributetype ( 1.3.6.1.4.1.42.2.27.4.1.15 + NAME 'corbaRepositoryId' + DESC 'Repository ids of interfaces implemented by a CORBA object' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +# 4. Object Class Definitions +# +# The following object classes are defined in this document: +# +# corbaContainer +# corbaObject +# corbaObjectReference +# +# 4.1 corbaContainer +# +# This structural object class represents a container for a CORBA +# object. +# +# ( 1.3.6.1.4.1.42.2.27.4.2.10 +# NAME 'corbaContainer' +# DESC 'Container for a CORBA object' +# SUP top +# STRUCTURAL +# MUST ( cn ) +# ) +# +objectclass ( 1.3.6.1.4.1.42.2.27.4.2.10 + NAME 'corbaContainer' + DESC 'Container for a CORBA object' + SUP top + STRUCTURAL + MUST cn ) + +# 4.2 corbaObject +# +# This abstract object class is the root class for representing a CORBA +# object. +# +# ( 1.3.6.1.4.1.42.2.27.4.2.9 +# NAME 'corbaObject' +# DESC 'CORBA object representation' +# SUP top +# ABSTRACT +# MAY ( corbaRepositoryId $ description ) +# ) +# +objectclass ( 1.3.6.1.4.1.42.2.27.4.2.9 + NAME 'corbaObject' + DESC 'CORBA object representation' + SUP top + ABSTRACT + MAY ( corbaRepositoryId $ description ) ) + +# 4.3 corbaObjectReference +# +# This auxiliary object class represents a CORBA object reference. It +# must be mixed in with a structural object class. +# +# ( 1.3.6.1.4.1.42.2.27.4.2.11 +# NAME 'corbaObjectReference' +# DESC 'CORBA interoperable object reference' +# SUP corbaObject +# AUXILIARY +# MUST ( corbaIor ) +# ) +# +objectclass ( 1.3.6.1.4.1.42.2.27.4.2.11 + NAME 'corbaObjectReference' + DESC 'CORBA interoperable object reference' + SUP corbaObject + AUXILIARY + MUST corbaIor ) + +# 10. Full Copyright Statement +# +# Copyright (C) The Internet Society (1999). All Rights Reserved. +# +# This document and translations of it may be copied and furnished to +# others, and derivative works that comment on or otherwise explain it +# or assist in its implementation may be prepared, copied, published +# and distributed, in whole or in part, without restriction of any +# kind, provided that the above copyright notice and this paragraph are +# included on all such copies and derivative works. However, this +# document itself may not be modified in any way, such as by removing +# the copyright notice or references to the Internet Society or other +# Internet organizations, except as needed for the purpose of +# developing Internet standards in which case the procedures for +# copyrights defined in the Internet Standards process must be +# followed, or as required to translate it into languages other than +# English. +# +# The limited permissions granted above are perpetual and will not be +# revoked by the Internet Society or its successors or assigns. +# +# This document and the information contained herein is provided on an +# "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING +# TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING +# BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION +# HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF +# MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. diff --git a/config-archive/etc/openldap/schema/corba.schema.dist b/config-archive/etc/openldap/schema/corba.schema.dist new file mode 100644 index 00000000..54b5b167 --- /dev/null +++ b/config-archive/etc/openldap/schema/corba.schema.dist @@ -0,0 +1,239 @@ +# corba.schema -- Corba Object Schema +# depends upon core.schema +# $OpenLDAP$ +# $OpenLDAP$ +## This work is part of OpenLDAP Software . +## +## Copyright 1998-2011 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## . +# +## Portions Copyright (C) The Internet Society (1999). +## Please see full copyright statement below. + + +# Network Working Group V. Ryan +# Request for Comments: 2714 R. Lee +# Category: Informational S. Seligman +# Sun Microsystems, Inc. +# October 1999 +# +# +# Schema for Representing CORBA Object References in an LDAP Directory +# +# Status of this Memo +# +# This memo provides information for the Internet community. It does +# not specify an Internet standard of any kind. Distribution of this +# memo is unlimited. +# +# Copyright Notice +# +# Copyright (C) The Internet Society (1999). All Rights Reserved. +# +# Abstract +# +# CORBA [CORBA] is the Common Object Request Broker Architecture +# defined by the Object Management Group. This document defines the +# schema for representing CORBA object references in an LDAP directory +# [LDAPv3]. +# +# [trimmed] + +# 3. Attribute Type Definitions +# +# The following attribute types are defined in this document: +# +# corbaIor +# corbaRepositoryId +# +# 3.1 corbaIor +# +# This attribute stores the string representation of the interoperable +# object reference (IOR) for a CORBA object. An IOR is an opaque handle +# for the object which contains the information necessary to locate the +# object, even if the object is in another ORB. +# +# This attribute's syntax is 'IA5 String' and its case is +# insignificant. +# +# ( 1.3.6.1.4.1.42.2.27.4.1.14 +# NAME 'corbaIor' +# DESC 'Stringified interoperable object reference of a CORBA object' +# EQUALITY caseIgnoreIA5Match +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 +# SINGLE-VALUE +# ) +# +attributetype ( 1.3.6.1.4.1.42.2.27.4.1.14 + NAME 'corbaIor' + DESC 'Stringified interoperable object reference of a CORBA object' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE ) + +# 3.2 corbaRepositoryId +# +# Each CORBA interface has a unique "repository id" (also called "type +# id") that identifies the interface. A CORBA object has one or more +# repository ids, one for each interface that it implements. +# +# The format of a repository id can be any string, but the OMG +# specifies four standard formats: +# +# a. IDL-style +# +# IDL:Prefix/ModuleName/InterfaceName:VersionNumber +# +# For example, the repository id for the "NamingContext" in OMG's COS +# Naming module is: "IDL:omg.org/CosNaming/NamingContext:1.0". +# +# b. RMI-style +# +# RMI:ClassName:HashCode[:SUID] +# +# This format is used by RMI-IIOP remote objects [RMI-IIOP]. +# "ClassName" is the fully qualified name of the class (for example, +# "java.lang.String"). "HashCode" is the object's hash code (that is, +# that obtained by invoking the "hashCode()" method). "SUID" is the +# "stream unique identifier", which is a 64-bit number that uniquely +# identifies the serialization version of the class; SUID is optional +# in the repository id. +# +# c. DCE-style +# +# DCE:UUID +# +# This format is used for DCE/CORBA interoperability [CORBA-DCE]. +# "UUID" represents a DCE UUID. +# +# d. "local" +# +# This format is defined by the local Object Request Broker (ORB). +# +# The corbaRepositoryId attribute is a multivalued attribute; each +# value records a single repository id of an interface implemented by +# the CORBA object. This attribute need not contain a complete list of +# the interfaces implemented by the CORBA object. +# +# This attribute's syntax is 'Directory String' and its case is +# significant. The values of this attribute are encoded using UTF-8. +# Some values may require translation from their native representation +# in order to be correctly encoded using UTF-8. +# +# ( 1.3.6.1.4.1.42.2.27.4.1.15 +# NAME 'corbaRepositoryId' +# DESC 'Repository ids of interfaces implemented by a CORBA object' +# EQUALITY caseExactMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 +# ) +# +# +attributetype ( 1.3.6.1.4.1.42.2.27.4.1.15 + NAME 'corbaRepositoryId' + DESC 'Repository ids of interfaces implemented by a CORBA object' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +# 4. Object Class Definitions +# +# The following object classes are defined in this document: +# +# corbaContainer +# corbaObject +# corbaObjectReference +# +# 4.1 corbaContainer +# +# This structural object class represents a container for a CORBA +# object. +# +# ( 1.3.6.1.4.1.42.2.27.4.2.10 +# NAME 'corbaContainer' +# DESC 'Container for a CORBA object' +# SUP top +# STRUCTURAL +# MUST ( cn ) +# ) +# +objectclass ( 1.3.6.1.4.1.42.2.27.4.2.10 + NAME 'corbaContainer' + DESC 'Container for a CORBA object' + SUP top + STRUCTURAL + MUST cn ) + +# 4.2 corbaObject +# +# This abstract object class is the root class for representing a CORBA +# object. +# +# ( 1.3.6.1.4.1.42.2.27.4.2.9 +# NAME 'corbaObject' +# DESC 'CORBA object representation' +# SUP top +# ABSTRACT +# MAY ( corbaRepositoryId $ description ) +# ) +# +objectclass ( 1.3.6.1.4.1.42.2.27.4.2.9 + NAME 'corbaObject' + DESC 'CORBA object representation' + SUP top + ABSTRACT + MAY ( corbaRepositoryId $ description ) ) + +# 4.3 corbaObjectReference +# +# This auxiliary object class represents a CORBA object reference. It +# must be mixed in with a structural object class. +# +# ( 1.3.6.1.4.1.42.2.27.4.2.11 +# NAME 'corbaObjectReference' +# DESC 'CORBA interoperable object reference' +# SUP corbaObject +# AUXILIARY +# MUST ( corbaIor ) +# ) +# +objectclass ( 1.3.6.1.4.1.42.2.27.4.2.11 + NAME 'corbaObjectReference' + DESC 'CORBA interoperable object reference' + SUP corbaObject + AUXILIARY + MUST corbaIor ) + +# 10. Full Copyright Statement +# +# Copyright (C) The Internet Society (1999). All Rights Reserved. +# +# This document and translations of it may be copied and furnished to +# others, and derivative works that comment on or otherwise explain it +# or assist in its implementation may be prepared, copied, published +# and distributed, in whole or in part, without restriction of any +# kind, provided that the above copyright notice and this paragraph are +# included on all such copies and derivative works. However, this +# document itself may not be modified in any way, such as by removing +# the copyright notice or references to the Internet Society or other +# Internet organizations, except as needed for the purpose of +# developing Internet standards in which case the procedures for +# copyrights defined in the Internet Standards process must be +# followed, or as required to translate it into languages other than +# English. +# +# The limited permissions granted above are perpetual and will not be +# revoked by the Internet Society or its successors or assigns. +# +# This document and the information contained herein is provided on an +# "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING +# TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING +# BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION +# HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF +# MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. diff --git a/config-archive/etc/openldap/schema/core.ldif b/config-archive/etc/openldap/schema/core.ldif new file mode 100644 index 00000000..56a94ad3 --- /dev/null +++ b/config-archive/etc/openldap/schema/core.ldif @@ -0,0 +1,591 @@ +# OpenLDAP Core schema +# $OpenLDAP: pkg/ldap/servers/slapd/schema/core.ldif,v 1.2.2.8 2011/01/04 23:50:51 kurt Exp $ +## This work is part of OpenLDAP Software . +## +## Copyright 1998-2011 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## . +# +## Portions Copyright (C) The Internet Society (1997-2003). +## All Rights Reserved. +## +## This document and translations of it may be copied and furnished to +## others, and derivative works that comment on or otherwise explain it +## or assist in its implementation may be prepared, copied, published +## and distributed, in whole or in part, without restriction of any +## kind, provided that the above copyright notice and this paragraph are +## included on all such copies and derivative works. However, this +## document itself may not be modified in any way, such as by removing +## the copyright notice or references to the Internet Society or other +## Internet organizations, except as needed for the purpose of +## developing Internet standards in which case the procedures for +## copyrights defined in the Internet Standards process must be +## followed, or as required to translate it into languages other than +## English. +## +## The limited permissions granted above are perpetual and will not be +## revoked by the Internet Society or its successors or assigns. +## +## This document and the information contained herein is provided on an +## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING +## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING +## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION +## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF +## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. +# +# +# +# Includes LDAPv3 schema items from: +# RFC 2252/2256 (LDAPv3) +# +# Select standard track schema items: +# RFC 1274 (uid/dc) +# RFC 2079 (URI) +# RFC 2247 (dc/dcObject) +# RFC 2587 (PKI) +# RFC 2589 (Dynamic Directory Services) +# +# Select informational schema items: +# RFC 2377 (uidObject) +# +# +# Standard attribute types from RFC 2256 +# +dn: cn=core,cn=schema,cn=config +objectClass: olcSchemaConfig +cn: core +# +# system schema +#olcAttributeTypes: ( 2.5.4.0 NAME 'objectClass' +# DESC 'RFC2256: object classes of the entity' +# EQUALITY objectIdentifierMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) +# +# system schema +#olcAttributeTypes: ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' ) +# DESC 'RFC2256: name of aliased object' +# EQUALITY distinguishedNameMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) +# +olcAttributeTypes: ( 2.5.4.2 NAME 'knowledgeInformation' + DESC 'RFC2256: knowledge information' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) +# +# system schema +#olcAttributeTypes: ( 2.5.4.3 NAME ( 'cn' 'commonName' ) +# DESC 'RFC2256: common name(s) for which the entity is known by' +# SUP name ) +# +olcAttributeTypes: ( 2.5.4.4 NAME ( 'sn' 'surname' ) + DESC 'RFC2256: last (family) name(s) for which the entity is known by' + SUP name ) +# +olcAttributeTypes: ( 2.5.4.5 NAME 'serialNumber' + DESC 'RFC2256: serial number of the entity' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} ) +# +# RFC 4519 definition ('countryName' in X.500 and RFC2256) +olcAttributeTypes: ( 2.5.4.6 NAME ( 'c' 'countryName' ) + DESC 'RFC4519: two-letter ISO-3166 country code' + SUP name + SYNTAX 1.3.6.1.4.1.1466.115.121.1.11 + SINGLE-VALUE ) +# +olcAttributeTypes: ( 2.5.4.7 NAME ( 'l' 'localityName' ) + DESC 'RFC2256: locality which this object resides in' + SUP name ) +# +olcAttributeTypes: ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' ) + DESC 'RFC2256: state or province which this object resides in' + SUP name ) +# +olcAttributeTypes: ( 2.5.4.9 NAME ( 'street' 'streetAddress' ) + DESC 'RFC2256: street address of this object' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) +# +olcAttributeTypes: ( 2.5.4.10 NAME ( 'o' 'organizationName' ) + DESC 'RFC2256: organization this object belongs to' + SUP name ) +# +olcAttributeTypes: ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' ) + DESC 'RFC2256: organizational unit this object belongs to' + SUP name ) +# +olcAttributeTypes: ( 2.5.4.12 NAME 'title' + DESC 'RFC2256: title associated with the entity' + SUP name ) +# +# system schema +#olcAttributeTypes: ( 2.5.4.13 NAME 'description' +# DESC 'RFC2256: descriptive information' +# EQUALITY caseIgnoreMatch +# SUBSTR caseIgnoreSubstringsMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} ) +# +# Deprecated by enhancedSearchGuide +olcAttributeTypes: ( 2.5.4.14 NAME 'searchGuide' + DESC 'RFC2256: search guide, deprecated by enhancedSearchGuide' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 ) +# +olcAttributeTypes: ( 2.5.4.15 NAME 'businessCategory' + DESC 'RFC2256: business category' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) +# +olcAttributeTypes: ( 2.5.4.16 NAME 'postalAddress' + DESC 'RFC2256: postal address' + EQUALITY caseIgnoreListMatch + SUBSTR caseIgnoreListSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) +# +olcAttributeTypes: ( 2.5.4.17 NAME 'postalCode' + DESC 'RFC2256: postal code' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} ) +# +olcAttributeTypes: ( 2.5.4.18 NAME 'postOfficeBox' + DESC 'RFC2256: Post Office Box' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} ) +# +olcAttributeTypes: ( 2.5.4.19 NAME 'physicalDeliveryOfficeName' + DESC 'RFC2256: Physical Delivery Office Name' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) +# +olcAttributeTypes: ( 2.5.4.20 NAME 'telephoneNumber' + DESC 'RFC2256: Telephone Number' + EQUALITY telephoneNumberMatch + SUBSTR telephoneNumberSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} ) +# +olcAttributeTypes: ( 2.5.4.21 NAME 'telexNumber' + DESC 'RFC2256: Telex Number' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 ) +# +olcAttributeTypes: ( 2.5.4.22 NAME 'teletexTerminalIdentifier' + DESC 'RFC2256: Teletex Terminal Identifier' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 ) +# +olcAttributeTypes: ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' ) + DESC 'RFC2256: Facsimile (Fax) Telephone Number' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 ) +# +olcAttributeTypes: ( 2.5.4.24 NAME 'x121Address' + DESC 'RFC2256: X.121 Address' + EQUALITY numericStringMatch + SUBSTR numericStringSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} ) +# +olcAttributeTypes: ( 2.5.4.25 NAME 'internationaliSDNNumber' + DESC 'RFC2256: international ISDN number' + EQUALITY numericStringMatch + SUBSTR numericStringSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} ) +# +olcAttributeTypes: ( 2.5.4.26 NAME 'registeredAddress' + DESC 'RFC2256: registered postal address' + SUP postalAddress + SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) +# +olcAttributeTypes: ( 2.5.4.27 NAME 'destinationIndicator' + DESC 'RFC2256: destination indicator' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} ) +# +olcAttributeTypes: ( 2.5.4.28 NAME 'preferredDeliveryMethod' + DESC 'RFC2256: preferred delivery method' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.14 + SINGLE-VALUE ) +# +olcAttributeTypes: ( 2.5.4.29 NAME 'presentationAddress' + DESC 'RFC2256: presentation address' + EQUALITY presentationAddressMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.43 + SINGLE-VALUE ) +# +olcAttributeTypes: ( 2.5.4.30 NAME 'supportedApplicationContext' + DESC 'RFC2256: supported application context' + EQUALITY objectIdentifierMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) +# +olcAttributeTypes: ( 2.5.4.31 NAME 'member' + DESC 'RFC2256: member of a group' + SUP distinguishedName ) +# +olcAttributeTypes: ( 2.5.4.32 NAME 'owner' + DESC 'RFC2256: owner (of the object)' + SUP distinguishedName ) +# +olcAttributeTypes: ( 2.5.4.33 NAME 'roleOccupant' + DESC 'RFC2256: occupant of role' + SUP distinguishedName ) +# +# system schema +#olcAttributeTypes: ( 2.5.4.34 NAME 'seeAlso' +# DESC 'RFC2256: DN of related object' +# SUP distinguishedName ) +# +# system schema +#olcAttributeTypes: ( 2.5.4.35 NAME 'userPassword' +# DESC 'RFC2256/2307: password of user' +# EQUALITY octetStringMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} ) +# +# Must be transferred using ;binary +# with certificateExactMatch rule (per X.509) +olcAttributeTypes: ( 2.5.4.36 NAME 'userCertificate' + DESC 'RFC2256: X.509 user certificate, use ;binary' + EQUALITY certificateExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 ) +# +# Must be transferred using ;binary +# with certificateExactMatch rule (per X.509) +olcAttributeTypes: ( 2.5.4.37 NAME 'cACertificate' + DESC 'RFC2256: X.509 CA certificate, use ;binary' + EQUALITY certificateExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 ) +# +# Must be transferred using ;binary +olcAttributeTypes: ( 2.5.4.38 NAME 'authorityRevocationList' + DESC 'RFC2256: X.509 authority revocation list, use ;binary' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) +# +# Must be transferred using ;binary +olcAttributeTypes: ( 2.5.4.39 NAME 'certificateRevocationList' + DESC 'RFC2256: X.509 certificate revocation list, use ;binary' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) +# +# Must be stored and requested in the binary form +olcAttributeTypes: ( 2.5.4.40 NAME 'crossCertificatePair' + DESC 'RFC2256: X.509 cross certificate pair, use ;binary' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 ) +# +# 2.5.4.41 is defined above as it's used for subtyping +#olcAttributeTypes: ( 2.5.4.41 NAME 'name' +# EQUALITY caseIgnoreMatch +# SUBSTR caseIgnoreSubstringsMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) +# +olcAttributeTypes: ( 2.5.4.42 NAME ( 'givenName' 'gn' ) + DESC 'RFC2256: first name(s) for which the entity is known by' + SUP name ) +# +olcAttributeTypes: ( 2.5.4.43 NAME 'initials' + DESC 'RFC2256: initials of some or all of names, but not the surname(s).' + SUP name ) +# +olcAttributeTypes: ( 2.5.4.44 NAME 'generationQualifier' + DESC 'RFC2256: name qualifier indicating a generation' + SUP name ) +# +olcAttributeTypes: ( 2.5.4.45 NAME 'x500UniqueIdentifier' + DESC 'RFC2256: X.500 unique identifier' + EQUALITY bitStringMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 ) +# +olcAttributeTypes: ( 2.5.4.46 NAME 'dnQualifier' + DESC 'RFC2256: DN qualifier' + EQUALITY caseIgnoreMatch + ORDERING caseIgnoreOrderingMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 ) +# +olcAttributeTypes: ( 2.5.4.47 NAME 'enhancedSearchGuide' + DESC 'RFC2256: enhanced search guide' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 ) +# +olcAttributeTypes: ( 2.5.4.48 NAME 'protocolInformation' + DESC 'RFC2256: protocol information' + EQUALITY protocolInformationMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 ) +# +# 2.5.4.49 is defined above as it's used for subtyping +#olcAttributeTypes: ( 2.5.4.49 NAME 'distinguishedName' +# EQUALITY distinguishedNameMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +# +olcAttributeTypes: ( 2.5.4.50 NAME 'uniqueMember' + DESC 'RFC2256: unique member of a group' + EQUALITY uniqueMemberMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 ) +# +olcAttributeTypes: ( 2.5.4.51 NAME 'houseIdentifier' + DESC 'RFC2256: house identifier' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) +# +# Must be transferred using ;binary +olcAttributeTypes: ( 2.5.4.52 NAME 'supportedAlgorithms' + DESC 'RFC2256: supported algorithms' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 ) +# +# Must be transferred using ;binary +olcAttributeTypes: ( 2.5.4.53 NAME 'deltaRevocationList' + DESC 'RFC2256: delta revocation list; use ;binary' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) +# +olcAttributeTypes: ( 2.5.4.54 NAME 'dmdName' + DESC 'RFC2256: name of DMD' + SUP name ) +# +olcAttributeTypes: ( 2.5.4.65 NAME 'pseudonym' + DESC 'X.520(4th): pseudonym for the object' + SUP name ) +# +# Standard object classes from RFC2256 +# +# system schema +#olcObjectClasses: ( 2.5.6.1 NAME 'alias' +# DESC 'RFC2256: an alias' +# SUP top STRUCTURAL +# MUST aliasedObjectName ) +# +olcObjectClasses: ( 2.5.6.2 NAME 'country' + DESC 'RFC2256: a country' + SUP top STRUCTURAL + MUST c + MAY ( searchGuide $ description ) ) +# +olcObjectClasses: ( 2.5.6.3 NAME 'locality' + DESC 'RFC2256: a locality' + SUP top STRUCTURAL + MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) ) +# +olcObjectClasses: ( 2.5.6.4 NAME 'organization' + DESC 'RFC2256: an organization' + SUP top STRUCTURAL + MUST o + MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ + x121Address $ registeredAddress $ destinationIndicator $ + preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ + telephoneNumber $ internationaliSDNNumber $ + facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ + postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) ) +# +olcObjectClasses: ( 2.5.6.5 NAME 'organizationalUnit' + DESC 'RFC2256: an organizational unit' + SUP top STRUCTURAL + MUST ou + MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ + x121Address $ registeredAddress $ destinationIndicator $ + preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ + telephoneNumber $ internationaliSDNNumber $ + facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ + postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) ) +# +olcObjectClasses: ( 2.5.6.6 NAME 'person' + DESC 'RFC2256: a person' + SUP top STRUCTURAL + MUST ( sn $ cn ) + MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) ) +# +olcObjectClasses: ( 2.5.6.7 NAME 'organizationalPerson' + DESC 'RFC2256: an organizational person' + SUP person STRUCTURAL + MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $ + preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ + telephoneNumber $ internationaliSDNNumber $ + facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ + postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) ) +# +olcObjectClasses: ( 2.5.6.8 NAME 'organizationalRole' + DESC 'RFC2256: an organizational role' + SUP top STRUCTURAL + MUST cn + MAY ( x121Address $ registeredAddress $ destinationIndicator $ + preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ + telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ + seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $ + postOfficeBox $ postalCode $ postalAddress $ + physicalDeliveryOfficeName $ ou $ st $ l $ description ) ) +# +olcObjectClasses: ( 2.5.6.9 NAME 'groupOfNames' + DESC 'RFC2256: a group of names (DNs)' + SUP top STRUCTURAL + MUST ( member $ cn ) + MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) ) +# +olcObjectClasses: ( 2.5.6.10 NAME 'residentialPerson' + DESC 'RFC2256: an residential person' + SUP person STRUCTURAL + MUST l + MAY ( businessCategory $ x121Address $ registeredAddress $ + destinationIndicator $ preferredDeliveryMethod $ telexNumber $ + teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ + facsimileTelephoneNumber $ preferredDeliveryMethod $ street $ + postOfficeBox $ postalCode $ postalAddress $ + physicalDeliveryOfficeName $ st $ l ) ) +# +olcObjectClasses: ( 2.5.6.11 NAME 'applicationProcess' + DESC 'RFC2256: an application process' + SUP top STRUCTURAL + MUST cn + MAY ( seeAlso $ ou $ l $ description ) ) +# +olcObjectClasses: ( 2.5.6.12 NAME 'applicationEntity' + DESC 'RFC2256: an application entity' + SUP top STRUCTURAL + MUST ( presentationAddress $ cn ) + MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $ + description ) ) +# +olcObjectClasses: ( 2.5.6.13 NAME 'dSA' + DESC 'RFC2256: a directory system agent (a server)' + SUP applicationEntity STRUCTURAL + MAY knowledgeInformation ) +# +olcObjectClasses: ( 2.5.6.14 NAME 'device' + DESC 'RFC2256: a device' + SUP top STRUCTURAL + MUST cn + MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) ) +# +olcObjectClasses: ( 2.5.6.15 NAME 'strongAuthenticationUser' + DESC 'RFC2256: a strong authentication user' + SUP top AUXILIARY + MUST userCertificate ) +# +olcObjectClasses: ( 2.5.6.16 NAME 'certificationAuthority' + DESC 'RFC2256: a certificate authority' + SUP top AUXILIARY + MUST ( authorityRevocationList $ certificateRevocationList $ + cACertificate ) MAY crossCertificatePair ) +# +olcObjectClasses: ( 2.5.6.17 NAME 'groupOfUniqueNames' + DESC 'RFC2256: a group of unique names (DN and Unique Identifier)' + SUP top STRUCTURAL + MUST ( uniqueMember $ cn ) + MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) ) +# +olcObjectClasses: ( 2.5.6.18 NAME 'userSecurityInformation' + DESC 'RFC2256: a user security information' + SUP top AUXILIARY + MAY ( supportedAlgorithms ) ) +# +olcObjectClasses: ( 2.5.6.16.2 NAME 'certificationAuthority-V2' + SUP certificationAuthority + AUXILIARY MAY ( deltaRevocationList ) ) +# +olcObjectClasses: ( 2.5.6.19 NAME 'cRLDistributionPoint' + SUP top STRUCTURAL + MUST ( cn ) + MAY ( certificateRevocationList $ authorityRevocationList $ + deltaRevocationList ) ) +# +olcObjectClasses: ( 2.5.6.20 NAME 'dmd' + SUP top STRUCTURAL + MUST ( dmdName ) + MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ + x121Address $ registeredAddress $ destinationIndicator $ + preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ + telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ + street $ postOfficeBox $ postalCode $ postalAddress $ + physicalDeliveryOfficeName $ st $ l $ description ) ) +# +# +# Object Classes from RFC 2587 +# +olcObjectClasses: ( 2.5.6.21 NAME 'pkiUser' + DESC 'RFC2587: a PKI user' + SUP top AUXILIARY + MAY userCertificate ) +# +olcObjectClasses: ( 2.5.6.22 NAME 'pkiCA' + DESC 'RFC2587: PKI certificate authority' + SUP top AUXILIARY + MAY ( authorityRevocationList $ certificateRevocationList $ + cACertificate $ crossCertificatePair ) ) +# +olcObjectClasses: ( 2.5.6.23 NAME 'deltaCRL' + DESC 'RFC2587: PKI user' + SUP top AUXILIARY + MAY deltaRevocationList ) +# +# +# Standard Track URI label schema from RFC 2079 +# system schema +#olcAttributeTypes: ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI' +# DESC 'RFC2079: Uniform Resource Identifier with optional label' +# EQUALITY caseExactMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +# +olcObjectClasses: ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject' + DESC 'RFC2079: object that contains the URI attribute type' + MAY ( labeledURI ) + SUP top AUXILIARY ) +# +# +# Derived from RFC 1274, but with new "short names" +# +#olcAttributeTypes: ( 0.9.2342.19200300.100.1.1 +# NAME ( 'uid' 'userid' ) +# DESC 'RFC1274: user identifier' +# EQUALITY caseIgnoreMatch +# SUBSTR caseIgnoreSubstringsMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) +# +olcAttributeTypes: ( 0.9.2342.19200300.100.1.3 + NAME ( 'mail' 'rfc822Mailbox' ) + DESC 'RFC1274: RFC822 Mailbox' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) +# +olcObjectClasses: ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject' + DESC 'RFC1274: simple security object' + SUP top AUXILIARY + MUST userPassword ) +# +# RFC 1274 + RFC 2247 +olcAttributeTypes: ( 0.9.2342.19200300.100.1.25 + NAME ( 'dc' 'domainComponent' ) + DESC 'RFC1274/2247: domain component' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +# +# RFC 2247 +olcObjectClasses: ( 1.3.6.1.4.1.1466.344 NAME 'dcObject' + DESC 'RFC2247: domain component object' + SUP top AUXILIARY MUST dc ) +# +# RFC 2377 +olcObjectClasses: ( 1.3.6.1.1.3.1 NAME 'uidObject' + DESC 'RFC2377: uid object' + SUP top AUXILIARY MUST uid ) +# +# From COSINE Pilot +olcAttributeTypes: ( 0.9.2342.19200300.100.1.37 + NAME 'associatedDomain' + DESC 'RFC1274: domain associated with object' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +# +# RFC 2459 -- deprecated in favor of 'mail' (in cosine.schema) +olcAttributeTypes: ( 1.2.840.113549.1.9.1 + NAME ( 'email' 'emailAddress' 'pkcs9email' ) + DESC 'RFC3280: legacy attribute for email addresses in DNs' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) +# diff --git a/config-archive/etc/openldap/schema/core.ldif.dist b/config-archive/etc/openldap/schema/core.ldif.dist new file mode 100644 index 00000000..59ec15af --- /dev/null +++ b/config-archive/etc/openldap/schema/core.ldif.dist @@ -0,0 +1,591 @@ +# OpenLDAP Core schema +# $OpenLDAP$ +## This work is part of OpenLDAP Software . +## +## Copyright 1998-2011 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## . +# +## Portions Copyright (C) The Internet Society (1997-2003). +## All Rights Reserved. +## +## This document and translations of it may be copied and furnished to +## others, and derivative works that comment on or otherwise explain it +## or assist in its implementation may be prepared, copied, published +## and distributed, in whole or in part, without restriction of any +## kind, provided that the above copyright notice and this paragraph are +## included on all such copies and derivative works. However, this +## document itself may not be modified in any way, such as by removing +## the copyright notice or references to the Internet Society or other +## Internet organizations, except as needed for the purpose of +## developing Internet standards in which case the procedures for +## copyrights defined in the Internet Standards process must be +## followed, or as required to translate it into languages other than +## English. +## +## The limited permissions granted above are perpetual and will not be +## revoked by the Internet Society or its successors or assigns. +## +## This document and the information contained herein is provided on an +## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING +## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING +## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION +## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF +## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. +# +# +# +# Includes LDAPv3 schema items from: +# RFC 2252/2256 (LDAPv3) +# +# Select standard track schema items: +# RFC 1274 (uid/dc) +# RFC 2079 (URI) +# RFC 2247 (dc/dcObject) +# RFC 2587 (PKI) +# RFC 2589 (Dynamic Directory Services) +# +# Select informational schema items: +# RFC 2377 (uidObject) +# +# +# Standard attribute types from RFC 2256 +# +dn: cn=core,cn=schema,cn=config +objectClass: olcSchemaConfig +cn: core +# +# system schema +#olcAttributeTypes: ( 2.5.4.0 NAME 'objectClass' +# DESC 'RFC2256: object classes of the entity' +# EQUALITY objectIdentifierMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) +# +# system schema +#olcAttributeTypes: ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' ) +# DESC 'RFC2256: name of aliased object' +# EQUALITY distinguishedNameMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) +# +olcAttributeTypes: ( 2.5.4.2 NAME 'knowledgeInformation' + DESC 'RFC2256: knowledge information' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) +# +# system schema +#olcAttributeTypes: ( 2.5.4.3 NAME ( 'cn' 'commonName' ) +# DESC 'RFC2256: common name(s) for which the entity is known by' +# SUP name ) +# +olcAttributeTypes: ( 2.5.4.4 NAME ( 'sn' 'surname' ) + DESC 'RFC2256: last (family) name(s) for which the entity is known by' + SUP name ) +# +olcAttributeTypes: ( 2.5.4.5 NAME 'serialNumber' + DESC 'RFC2256: serial number of the entity' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} ) +# +# RFC 4519 definition ('countryName' in X.500 and RFC2256) +olcAttributeTypes: ( 2.5.4.6 NAME ( 'c' 'countryName' ) + DESC 'RFC4519: two-letter ISO-3166 country code' + SUP name + SYNTAX 1.3.6.1.4.1.1466.115.121.1.11 + SINGLE-VALUE ) +# +olcAttributeTypes: ( 2.5.4.7 NAME ( 'l' 'localityName' ) + DESC 'RFC2256: locality which this object resides in' + SUP name ) +# +olcAttributeTypes: ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' ) + DESC 'RFC2256: state or province which this object resides in' + SUP name ) +# +olcAttributeTypes: ( 2.5.4.9 NAME ( 'street' 'streetAddress' ) + DESC 'RFC2256: street address of this object' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) +# +olcAttributeTypes: ( 2.5.4.10 NAME ( 'o' 'organizationName' ) + DESC 'RFC2256: organization this object belongs to' + SUP name ) +# +olcAttributeTypes: ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' ) + DESC 'RFC2256: organizational unit this object belongs to' + SUP name ) +# +olcAttributeTypes: ( 2.5.4.12 NAME 'title' + DESC 'RFC2256: title associated with the entity' + SUP name ) +# +# system schema +#olcAttributeTypes: ( 2.5.4.13 NAME 'description' +# DESC 'RFC2256: descriptive information' +# EQUALITY caseIgnoreMatch +# SUBSTR caseIgnoreSubstringsMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} ) +# +# Deprecated by enhancedSearchGuide +olcAttributeTypes: ( 2.5.4.14 NAME 'searchGuide' + DESC 'RFC2256: search guide, deprecated by enhancedSearchGuide' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 ) +# +olcAttributeTypes: ( 2.5.4.15 NAME 'businessCategory' + DESC 'RFC2256: business category' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) +# +olcAttributeTypes: ( 2.5.4.16 NAME 'postalAddress' + DESC 'RFC2256: postal address' + EQUALITY caseIgnoreListMatch + SUBSTR caseIgnoreListSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) +# +olcAttributeTypes: ( 2.5.4.17 NAME 'postalCode' + DESC 'RFC2256: postal code' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} ) +# +olcAttributeTypes: ( 2.5.4.18 NAME 'postOfficeBox' + DESC 'RFC2256: Post Office Box' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} ) +# +olcAttributeTypes: ( 2.5.4.19 NAME 'physicalDeliveryOfficeName' + DESC 'RFC2256: Physical Delivery Office Name' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) +# +olcAttributeTypes: ( 2.5.4.20 NAME 'telephoneNumber' + DESC 'RFC2256: Telephone Number' + EQUALITY telephoneNumberMatch + SUBSTR telephoneNumberSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} ) +# +olcAttributeTypes: ( 2.5.4.21 NAME 'telexNumber' + DESC 'RFC2256: Telex Number' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 ) +# +olcAttributeTypes: ( 2.5.4.22 NAME 'teletexTerminalIdentifier' + DESC 'RFC2256: Teletex Terminal Identifier' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 ) +# +olcAttributeTypes: ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' ) + DESC 'RFC2256: Facsimile (Fax) Telephone Number' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 ) +# +olcAttributeTypes: ( 2.5.4.24 NAME 'x121Address' + DESC 'RFC2256: X.121 Address' + EQUALITY numericStringMatch + SUBSTR numericStringSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} ) +# +olcAttributeTypes: ( 2.5.4.25 NAME 'internationaliSDNNumber' + DESC 'RFC2256: international ISDN number' + EQUALITY numericStringMatch + SUBSTR numericStringSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} ) +# +olcAttributeTypes: ( 2.5.4.26 NAME 'registeredAddress' + DESC 'RFC2256: registered postal address' + SUP postalAddress + SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) +# +olcAttributeTypes: ( 2.5.4.27 NAME 'destinationIndicator' + DESC 'RFC2256: destination indicator' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} ) +# +olcAttributeTypes: ( 2.5.4.28 NAME 'preferredDeliveryMethod' + DESC 'RFC2256: preferred delivery method' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.14 + SINGLE-VALUE ) +# +olcAttributeTypes: ( 2.5.4.29 NAME 'presentationAddress' + DESC 'RFC2256: presentation address' + EQUALITY presentationAddressMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.43 + SINGLE-VALUE ) +# +olcAttributeTypes: ( 2.5.4.30 NAME 'supportedApplicationContext' + DESC 'RFC2256: supported application context' + EQUALITY objectIdentifierMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) +# +olcAttributeTypes: ( 2.5.4.31 NAME 'member' + DESC 'RFC2256: member of a group' + SUP distinguishedName ) +# +olcAttributeTypes: ( 2.5.4.32 NAME 'owner' + DESC 'RFC2256: owner (of the object)' + SUP distinguishedName ) +# +olcAttributeTypes: ( 2.5.4.33 NAME 'roleOccupant' + DESC 'RFC2256: occupant of role' + SUP distinguishedName ) +# +# system schema +#olcAttributeTypes: ( 2.5.4.34 NAME 'seeAlso' +# DESC 'RFC2256: DN of related object' +# SUP distinguishedName ) +# +# system schema +#olcAttributeTypes: ( 2.5.4.35 NAME 'userPassword' +# DESC 'RFC2256/2307: password of user' +# EQUALITY octetStringMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} ) +# +# Must be transferred using ;binary +# with certificateExactMatch rule (per X.509) +olcAttributeTypes: ( 2.5.4.36 NAME 'userCertificate' + DESC 'RFC2256: X.509 user certificate, use ;binary' + EQUALITY certificateExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 ) +# +# Must be transferred using ;binary +# with certificateExactMatch rule (per X.509) +olcAttributeTypes: ( 2.5.4.37 NAME 'cACertificate' + DESC 'RFC2256: X.509 CA certificate, use ;binary' + EQUALITY certificateExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 ) +# +# Must be transferred using ;binary +olcAttributeTypes: ( 2.5.4.38 NAME 'authorityRevocationList' + DESC 'RFC2256: X.509 authority revocation list, use ;binary' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) +# +# Must be transferred using ;binary +olcAttributeTypes: ( 2.5.4.39 NAME 'certificateRevocationList' + DESC 'RFC2256: X.509 certificate revocation list, use ;binary' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) +# +# Must be stored and requested in the binary form +olcAttributeTypes: ( 2.5.4.40 NAME 'crossCertificatePair' + DESC 'RFC2256: X.509 cross certificate pair, use ;binary' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 ) +# +# 2.5.4.41 is defined above as it's used for subtyping +#olcAttributeTypes: ( 2.5.4.41 NAME 'name' +# EQUALITY caseIgnoreMatch +# SUBSTR caseIgnoreSubstringsMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) +# +olcAttributeTypes: ( 2.5.4.42 NAME ( 'givenName' 'gn' ) + DESC 'RFC2256: first name(s) for which the entity is known by' + SUP name ) +# +olcAttributeTypes: ( 2.5.4.43 NAME 'initials' + DESC 'RFC2256: initials of some or all of names, but not the surname(s).' + SUP name ) +# +olcAttributeTypes: ( 2.5.4.44 NAME 'generationQualifier' + DESC 'RFC2256: name qualifier indicating a generation' + SUP name ) +# +olcAttributeTypes: ( 2.5.4.45 NAME 'x500UniqueIdentifier' + DESC 'RFC2256: X.500 unique identifier' + EQUALITY bitStringMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 ) +# +olcAttributeTypes: ( 2.5.4.46 NAME 'dnQualifier' + DESC 'RFC2256: DN qualifier' + EQUALITY caseIgnoreMatch + ORDERING caseIgnoreOrderingMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 ) +# +olcAttributeTypes: ( 2.5.4.47 NAME 'enhancedSearchGuide' + DESC 'RFC2256: enhanced search guide' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 ) +# +olcAttributeTypes: ( 2.5.4.48 NAME 'protocolInformation' + DESC 'RFC2256: protocol information' + EQUALITY protocolInformationMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 ) +# +# 2.5.4.49 is defined above as it's used for subtyping +#olcAttributeTypes: ( 2.5.4.49 NAME 'distinguishedName' +# EQUALITY distinguishedNameMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +# +olcAttributeTypes: ( 2.5.4.50 NAME 'uniqueMember' + DESC 'RFC2256: unique member of a group' + EQUALITY uniqueMemberMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 ) +# +olcAttributeTypes: ( 2.5.4.51 NAME 'houseIdentifier' + DESC 'RFC2256: house identifier' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) +# +# Must be transferred using ;binary +olcAttributeTypes: ( 2.5.4.52 NAME 'supportedAlgorithms' + DESC 'RFC2256: supported algorithms' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 ) +# +# Must be transferred using ;binary +olcAttributeTypes: ( 2.5.4.53 NAME 'deltaRevocationList' + DESC 'RFC2256: delta revocation list; use ;binary' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) +# +olcAttributeTypes: ( 2.5.4.54 NAME 'dmdName' + DESC 'RFC2256: name of DMD' + SUP name ) +# +olcAttributeTypes: ( 2.5.4.65 NAME 'pseudonym' + DESC 'X.520(4th): pseudonym for the object' + SUP name ) +# +# Standard object classes from RFC2256 +# +# system schema +#olcObjectClasses: ( 2.5.6.1 NAME 'alias' +# DESC 'RFC2256: an alias' +# SUP top STRUCTURAL +# MUST aliasedObjectName ) +# +olcObjectClasses: ( 2.5.6.2 NAME 'country' + DESC 'RFC2256: a country' + SUP top STRUCTURAL + MUST c + MAY ( searchGuide $ description ) ) +# +olcObjectClasses: ( 2.5.6.3 NAME 'locality' + DESC 'RFC2256: a locality' + SUP top STRUCTURAL + MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) ) +# +olcObjectClasses: ( 2.5.6.4 NAME 'organization' + DESC 'RFC2256: an organization' + SUP top STRUCTURAL + MUST o + MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ + x121Address $ registeredAddress $ destinationIndicator $ + preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ + telephoneNumber $ internationaliSDNNumber $ + facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ + postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) ) +# +olcObjectClasses: ( 2.5.6.5 NAME 'organizationalUnit' + DESC 'RFC2256: an organizational unit' + SUP top STRUCTURAL + MUST ou + MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ + x121Address $ registeredAddress $ destinationIndicator $ + preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ + telephoneNumber $ internationaliSDNNumber $ + facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ + postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) ) +# +olcObjectClasses: ( 2.5.6.6 NAME 'person' + DESC 'RFC2256: a person' + SUP top STRUCTURAL + MUST ( sn $ cn ) + MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) ) +# +olcObjectClasses: ( 2.5.6.7 NAME 'organizationalPerson' + DESC 'RFC2256: an organizational person' + SUP person STRUCTURAL + MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $ + preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ + telephoneNumber $ internationaliSDNNumber $ + facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ + postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) ) +# +olcObjectClasses: ( 2.5.6.8 NAME 'organizationalRole' + DESC 'RFC2256: an organizational role' + SUP top STRUCTURAL + MUST cn + MAY ( x121Address $ registeredAddress $ destinationIndicator $ + preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ + telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ + seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $ + postOfficeBox $ postalCode $ postalAddress $ + physicalDeliveryOfficeName $ ou $ st $ l $ description ) ) +# +olcObjectClasses: ( 2.5.6.9 NAME 'groupOfNames' + DESC 'RFC2256: a group of names (DNs)' + SUP top STRUCTURAL + MUST ( member $ cn ) + MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) ) +# +olcObjectClasses: ( 2.5.6.10 NAME 'residentialPerson' + DESC 'RFC2256: an residential person' + SUP person STRUCTURAL + MUST l + MAY ( businessCategory $ x121Address $ registeredAddress $ + destinationIndicator $ preferredDeliveryMethod $ telexNumber $ + teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ + facsimileTelephoneNumber $ preferredDeliveryMethod $ street $ + postOfficeBox $ postalCode $ postalAddress $ + physicalDeliveryOfficeName $ st $ l ) ) +# +olcObjectClasses: ( 2.5.6.11 NAME 'applicationProcess' + DESC 'RFC2256: an application process' + SUP top STRUCTURAL + MUST cn + MAY ( seeAlso $ ou $ l $ description ) ) +# +olcObjectClasses: ( 2.5.6.12 NAME 'applicationEntity' + DESC 'RFC2256: an application entity' + SUP top STRUCTURAL + MUST ( presentationAddress $ cn ) + MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $ + description ) ) +# +olcObjectClasses: ( 2.5.6.13 NAME 'dSA' + DESC 'RFC2256: a directory system agent (a server)' + SUP applicationEntity STRUCTURAL + MAY knowledgeInformation ) +# +olcObjectClasses: ( 2.5.6.14 NAME 'device' + DESC 'RFC2256: a device' + SUP top STRUCTURAL + MUST cn + MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) ) +# +olcObjectClasses: ( 2.5.6.15 NAME 'strongAuthenticationUser' + DESC 'RFC2256: a strong authentication user' + SUP top AUXILIARY + MUST userCertificate ) +# +olcObjectClasses: ( 2.5.6.16 NAME 'certificationAuthority' + DESC 'RFC2256: a certificate authority' + SUP top AUXILIARY + MUST ( authorityRevocationList $ certificateRevocationList $ + cACertificate ) MAY crossCertificatePair ) +# +olcObjectClasses: ( 2.5.6.17 NAME 'groupOfUniqueNames' + DESC 'RFC2256: a group of unique names (DN and Unique Identifier)' + SUP top STRUCTURAL + MUST ( uniqueMember $ cn ) + MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) ) +# +olcObjectClasses: ( 2.5.6.18 NAME 'userSecurityInformation' + DESC 'RFC2256: a user security information' + SUP top AUXILIARY + MAY ( supportedAlgorithms ) ) +# +olcObjectClasses: ( 2.5.6.16.2 NAME 'certificationAuthority-V2' + SUP certificationAuthority + AUXILIARY MAY ( deltaRevocationList ) ) +# +olcObjectClasses: ( 2.5.6.19 NAME 'cRLDistributionPoint' + SUP top STRUCTURAL + MUST ( cn ) + MAY ( certificateRevocationList $ authorityRevocationList $ + deltaRevocationList ) ) +# +olcObjectClasses: ( 2.5.6.20 NAME 'dmd' + SUP top STRUCTURAL + MUST ( dmdName ) + MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ + x121Address $ registeredAddress $ destinationIndicator $ + preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ + telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ + street $ postOfficeBox $ postalCode $ postalAddress $ + physicalDeliveryOfficeName $ st $ l $ description ) ) +# +# +# Object Classes from RFC 2587 +# +olcObjectClasses: ( 2.5.6.21 NAME 'pkiUser' + DESC 'RFC2587: a PKI user' + SUP top AUXILIARY + MAY userCertificate ) +# +olcObjectClasses: ( 2.5.6.22 NAME 'pkiCA' + DESC 'RFC2587: PKI certificate authority' + SUP top AUXILIARY + MAY ( authorityRevocationList $ certificateRevocationList $ + cACertificate $ crossCertificatePair ) ) +# +olcObjectClasses: ( 2.5.6.23 NAME 'deltaCRL' + DESC 'RFC2587: PKI user' + SUP top AUXILIARY + MAY deltaRevocationList ) +# +# +# Standard Track URI label schema from RFC 2079 +# system schema +#olcAttributeTypes: ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI' +# DESC 'RFC2079: Uniform Resource Identifier with optional label' +# EQUALITY caseExactMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +# +olcObjectClasses: ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject' + DESC 'RFC2079: object that contains the URI attribute type' + MAY ( labeledURI ) + SUP top AUXILIARY ) +# +# +# Derived from RFC 1274, but with new "short names" +# +#olcAttributeTypes: ( 0.9.2342.19200300.100.1.1 +# NAME ( 'uid' 'userid' ) +# DESC 'RFC1274: user identifier' +# EQUALITY caseIgnoreMatch +# SUBSTR caseIgnoreSubstringsMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) +# +olcAttributeTypes: ( 0.9.2342.19200300.100.1.3 + NAME ( 'mail' 'rfc822Mailbox' ) + DESC 'RFC1274: RFC822 Mailbox' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) +# +olcObjectClasses: ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject' + DESC 'RFC1274: simple security object' + SUP top AUXILIARY + MUST userPassword ) +# +# RFC 1274 + RFC 2247 +olcAttributeTypes: ( 0.9.2342.19200300.100.1.25 + NAME ( 'dc' 'domainComponent' ) + DESC 'RFC1274/2247: domain component' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +# +# RFC 2247 +olcObjectClasses: ( 1.3.6.1.4.1.1466.344 NAME 'dcObject' + DESC 'RFC2247: domain component object' + SUP top AUXILIARY MUST dc ) +# +# RFC 2377 +olcObjectClasses: ( 1.3.6.1.1.3.1 NAME 'uidObject' + DESC 'RFC2377: uid object' + SUP top AUXILIARY MUST uid ) +# +# From COSINE Pilot +olcAttributeTypes: ( 0.9.2342.19200300.100.1.37 + NAME 'associatedDomain' + DESC 'RFC1274: domain associated with object' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +# +# RFC 2459 -- deprecated in favor of 'mail' (in cosine.schema) +olcAttributeTypes: ( 1.2.840.113549.1.9.1 + NAME ( 'email' 'emailAddress' 'pkcs9email' ) + DESC 'RFC3280: legacy attribute for email addresses in DNs' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) +# diff --git a/config-archive/etc/openldap/schema/core.schema b/config-archive/etc/openldap/schema/core.schema new file mode 100644 index 00000000..77ea8a89 --- /dev/null +++ b/config-archive/etc/openldap/schema/core.schema @@ -0,0 +1,610 @@ +# OpenLDAP Core schema +# $OpenLDAP: pkg/ldap/servers/slapd/schema/core.schema,v 1.88.2.9 2011/01/04 23:50:51 kurt Exp $ +## This work is part of OpenLDAP Software . +## +## Copyright 1998-2011 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## . +# +## Portions Copyright (C) The Internet Society (1997-2006). +## All Rights Reserved. +## +## This document and translations of it may be copied and furnished to +## others, and derivative works that comment on or otherwise explain it +## or assist in its implementation may be prepared, copied, published +## and distributed, in whole or in part, without restriction of any +## kind, provided that the above copyright notice and this paragraph are +## included on all such copies and derivative works. However, this +## document itself may not be modified in any way, such as by removing +## the copyright notice or references to the Internet Society or other +## Internet organizations, except as needed for the purpose of +## developing Internet standards in which case the procedures for +## copyrights defined in the Internet Standards process must be +## followed, or as required to translate it into languages other than +## English. +## +## The limited permissions granted above are perpetual and will not be +## revoked by the Internet Society or its successors or assigns. +## +## This document and the information contained herein is provided on an +## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING +## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING +## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION +## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF +## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + +# +# +# Includes LDAPv3 schema items from: +# RFC 2252/2256 (LDAPv3) +# +# Select standard track schema items: +# RFC 1274 (uid/dc) +# RFC 2079 (URI) +# RFC 2247 (dc/dcObject) +# RFC 2587 (PKI) +# RFC 2589 (Dynamic Directory Services) +# RFC 4524 (associatedDomain) +# +# Select informational schema items: +# RFC 2377 (uidObject) + +# +# Standard attribute types from RFC 2256 +# + +# system schema +#attributetype ( 2.5.4.0 NAME 'objectClass' +# DESC 'RFC2256: object classes of the entity' +# EQUALITY objectIdentifierMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) + +# system schema +#attributetype ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' ) +# DESC 'RFC2256: name of aliased object' +# EQUALITY distinguishedNameMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) + +attributetype ( 2.5.4.2 NAME 'knowledgeInformation' + DESC 'RFC2256: knowledge information' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) + +# system schema +#attributetype ( 2.5.4.3 NAME ( 'cn' 'commonName' ) +# DESC 'RFC2256: common name(s) for which the entity is known by' +# SUP name ) + +attributetype ( 2.5.4.4 NAME ( 'sn' 'surname' ) + DESC 'RFC2256: last (family) name(s) for which the entity is known by' + SUP name ) + +attributetype ( 2.5.4.5 NAME 'serialNumber' + DESC 'RFC2256: serial number of the entity' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} ) + +# RFC 4519 definition ('countryName' in X.500 and RFC2256) +attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' ) + DESC 'RFC4519: two-letter ISO-3166 country code' + SUP name + SYNTAX 1.3.6.1.4.1.1466.115.121.1.11 + SINGLE-VALUE ) + +#attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' ) +# DESC 'RFC2256: ISO-3166 country 2-letter code' +# SUP name SINGLE-VALUE ) + +attributetype ( 2.5.4.7 NAME ( 'l' 'localityName' ) + DESC 'RFC2256: locality which this object resides in' + SUP name ) + +attributetype ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' ) + DESC 'RFC2256: state or province which this object resides in' + SUP name ) + +attributetype ( 2.5.4.9 NAME ( 'street' 'streetAddress' ) + DESC 'RFC2256: street address of this object' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) + +attributetype ( 2.5.4.10 NAME ( 'o' 'organizationName' ) + DESC 'RFC2256: organization this object belongs to' + SUP name ) + +attributetype ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' ) + DESC 'RFC2256: organizational unit this object belongs to' + SUP name ) + +attributetype ( 2.5.4.12 NAME 'title' + DESC 'RFC2256: title associated with the entity' + SUP name ) + +# system schema +#attributetype ( 2.5.4.13 NAME 'description' +# DESC 'RFC2256: descriptive information' +# EQUALITY caseIgnoreMatch +# SUBSTR caseIgnoreSubstringsMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} ) + +# Deprecated by enhancedSearchGuide +attributetype ( 2.5.4.14 NAME 'searchGuide' + DESC 'RFC2256: search guide, deprecated by enhancedSearchGuide' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 ) + +attributetype ( 2.5.4.15 NAME 'businessCategory' + DESC 'RFC2256: business category' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) + +attributetype ( 2.5.4.16 NAME 'postalAddress' + DESC 'RFC2256: postal address' + EQUALITY caseIgnoreListMatch + SUBSTR caseIgnoreListSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) + +attributetype ( 2.5.4.17 NAME 'postalCode' + DESC 'RFC2256: postal code' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} ) + +attributetype ( 2.5.4.18 NAME 'postOfficeBox' + DESC 'RFC2256: Post Office Box' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} ) + +attributetype ( 2.5.4.19 NAME 'physicalDeliveryOfficeName' + DESC 'RFC2256: Physical Delivery Office Name' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) + +attributetype ( 2.5.4.20 NAME 'telephoneNumber' + DESC 'RFC2256: Telephone Number' + EQUALITY telephoneNumberMatch + SUBSTR telephoneNumberSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} ) + +attributetype ( 2.5.4.21 NAME 'telexNumber' + DESC 'RFC2256: Telex Number' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 ) + +attributetype ( 2.5.4.22 NAME 'teletexTerminalIdentifier' + DESC 'RFC2256: Teletex Terminal Identifier' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 ) + +attributetype ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' ) + DESC 'RFC2256: Facsimile (Fax) Telephone Number' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 ) + +attributetype ( 2.5.4.24 NAME 'x121Address' + DESC 'RFC2256: X.121 Address' + EQUALITY numericStringMatch + SUBSTR numericStringSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} ) + +attributetype ( 2.5.4.25 NAME 'internationaliSDNNumber' + DESC 'RFC2256: international ISDN number' + EQUALITY numericStringMatch + SUBSTR numericStringSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} ) + +attributetype ( 2.5.4.26 NAME 'registeredAddress' + DESC 'RFC2256: registered postal address' + SUP postalAddress + SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) + +attributetype ( 2.5.4.27 NAME 'destinationIndicator' + DESC 'RFC2256: destination indicator' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} ) + +attributetype ( 2.5.4.28 NAME 'preferredDeliveryMethod' + DESC 'RFC2256: preferred delivery method' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.14 + SINGLE-VALUE ) + +attributetype ( 2.5.4.29 NAME 'presentationAddress' + DESC 'RFC2256: presentation address' + EQUALITY presentationAddressMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.43 + SINGLE-VALUE ) + +attributetype ( 2.5.4.30 NAME 'supportedApplicationContext' + DESC 'RFC2256: supported application context' + EQUALITY objectIdentifierMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) + +attributetype ( 2.5.4.31 NAME 'member' + DESC 'RFC2256: member of a group' + SUP distinguishedName ) + +attributetype ( 2.5.4.32 NAME 'owner' + DESC 'RFC2256: owner (of the object)' + SUP distinguishedName ) + +attributetype ( 2.5.4.33 NAME 'roleOccupant' + DESC 'RFC2256: occupant of role' + SUP distinguishedName ) + +# system schema +#attributetype ( 2.5.4.34 NAME 'seeAlso' +# DESC 'RFC2256: DN of related object' +# SUP distinguishedName ) + +# system schema +#attributetype ( 2.5.4.35 NAME 'userPassword' +# DESC 'RFC2256/2307: password of user' +# EQUALITY octetStringMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} ) + +# Must be transferred using ;binary +# with certificateExactMatch rule (per X.509) +attributetype ( 2.5.4.36 NAME 'userCertificate' + DESC 'RFC2256: X.509 user certificate, use ;binary' + EQUALITY certificateExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 ) + +# Must be transferred using ;binary +# with certificateExactMatch rule (per X.509) +attributetype ( 2.5.4.37 NAME 'cACertificate' + DESC 'RFC2256: X.509 CA certificate, use ;binary' + EQUALITY certificateExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 ) + +# Must be transferred using ;binary +attributetype ( 2.5.4.38 NAME 'authorityRevocationList' + DESC 'RFC2256: X.509 authority revocation list, use ;binary' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) + +# Must be transferred using ;binary +attributetype ( 2.5.4.39 NAME 'certificateRevocationList' + DESC 'RFC2256: X.509 certificate revocation list, use ;binary' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) + +# Must be stored and requested in the binary form +attributetype ( 2.5.4.40 NAME 'crossCertificatePair' + DESC 'RFC2256: X.509 cross certificate pair, use ;binary' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 ) + +# system schema +#attributetype ( 2.5.4.41 NAME 'name' +# EQUALITY caseIgnoreMatch +# SUBSTR caseIgnoreSubstringsMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) + +attributetype ( 2.5.4.42 NAME ( 'givenName' 'gn' ) + DESC 'RFC2256: first name(s) for which the entity is known by' + SUP name ) + +attributetype ( 2.5.4.43 NAME 'initials' + DESC 'RFC2256: initials of some or all of names, but not the surname(s).' + SUP name ) + +attributetype ( 2.5.4.44 NAME 'generationQualifier' + DESC 'RFC2256: name qualifier indicating a generation' + SUP name ) + +attributetype ( 2.5.4.45 NAME 'x500UniqueIdentifier' + DESC 'RFC2256: X.500 unique identifier' + EQUALITY bitStringMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 ) + +attributetype ( 2.5.4.46 NAME 'dnQualifier' + DESC 'RFC2256: DN qualifier' + EQUALITY caseIgnoreMatch + ORDERING caseIgnoreOrderingMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 ) + +attributetype ( 2.5.4.47 NAME 'enhancedSearchGuide' + DESC 'RFC2256: enhanced search guide' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 ) + +attributetype ( 2.5.4.48 NAME 'protocolInformation' + DESC 'RFC2256: protocol information' + EQUALITY protocolInformationMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 ) + +# system schema +#attributetype ( 2.5.4.49 NAME 'distinguishedName' +# EQUALITY distinguishedNameMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) + +attributetype ( 2.5.4.50 NAME 'uniqueMember' + DESC 'RFC2256: unique member of a group' + EQUALITY uniqueMemberMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 ) + +attributetype ( 2.5.4.51 NAME 'houseIdentifier' + DESC 'RFC2256: house identifier' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) + +# Must be transferred using ;binary +attributetype ( 2.5.4.52 NAME 'supportedAlgorithms' + DESC 'RFC2256: supported algorithms' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 ) + +# Must be transferred using ;binary +attributetype ( 2.5.4.53 NAME 'deltaRevocationList' + DESC 'RFC2256: delta revocation list; use ;binary' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) + +attributetype ( 2.5.4.54 NAME 'dmdName' + DESC 'RFC2256: name of DMD' + SUP name ) + +attributetype ( 2.5.4.65 NAME 'pseudonym' + DESC 'X.520(4th): pseudonym for the object' + SUP name ) + +# Standard object classes from RFC2256 + +# system schema +#objectclass ( 2.5.6.0 NAME 'top' +# DESC 'RFC2256: top of the superclass chain' +# ABSTRACT +# MUST objectClass ) + +# system schema +#objectclass ( 2.5.6.1 NAME 'alias' +# DESC 'RFC2256: an alias' +# SUP top STRUCTURAL +# MUST aliasedObjectName ) + +objectclass ( 2.5.6.2 NAME 'country' + DESC 'RFC2256: a country' + SUP top STRUCTURAL + MUST c + MAY ( searchGuide $ description ) ) + +objectclass ( 2.5.6.3 NAME 'locality' + DESC 'RFC2256: a locality' + SUP top STRUCTURAL + MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) ) + +objectclass ( 2.5.6.4 NAME 'organization' + DESC 'RFC2256: an organization' + SUP top STRUCTURAL + MUST o + MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ + x121Address $ registeredAddress $ destinationIndicator $ + preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ + telephoneNumber $ internationaliSDNNumber $ + facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ + postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) ) + +objectclass ( 2.5.6.5 NAME 'organizationalUnit' + DESC 'RFC2256: an organizational unit' + SUP top STRUCTURAL + MUST ou + MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ + x121Address $ registeredAddress $ destinationIndicator $ + preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ + telephoneNumber $ internationaliSDNNumber $ + facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ + postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) ) + +objectclass ( 2.5.6.6 NAME 'person' + DESC 'RFC2256: a person' + SUP top STRUCTURAL + MUST ( sn $ cn ) + MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) ) + +objectclass ( 2.5.6.7 NAME 'organizationalPerson' + DESC 'RFC2256: an organizational person' + SUP person STRUCTURAL + MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $ + preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ + telephoneNumber $ internationaliSDNNumber $ + facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ + postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) ) + +objectclass ( 2.5.6.8 NAME 'organizationalRole' + DESC 'RFC2256: an organizational role' + SUP top STRUCTURAL + MUST cn + MAY ( x121Address $ registeredAddress $ destinationIndicator $ + preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ + telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ + seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $ + postOfficeBox $ postalCode $ postalAddress $ + physicalDeliveryOfficeName $ ou $ st $ l $ description ) ) + +objectclass ( 2.5.6.9 NAME 'groupOfNames' + DESC 'RFC2256: a group of names (DNs)' + SUP top STRUCTURAL + MUST ( member $ cn ) + MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) ) + +objectclass ( 2.5.6.10 NAME 'residentialPerson' + DESC 'RFC2256: an residential person' + SUP person STRUCTURAL + MUST l + MAY ( businessCategory $ x121Address $ registeredAddress $ + destinationIndicator $ preferredDeliveryMethod $ telexNumber $ + teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ + facsimileTelephoneNumber $ preferredDeliveryMethod $ street $ + postOfficeBox $ postalCode $ postalAddress $ + physicalDeliveryOfficeName $ st $ l ) ) + +objectclass ( 2.5.6.11 NAME 'applicationProcess' + DESC 'RFC2256: an application process' + SUP top STRUCTURAL + MUST cn + MAY ( seeAlso $ ou $ l $ description ) ) + +objectclass ( 2.5.6.12 NAME 'applicationEntity' + DESC 'RFC2256: an application entity' + SUP top STRUCTURAL + MUST ( presentationAddress $ cn ) + MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $ + description ) ) + +objectclass ( 2.5.6.13 NAME 'dSA' + DESC 'RFC2256: a directory system agent (a server)' + SUP applicationEntity STRUCTURAL + MAY knowledgeInformation ) + +objectclass ( 2.5.6.14 NAME 'device' + DESC 'RFC2256: a device' + SUP top STRUCTURAL + MUST cn + MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) ) + +objectclass ( 2.5.6.15 NAME 'strongAuthenticationUser' + DESC 'RFC2256: a strong authentication user' + SUP top AUXILIARY + MUST userCertificate ) + +objectclass ( 2.5.6.16 NAME 'certificationAuthority' + DESC 'RFC2256: a certificate authority' + SUP top AUXILIARY + MUST ( authorityRevocationList $ certificateRevocationList $ + cACertificate ) MAY crossCertificatePair ) + +objectclass ( 2.5.6.17 NAME 'groupOfUniqueNames' + DESC 'RFC2256: a group of unique names (DN and Unique Identifier)' + SUP top STRUCTURAL + MUST ( uniqueMember $ cn ) + MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) ) + +objectclass ( 2.5.6.18 NAME 'userSecurityInformation' + DESC 'RFC2256: a user security information' + SUP top AUXILIARY + MAY ( supportedAlgorithms ) ) + +objectclass ( 2.5.6.16.2 NAME 'certificationAuthority-V2' + SUP certificationAuthority + AUXILIARY MAY ( deltaRevocationList ) ) + +objectclass ( 2.5.6.19 NAME 'cRLDistributionPoint' + SUP top STRUCTURAL + MUST ( cn ) + MAY ( certificateRevocationList $ authorityRevocationList $ + deltaRevocationList ) ) + +objectclass ( 2.5.6.20 NAME 'dmd' + SUP top STRUCTURAL + MUST ( dmdName ) + MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ + x121Address $ registeredAddress $ destinationIndicator $ + preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ + telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ + street $ postOfficeBox $ postalCode $ postalAddress $ + physicalDeliveryOfficeName $ st $ l $ description ) ) + +# +# Object Classes from RFC 2587 +# +objectclass ( 2.5.6.21 NAME 'pkiUser' + DESC 'RFC2587: a PKI user' + SUP top AUXILIARY + MAY userCertificate ) + +objectclass ( 2.5.6.22 NAME 'pkiCA' + DESC 'RFC2587: PKI certificate authority' + SUP top AUXILIARY + MAY ( authorityRevocationList $ certificateRevocationList $ + cACertificate $ crossCertificatePair ) ) + +objectclass ( 2.5.6.23 NAME 'deltaCRL' + DESC 'RFC2587: PKI user' + SUP top AUXILIARY + MAY deltaRevocationList ) + +# +# Standard Track URI label schema from RFC 2079 +# system schema +#attributetype ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI' +# DESC 'RFC2079: Uniform Resource Identifier with optional label' +# EQUALITY caseExactMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +objectclass ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject' + DESC 'RFC2079: object that contains the URI attribute type' + SUP top AUXILIARY + MAY ( labeledURI ) ) + +# +# Derived from RFC 1274, but with new "short names" +# +#attributetype ( 0.9.2342.19200300.100.1.1 +# NAME ( 'uid' 'userid' ) +# DESC 'RFC1274: user identifier' +# EQUALITY caseIgnoreMatch +# SUBSTR caseIgnoreSubstringsMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +attributetype ( 0.9.2342.19200300.100.1.3 + NAME ( 'mail' 'rfc822Mailbox' ) + DESC 'RFC1274: RFC822 Mailbox' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) + +objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject' + DESC 'RFC1274: simple security object' + SUP top AUXILIARY + MUST userPassword ) + +# RFC 1274 + RFC 2247 +attributetype ( 0.9.2342.19200300.100.1.25 + NAME ( 'dc' 'domainComponent' ) + DESC 'RFC1274/2247: domain component' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +# RFC 2247 +objectclass ( 1.3.6.1.4.1.1466.344 NAME 'dcObject' + DESC 'RFC2247: domain component object' + SUP top AUXILIARY MUST dc ) + +# RFC 2377 +objectclass ( 1.3.6.1.1.3.1 NAME 'uidObject' + DESC 'RFC2377: uid object' + SUP top AUXILIARY MUST uid ) + +# RFC 4524 +# The 'associatedDomain' attribute specifies DNS [RFC1034][RFC2181] +# host names [RFC1123] that are associated with an object. That is, +# values of this attribute should conform to the following ABNF: +# +# domain = root / label *( DOT label ) +# root = SPACE +# label = LETDIG [ *61( LETDIG / HYPHEN ) LETDIG ] +# LETDIG = %x30-39 / %x41-5A / %x61-7A ; "0" - "9" / "A"-"Z" / "a"-"z" +# SPACE = %x20 ; space (" ") +# HYPHEN = %x2D ; hyphen ("-") +# DOT = %x2E ; period (".") +attributetype ( 0.9.2342.19200300.100.1.37 + NAME 'associatedDomain' + DESC 'RFC1274: domain associated with object' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +# RFC 2459 -- deprecated in favor of 'mail' (in cosine.schema) +attributetype ( 1.2.840.113549.1.9.1 + NAME ( 'email' 'emailAddress' 'pkcs9email' ) + DESC 'RFC3280: legacy attribute for email addresses in DNs' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) + diff --git a/config-archive/etc/openldap/schema/core.schema.dist b/config-archive/etc/openldap/schema/core.schema.dist new file mode 100644 index 00000000..f4644709 --- /dev/null +++ b/config-archive/etc/openldap/schema/core.schema.dist @@ -0,0 +1,610 @@ +# OpenLDAP Core schema +# $OpenLDAP$ +## This work is part of OpenLDAP Software . +## +## Copyright 1998-2011 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## . +# +## Portions Copyright (C) The Internet Society (1997-2006). +## All Rights Reserved. +## +## This document and translations of it may be copied and furnished to +## others, and derivative works that comment on or otherwise explain it +## or assist in its implementation may be prepared, copied, published +## and distributed, in whole or in part, without restriction of any +## kind, provided that the above copyright notice and this paragraph are +## included on all such copies and derivative works. However, this +## document itself may not be modified in any way, such as by removing +## the copyright notice or references to the Internet Society or other +## Internet organizations, except as needed for the purpose of +## developing Internet standards in which case the procedures for +## copyrights defined in the Internet Standards process must be +## followed, or as required to translate it into languages other than +## English. +## +## The limited permissions granted above are perpetual and will not be +## revoked by the Internet Society or its successors or assigns. +## +## This document and the information contained herein is provided on an +## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING +## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING +## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION +## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF +## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + +# +# +# Includes LDAPv3 schema items from: +# RFC 2252/2256 (LDAPv3) +# +# Select standard track schema items: +# RFC 1274 (uid/dc) +# RFC 2079 (URI) +# RFC 2247 (dc/dcObject) +# RFC 2587 (PKI) +# RFC 2589 (Dynamic Directory Services) +# RFC 4524 (associatedDomain) +# +# Select informational schema items: +# RFC 2377 (uidObject) + +# +# Standard attribute types from RFC 2256 +# + +# system schema +#attributetype ( 2.5.4.0 NAME 'objectClass' +# DESC 'RFC2256: object classes of the entity' +# EQUALITY objectIdentifierMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) + +# system schema +#attributetype ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' ) +# DESC 'RFC2256: name of aliased object' +# EQUALITY distinguishedNameMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) + +attributetype ( 2.5.4.2 NAME 'knowledgeInformation' + DESC 'RFC2256: knowledge information' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) + +# system schema +#attributetype ( 2.5.4.3 NAME ( 'cn' 'commonName' ) +# DESC 'RFC2256: common name(s) for which the entity is known by' +# SUP name ) + +attributetype ( 2.5.4.4 NAME ( 'sn' 'surname' ) + DESC 'RFC2256: last (family) name(s) for which the entity is known by' + SUP name ) + +attributetype ( 2.5.4.5 NAME 'serialNumber' + DESC 'RFC2256: serial number of the entity' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} ) + +# RFC 4519 definition ('countryName' in X.500 and RFC2256) +attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' ) + DESC 'RFC4519: two-letter ISO-3166 country code' + SUP name + SYNTAX 1.3.6.1.4.1.1466.115.121.1.11 + SINGLE-VALUE ) + +#attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' ) +# DESC 'RFC2256: ISO-3166 country 2-letter code' +# SUP name SINGLE-VALUE ) + +attributetype ( 2.5.4.7 NAME ( 'l' 'localityName' ) + DESC 'RFC2256: locality which this object resides in' + SUP name ) + +attributetype ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' ) + DESC 'RFC2256: state or province which this object resides in' + SUP name ) + +attributetype ( 2.5.4.9 NAME ( 'street' 'streetAddress' ) + DESC 'RFC2256: street address of this object' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) + +attributetype ( 2.5.4.10 NAME ( 'o' 'organizationName' ) + DESC 'RFC2256: organization this object belongs to' + SUP name ) + +attributetype ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' ) + DESC 'RFC2256: organizational unit this object belongs to' + SUP name ) + +attributetype ( 2.5.4.12 NAME 'title' + DESC 'RFC2256: title associated with the entity' + SUP name ) + +# system schema +#attributetype ( 2.5.4.13 NAME 'description' +# DESC 'RFC2256: descriptive information' +# EQUALITY caseIgnoreMatch +# SUBSTR caseIgnoreSubstringsMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} ) + +# Deprecated by enhancedSearchGuide +attributetype ( 2.5.4.14 NAME 'searchGuide' + DESC 'RFC2256: search guide, deprecated by enhancedSearchGuide' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 ) + +attributetype ( 2.5.4.15 NAME 'businessCategory' + DESC 'RFC2256: business category' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) + +attributetype ( 2.5.4.16 NAME 'postalAddress' + DESC 'RFC2256: postal address' + EQUALITY caseIgnoreListMatch + SUBSTR caseIgnoreListSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) + +attributetype ( 2.5.4.17 NAME 'postalCode' + DESC 'RFC2256: postal code' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} ) + +attributetype ( 2.5.4.18 NAME 'postOfficeBox' + DESC 'RFC2256: Post Office Box' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} ) + +attributetype ( 2.5.4.19 NAME 'physicalDeliveryOfficeName' + DESC 'RFC2256: Physical Delivery Office Name' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) + +attributetype ( 2.5.4.20 NAME 'telephoneNumber' + DESC 'RFC2256: Telephone Number' + EQUALITY telephoneNumberMatch + SUBSTR telephoneNumberSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} ) + +attributetype ( 2.5.4.21 NAME 'telexNumber' + DESC 'RFC2256: Telex Number' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 ) + +attributetype ( 2.5.4.22 NAME 'teletexTerminalIdentifier' + DESC 'RFC2256: Teletex Terminal Identifier' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 ) + +attributetype ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' ) + DESC 'RFC2256: Facsimile (Fax) Telephone Number' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 ) + +attributetype ( 2.5.4.24 NAME 'x121Address' + DESC 'RFC2256: X.121 Address' + EQUALITY numericStringMatch + SUBSTR numericStringSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} ) + +attributetype ( 2.5.4.25 NAME 'internationaliSDNNumber' + DESC 'RFC2256: international ISDN number' + EQUALITY numericStringMatch + SUBSTR numericStringSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} ) + +attributetype ( 2.5.4.26 NAME 'registeredAddress' + DESC 'RFC2256: registered postal address' + SUP postalAddress + SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) + +attributetype ( 2.5.4.27 NAME 'destinationIndicator' + DESC 'RFC2256: destination indicator' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} ) + +attributetype ( 2.5.4.28 NAME 'preferredDeliveryMethod' + DESC 'RFC2256: preferred delivery method' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.14 + SINGLE-VALUE ) + +attributetype ( 2.5.4.29 NAME 'presentationAddress' + DESC 'RFC2256: presentation address' + EQUALITY presentationAddressMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.43 + SINGLE-VALUE ) + +attributetype ( 2.5.4.30 NAME 'supportedApplicationContext' + DESC 'RFC2256: supported application context' + EQUALITY objectIdentifierMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) + +attributetype ( 2.5.4.31 NAME 'member' + DESC 'RFC2256: member of a group' + SUP distinguishedName ) + +attributetype ( 2.5.4.32 NAME 'owner' + DESC 'RFC2256: owner (of the object)' + SUP distinguishedName ) + +attributetype ( 2.5.4.33 NAME 'roleOccupant' + DESC 'RFC2256: occupant of role' + SUP distinguishedName ) + +# system schema +#attributetype ( 2.5.4.34 NAME 'seeAlso' +# DESC 'RFC2256: DN of related object' +# SUP distinguishedName ) + +# system schema +#attributetype ( 2.5.4.35 NAME 'userPassword' +# DESC 'RFC2256/2307: password of user' +# EQUALITY octetStringMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} ) + +# Must be transferred using ;binary +# with certificateExactMatch rule (per X.509) +attributetype ( 2.5.4.36 NAME 'userCertificate' + DESC 'RFC2256: X.509 user certificate, use ;binary' + EQUALITY certificateExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 ) + +# Must be transferred using ;binary +# with certificateExactMatch rule (per X.509) +attributetype ( 2.5.4.37 NAME 'cACertificate' + DESC 'RFC2256: X.509 CA certificate, use ;binary' + EQUALITY certificateExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 ) + +# Must be transferred using ;binary +attributetype ( 2.5.4.38 NAME 'authorityRevocationList' + DESC 'RFC2256: X.509 authority revocation list, use ;binary' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) + +# Must be transferred using ;binary +attributetype ( 2.5.4.39 NAME 'certificateRevocationList' + DESC 'RFC2256: X.509 certificate revocation list, use ;binary' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) + +# Must be stored and requested in the binary form +attributetype ( 2.5.4.40 NAME 'crossCertificatePair' + DESC 'RFC2256: X.509 cross certificate pair, use ;binary' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 ) + +# system schema +#attributetype ( 2.5.4.41 NAME 'name' +# EQUALITY caseIgnoreMatch +# SUBSTR caseIgnoreSubstringsMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) + +attributetype ( 2.5.4.42 NAME ( 'givenName' 'gn' ) + DESC 'RFC2256: first name(s) for which the entity is known by' + SUP name ) + +attributetype ( 2.5.4.43 NAME 'initials' + DESC 'RFC2256: initials of some or all of names, but not the surname(s).' + SUP name ) + +attributetype ( 2.5.4.44 NAME 'generationQualifier' + DESC 'RFC2256: name qualifier indicating a generation' + SUP name ) + +attributetype ( 2.5.4.45 NAME 'x500UniqueIdentifier' + DESC 'RFC2256: X.500 unique identifier' + EQUALITY bitStringMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 ) + +attributetype ( 2.5.4.46 NAME 'dnQualifier' + DESC 'RFC2256: DN qualifier' + EQUALITY caseIgnoreMatch + ORDERING caseIgnoreOrderingMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 ) + +attributetype ( 2.5.4.47 NAME 'enhancedSearchGuide' + DESC 'RFC2256: enhanced search guide' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 ) + +attributetype ( 2.5.4.48 NAME 'protocolInformation' + DESC 'RFC2256: protocol information' + EQUALITY protocolInformationMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 ) + +# system schema +#attributetype ( 2.5.4.49 NAME 'distinguishedName' +# EQUALITY distinguishedNameMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) + +attributetype ( 2.5.4.50 NAME 'uniqueMember' + DESC 'RFC2256: unique member of a group' + EQUALITY uniqueMemberMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 ) + +attributetype ( 2.5.4.51 NAME 'houseIdentifier' + DESC 'RFC2256: house identifier' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) + +# Must be transferred using ;binary +attributetype ( 2.5.4.52 NAME 'supportedAlgorithms' + DESC 'RFC2256: supported algorithms' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 ) + +# Must be transferred using ;binary +attributetype ( 2.5.4.53 NAME 'deltaRevocationList' + DESC 'RFC2256: delta revocation list; use ;binary' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) + +attributetype ( 2.5.4.54 NAME 'dmdName' + DESC 'RFC2256: name of DMD' + SUP name ) + +attributetype ( 2.5.4.65 NAME 'pseudonym' + DESC 'X.520(4th): pseudonym for the object' + SUP name ) + +# Standard object classes from RFC2256 + +# system schema +#objectclass ( 2.5.6.0 NAME 'top' +# DESC 'RFC2256: top of the superclass chain' +# ABSTRACT +# MUST objectClass ) + +# system schema +#objectclass ( 2.5.6.1 NAME 'alias' +# DESC 'RFC2256: an alias' +# SUP top STRUCTURAL +# MUST aliasedObjectName ) + +objectclass ( 2.5.6.2 NAME 'country' + DESC 'RFC2256: a country' + SUP top STRUCTURAL + MUST c + MAY ( searchGuide $ description ) ) + +objectclass ( 2.5.6.3 NAME 'locality' + DESC 'RFC2256: a locality' + SUP top STRUCTURAL + MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) ) + +objectclass ( 2.5.6.4 NAME 'organization' + DESC 'RFC2256: an organization' + SUP top STRUCTURAL + MUST o + MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ + x121Address $ registeredAddress $ destinationIndicator $ + preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ + telephoneNumber $ internationaliSDNNumber $ + facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ + postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) ) + +objectclass ( 2.5.6.5 NAME 'organizationalUnit' + DESC 'RFC2256: an organizational unit' + SUP top STRUCTURAL + MUST ou + MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ + x121Address $ registeredAddress $ destinationIndicator $ + preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ + telephoneNumber $ internationaliSDNNumber $ + facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ + postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) ) + +objectclass ( 2.5.6.6 NAME 'person' + DESC 'RFC2256: a person' + SUP top STRUCTURAL + MUST ( sn $ cn ) + MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) ) + +objectclass ( 2.5.6.7 NAME 'organizationalPerson' + DESC 'RFC2256: an organizational person' + SUP person STRUCTURAL + MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $ + preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ + telephoneNumber $ internationaliSDNNumber $ + facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ + postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) ) + +objectclass ( 2.5.6.8 NAME 'organizationalRole' + DESC 'RFC2256: an organizational role' + SUP top STRUCTURAL + MUST cn + MAY ( x121Address $ registeredAddress $ destinationIndicator $ + preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ + telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ + seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $ + postOfficeBox $ postalCode $ postalAddress $ + physicalDeliveryOfficeName $ ou $ st $ l $ description ) ) + +objectclass ( 2.5.6.9 NAME 'groupOfNames' + DESC 'RFC2256: a group of names (DNs)' + SUP top STRUCTURAL + MUST ( member $ cn ) + MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) ) + +objectclass ( 2.5.6.10 NAME 'residentialPerson' + DESC 'RFC2256: an residential person' + SUP person STRUCTURAL + MUST l + MAY ( businessCategory $ x121Address $ registeredAddress $ + destinationIndicator $ preferredDeliveryMethod $ telexNumber $ + teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ + facsimileTelephoneNumber $ preferredDeliveryMethod $ street $ + postOfficeBox $ postalCode $ postalAddress $ + physicalDeliveryOfficeName $ st $ l ) ) + +objectclass ( 2.5.6.11 NAME 'applicationProcess' + DESC 'RFC2256: an application process' + SUP top STRUCTURAL + MUST cn + MAY ( seeAlso $ ou $ l $ description ) ) + +objectclass ( 2.5.6.12 NAME 'applicationEntity' + DESC 'RFC2256: an application entity' + SUP top STRUCTURAL + MUST ( presentationAddress $ cn ) + MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $ + description ) ) + +objectclass ( 2.5.6.13 NAME 'dSA' + DESC 'RFC2256: a directory system agent (a server)' + SUP applicationEntity STRUCTURAL + MAY knowledgeInformation ) + +objectclass ( 2.5.6.14 NAME 'device' + DESC 'RFC2256: a device' + SUP top STRUCTURAL + MUST cn + MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) ) + +objectclass ( 2.5.6.15 NAME 'strongAuthenticationUser' + DESC 'RFC2256: a strong authentication user' + SUP top AUXILIARY + MUST userCertificate ) + +objectclass ( 2.5.6.16 NAME 'certificationAuthority' + DESC 'RFC2256: a certificate authority' + SUP top AUXILIARY + MUST ( authorityRevocationList $ certificateRevocationList $ + cACertificate ) MAY crossCertificatePair ) + +objectclass ( 2.5.6.17 NAME 'groupOfUniqueNames' + DESC 'RFC2256: a group of unique names (DN and Unique Identifier)' + SUP top STRUCTURAL + MUST ( uniqueMember $ cn ) + MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) ) + +objectclass ( 2.5.6.18 NAME 'userSecurityInformation' + DESC 'RFC2256: a user security information' + SUP top AUXILIARY + MAY ( supportedAlgorithms ) ) + +objectclass ( 2.5.6.16.2 NAME 'certificationAuthority-V2' + SUP certificationAuthority + AUXILIARY MAY ( deltaRevocationList ) ) + +objectclass ( 2.5.6.19 NAME 'cRLDistributionPoint' + SUP top STRUCTURAL + MUST ( cn ) + MAY ( certificateRevocationList $ authorityRevocationList $ + deltaRevocationList ) ) + +objectclass ( 2.5.6.20 NAME 'dmd' + SUP top STRUCTURAL + MUST ( dmdName ) + MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ + x121Address $ registeredAddress $ destinationIndicator $ + preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ + telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ + street $ postOfficeBox $ postalCode $ postalAddress $ + physicalDeliveryOfficeName $ st $ l $ description ) ) + +# +# Object Classes from RFC 2587 +# +objectclass ( 2.5.6.21 NAME 'pkiUser' + DESC 'RFC2587: a PKI user' + SUP top AUXILIARY + MAY userCertificate ) + +objectclass ( 2.5.6.22 NAME 'pkiCA' + DESC 'RFC2587: PKI certificate authority' + SUP top AUXILIARY + MAY ( authorityRevocationList $ certificateRevocationList $ + cACertificate $ crossCertificatePair ) ) + +objectclass ( 2.5.6.23 NAME 'deltaCRL' + DESC 'RFC2587: PKI user' + SUP top AUXILIARY + MAY deltaRevocationList ) + +# +# Standard Track URI label schema from RFC 2079 +# system schema +#attributetype ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI' +# DESC 'RFC2079: Uniform Resource Identifier with optional label' +# EQUALITY caseExactMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +objectclass ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject' + DESC 'RFC2079: object that contains the URI attribute type' + SUP top AUXILIARY + MAY ( labeledURI ) ) + +# +# Derived from RFC 1274, but with new "short names" +# +#attributetype ( 0.9.2342.19200300.100.1.1 +# NAME ( 'uid' 'userid' ) +# DESC 'RFC1274: user identifier' +# EQUALITY caseIgnoreMatch +# SUBSTR caseIgnoreSubstringsMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +attributetype ( 0.9.2342.19200300.100.1.3 + NAME ( 'mail' 'rfc822Mailbox' ) + DESC 'RFC1274: RFC822 Mailbox' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) + +objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject' + DESC 'RFC1274: simple security object' + SUP top AUXILIARY + MUST userPassword ) + +# RFC 1274 + RFC 2247 +attributetype ( 0.9.2342.19200300.100.1.25 + NAME ( 'dc' 'domainComponent' ) + DESC 'RFC1274/2247: domain component' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +# RFC 2247 +objectclass ( 1.3.6.1.4.1.1466.344 NAME 'dcObject' + DESC 'RFC2247: domain component object' + SUP top AUXILIARY MUST dc ) + +# RFC 2377 +objectclass ( 1.3.6.1.1.3.1 NAME 'uidObject' + DESC 'RFC2377: uid object' + SUP top AUXILIARY MUST uid ) + +# RFC 4524 +# The 'associatedDomain' attribute specifies DNS [RFC1034][RFC2181] +# host names [RFC1123] that are associated with an object. That is, +# values of this attribute should conform to the following ABNF: +# +# domain = root / label *( DOT label ) +# root = SPACE +# label = LETDIG [ *61( LETDIG / HYPHEN ) LETDIG ] +# LETDIG = %x30-39 / %x41-5A / %x61-7A ; "0" - "9" / "A"-"Z" / "a"-"z" +# SPACE = %x20 ; space (" ") +# HYPHEN = %x2D ; hyphen ("-") +# DOT = %x2E ; period (".") +attributetype ( 0.9.2342.19200300.100.1.37 + NAME 'associatedDomain' + DESC 'RFC1274: domain associated with object' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +# RFC 2459 -- deprecated in favor of 'mail' (in cosine.schema) +attributetype ( 1.2.840.113549.1.9.1 + NAME ( 'email' 'emailAddress' 'pkcs9email' ) + DESC 'RFC3280: legacy attribute for email addresses in DNs' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) + diff --git a/config-archive/etc/openldap/schema/cosine.ldif b/config-archive/etc/openldap/schema/cosine.ldif new file mode 100644 index 00000000..e7e53868 --- /dev/null +++ b/config-archive/etc/openldap/schema/cosine.ldif @@ -0,0 +1,200 @@ +# RFC1274: Cosine and Internet X.500 schema +# $OpenLDAP: pkg/ldap/servers/slapd/schema/cosine.ldif,v 1.1.2.6 2011/01/04 23:50:51 kurt Exp $ +## This work is part of OpenLDAP Software . +## +## Copyright 1998-2011 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## . +# +# RFC1274: Cosine and Internet X.500 schema +# +# This file contains LDAPv3 schema derived from X.500 COSINE "pilot" +# schema. As this schema was defined for X.500(89), some +# oddities were introduced in the mapping to LDAPv3. The +# mappings were based upon: draft-ietf-asid-ldapv3-attributes-03.txt +# (a work in progress) +# +# Note: It seems that the pilot schema evolved beyond what was +# described in RFC1274. However, this document attempts to describes +# RFC1274 as published. +# +# Depends on core.ldif +# +# This file was automatically generated from cosine.schema; see that +# file for complete background. +# +dn: cn=cosine,cn=schema,cn=config +objectClass: olcSchemaConfig +cn: cosine +olcAttributeTypes: ( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress' + EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.15{256} ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.4 NAME 'info' DESC 'RFC1274: g + eneral information' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.5 NAME ( 'drink' 'favouriteDri + nk' ) DESC 'RFC1274: favorite drink' EQUALITY caseIgnoreMatch SUBSTR caseIgno + reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' DESC 'RFC1 + 274: room number' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch S + YNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.7 NAME 'photo' DESC 'RFC1274: + photo (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000} ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.8 NAME 'userClass' DESC 'RFC12 + 74: category of user' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMat + ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.9 NAME 'host' DESC 'RFC1274: h + ost computer' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTA + X 1.3.6.1.4.1.1466.115.121.1.15{256} ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.10 NAME 'manager' DESC 'RFC127 + 4: DN of manager' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.12 ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier' D + ESC 'RFC1274: unique identifier of document' EQUALITY caseIgnoreMatch SUBSTR + caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle' DESC ' + RFC1274: title of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstri + ngsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion' DES + C 'RFC1274: version of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSu + bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor' DESC + 'RFC1274: DN of author of document' EQUALITY distinguishedNameMatch SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.12 ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation' DE + SC 'RFC1274: location of document original' EQUALITY caseIgnoreMatch SUBSTR c + aseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.20 NAME ( 'homePhone' 'homeTe + lephoneNumber' ) DESC 'RFC1274: home telephone number' EQUALITY telephoneNumb + erMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.50 ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.21 NAME 'secretary' DESC 'RFC + 1274: DN of secretary' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.12 ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox' SYNTAX + 1.3.6.1.4.1.1466.115.121.1.39 ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.26 NAME 'aRecord' EQUALITY ca + seIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.27 NAME 'mDRecord' EQUALITY c + aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.28 NAME 'mXRecord' EQUALITY c + aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.29 NAME 'nSRecord' EQUALITY c + aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.30 NAME 'sOARecord' EQUALITY + caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord' EQUALIT + Y caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.38 NAME 'associatedName' DESC + 'RFC1274: DN of entry associated with domain' EQUALITY distinguishedNameMatc + h SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress' D + ESC 'RFC1274: home postal address' EQUALITY caseIgnoreListMatch SUBSTR caseIg + noreListSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.40 NAME 'personalTitle' DESC + 'RFC1274: personal title' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring + sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.41 NAME ( 'mobile' 'mobileTel + ephoneNumber' ) DESC 'RFC1274: mobile telephone number' EQUALITY telephoneNum + berMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.50 ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.42 NAME ( 'pager' 'pagerTelep + honeNumber' ) DESC 'RFC1274: pager telephone number' EQUALITY telephoneNumber + Match SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .50 ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.43 NAME ( 'co' 'friendlyCount + ryName' ) DESC 'RFC1274: friendly country name' EQUALITY caseIgnoreMatch SUBS + TR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier' DE + SC 'RFC1274: unique identifer' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.15{256} ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus + ' DESC 'RFC1274: organizational status' EQUALITY caseIgnoreMatch SUBSTR caseI + gnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox' DESC ' + RFC1274: Janet mailbox' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Subst + ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.47 NAME 'mailPreferenceOption + ' DESC 'RFC1274: mail preference option' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.48 NAME 'buildingName' DESC ' + RFC1274: name of building' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrin + gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.49 NAME 'dSAQuality' DESC 'RF + C1274: DSA Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.19 SINGLE-VALUE ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.50 NAME 'singleLevelQuality' + DESC 'RFC1274: Single Level Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SIN + GLE-VALUE ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.51 NAME 'subtreeMinimumQualit + y' DESC 'RFC1274: Subtree Mininum Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 13 SINGLE-VALUE ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.52 NAME 'subtreeMaximumQualit + y' DESC 'RFC1274: Subtree Maximun Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 13 SINGLE-VALUE ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.53 NAME 'personalSignature' D + ESC 'RFC1274: Personal Signature (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 23 ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect' DESC 'R + FC1274: DIT Redirect' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.12 ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.55 NAME 'audio' DESC 'RFC1274 + : audio (u-law)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.4{25000} ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher' D + ESC 'RFC1274: publisher of document' EQUALITY caseIgnoreMatch SUBSTR caseIgno + reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +olcObjectClasses: ( 0.9.2342.19200300.100.4.4 NAME ( 'pilotPerson' 'newPilo + tPerson' ) SUP person STRUCTURAL MAY ( userid $ textEncodedORAddress $ rfc822 + Mailbox $ favouriteDrink $ roomNumber $ userClass $ homeTelephoneNumber $ hom + ePostalAddress $ secretary $ personalTitle $ preferredDeliveryMethod $ busine + ssCategory $ janetMailbox $ otherMailbox $ mobileTelephoneNumber $ pagerTelep + honeNumber $ organizationalStatus $ mailPreferenceOption $ personalSignature + ) ) +olcObjectClasses: ( 0.9.2342.19200300.100.4.5 NAME 'account' SUP top STRUCT + URAL MUST userid MAY ( description $ seeAlso $ localityName $ organizationNam + e $ organizationalUnitName $ host ) ) +olcObjectClasses: ( 0.9.2342.19200300.100.4.6 NAME 'document' SUP top STRUC + TURAL MUST documentIdentifier MAY ( commonName $ description $ seeAlso $ loca + lityName $ organizationName $ organizationalUnitName $ documentTitle $ docume + ntVersion $ documentAuthor $ documentLocation $ documentPublisher ) ) +olcObjectClasses: ( 0.9.2342.19200300.100.4.7 NAME 'room' SUP top STRUCTURA + L MUST commonName MAY ( roomNumber $ description $ seeAlso $ telephoneNumber + ) ) +olcObjectClasses: ( 0.9.2342.19200300.100.4.9 NAME 'documentSeries' SUP top + STRUCTURAL MUST commonName MAY ( description $ seeAlso $ telephonenumber $ l + ocalityName $ organizationName $ organizationalUnitName ) ) +olcObjectClasses: ( 0.9.2342.19200300.100.4.13 NAME 'domain' SUP top STRUCT + URAL MUST domainComponent MAY ( associatedName $ organizationName $ descripti + on $ businessCategory $ seeAlso $ searchGuide $ userPassword $ localityName $ + stateOrProvinceName $ streetAddress $ physicalDeliveryOfficeName $ postalAdd + ress $ postalCode $ postOfficeBox $ streetAddress $ facsimileTelephoneNumber + $ internationalISDNNumber $ telephoneNumber $ teletexTerminalIdentifier $ tel + exNumber $ preferredDeliveryMethod $ destinationIndicator $ registeredAddress + $ x121Address ) ) +olcObjectClasses: ( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart' SUP d + omain STRUCTURAL MAY ( commonName $ surname $ description $ seeAlso $ telepho + neNumber $ physicalDeliveryOfficeName $ postalAddress $ postalCode $ postOffi + ceBox $ streetAddress $ facsimileTelephoneNumber $ internationalISDNNumber $ + telephoneNumber $ teletexTerminalIdentifier $ telexNumber $ preferredDelivery + Method $ destinationIndicator $ registeredAddress $ x121Address ) ) +olcObjectClasses: ( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain' SUP domain + STRUCTURAL MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $ SOARecord $ CNAME + Record ) ) +olcObjectClasses: ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject' D + ESC 'RFC1274: an object related to an domain' SUP top AUXILIARY MUST associat + edDomain ) +olcObjectClasses: ( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry' SUP c + ountry STRUCTURAL MUST friendlyCountryName ) +olcObjectClasses: ( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization' SU + P ( organization $ organizationalUnit ) STRUCTURAL MAY buildingName ) +olcObjectClasses: ( 0.9.2342.19200300.100.4.21 NAME 'pilotDSA' SUP dsa STR + UCTURAL MAY dSAQuality ) +olcObjectClasses: ( 0.9.2342.19200300.100.4.22 NAME 'qualityLabelledData' + SUP top AUXILIARY MUST dsaQuality MAY ( subtreeMinimumQuality $ subtreeMaximu + mQuality ) ) diff --git a/config-archive/etc/openldap/schema/cosine.ldif.dist b/config-archive/etc/openldap/schema/cosine.ldif.dist new file mode 100644 index 00000000..da3e4901 --- /dev/null +++ b/config-archive/etc/openldap/schema/cosine.ldif.dist @@ -0,0 +1,200 @@ +# RFC1274: Cosine and Internet X.500 schema +# $OpenLDAP$ +## This work is part of OpenLDAP Software . +## +## Copyright 1998-2011 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## . +# +# RFC1274: Cosine and Internet X.500 schema +# +# This file contains LDAPv3 schema derived from X.500 COSINE "pilot" +# schema. As this schema was defined for X.500(89), some +# oddities were introduced in the mapping to LDAPv3. The +# mappings were based upon: draft-ietf-asid-ldapv3-attributes-03.txt +# (a work in progress) +# +# Note: It seems that the pilot schema evolved beyond what was +# described in RFC1274. However, this document attempts to describes +# RFC1274 as published. +# +# Depends on core.ldif +# +# This file was automatically generated from cosine.schema; see that +# file for complete background. +# +dn: cn=cosine,cn=schema,cn=config +objectClass: olcSchemaConfig +cn: cosine +olcAttributeTypes: ( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress' + EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.15{256} ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.4 NAME 'info' DESC 'RFC1274: g + eneral information' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.5 NAME ( 'drink' 'favouriteDri + nk' ) DESC 'RFC1274: favorite drink' EQUALITY caseIgnoreMatch SUBSTR caseIgno + reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' DESC 'RFC1 + 274: room number' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch S + YNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.7 NAME 'photo' DESC 'RFC1274: + photo (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000} ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.8 NAME 'userClass' DESC 'RFC12 + 74: category of user' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMat + ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.9 NAME 'host' DESC 'RFC1274: h + ost computer' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTA + X 1.3.6.1.4.1.1466.115.121.1.15{256} ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.10 NAME 'manager' DESC 'RFC127 + 4: DN of manager' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.12 ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier' D + ESC 'RFC1274: unique identifier of document' EQUALITY caseIgnoreMatch SUBSTR + caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle' DESC ' + RFC1274: title of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstri + ngsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion' DES + C 'RFC1274: version of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSu + bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor' DESC + 'RFC1274: DN of author of document' EQUALITY distinguishedNameMatch SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.12 ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation' DE + SC 'RFC1274: location of document original' EQUALITY caseIgnoreMatch SUBSTR c + aseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.20 NAME ( 'homePhone' 'homeTe + lephoneNumber' ) DESC 'RFC1274: home telephone number' EQUALITY telephoneNumb + erMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.50 ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.21 NAME 'secretary' DESC 'RFC + 1274: DN of secretary' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.12 ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox' SYNTAX + 1.3.6.1.4.1.1466.115.121.1.39 ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.26 NAME 'aRecord' EQUALITY ca + seIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.27 NAME 'mDRecord' EQUALITY c + aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.28 NAME 'mXRecord' EQUALITY c + aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.29 NAME 'nSRecord' EQUALITY c + aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.30 NAME 'sOARecord' EQUALITY + caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord' EQUALIT + Y caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.38 NAME 'associatedName' DESC + 'RFC1274: DN of entry associated with domain' EQUALITY distinguishedNameMatc + h SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress' D + ESC 'RFC1274: home postal address' EQUALITY caseIgnoreListMatch SUBSTR caseIg + noreListSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.40 NAME 'personalTitle' DESC + 'RFC1274: personal title' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring + sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.41 NAME ( 'mobile' 'mobileTel + ephoneNumber' ) DESC 'RFC1274: mobile telephone number' EQUALITY telephoneNum + berMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.50 ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.42 NAME ( 'pager' 'pagerTelep + honeNumber' ) DESC 'RFC1274: pager telephone number' EQUALITY telephoneNumber + Match SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .50 ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.43 NAME ( 'co' 'friendlyCount + ryName' ) DESC 'RFC1274: friendly country name' EQUALITY caseIgnoreMatch SUBS + TR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier' DE + SC 'RFC1274: unique identifer' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.15{256} ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus + ' DESC 'RFC1274: organizational status' EQUALITY caseIgnoreMatch SUBSTR caseI + gnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox' DESC ' + RFC1274: Janet mailbox' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Subst + ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.47 NAME 'mailPreferenceOption + ' DESC 'RFC1274: mail preference option' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.48 NAME 'buildingName' DESC ' + RFC1274: name of building' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrin + gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.49 NAME 'dSAQuality' DESC 'RF + C1274: DSA Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.19 SINGLE-VALUE ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.50 NAME 'singleLevelQuality' + DESC 'RFC1274: Single Level Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SIN + GLE-VALUE ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.51 NAME 'subtreeMinimumQualit + y' DESC 'RFC1274: Subtree Mininum Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 13 SINGLE-VALUE ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.52 NAME 'subtreeMaximumQualit + y' DESC 'RFC1274: Subtree Maximun Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 13 SINGLE-VALUE ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.53 NAME 'personalSignature' D + ESC 'RFC1274: Personal Signature (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 23 ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect' DESC 'R + FC1274: DIT Redirect' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.12 ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.55 NAME 'audio' DESC 'RFC1274 + : audio (u-law)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.4{25000} ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher' D + ESC 'RFC1274: publisher of document' EQUALITY caseIgnoreMatch SUBSTR caseIgno + reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +olcObjectClasses: ( 0.9.2342.19200300.100.4.4 NAME ( 'pilotPerson' 'newPilo + tPerson' ) SUP person STRUCTURAL MAY ( userid $ textEncodedORAddress $ rfc822 + Mailbox $ favouriteDrink $ roomNumber $ userClass $ homeTelephoneNumber $ hom + ePostalAddress $ secretary $ personalTitle $ preferredDeliveryMethod $ busine + ssCategory $ janetMailbox $ otherMailbox $ mobileTelephoneNumber $ pagerTelep + honeNumber $ organizationalStatus $ mailPreferenceOption $ personalSignature + ) ) +olcObjectClasses: ( 0.9.2342.19200300.100.4.5 NAME 'account' SUP top STRUCT + URAL MUST userid MAY ( description $ seeAlso $ localityName $ organizationNam + e $ organizationalUnitName $ host ) ) +olcObjectClasses: ( 0.9.2342.19200300.100.4.6 NAME 'document' SUP top STRUC + TURAL MUST documentIdentifier MAY ( commonName $ description $ seeAlso $ loca + lityName $ organizationName $ organizationalUnitName $ documentTitle $ docume + ntVersion $ documentAuthor $ documentLocation $ documentPublisher ) ) +olcObjectClasses: ( 0.9.2342.19200300.100.4.7 NAME 'room' SUP top STRUCTURA + L MUST commonName MAY ( roomNumber $ description $ seeAlso $ telephoneNumber + ) ) +olcObjectClasses: ( 0.9.2342.19200300.100.4.9 NAME 'documentSeries' SUP top + STRUCTURAL MUST commonName MAY ( description $ seeAlso $ telephonenumber $ l + ocalityName $ organizationName $ organizationalUnitName ) ) +olcObjectClasses: ( 0.9.2342.19200300.100.4.13 NAME 'domain' SUP top STRUCT + URAL MUST domainComponent MAY ( associatedName $ organizationName $ descripti + on $ businessCategory $ seeAlso $ searchGuide $ userPassword $ localityName $ + stateOrProvinceName $ streetAddress $ physicalDeliveryOfficeName $ postalAdd + ress $ postalCode $ postOfficeBox $ streetAddress $ facsimileTelephoneNumber + $ internationalISDNNumber $ telephoneNumber $ teletexTerminalIdentifier $ tel + exNumber $ preferredDeliveryMethod $ destinationIndicator $ registeredAddress + $ x121Address ) ) +olcObjectClasses: ( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart' SUP d + omain STRUCTURAL MAY ( commonName $ surname $ description $ seeAlso $ telepho + neNumber $ physicalDeliveryOfficeName $ postalAddress $ postalCode $ postOffi + ceBox $ streetAddress $ facsimileTelephoneNumber $ internationalISDNNumber $ + telephoneNumber $ teletexTerminalIdentifier $ telexNumber $ preferredDelivery + Method $ destinationIndicator $ registeredAddress $ x121Address ) ) +olcObjectClasses: ( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain' SUP domain + STRUCTURAL MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $ SOARecord $ CNAME + Record ) ) +olcObjectClasses: ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject' D + ESC 'RFC1274: an object related to an domain' SUP top AUXILIARY MUST associat + edDomain ) +olcObjectClasses: ( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry' SUP c + ountry STRUCTURAL MUST friendlyCountryName ) +olcObjectClasses: ( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization' SU + P ( organization $ organizationalUnit ) STRUCTURAL MAY buildingName ) +olcObjectClasses: ( 0.9.2342.19200300.100.4.21 NAME 'pilotDSA' SUP dsa STR + UCTURAL MAY dSAQuality ) +olcObjectClasses: ( 0.9.2342.19200300.100.4.22 NAME 'qualityLabelledData' + SUP top AUXILIARY MUST dsaQuality MAY ( subtreeMinimumQuality $ subtreeMaximu + mQuality ) ) diff --git a/config-archive/etc/openldap/schema/cosine.schema b/config-archive/etc/openldap/schema/cosine.schema new file mode 100644 index 00000000..a300cc88 --- /dev/null +++ b/config-archive/etc/openldap/schema/cosine.schema @@ -0,0 +1,2571 @@ +# RFC1274: Cosine and Internet X.500 schema +# $OpenLDAP: pkg/ldap/servers/slapd/schema/cosine.schema,v 1.23.2.6 2011/01/04 23:50:51 kurt Exp $ +## This work is part of OpenLDAP Software . +## +## Copyright 1998-2011 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## . +# +# RFC1274: Cosine and Internet X.500 schema +# +# This file contains LDAPv3 schema derived from X.500 COSINE "pilot" +# schema. As this schema was defined for X.500(89), some +# oddities were introduced in the mapping to LDAPv3. The +# mappings were based upon: draft-ietf-asid-ldapv3-attributes-03.txt +# (a work in progress) +# +# Note: It seems that the pilot schema evolved beyond what was +# described in RFC1274. However, this document attempts to describes +# RFC1274 as published. +# +# Depends on core.schema + + +# Network Working Group P. Barker +# Request for Comments: 1274 S. Kille +# University College London +# November 1991 +# +# The COSINE and Internet X.500 Schema +# +# [trimmed] +# +# Abstract +# +# This document suggests an X.500 Directory Schema, or Naming +# Architecture, for use in the COSINE and Internet X.500 pilots. The +# schema is independent of any specific implementation. As well as +# indicating support for the standard object classes and attributes, a +# large number of generally useful object classes and attributes are +# also defined. An appendix to this document includes a machine +# processable version of the schema. +# +# [trimmed] + +# 7. Object Identifiers +# +# Some additional object identifiers are defined for this schema. +# These are also reproduced in Appendix C. +# +# data OBJECT IDENTIFIER ::= {ccitt 9} +# pss OBJECT IDENTIFIER ::= {data 2342} +# ucl OBJECT IDENTIFIER ::= {pss 19200300} +# pilot OBJECT IDENTIFIER ::= {ucl 100} +# +# pilotAttributeType OBJECT IDENTIFIER ::= {pilot 1} +# pilotAttributeSyntax OBJECT IDENTIFIER ::= {pilot 3} +# pilotObjectClass OBJECT IDENTIFIER ::= {pilot 4} +# pilotGroups OBJECT IDENTIFIER ::= {pilot 10} +# +# iA5StringSyntax OBJECT IDENTIFIER ::= {pilotAttributeSyntax 4} +# caseIgnoreIA5StringSyntax OBJECT IDENTIFIER ::= +# {pilotAttributeSyntax 5} +# +# 8. Object Classes +# [relocated after 9] + +# +# 9. Attribute Types +# +# 9.1. X.500 standard attribute types +# +# A number of generally useful attribute types are defined in X.520, +# and these are supported. Refer to that document for descriptions of +# the suggested usage of these attribute types. The ASN.1 for these +# attribute types is reproduced for completeness in Appendix C. +# +# 9.2. X.400 standard attribute types +# +# The standard X.400 attribute types are supported. See X.402 for full +# details. The ASN.1 for these attribute types is reproduced in +# Appendix C. +# +# 9.3. COSINE/Internet attribute types +# +# This section describes all the attribute types defined for use in the +# COSINE and Internet pilots. Descriptions are given as to the +# suggested usage of these attribute types. The ASN.1 for these +# attribute types is reproduced in Appendix C. +# +# 9.3.1. Userid +# +# The Userid attribute type specifies a computer system login name. +# +# userid ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-user-identifier)) +# ::= {pilotAttributeType 1} +# +#(in core.schema) +##attributetype ( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' ) +## EQUALITY caseIgnoreMatch +## SUBSTR caseIgnoreSubstringsMatch +## SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +# 9.3.2. Text Encoded O/R Address +# +# The Text Encoded O/R Address attribute type specifies a text encoding +# of an X.400 O/R address, as specified in RFC 987. The use of this +# attribute is deprecated as the attribute is intended for interim use +# only. This attribute will be the first candidate for the attribute +# expiry mechanisms! +# +# textEncodedORAddress ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-text-encoded-or-address)) +# ::= {pilotAttributeType 2} +# +attributetype ( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +# 9.3.3. RFC 822 Mailbox +# +# The RFC822 Mailbox attribute type specifies an electronic mailbox +# attribute following the syntax specified in RFC 822. Note that this +# attribute should not be used for greybook or other non-Internet order +# mailboxes. +# +# rfc822Mailbox ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreIA5StringSyntax +# (SIZE (1 .. ub-rfc822-mailbox)) +# ::= {pilotAttributeType 3} +# +#(in core.schema) +##attributetype ( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822Mailbox' ) +## EQUALITY caseIgnoreIA5Match +## SUBSTR caseIgnoreIA5SubstringsMatch +## SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) + +# 9.3.4. Information +# +# The Information attribute type specifies any general information +# pertinent to an object. It is recommended that specific usage of +# this attribute type is avoided, and that specific requirements are +# met by other (possibly additional) attribute types. +# +# info ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-information)) +# ::= {pilotAttributeType 4} +# +attributetype ( 0.9.2342.19200300.100.1.4 NAME 'info' + DESC 'RFC1274: general information' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} ) + + +# 9.3.5. Favourite Drink +# +# The Favourite Drink attribute type specifies the favourite drink of +# an object (or person). +# +# favouriteDrink ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-favourite-drink)) +# ::= {pilotAttributeType 5} +# +attributetype ( 0.9.2342.19200300.100.1.5 + NAME ( 'drink' 'favouriteDrink' ) + DESC 'RFC1274: favorite drink' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +# 9.3.6. Room Number +# +# The Room Number attribute type specifies the room number of an +# object. Note that the commonName attribute should be used for naming +# room objects. +# +# roomNumber ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-room-number)) +# ::= {pilotAttributeType 6} +# +attributetype ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' + DESC 'RFC1274: room number' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +# 9.3.7. Photo +# +# The Photo attribute type specifies a "photograph" for an object. +# This should be encoded in G3 fax as explained in recommendation T.4, +# with an ASN.1 wrapper to make it compatible with an X.400 BodyPart as +# defined in X.420. +# +# IMPORT G3FacsimileBodyPart FROM { mhs-motis ipms modules +# information-objects } +# +# photo ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# CHOICE { +# g3-facsimile [3] G3FacsimileBodyPart +# } +# (SIZE (1 .. ub-photo)) +# ::= {pilotAttributeType 7} +# +attributetype ( 0.9.2342.19200300.100.1.7 NAME 'photo' + DESC 'RFC1274: photo (G3 fax)' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000} ) + +# 9.3.8. User Class +# +# The User Class attribute type specifies a category of computer user. +# The semantics placed on this attribute are for local interpretation. +# Examples of current usage od this attribute in academia are +# undergraduate student, researcher, lecturer, etc. Note that the +# organizationalStatus attribute may now often be preferred as it makes +# no distinction between computer users and others. +# +# userClass ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-user-class)) +# ::= {pilotAttributeType 8} +# +attributetype ( 0.9.2342.19200300.100.1.8 NAME 'userClass' + DESC 'RFC1274: category of user' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +# 9.3.9. Host +# +# The Host attribute type specifies a host computer. +# +# host ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-host)) +# ::= {pilotAttributeType 9} +# +attributetype ( 0.9.2342.19200300.100.1.9 NAME 'host' + DESC 'RFC1274: host computer' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +# 9.3.10. Manager +# +# The Manager attribute type specifies the manager of an object +# represented by an entry. +# +# manager ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# distinguishedNameSyntax +# ::= {pilotAttributeType 10} +# +attributetype ( 0.9.2342.19200300.100.1.10 NAME 'manager' + DESC 'RFC1274: DN of manager' + EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) + +# 9.3.11. Document Identifier +# +# The Document Identifier attribute type specifies a unique identifier +# for a document. +# +# documentIdentifier ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-document-identifier)) +# ::= {pilotAttributeType 11} +# +attributetype ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier' + DESC 'RFC1274: unique identifier of document' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +# 9.3.12. Document Title +# +# The Document Title attribute type specifies the title of a document. +# +# documentTitle ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-document-title)) +# ::= {pilotAttributeType 12} +# +attributetype ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle' + DESC 'RFC1274: title of document' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +# 9.3.13. Document Version +# +# The Document Version attribute type specifies the version number of a +# document. +# +# documentVersion ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-document-version)) +# ::= {pilotAttributeType 13} +# +attributetype ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion' + DESC 'RFC1274: version of document' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +# 9.3.14. Document Author +# +# The Document Author attribute type specifies the distinguished name +# of the author of a document. +# +# documentAuthor ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# distinguishedNameSyntax +# ::= {pilotAttributeType 14} +# +attributetype ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor' + DESC 'RFC1274: DN of author of document' + EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) + +# 9.3.15. Document Location +# +# The Document Location attribute type specifies the location of the +# document original. +# +# documentLocation ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-document-location)) +# ::= {pilotAttributeType 15} +# +attributetype ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation' + DESC 'RFC1274: location of document original' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +# 9.3.16. Home Telephone Number +# +# The Home Telephone Number attribute type specifies a home telephone +# number associated with a person. Attribute values should follow the +# agreed format for international telephone numbers: i.e., "+44 71 123 +# 4567". +# +# homeTelephoneNumber ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# telephoneNumberSyntax +# ::= {pilotAttributeType 20} +# +attributetype ( 0.9.2342.19200300.100.1.20 + NAME ( 'homePhone' 'homeTelephoneNumber' ) + DESC 'RFC1274: home telephone number' + EQUALITY telephoneNumberMatch + SUBSTR telephoneNumberSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ) + +# 9.3.17. Secretary +# +# The Secretary attribute type specifies the secretary of a person. +# The attribute value for Secretary is a distinguished name. +# +# secretary ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# distinguishedNameSyntax +# ::= {pilotAttributeType 21} +# +attributetype ( 0.9.2342.19200300.100.1.21 NAME 'secretary' + DESC 'RFC1274: DN of secretary' + EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) + +# 9.3.18. Other Mailbox +# +# The Other Mailbox attribute type specifies values for electronic +# mailbox types other than X.400 and rfc822. +# +# otherMailbox ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# SEQUENCE { +# mailboxType PrintableString, -- e.g. Telemail +# mailbox IA5String -- e.g. X378:Joe +# } +# ::= {pilotAttributeType 22} +# +attributetype ( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.39 ) + +# 9.3.19. Last Modified Time +# +# The Last Modified Time attribute type specifies the last time, in UTC +# time, that an entry was modified. Ideally, this attribute should be +# maintained by the DSA. +# +# lastModifiedTime ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# uTCTimeSyntax +# ::= {pilotAttributeType 23} +# +## Deprecated in favor of modifyTimeStamp +#attributetype ( 0.9.2342.19200300.100.1.23 NAME 'lastModifiedTime' +# DESC 'RFC1274: time of last modify, replaced by modifyTimestamp' +# OBSOLETE +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.53 +# USAGE directoryOperation ) + +# 9.3.20. Last Modified By +# +# The Last Modified By attribute specifies the distinguished name of +# the last user to modify the associated entry. Ideally, this +# attribute should be maintained by the DSA. +# +# lastModifiedBy ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# distinguishedNameSyntax +# ::= {pilotAttributeType 24} +# +## Deprecated in favor of modifiersName +#attributetype ( 0.9.2342.19200300.100.1.24 NAME 'lastModifiedBy' +# DESC 'RFC1274: last modifier, replaced by modifiersName' +# OBSOLETE +# EQUALITY distinguishedNameMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 +# USAGE directoryOperation ) + +# 9.3.21. Domain Component +# +# The Domain Component attribute type specifies a DNS/NRS domain. For +# example, "uk" or "ac". +# +# domainComponent ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreIA5StringSyntax +# SINGLE VALUE +# ::= {pilotAttributeType 25} +# +##(in core.schema) +##attributetype ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domainComponent' ) +## EQUALITY caseIgnoreIA5Match +## SUBSTR caseIgnoreIA5SubstringsMatch +## SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +# 9.3.22. DNS ARecord +# +# The A Record attribute type specifies a type A (Address) DNS resource +# record [6] [7]. +# +# aRecord ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# DNSRecordSyntax +# ::= {pilotAttributeType 26} +# +## incorrect syntax? +attributetype ( 0.9.2342.19200300.100.1.26 NAME 'aRecord' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +## missing from RFC1274 +## incorrect syntax? +attributetype ( 0.9.2342.19200300.100.1.27 NAME 'mDRecord' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +# 9.3.23. MX Record +# +# The MX Record attribute type specifies a type MX (Mail Exchange) DNS +# resource record [6] [7]. +# +# mXRecord ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# DNSRecordSyntax +# ::= {pilotAttributeType 28} +# +## incorrect syntax!! +attributetype ( 0.9.2342.19200300.100.1.28 NAME 'mXRecord' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +# 9.3.24. NS Record +# +# The NS Record attribute type specifies an NS (Name Server) DNS +# resource record [6] [7]. +# +# nSRecord ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# DNSRecordSyntax +# ::= {pilotAttributeType 29} +# +## incorrect syntax!! +attributetype ( 0.9.2342.19200300.100.1.29 NAME 'nSRecord' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +# 9.3.25. SOA Record +# +# The SOA Record attribute type specifies a type SOA (Start of +# Authority) DNS resorce record [6] [7]. +# +# sOARecord ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# DNSRecordSyntax +# ::= {pilotAttributeType 30} +# +## incorrect syntax!! +attributetype ( 0.9.2342.19200300.100.1.30 NAME 'sOARecord' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +# 9.3.26. CNAME Record +# +# The CNAME Record attribute type specifies a type CNAME (Canonical +# Name) DNS resource record [6] [7]. +# +# cNAMERecord ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# iA5StringSyntax +# ::= {pilotAttributeType 31} +# +## incorrect syntax!! +attributetype ( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +# 9.3.27. Associated Domain +# +# The Associated Domain attribute type specifies a DNS or NRS domain +# which is associated with an object in the DIT. For example, the entry +# in the DIT with a distinguished name "C=GB, O=University College +# London" would have an associated domain of "UCL.AC.UK. Note that all +# domains should be represented in rfc822 order. See [3] for more +# details of usage of this attribute. +# +# associatedDomain ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreIA5StringSyntax +# ::= {pilotAttributeType 37} +# +#attributetype ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain' +# EQUALITY caseIgnoreIA5Match +# SUBSTR caseIgnoreIA5SubstringsMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +# 9.3.28. Associated Name +# +# The Associated Name attribute type specifies an entry in the +# organisational DIT associated with a DNS/NRS domain. See [3] for +# more details of usage of this attribute. +# +# associatedName ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# distinguishedNameSyntax +# ::= {pilotAttributeType 38} +# +attributetype ( 0.9.2342.19200300.100.1.38 NAME 'associatedName' + DESC 'RFC1274: DN of entry associated with domain' + EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) + +# 9.3.29. Home postal address +# +# The Home postal address attribute type specifies a home postal +# address for an object. This should be limited to up to 6 lines of 30 +# characters each. +# +# homePostalAddress ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# postalAddress +# MATCHES FOR EQUALITY +# ::= {pilotAttributeType 39} +# +attributetype ( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress' + DESC 'RFC1274: home postal address' + EQUALITY caseIgnoreListMatch + SUBSTR caseIgnoreListSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) + +# 9.3.30. Personal Title +# +# The Personal Title attribute type specifies a personal title for a +# person. Examples of personal titles are "Ms", "Dr", "Prof" and "Rev". +# +# personalTitle ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-personal-title)) +# ::= {pilotAttributeType 40} +# +attributetype ( 0.9.2342.19200300.100.1.40 NAME 'personalTitle' + DESC 'RFC1274: personal title' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +# 9.3.31. Mobile Telephone Number +# +# The Mobile Telephone Number attribute type specifies a mobile +# telephone number associated with a person. Attribute values should +# follow the agreed format for international telephone numbers: i.e., +# "+44 71 123 4567". +# +# mobileTelephoneNumber ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# telephoneNumberSyntax +# ::= {pilotAttributeType 41} +# +attributetype ( 0.9.2342.19200300.100.1.41 + NAME ( 'mobile' 'mobileTelephoneNumber' ) + DESC 'RFC1274: mobile telephone number' + EQUALITY telephoneNumberMatch + SUBSTR telephoneNumberSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ) + +# 9.3.32. Pager Telephone Number +# +# The Pager Telephone Number attribute type specifies a pager telephone +# number for an object. Attribute values should follow the agreed +# format for international telephone numbers: i.e., "+44 71 123 4567". +# +# pagerTelephoneNumber ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# telephoneNumberSyntax +# ::= {pilotAttributeType 42} +# +attributetype ( 0.9.2342.19200300.100.1.42 + NAME ( 'pager' 'pagerTelephoneNumber' ) + DESC 'RFC1274: pager telephone number' + EQUALITY telephoneNumberMatch + SUBSTR telephoneNumberSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ) + +# 9.3.33. Friendly Country Name +# +# The Friendly Country Name attribute type specifies names of countries +# in human readable format. The standard attribute country name must +# be one of the two-letter codes defined in ISO 3166. +# +# friendlyCountryName ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# ::= {pilotAttributeType 43} +# +attributetype ( 0.9.2342.19200300.100.1.43 + NAME ( 'co' 'friendlyCountryName' ) + DESC 'RFC1274: friendly country name' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +# 9.3.34. Unique Identifier +# +# The Unique Identifier attribute type specifies a "unique identifier" +# for an object represented in the Directory. The domain within which +# the identifier is unique, and the exact semantics of the identifier, +# are for local definition. For a person, this might be an +# institution-wide payroll number. For an organisational unit, it +# might be a department code. +# +# uniqueIdentifier ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-unique-identifier)) +# ::= {pilotAttributeType 44} +# +attributetype ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier' + DESC 'RFC1274: unique identifer' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +# 9.3.35. Organisational Status +# +# The Organisational Status attribute type specifies a category by +# which a person is often referred to in an organisation. Examples of +# usage in academia might include undergraduate student, researcher, +# lecturer, etc. +# +# A Directory administrator should probably consider carefully the +# distinctions between this and the title and userClass attributes. +# +# organizationalStatus ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-organizational-status)) +# ::= {pilotAttributeType 45} +# +attributetype ( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus' + DESC 'RFC1274: organizational status' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +# 9.3.36. Janet Mailbox +# +# The Janet Mailbox attribute type specifies an electronic mailbox +# attribute following the syntax specified in the Grey Book of the +# Coloured Book series. This attribute is intended for the convenience +# of U.K users unfamiliar with rfc822 and little-endian mail addresses. +# Entries using this attribute MUST also include an rfc822Mailbox +# attribute. +# +# janetMailbox ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreIA5StringSyntax +# (SIZE (1 .. ub-janet-mailbox)) +# ::= {pilotAttributeType 46} +# +attributetype ( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox' + DESC 'RFC1274: Janet mailbox' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) + +# 9.3.37. Mail Preference Option +# +# An attribute to allow users to indicate a preference for inclusion of +# their names on mailing lists (electronic or physical). The absence +# of such an attribute should be interpreted as if the attribute was +# present with value "no-list-inclusion". This attribute should be +# interpreted by anyone using the directory to derive mailing lists, +# and its value respected. +# +# mailPreferenceOption ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX ENUMERATED { +# no-list-inclusion(0), +# any-list-inclusion(1), -- may be added to any lists +# professional-list-inclusion(2) +# -- may be added to lists +# -- which the list provider +# -- views as related to the +# -- users professional inter- +# -- ests, perhaps evaluated +# -- from the business of the +# -- organisation or keywords +# -- in the entry. +# } +# ::= {pilotAttributeType 47} +# +attributetype ( 0.9.2342.19200300.100.1.47 + NAME 'mailPreferenceOption' + DESC 'RFC1274: mail preference option' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) + +# 9.3.38. Building Name +# +# The Building Name attribute type specifies the name of the building +# where an organisation or organisational unit is based. +# +# buildingName ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-building-name)) +# ::= {pilotAttributeType 48} +# +attributetype ( 0.9.2342.19200300.100.1.48 NAME 'buildingName' + DESC 'RFC1274: name of building' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +# 9.3.39. DSA Quality +# +# The DSA Quality attribute type specifies the purported quality of a +# DSA. It allows a DSA manager to indicate the expected level of +# availability of the DSA. See [8] for details of the syntax. +# +# dSAQuality ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX DSAQualitySyntax +# SINGLE VALUE +# ::= {pilotAttributeType 49} +# +attributetype ( 0.9.2342.19200300.100.1.49 NAME 'dSAQuality' + DESC 'RFC1274: DSA Quality' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.19 SINGLE-VALUE ) + +# 9.3.40. Single Level Quality +# +# The Single Level Quality attribute type specifies the purported data +# quality at the level immediately below in the DIT. See [8] for +# details of the syntax. +# +# singleLevelQuality ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX DataQualitySyntax +# SINGLE VALUE +# ::= {pilotAttributeType 50} +# +attributetype ( 0.9.2342.19200300.100.1.50 NAME 'singleLevelQuality' + DESC 'RFC1274: Single Level Quality' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE ) + +# 9.3.41. Subtree Minimum Quality +# +# The Subtree Minimum Quality attribute type specifies the purported +# minimum data quality for a DIT subtree. See [8] for more discussion +# and details of the syntax. +# +# subtreeMinimumQuality ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX DataQualitySyntax +# SINGLE VALUE +# -- Defaults to singleLevelQuality +# ::= {pilotAttributeType 51} +# +attributetype ( 0.9.2342.19200300.100.1.51 NAME 'subtreeMinimumQuality' + DESC 'RFC1274: Subtree Mininum Quality' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE ) + +# 9.3.42. Subtree Maximum Quality +# +# The Subtree Maximum Quality attribute type specifies the purported +# maximum data quality for a DIT subtree. See [8] for more discussion +# and details of the syntax. +# +# subtreeMaximumQuality ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX DataQualitySyntax +# SINGLE VALUE +# -- Defaults to singleLevelQuality +# ::= {pilotAttributeType 52} +# +attributetype ( 0.9.2342.19200300.100.1.52 NAME 'subtreeMaximumQuality' + DESC 'RFC1274: Subtree Maximun Quality' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE ) + +# 9.3.43. Personal Signature +# +# The Personal Signature attribute type allows for a representation of +# a person's signature. This should be encoded in G3 fax as explained +# in recommendation T.4, with an ASN.1 wrapper to make it compatible +# with an X.400 BodyPart as defined in X.420. +# +# IMPORT G3FacsimileBodyPart FROM { mhs-motis ipms modules +# information-objects } +# +# personalSignature ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# CHOICE { +# g3-facsimile [3] G3FacsimileBodyPart +# } +# (SIZE (1 .. ub-personal-signature)) +# ::= {pilotAttributeType 53} +# +attributetype ( 0.9.2342.19200300.100.1.53 NAME 'personalSignature' + DESC 'RFC1274: Personal Signature (G3 fax)' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.23 ) + +# 9.3.44. DIT Redirect +# +# The DIT Redirect attribute type is used to indicate that the object +# described by one entry now has a newer entry in the DIT. The entry +# containing the redirection attribute should be expired after a +# suitable grace period. This attribute may be used when an individual +# changes his/her place of work, and thus acquires a new organisational +# DN. +# +# dITRedirect ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# distinguishedNameSyntax +# ::= {pilotAttributeType 54} +# +attributetype ( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect' + DESC 'RFC1274: DIT Redirect' + EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) + +# 9.3.45. Audio +# +# The Audio attribute type allows the storing of sounds in the +# Directory. The attribute uses a u-law encoded sound file as used by +# the "play" utility on a Sun 4. This is an interim format. +# +# audio ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# Audio +# (SIZE (1 .. ub-audio)) +# ::= {pilotAttributeType 55} +# +attributetype ( 0.9.2342.19200300.100.1.55 NAME 'audio' + DESC 'RFC1274: audio (u-law)' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.4{25000} ) + +# 9.3.46. Publisher of Document +# +# +# The Publisher of Document attribute is the person and/or organization +# that published a document. +# +# documentPublisher ATTRIBUTE +# WITH ATTRIBUTE SYNTAX caseIgnoreStringSyntax +# ::= {pilotAttributeType 56} +# +attributetype ( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher' + DESC 'RFC1274: publisher of document' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +# 9.4. Generally useful syntaxes +# +# caseIgnoreIA5StringSyntax ATTRIBUTE-SYNTAX +# IA5String +# MATCHES FOR EQUALITY SUBSTRINGS +# +# iA5StringSyntax ATTRIBUTE-SYNTAX +# IA5String +# MATCHES FOR EQUALITY SUBSTRINGS +# +# +# -- Syntaxes to support the DNS attributes +# +# DNSRecordSyntax ATTRIBUTE-SYNTAX +# IA5String +# MATCHES FOR EQUALITY +# +# +# NRSInformationSyntax ATTRIBUTE-SYNTAX +# NRSInformation +# MATCHES FOR EQUALITY +# +# +# NRSInformation ::= SET { +# [0] Context, +# [1] Address-space-id, +# routes [2] SEQUENCE OF SEQUENCE { +# Route-cost, +# Addressing-info } +# } +# +# +# 9.5. Upper bounds on length of attribute values +# +# +# ub-document-identifier INTEGER ::= 256 +# +# ub-document-location INTEGER ::= 256 +# +# ub-document-title INTEGER ::= 256 +# +# ub-document-version INTEGER ::= 256 +# +# ub-favourite-drink INTEGER ::= 256 +# +# ub-host INTEGER ::= 256 +# +# ub-information INTEGER ::= 2048 +# +# ub-unique-identifier INTEGER ::= 256 +# +# ub-personal-title INTEGER ::= 256 +# +# ub-photo INTEGER ::= 250000 +# +# ub-rfc822-mailbox INTEGER ::= 256 +# +# ub-room-number INTEGER ::= 256 +# +# ub-text-or-address INTEGER ::= 256 +# +# ub-user-class INTEGER ::= 256 +# +# ub-user-identifier INTEGER ::= 256 +# +# ub-organizational-status INTEGER ::= 256 +# +# ub-janet-mailbox INTEGER ::= 256 +# +# ub-building-name INTEGER ::= 256 +# +# ub-personal-signature ::= 50000 +# +# ub-audio INTEGER ::= 250000 +# + +# [back to 8] +# 8. Object Classes +# +# 8.1. X.500 standard object classes +# +# A number of generally useful object classes are defined in X.521, and +# these are supported. Refer to that document for descriptions of the +# suggested usage of these object classes. The ASN.1 for these object +# classes is reproduced for completeness in Appendix C. +# +# 8.2. X.400 standard object classes +# +# A number of object classes defined in X.400 are supported. Refer to +# X.402 for descriptions of the usage of these object classes. The +# ASN.1 for these object classes is reproduced for completeness in +# Appendix C. +# +# 8.3. COSINE/Internet object classes +# +# This section attempts to fuse together the object classes designed +# for use in the COSINE and Internet pilot activities. Descriptions +# are given of the suggested usage of these object classes. The ASN.1 +# for these object classes is also reproduced in Appendix C. +# +# 8.3.1. Pilot Object +# +# The PilotObject object class is used as a sub-class to allow some +# common, useful attributes to be assigned to entries of all other +# object classes. +# +# pilotObject OBJECT-CLASS +# SUBCLASS OF top +# MAY CONTAIN { +# info, +# photo, +# manager, +# uniqueIdentifier, +# lastModifiedTime, +# lastModifiedBy, +# dITRedirect, +# audio} +# ::= {pilotObjectClass 3} +# +#objectclass ( 0.9.2342.19200300.100.4.3 NAME 'pilotObject' +# DESC 'RFC1274: pilot object' +# SUP top AUXILIARY +# MAY ( info $ photo $ manager $ uniqueIdentifier $ +# lastModifiedTime $ lastModifiedBy $ dITRedirect $ audio ) +# ) + +# 8.3.2. Pilot Person +# +# The PilotPerson object class is used as a sub-class of person, to +# allow the use of a number of additional attributes to be assigned to +# entries of object class person. +# +# pilotPerson OBJECT-CLASS +# SUBCLASS OF person +# MAY CONTAIN { +# userid, +# textEncodedORAddress, +# rfc822Mailbox, +# favouriteDrink, +# roomNumber, +# userClass, +# homeTelephoneNumber, +# homePostalAddress, +# secretary, +# personalTitle, +# preferredDeliveryMethod, +# businessCategory, +# janetMailbox, +# otherMailbox, +# mobileTelephoneNumber, +# pagerTelephoneNumber, +# organizationalStatus, +# mailPreferenceOption, +# personalSignature} +# ::= {pilotObjectClass 4} +# +objectclass ( 0.9.2342.19200300.100.4.4 + NAME ( 'pilotPerson' 'newPilotPerson' ) + SUP person STRUCTURAL + MAY ( userid $ textEncodedORAddress $ rfc822Mailbox $ + favouriteDrink $ roomNumber $ userClass $ + homeTelephoneNumber $ homePostalAddress $ secretary $ + personalTitle $ preferredDeliveryMethod $ businessCategory $ + janetMailbox $ otherMailbox $ mobileTelephoneNumber $ + pagerTelephoneNumber $ organizationalStatus $ + mailPreferenceOption $ personalSignature ) + ) + +# 8.3.3. Account +# +# The Account object class is used to define entries representing +# computer accounts. The userid attribute should be used for naming +# entries of this object class. +# +# account OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# userid} +# MAY CONTAIN { +# description, +# seeAlso, +# localityName, +# organizationName, +# organizationalUnitName, +# host} +# ::= {pilotObjectClass 5} +# +objectclass ( 0.9.2342.19200300.100.4.5 NAME 'account' + SUP top STRUCTURAL + MUST userid + MAY ( description $ seeAlso $ localityName $ + organizationName $ organizationalUnitName $ host ) + ) + +# 8.3.4. Document +# +# The Document object class is used to define entries which represent +# documents. +# +# document OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# documentIdentifier} +# MAY CONTAIN { +# commonName, +# description, +# seeAlso, +# localityName, +# organizationName, +# organizationalUnitName, +# documentTitle, +# documentVersion, +# documentAuthor, +# documentLocation, +# documentPublisher} +# ::= {pilotObjectClass 6} +# +objectclass ( 0.9.2342.19200300.100.4.6 NAME 'document' + SUP top STRUCTURAL + MUST documentIdentifier + MAY ( commonName $ description $ seeAlso $ localityName $ + organizationName $ organizationalUnitName $ + documentTitle $ documentVersion $ documentAuthor $ + documentLocation $ documentPublisher ) + ) + +# 8.3.5. Room +# +# The Room object class is used to define entries representing rooms. +# The commonName attribute should be used for naming pentries of this +# object class. +# +# room OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# commonName} +# MAY CONTAIN { +# roomNumber, +# description, +# seeAlso, +# telephoneNumber} +# ::= {pilotObjectClass 7} +# +objectclass ( 0.9.2342.19200300.100.4.7 NAME 'room' + SUP top STRUCTURAL + MUST commonName + MAY ( roomNumber $ description $ seeAlso $ telephoneNumber ) + ) + +# 8.3.6. Document Series +# +# The Document Series object class is used to define an entry which +# represents a series of documents (e.g., The Request For Comments +# papers). +# +# documentSeries OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# commonName} +# MAY CONTAIN { +# description, +# seeAlso, +# telephoneNumber, +# localityName, +# organizationName, +# organizationalUnitName} +# ::= {pilotObjectClass 9} +# +objectclass ( 0.9.2342.19200300.100.4.9 NAME 'documentSeries' + SUP top STRUCTURAL + MUST commonName + MAY ( description $ seeAlso $ telephonenumber $ + localityName $ organizationName $ organizationalUnitName ) + ) + +# 8.3.7. Domain +# +# The Domain object class is used to define entries which represent DNS +# or NRS domains. The domainComponent attribute should be used for +# naming entries of this object class. The usage of this object class +# is described in more detail in [3]. +# +# domain OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# domainComponent} +# MAY CONTAIN { +# associatedName, +# organizationName, +# organizationalAttributeSet} +# ::= {pilotObjectClass 13} +# +objectclass ( 0.9.2342.19200300.100.4.13 NAME 'domain' + SUP top STRUCTURAL + MUST domainComponent + MAY ( associatedName $ organizationName $ description $ + businessCategory $ seeAlso $ searchGuide $ userPassword $ + localityName $ stateOrProvinceName $ streetAddress $ + physicalDeliveryOfficeName $ postalAddress $ postalCode $ + postOfficeBox $ streetAddress $ + facsimileTelephoneNumber $ internationalISDNNumber $ + telephoneNumber $ teletexTerminalIdentifier $ telexNumber $ + preferredDeliveryMethod $ destinationIndicator $ + registeredAddress $ x121Address ) + ) + +# 8.3.8. RFC822 Local Part +# +# The RFC822 Local Part object class is used to define entries which +# represent the local part of RFC822 mail addresses. This treats this +# part of an RFC822 address as a domain. The usage of this object +# class is described in more detail in [3]. +# +# rFC822localPart OBJECT-CLASS +# SUBCLASS OF domain +# MAY CONTAIN { +# commonName, +# surname, +# description, +# seeAlso, +# telephoneNumber, +# postalAttributeSet, +# telecommunicationAttributeSet} +# ::= {pilotObjectClass 14} +# +objectclass ( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart' + SUP domain STRUCTURAL + MAY ( commonName $ surname $ description $ seeAlso $ telephoneNumber $ + physicalDeliveryOfficeName $ postalAddress $ postalCode $ + postOfficeBox $ streetAddress $ + facsimileTelephoneNumber $ internationalISDNNumber $ + telephoneNumber $ teletexTerminalIdentifier $ + telexNumber $ preferredDeliveryMethod $ destinationIndicator $ + registeredAddress $ x121Address ) + ) + +# 8.3.9. DNS Domain +# +# The DNS Domain (Domain NameServer) object class is used to define +# entries for DNS domains. The usage of this object class is described +# in more detail in [3]. +# +# dNSDomain OBJECT-CLASS +# SUBCLASS OF domain +# MAY CONTAIN { +# ARecord, +# MDRecord, +# MXRecord, +# NSRecord, +# SOARecord, +# CNAMERecord} +# ::= {pilotObjectClass 15} +# +objectclass ( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain' + SUP domain STRUCTURAL + MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $ + SOARecord $ CNAMERecord ) + ) + +# 8.3.10. Domain Related Object +# +# The Domain Related Object object class is used to define entries +# which represent DNS/NRS domains which are "equivalent" to an X.500 +# domain: e.g., an organisation or organisational unit. The usage of +# this object class is described in more detail in [3]. +# +# domainRelatedObject OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# associatedDomain} +# ::= {pilotObjectClass 17} +# +objectclass ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject' + DESC 'RFC1274: an object related to an domain' + SUP top AUXILIARY + MUST associatedDomain ) + +# 8.3.11. Friendly Country +# +# The Friendly Country object class is used to define country entries +# in the DIT. The object class is used to allow friendlier naming of +# countries than that allowed by the object class country. The naming +# attribute of object class country, countryName, has to be a 2 letter +# string defined in ISO 3166. +# +# friendlyCountry OBJECT-CLASS +# SUBCLASS OF country +# MUST CONTAIN { +# friendlyCountryName} +# ::= {pilotObjectClass 18} +# +objectclass ( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry' + SUP country STRUCTURAL + MUST friendlyCountryName ) + +# 8.3.12. Simple Security Object +# +# The Simple Security Object object class is used to allow an entry to +# have a userPassword attribute when an entry's principal object +# classes do not allow userPassword as an attribute type. +# +# simpleSecurityObject OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# userPassword } +# ::= {pilotObjectClass 19} +# +## (in core.schema) +## objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject' +## SUP top AUXILIARY +## MUST userPassword ) + +# 8.3.13. Pilot Organization +# +# The PilotOrganization object class is used as a sub-class of +# organization and organizationalUnit to allow a number of additional +# attributes to be assigned to entries of object classes organization +# and organizationalUnit. +# +# pilotOrganization OBJECT-CLASS +# SUBCLASS OF organization, organizationalUnit +# MAY CONTAIN { +# buildingName} +# ::= {pilotObjectClass 20} +# +objectclass ( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization' + SUP ( organization $ organizationalUnit ) STRUCTURAL + MAY buildingName ) + +# 8.3.14. Pilot DSA +# +# The PilotDSA object class is used as a sub-class of the dsa object +# class to allow additional attributes to be assigned to entries for +# DSAs. +# +# pilotDSA OBJECT-CLASS +# SUBCLASS OF dsa +# MUST CONTAIN { +# dSAQuality} +# ::= {pilotObjectClass 21} +# +objectclass ( 0.9.2342.19200300.100.4.21 NAME 'pilotDSA' + SUP dsa STRUCTURAL + MAY dSAQuality ) + +# 8.3.15. Quality Labelled Data +# +# The Quality Labelled Data object class is used to allow the +# assignment of the data quality attributes to subtrees in the DIT. +# +# See [8] for more details. +# +# qualityLabelledData OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# dSAQuality} +# MAY CONTAIN { +# subtreeMinimumQuality, +# subtreeMaximumQuality} +# ::= {pilotObjectClass 22} +objectclass ( 0.9.2342.19200300.100.4.22 NAME 'qualityLabelledData' + SUP top AUXILIARY + MUST dsaQuality + MAY ( subtreeMinimumQuality $ subtreeMaximumQuality ) + ) + + +# References +# +# [1] CCITT/ISO, "X.500, The Directory - overview of concepts, +# models and services, CCITT /ISO IS 9594. +# +# [2] Kille, S., "The THORN and RARE X.500 Naming Architecture, in +# University College London, Department of Computer Science +# Research Note 89/48, May 1989. +# +# [3] Kille, S., "X.500 and Domains", RFC 1279, University College +# London, November 1991. +# +# [4] Rose, M., "PSI/NYSERNet White Pages Pilot Project: Status +# Report", Technical Report 90-09-10-1, published by NYSERNet +# Inc, 1990. +# +# [5] Craigie, J., "UK Academic Community Directory Service Pilot +# Project, pp. 305-310 in Computer Networks and ISDN Systems +# 17 (1989), published by North Holland. +# +# [6] Mockapetris, P., "Domain Names - Concepts and Facilities", +# RFC 1034, USC/Information Sciences Institute, November 1987. +# +# [7] Mockapetris, P., "Domain Names - Implementation and +# Specification, RFC 1035, USC/Information Sciences Institute, +# November 1987. +# +# [8] Kille, S., "Handling QOS (Quality of service) in the +# Directory," publication in process, March 1991. +# +# +# APPENDIX C - Summary of all Object Classes and Attribute Types +# +# -- Some Important Object Identifiers +# +# data OBJECT IDENTIFIER ::= {ccitt 9} +# pss OBJECT IDENTIFIER ::= {data 2342} +# ucl OBJECT IDENTIFIER ::= {pss 19200300} +# pilot OBJECT IDENTIFIER ::= {ucl 100} +# +# pilotAttributeType OBJECT IDENTIFIER ::= {pilot 1} +# pilotAttributeSyntax OBJECT IDENTIFIER ::= {pilot 3} +# pilotObjectClass OBJECT IDENTIFIER ::= {pilot 4} +# pilotGroups OBJECT IDENTIFIER ::= {pilot 10} +# +# iA5StringSyntax OBJECT IDENTIFIER ::= {pilotAttributeSyntax 4} +# caseIgnoreIA5StringSyntax OBJECT IDENTIFIER ::= +# {pilotAttributeSyntax 5} +# +# -- Standard Object Classes +# +# top OBJECT-CLASS +# MUST CONTAIN { +# objectClass} +# ::= {objectClass 0} +# +# +# alias OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# aliasedObjectName} +# ::= {objectClass 1} +# +# +# country OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# countryName} +# MAY CONTAIN { +# description, +# searchGuide} +# ::= {objectClass 2} +# +# +# locality OBJECT-CLASS +# SUBCLASS OF top +# MAY CONTAIN { +# description, +# localityName, +# stateOrProvinceName, +# searchGuide, +# seeAlso, +# streetAddress} +# ::= {objectClass 3} +# +# +# organization OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# organizationName} +# MAY CONTAIN { +# organizationalAttributeSet} +# ::= {objectClass 4} +# +# +# organizationalUnit OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# organizationalUnitName} +# MAY CONTAIN { +# organizationalAttributeSet} +# ::= {objectClass 5} +# +# +# person OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# commonName, +# surname} +# MAY CONTAIN { +# description, +# seeAlso, +# telephoneNumber, +# userPassword} +# ::= {objectClass 6} +# +# +# organizationalPerson OBJECT-CLASS +# SUBCLASS OF person +# MAY CONTAIN { +# localeAttributeSet, +# organizationalUnitName, +# postalAttributeSet, +# telecommunicationAttributeSet, +# title} +# ::= {objectClass 7} +# +# +# organizationalRole OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# commonName} +# MAY CONTAIN { +# description, +# localeAttributeSet, +# organizationalUnitName, +# postalAttributeSet, +# preferredDeliveryMethod, +# roleOccupant, +# seeAlso, +# telecommunicationAttributeSet} +# ::= {objectClass 8} +# +# +# groupOfNames OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# commonName, +# member} +# MAY CONTAIN { +# description, +# organizationName, +# organizationalUnitName, +# owner, +# seeAlso, +# businessCategory} +# ::= {objectClass 9} +# +# +# residentialPerson OBJECT-CLASS +# SUBCLASS OF person +# MUST CONTAIN { +# localityName} +# MAY CONTAIN { +# localeAttributeSet, +# postalAttributeSet, +# preferredDeliveryMethod, +# telecommunicationAttributeSet, +# businessCategory} +# ::= {objectClass 10} +# +# +# applicationProcess OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# commonName} +# MAY CONTAIN { +# description, +# localityName, +# organizationalUnitName, +# seeAlso} +# ::= {objectClass 11} +# +# +# applicationEntity OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# commonName, +# presentationAddress} +# MAY CONTAIN { +# description, +# localityName, +# organizationName, +# organizationalUnitName, +# seeAlso, +# supportedApplicationContext} +# ::= {objectClass 12} +# +# +# dSA OBJECT-CLASS +# SUBCLASS OF applicationEntity +# MAY CONTAIN { +# knowledgeInformation} +# ::= {objectClass 13} +# +# +# device OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# commonName} +# MAY CONTAIN { +# description, +# localityName, +# organizationName, +# organizationalUnitName, +# owner, +# seeAlso, +# serialNumber} +# ::= {objectClass 14} +# +# +# strongAuthenticationUser OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# userCertificate} +# ::= {objectClass 15} +# +# +# certificationAuthority OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# cACertificate, +# certificateRevocationList, +# authorityRevocationList} +# MAY CONTAIN { +# crossCertificatePair} +# ::= {objectClass 16} +# +# -- Standard MHS Object Classes +# +# mhsDistributionList OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# commonName, +# mhsDLSubmitPermissions, +# mhsORAddresses} +# MAY CONTAIN { +# description, +# organizationName, +# organizationalUnitName, +# owner, +# seeAlso, +# mhsDeliverableContentTypes, +# mhsdeliverableEits, +# mhsDLMembers, +# mhsPreferredDeliveryMethods} +# ::= {mhsObjectClass 0} +# +# +# mhsMessageStore OBJECT-CLASS +# SUBCLASS OF applicationEntity +# MAY CONTAIN { +# description, +# owner, +# mhsSupportedOptionalAttributes, +# mhsSupportedAutomaticActions, +# mhsSupportedContentTypes} +# ::= {mhsObjectClass 1} +# +# +# mhsMessageTransferAgent OBJECT-CLASS +# SUBCLASS OF applicationEntity +# MAY CONTAIN { +# description, +# owner, +# mhsDeliverableContentLength} +# ::= {mhsObjectClass 2} +# +# +# mhsOrganizationalUser OBJECT-CLASS +# SUBCLASS OF organizationalPerson +# MUST CONTAIN { +# mhsORAddresses} +# MAY CONTAIN { +# mhsDeliverableContentLength, +# mhsDeliverableContentTypes, +# mhsDeliverableEits, +# mhsMessageStoreName, +# mhsPreferredDeliveryMethods } +# ::= {mhsObjectClass 3} +# +# +# mhsResidentialUser OBJECT-CLASS +# SUBCLASS OF residentialPerson +# MUST CONTAIN { +# mhsORAddresses} +# MAY CONTAIN { +# mhsDeliverableContentLength, +# mhsDeliverableContentTypes, +# mhsDeliverableEits, +# mhsMessageStoreName, +# mhsPreferredDeliveryMethods } +# ::= {mhsObjectClass 4} +# +# +# mhsUserAgent OBJECT-CLASS +# SUBCLASS OF applicationEntity +# MAY CONTAIN { +# mhsDeliverableContentLength, +# mhsDeliverableContentTypes, +# mhsDeliverableEits, +# mhsORAddresses, +# owner} +# ::= {mhsObjectClass 5} +# +# +# +# +# -- Pilot Object Classes +# +# pilotObject OBJECT-CLASS +# SUBCLASS OF top +# MAY CONTAIN { +# info, +# photo, +# manager, +# uniqueIdentifier, +# lastModifiedTime, +# lastModifiedBy, +# dITRedirect, +# audio} +# ::= {pilotObjectClass 3} +# pilotPerson OBJECT-CLASS +# SUBCLASS OF person +# MAY CONTAIN { +# userid, +# textEncodedORAddress, +# rfc822Mailbox, +# favouriteDrink, +# roomNumber, +# userClass, +# homeTelephoneNumber, +# homePostalAddress, +# secretary, +# personalTitle, +# preferredDeliveryMethod, +# businessCategory, +# janetMailbox, +# otherMailbox, +# mobileTelephoneNumber, +# pagerTelephoneNumber, +# organizationalStatus, +# mailPreferenceOption, +# personalSignature} +# ::= {pilotObjectClass 4} +# +# +# account OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# userid} +# MAY CONTAIN { +# description, +# seeAlso, +# localityName, +# organizationName, +# organizationalUnitName, +# host} +# ::= {pilotObjectClass 5} +# +# +# document OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# documentIdentifier} +# MAY CONTAIN { +# commonName, +# description, +# seeAlso, +# localityName, +# organizationName, +# organizationalUnitName, +# documentTitle, +# documentVersion, +# documentAuthor, +# documentLocation, +# documentPublisher} +# ::= {pilotObjectClass 6} +# +# +# room OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# commonName} +# MAY CONTAIN { +# roomNumber, +# description, +# seeAlso, +# telephoneNumber} +# ::= {pilotObjectClass 7} +# +# +# documentSeries OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# commonName} +# MAY CONTAIN { +# description, +# seeAlso, +# telephoneNumber, +# localityName, +# organizationName, +# organizationalUnitName} +# ::= {pilotObjectClass 9} +# +# +# domain OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# domainComponent} +# MAY CONTAIN { +# associatedName, +# organizationName, +# organizationalAttributeSet} +# ::= {pilotObjectClass 13} +# +# +# rFC822localPart OBJECT-CLASS +# SUBCLASS OF domain +# MAY CONTAIN { +# commonName, +# surname, +# description, +# seeAlso, +# telephoneNumber, +# postalAttributeSet, +# telecommunicationAttributeSet} +# ::= {pilotObjectClass 14} +# +# +# dNSDomain OBJECT-CLASS +# SUBCLASS OF domain +# MAY CONTAIN { +# ARecord, +# MDRecord, +# MXRecord, +# NSRecord, +# SOARecord, +# CNAMERecord} +# ::= {pilotObjectClass 15} +# +# +# domainRelatedObject OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# associatedDomain} +# ::= {pilotObjectClass 17} +# +# +# friendlyCountry OBJECT-CLASS +# SUBCLASS OF country +# MUST CONTAIN { +# friendlyCountryName} +# ::= {pilotObjectClass 18} +# +# +# simpleSecurityObject OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# userPassword } +# ::= {pilotObjectClass 19} +# +# +# pilotOrganization OBJECT-CLASS +# SUBCLASS OF organization, organizationalUnit +# MAY CONTAIN { +# buildingName} +# ::= {pilotObjectClass 20} +# +# +# pilotDSA OBJECT-CLASS +# SUBCLASS OF dsa +# MUST CONTAIN { +# dSAQuality} +# ::= {pilotObjectClass 21} +# +# +# qualityLabelledData OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# dSAQuality} +# MAY CONTAIN { +# subtreeMinimumQuality, +# subtreeMaximumQuality} +# ::= {pilotObjectClass 22} +# +# +# +# +# -- Standard Attribute Types +# +# objectClass ObjectClass +# ::= {attributeType 0} +# +# +# aliasedObjectName AliasedObjectName +# ::= {attributeType 1} +# +# +# knowledgeInformation ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX caseIgnoreString +# ::= {attributeType 2} +# +# +# commonName ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax +# (SIZE (1..ub-common-name)) +# ::= {attributeType 3} +# +# +# surname ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax +# (SIZE (1..ub-surname)) +# ::= {attributeType 4} +# +# +# serialNumber ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX printableStringSyntax +# (SIZE (1..ub-serial-number)) +# ::= {attributeType 5} +# +# +# countryName ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX PrintableString +# (SIZE (1..ub-country-code)) +# SINGLE VALUE +# ::= {attributeType 6} +# +# +# localityName ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax +# (SIZE (1..ub-locality-name)) +# ::= {attributeType 7} +# +# +# stateOrProvinceName ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax +# (SIZE (1..ub-state-name)) +# ::= {attributeType 8} +# +# +# streetAddress ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax +# (SIZE (1..ub-street-address)) +# ::= {attributeType 9} +# +# +# organizationName ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax +# (SIZE (1..ub-organization-name)) +# ::= {attributeType 10} +# +# +# organizationalUnitName ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax +# (SIZE (1..ub-organizational-unit-name)) +# ::= {attributeType 11} +# +# +# title ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax +# (SIZE (1..ub-title)) +# ::= {attributeType 12} +# +# +# description ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax +# (SIZE (1..ub-description)) +# ::= {attributeType 13} +# +# +# searchGuide ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX Guide +# ::= {attributeType 14} +# +# +# businessCategory ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax +# (SIZE (1..ub-business-category)) +# ::= {attributeType 15} +# +# +# postalAddress ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX PostalAddress +# MATCHES FOR EQUALITY +# ::= {attributeType 16} +# +# +# postalCode ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax +# (SIZE (1..ub-postal-code)) +# ::= {attributeType 17} +# +# +# postOfficeBox ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax +# (SIZE (1..ub-post-office-box)) +# ::= {attributeType 18} +# +# +# physicalDeliveryOfficeName ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax +# (SIZE (1..ub-physical-office-name)) +# ::= {attributeType 19} +# +# +# telephoneNumber ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX telephoneNumberSyntax +# (SIZE (1..ub-telephone-number)) +# ::= {attributeType 20} +# +# +# telexNumber ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX TelexNumber +# (SIZE (1..ub-telex)) +# ::= {attributeType 21} +# +# +# teletexTerminalIdentifier ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX TeletexTerminalIdentifier +# (SIZE (1..ub-teletex-terminal-id)) +# ::= {attributeType 22} +# +# +# facsimileTelephoneNumber ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX FacsimileTelephoneNumber +# ::= {attributeType 23} +# +# +# x121Address ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX NumericString +# (SIZE (1..ub-x121-address)) +# ::= {attributeType 24} +# +# +# internationaliSDNNumber ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX NumericString +# (SIZE (1..ub-isdn-address)) +# ::= {attributeType 25} +# +# +# registeredAddress ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX PostalAddress +# ::= {attributeType 26} +# +# +# destinationIndicator ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX PrintableString +# (SIZE (1..ub-destination-indicator)) +# MATCHES FOR EQUALITY SUBSTRINGS +# ::= {attributeType 27} +# +# +# preferredDeliveryMethod ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX deliveryMethod +# ::= {attributeType 28} +# +# +# presentationAddress ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX PresentationAddress +# MATCHES FOR EQUALITY +# ::= {attributeType 29} +# +# +# supportedApplicationContext ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX objectIdentifierSyntax +# ::= {attributeType 30} +# +# +# member ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax +# ::= {attributeType 31} +# +# +# owner ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax +# ::= {attributeType 32} +# +# +# roleOccupant ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax +# ::= {attributeType 33} +# +# +# seeAlso ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax +# ::= {attributeType 34} +# +# +# userPassword ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX Userpassword +# ::= {attributeType 35} +# +# +# userCertificate ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX UserCertificate +# ::= {attributeType 36} +# +# +# cACertificate ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX cACertificate +# ::= {attributeType 37} +# +# +# authorityRevocationList ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX AuthorityRevocationList +# ::= {attributeType 38} +# +# +# certificateRevocationList ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX CertificateRevocationList +# ::= {attributeType 39} +# +# +# crossCertificatePair ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX CrossCertificatePair +# ::= {attributeType 40} +# +# +# +# +# -- Standard MHS Attribute Types +# +# mhsDeliverableContentLength ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX integer +# ::= {mhsAttributeType 0} +# +# +# mhsDeliverableContentTypes ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX oID +# ::= {mhsAttributeType 1} +# +# +# mhsDeliverableEits ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX oID +# ::= {mhsAttributeType 2} +# +# +# mhsDLMembers ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX oRName +# ::= {mhsAttributeType 3} +# +# +# mhsDLSubmitPermissions ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX dLSubmitPermission +# ::= {mhsAttributeType 4} +# +# +# mhsMessageStoreName ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX dN +# ::= {mhsAttributeType 5} +# +# +# mhsORAddresses ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX oRAddress +# ::= {mhsAttributeType 6} +# +# +# mhsPreferredDeliveryMethods ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX deliveryMethod +# ::= {mhsAttributeType 7} +# +# +# mhsSupportedAutomaticActions ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX oID +# ::= {mhsAttributeType 8} +# +# +# mhsSupportedContentTypes ATTRIBUTE +# +# WITH ATTRIBUTE-SYNTAX oID +# ::= {mhsAttributeType 9} +# +# +# mhsSupportedOptionalAttributes ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX oID +# ::= {mhsAttributeType 10} +# +# +# +# +# -- Pilot Attribute Types +# +# userid ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-user-identifier)) +# ::= {pilotAttributeType 1} +# +# +# textEncodedORAddress ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-text-encoded-or-address)) +# ::= {pilotAttributeType 2} +# +# +# rfc822Mailbox ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreIA5StringSyntax +# (SIZE (1 .. ub-rfc822-mailbox)) +# ::= {pilotAttributeType 3} +# +# +# info ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-information)) +# ::= {pilotAttributeType 4} +# +# +# favouriteDrink ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-favourite-drink)) +# ::= {pilotAttributeType 5} +# +# +# roomNumber ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-room-number)) +# ::= {pilotAttributeType 6} +# +# +# photo ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# CHOICE { +# g3-facsimile [3] G3FacsimileBodyPart +# } +# (SIZE (1 .. ub-photo)) +# ::= {pilotAttributeType 7} +# +# +# userClass ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-user-class)) +# ::= {pilotAttributeType 8} +# +# +# host ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-host)) +# ::= {pilotAttributeType 9} +# +# +# manager ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# distinguishedNameSyntax +# ::= {pilotAttributeType 10} +# +# +# documentIdentifier ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-document-identifier)) +# ::= {pilotAttributeType 11} +# +# +# documentTitle ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-document-title)) +# ::= {pilotAttributeType 12} +# +# +# documentVersion ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-document-version)) +# ::= {pilotAttributeType 13} +# +# +# documentAuthor ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# distinguishedNameSyntax +# ::= {pilotAttributeType 14} +# +# +# documentLocation ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-document-location)) +# ::= {pilotAttributeType 15} +# +# +# homeTelephoneNumber ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# telephoneNumberSyntax +# ::= {pilotAttributeType 20} +# +# +# secretary ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# distinguishedNameSyntax +# ::= {pilotAttributeType 21} +# +# +# otherMailbox ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# SEQUENCE { +# mailboxType PrintableString, -- e.g. Telemail +# mailbox IA5String -- e.g. X378:Joe +# } +# ::= {pilotAttributeType 22} +# +# +# lastModifiedTime ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# uTCTimeSyntax +# ::= {pilotAttributeType 23} +# +# +# lastModifiedBy ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# distinguishedNameSyntax +# ::= {pilotAttributeType 24} +# +# +# domainComponent ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreIA5StringSyntax +# SINGLE VALUE +# ::= {pilotAttributeType 25} +# +# +# aRecord ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# DNSRecordSyntax +# ::= {pilotAttributeType 26} +# +# +# mXRecord ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# DNSRecordSyntax +# ::= {pilotAttributeType 28} +# +# +# nSRecord ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# DNSRecordSyntax +# ::= {pilotAttributeType 29} +# +# sOARecord ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# DNSRecordSyntax +# ::= {pilotAttributeType 30} +# +# +# cNAMERecord ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# iA5StringSyntax +# ::= {pilotAttributeType 31} +# +# +# associatedDomain ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreIA5StringSyntax +# ::= {pilotAttributeType 37} +# +# +# associatedName ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# distinguishedNameSyntax +# ::= {pilotAttributeType 38} +# +# +# homePostalAddress ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# postalAddress +# MATCHES FOR EQUALITY +# ::= {pilotAttributeType 39} +# +# +# personalTitle ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-personal-title)) +# ::= {pilotAttributeType 40} +# +# +# mobileTelephoneNumber ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# telephoneNumberSyntax +# ::= {pilotAttributeType 41} +# +# +# pagerTelephoneNumber ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# telephoneNumberSyntax +# ::= {pilotAttributeType 42} +# +# +# friendlyCountryName ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# ::= {pilotAttributeType 43} +# +# +# uniqueIdentifier ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-unique-identifier)) +# ::= {pilotAttributeType 44} +# +# +# organizationalStatus ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-organizational-status)) +# ::= {pilotAttributeType 45} +# +# +# janetMailbox ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreIA5StringSyntax +# (SIZE (1 .. ub-janet-mailbox)) +# ::= {pilotAttributeType 46} +# +# +# mailPreferenceOption ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX ENUMERATED { +# no-list-inclusion(0), +# any-list-inclusion(1), -- may be added to any lists +# professional-list-inclusion(2) +# -- may be added to lists +# -- which the list provider +# -- views as related to the +# -- users professional inter- +# -- ests, perhaps evaluated +# -- from the business of the +# -- organisation or keywords +# -- in the entry. +# } +# ::= {pilotAttributeType 47} +# +# +# buildingName ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-building-name)) +# ::= {pilotAttributeType 48} +# +# +# dSAQuality ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX DSAQualitySyntax +# SINGLE VALUE +# ::= {pilotAttributeType 49} +# +# +# singleLevelQuality ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX DataQualitySyntax +# SINGLE VALUE +# +# +# subtreeMinimumQuality ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX DataQualitySyntax +# SINGLE VALUE +# -- Defaults to singleLevelQuality +# ::= {pilotAttributeType 51} +# +# +# subtreeMaximumQuality ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX DataQualitySyntax +# SINGLE VALUE +# -- Defaults to singleLevelQuality +# ::= {pilotAttributeType 52} +# +# +# personalSignature ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# CHOICE { +# g3-facsimile [3] G3FacsimileBodyPart +# } +# (SIZE (1 .. ub-personal-signature)) +# ::= {pilotAttributeType 53} +# +# +# dITRedirect ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# distinguishedNameSyntax +# ::= {pilotAttributeType 54} +# +# +# audio ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# Audio +# (SIZE (1 .. ub-audio)) +# ::= {pilotAttributeType 55} +# +# documentPublisher ATTRIBUTE +# WITH ATTRIBUTE SYNTAX caseIgnoreStringSyntax +# ::= {pilotAttributeType 56} +# +# +# +# -- Generally useful syntaxes +# +# +# caseIgnoreIA5StringSyntax ATTRIBUTE-SYNTAX +# IA5String +# MATCHES FOR EQUALITY SUBSTRINGS +# +# +# iA5StringSyntax ATTRIBUTE-SYNTAX +# IA5String +# MATCHES FOR EQUALITY SUBSTRINGS +# +# +# -- Syntaxes to support the DNS attributes +# +# DNSRecordSyntax ATTRIBUTE-SYNTAX +# IA5String +# MATCHES FOR EQUALITY +# +# +# NRSInformationSyntax ATTRIBUTE-SYNTAX +# NRSInformation +# MATCHES FOR EQUALITY +# +# +# NRSInformation ::= SET { +# [0] Context, +# [1] Address-space-id, +# routes [2] SEQUENCE OF SEQUENCE { +# Route-cost, +# Addressing-info } +# } +# +# +# -- Upper bounds on length of attribute values +# +# +# ub-document-identifier INTEGER ::= 256 +# +# ub-document-location INTEGER ::= 256 +# +# ub-document-title INTEGER ::= 256 +# +# ub-document-version INTEGER ::= 256 +# +# ub-favourite-drink INTEGER ::= 256 +# +# ub-host INTEGER ::= 256 +# +# ub-information INTEGER ::= 2048 +# +# ub-unique-identifier INTEGER ::= 256 +# +# ub-personal-title INTEGER ::= 256 +# +# ub-photo INTEGER ::= 250000 +# +# ub-rfc822-mailbox INTEGER ::= 256 +# +# ub-room-number INTEGER ::= 256 +# +# ub-text-or-address INTEGER ::= 256 +# +# ub-user-class INTEGER ::= 256 +# +# ub-user-identifier INTEGER ::= 256 +# +# ub-organizational-status INTEGER ::= 256 +# +# ub-janet-mailbox INTEGER ::= 256 +# +# ub-building-name INTEGER ::= 256 +# +# ub-personal-signature ::= 50000 +# +# ub-audio INTEGER ::= 250000 +# +# [remainder of memo trimmed] + diff --git a/config-archive/etc/openldap/schema/cosine.schema.dist b/config-archive/etc/openldap/schema/cosine.schema.dist new file mode 100644 index 00000000..ef70696a --- /dev/null +++ b/config-archive/etc/openldap/schema/cosine.schema.dist @@ -0,0 +1,2571 @@ +# RFC1274: Cosine and Internet X.500 schema +# $OpenLDAP$ +## This work is part of OpenLDAP Software . +## +## Copyright 1998-2011 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## . +# +# RFC1274: Cosine and Internet X.500 schema +# +# This file contains LDAPv3 schema derived from X.500 COSINE "pilot" +# schema. As this schema was defined for X.500(89), some +# oddities were introduced in the mapping to LDAPv3. The +# mappings were based upon: draft-ietf-asid-ldapv3-attributes-03.txt +# (a work in progress) +# +# Note: It seems that the pilot schema evolved beyond what was +# described in RFC1274. However, this document attempts to describes +# RFC1274 as published. +# +# Depends on core.schema + + +# Network Working Group P. Barker +# Request for Comments: 1274 S. Kille +# University College London +# November 1991 +# +# The COSINE and Internet X.500 Schema +# +# [trimmed] +# +# Abstract +# +# This document suggests an X.500 Directory Schema, or Naming +# Architecture, for use in the COSINE and Internet X.500 pilots. The +# schema is independent of any specific implementation. As well as +# indicating support for the standard object classes and attributes, a +# large number of generally useful object classes and attributes are +# also defined. An appendix to this document includes a machine +# processable version of the schema. +# +# [trimmed] + +# 7. Object Identifiers +# +# Some additional object identifiers are defined for this schema. +# These are also reproduced in Appendix C. +# +# data OBJECT IDENTIFIER ::= {ccitt 9} +# pss OBJECT IDENTIFIER ::= {data 2342} +# ucl OBJECT IDENTIFIER ::= {pss 19200300} +# pilot OBJECT IDENTIFIER ::= {ucl 100} +# +# pilotAttributeType OBJECT IDENTIFIER ::= {pilot 1} +# pilotAttributeSyntax OBJECT IDENTIFIER ::= {pilot 3} +# pilotObjectClass OBJECT IDENTIFIER ::= {pilot 4} +# pilotGroups OBJECT IDENTIFIER ::= {pilot 10} +# +# iA5StringSyntax OBJECT IDENTIFIER ::= {pilotAttributeSyntax 4} +# caseIgnoreIA5StringSyntax OBJECT IDENTIFIER ::= +# {pilotAttributeSyntax 5} +# +# 8. Object Classes +# [relocated after 9] + +# +# 9. Attribute Types +# +# 9.1. X.500 standard attribute types +# +# A number of generally useful attribute types are defined in X.520, +# and these are supported. Refer to that document for descriptions of +# the suggested usage of these attribute types. The ASN.1 for these +# attribute types is reproduced for completeness in Appendix C. +# +# 9.2. X.400 standard attribute types +# +# The standard X.400 attribute types are supported. See X.402 for full +# details. The ASN.1 for these attribute types is reproduced in +# Appendix C. +# +# 9.3. COSINE/Internet attribute types +# +# This section describes all the attribute types defined for use in the +# COSINE and Internet pilots. Descriptions are given as to the +# suggested usage of these attribute types. The ASN.1 for these +# attribute types is reproduced in Appendix C. +# +# 9.3.1. Userid +# +# The Userid attribute type specifies a computer system login name. +# +# userid ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-user-identifier)) +# ::= {pilotAttributeType 1} +# +#(in core.schema) +##attributetype ( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' ) +## EQUALITY caseIgnoreMatch +## SUBSTR caseIgnoreSubstringsMatch +## SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +# 9.3.2. Text Encoded O/R Address +# +# The Text Encoded O/R Address attribute type specifies a text encoding +# of an X.400 O/R address, as specified in RFC 987. The use of this +# attribute is deprecated as the attribute is intended for interim use +# only. This attribute will be the first candidate for the attribute +# expiry mechanisms! +# +# textEncodedORAddress ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-text-encoded-or-address)) +# ::= {pilotAttributeType 2} +# +attributetype ( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +# 9.3.3. RFC 822 Mailbox +# +# The RFC822 Mailbox attribute type specifies an electronic mailbox +# attribute following the syntax specified in RFC 822. Note that this +# attribute should not be used for greybook or other non-Internet order +# mailboxes. +# +# rfc822Mailbox ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreIA5StringSyntax +# (SIZE (1 .. ub-rfc822-mailbox)) +# ::= {pilotAttributeType 3} +# +#(in core.schema) +##attributetype ( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822Mailbox' ) +## EQUALITY caseIgnoreIA5Match +## SUBSTR caseIgnoreIA5SubstringsMatch +## SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) + +# 9.3.4. Information +# +# The Information attribute type specifies any general information +# pertinent to an object. It is recommended that specific usage of +# this attribute type is avoided, and that specific requirements are +# met by other (possibly additional) attribute types. +# +# info ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-information)) +# ::= {pilotAttributeType 4} +# +attributetype ( 0.9.2342.19200300.100.1.4 NAME 'info' + DESC 'RFC1274: general information' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} ) + + +# 9.3.5. Favourite Drink +# +# The Favourite Drink attribute type specifies the favourite drink of +# an object (or person). +# +# favouriteDrink ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-favourite-drink)) +# ::= {pilotAttributeType 5} +# +attributetype ( 0.9.2342.19200300.100.1.5 + NAME ( 'drink' 'favouriteDrink' ) + DESC 'RFC1274: favorite drink' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +# 9.3.6. Room Number +# +# The Room Number attribute type specifies the room number of an +# object. Note that the commonName attribute should be used for naming +# room objects. +# +# roomNumber ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-room-number)) +# ::= {pilotAttributeType 6} +# +attributetype ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' + DESC 'RFC1274: room number' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +# 9.3.7. Photo +# +# The Photo attribute type specifies a "photograph" for an object. +# This should be encoded in G3 fax as explained in recommendation T.4, +# with an ASN.1 wrapper to make it compatible with an X.400 BodyPart as +# defined in X.420. +# +# IMPORT G3FacsimileBodyPart FROM { mhs-motis ipms modules +# information-objects } +# +# photo ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# CHOICE { +# g3-facsimile [3] G3FacsimileBodyPart +# } +# (SIZE (1 .. ub-photo)) +# ::= {pilotAttributeType 7} +# +attributetype ( 0.9.2342.19200300.100.1.7 NAME 'photo' + DESC 'RFC1274: photo (G3 fax)' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000} ) + +# 9.3.8. User Class +# +# The User Class attribute type specifies a category of computer user. +# The semantics placed on this attribute are for local interpretation. +# Examples of current usage od this attribute in academia are +# undergraduate student, researcher, lecturer, etc. Note that the +# organizationalStatus attribute may now often be preferred as it makes +# no distinction between computer users and others. +# +# userClass ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-user-class)) +# ::= {pilotAttributeType 8} +# +attributetype ( 0.9.2342.19200300.100.1.8 NAME 'userClass' + DESC 'RFC1274: category of user' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +# 9.3.9. Host +# +# The Host attribute type specifies a host computer. +# +# host ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-host)) +# ::= {pilotAttributeType 9} +# +attributetype ( 0.9.2342.19200300.100.1.9 NAME 'host' + DESC 'RFC1274: host computer' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +# 9.3.10. Manager +# +# The Manager attribute type specifies the manager of an object +# represented by an entry. +# +# manager ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# distinguishedNameSyntax +# ::= {pilotAttributeType 10} +# +attributetype ( 0.9.2342.19200300.100.1.10 NAME 'manager' + DESC 'RFC1274: DN of manager' + EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) + +# 9.3.11. Document Identifier +# +# The Document Identifier attribute type specifies a unique identifier +# for a document. +# +# documentIdentifier ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-document-identifier)) +# ::= {pilotAttributeType 11} +# +attributetype ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier' + DESC 'RFC1274: unique identifier of document' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +# 9.3.12. Document Title +# +# The Document Title attribute type specifies the title of a document. +# +# documentTitle ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-document-title)) +# ::= {pilotAttributeType 12} +# +attributetype ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle' + DESC 'RFC1274: title of document' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +# 9.3.13. Document Version +# +# The Document Version attribute type specifies the version number of a +# document. +# +# documentVersion ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-document-version)) +# ::= {pilotAttributeType 13} +# +attributetype ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion' + DESC 'RFC1274: version of document' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +# 9.3.14. Document Author +# +# The Document Author attribute type specifies the distinguished name +# of the author of a document. +# +# documentAuthor ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# distinguishedNameSyntax +# ::= {pilotAttributeType 14} +# +attributetype ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor' + DESC 'RFC1274: DN of author of document' + EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) + +# 9.3.15. Document Location +# +# The Document Location attribute type specifies the location of the +# document original. +# +# documentLocation ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-document-location)) +# ::= {pilotAttributeType 15} +# +attributetype ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation' + DESC 'RFC1274: location of document original' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +# 9.3.16. Home Telephone Number +# +# The Home Telephone Number attribute type specifies a home telephone +# number associated with a person. Attribute values should follow the +# agreed format for international telephone numbers: i.e., "+44 71 123 +# 4567". +# +# homeTelephoneNumber ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# telephoneNumberSyntax +# ::= {pilotAttributeType 20} +# +attributetype ( 0.9.2342.19200300.100.1.20 + NAME ( 'homePhone' 'homeTelephoneNumber' ) + DESC 'RFC1274: home telephone number' + EQUALITY telephoneNumberMatch + SUBSTR telephoneNumberSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ) + +# 9.3.17. Secretary +# +# The Secretary attribute type specifies the secretary of a person. +# The attribute value for Secretary is a distinguished name. +# +# secretary ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# distinguishedNameSyntax +# ::= {pilotAttributeType 21} +# +attributetype ( 0.9.2342.19200300.100.1.21 NAME 'secretary' + DESC 'RFC1274: DN of secretary' + EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) + +# 9.3.18. Other Mailbox +# +# The Other Mailbox attribute type specifies values for electronic +# mailbox types other than X.400 and rfc822. +# +# otherMailbox ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# SEQUENCE { +# mailboxType PrintableString, -- e.g. Telemail +# mailbox IA5String -- e.g. X378:Joe +# } +# ::= {pilotAttributeType 22} +# +attributetype ( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.39 ) + +# 9.3.19. Last Modified Time +# +# The Last Modified Time attribute type specifies the last time, in UTC +# time, that an entry was modified. Ideally, this attribute should be +# maintained by the DSA. +# +# lastModifiedTime ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# uTCTimeSyntax +# ::= {pilotAttributeType 23} +# +## Deprecated in favor of modifyTimeStamp +#attributetype ( 0.9.2342.19200300.100.1.23 NAME 'lastModifiedTime' +# DESC 'RFC1274: time of last modify, replaced by modifyTimestamp' +# OBSOLETE +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.53 +# USAGE directoryOperation ) + +# 9.3.20. Last Modified By +# +# The Last Modified By attribute specifies the distinguished name of +# the last user to modify the associated entry. Ideally, this +# attribute should be maintained by the DSA. +# +# lastModifiedBy ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# distinguishedNameSyntax +# ::= {pilotAttributeType 24} +# +## Deprecated in favor of modifiersName +#attributetype ( 0.9.2342.19200300.100.1.24 NAME 'lastModifiedBy' +# DESC 'RFC1274: last modifier, replaced by modifiersName' +# OBSOLETE +# EQUALITY distinguishedNameMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 +# USAGE directoryOperation ) + +# 9.3.21. Domain Component +# +# The Domain Component attribute type specifies a DNS/NRS domain. For +# example, "uk" or "ac". +# +# domainComponent ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreIA5StringSyntax +# SINGLE VALUE +# ::= {pilotAttributeType 25} +# +##(in core.schema) +##attributetype ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domainComponent' ) +## EQUALITY caseIgnoreIA5Match +## SUBSTR caseIgnoreIA5SubstringsMatch +## SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +# 9.3.22. DNS ARecord +# +# The A Record attribute type specifies a type A (Address) DNS resource +# record [6] [7]. +# +# aRecord ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# DNSRecordSyntax +# ::= {pilotAttributeType 26} +# +## incorrect syntax? +attributetype ( 0.9.2342.19200300.100.1.26 NAME 'aRecord' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +## missing from RFC1274 +## incorrect syntax? +attributetype ( 0.9.2342.19200300.100.1.27 NAME 'mDRecord' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +# 9.3.23. MX Record +# +# The MX Record attribute type specifies a type MX (Mail Exchange) DNS +# resource record [6] [7]. +# +# mXRecord ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# DNSRecordSyntax +# ::= {pilotAttributeType 28} +# +## incorrect syntax!! +attributetype ( 0.9.2342.19200300.100.1.28 NAME 'mXRecord' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +# 9.3.24. NS Record +# +# The NS Record attribute type specifies an NS (Name Server) DNS +# resource record [6] [7]. +# +# nSRecord ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# DNSRecordSyntax +# ::= {pilotAttributeType 29} +# +## incorrect syntax!! +attributetype ( 0.9.2342.19200300.100.1.29 NAME 'nSRecord' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +# 9.3.25. SOA Record +# +# The SOA Record attribute type specifies a type SOA (Start of +# Authority) DNS resorce record [6] [7]. +# +# sOARecord ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# DNSRecordSyntax +# ::= {pilotAttributeType 30} +# +## incorrect syntax!! +attributetype ( 0.9.2342.19200300.100.1.30 NAME 'sOARecord' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +# 9.3.26. CNAME Record +# +# The CNAME Record attribute type specifies a type CNAME (Canonical +# Name) DNS resource record [6] [7]. +# +# cNAMERecord ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# iA5StringSyntax +# ::= {pilotAttributeType 31} +# +## incorrect syntax!! +attributetype ( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +# 9.3.27. Associated Domain +# +# The Associated Domain attribute type specifies a DNS or NRS domain +# which is associated with an object in the DIT. For example, the entry +# in the DIT with a distinguished name "C=GB, O=University College +# London" would have an associated domain of "UCL.AC.UK. Note that all +# domains should be represented in rfc822 order. See [3] for more +# details of usage of this attribute. +# +# associatedDomain ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreIA5StringSyntax +# ::= {pilotAttributeType 37} +# +#attributetype ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain' +# EQUALITY caseIgnoreIA5Match +# SUBSTR caseIgnoreIA5SubstringsMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +# 9.3.28. Associated Name +# +# The Associated Name attribute type specifies an entry in the +# organisational DIT associated with a DNS/NRS domain. See [3] for +# more details of usage of this attribute. +# +# associatedName ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# distinguishedNameSyntax +# ::= {pilotAttributeType 38} +# +attributetype ( 0.9.2342.19200300.100.1.38 NAME 'associatedName' + DESC 'RFC1274: DN of entry associated with domain' + EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) + +# 9.3.29. Home postal address +# +# The Home postal address attribute type specifies a home postal +# address for an object. This should be limited to up to 6 lines of 30 +# characters each. +# +# homePostalAddress ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# postalAddress +# MATCHES FOR EQUALITY +# ::= {pilotAttributeType 39} +# +attributetype ( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress' + DESC 'RFC1274: home postal address' + EQUALITY caseIgnoreListMatch + SUBSTR caseIgnoreListSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) + +# 9.3.30. Personal Title +# +# The Personal Title attribute type specifies a personal title for a +# person. Examples of personal titles are "Ms", "Dr", "Prof" and "Rev". +# +# personalTitle ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-personal-title)) +# ::= {pilotAttributeType 40} +# +attributetype ( 0.9.2342.19200300.100.1.40 NAME 'personalTitle' + DESC 'RFC1274: personal title' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +# 9.3.31. Mobile Telephone Number +# +# The Mobile Telephone Number attribute type specifies a mobile +# telephone number associated with a person. Attribute values should +# follow the agreed format for international telephone numbers: i.e., +# "+44 71 123 4567". +# +# mobileTelephoneNumber ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# telephoneNumberSyntax +# ::= {pilotAttributeType 41} +# +attributetype ( 0.9.2342.19200300.100.1.41 + NAME ( 'mobile' 'mobileTelephoneNumber' ) + DESC 'RFC1274: mobile telephone number' + EQUALITY telephoneNumberMatch + SUBSTR telephoneNumberSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ) + +# 9.3.32. Pager Telephone Number +# +# The Pager Telephone Number attribute type specifies a pager telephone +# number for an object. Attribute values should follow the agreed +# format for international telephone numbers: i.e., "+44 71 123 4567". +# +# pagerTelephoneNumber ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# telephoneNumberSyntax +# ::= {pilotAttributeType 42} +# +attributetype ( 0.9.2342.19200300.100.1.42 + NAME ( 'pager' 'pagerTelephoneNumber' ) + DESC 'RFC1274: pager telephone number' + EQUALITY telephoneNumberMatch + SUBSTR telephoneNumberSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ) + +# 9.3.33. Friendly Country Name +# +# The Friendly Country Name attribute type specifies names of countries +# in human readable format. The standard attribute country name must +# be one of the two-letter codes defined in ISO 3166. +# +# friendlyCountryName ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# ::= {pilotAttributeType 43} +# +attributetype ( 0.9.2342.19200300.100.1.43 + NAME ( 'co' 'friendlyCountryName' ) + DESC 'RFC1274: friendly country name' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +# 9.3.34. Unique Identifier +# +# The Unique Identifier attribute type specifies a "unique identifier" +# for an object represented in the Directory. The domain within which +# the identifier is unique, and the exact semantics of the identifier, +# are for local definition. For a person, this might be an +# institution-wide payroll number. For an organisational unit, it +# might be a department code. +# +# uniqueIdentifier ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-unique-identifier)) +# ::= {pilotAttributeType 44} +# +attributetype ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier' + DESC 'RFC1274: unique identifer' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +# 9.3.35. Organisational Status +# +# The Organisational Status attribute type specifies a category by +# which a person is often referred to in an organisation. Examples of +# usage in academia might include undergraduate student, researcher, +# lecturer, etc. +# +# A Directory administrator should probably consider carefully the +# distinctions between this and the title and userClass attributes. +# +# organizationalStatus ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-organizational-status)) +# ::= {pilotAttributeType 45} +# +attributetype ( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus' + DESC 'RFC1274: organizational status' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +# 9.3.36. Janet Mailbox +# +# The Janet Mailbox attribute type specifies an electronic mailbox +# attribute following the syntax specified in the Grey Book of the +# Coloured Book series. This attribute is intended for the convenience +# of U.K users unfamiliar with rfc822 and little-endian mail addresses. +# Entries using this attribute MUST also include an rfc822Mailbox +# attribute. +# +# janetMailbox ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreIA5StringSyntax +# (SIZE (1 .. ub-janet-mailbox)) +# ::= {pilotAttributeType 46} +# +attributetype ( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox' + DESC 'RFC1274: Janet mailbox' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) + +# 9.3.37. Mail Preference Option +# +# An attribute to allow users to indicate a preference for inclusion of +# their names on mailing lists (electronic or physical). The absence +# of such an attribute should be interpreted as if the attribute was +# present with value "no-list-inclusion". This attribute should be +# interpreted by anyone using the directory to derive mailing lists, +# and its value respected. +# +# mailPreferenceOption ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX ENUMERATED { +# no-list-inclusion(0), +# any-list-inclusion(1), -- may be added to any lists +# professional-list-inclusion(2) +# -- may be added to lists +# -- which the list provider +# -- views as related to the +# -- users professional inter- +# -- ests, perhaps evaluated +# -- from the business of the +# -- organisation or keywords +# -- in the entry. +# } +# ::= {pilotAttributeType 47} +# +attributetype ( 0.9.2342.19200300.100.1.47 + NAME 'mailPreferenceOption' + DESC 'RFC1274: mail preference option' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) + +# 9.3.38. Building Name +# +# The Building Name attribute type specifies the name of the building +# where an organisation or organisational unit is based. +# +# buildingName ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-building-name)) +# ::= {pilotAttributeType 48} +# +attributetype ( 0.9.2342.19200300.100.1.48 NAME 'buildingName' + DESC 'RFC1274: name of building' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +# 9.3.39. DSA Quality +# +# The DSA Quality attribute type specifies the purported quality of a +# DSA. It allows a DSA manager to indicate the expected level of +# availability of the DSA. See [8] for details of the syntax. +# +# dSAQuality ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX DSAQualitySyntax +# SINGLE VALUE +# ::= {pilotAttributeType 49} +# +attributetype ( 0.9.2342.19200300.100.1.49 NAME 'dSAQuality' + DESC 'RFC1274: DSA Quality' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.19 SINGLE-VALUE ) + +# 9.3.40. Single Level Quality +# +# The Single Level Quality attribute type specifies the purported data +# quality at the level immediately below in the DIT. See [8] for +# details of the syntax. +# +# singleLevelQuality ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX DataQualitySyntax +# SINGLE VALUE +# ::= {pilotAttributeType 50} +# +attributetype ( 0.9.2342.19200300.100.1.50 NAME 'singleLevelQuality' + DESC 'RFC1274: Single Level Quality' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE ) + +# 9.3.41. Subtree Minimum Quality +# +# The Subtree Minimum Quality attribute type specifies the purported +# minimum data quality for a DIT subtree. See [8] for more discussion +# and details of the syntax. +# +# subtreeMinimumQuality ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX DataQualitySyntax +# SINGLE VALUE +# -- Defaults to singleLevelQuality +# ::= {pilotAttributeType 51} +# +attributetype ( 0.9.2342.19200300.100.1.51 NAME 'subtreeMinimumQuality' + DESC 'RFC1274: Subtree Mininum Quality' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE ) + +# 9.3.42. Subtree Maximum Quality +# +# The Subtree Maximum Quality attribute type specifies the purported +# maximum data quality for a DIT subtree. See [8] for more discussion +# and details of the syntax. +# +# subtreeMaximumQuality ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX DataQualitySyntax +# SINGLE VALUE +# -- Defaults to singleLevelQuality +# ::= {pilotAttributeType 52} +# +attributetype ( 0.9.2342.19200300.100.1.52 NAME 'subtreeMaximumQuality' + DESC 'RFC1274: Subtree Maximun Quality' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE ) + +# 9.3.43. Personal Signature +# +# The Personal Signature attribute type allows for a representation of +# a person's signature. This should be encoded in G3 fax as explained +# in recommendation T.4, with an ASN.1 wrapper to make it compatible +# with an X.400 BodyPart as defined in X.420. +# +# IMPORT G3FacsimileBodyPart FROM { mhs-motis ipms modules +# information-objects } +# +# personalSignature ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# CHOICE { +# g3-facsimile [3] G3FacsimileBodyPart +# } +# (SIZE (1 .. ub-personal-signature)) +# ::= {pilotAttributeType 53} +# +attributetype ( 0.9.2342.19200300.100.1.53 NAME 'personalSignature' + DESC 'RFC1274: Personal Signature (G3 fax)' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.23 ) + +# 9.3.44. DIT Redirect +# +# The DIT Redirect attribute type is used to indicate that the object +# described by one entry now has a newer entry in the DIT. The entry +# containing the redirection attribute should be expired after a +# suitable grace period. This attribute may be used when an individual +# changes his/her place of work, and thus acquires a new organisational +# DN. +# +# dITRedirect ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# distinguishedNameSyntax +# ::= {pilotAttributeType 54} +# +attributetype ( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect' + DESC 'RFC1274: DIT Redirect' + EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) + +# 9.3.45. Audio +# +# The Audio attribute type allows the storing of sounds in the +# Directory. The attribute uses a u-law encoded sound file as used by +# the "play" utility on a Sun 4. This is an interim format. +# +# audio ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# Audio +# (SIZE (1 .. ub-audio)) +# ::= {pilotAttributeType 55} +# +attributetype ( 0.9.2342.19200300.100.1.55 NAME 'audio' + DESC 'RFC1274: audio (u-law)' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.4{25000} ) + +# 9.3.46. Publisher of Document +# +# +# The Publisher of Document attribute is the person and/or organization +# that published a document. +# +# documentPublisher ATTRIBUTE +# WITH ATTRIBUTE SYNTAX caseIgnoreStringSyntax +# ::= {pilotAttributeType 56} +# +attributetype ( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher' + DESC 'RFC1274: publisher of document' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +# 9.4. Generally useful syntaxes +# +# caseIgnoreIA5StringSyntax ATTRIBUTE-SYNTAX +# IA5String +# MATCHES FOR EQUALITY SUBSTRINGS +# +# iA5StringSyntax ATTRIBUTE-SYNTAX +# IA5String +# MATCHES FOR EQUALITY SUBSTRINGS +# +# +# -- Syntaxes to support the DNS attributes +# +# DNSRecordSyntax ATTRIBUTE-SYNTAX +# IA5String +# MATCHES FOR EQUALITY +# +# +# NRSInformationSyntax ATTRIBUTE-SYNTAX +# NRSInformation +# MATCHES FOR EQUALITY +# +# +# NRSInformation ::= SET { +# [0] Context, +# [1] Address-space-id, +# routes [2] SEQUENCE OF SEQUENCE { +# Route-cost, +# Addressing-info } +# } +# +# +# 9.5. Upper bounds on length of attribute values +# +# +# ub-document-identifier INTEGER ::= 256 +# +# ub-document-location INTEGER ::= 256 +# +# ub-document-title INTEGER ::= 256 +# +# ub-document-version INTEGER ::= 256 +# +# ub-favourite-drink INTEGER ::= 256 +# +# ub-host INTEGER ::= 256 +# +# ub-information INTEGER ::= 2048 +# +# ub-unique-identifier INTEGER ::= 256 +# +# ub-personal-title INTEGER ::= 256 +# +# ub-photo INTEGER ::= 250000 +# +# ub-rfc822-mailbox INTEGER ::= 256 +# +# ub-room-number INTEGER ::= 256 +# +# ub-text-or-address INTEGER ::= 256 +# +# ub-user-class INTEGER ::= 256 +# +# ub-user-identifier INTEGER ::= 256 +# +# ub-organizational-status INTEGER ::= 256 +# +# ub-janet-mailbox INTEGER ::= 256 +# +# ub-building-name INTEGER ::= 256 +# +# ub-personal-signature ::= 50000 +# +# ub-audio INTEGER ::= 250000 +# + +# [back to 8] +# 8. Object Classes +# +# 8.1. X.500 standard object classes +# +# A number of generally useful object classes are defined in X.521, and +# these are supported. Refer to that document for descriptions of the +# suggested usage of these object classes. The ASN.1 for these object +# classes is reproduced for completeness in Appendix C. +# +# 8.2. X.400 standard object classes +# +# A number of object classes defined in X.400 are supported. Refer to +# X.402 for descriptions of the usage of these object classes. The +# ASN.1 for these object classes is reproduced for completeness in +# Appendix C. +# +# 8.3. COSINE/Internet object classes +# +# This section attempts to fuse together the object classes designed +# for use in the COSINE and Internet pilot activities. Descriptions +# are given of the suggested usage of these object classes. The ASN.1 +# for these object classes is also reproduced in Appendix C. +# +# 8.3.1. Pilot Object +# +# The PilotObject object class is used as a sub-class to allow some +# common, useful attributes to be assigned to entries of all other +# object classes. +# +# pilotObject OBJECT-CLASS +# SUBCLASS OF top +# MAY CONTAIN { +# info, +# photo, +# manager, +# uniqueIdentifier, +# lastModifiedTime, +# lastModifiedBy, +# dITRedirect, +# audio} +# ::= {pilotObjectClass 3} +# +#objectclass ( 0.9.2342.19200300.100.4.3 NAME 'pilotObject' +# DESC 'RFC1274: pilot object' +# SUP top AUXILIARY +# MAY ( info $ photo $ manager $ uniqueIdentifier $ +# lastModifiedTime $ lastModifiedBy $ dITRedirect $ audio ) +# ) + +# 8.3.2. Pilot Person +# +# The PilotPerson object class is used as a sub-class of person, to +# allow the use of a number of additional attributes to be assigned to +# entries of object class person. +# +# pilotPerson OBJECT-CLASS +# SUBCLASS OF person +# MAY CONTAIN { +# userid, +# textEncodedORAddress, +# rfc822Mailbox, +# favouriteDrink, +# roomNumber, +# userClass, +# homeTelephoneNumber, +# homePostalAddress, +# secretary, +# personalTitle, +# preferredDeliveryMethod, +# businessCategory, +# janetMailbox, +# otherMailbox, +# mobileTelephoneNumber, +# pagerTelephoneNumber, +# organizationalStatus, +# mailPreferenceOption, +# personalSignature} +# ::= {pilotObjectClass 4} +# +objectclass ( 0.9.2342.19200300.100.4.4 + NAME ( 'pilotPerson' 'newPilotPerson' ) + SUP person STRUCTURAL + MAY ( userid $ textEncodedORAddress $ rfc822Mailbox $ + favouriteDrink $ roomNumber $ userClass $ + homeTelephoneNumber $ homePostalAddress $ secretary $ + personalTitle $ preferredDeliveryMethod $ businessCategory $ + janetMailbox $ otherMailbox $ mobileTelephoneNumber $ + pagerTelephoneNumber $ organizationalStatus $ + mailPreferenceOption $ personalSignature ) + ) + +# 8.3.3. Account +# +# The Account object class is used to define entries representing +# computer accounts. The userid attribute should be used for naming +# entries of this object class. +# +# account OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# userid} +# MAY CONTAIN { +# description, +# seeAlso, +# localityName, +# organizationName, +# organizationalUnitName, +# host} +# ::= {pilotObjectClass 5} +# +objectclass ( 0.9.2342.19200300.100.4.5 NAME 'account' + SUP top STRUCTURAL + MUST userid + MAY ( description $ seeAlso $ localityName $ + organizationName $ organizationalUnitName $ host ) + ) + +# 8.3.4. Document +# +# The Document object class is used to define entries which represent +# documents. +# +# document OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# documentIdentifier} +# MAY CONTAIN { +# commonName, +# description, +# seeAlso, +# localityName, +# organizationName, +# organizationalUnitName, +# documentTitle, +# documentVersion, +# documentAuthor, +# documentLocation, +# documentPublisher} +# ::= {pilotObjectClass 6} +# +objectclass ( 0.9.2342.19200300.100.4.6 NAME 'document' + SUP top STRUCTURAL + MUST documentIdentifier + MAY ( commonName $ description $ seeAlso $ localityName $ + organizationName $ organizationalUnitName $ + documentTitle $ documentVersion $ documentAuthor $ + documentLocation $ documentPublisher ) + ) + +# 8.3.5. Room +# +# The Room object class is used to define entries representing rooms. +# The commonName attribute should be used for naming pentries of this +# object class. +# +# room OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# commonName} +# MAY CONTAIN { +# roomNumber, +# description, +# seeAlso, +# telephoneNumber} +# ::= {pilotObjectClass 7} +# +objectclass ( 0.9.2342.19200300.100.4.7 NAME 'room' + SUP top STRUCTURAL + MUST commonName + MAY ( roomNumber $ description $ seeAlso $ telephoneNumber ) + ) + +# 8.3.6. Document Series +# +# The Document Series object class is used to define an entry which +# represents a series of documents (e.g., The Request For Comments +# papers). +# +# documentSeries OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# commonName} +# MAY CONTAIN { +# description, +# seeAlso, +# telephoneNumber, +# localityName, +# organizationName, +# organizationalUnitName} +# ::= {pilotObjectClass 9} +# +objectclass ( 0.9.2342.19200300.100.4.9 NAME 'documentSeries' + SUP top STRUCTURAL + MUST commonName + MAY ( description $ seeAlso $ telephonenumber $ + localityName $ organizationName $ organizationalUnitName ) + ) + +# 8.3.7. Domain +# +# The Domain object class is used to define entries which represent DNS +# or NRS domains. The domainComponent attribute should be used for +# naming entries of this object class. The usage of this object class +# is described in more detail in [3]. +# +# domain OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# domainComponent} +# MAY CONTAIN { +# associatedName, +# organizationName, +# organizationalAttributeSet} +# ::= {pilotObjectClass 13} +# +objectclass ( 0.9.2342.19200300.100.4.13 NAME 'domain' + SUP top STRUCTURAL + MUST domainComponent + MAY ( associatedName $ organizationName $ description $ + businessCategory $ seeAlso $ searchGuide $ userPassword $ + localityName $ stateOrProvinceName $ streetAddress $ + physicalDeliveryOfficeName $ postalAddress $ postalCode $ + postOfficeBox $ streetAddress $ + facsimileTelephoneNumber $ internationalISDNNumber $ + telephoneNumber $ teletexTerminalIdentifier $ telexNumber $ + preferredDeliveryMethod $ destinationIndicator $ + registeredAddress $ x121Address ) + ) + +# 8.3.8. RFC822 Local Part +# +# The RFC822 Local Part object class is used to define entries which +# represent the local part of RFC822 mail addresses. This treats this +# part of an RFC822 address as a domain. The usage of this object +# class is described in more detail in [3]. +# +# rFC822localPart OBJECT-CLASS +# SUBCLASS OF domain +# MAY CONTAIN { +# commonName, +# surname, +# description, +# seeAlso, +# telephoneNumber, +# postalAttributeSet, +# telecommunicationAttributeSet} +# ::= {pilotObjectClass 14} +# +objectclass ( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart' + SUP domain STRUCTURAL + MAY ( commonName $ surname $ description $ seeAlso $ telephoneNumber $ + physicalDeliveryOfficeName $ postalAddress $ postalCode $ + postOfficeBox $ streetAddress $ + facsimileTelephoneNumber $ internationalISDNNumber $ + telephoneNumber $ teletexTerminalIdentifier $ + telexNumber $ preferredDeliveryMethod $ destinationIndicator $ + registeredAddress $ x121Address ) + ) + +# 8.3.9. DNS Domain +# +# The DNS Domain (Domain NameServer) object class is used to define +# entries for DNS domains. The usage of this object class is described +# in more detail in [3]. +# +# dNSDomain OBJECT-CLASS +# SUBCLASS OF domain +# MAY CONTAIN { +# ARecord, +# MDRecord, +# MXRecord, +# NSRecord, +# SOARecord, +# CNAMERecord} +# ::= {pilotObjectClass 15} +# +objectclass ( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain' + SUP domain STRUCTURAL + MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $ + SOARecord $ CNAMERecord ) + ) + +# 8.3.10. Domain Related Object +# +# The Domain Related Object object class is used to define entries +# which represent DNS/NRS domains which are "equivalent" to an X.500 +# domain: e.g., an organisation or organisational unit. The usage of +# this object class is described in more detail in [3]. +# +# domainRelatedObject OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# associatedDomain} +# ::= {pilotObjectClass 17} +# +objectclass ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject' + DESC 'RFC1274: an object related to an domain' + SUP top AUXILIARY + MUST associatedDomain ) + +# 8.3.11. Friendly Country +# +# The Friendly Country object class is used to define country entries +# in the DIT. The object class is used to allow friendlier naming of +# countries than that allowed by the object class country. The naming +# attribute of object class country, countryName, has to be a 2 letter +# string defined in ISO 3166. +# +# friendlyCountry OBJECT-CLASS +# SUBCLASS OF country +# MUST CONTAIN { +# friendlyCountryName} +# ::= {pilotObjectClass 18} +# +objectclass ( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry' + SUP country STRUCTURAL + MUST friendlyCountryName ) + +# 8.3.12. Simple Security Object +# +# The Simple Security Object object class is used to allow an entry to +# have a userPassword attribute when an entry's principal object +# classes do not allow userPassword as an attribute type. +# +# simpleSecurityObject OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# userPassword } +# ::= {pilotObjectClass 19} +# +## (in core.schema) +## objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject' +## SUP top AUXILIARY +## MUST userPassword ) + +# 8.3.13. Pilot Organization +# +# The PilotOrganization object class is used as a sub-class of +# organization and organizationalUnit to allow a number of additional +# attributes to be assigned to entries of object classes organization +# and organizationalUnit. +# +# pilotOrganization OBJECT-CLASS +# SUBCLASS OF organization, organizationalUnit +# MAY CONTAIN { +# buildingName} +# ::= {pilotObjectClass 20} +# +objectclass ( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization' + SUP ( organization $ organizationalUnit ) STRUCTURAL + MAY buildingName ) + +# 8.3.14. Pilot DSA +# +# The PilotDSA object class is used as a sub-class of the dsa object +# class to allow additional attributes to be assigned to entries for +# DSAs. +# +# pilotDSA OBJECT-CLASS +# SUBCLASS OF dsa +# MUST CONTAIN { +# dSAQuality} +# ::= {pilotObjectClass 21} +# +objectclass ( 0.9.2342.19200300.100.4.21 NAME 'pilotDSA' + SUP dsa STRUCTURAL + MAY dSAQuality ) + +# 8.3.15. Quality Labelled Data +# +# The Quality Labelled Data object class is used to allow the +# assignment of the data quality attributes to subtrees in the DIT. +# +# See [8] for more details. +# +# qualityLabelledData OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# dSAQuality} +# MAY CONTAIN { +# subtreeMinimumQuality, +# subtreeMaximumQuality} +# ::= {pilotObjectClass 22} +objectclass ( 0.9.2342.19200300.100.4.22 NAME 'qualityLabelledData' + SUP top AUXILIARY + MUST dsaQuality + MAY ( subtreeMinimumQuality $ subtreeMaximumQuality ) + ) + + +# References +# +# [1] CCITT/ISO, "X.500, The Directory - overview of concepts, +# models and services, CCITT /ISO IS 9594. +# +# [2] Kille, S., "The THORN and RARE X.500 Naming Architecture, in +# University College London, Department of Computer Science +# Research Note 89/48, May 1989. +# +# [3] Kille, S., "X.500 and Domains", RFC 1279, University College +# London, November 1991. +# +# [4] Rose, M., "PSI/NYSERNet White Pages Pilot Project: Status +# Report", Technical Report 90-09-10-1, published by NYSERNet +# Inc, 1990. +# +# [5] Craigie, J., "UK Academic Community Directory Service Pilot +# Project, pp. 305-310 in Computer Networks and ISDN Systems +# 17 (1989), published by North Holland. +# +# [6] Mockapetris, P., "Domain Names - Concepts and Facilities", +# RFC 1034, USC/Information Sciences Institute, November 1987. +# +# [7] Mockapetris, P., "Domain Names - Implementation and +# Specification, RFC 1035, USC/Information Sciences Institute, +# November 1987. +# +# [8] Kille, S., "Handling QOS (Quality of service) in the +# Directory," publication in process, March 1991. +# +# +# APPENDIX C - Summary of all Object Classes and Attribute Types +# +# -- Some Important Object Identifiers +# +# data OBJECT IDENTIFIER ::= {ccitt 9} +# pss OBJECT IDENTIFIER ::= {data 2342} +# ucl OBJECT IDENTIFIER ::= {pss 19200300} +# pilot OBJECT IDENTIFIER ::= {ucl 100} +# +# pilotAttributeType OBJECT IDENTIFIER ::= {pilot 1} +# pilotAttributeSyntax OBJECT IDENTIFIER ::= {pilot 3} +# pilotObjectClass OBJECT IDENTIFIER ::= {pilot 4} +# pilotGroups OBJECT IDENTIFIER ::= {pilot 10} +# +# iA5StringSyntax OBJECT IDENTIFIER ::= {pilotAttributeSyntax 4} +# caseIgnoreIA5StringSyntax OBJECT IDENTIFIER ::= +# {pilotAttributeSyntax 5} +# +# -- Standard Object Classes +# +# top OBJECT-CLASS +# MUST CONTAIN { +# objectClass} +# ::= {objectClass 0} +# +# +# alias OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# aliasedObjectName} +# ::= {objectClass 1} +# +# +# country OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# countryName} +# MAY CONTAIN { +# description, +# searchGuide} +# ::= {objectClass 2} +# +# +# locality OBJECT-CLASS +# SUBCLASS OF top +# MAY CONTAIN { +# description, +# localityName, +# stateOrProvinceName, +# searchGuide, +# seeAlso, +# streetAddress} +# ::= {objectClass 3} +# +# +# organization OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# organizationName} +# MAY CONTAIN { +# organizationalAttributeSet} +# ::= {objectClass 4} +# +# +# organizationalUnit OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# organizationalUnitName} +# MAY CONTAIN { +# organizationalAttributeSet} +# ::= {objectClass 5} +# +# +# person OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# commonName, +# surname} +# MAY CONTAIN { +# description, +# seeAlso, +# telephoneNumber, +# userPassword} +# ::= {objectClass 6} +# +# +# organizationalPerson OBJECT-CLASS +# SUBCLASS OF person +# MAY CONTAIN { +# localeAttributeSet, +# organizationalUnitName, +# postalAttributeSet, +# telecommunicationAttributeSet, +# title} +# ::= {objectClass 7} +# +# +# organizationalRole OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# commonName} +# MAY CONTAIN { +# description, +# localeAttributeSet, +# organizationalUnitName, +# postalAttributeSet, +# preferredDeliveryMethod, +# roleOccupant, +# seeAlso, +# telecommunicationAttributeSet} +# ::= {objectClass 8} +# +# +# groupOfNames OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# commonName, +# member} +# MAY CONTAIN { +# description, +# organizationName, +# organizationalUnitName, +# owner, +# seeAlso, +# businessCategory} +# ::= {objectClass 9} +# +# +# residentialPerson OBJECT-CLASS +# SUBCLASS OF person +# MUST CONTAIN { +# localityName} +# MAY CONTAIN { +# localeAttributeSet, +# postalAttributeSet, +# preferredDeliveryMethod, +# telecommunicationAttributeSet, +# businessCategory} +# ::= {objectClass 10} +# +# +# applicationProcess OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# commonName} +# MAY CONTAIN { +# description, +# localityName, +# organizationalUnitName, +# seeAlso} +# ::= {objectClass 11} +# +# +# applicationEntity OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# commonName, +# presentationAddress} +# MAY CONTAIN { +# description, +# localityName, +# organizationName, +# organizationalUnitName, +# seeAlso, +# supportedApplicationContext} +# ::= {objectClass 12} +# +# +# dSA OBJECT-CLASS +# SUBCLASS OF applicationEntity +# MAY CONTAIN { +# knowledgeInformation} +# ::= {objectClass 13} +# +# +# device OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# commonName} +# MAY CONTAIN { +# description, +# localityName, +# organizationName, +# organizationalUnitName, +# owner, +# seeAlso, +# serialNumber} +# ::= {objectClass 14} +# +# +# strongAuthenticationUser OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# userCertificate} +# ::= {objectClass 15} +# +# +# certificationAuthority OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# cACertificate, +# certificateRevocationList, +# authorityRevocationList} +# MAY CONTAIN { +# crossCertificatePair} +# ::= {objectClass 16} +# +# -- Standard MHS Object Classes +# +# mhsDistributionList OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# commonName, +# mhsDLSubmitPermissions, +# mhsORAddresses} +# MAY CONTAIN { +# description, +# organizationName, +# organizationalUnitName, +# owner, +# seeAlso, +# mhsDeliverableContentTypes, +# mhsdeliverableEits, +# mhsDLMembers, +# mhsPreferredDeliveryMethods} +# ::= {mhsObjectClass 0} +# +# +# mhsMessageStore OBJECT-CLASS +# SUBCLASS OF applicationEntity +# MAY CONTAIN { +# description, +# owner, +# mhsSupportedOptionalAttributes, +# mhsSupportedAutomaticActions, +# mhsSupportedContentTypes} +# ::= {mhsObjectClass 1} +# +# +# mhsMessageTransferAgent OBJECT-CLASS +# SUBCLASS OF applicationEntity +# MAY CONTAIN { +# description, +# owner, +# mhsDeliverableContentLength} +# ::= {mhsObjectClass 2} +# +# +# mhsOrganizationalUser OBJECT-CLASS +# SUBCLASS OF organizationalPerson +# MUST CONTAIN { +# mhsORAddresses} +# MAY CONTAIN { +# mhsDeliverableContentLength, +# mhsDeliverableContentTypes, +# mhsDeliverableEits, +# mhsMessageStoreName, +# mhsPreferredDeliveryMethods } +# ::= {mhsObjectClass 3} +# +# +# mhsResidentialUser OBJECT-CLASS +# SUBCLASS OF residentialPerson +# MUST CONTAIN { +# mhsORAddresses} +# MAY CONTAIN { +# mhsDeliverableContentLength, +# mhsDeliverableContentTypes, +# mhsDeliverableEits, +# mhsMessageStoreName, +# mhsPreferredDeliveryMethods } +# ::= {mhsObjectClass 4} +# +# +# mhsUserAgent OBJECT-CLASS +# SUBCLASS OF applicationEntity +# MAY CONTAIN { +# mhsDeliverableContentLength, +# mhsDeliverableContentTypes, +# mhsDeliverableEits, +# mhsORAddresses, +# owner} +# ::= {mhsObjectClass 5} +# +# +# +# +# -- Pilot Object Classes +# +# pilotObject OBJECT-CLASS +# SUBCLASS OF top +# MAY CONTAIN { +# info, +# photo, +# manager, +# uniqueIdentifier, +# lastModifiedTime, +# lastModifiedBy, +# dITRedirect, +# audio} +# ::= {pilotObjectClass 3} +# pilotPerson OBJECT-CLASS +# SUBCLASS OF person +# MAY CONTAIN { +# userid, +# textEncodedORAddress, +# rfc822Mailbox, +# favouriteDrink, +# roomNumber, +# userClass, +# homeTelephoneNumber, +# homePostalAddress, +# secretary, +# personalTitle, +# preferredDeliveryMethod, +# businessCategory, +# janetMailbox, +# otherMailbox, +# mobileTelephoneNumber, +# pagerTelephoneNumber, +# organizationalStatus, +# mailPreferenceOption, +# personalSignature} +# ::= {pilotObjectClass 4} +# +# +# account OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# userid} +# MAY CONTAIN { +# description, +# seeAlso, +# localityName, +# organizationName, +# organizationalUnitName, +# host} +# ::= {pilotObjectClass 5} +# +# +# document OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# documentIdentifier} +# MAY CONTAIN { +# commonName, +# description, +# seeAlso, +# localityName, +# organizationName, +# organizationalUnitName, +# documentTitle, +# documentVersion, +# documentAuthor, +# documentLocation, +# documentPublisher} +# ::= {pilotObjectClass 6} +# +# +# room OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# commonName} +# MAY CONTAIN { +# roomNumber, +# description, +# seeAlso, +# telephoneNumber} +# ::= {pilotObjectClass 7} +# +# +# documentSeries OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# commonName} +# MAY CONTAIN { +# description, +# seeAlso, +# telephoneNumber, +# localityName, +# organizationName, +# organizationalUnitName} +# ::= {pilotObjectClass 9} +# +# +# domain OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# domainComponent} +# MAY CONTAIN { +# associatedName, +# organizationName, +# organizationalAttributeSet} +# ::= {pilotObjectClass 13} +# +# +# rFC822localPart OBJECT-CLASS +# SUBCLASS OF domain +# MAY CONTAIN { +# commonName, +# surname, +# description, +# seeAlso, +# telephoneNumber, +# postalAttributeSet, +# telecommunicationAttributeSet} +# ::= {pilotObjectClass 14} +# +# +# dNSDomain OBJECT-CLASS +# SUBCLASS OF domain +# MAY CONTAIN { +# ARecord, +# MDRecord, +# MXRecord, +# NSRecord, +# SOARecord, +# CNAMERecord} +# ::= {pilotObjectClass 15} +# +# +# domainRelatedObject OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# associatedDomain} +# ::= {pilotObjectClass 17} +# +# +# friendlyCountry OBJECT-CLASS +# SUBCLASS OF country +# MUST CONTAIN { +# friendlyCountryName} +# ::= {pilotObjectClass 18} +# +# +# simpleSecurityObject OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# userPassword } +# ::= {pilotObjectClass 19} +# +# +# pilotOrganization OBJECT-CLASS +# SUBCLASS OF organization, organizationalUnit +# MAY CONTAIN { +# buildingName} +# ::= {pilotObjectClass 20} +# +# +# pilotDSA OBJECT-CLASS +# SUBCLASS OF dsa +# MUST CONTAIN { +# dSAQuality} +# ::= {pilotObjectClass 21} +# +# +# qualityLabelledData OBJECT-CLASS +# SUBCLASS OF top +# MUST CONTAIN { +# dSAQuality} +# MAY CONTAIN { +# subtreeMinimumQuality, +# subtreeMaximumQuality} +# ::= {pilotObjectClass 22} +# +# +# +# +# -- Standard Attribute Types +# +# objectClass ObjectClass +# ::= {attributeType 0} +# +# +# aliasedObjectName AliasedObjectName +# ::= {attributeType 1} +# +# +# knowledgeInformation ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX caseIgnoreString +# ::= {attributeType 2} +# +# +# commonName ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax +# (SIZE (1..ub-common-name)) +# ::= {attributeType 3} +# +# +# surname ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax +# (SIZE (1..ub-surname)) +# ::= {attributeType 4} +# +# +# serialNumber ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX printableStringSyntax +# (SIZE (1..ub-serial-number)) +# ::= {attributeType 5} +# +# +# countryName ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX PrintableString +# (SIZE (1..ub-country-code)) +# SINGLE VALUE +# ::= {attributeType 6} +# +# +# localityName ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax +# (SIZE (1..ub-locality-name)) +# ::= {attributeType 7} +# +# +# stateOrProvinceName ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax +# (SIZE (1..ub-state-name)) +# ::= {attributeType 8} +# +# +# streetAddress ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax +# (SIZE (1..ub-street-address)) +# ::= {attributeType 9} +# +# +# organizationName ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax +# (SIZE (1..ub-organization-name)) +# ::= {attributeType 10} +# +# +# organizationalUnitName ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax +# (SIZE (1..ub-organizational-unit-name)) +# ::= {attributeType 11} +# +# +# title ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax +# (SIZE (1..ub-title)) +# ::= {attributeType 12} +# +# +# description ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax +# (SIZE (1..ub-description)) +# ::= {attributeType 13} +# +# +# searchGuide ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX Guide +# ::= {attributeType 14} +# +# +# businessCategory ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax +# (SIZE (1..ub-business-category)) +# ::= {attributeType 15} +# +# +# postalAddress ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX PostalAddress +# MATCHES FOR EQUALITY +# ::= {attributeType 16} +# +# +# postalCode ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax +# (SIZE (1..ub-postal-code)) +# ::= {attributeType 17} +# +# +# postOfficeBox ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax +# (SIZE (1..ub-post-office-box)) +# ::= {attributeType 18} +# +# +# physicalDeliveryOfficeName ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax +# (SIZE (1..ub-physical-office-name)) +# ::= {attributeType 19} +# +# +# telephoneNumber ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX telephoneNumberSyntax +# (SIZE (1..ub-telephone-number)) +# ::= {attributeType 20} +# +# +# telexNumber ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX TelexNumber +# (SIZE (1..ub-telex)) +# ::= {attributeType 21} +# +# +# teletexTerminalIdentifier ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX TeletexTerminalIdentifier +# (SIZE (1..ub-teletex-terminal-id)) +# ::= {attributeType 22} +# +# +# facsimileTelephoneNumber ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX FacsimileTelephoneNumber +# ::= {attributeType 23} +# +# +# x121Address ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX NumericString +# (SIZE (1..ub-x121-address)) +# ::= {attributeType 24} +# +# +# internationaliSDNNumber ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX NumericString +# (SIZE (1..ub-isdn-address)) +# ::= {attributeType 25} +# +# +# registeredAddress ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX PostalAddress +# ::= {attributeType 26} +# +# +# destinationIndicator ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX PrintableString +# (SIZE (1..ub-destination-indicator)) +# MATCHES FOR EQUALITY SUBSTRINGS +# ::= {attributeType 27} +# +# +# preferredDeliveryMethod ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX deliveryMethod +# ::= {attributeType 28} +# +# +# presentationAddress ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX PresentationAddress +# MATCHES FOR EQUALITY +# ::= {attributeType 29} +# +# +# supportedApplicationContext ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX objectIdentifierSyntax +# ::= {attributeType 30} +# +# +# member ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax +# ::= {attributeType 31} +# +# +# owner ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax +# ::= {attributeType 32} +# +# +# roleOccupant ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax +# ::= {attributeType 33} +# +# +# seeAlso ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax +# ::= {attributeType 34} +# +# +# userPassword ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX Userpassword +# ::= {attributeType 35} +# +# +# userCertificate ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX UserCertificate +# ::= {attributeType 36} +# +# +# cACertificate ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX cACertificate +# ::= {attributeType 37} +# +# +# authorityRevocationList ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX AuthorityRevocationList +# ::= {attributeType 38} +# +# +# certificateRevocationList ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX CertificateRevocationList +# ::= {attributeType 39} +# +# +# crossCertificatePair ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX CrossCertificatePair +# ::= {attributeType 40} +# +# +# +# +# -- Standard MHS Attribute Types +# +# mhsDeliverableContentLength ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX integer +# ::= {mhsAttributeType 0} +# +# +# mhsDeliverableContentTypes ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX oID +# ::= {mhsAttributeType 1} +# +# +# mhsDeliverableEits ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX oID +# ::= {mhsAttributeType 2} +# +# +# mhsDLMembers ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX oRName +# ::= {mhsAttributeType 3} +# +# +# mhsDLSubmitPermissions ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX dLSubmitPermission +# ::= {mhsAttributeType 4} +# +# +# mhsMessageStoreName ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX dN +# ::= {mhsAttributeType 5} +# +# +# mhsORAddresses ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX oRAddress +# ::= {mhsAttributeType 6} +# +# +# mhsPreferredDeliveryMethods ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX deliveryMethod +# ::= {mhsAttributeType 7} +# +# +# mhsSupportedAutomaticActions ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX oID +# ::= {mhsAttributeType 8} +# +# +# mhsSupportedContentTypes ATTRIBUTE +# +# WITH ATTRIBUTE-SYNTAX oID +# ::= {mhsAttributeType 9} +# +# +# mhsSupportedOptionalAttributes ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX oID +# ::= {mhsAttributeType 10} +# +# +# +# +# -- Pilot Attribute Types +# +# userid ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-user-identifier)) +# ::= {pilotAttributeType 1} +# +# +# textEncodedORAddress ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-text-encoded-or-address)) +# ::= {pilotAttributeType 2} +# +# +# rfc822Mailbox ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreIA5StringSyntax +# (SIZE (1 .. ub-rfc822-mailbox)) +# ::= {pilotAttributeType 3} +# +# +# info ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-information)) +# ::= {pilotAttributeType 4} +# +# +# favouriteDrink ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-favourite-drink)) +# ::= {pilotAttributeType 5} +# +# +# roomNumber ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-room-number)) +# ::= {pilotAttributeType 6} +# +# +# photo ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# CHOICE { +# g3-facsimile [3] G3FacsimileBodyPart +# } +# (SIZE (1 .. ub-photo)) +# ::= {pilotAttributeType 7} +# +# +# userClass ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-user-class)) +# ::= {pilotAttributeType 8} +# +# +# host ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-host)) +# ::= {pilotAttributeType 9} +# +# +# manager ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# distinguishedNameSyntax +# ::= {pilotAttributeType 10} +# +# +# documentIdentifier ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-document-identifier)) +# ::= {pilotAttributeType 11} +# +# +# documentTitle ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-document-title)) +# ::= {pilotAttributeType 12} +# +# +# documentVersion ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-document-version)) +# ::= {pilotAttributeType 13} +# +# +# documentAuthor ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# distinguishedNameSyntax +# ::= {pilotAttributeType 14} +# +# +# documentLocation ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-document-location)) +# ::= {pilotAttributeType 15} +# +# +# homeTelephoneNumber ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# telephoneNumberSyntax +# ::= {pilotAttributeType 20} +# +# +# secretary ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# distinguishedNameSyntax +# ::= {pilotAttributeType 21} +# +# +# otherMailbox ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# SEQUENCE { +# mailboxType PrintableString, -- e.g. Telemail +# mailbox IA5String -- e.g. X378:Joe +# } +# ::= {pilotAttributeType 22} +# +# +# lastModifiedTime ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# uTCTimeSyntax +# ::= {pilotAttributeType 23} +# +# +# lastModifiedBy ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# distinguishedNameSyntax +# ::= {pilotAttributeType 24} +# +# +# domainComponent ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreIA5StringSyntax +# SINGLE VALUE +# ::= {pilotAttributeType 25} +# +# +# aRecord ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# DNSRecordSyntax +# ::= {pilotAttributeType 26} +# +# +# mXRecord ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# DNSRecordSyntax +# ::= {pilotAttributeType 28} +# +# +# nSRecord ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# DNSRecordSyntax +# ::= {pilotAttributeType 29} +# +# sOARecord ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# DNSRecordSyntax +# ::= {pilotAttributeType 30} +# +# +# cNAMERecord ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# iA5StringSyntax +# ::= {pilotAttributeType 31} +# +# +# associatedDomain ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreIA5StringSyntax +# ::= {pilotAttributeType 37} +# +# +# associatedName ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# distinguishedNameSyntax +# ::= {pilotAttributeType 38} +# +# +# homePostalAddress ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# postalAddress +# MATCHES FOR EQUALITY +# ::= {pilotAttributeType 39} +# +# +# personalTitle ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-personal-title)) +# ::= {pilotAttributeType 40} +# +# +# mobileTelephoneNumber ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# telephoneNumberSyntax +# ::= {pilotAttributeType 41} +# +# +# pagerTelephoneNumber ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# telephoneNumberSyntax +# ::= {pilotAttributeType 42} +# +# +# friendlyCountryName ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# ::= {pilotAttributeType 43} +# +# +# uniqueIdentifier ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-unique-identifier)) +# ::= {pilotAttributeType 44} +# +# +# organizationalStatus ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-organizational-status)) +# ::= {pilotAttributeType 45} +# +# +# janetMailbox ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreIA5StringSyntax +# (SIZE (1 .. ub-janet-mailbox)) +# ::= {pilotAttributeType 46} +# +# +# mailPreferenceOption ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX ENUMERATED { +# no-list-inclusion(0), +# any-list-inclusion(1), -- may be added to any lists +# professional-list-inclusion(2) +# -- may be added to lists +# -- which the list provider +# -- views as related to the +# -- users professional inter- +# -- ests, perhaps evaluated +# -- from the business of the +# -- organisation or keywords +# -- in the entry. +# } +# ::= {pilotAttributeType 47} +# +# +# buildingName ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# caseIgnoreStringSyntax +# (SIZE (1 .. ub-building-name)) +# ::= {pilotAttributeType 48} +# +# +# dSAQuality ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX DSAQualitySyntax +# SINGLE VALUE +# ::= {pilotAttributeType 49} +# +# +# singleLevelQuality ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX DataQualitySyntax +# SINGLE VALUE +# +# +# subtreeMinimumQuality ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX DataQualitySyntax +# SINGLE VALUE +# -- Defaults to singleLevelQuality +# ::= {pilotAttributeType 51} +# +# +# subtreeMaximumQuality ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX DataQualitySyntax +# SINGLE VALUE +# -- Defaults to singleLevelQuality +# ::= {pilotAttributeType 52} +# +# +# personalSignature ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# CHOICE { +# g3-facsimile [3] G3FacsimileBodyPart +# } +# (SIZE (1 .. ub-personal-signature)) +# ::= {pilotAttributeType 53} +# +# +# dITRedirect ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# distinguishedNameSyntax +# ::= {pilotAttributeType 54} +# +# +# audio ATTRIBUTE +# WITH ATTRIBUTE-SYNTAX +# Audio +# (SIZE (1 .. ub-audio)) +# ::= {pilotAttributeType 55} +# +# documentPublisher ATTRIBUTE +# WITH ATTRIBUTE SYNTAX caseIgnoreStringSyntax +# ::= {pilotAttributeType 56} +# +# +# +# -- Generally useful syntaxes +# +# +# caseIgnoreIA5StringSyntax ATTRIBUTE-SYNTAX +# IA5String +# MATCHES FOR EQUALITY SUBSTRINGS +# +# +# iA5StringSyntax ATTRIBUTE-SYNTAX +# IA5String +# MATCHES FOR EQUALITY SUBSTRINGS +# +# +# -- Syntaxes to support the DNS attributes +# +# DNSRecordSyntax ATTRIBUTE-SYNTAX +# IA5String +# MATCHES FOR EQUALITY +# +# +# NRSInformationSyntax ATTRIBUTE-SYNTAX +# NRSInformation +# MATCHES FOR EQUALITY +# +# +# NRSInformation ::= SET { +# [0] Context, +# [1] Address-space-id, +# routes [2] SEQUENCE OF SEQUENCE { +# Route-cost, +# Addressing-info } +# } +# +# +# -- Upper bounds on length of attribute values +# +# +# ub-document-identifier INTEGER ::= 256 +# +# ub-document-location INTEGER ::= 256 +# +# ub-document-title INTEGER ::= 256 +# +# ub-document-version INTEGER ::= 256 +# +# ub-favourite-drink INTEGER ::= 256 +# +# ub-host INTEGER ::= 256 +# +# ub-information INTEGER ::= 2048 +# +# ub-unique-identifier INTEGER ::= 256 +# +# ub-personal-title INTEGER ::= 256 +# +# ub-photo INTEGER ::= 250000 +# +# ub-rfc822-mailbox INTEGER ::= 256 +# +# ub-room-number INTEGER ::= 256 +# +# ub-text-or-address INTEGER ::= 256 +# +# ub-user-class INTEGER ::= 256 +# +# ub-user-identifier INTEGER ::= 256 +# +# ub-organizational-status INTEGER ::= 256 +# +# ub-janet-mailbox INTEGER ::= 256 +# +# ub-building-name INTEGER ::= 256 +# +# ub-personal-signature ::= 50000 +# +# ub-audio INTEGER ::= 250000 +# +# [remainder of memo trimmed] + diff --git a/config-archive/etc/openldap/schema/duaconf.schema b/config-archive/etc/openldap/schema/duaconf.schema new file mode 100644 index 00000000..d0a62bd5 --- /dev/null +++ b/config-archive/etc/openldap/schema/duaconf.schema @@ -0,0 +1,261 @@ +# $OpenLDAP: pkg/ldap/servers/slapd/schema/duaconf.schema,v 1.5.2.6 2011/01/04 23:50:51 kurt Exp $ +## This work is part of OpenLDAP Software . +## +## Copyright 1998-2011 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## . + +# DUA schema from draft-joslin-config-schema (a work in progress) + +# Contents of this file are subject to change (including deletion) +# without notice. +# +# Not recommended for production use! +# Use with extreme caution! + +## Notes: +## - The matching rule for attributes followReferrals and dereferenceAliases +## has been changed to booleanMatch since their syntax is boolean +## - There was a typo in the name of the dereferenceAliases attributeType +## in the DUAConfigProfile objectClass definition +## - Credit goes to the original Authors + +# +# Application Working Group M. Ansari +# INTERNET-DRAFT Sun Microsystems, Inc. +# Expires Febuary 2003 L. Howard +# PADL Software Pty. Ltd. +# B. Joslin [ed.] +# Hewlett-Packard Company +# +# September 15th, 2003 +# Intended Category: Informational +# +# +# A Configuration Schema for LDAP Based +# Directory User Agents +# +# +#Status of this Memo +# +# This memo provides information for the Internet community. This +# memo does not specify an Internet standard of any kind. Distribu- +# tion of this memo is unlimited. +# +# This document is an Internet-Draft and is in full conformance with +# all provisions of Section 10 of RFC2026. +# +# This document is an Internet-Draft. Internet-Drafts are working +# documents of the Internet Engineering Task Force (IETF), its areas, +# and its working groups. Note that other groups may also distribute +# working documents as Internet-Drafts. +# +# Internet-Drafts are draft documents valid for a maximum of six +# months. Internet-Drafts may be updated, replaced, or made obsolete +# by other documents at any time. It is not appropriate to use +# Internet-Drafts as reference material or to cite them other than as +# a "working draft" or "work in progress". +# +# To learn the current status of any Internet-Draft, please check the +# 1id-abstracts.txt listing contained in the Internet-Drafts Shadow +# Directories on ds.internic.net (US East Coast), nic.nordu.net +# (Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific +# Rim). +# +# Distribution of this document is unlimited. +# +# +# Abstract +# +# This document describes a mechanism for global configuration of +# similar directory user agents. This document defines a schema for +# configuration of these DUAs that may be discovered using the Light- +# weight Directory Access Protocol in RFC 2251[17]. A set of attri- +# bute types and an objectclass are proposed, along with specific +# guidelines for interpreting them. A significant feature of the +# global configuration policy for DUAs is a mechanism that allows +# DUAs to re-configure their schema to that of the end user's +# environment. This configuration is achieved through attribute and +# objectclass mapping. This document is intended to be a skeleton +# for future documents that describe configuration of specific DUA +# services. +# +# +# [trimmed] +# +# +# 2. General Issues +# +# The schema defined by this document is defined under the "DUA Con- +# figuration Schema." This schema is derived from the OID: iso (1) +# org (3) dod (6) internet (1) private (4) enterprises (1) Hewlett- +# Packard Company (11) directory (1) LDAP-UX Integration Project (3) +# DUA Configuration Schema (1). This OID is represented in this +# document by the keystring "DUAConfSchemaOID" +# (1.3.6.1.4.1.11.1.3.1). +objectidentifier DUAConfSchemaOID 1.3.6.1.4.1.11.1.3.1 +# +# 2.2 Attributes +# +# The attributes and classes defined in this document are summarized +# below. +# +# The following attributes are defined in this document: +# +# preferredServerList +# defaultServerList +# defaultSearchBase +# defaultSearchScope +# authenticationMethod +# credentialLevel +# serviceSearchDescriptor +# +# +# +# Joslin [Page 3] +# Internet-Draft DUA Configuration Schema October 2002 +# +# +# serviceCredentialLevel +# serviceAuthenticationMethod +# attributeMap +# objectclassMap +# searchTimeLimit +# bindTimeLimit +# followReferrals +# dereferenceAliases +# profileTTL +# +# 2.3 Object Classes +# +# The following object class is defined in this document: +# +# DUAConfigProfile +# +# +attributeType ( DUAConfSchemaOID:1.0 NAME 'defaultServerList' + DESC 'Default LDAP server host address used by a DUA' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +attributeType ( DUAConfSchemaOID:1.1 NAME 'defaultSearchBase' + DESC 'Default LDAP base DN used by a DUA' + EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 + SINGLE-VALUE ) + +attributeType ( DUAConfSchemaOID:1.2 NAME 'preferredServerList' + DESC 'Preferred LDAP server host addresses to be used by a + DUA' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +attributeType ( DUAConfSchemaOID:1.3 NAME 'searchTimeLimit' + DESC 'Maximum time in seconds a DUA should allow for a + search to complete' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributeType ( DUAConfSchemaOID:1.4 NAME 'bindTimeLimit' + DESC 'Maximum time in seconds a DUA should allow for the + bind operation to complete' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributeType ( DUAConfSchemaOID:1.5 NAME 'followReferrals' + DESC 'Tells DUA if it should follow referrals + returned by a DSA search result' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributeType ( DUAConfSchemaOID:1.16 NAME 'dereferenceAliases' + DESC 'Tells DUA if it should dereference aliases' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributeType ( DUAConfSchemaOID:1.6 NAME 'authenticationMethod' + DESC 'A keystring which identifies the type of + authentication method used to contact the DSA' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +attributeType ( DUAConfSchemaOID:1.7 NAME 'profileTTL' + DESC 'Time to live, in seconds, before a client DUA + should re-read this configuration profile' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributeType ( DUAConfSchemaOID:1.14 NAME 'serviceSearchDescriptor' + DESC 'LDAP search descriptor list used by a DUA' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributeType ( DUAConfSchemaOID:1.9 NAME 'attributeMap' + DESC 'Attribute mappings used by a DUA' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributeType ( DUAConfSchemaOID:1.10 NAME 'credentialLevel' + DESC 'Identifies type of credentials a DUA should + use when binding to the LDAP server' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE ) + +attributeType ( DUAConfSchemaOID:1.11 NAME 'objectclassMap' + DESC 'Objectclass mappings used by a DUA' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributeType ( DUAConfSchemaOID:1.12 NAME 'defaultSearchScope' + DESC 'Default search scope used by a DUA' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE ) + +attributeType ( DUAConfSchemaOID:1.13 NAME 'serviceCredentialLevel' + DESC 'Identifies type of credentials a DUA + should use when binding to the LDAP server for a + specific service' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributeType ( DUAConfSchemaOID:1.15 NAME 'serviceAuthenticationMethod' + DESC 'Authentication method used by a service of the DUA' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +# +# 4. Class Definition +# +# The objectclass below is constructed from the attributes defined in +# 3, with the exception of the cn attribute, which is defined in RFC +# 2256 [8]. cn is used to represent the name of the DUA configura- +# tion profile. +# +objectClass ( DUAConfSchemaOID:2.5 NAME 'DUAConfigProfile' + SUP top STRUCTURAL + DESC 'Abstraction of a base configuration for a DUA' + MUST ( cn ) + MAY ( defaultServerList $ preferredServerList $ + defaultSearchBase $ defaultSearchScope $ + searchTimeLimit $ bindTimeLimit $ + credentialLevel $ authenticationMethod $ + followReferrals $ dereferenceAliases $ + serviceSearchDescriptor $ serviceCredentialLevel $ + serviceAuthenticationMethod $ objectclassMap $ + attributeMap $ profileTTL ) ) diff --git a/config-archive/etc/openldap/schema/duaconf.schema.dist b/config-archive/etc/openldap/schema/duaconf.schema.dist new file mode 100644 index 00000000..17538541 --- /dev/null +++ b/config-archive/etc/openldap/schema/duaconf.schema.dist @@ -0,0 +1,261 @@ +# $OpenLDAP$ +## This work is part of OpenLDAP Software . +## +## Copyright 1998-2011 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## . + +# DUA schema from draft-joslin-config-schema (a work in progress) + +# Contents of this file are subject to change (including deletion) +# without notice. +# +# Not recommended for production use! +# Use with extreme caution! + +## Notes: +## - The matching rule for attributes followReferrals and dereferenceAliases +## has been changed to booleanMatch since their syntax is boolean +## - There was a typo in the name of the dereferenceAliases attributeType +## in the DUAConfigProfile objectClass definition +## - Credit goes to the original Authors + +# +# Application Working Group M. Ansari +# INTERNET-DRAFT Sun Microsystems, Inc. +# Expires Febuary 2003 L. Howard +# PADL Software Pty. Ltd. +# B. Joslin [ed.] +# Hewlett-Packard Company +# +# September 15th, 2003 +# Intended Category: Informational +# +# +# A Configuration Schema for LDAP Based +# Directory User Agents +# +# +#Status of this Memo +# +# This memo provides information for the Internet community. This +# memo does not specify an Internet standard of any kind. Distribu- +# tion of this memo is unlimited. +# +# This document is an Internet-Draft and is in full conformance with +# all provisions of Section 10 of RFC2026. +# +# This document is an Internet-Draft. Internet-Drafts are working +# documents of the Internet Engineering Task Force (IETF), its areas, +# and its working groups. Note that other groups may also distribute +# working documents as Internet-Drafts. +# +# Internet-Drafts are draft documents valid for a maximum of six +# months. Internet-Drafts may be updated, replaced, or made obsolete +# by other documents at any time. It is not appropriate to use +# Internet-Drafts as reference material or to cite them other than as +# a "working draft" or "work in progress". +# +# To learn the current status of any Internet-Draft, please check the +# 1id-abstracts.txt listing contained in the Internet-Drafts Shadow +# Directories on ds.internic.net (US East Coast), nic.nordu.net +# (Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific +# Rim). +# +# Distribution of this document is unlimited. +# +# +# Abstract +# +# This document describes a mechanism for global configuration of +# similar directory user agents. This document defines a schema for +# configuration of these DUAs that may be discovered using the Light- +# weight Directory Access Protocol in RFC 2251[17]. A set of attri- +# bute types and an objectclass are proposed, along with specific +# guidelines for interpreting them. A significant feature of the +# global configuration policy for DUAs is a mechanism that allows +# DUAs to re-configure their schema to that of the end user's +# environment. This configuration is achieved through attribute and +# objectclass mapping. This document is intended to be a skeleton +# for future documents that describe configuration of specific DUA +# services. +# +# +# [trimmed] +# +# +# 2. General Issues +# +# The schema defined by this document is defined under the "DUA Con- +# figuration Schema." This schema is derived from the OID: iso (1) +# org (3) dod (6) internet (1) private (4) enterprises (1) Hewlett- +# Packard Company (11) directory (1) LDAP-UX Integration Project (3) +# DUA Configuration Schema (1). This OID is represented in this +# document by the keystring "DUAConfSchemaOID" +# (1.3.6.1.4.1.11.1.3.1). +objectidentifier DUAConfSchemaOID 1.3.6.1.4.1.11.1.3.1 +# +# 2.2 Attributes +# +# The attributes and classes defined in this document are summarized +# below. +# +# The following attributes are defined in this document: +# +# preferredServerList +# defaultServerList +# defaultSearchBase +# defaultSearchScope +# authenticationMethod +# credentialLevel +# serviceSearchDescriptor +# +# +# +# Joslin [Page 3] +# Internet-Draft DUA Configuration Schema October 2002 +# +# +# serviceCredentialLevel +# serviceAuthenticationMethod +# attributeMap +# objectclassMap +# searchTimeLimit +# bindTimeLimit +# followReferrals +# dereferenceAliases +# profileTTL +# +# 2.3 Object Classes +# +# The following object class is defined in this document: +# +# DUAConfigProfile +# +# +attributeType ( DUAConfSchemaOID:1.0 NAME 'defaultServerList' + DESC 'Default LDAP server host address used by a DUA' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +attributeType ( DUAConfSchemaOID:1.1 NAME 'defaultSearchBase' + DESC 'Default LDAP base DN used by a DUA' + EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 + SINGLE-VALUE ) + +attributeType ( DUAConfSchemaOID:1.2 NAME 'preferredServerList' + DESC 'Preferred LDAP server host addresses to be used by a + DUA' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +attributeType ( DUAConfSchemaOID:1.3 NAME 'searchTimeLimit' + DESC 'Maximum time in seconds a DUA should allow for a + search to complete' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributeType ( DUAConfSchemaOID:1.4 NAME 'bindTimeLimit' + DESC 'Maximum time in seconds a DUA should allow for the + bind operation to complete' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributeType ( DUAConfSchemaOID:1.5 NAME 'followReferrals' + DESC 'Tells DUA if it should follow referrals + returned by a DSA search result' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributeType ( DUAConfSchemaOID:1.16 NAME 'dereferenceAliases' + DESC 'Tells DUA if it should dereference aliases' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributeType ( DUAConfSchemaOID:1.6 NAME 'authenticationMethod' + DESC 'A keystring which identifies the type of + authentication method used to contact the DSA' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +attributeType ( DUAConfSchemaOID:1.7 NAME 'profileTTL' + DESC 'Time to live, in seconds, before a client DUA + should re-read this configuration profile' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributeType ( DUAConfSchemaOID:1.14 NAME 'serviceSearchDescriptor' + DESC 'LDAP search descriptor list used by a DUA' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributeType ( DUAConfSchemaOID:1.9 NAME 'attributeMap' + DESC 'Attribute mappings used by a DUA' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributeType ( DUAConfSchemaOID:1.10 NAME 'credentialLevel' + DESC 'Identifies type of credentials a DUA should + use when binding to the LDAP server' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE ) + +attributeType ( DUAConfSchemaOID:1.11 NAME 'objectclassMap' + DESC 'Objectclass mappings used by a DUA' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributeType ( DUAConfSchemaOID:1.12 NAME 'defaultSearchScope' + DESC 'Default search scope used by a DUA' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE ) + +attributeType ( DUAConfSchemaOID:1.13 NAME 'serviceCredentialLevel' + DESC 'Identifies type of credentials a DUA + should use when binding to the LDAP server for a + specific service' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributeType ( DUAConfSchemaOID:1.15 NAME 'serviceAuthenticationMethod' + DESC 'Authentication method used by a service of the DUA' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +# +# 4. Class Definition +# +# The objectclass below is constructed from the attributes defined in +# 3, with the exception of the cn attribute, which is defined in RFC +# 2256 [8]. cn is used to represent the name of the DUA configura- +# tion profile. +# +objectClass ( DUAConfSchemaOID:2.5 NAME 'DUAConfigProfile' + SUP top STRUCTURAL + DESC 'Abstraction of a base configuration for a DUA' + MUST ( cn ) + MAY ( defaultServerList $ preferredServerList $ + defaultSearchBase $ defaultSearchScope $ + searchTimeLimit $ bindTimeLimit $ + credentialLevel $ authenticationMethod $ + followReferrals $ dereferenceAliases $ + serviceSearchDescriptor $ serviceCredentialLevel $ + serviceAuthenticationMethod $ objectclassMap $ + attributeMap $ profileTTL ) ) diff --git a/config-archive/etc/openldap/schema/dyngroup.ldif b/config-archive/etc/openldap/schema/dyngroup.ldif new file mode 100644 index 00000000..1068ac4b --- /dev/null +++ b/config-archive/etc/openldap/schema/dyngroup.ldif @@ -0,0 +1,71 @@ +# dyngroup.schema -- Dynamic Group schema +# $OpenLDAP: pkg/ldap/servers/slapd/schema/dyngroup.ldif,v 1.1.2.3 2011/01/04 23:50:51 kurt Exp $ +## This work is part of OpenLDAP Software . +## +## Copyright 1998-2011 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## . +# +# Dynamic Group schema (experimental), as defined by Netscape. See +# http://www.redhat.com/docs/manuals/ent-server/pdf/esadmin611.pdf +# page 70 for details on how these groups were used. +# +# A description of the objectclass definition is available here: +# http://www.redhat.com/docs/manuals/dir-server/schema/7.1/oc_dir.html#1303745 +# +# depends upon: +# core.schema +# +# These definitions are considered experimental due to the lack of +# a formal specification (e.g., RFC). +# +# NOT RECOMMENDED FOR PRODUCTION USE! USE WITH CAUTION! +# +# The Netscape documentation describes this as an auxiliary objectclass +# but their implementations have always defined it as a structural class. +# The sloppiness here is because Netscape-derived servers don't actually +# implement the X.500 data model, and they don't honor the distinction +# between structural and auxiliary classes. This fact is noted here: +# http://forum.java.sun.com/thread.jspa?threadID=5016864&messageID=9034636 +# +# In accordance with other existing implementations, we define it as a +# structural class. +# +# Our definition of memberURL also does not match theirs but again +# their published definition and what works in practice do not agree. +# In other words, the Netscape definitions are broken and interoperability +# is not guaranteed. +# +# Also see the new DynGroup proposed spec at +# http://tools.ietf.org/html/draft-haripriya-dynamicgroup-02 +dn: cn=dyngroup,cn=schema,cn=config +objectClass: olcSchemaConfig +cn: dyngroup +olcObjectIdentifier: {0}NetscapeRoot 2.16.840.1.113730 +olcObjectIdentifier: {1}NetscapeLDAP NetscapeRoot:3 +olcObjectIdentifier: {2}NetscapeLDAPattributeType NetscapeLDAP:1 +olcObjectIdentifier: {3}NetscapeLDAPobjectClass NetscapeLDAP:2 +olcObjectIdentifier: {4}OpenLDAPExp11 1.3.6.1.4.1.4203.666.11 +olcObjectIdentifier: {5}DynGroupBase OpenLDAPExp11:8 +olcObjectIdentifier: {6}DynGroupAttr DynGroupBase:1 +olcObjectIdentifier: {7}DynGroupOC DynGroupBase:2 +olcAttributeTypes: {0}( NetscapeLDAPattributeType:198 NAME 'memberURL' DESC 'I + dentifies an URL associated with each member of a group. Any type of labeled + URL can be used.' SUP labeledURI ) +olcAttributeTypes: {1}( DynGroupAttr:1 NAME 'dgIdentity' DESC 'Identity to use + when processing the memberURL' SUP distinguishedName SINGLE-VALUE ) +olcAttributeTypes: {2}( DynGroupAttr:2 NAME 'dgAuthz' DESC 'Optional authoriza + tion rules that determine who is allowed to assume the dgIdentity' EQUALITY a + uthzMatch SYNTAX 1.3.6.1.4.1.4203.666.2.7 X-ORDERED 'VALUES' ) +olcObjectClasses: {0}( NetscapeLDAPobjectClass:33 NAME 'groupOfURLs' SUP top S + TRUCTURAL MUST cn MAY ( memberURL $ businessCategory $ description $ o $ ou $ + owner $ seeAlso ) ) +olcObjectClasses: {1}( DynGroupOC:1 NAME 'dgIdentityAux' SUP top AUXILIARY MAY + ( dgIdentity $ dgAuthz ) ) diff --git a/config-archive/etc/openldap/schema/dyngroup.ldif.dist b/config-archive/etc/openldap/schema/dyngroup.ldif.dist new file mode 100644 index 00000000..4a65e4b1 --- /dev/null +++ b/config-archive/etc/openldap/schema/dyngroup.ldif.dist @@ -0,0 +1,71 @@ +# dyngroup.schema -- Dynamic Group schema +# $OpenLDAP$ +## This work is part of OpenLDAP Software . +## +## Copyright 1998-2011 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## . +# +# Dynamic Group schema (experimental), as defined by Netscape. See +# http://www.redhat.com/docs/manuals/ent-server/pdf/esadmin611.pdf +# page 70 for details on how these groups were used. +# +# A description of the objectclass definition is available here: +# http://www.redhat.com/docs/manuals/dir-server/schema/7.1/oc_dir.html#1303745 +# +# depends upon: +# core.schema +# +# These definitions are considered experimental due to the lack of +# a formal specification (e.g., RFC). +# +# NOT RECOMMENDED FOR PRODUCTION USE! USE WITH CAUTION! +# +# The Netscape documentation describes this as an auxiliary objectclass +# but their implementations have always defined it as a structural class. +# The sloppiness here is because Netscape-derived servers don't actually +# implement the X.500 data model, and they don't honor the distinction +# between structural and auxiliary classes. This fact is noted here: +# http://forum.java.sun.com/thread.jspa?threadID=5016864&messageID=9034636 +# +# In accordance with other existing implementations, we define it as a +# structural class. +# +# Our definition of memberURL also does not match theirs but again +# their published definition and what works in practice do not agree. +# In other words, the Netscape definitions are broken and interoperability +# is not guaranteed. +# +# Also see the new DynGroup proposed spec at +# http://tools.ietf.org/html/draft-haripriya-dynamicgroup-02 +dn: cn=dyngroup,cn=schema,cn=config +objectClass: olcSchemaConfig +cn: dyngroup +olcObjectIdentifier: {0}NetscapeRoot 2.16.840.1.113730 +olcObjectIdentifier: {1}NetscapeLDAP NetscapeRoot:3 +olcObjectIdentifier: {2}NetscapeLDAPattributeType NetscapeLDAP:1 +olcObjectIdentifier: {3}NetscapeLDAPobjectClass NetscapeLDAP:2 +olcObjectIdentifier: {4}OpenLDAPExp11 1.3.6.1.4.1.4203.666.11 +olcObjectIdentifier: {5}DynGroupBase OpenLDAPExp11:8 +olcObjectIdentifier: {6}DynGroupAttr DynGroupBase:1 +olcObjectIdentifier: {7}DynGroupOC DynGroupBase:2 +olcAttributeTypes: {0}( NetscapeLDAPattributeType:198 NAME 'memberURL' DESC 'I + dentifies an URL associated with each member of a group. Any type of labeled + URL can be used.' SUP labeledURI ) +olcAttributeTypes: {1}( DynGroupAttr:1 NAME 'dgIdentity' DESC 'Identity to use + when processing the memberURL' SUP distinguishedName SINGLE-VALUE ) +olcAttributeTypes: {2}( DynGroupAttr:2 NAME 'dgAuthz' DESC 'Optional authoriza + tion rules that determine who is allowed to assume the dgIdentity' EQUALITY a + uthzMatch SYNTAX 1.3.6.1.4.1.4203.666.2.7 X-ORDERED 'VALUES' ) +olcObjectClasses: {0}( NetscapeLDAPobjectClass:33 NAME 'groupOfURLs' SUP top S + TRUCTURAL MUST cn MAY ( memberURL $ businessCategory $ description $ o $ ou $ + owner $ seeAlso ) ) +olcObjectClasses: {1}( DynGroupOC:1 NAME 'dgIdentityAux' SUP top AUXILIARY MAY + ( dgIdentity $ dgAuthz ) ) diff --git a/config-archive/etc/openldap/schema/dyngroup.schema b/config-archive/etc/openldap/schema/dyngroup.schema new file mode 100644 index 00000000..7c43e0d5 --- /dev/null +++ b/config-archive/etc/openldap/schema/dyngroup.schema @@ -0,0 +1,91 @@ +# dyngroup.schema -- Dynamic Group schema +# $OpenLDAP: pkg/ldap/servers/slapd/schema/dyngroup.schema,v 1.6.2.7 2011/01/04 23:50:51 kurt Exp $ +## This work is part of OpenLDAP Software . +## +## Copyright 1998-2011 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## . +# +# Dynamic Group schema (experimental), as defined by Netscape. See +# http://www.redhat.com/docs/manuals/ent-server/pdf/esadmin611.pdf +# page 70 for details on how these groups were used. +# +# A description of the objectclass definition is available here: +# http://www.redhat.com/docs/manuals/dir-server/schema/7.1/oc_dir.html#1303745 +# +# depends upon: +# core.schema +# +# These definitions are considered experimental due to the lack of +# a formal specification (e.g., RFC). +# +# NOT RECOMMENDED FOR PRODUCTION USE! USE WITH CAUTION! +# +# The Netscape documentation describes this as an auxiliary objectclass +# but their implementations have always defined it as a structural class. +# The sloppiness here is because Netscape-derived servers don't actually +# implement the X.500 data model, and they don't honor the distinction +# between structural and auxiliary classes. This fact is noted here: +# http://forum.java.sun.com/thread.jspa?threadID=5016864&messageID=9034636 +# +# In accordance with other existing implementations, we define it as a +# structural class. +# +# Our definition of memberURL also does not match theirs but again +# their published definition and what works in practice do not agree. +# In other words, the Netscape definitions are broken and interoperability +# is not guaranteed. +# +# Also see the new DynGroup proposed spec at +# http://tools.ietf.org/html/draft-haripriya-dynamicgroup-02 + +objectIdentifier NetscapeRoot 2.16.840.1.113730 + +objectIdentifier NetscapeLDAP NetscapeRoot:3 +objectIdentifier NetscapeLDAPattributeType NetscapeLDAP:1 +objectIdentifier NetscapeLDAPobjectClass NetscapeLDAP:2 + +objectIdentifier OpenLDAPExp11 1.3.6.1.4.1.4203.666.11 +objectIdentifier DynGroupBase OpenLDAPExp11:8 +objectIdentifier DynGroupAttr DynGroupBase:1 +objectIdentifier DynGroupOC DynGroupBase:2 + +attributetype ( NetscapeLDAPattributeType:198 + NAME 'memberURL' + DESC 'Identifies an URL associated with each member of a group. Any type of labeled URL can be used.' + SUP labeledURI ) + +attributetype ( DynGroupAttr:1 + NAME 'dgIdentity' + DESC 'Identity to use when processing the memberURL' + SUP distinguishedName SINGLE-VALUE ) + +attributeType ( DynGroupAttr:2 + NAME 'dgAuthz' + DESC 'Optional authorization rules that determine who is allowed to assume the dgIdentity' + EQUALITY authzMatch + SYNTAX 1.3.6.1.4.1.4203.666.2.7 + X-ORDERED 'VALUES' ) + +objectClass ( NetscapeLDAPobjectClass:33 + NAME 'groupOfURLs' + SUP top STRUCTURAL + MUST cn + MAY ( memberURL $ businessCategory $ description $ o $ ou $ + owner $ seeAlso ) ) + +# The Haripriya dyngroup schema still needs a lot of work. +# We're just adding support for the dgIdentity attribute for now... +objectClass ( DynGroupOC:1 + NAME 'dgIdentityAux' + SUP top AUXILIARY + MAY ( dgIdentity $ dgAuthz ) ) + + diff --git a/config-archive/etc/openldap/schema/dyngroup.schema.dist b/config-archive/etc/openldap/schema/dyngroup.schema.dist new file mode 100644 index 00000000..211f6e6a --- /dev/null +++ b/config-archive/etc/openldap/schema/dyngroup.schema.dist @@ -0,0 +1,91 @@ +# dyngroup.schema -- Dynamic Group schema +# $OpenLDAP$ +## This work is part of OpenLDAP Software . +## +## Copyright 1998-2011 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## . +# +# Dynamic Group schema (experimental), as defined by Netscape. See +# http://www.redhat.com/docs/manuals/ent-server/pdf/esadmin611.pdf +# page 70 for details on how these groups were used. +# +# A description of the objectclass definition is available here: +# http://www.redhat.com/docs/manuals/dir-server/schema/7.1/oc_dir.html#1303745 +# +# depends upon: +# core.schema +# +# These definitions are considered experimental due to the lack of +# a formal specification (e.g., RFC). +# +# NOT RECOMMENDED FOR PRODUCTION USE! USE WITH CAUTION! +# +# The Netscape documentation describes this as an auxiliary objectclass +# but their implementations have always defined it as a structural class. +# The sloppiness here is because Netscape-derived servers don't actually +# implement the X.500 data model, and they don't honor the distinction +# between structural and auxiliary classes. This fact is noted here: +# http://forum.java.sun.com/thread.jspa?threadID=5016864&messageID=9034636 +# +# In accordance with other existing implementations, we define it as a +# structural class. +# +# Our definition of memberURL also does not match theirs but again +# their published definition and what works in practice do not agree. +# In other words, the Netscape definitions are broken and interoperability +# is not guaranteed. +# +# Also see the new DynGroup proposed spec at +# http://tools.ietf.org/html/draft-haripriya-dynamicgroup-02 + +objectIdentifier NetscapeRoot 2.16.840.1.113730 + +objectIdentifier NetscapeLDAP NetscapeRoot:3 +objectIdentifier NetscapeLDAPattributeType NetscapeLDAP:1 +objectIdentifier NetscapeLDAPobjectClass NetscapeLDAP:2 + +objectIdentifier OpenLDAPExp11 1.3.6.1.4.1.4203.666.11 +objectIdentifier DynGroupBase OpenLDAPExp11:8 +objectIdentifier DynGroupAttr DynGroupBase:1 +objectIdentifier DynGroupOC DynGroupBase:2 + +attributetype ( NetscapeLDAPattributeType:198 + NAME 'memberURL' + DESC 'Identifies an URL associated with each member of a group. Any type of labeled URL can be used.' + SUP labeledURI ) + +attributetype ( DynGroupAttr:1 + NAME 'dgIdentity' + DESC 'Identity to use when processing the memberURL' + SUP distinguishedName SINGLE-VALUE ) + +attributeType ( DynGroupAttr:2 + NAME 'dgAuthz' + DESC 'Optional authorization rules that determine who is allowed to assume the dgIdentity' + EQUALITY authzMatch + SYNTAX 1.3.6.1.4.1.4203.666.2.7 + X-ORDERED 'VALUES' ) + +objectClass ( NetscapeLDAPobjectClass:33 + NAME 'groupOfURLs' + SUP top STRUCTURAL + MUST cn + MAY ( memberURL $ businessCategory $ description $ o $ ou $ + owner $ seeAlso ) ) + +# The Haripriya dyngroup schema still needs a lot of work. +# We're just adding support for the dgIdentity attribute for now... +objectClass ( DynGroupOC:1 + NAME 'dgIdentityAux' + SUP top AUXILIARY + MAY ( dgIdentity $ dgAuthz ) ) + + diff --git a/config-archive/etc/openldap/schema/inetorgperson.ldif b/config-archive/etc/openldap/schema/inetorgperson.ldif new file mode 100644 index 00000000..317c680d --- /dev/null +++ b/config-archive/etc/openldap/schema/inetorgperson.ldif @@ -0,0 +1,69 @@ +# InetOrgPerson (RFC2798) +# $OpenLDAP: pkg/ldap/servers/slapd/schema/inetorgperson.ldif,v 1.1.2.6 2011/01/04 23:50:52 kurt Exp $ +## This work is part of OpenLDAP Software . +## +## Copyright 1998-2011 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## . +# +# InetOrgPerson (RFC2798) +# +# Depends upon +# Definition of an X.500 Attribute Type and an Object Class to Hold +# Uniform Resource Identifiers (URIs) [RFC2079] +# (core.ldif) +# +# A Summary of the X.500(96) User Schema for use with LDAPv3 [RFC2256] +# (core.ldif) +# +# The COSINE and Internet X.500 Schema [RFC1274] (cosine.ldif) +# +# This file was automatically generated from inetorgperson.schema; see +# that file for complete references. +# +dn: cn=inetorgperson,cn=schema,cn=config +objectClass: olcSchemaConfig +cn: inetorgperson +olcAttributeTypes: ( 2.16.840.1.113730.3.1.1 NAME 'carLicense' DESC 'RFC279 + 8: vehicle license or registration plate' EQUALITY caseIgnoreMatch SUBSTR cas + eIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +olcAttributeTypes: ( 2.16.840.1.113730.3.1.2 NAME 'departmentNumber' DESC ' + RFC2798: identifies a department within an organization' EQUALITY caseIgnoreM + atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +olcAttributeTypes: ( 2.16.840.1.113730.3.1.241 NAME 'displayName' DESC 'RFC + 2798: preferred name to be used when displaying entries' EQUALITY caseIgnoreM + atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI + NGLE-VALUE ) +olcAttributeTypes: ( 2.16.840.1.113730.3.1.3 NAME 'employeeNumber' DESC 'RF + C2798: numerically identifies an employee within an organization' EQUALITY ca + seIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.15 SINGLE-VALUE ) +olcAttributeTypes: ( 2.16.840.1.113730.3.1.4 NAME 'employeeType' DESC 'RFC2 + 798: type of employment for a person' EQUALITY caseIgnoreMatch SUBSTR caseIgn + oreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' DESC 'RFC2 + 798: a JPEG image' SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 ) +olcAttributeTypes: ( 2.16.840.1.113730.3.1.39 NAME 'preferredLanguage' DESC + 'RFC2798: preferred written or spoken language for a person' EQUALITY caseIg + noreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 15 SINGLE-VALUE ) +olcAttributeTypes: ( 2.16.840.1.113730.3.1.40 NAME 'userSMIMECertificate' D + ESC 'RFC2798: PKCS#7 SignedData used to support S/MIME' SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.5 ) +olcAttributeTypes: ( 2.16.840.1.113730.3.1.216 NAME 'userPKCS12' DESC 'RFC2 + 798: personal identity information, a PKCS #12 PFX' SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.5 ) +olcObjectClasses: ( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson' DESC 'RFC2 + 798: Internet Organizational Person' SUP organizationalPerson STRUCTURAL MAY + ( audio $ businessCategory $ carLicense $ departmentNumber $ displayName $ em + ployeeNumber $ employeeType $ givenName $ homePhone $ homePostalAddress $ ini + tials $ jpegPhoto $ labeledURI $ mail $ manager $ mobile $ o $ pager $ photo + $ roomNumber $ secretary $ uid $ userCertificate $ x500uniqueIdentifier $ pre + ferredLanguage $ userSMIMECertificate $ userPKCS12 ) ) diff --git a/config-archive/etc/openldap/schema/inetorgperson.ldif.dist b/config-archive/etc/openldap/schema/inetorgperson.ldif.dist new file mode 100644 index 00000000..80698c84 --- /dev/null +++ b/config-archive/etc/openldap/schema/inetorgperson.ldif.dist @@ -0,0 +1,69 @@ +# InetOrgPerson (RFC2798) +# $OpenLDAP$ +## This work is part of OpenLDAP Software . +## +## Copyright 1998-2011 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## . +# +# InetOrgPerson (RFC2798) +# +# Depends upon +# Definition of an X.500 Attribute Type and an Object Class to Hold +# Uniform Resource Identifiers (URIs) [RFC2079] +# (core.ldif) +# +# A Summary of the X.500(96) User Schema for use with LDAPv3 [RFC2256] +# (core.ldif) +# +# The COSINE and Internet X.500 Schema [RFC1274] (cosine.ldif) +# +# This file was automatically generated from inetorgperson.schema; see +# that file for complete references. +# +dn: cn=inetorgperson,cn=schema,cn=config +objectClass: olcSchemaConfig +cn: inetorgperson +olcAttributeTypes: ( 2.16.840.1.113730.3.1.1 NAME 'carLicense' DESC 'RFC279 + 8: vehicle license or registration plate' EQUALITY caseIgnoreMatch SUBSTR cas + eIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +olcAttributeTypes: ( 2.16.840.1.113730.3.1.2 NAME 'departmentNumber' DESC ' + RFC2798: identifies a department within an organization' EQUALITY caseIgnoreM + atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +olcAttributeTypes: ( 2.16.840.1.113730.3.1.241 NAME 'displayName' DESC 'RFC + 2798: preferred name to be used when displaying entries' EQUALITY caseIgnoreM + atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI + NGLE-VALUE ) +olcAttributeTypes: ( 2.16.840.1.113730.3.1.3 NAME 'employeeNumber' DESC 'RF + C2798: numerically identifies an employee within an organization' EQUALITY ca + seIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.15 SINGLE-VALUE ) +olcAttributeTypes: ( 2.16.840.1.113730.3.1.4 NAME 'employeeType' DESC 'RFC2 + 798: type of employment for a person' EQUALITY caseIgnoreMatch SUBSTR caseIgn + oreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +olcAttributeTypes: ( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' DESC 'RFC2 + 798: a JPEG image' SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 ) +olcAttributeTypes: ( 2.16.840.1.113730.3.1.39 NAME 'preferredLanguage' DESC + 'RFC2798: preferred written or spoken language for a person' EQUALITY caseIg + noreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 15 SINGLE-VALUE ) +olcAttributeTypes: ( 2.16.840.1.113730.3.1.40 NAME 'userSMIMECertificate' D + ESC 'RFC2798: PKCS#7 SignedData used to support S/MIME' SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.5 ) +olcAttributeTypes: ( 2.16.840.1.113730.3.1.216 NAME 'userPKCS12' DESC 'RFC2 + 798: personal identity information, a PKCS #12 PFX' SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.5 ) +olcObjectClasses: ( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson' DESC 'RFC2 + 798: Internet Organizational Person' SUP organizationalPerson STRUCTURAL MAY + ( audio $ businessCategory $ carLicense $ departmentNumber $ displayName $ em + ployeeNumber $ employeeType $ givenName $ homePhone $ homePostalAddress $ ini + tials $ jpegPhoto $ labeledURI $ mail $ manager $ mobile $ o $ pager $ photo + $ roomNumber $ secretary $ uid $ userCertificate $ x500uniqueIdentifier $ pre + ferredLanguage $ userSMIMECertificate $ userPKCS12 ) ) diff --git a/config-archive/etc/openldap/schema/inetorgperson.schema b/config-archive/etc/openldap/schema/inetorgperson.schema new file mode 100644 index 00000000..d04810a7 --- /dev/null +++ b/config-archive/etc/openldap/schema/inetorgperson.schema @@ -0,0 +1,155 @@ +# inetorgperson.schema -- InetOrgPerson (RFC2798) +# $OpenLDAP: pkg/ldap/servers/slapd/schema/inetorgperson.schema,v 1.18.2.6 2011/01/04 23:50:52 kurt Exp $ +## This work is part of OpenLDAP Software . +## +## Copyright 1998-2011 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## . +# +# InetOrgPerson (RFC2798) +# +# Depends upon +# Definition of an X.500 Attribute Type and an Object Class to Hold +# Uniform Resource Identifiers (URIs) [RFC2079] +# (core.schema) +# +# A Summary of the X.500(96) User Schema for use with LDAPv3 [RFC2256] +# (core.schema) +# +# The COSINE and Internet X.500 Schema [RFC1274] (cosine.schema) + +# carLicense +# This multivalued field is used to record the values of the license or +# registration plate associated with an individual. +attributetype ( 2.16.840.1.113730.3.1.1 + NAME 'carLicense' + DESC 'RFC2798: vehicle license or registration plate' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +# departmentNumber +# Code for department to which a person belongs. This can also be +# strictly numeric (e.g., 1234) or alphanumeric (e.g., ABC/123). +attributetype ( 2.16.840.1.113730.3.1.2 + NAME 'departmentNumber' + DESC 'RFC2798: identifies a department within an organization' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +# displayName +# When displaying an entry, especially within a one-line summary list, it +# is useful to be able to identify a name to be used. Since other attri- +# bute types such as 'cn' are multivalued, an additional attribute type is +# needed. Display name is defined for this purpose. +attributetype ( 2.16.840.1.113730.3.1.241 + NAME 'displayName' + DESC 'RFC2798: preferred name to be used when displaying entries' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +# employeeNumber +# Numeric or alphanumeric identifier assigned to a person, typically based +# on order of hire or association with an organization. Single valued. +attributetype ( 2.16.840.1.113730.3.1.3 + NAME 'employeeNumber' + DESC 'RFC2798: numerically identifies an employee within an organization' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +# employeeType +# Used to identify the employer to employee relationship. Typical values +# used will be "Contractor", "Employee", "Intern", "Temp", "External", and +# "Unknown" but any value may be used. +attributetype ( 2.16.840.1.113730.3.1.4 + NAME 'employeeType' + DESC 'RFC2798: type of employment for a person' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +# jpegPhoto +# Used to store one or more images of a person using the JPEG File +# Interchange Format [JFIF]. +# Note that the jpegPhoto attribute type was defined for use in the +# Internet X.500 pilots but no referencable definition for it could be +# located. +attributetype ( 0.9.2342.19200300.100.1.60 + NAME 'jpegPhoto' + DESC 'RFC2798: a JPEG image' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 ) + +# preferredLanguage +# Used to indicate an individual's preferred written or spoken +# language. This is useful for international correspondence or human- +# computer interaction. Values for this attribute type MUST conform to +# the definition of the Accept-Language header field defined in +# [RFC2068] with one exception: the sequence "Accept-Language" ":" +# should be omitted. This is a single valued attribute type. +attributetype ( 2.16.840.1.113730.3.1.39 + NAME 'preferredLanguage' + DESC 'RFC2798: preferred written or spoken language for a person' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +# userSMIMECertificate +# A PKCS#7 [RFC2315] SignedData, where the content that is signed is +# ignored by consumers of userSMIMECertificate values. It is +# recommended that values have a `contentType' of data with an absent +# `content' field. Values of this attribute contain a person's entire +# certificate chain and an smimeCapabilities field [RFC2633] that at a +# minimum describes their SMIME algorithm capabilities. Values for +# this attribute are to be stored and requested in binary form, as +# 'userSMIMECertificate;binary'. If available, this attribute is +# preferred over the userCertificate attribute for S/MIME applications. +## OpenLDAP note: ";binary" transfer should NOT be used as syntax is binary +attributetype ( 2.16.840.1.113730.3.1.40 + NAME 'userSMIMECertificate' + DESC 'RFC2798: PKCS#7 SignedData used to support S/MIME' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ) + +# userPKCS12 +# PKCS #12 [PKCS12] provides a format for exchange of personal identity +# information. When such information is stored in a directory service, +# the userPKCS12 attribute should be used. This attribute is to be stored +# and requested in binary form, as 'userPKCS12;binary'. The attribute +# values are PFX PDUs stored as binary data. +## OpenLDAP note: ";binary" transfer should NOT be used as syntax is binary +attributetype ( 2.16.840.1.113730.3.1.216 + NAME 'userPKCS12' + DESC 'RFC2798: personal identity information, a PKCS #12 PFX' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ) + + +# inetOrgPerson +# The inetOrgPerson represents people who are associated with an +# organization in some way. It is a structural class and is derived +# from the organizationalPerson which is defined in X.521 [X521]. +objectclass ( 2.16.840.1.113730.3.2.2 + NAME 'inetOrgPerson' + DESC 'RFC2798: Internet Organizational Person' + SUP organizationalPerson + STRUCTURAL + MAY ( + audio $ businessCategory $ carLicense $ departmentNumber $ + displayName $ employeeNumber $ employeeType $ givenName $ + homePhone $ homePostalAddress $ initials $ jpegPhoto $ + labeledURI $ mail $ manager $ mobile $ o $ pager $ + photo $ roomNumber $ secretary $ uid $ userCertificate $ + x500uniqueIdentifier $ preferredLanguage $ + userSMIMECertificate $ userPKCS12 ) + ) diff --git a/config-archive/etc/openldap/schema/inetorgperson.schema.dist b/config-archive/etc/openldap/schema/inetorgperson.schema.dist new file mode 100644 index 00000000..6ba88f3f --- /dev/null +++ b/config-archive/etc/openldap/schema/inetorgperson.schema.dist @@ -0,0 +1,155 @@ +# inetorgperson.schema -- InetOrgPerson (RFC2798) +# $OpenLDAP$ +## This work is part of OpenLDAP Software . +## +## Copyright 1998-2011 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## . +# +# InetOrgPerson (RFC2798) +# +# Depends upon +# Definition of an X.500 Attribute Type and an Object Class to Hold +# Uniform Resource Identifiers (URIs) [RFC2079] +# (core.schema) +# +# A Summary of the X.500(96) User Schema for use with LDAPv3 [RFC2256] +# (core.schema) +# +# The COSINE and Internet X.500 Schema [RFC1274] (cosine.schema) + +# carLicense +# This multivalued field is used to record the values of the license or +# registration plate associated with an individual. +attributetype ( 2.16.840.1.113730.3.1.1 + NAME 'carLicense' + DESC 'RFC2798: vehicle license or registration plate' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +# departmentNumber +# Code for department to which a person belongs. This can also be +# strictly numeric (e.g., 1234) or alphanumeric (e.g., ABC/123). +attributetype ( 2.16.840.1.113730.3.1.2 + NAME 'departmentNumber' + DESC 'RFC2798: identifies a department within an organization' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +# displayName +# When displaying an entry, especially within a one-line summary list, it +# is useful to be able to identify a name to be used. Since other attri- +# bute types such as 'cn' are multivalued, an additional attribute type is +# needed. Display name is defined for this purpose. +attributetype ( 2.16.840.1.113730.3.1.241 + NAME 'displayName' + DESC 'RFC2798: preferred name to be used when displaying entries' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +# employeeNumber +# Numeric or alphanumeric identifier assigned to a person, typically based +# on order of hire or association with an organization. Single valued. +attributetype ( 2.16.840.1.113730.3.1.3 + NAME 'employeeNumber' + DESC 'RFC2798: numerically identifies an employee within an organization' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +# employeeType +# Used to identify the employer to employee relationship. Typical values +# used will be "Contractor", "Employee", "Intern", "Temp", "External", and +# "Unknown" but any value may be used. +attributetype ( 2.16.840.1.113730.3.1.4 + NAME 'employeeType' + DESC 'RFC2798: type of employment for a person' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +# jpegPhoto +# Used to store one or more images of a person using the JPEG File +# Interchange Format [JFIF]. +# Note that the jpegPhoto attribute type was defined for use in the +# Internet X.500 pilots but no referencable definition for it could be +# located. +attributetype ( 0.9.2342.19200300.100.1.60 + NAME 'jpegPhoto' + DESC 'RFC2798: a JPEG image' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 ) + +# preferredLanguage +# Used to indicate an individual's preferred written or spoken +# language. This is useful for international correspondence or human- +# computer interaction. Values for this attribute type MUST conform to +# the definition of the Accept-Language header field defined in +# [RFC2068] with one exception: the sequence "Accept-Language" ":" +# should be omitted. This is a single valued attribute type. +attributetype ( 2.16.840.1.113730.3.1.39 + NAME 'preferredLanguage' + DESC 'RFC2798: preferred written or spoken language for a person' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +# userSMIMECertificate +# A PKCS#7 [RFC2315] SignedData, where the content that is signed is +# ignored by consumers of userSMIMECertificate values. It is +# recommended that values have a `contentType' of data with an absent +# `content' field. Values of this attribute contain a person's entire +# certificate chain and an smimeCapabilities field [RFC2633] that at a +# minimum describes their SMIME algorithm capabilities. Values for +# this attribute are to be stored and requested in binary form, as +# 'userSMIMECertificate;binary'. If available, this attribute is +# preferred over the userCertificate attribute for S/MIME applications. +## OpenLDAP note: ";binary" transfer should NOT be used as syntax is binary +attributetype ( 2.16.840.1.113730.3.1.40 + NAME 'userSMIMECertificate' + DESC 'RFC2798: PKCS#7 SignedData used to support S/MIME' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ) + +# userPKCS12 +# PKCS #12 [PKCS12] provides a format for exchange of personal identity +# information. When such information is stored in a directory service, +# the userPKCS12 attribute should be used. This attribute is to be stored +# and requested in binary form, as 'userPKCS12;binary'. The attribute +# values are PFX PDUs stored as binary data. +## OpenLDAP note: ";binary" transfer should NOT be used as syntax is binary +attributetype ( 2.16.840.1.113730.3.1.216 + NAME 'userPKCS12' + DESC 'RFC2798: personal identity information, a PKCS #12 PFX' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ) + + +# inetOrgPerson +# The inetOrgPerson represents people who are associated with an +# organization in some way. It is a structural class and is derived +# from the organizationalPerson which is defined in X.521 [X521]. +objectclass ( 2.16.840.1.113730.3.2.2 + NAME 'inetOrgPerson' + DESC 'RFC2798: Internet Organizational Person' + SUP organizationalPerson + STRUCTURAL + MAY ( + audio $ businessCategory $ carLicense $ departmentNumber $ + displayName $ employeeNumber $ employeeType $ givenName $ + homePhone $ homePostalAddress $ initials $ jpegPhoto $ + labeledURI $ mail $ manager $ mobile $ o $ pager $ + photo $ roomNumber $ secretary $ uid $ userCertificate $ + x500uniqueIdentifier $ preferredLanguage $ + userSMIMECertificate $ userPKCS12 ) + ) diff --git a/config-archive/etc/openldap/schema/java.schema b/config-archive/etc/openldap/schema/java.schema new file mode 100644 index 00000000..5b4dc527 --- /dev/null +++ b/config-archive/etc/openldap/schema/java.schema @@ -0,0 +1,403 @@ +# java.schema -- Java Object Schema +# $OpenLDAP: pkg/ldap/servers/slapd/schema/java.schema,v 1.7.2.6 2011/01/04 23:50:52 kurt Exp $ +## This work is part of OpenLDAP Software . +## +## Copyright 1998-2011 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## . +# +# Java Object Schema (defined in RFC 2713) +# depends upon core.schema +# + +# Network Working Group V. Ryan +# Request for Comments: 2713 S. Seligman +# Category: Informational R. Lee +# Sun Microsystems, Inc. +# October 1999 +# +# +# Schema for Representing Java(tm) Objects in an LDAP Directory +# +# Status of this Memo +# +# This memo provides information for the Internet community. It does +# not specify an Internet standard of any kind. Distribution of this +# memo is unlimited. +# +# Copyright Notice +# +# Copyright (C) The Internet Society (1999). All Rights Reserved. +# +# Abstract +# +# This document defines the schema for representing Java(tm) objects in +# an LDAP directory [LDAPv3]. It defines schema elements to represent +# a Java serialized object [Serial], a Java marshalled object [RMI], a +# Java remote object [RMI], and a JNDI reference [JNDI]. +# + +# [trimmed] + +# 3 Attribute Type Definitions +# +# The following attribute types are defined in this document: +# +# javaClassName +# javaClassNames +# javaCodebase +# javaSerializedData +# javaFactory +# javaReferenceAddress +# javaDoc +# +# 3.1 javaClassName +# +# This attribute stores the fully qualified name of the Java object's +# "distinguished" class or interface (for example, "java.lang.String"). +# It is a single-valued attribute. This attribute's syntax is ' +# Directory String' and its case is significant. +# +# ( 1.3.6.1.4.1.42.2.27.4.1.6 +# NAME 'javaClassName' +# DESC 'Fully qualified name of distinguished Java class or +# interface' +# EQUALITY caseExactMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 +# SINGLE-VALUE +# ) +# +attributetype ( 1.3.6.1.4.1.42.2.27.4.1.6 + NAME 'javaClassName' + DESC 'Fully qualified name of distinguished Java class or interface' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +# 3.2 javaCodebase +# +# This attribute stores the Java class definition's locations. It +# specifies the locations from which to load the class definition for +# the class specified by the javaClassName attribute. Each value of +# the attribute contains an ordered list of URLs, separated by spaces. +# For example, a value of "url1 url2 url3" means that the three +# (possibly interdependent) URLs (url1, url2, and url3) form the +# codebase for loading in the Java class definition. +# +# If the javaCodebase attribute contains more than one value, each +# value is an independent codebase. That is, there is no relationship +# between the URLs in one value and those in another; each value can be +# viewed as an alternate source for loading the Java class definition. +# See [Java] for information regarding class loading. +# +# This attribute's syntax is 'IA5 String' and its case is significant. +# +# ( 1.3.6.1.4.1.42.2.27.4.1.7 +# NAME 'javaCodebase' +# DESC 'URL(s) specifying the location of class definition' +# EQUALITY caseExactIA5Match +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 +# ) +# +attributetype ( 1.3.6.1.4.1.42.2.27.4.1.7 + NAME 'javaCodebase' + DESC 'URL(s) specifying the location of class definition' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +# 3.3 javaClassNames +# +# This attribute stores the Java object's fully qualified class or +# interface names (for example, "java.lang.String"). It is a +# multivalued attribute. When more than one value is present, each is +# the name of a class or interface, or ancestor class or interface, of +# this object. +# +# This attribute's syntax is 'Directory String' and its case is +# significant. +# +# ( 1.3.6.1.4.1.42.2.27.4.1.13 +# NAME 'javaClassNames' +# DESC 'Fully qualified Java class or interface name' +# EQUALITY caseExactMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 +# ) +# +# +attributetype ( 1.3.6.1.4.1.42.2.27.4.1.13 + NAME 'javaClassNames' + DESC 'Fully qualified Java class or interface name' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +# 3.4 javaSerializedData +# +# This attribute stores the serialized form of a Java object. The +# serialized form is described in [Serial]. +# +# This attribute's syntax is 'Octet String'. +# +# ( 1.3.6.1.4.1.42.2.27.4.1.8 +# NAME 'javaSerializedData +# DESC 'Serialized form of a Java object' +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 +# SINGLE-VALUE +# ) +# +attributetype ( 1.3.6.1.4.1.42.2.27.4.1.8 + NAME 'javaSerializedData' + DESC 'Serialized form of a Java object' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 + SINGLE-VALUE ) + +# 3.5 javaFactory +# +# This attribute stores the fully qualified class name of the object +# factory (for example, "com.wiz.jndi.WizObjectFactory") that can be +# used to create an instance of the object identified by the +# javaClassName attribute. +# +# This attribute's syntax is 'Directory String' and its case is +# significant. +# +# ( 1.3.6.1.4.1.42.2.27.4.1.10 +# NAME 'javaFactory' +# DESC 'Fully qualified Java class name of a JNDI object factory' +# EQUALITY caseExactMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 +# SINGLE-VALUE +# ) +# +attributetype ( 1.3.6.1.4.1.42.2.27.4.1.10 + NAME 'javaFactory' + DESC 'Fully qualified Java class name of a JNDI object factory' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +# 3.6 javaReferenceAddress +# +# This attribute represents the sequence of addresses of a JNDI +# reference. Each of its values represents one address, a Java object +# of type javax.naming.RefAddr. Its value is a concatenation of the +# address type and address contents, preceded by a sequence number (the +# order of addresses in a JNDI reference is significant). For example: +# +# #0#TypeA#ValA +# #1#TypeB#ValB +# #2#TypeC##rO0ABXNyABpq... +# +# In more detail, the value is encoded as follows: +# +# The delimiter is the first character of the value. For readability +# the character '#' is recommended when it is not otherwise used +# anywhere in the value, but any character may be used subject to +# restrictions given below. +# +# The first delimiter is followed by the sequence number. The sequence +# number of an address is its position in the JNDI reference, with the +# first address being numbered 0. It is represented by its shortest +# string form, in decimal notation. +# +# The sequence number is followed by a delimiter, then by the address +# type, and then by another delimiter. If the address is of Java class +# javax.naming.StringRefAddr, then this delimiter is followed by the +# value of the address contents (which is a string). Otherwise, this +# delimiter is followed immediately by another delimiter, and then by +# the Base64 encoding of the serialized form of the entire address. +# +# The delimiter may be any character other than a digit or a character +# contained in the address type. In addition, if the address contents +# is a string, the delimiter may not be the first character of that +# string. +# +# This attribute's syntax is 'Directory String' and its case is +# significant. It can contain multiple values. +# +# ( 1.3.6.1.4.1.42.2.27.4.1.11 +# NAME 'javaReferenceAddress' +# DESC 'Addresses associated with a JNDI Reference' +# EQUALITY caseExactMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 +# ) +# +attributetype ( 1.3.6.1.4.1.42.2.27.4.1.11 + NAME 'javaReferenceAddress' + DESC 'Addresses associated with a JNDI Reference' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +# 3.7 javaDoc +# +# This attribute stores a pointer to the Java documentation for the +# class. It's value is a URL. For example, the following URL points to +# the specification of the java.lang.String class: +# http://java.sun.com/products/jdk/1.2/docs/api/java/lang/String.html +# +# This attribute's syntax is 'IA5 String' and its case is significant. +# +# ( 1.3.6.1.4.1.42.2.27.4.1.12 +# NAME 'javaDoc' +# DESC 'The Java documentation for the class' +# EQUALITY caseExactIA5Match +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 +# ) +# +attributetype ( 1.3.6.1.4.1.42.2.27.4.1.12 + NAME 'javaDoc' + DESC 'The Java documentation for the class' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +# 4 Object Class Definitions +# +# The following object classes are defined in this document: +# +# javaContainer +# javaObject +# javaSerializedObject +# javaMarshalledObject +# javaNamingReference +# +# 4.1 javaContainer +# +# This structural object class represents a container for a Java +# object. +# +# ( 1.3.6.1.4.1.42.2.27.4.2.1 +# NAME 'javaContainer' +# DESC 'Container for a Java object' +# SUP top +# STRUCTURAL +# MUST ( cn ) +# ) +# +objectclass ( 1.3.6.1.4.1.42.2.27.4.2.1 + NAME 'javaContainer' + DESC 'Container for a Java object' + SUP top + STRUCTURAL + MUST cn ) + +# 4.2 javaObject +# +# This abstract object class represents a Java object. A javaObject +# cannot exist in the directory; only auxiliary or structural +# subclasses of it can exist in the directory. +# +# ( 1.3.6.1.4.1.42.2.27.4.2.4 +# NAME 'javaObject' +# DESC 'Java object representation' +# SUP top +# ABSTRACT +# MUST ( javaClassName ) +# MAY ( javaClassNames $ +# javaCodebase $ +# javaDoc $ +# description ) +# ) +# +objectclass ( 1.3.6.1.4.1.42.2.27.4.2.4 + NAME 'javaObject' + DESC 'Java object representation' + SUP top + ABSTRACT + MUST javaClassName + MAY ( javaClassNames $ javaCodebase $ + javaDoc $ description ) ) + +# 4.3 javaSerializedObject +# +# This auxiliary object class represents a Java serialized object. It +# must be mixed in with a structural object class. +# +# ( 1.3.6.1.4.1.42.2.27.4.2.5 +# NAME 'javaSerializedObject' +# DESC 'Java serialized object' +# SUP javaObject +# AUXILIARY +# MUST ( javaSerializedData ) +# ) +# +objectclass ( 1.3.6.1.4.1.42.2.27.4.2.5 + NAME 'javaSerializedObject' + DESC 'Java serialized object' + SUP javaObject + AUXILIARY + MUST javaSerializedData ) + +# 4.4 javaMarshalledObject +# +# This auxiliary object class represents a Java marshalled object. It +# must be mixed in with a structural object class. +# +# ( 1.3.6.1.4.1.42.2.27.4.2.8 +# NAME 'javaMarshalledObject' +# DESC 'Java marshalled object' +# SUP javaObject +# AUXILIARY +# MUST ( javaSerializedData ) +# ) +# +objectclass ( 1.3.6.1.4.1.42.2.27.4.2.8 + NAME 'javaMarshalledObject' + DESC 'Java marshalled object' + SUP javaObject + AUXILIARY + MUST javaSerializedData ) + +# 4.5 javaNamingReference +# +# This auxiliary object class represents a JNDI reference. It must be +# mixed in with a structural object class. +# +# ( 1.3.6.1.4.1.42.2.27.4.2.7 +# NAME 'javaNamingReference' +# DESC 'JNDI reference' +# SUP javaObject +# AUXILIARY +# MAY ( javaReferenceAddress $ +# javaFactory ) +# ) +# +objectclass ( 1.3.6.1.4.1.42.2.27.4.2.7 + NAME 'javaNamingReference' + DESC 'JNDI reference' + SUP javaObject + AUXILIARY + MAY ( javaReferenceAddress $ javaFactory ) ) + +# Full Copyright Statement +# +# Copyright (C) The Internet Society (1999). All Rights Reserved. +# +# This document and translations of it may be copied and furnished to +# others, and derivative works that comment on or otherwise explain it +# or assist in its implementation may be prepared, copied, published +# and distributed, in whole or in part, without restriction of any +# kind, provided that the above copyright notice and this paragraph are +# included on all such copies and derivative works. However, this +# document itself may not be modified in any way, such as by removing +# the copyright notice or references to the Internet Society or other +# Internet organizations, except as needed for the purpose of +# developing Internet standards in which case the procedures for +# copyrights defined in the Internet Standards process must be +# followed, or as required to translate it into languages other than +# English. +# +# The limited permissions granted above are perpetual and will not be +# revoked by the Internet Society or its successors or assigns. +# +# This document and the information contained herein is provided on an +# "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING +# TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING +# BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION +# HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF +# MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. diff --git a/config-archive/etc/openldap/schema/java.schema.dist b/config-archive/etc/openldap/schema/java.schema.dist new file mode 100644 index 00000000..379c476b --- /dev/null +++ b/config-archive/etc/openldap/schema/java.schema.dist @@ -0,0 +1,403 @@ +# java.schema -- Java Object Schema +# $OpenLDAP$ +## This work is part of OpenLDAP Software . +## +## Copyright 1998-2011 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## . +# +# Java Object Schema (defined in RFC 2713) +# depends upon core.schema +# + +# Network Working Group V. Ryan +# Request for Comments: 2713 S. Seligman +# Category: Informational R. Lee +# Sun Microsystems, Inc. +# October 1999 +# +# +# Schema for Representing Java(tm) Objects in an LDAP Directory +# +# Status of this Memo +# +# This memo provides information for the Internet community. It does +# not specify an Internet standard of any kind. Distribution of this +# memo is unlimited. +# +# Copyright Notice +# +# Copyright (C) The Internet Society (1999). All Rights Reserved. +# +# Abstract +# +# This document defines the schema for representing Java(tm) objects in +# an LDAP directory [LDAPv3]. It defines schema elements to represent +# a Java serialized object [Serial], a Java marshalled object [RMI], a +# Java remote object [RMI], and a JNDI reference [JNDI]. +# + +# [trimmed] + +# 3 Attribute Type Definitions +# +# The following attribute types are defined in this document: +# +# javaClassName +# javaClassNames +# javaCodebase +# javaSerializedData +# javaFactory +# javaReferenceAddress +# javaDoc +# +# 3.1 javaClassName +# +# This attribute stores the fully qualified name of the Java object's +# "distinguished" class or interface (for example, "java.lang.String"). +# It is a single-valued attribute. This attribute's syntax is ' +# Directory String' and its case is significant. +# +# ( 1.3.6.1.4.1.42.2.27.4.1.6 +# NAME 'javaClassName' +# DESC 'Fully qualified name of distinguished Java class or +# interface' +# EQUALITY caseExactMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 +# SINGLE-VALUE +# ) +# +attributetype ( 1.3.6.1.4.1.42.2.27.4.1.6 + NAME 'javaClassName' + DESC 'Fully qualified name of distinguished Java class or interface' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +# 3.2 javaCodebase +# +# This attribute stores the Java class definition's locations. It +# specifies the locations from which to load the class definition for +# the class specified by the javaClassName attribute. Each value of +# the attribute contains an ordered list of URLs, separated by spaces. +# For example, a value of "url1 url2 url3" means that the three +# (possibly interdependent) URLs (url1, url2, and url3) form the +# codebase for loading in the Java class definition. +# +# If the javaCodebase attribute contains more than one value, each +# value is an independent codebase. That is, there is no relationship +# between the URLs in one value and those in another; each value can be +# viewed as an alternate source for loading the Java class definition. +# See [Java] for information regarding class loading. +# +# This attribute's syntax is 'IA5 String' and its case is significant. +# +# ( 1.3.6.1.4.1.42.2.27.4.1.7 +# NAME 'javaCodebase' +# DESC 'URL(s) specifying the location of class definition' +# EQUALITY caseExactIA5Match +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 +# ) +# +attributetype ( 1.3.6.1.4.1.42.2.27.4.1.7 + NAME 'javaCodebase' + DESC 'URL(s) specifying the location of class definition' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +# 3.3 javaClassNames +# +# This attribute stores the Java object's fully qualified class or +# interface names (for example, "java.lang.String"). It is a +# multivalued attribute. When more than one value is present, each is +# the name of a class or interface, or ancestor class or interface, of +# this object. +# +# This attribute's syntax is 'Directory String' and its case is +# significant. +# +# ( 1.3.6.1.4.1.42.2.27.4.1.13 +# NAME 'javaClassNames' +# DESC 'Fully qualified Java class or interface name' +# EQUALITY caseExactMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 +# ) +# +# +attributetype ( 1.3.6.1.4.1.42.2.27.4.1.13 + NAME 'javaClassNames' + DESC 'Fully qualified Java class or interface name' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +# 3.4 javaSerializedData +# +# This attribute stores the serialized form of a Java object. The +# serialized form is described in [Serial]. +# +# This attribute's syntax is 'Octet String'. +# +# ( 1.3.6.1.4.1.42.2.27.4.1.8 +# NAME 'javaSerializedData +# DESC 'Serialized form of a Java object' +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 +# SINGLE-VALUE +# ) +# +attributetype ( 1.3.6.1.4.1.42.2.27.4.1.8 + NAME 'javaSerializedData' + DESC 'Serialized form of a Java object' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 + SINGLE-VALUE ) + +# 3.5 javaFactory +# +# This attribute stores the fully qualified class name of the object +# factory (for example, "com.wiz.jndi.WizObjectFactory") that can be +# used to create an instance of the object identified by the +# javaClassName attribute. +# +# This attribute's syntax is 'Directory String' and its case is +# significant. +# +# ( 1.3.6.1.4.1.42.2.27.4.1.10 +# NAME 'javaFactory' +# DESC 'Fully qualified Java class name of a JNDI object factory' +# EQUALITY caseExactMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 +# SINGLE-VALUE +# ) +# +attributetype ( 1.3.6.1.4.1.42.2.27.4.1.10 + NAME 'javaFactory' + DESC 'Fully qualified Java class name of a JNDI object factory' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +# 3.6 javaReferenceAddress +# +# This attribute represents the sequence of addresses of a JNDI +# reference. Each of its values represents one address, a Java object +# of type javax.naming.RefAddr. Its value is a concatenation of the +# address type and address contents, preceded by a sequence number (the +# order of addresses in a JNDI reference is significant). For example: +# +# #0#TypeA#ValA +# #1#TypeB#ValB +# #2#TypeC##rO0ABXNyABpq... +# +# In more detail, the value is encoded as follows: +# +# The delimiter is the first character of the value. For readability +# the character '#' is recommended when it is not otherwise used +# anywhere in the value, but any character may be used subject to +# restrictions given below. +# +# The first delimiter is followed by the sequence number. The sequence +# number of an address is its position in the JNDI reference, with the +# first address being numbered 0. It is represented by its shortest +# string form, in decimal notation. +# +# The sequence number is followed by a delimiter, then by the address +# type, and then by another delimiter. If the address is of Java class +# javax.naming.StringRefAddr, then this delimiter is followed by the +# value of the address contents (which is a string). Otherwise, this +# delimiter is followed immediately by another delimiter, and then by +# the Base64 encoding of the serialized form of the entire address. +# +# The delimiter may be any character other than a digit or a character +# contained in the address type. In addition, if the address contents +# is a string, the delimiter may not be the first character of that +# string. +# +# This attribute's syntax is 'Directory String' and its case is +# significant. It can contain multiple values. +# +# ( 1.3.6.1.4.1.42.2.27.4.1.11 +# NAME 'javaReferenceAddress' +# DESC 'Addresses associated with a JNDI Reference' +# EQUALITY caseExactMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 +# ) +# +attributetype ( 1.3.6.1.4.1.42.2.27.4.1.11 + NAME 'javaReferenceAddress' + DESC 'Addresses associated with a JNDI Reference' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +# 3.7 javaDoc +# +# This attribute stores a pointer to the Java documentation for the +# class. It's value is a URL. For example, the following URL points to +# the specification of the java.lang.String class: +# http://java.sun.com/products/jdk/1.2/docs/api/java/lang/String.html +# +# This attribute's syntax is 'IA5 String' and its case is significant. +# +# ( 1.3.6.1.4.1.42.2.27.4.1.12 +# NAME 'javaDoc' +# DESC 'The Java documentation for the class' +# EQUALITY caseExactIA5Match +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 +# ) +# +attributetype ( 1.3.6.1.4.1.42.2.27.4.1.12 + NAME 'javaDoc' + DESC 'The Java documentation for the class' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +# 4 Object Class Definitions +# +# The following object classes are defined in this document: +# +# javaContainer +# javaObject +# javaSerializedObject +# javaMarshalledObject +# javaNamingReference +# +# 4.1 javaContainer +# +# This structural object class represents a container for a Java +# object. +# +# ( 1.3.6.1.4.1.42.2.27.4.2.1 +# NAME 'javaContainer' +# DESC 'Container for a Java object' +# SUP top +# STRUCTURAL +# MUST ( cn ) +# ) +# +objectclass ( 1.3.6.1.4.1.42.2.27.4.2.1 + NAME 'javaContainer' + DESC 'Container for a Java object' + SUP top + STRUCTURAL + MUST cn ) + +# 4.2 javaObject +# +# This abstract object class represents a Java object. A javaObject +# cannot exist in the directory; only auxiliary or structural +# subclasses of it can exist in the directory. +# +# ( 1.3.6.1.4.1.42.2.27.4.2.4 +# NAME 'javaObject' +# DESC 'Java object representation' +# SUP top +# ABSTRACT +# MUST ( javaClassName ) +# MAY ( javaClassNames $ +# javaCodebase $ +# javaDoc $ +# description ) +# ) +# +objectclass ( 1.3.6.1.4.1.42.2.27.4.2.4 + NAME 'javaObject' + DESC 'Java object representation' + SUP top + ABSTRACT + MUST javaClassName + MAY ( javaClassNames $ javaCodebase $ + javaDoc $ description ) ) + +# 4.3 javaSerializedObject +# +# This auxiliary object class represents a Java serialized object. It +# must be mixed in with a structural object class. +# +# ( 1.3.6.1.4.1.42.2.27.4.2.5 +# NAME 'javaSerializedObject' +# DESC 'Java serialized object' +# SUP javaObject +# AUXILIARY +# MUST ( javaSerializedData ) +# ) +# +objectclass ( 1.3.6.1.4.1.42.2.27.4.2.5 + NAME 'javaSerializedObject' + DESC 'Java serialized object' + SUP javaObject + AUXILIARY + MUST javaSerializedData ) + +# 4.4 javaMarshalledObject +# +# This auxiliary object class represents a Java marshalled object. It +# must be mixed in with a structural object class. +# +# ( 1.3.6.1.4.1.42.2.27.4.2.8 +# NAME 'javaMarshalledObject' +# DESC 'Java marshalled object' +# SUP javaObject +# AUXILIARY +# MUST ( javaSerializedData ) +# ) +# +objectclass ( 1.3.6.1.4.1.42.2.27.4.2.8 + NAME 'javaMarshalledObject' + DESC 'Java marshalled object' + SUP javaObject + AUXILIARY + MUST javaSerializedData ) + +# 4.5 javaNamingReference +# +# This auxiliary object class represents a JNDI reference. It must be +# mixed in with a structural object class. +# +# ( 1.3.6.1.4.1.42.2.27.4.2.7 +# NAME 'javaNamingReference' +# DESC 'JNDI reference' +# SUP javaObject +# AUXILIARY +# MAY ( javaReferenceAddress $ +# javaFactory ) +# ) +# +objectclass ( 1.3.6.1.4.1.42.2.27.4.2.7 + NAME 'javaNamingReference' + DESC 'JNDI reference' + SUP javaObject + AUXILIARY + MAY ( javaReferenceAddress $ javaFactory ) ) + +# Full Copyright Statement +# +# Copyright (C) The Internet Society (1999). All Rights Reserved. +# +# This document and translations of it may be copied and furnished to +# others, and derivative works that comment on or otherwise explain it +# or assist in its implementation may be prepared, copied, published +# and distributed, in whole or in part, without restriction of any +# kind, provided that the above copyright notice and this paragraph are +# included on all such copies and derivative works. However, this +# document itself may not be modified in any way, such as by removing +# the copyright notice or references to the Internet Society or other +# Internet organizations, except as needed for the purpose of +# developing Internet standards in which case the procedures for +# copyrights defined in the Internet Standards process must be +# followed, or as required to translate it into languages other than +# English. +# +# The limited permissions granted above are perpetual and will not be +# revoked by the Internet Society or its successors or assigns. +# +# This document and the information contained herein is provided on an +# "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING +# TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING +# BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION +# HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF +# MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. diff --git a/config-archive/etc/openldap/schema/misc.schema b/config-archive/etc/openldap/schema/misc.schema new file mode 100644 index 00000000..a22db3b9 --- /dev/null +++ b/config-archive/etc/openldap/schema/misc.schema @@ -0,0 +1,75 @@ +# misc.schema -- assorted schema definitions +# $OpenLDAP: pkg/ldap/servers/slapd/schema/misc.schema,v 1.30.2.6 2011/01/04 23:50:52 kurt Exp $ +## This work is part of OpenLDAP Software . +## +## Copyright 1998-2011 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## . +# +# Assorted definitions from several sources, including +# ''works in progress''. Contents of this file are +# subject to change (including deletion) without notice. +# +# Not recommended for production use! +# Use with extreme caution! + +#----------------------------------------------------------- +# draft-lachman-laser-ldap-mail-routing-02.txt !!!EXPIRED!!! +# (a work in progress) +# +attributetype ( 2.16.840.1.113730.3.1.13 + NAME 'mailLocalAddress' + DESC 'RFC822 email address of this recipient' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) + +attributetype ( 2.16.840.1.113730.3.1.18 + NAME 'mailHost' + DESC 'FQDN of the SMTP/MTA of this recipient' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} + SINGLE-VALUE ) + +attributetype ( 2.16.840.1.113730.3.1.47 + NAME 'mailRoutingAddress' + DESC 'RFC822 routing address of this recipient' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} + SINGLE-VALUE ) + +# I-D leaves this OID TBD. +# iPlanet uses 2.16.840.1.113.730.3.2.147 but that is an +# improperly delegated OID. A typo is likely. +objectclass ( 2.16.840.1.113730.3.2.147 + NAME 'inetLocalMailRecipient' + DESC 'Internet local mail recipient' + SUP top AUXILIARY + MAY ( mailLocalAddress $ mailHost $ mailRoutingAddress ) ) + +#----------------------------------------------------------- +# draft-srivastava-ldap-mail-00.txt !!!EXPIRED!!! +# (a work in progress) +# +attributetype ( 1.3.6.1.4.1.42.2.27.2.1.15 + NAME 'rfc822MailMember' + DESC 'rfc822 mail address of group member(s)' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +#----------------------------------------------------------- +# !!!no I-D!!! +# (a work in progress) +# +objectclass ( 1.3.6.1.4.1.42.2.27.1.2.5 + NAME 'nisMailAlias' + DESC 'NIS mail alias' + SUP top STRUCTURAL + MUST cn + MAY rfc822MailMember ) diff --git a/config-archive/etc/openldap/schema/misc.schema.dist b/config-archive/etc/openldap/schema/misc.schema.dist new file mode 100644 index 00000000..f4886c4f --- /dev/null +++ b/config-archive/etc/openldap/schema/misc.schema.dist @@ -0,0 +1,75 @@ +# misc.schema -- assorted schema definitions +# $OpenLDAP$ +## This work is part of OpenLDAP Software . +## +## Copyright 1998-2011 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## . +# +# Assorted definitions from several sources, including +# ''works in progress''. Contents of this file are +# subject to change (including deletion) without notice. +# +# Not recommended for production use! +# Use with extreme caution! + +#----------------------------------------------------------- +# draft-lachman-laser-ldap-mail-routing-02.txt !!!EXPIRED!!! +# (a work in progress) +# +attributetype ( 2.16.840.1.113730.3.1.13 + NAME 'mailLocalAddress' + DESC 'RFC822 email address of this recipient' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) + +attributetype ( 2.16.840.1.113730.3.1.18 + NAME 'mailHost' + DESC 'FQDN of the SMTP/MTA of this recipient' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} + SINGLE-VALUE ) + +attributetype ( 2.16.840.1.113730.3.1.47 + NAME 'mailRoutingAddress' + DESC 'RFC822 routing address of this recipient' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} + SINGLE-VALUE ) + +# I-D leaves this OID TBD. +# iPlanet uses 2.16.840.1.113.730.3.2.147 but that is an +# improperly delegated OID. A typo is likely. +objectclass ( 2.16.840.1.113730.3.2.147 + NAME 'inetLocalMailRecipient' + DESC 'Internet local mail recipient' + SUP top AUXILIARY + MAY ( mailLocalAddress $ mailHost $ mailRoutingAddress ) ) + +#----------------------------------------------------------- +# draft-srivastava-ldap-mail-00.txt !!!EXPIRED!!! +# (a work in progress) +# +attributetype ( 1.3.6.1.4.1.42.2.27.2.1.15 + NAME 'rfc822MailMember' + DESC 'rfc822 mail address of group member(s)' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +#----------------------------------------------------------- +# !!!no I-D!!! +# (a work in progress) +# +objectclass ( 1.3.6.1.4.1.42.2.27.1.2.5 + NAME 'nisMailAlias' + DESC 'NIS mail alias' + SUP top STRUCTURAL + MUST cn + MAY rfc822MailMember ) diff --git a/config-archive/etc/openldap/schema/nis.ldif b/config-archive/etc/openldap/schema/nis.ldif new file mode 100644 index 00000000..e7544712 --- /dev/null +++ b/config-archive/etc/openldap/schema/nis.ldif @@ -0,0 +1,120 @@ +# NIS (RFC2307) +# $OpenLDAP: pkg/ldap/servers/slapd/schema/nis.ldif,v 1.1.2.6 2011/01/04 23:50:52 kurt Exp $ +## This work is part of OpenLDAP Software . +## +## Copyright 1998-2011 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## . +# +# Definitions from RFC2307 (Experimental) +# An Approach for Using LDAP as a Network Information Service +# +# Depends upon core.ldif and cosine.ldif +# +# This file was automatically generated from nis.schema; see that file +# for complete references. +# +dn: cn=nis,cn=schema,cn=config +objectClass: olcSchemaConfig +cn: nis +olcAttributeTypes: ( 1.3.6.1.1.1.1.2 NAME 'gecos' DESC 'The GECOS field; th + e common name' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatc + h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory' DESC 'The absolut + e path to the home directory' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: ( 1.3.6.1.1.1.1.4 NAME 'loginShell' DESC 'The path to th + e login shell' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.2 + 6 SINGLE-VALUE ) +olcAttributeTypes: ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' EQUALITY integ + erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: ( 1.3.6.1.1.1.1.6 NAME 'shadowMin' EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: ( 1.3.6.1.1.1.1.7 NAME 'shadowMax' EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning' EQUALITY integerM + atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive' EQUALITY integer + Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire' EQUALITY integerM + atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag' EQUALITY integerMat + ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: ( 1.3.6.1.1.1.1.12 NAME 'memberUid' EQUALITY caseExactI + A5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 26 ) +olcAttributeTypes: ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup' EQUALITY ca + seExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.11 + 5.121.1.26 ) +olcAttributeTypes: ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' DESC 'Netgr + oup triple' SYNTAX 1.3.6.1.1.1.0.0 ) +olcAttributeTypes: ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort' EQUALITY intege + rMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol' SUP name ) +olcAttributeTypes: ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber' EQUALITY int + egerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber' EQUALITY integer + Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber' DESC 'IP address + ' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) +olcAttributeTypes: ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber' DESC 'IP netw + ork' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SI + NGLE-VALUE ) +olcAttributeTypes: ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber' DESC 'IP netm + ask' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SI + NGLE-VALUE ) +olcAttributeTypes: ( 1.3.6.1.1.1.1.22 NAME 'macAddress' DESC 'MAC address' + EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) +olcAttributeTypes: ( 1.3.6.1.1.1.1.23 NAME 'bootParameter' DESC 'rpc.bootp + aramd parameter' SYNTAX 1.3.6.1.1.1.0.1 ) +olcAttributeTypes: ( 1.3.6.1.1.1.1.24 NAME 'bootFile' DESC 'Boot image nam + e' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: ( 1.3.6.1.1.1.1.26 NAME 'nisMapName' SUP name ) +olcAttributeTypes: ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry' EQUALITY caseExac + tIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.26{1024} SINGLE-VALUE ) +olcObjectClasses: ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' DESC 'Abstraction o + f an account with POSIX attributes' SUP top AUXILIARY MUST ( cn $ uid $ uidNu + mber $ gidNumber $ homeDirectory ) MAY ( userPassword $ loginShell $ gecos $ + description ) ) +olcObjectClasses: ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' DESC 'Additional a + ttributes for shadow passwords' SUP top AUXILIARY MUST uid MAY ( userPassword + $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive + $ shadowExpire $ shadowFlag $ description ) ) +olcObjectClasses: ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' DESC 'Abstraction of + a group of accounts' SUP top STRUCTURAL MUST ( cn $ gidNumber ) MAY ( userPas + sword $ memberUid $ description ) ) +olcObjectClasses: ( 1.3.6.1.1.1.2.3 NAME 'ipService' DESC 'Abstraction an I + nternet Protocol service' SUP top STRUCTURAL MUST ( cn $ ipServicePort $ ipSe + rviceProtocol ) MAY description ) +olcObjectClasses: ( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' DESC 'Abstraction of + an IP protocol' SUP top STRUCTURAL MUST ( cn $ ipProtocolNumber $ description + ) MAY description ) +olcObjectClasses: ( 1.3.6.1.1.1.2.5 NAME 'oncRpc' DESC 'Abstraction of an O + NC/RPC binding' SUP top STRUCTURAL MUST ( cn $ oncRpcNumber $ description ) M + AY description ) +olcObjectClasses: ( 1.3.6.1.1.1.2.6 NAME 'ipHost' DESC 'Abstraction of a ho + st, an IP device' SUP top AUXILIARY MUST ( cn $ ipHostNumber ) MAY ( l $ desc + ription $ manager ) ) +olcObjectClasses: ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' DESC 'Abstraction of a + n IP network' SUP top STRUCTURAL MUST ( cn $ ipNetworkNumber ) MAY ( ipNetmas + kNumber $ l $ description $ manager ) ) +olcObjectClasses: ( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' DESC 'Abstraction of + a netgroup' SUP top STRUCTURAL MUST cn MAY ( nisNetgroupTriple $ memberNisNe + tgroup $ description ) ) +olcObjectClasses: ( 1.3.6.1.1.1.2.9 NAME 'nisMap' DESC 'A generic abstracti + on of a NIS map' SUP top STRUCTURAL MUST nisMapName MAY description ) +olcObjectClasses: ( 1.3.6.1.1.1.2.10 NAME 'nisObject' DESC 'An entry in a + NIS map' SUP top STRUCTURAL MUST ( cn $ nisMapEntry $ nisMapName ) MAY descri + ption ) +olcObjectClasses: ( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' DESC 'A device w + ith a MAC address' SUP top AUXILIARY MAY macAddress ) +olcObjectClasses: ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' DESC 'A device + with boot parameters' SUP top AUXILIARY MAY ( bootFile $ bootParameter ) ) diff --git a/config-archive/etc/openldap/schema/nis.ldif.dist b/config-archive/etc/openldap/schema/nis.ldif.dist new file mode 100644 index 00000000..f2c7df2c --- /dev/null +++ b/config-archive/etc/openldap/schema/nis.ldif.dist @@ -0,0 +1,120 @@ +# NIS (RFC2307) +# $OpenLDAP$ +## This work is part of OpenLDAP Software . +## +## Copyright 1998-2011 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## . +# +# Definitions from RFC2307 (Experimental) +# An Approach for Using LDAP as a Network Information Service +# +# Depends upon core.ldif and cosine.ldif +# +# This file was automatically generated from nis.schema; see that file +# for complete references. +# +dn: cn=nis,cn=schema,cn=config +objectClass: olcSchemaConfig +cn: nis +olcAttributeTypes: ( 1.3.6.1.1.1.1.2 NAME 'gecos' DESC 'The GECOS field; th + e common name' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatc + h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory' DESC 'The absolut + e path to the home directory' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: ( 1.3.6.1.1.1.1.4 NAME 'loginShell' DESC 'The path to th + e login shell' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.2 + 6 SINGLE-VALUE ) +olcAttributeTypes: ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' EQUALITY integ + erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: ( 1.3.6.1.1.1.1.6 NAME 'shadowMin' EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: ( 1.3.6.1.1.1.1.7 NAME 'shadowMax' EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning' EQUALITY integerM + atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive' EQUALITY integer + Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire' EQUALITY integerM + atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag' EQUALITY integerMat + ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: ( 1.3.6.1.1.1.1.12 NAME 'memberUid' EQUALITY caseExactI + A5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 26 ) +olcAttributeTypes: ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup' EQUALITY ca + seExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.11 + 5.121.1.26 ) +olcAttributeTypes: ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' DESC 'Netgr + oup triple' SYNTAX 1.3.6.1.1.1.0.0 ) +olcAttributeTypes: ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort' EQUALITY intege + rMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol' SUP name ) +olcAttributeTypes: ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber' EQUALITY int + egerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber' EQUALITY integer + Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber' DESC 'IP address + ' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) +olcAttributeTypes: ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber' DESC 'IP netw + ork' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SI + NGLE-VALUE ) +olcAttributeTypes: ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber' DESC 'IP netm + ask' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SI + NGLE-VALUE ) +olcAttributeTypes: ( 1.3.6.1.1.1.1.22 NAME 'macAddress' DESC 'MAC address' + EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) +olcAttributeTypes: ( 1.3.6.1.1.1.1.23 NAME 'bootParameter' DESC 'rpc.bootp + aramd parameter' SYNTAX 1.3.6.1.1.1.0.1 ) +olcAttributeTypes: ( 1.3.6.1.1.1.1.24 NAME 'bootFile' DESC 'Boot image nam + e' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: ( 1.3.6.1.1.1.1.26 NAME 'nisMapName' SUP name ) +olcAttributeTypes: ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry' EQUALITY caseExac + tIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.26{1024} SINGLE-VALUE ) +olcObjectClasses: ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' DESC 'Abstraction o + f an account with POSIX attributes' SUP top AUXILIARY MUST ( cn $ uid $ uidNu + mber $ gidNumber $ homeDirectory ) MAY ( userPassword $ loginShell $ gecos $ + description ) ) +olcObjectClasses: ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' DESC 'Additional a + ttributes for shadow passwords' SUP top AUXILIARY MUST uid MAY ( userPassword + $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive + $ shadowExpire $ shadowFlag $ description ) ) +olcObjectClasses: ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' DESC 'Abstraction of + a group of accounts' SUP top STRUCTURAL MUST ( cn $ gidNumber ) MAY ( userPas + sword $ memberUid $ description ) ) +olcObjectClasses: ( 1.3.6.1.1.1.2.3 NAME 'ipService' DESC 'Abstraction an I + nternet Protocol service' SUP top STRUCTURAL MUST ( cn $ ipServicePort $ ipSe + rviceProtocol ) MAY description ) +olcObjectClasses: ( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' DESC 'Abstraction of + an IP protocol' SUP top STRUCTURAL MUST ( cn $ ipProtocolNumber $ description + ) MAY description ) +olcObjectClasses: ( 1.3.6.1.1.1.2.5 NAME 'oncRpc' DESC 'Abstraction of an O + NC/RPC binding' SUP top STRUCTURAL MUST ( cn $ oncRpcNumber $ description ) M + AY description ) +olcObjectClasses: ( 1.3.6.1.1.1.2.6 NAME 'ipHost' DESC 'Abstraction of a ho + st, an IP device' SUP top AUXILIARY MUST ( cn $ ipHostNumber ) MAY ( l $ desc + ription $ manager ) ) +olcObjectClasses: ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' DESC 'Abstraction of a + n IP network' SUP top STRUCTURAL MUST ( cn $ ipNetworkNumber ) MAY ( ipNetmas + kNumber $ l $ description $ manager ) ) +olcObjectClasses: ( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' DESC 'Abstraction of + a netgroup' SUP top STRUCTURAL MUST cn MAY ( nisNetgroupTriple $ memberNisNe + tgroup $ description ) ) +olcObjectClasses: ( 1.3.6.1.1.1.2.9 NAME 'nisMap' DESC 'A generic abstracti + on of a NIS map' SUP top STRUCTURAL MUST nisMapName MAY description ) +olcObjectClasses: ( 1.3.6.1.1.1.2.10 NAME 'nisObject' DESC 'An entry in a + NIS map' SUP top STRUCTURAL MUST ( cn $ nisMapEntry $ nisMapName ) MAY descri + ption ) +olcObjectClasses: ( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' DESC 'A device w + ith a MAC address' SUP top AUXILIARY MAY macAddress ) +olcObjectClasses: ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' DESC 'A device + with boot parameters' SUP top AUXILIARY MAY ( bootFile $ bootParameter ) ) diff --git a/config-archive/etc/openldap/schema/nis.schema b/config-archive/etc/openldap/schema/nis.schema new file mode 100644 index 00000000..8fc10887 --- /dev/null +++ b/config-archive/etc/openldap/schema/nis.schema @@ -0,0 +1,237 @@ +# $OpenLDAP: pkg/ldap/servers/slapd/schema/nis.schema,v 1.15.2.6 2011/01/04 23:50:52 kurt Exp $ +## This work is part of OpenLDAP Software . +## +## Copyright 1998-2011 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## . + +# Definitions from RFC2307 (Experimental) +# An Approach for Using LDAP as a Network Information Service + +# Depends upon core.schema and cosine.schema + +# Note: The definitions in RFC2307 are given in syntaxes closely related +# to those in RFC2252, however, some liberties are taken that are not +# supported by RFC2252. This file has been written following RFC2252 +# strictly. + +# OID Base is iso(1) org(3) dod(6) internet(1) directory(1) nisSchema(1). +# i.e. nisSchema in RFC2307 is 1.3.6.1.1.1 +# +# Syntaxes are under 1.3.6.1.1.1.0 (two new syntaxes are defined) +# validaters for these syntaxes are incomplete, they only +# implement printable string validation (which is good as the +# common use of these syntaxes violates the specification). +# Attribute types are under 1.3.6.1.1.1.1 +# Object classes are under 1.3.6.1.1.1.2 + +# Attribute Type Definitions + +# builtin +#attributetype ( 1.3.6.1.1.1.1.0 NAME 'uidNumber' +# DESC 'An integer uniquely identifying a user in an administrative domain' +# EQUALITY integerMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +# builtin +#attributetype ( 1.3.6.1.1.1.1.1 NAME 'gidNumber' +# DESC 'An integer uniquely identifying a group in an administrative domain' +# EQUALITY integerMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.2 NAME 'gecos' + DESC 'The GECOS field; the common name' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory' + DESC 'The absolute path to the home directory' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.4 NAME 'loginShell' + DESC 'The path to the login shell' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.6 NAME 'shadowMin' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.7 NAME 'shadowMax' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.12 NAME 'memberUid' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' + DESC 'Netgroup triple' + SYNTAX 1.3.6.1.1.1.0.0 ) + +attributetype ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol' + SUP name ) + +attributetype ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber' + DESC 'IP address' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) + +attributetype ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber' + DESC 'IP network' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber' + DESC 'IP netmask' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.22 NAME 'macAddress' + DESC 'MAC address' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) + +attributetype ( 1.3.6.1.1.1.1.23 NAME 'bootParameter' + DESC 'rpc.bootparamd parameter' + SYNTAX 1.3.6.1.1.1.0.1 ) + +attributetype ( 1.3.6.1.1.1.1.24 NAME 'bootFile' + DESC 'Boot image name' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.1.1.1.26 NAME 'nisMapName' + SUP name ) + +attributetype ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1024} SINGLE-VALUE ) + +# Object Class Definitions + +objectclass ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' + DESC 'Abstraction of an account with POSIX attributes' + SUP top AUXILIARY + MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory ) + MAY ( userPassword $ loginShell $ gecos $ description ) ) + +objectclass ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' + DESC 'Additional attributes for shadow passwords' + SUP top AUXILIARY + MUST uid + MAY ( userPassword $ shadowLastChange $ shadowMin $ + shadowMax $ shadowWarning $ shadowInactive $ + shadowExpire $ shadowFlag $ description ) ) + +objectclass ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' + DESC 'Abstraction of a group of accounts' + SUP top STRUCTURAL + MUST ( cn $ gidNumber ) + MAY ( userPassword $ memberUid $ description ) ) + +objectclass ( 1.3.6.1.1.1.2.3 NAME 'ipService' + DESC 'Abstraction an Internet Protocol service' + SUP top STRUCTURAL + MUST ( cn $ ipServicePort $ ipServiceProtocol ) + MAY ( description ) ) + +objectclass ( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' + DESC 'Abstraction of an IP protocol' + SUP top STRUCTURAL + MUST ( cn $ ipProtocolNumber $ description ) + MAY description ) + +objectclass ( 1.3.6.1.1.1.2.5 NAME 'oncRpc' + DESC 'Abstraction of an ONC/RPC binding' + SUP top STRUCTURAL + MUST ( cn $ oncRpcNumber $ description ) + MAY description ) + +objectclass ( 1.3.6.1.1.1.2.6 NAME 'ipHost' + DESC 'Abstraction of a host, an IP device' + SUP top AUXILIARY + MUST ( cn $ ipHostNumber ) + MAY ( l $ description $ manager ) ) + +objectclass ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' + DESC 'Abstraction of an IP network' + SUP top STRUCTURAL + MUST ( cn $ ipNetworkNumber ) + MAY ( ipNetmaskNumber $ l $ description $ manager ) ) + +objectclass ( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' + DESC 'Abstraction of a netgroup' + SUP top STRUCTURAL + MUST cn + MAY ( nisNetgroupTriple $ memberNisNetgroup $ description ) ) + +objectclass ( 1.3.6.1.1.1.2.9 NAME 'nisMap' + DESC 'A generic abstraction of a NIS map' + SUP top STRUCTURAL + MUST nisMapName + MAY description ) + +objectclass ( 1.3.6.1.1.1.2.10 NAME 'nisObject' + DESC 'An entry in a NIS map' + SUP top STRUCTURAL + MUST ( cn $ nisMapEntry $ nisMapName ) + MAY description ) + +objectclass ( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' + DESC 'A device with a MAC address' + SUP top AUXILIARY + MAY macAddress ) + +objectclass ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' + DESC 'A device with boot parameters' + SUP top AUXILIARY + MAY ( bootFile $ bootParameter ) ) diff --git a/config-archive/etc/openldap/schema/nis.schema.dist b/config-archive/etc/openldap/schema/nis.schema.dist new file mode 100644 index 00000000..c4ac5c6b --- /dev/null +++ b/config-archive/etc/openldap/schema/nis.schema.dist @@ -0,0 +1,237 @@ +# $OpenLDAP$ +## This work is part of OpenLDAP Software . +## +## Copyright 1998-2011 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## . + +# Definitions from RFC2307 (Experimental) +# An Approach for Using LDAP as a Network Information Service + +# Depends upon core.schema and cosine.schema + +# Note: The definitions in RFC2307 are given in syntaxes closely related +# to those in RFC2252, however, some liberties are taken that are not +# supported by RFC2252. This file has been written following RFC2252 +# strictly. + +# OID Base is iso(1) org(3) dod(6) internet(1) directory(1) nisSchema(1). +# i.e. nisSchema in RFC2307 is 1.3.6.1.1.1 +# +# Syntaxes are under 1.3.6.1.1.1.0 (two new syntaxes are defined) +# validaters for these syntaxes are incomplete, they only +# implement printable string validation (which is good as the +# common use of these syntaxes violates the specification). +# Attribute types are under 1.3.6.1.1.1.1 +# Object classes are under 1.3.6.1.1.1.2 + +# Attribute Type Definitions + +# builtin +#attributetype ( 1.3.6.1.1.1.1.0 NAME 'uidNumber' +# DESC 'An integer uniquely identifying a user in an administrative domain' +# EQUALITY integerMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +# builtin +#attributetype ( 1.3.6.1.1.1.1.1 NAME 'gidNumber' +# DESC 'An integer uniquely identifying a group in an administrative domain' +# EQUALITY integerMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.2 NAME 'gecos' + DESC 'The GECOS field; the common name' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory' + DESC 'The absolute path to the home directory' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.4 NAME 'loginShell' + DESC 'The path to the login shell' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.6 NAME 'shadowMin' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.7 NAME 'shadowMax' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.12 NAME 'memberUid' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' + DESC 'Netgroup triple' + SYNTAX 1.3.6.1.1.1.0.0 ) + +attributetype ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol' + SUP name ) + +attributetype ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber' + DESC 'IP address' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) + +attributetype ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber' + DESC 'IP network' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber' + DESC 'IP netmask' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.22 NAME 'macAddress' + DESC 'MAC address' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) + +attributetype ( 1.3.6.1.1.1.1.23 NAME 'bootParameter' + DESC 'rpc.bootparamd parameter' + SYNTAX 1.3.6.1.1.1.0.1 ) + +attributetype ( 1.3.6.1.1.1.1.24 NAME 'bootFile' + DESC 'Boot image name' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.1.1.1.26 NAME 'nisMapName' + SUP name ) + +attributetype ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1024} SINGLE-VALUE ) + +# Object Class Definitions + +objectclass ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' + DESC 'Abstraction of an account with POSIX attributes' + SUP top AUXILIARY + MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory ) + MAY ( userPassword $ loginShell $ gecos $ description ) ) + +objectclass ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' + DESC 'Additional attributes for shadow passwords' + SUP top AUXILIARY + MUST uid + MAY ( userPassword $ shadowLastChange $ shadowMin $ + shadowMax $ shadowWarning $ shadowInactive $ + shadowExpire $ shadowFlag $ description ) ) + +objectclass ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' + DESC 'Abstraction of a group of accounts' + SUP top STRUCTURAL + MUST ( cn $ gidNumber ) + MAY ( userPassword $ memberUid $ description ) ) + +objectclass ( 1.3.6.1.1.1.2.3 NAME 'ipService' + DESC 'Abstraction an Internet Protocol service' + SUP top STRUCTURAL + MUST ( cn $ ipServicePort $ ipServiceProtocol ) + MAY ( description ) ) + +objectclass ( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' + DESC 'Abstraction of an IP protocol' + SUP top STRUCTURAL + MUST ( cn $ ipProtocolNumber $ description ) + MAY description ) + +objectclass ( 1.3.6.1.1.1.2.5 NAME 'oncRpc' + DESC 'Abstraction of an ONC/RPC binding' + SUP top STRUCTURAL + MUST ( cn $ oncRpcNumber $ description ) + MAY description ) + +objectclass ( 1.3.6.1.1.1.2.6 NAME 'ipHost' + DESC 'Abstraction of a host, an IP device' + SUP top AUXILIARY + MUST ( cn $ ipHostNumber ) + MAY ( l $ description $ manager ) ) + +objectclass ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' + DESC 'Abstraction of an IP network' + SUP top STRUCTURAL + MUST ( cn $ ipNetworkNumber ) + MAY ( ipNetmaskNumber $ l $ description $ manager ) ) + +objectclass ( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' + DESC 'Abstraction of a netgroup' + SUP top STRUCTURAL + MUST cn + MAY ( nisNetgroupTriple $ memberNisNetgroup $ description ) ) + +objectclass ( 1.3.6.1.1.1.2.9 NAME 'nisMap' + DESC 'A generic abstraction of a NIS map' + SUP top STRUCTURAL + MUST nisMapName + MAY description ) + +objectclass ( 1.3.6.1.1.1.2.10 NAME 'nisObject' + DESC 'An entry in a NIS map' + SUP top STRUCTURAL + MUST ( cn $ nisMapEntry $ nisMapName ) + MAY description ) + +objectclass ( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' + DESC 'A device with a MAC address' + SUP top AUXILIARY + MAY macAddress ) + +objectclass ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' + DESC 'A device with boot parameters' + SUP top AUXILIARY + MAY ( bootFile $ bootParameter ) ) diff --git a/config-archive/etc/openldap/schema/openldap.ldif b/config-archive/etc/openldap/schema/openldap.ldif new file mode 100644 index 00000000..1c532f7d --- /dev/null +++ b/config-archive/etc/openldap/schema/openldap.ldif @@ -0,0 +1,88 @@ +# $OpenLDAP: pkg/ldap/servers/slapd/schema/openldap.ldif,v 1.2.2.7 2011/01/04 23:50:52 kurt Exp $ +## This work is part of OpenLDAP Software . +## +## Copyright 1998-2011 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## . +# +# +# OpenLDAP Project's directory schema items +# +# depends upon: +# core.schema +# cosine.schema +# inetorgperson.schema +# +# These are provided for informational purposes only. +# +# This openldap.ldif file is provided as a demonstration of how to +# convert a *.schema file into *.ldif format. The key points: +# In LDIF, a blank line terminates an entry. Blank lines in a *.schema +# file should be replaced with a single '#' to turn them into +# comments, or they should just be removed. +# In addition to the actual schema directives, the file needs a small +# header to make it a valid LDAP entry. This header must provide the +# dn of the entry, the objectClass, and the cn, as shown here: +# +dn: cn=openldap,cn=schema,cn=config +objectClass: olcSchemaConfig +cn: openldap +# +# The schema directives need to be changed to LDAP Attributes. +# First a basic string substitution can be done on each of the keywords: +# objectIdentifier -> olcObjectIdentifier: +# objectClass -> olcObjectClasses: +# attributeType -> olcAttributeTypes: +# Then leading whitespace must be fixed. The slapd.conf format allows +# tabs or spaces to denote line continuation, while LDIF only allows +# the space character. +# Also slapd.conf preserves the continuation character, while LDIF strips +# it out. So a single TAB/SPACE in slapd.conf must be replaced with +# two SPACEs in LDIF, otherwise the continued text may get joined as +# a single word. +# The directives must be listed in a proper sequence: +# All olcObjectIdentifiers must be first, so they may be referenced by +# any following definitions. +# All olcAttributeTypes must be next, so they may be referenced by any +# following objectClass definitions. +# All olcObjectClasses must be after the olcAttributeTypes. +# And of course, any superior must occur before anything that inherits +# from it. +# +olcObjectIdentifier: OpenLDAProot 1.3.6.1.4.1.4203 +# +olcObjectIdentifier: OpenLDAP OpenLDAProot:1 +olcObjectIdentifier: OpenLDAPattributeType OpenLDAP:3 +olcObjectIdentifier: OpenLDAPobjectClass OpenLDAP:4 +# +olcObjectClasses: ( OpenLDAPobjectClass:3 + NAME 'OpenLDAPorg' + DESC 'OpenLDAP Organizational Object' + SUP organization + MAY ( buildingName $ displayName $ labeledURI ) ) +# +olcObjectClasses: ( OpenLDAPobjectClass:4 + NAME 'OpenLDAPou' + DESC 'OpenLDAP Organizational Unit Object' + SUP organizationalUnit + MAY ( buildingName $ displayName $ labeledURI $ o ) ) +# +olcObjectClasses: ( OpenLDAPobjectClass:5 + NAME 'OpenLDAPperson' + DESC 'OpenLDAP Person' + SUP ( pilotPerson $ inetOrgPerson ) + MUST ( uid $ cn ) + MAY ( givenName $ labeledURI $ o ) ) +# +olcObjectClasses: ( OpenLDAPobjectClass:6 + NAME 'OpenLDAPdisplayableObject' + DESC 'OpenLDAP Displayable Object' + AUXILIARY + MAY displayName ) diff --git a/config-archive/etc/openldap/schema/openldap.ldif.dist b/config-archive/etc/openldap/schema/openldap.ldif.dist new file mode 100644 index 00000000..c680d928 --- /dev/null +++ b/config-archive/etc/openldap/schema/openldap.ldif.dist @@ -0,0 +1,88 @@ +# $OpenLDAP$ +## This work is part of OpenLDAP Software . +## +## Copyright 1998-2011 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## . +# +# +# OpenLDAP Project's directory schema items +# +# depends upon: +# core.schema +# cosine.schema +# inetorgperson.schema +# +# These are provided for informational purposes only. +# +# This openldap.ldif file is provided as a demonstration of how to +# convert a *.schema file into *.ldif format. The key points: +# In LDIF, a blank line terminates an entry. Blank lines in a *.schema +# file should be replaced with a single '#' to turn them into +# comments, or they should just be removed. +# In addition to the actual schema directives, the file needs a small +# header to make it a valid LDAP entry. This header must provide the +# dn of the entry, the objectClass, and the cn, as shown here: +# +dn: cn=openldap,cn=schema,cn=config +objectClass: olcSchemaConfig +cn: openldap +# +# The schema directives need to be changed to LDAP Attributes. +# First a basic string substitution can be done on each of the keywords: +# objectIdentifier -> olcObjectIdentifier: +# objectClass -> olcObjectClasses: +# attributeType -> olcAttributeTypes: +# Then leading whitespace must be fixed. The slapd.conf format allows +# tabs or spaces to denote line continuation, while LDIF only allows +# the space character. +# Also slapd.conf preserves the continuation character, while LDIF strips +# it out. So a single TAB/SPACE in slapd.conf must be replaced with +# two SPACEs in LDIF, otherwise the continued text may get joined as +# a single word. +# The directives must be listed in a proper sequence: +# All olcObjectIdentifiers must be first, so they may be referenced by +# any following definitions. +# All olcAttributeTypes must be next, so they may be referenced by any +# following objectClass definitions. +# All olcObjectClasses must be after the olcAttributeTypes. +# And of course, any superior must occur before anything that inherits +# from it. +# +olcObjectIdentifier: OpenLDAProot 1.3.6.1.4.1.4203 +# +olcObjectIdentifier: OpenLDAP OpenLDAProot:1 +olcObjectIdentifier: OpenLDAPattributeType OpenLDAP:3 +olcObjectIdentifier: OpenLDAPobjectClass OpenLDAP:4 +# +olcObjectClasses: ( OpenLDAPobjectClass:3 + NAME 'OpenLDAPorg' + DESC 'OpenLDAP Organizational Object' + SUP organization + MAY ( buildingName $ displayName $ labeledURI ) ) +# +olcObjectClasses: ( OpenLDAPobjectClass:4 + NAME 'OpenLDAPou' + DESC 'OpenLDAP Organizational Unit Object' + SUP organizationalUnit + MAY ( buildingName $ displayName $ labeledURI $ o ) ) +# +olcObjectClasses: ( OpenLDAPobjectClass:5 + NAME 'OpenLDAPperson' + DESC 'OpenLDAP Person' + SUP ( pilotPerson $ inetOrgPerson ) + MUST ( uid $ cn ) + MAY ( givenName $ labeledURI $ o ) ) +# +olcObjectClasses: ( OpenLDAPobjectClass:6 + NAME 'OpenLDAPdisplayableObject' + DESC 'OpenLDAP Displayable Object' + AUXILIARY + MAY displayName ) diff --git a/config-archive/etc/openldap/schema/openldap.schema b/config-archive/etc/openldap/schema/openldap.schema new file mode 100644 index 00000000..c8b92905 --- /dev/null +++ b/config-archive/etc/openldap/schema/openldap.schema @@ -0,0 +1,54 @@ +# $OpenLDAP: pkg/ldap/servers/slapd/schema/openldap.schema,v 1.24.2.7 2011/01/04 23:50:52 kurt Exp $ +## This work is part of OpenLDAP Software . +## +## Copyright 1998-2011 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## . + +# +# OpenLDAP Project's directory schema items +# +# depends upon: +# core.schema +# cosine.schema +# inetorgperson.schema +# +# These are provided for informational purposes only. + +objectIdentifier OpenLDAProot 1.3.6.1.4.1.4203 + +objectIdentifier OpenLDAP OpenLDAProot:1 +objectIdentifier OpenLDAPattributeType OpenLDAP:3 +objectIdentifier OpenLDAPobjectClass OpenLDAP:4 + +objectClass ( OpenLDAPobjectClass:3 + NAME 'OpenLDAPorg' + DESC 'OpenLDAP Organizational Object' + SUP organization + MAY ( buildingName $ displayName $ labeledURI ) ) + +objectClass ( OpenLDAPobjectClass:4 + NAME 'OpenLDAPou' + DESC 'OpenLDAP Organizational Unit Object' + SUP organizationalUnit + MAY ( buildingName $ displayName $ labeledURI $ o ) ) + +objectClass ( OpenLDAPobjectClass:5 + NAME 'OpenLDAPperson' + DESC 'OpenLDAP Person' + SUP ( pilotPerson $ inetOrgPerson ) + MUST ( uid $ cn ) + MAY ( givenName $ labeledURI $ o ) ) + +objectClass ( OpenLDAPobjectClass:6 + NAME 'OpenLDAPdisplayableObject' + DESC 'OpenLDAP Displayable Object' + AUXILIARY + MAY displayName ) diff --git a/config-archive/etc/openldap/schema/openldap.schema.dist b/config-archive/etc/openldap/schema/openldap.schema.dist new file mode 100644 index 00000000..d4b336da --- /dev/null +++ b/config-archive/etc/openldap/schema/openldap.schema.dist @@ -0,0 +1,54 @@ +# $OpenLDAP$ +## This work is part of OpenLDAP Software . +## +## Copyright 1998-2011 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## . + +# +# OpenLDAP Project's directory schema items +# +# depends upon: +# core.schema +# cosine.schema +# inetorgperson.schema +# +# These are provided for informational purposes only. + +objectIdentifier OpenLDAProot 1.3.6.1.4.1.4203 + +objectIdentifier OpenLDAP OpenLDAProot:1 +objectIdentifier OpenLDAPattributeType OpenLDAP:3 +objectIdentifier OpenLDAPobjectClass OpenLDAP:4 + +objectClass ( OpenLDAPobjectClass:3 + NAME 'OpenLDAPorg' + DESC 'OpenLDAP Organizational Object' + SUP organization + MAY ( buildingName $ displayName $ labeledURI ) ) + +objectClass ( OpenLDAPobjectClass:4 + NAME 'OpenLDAPou' + DESC 'OpenLDAP Organizational Unit Object' + SUP organizationalUnit + MAY ( buildingName $ displayName $ labeledURI $ o ) ) + +objectClass ( OpenLDAPobjectClass:5 + NAME 'OpenLDAPperson' + DESC 'OpenLDAP Person' + SUP ( pilotPerson $ inetOrgPerson ) + MUST ( uid $ cn ) + MAY ( givenName $ labeledURI $ o ) ) + +objectClass ( OpenLDAPobjectClass:6 + NAME 'OpenLDAPdisplayableObject' + DESC 'OpenLDAP Displayable Object' + AUXILIARY + MAY displayName ) diff --git a/config-archive/etc/openldap/schema/pmi.schema b/config-archive/etc/openldap/schema/pmi.schema new file mode 100644 index 00000000..adac7a38 --- /dev/null +++ b/config-archive/etc/openldap/schema/pmi.schema @@ -0,0 +1,464 @@ +# OpenLDAP X.509 PMI schema +# $OpenLDAP: pkg/ldap/servers/slapd/schema/pmi.schema,v 1.1.2.4 2011/01/04 23:50:52 kurt Exp $ +## This work is part of OpenLDAP Software . +## +## Copyright 1998-2011 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## . +# +## Portions Copyright (C) The Internet Society (1997-2006). +## All Rights Reserved. +## +## This document and translations of it may be copied and furnished to +## others, and derivative works that comment on or otherwise explain it +## or assist in its implementation may be prepared, copied, published +## and distributed, in whole or in part, without restriction of any +## kind, provided that the above copyright notice and this paragraph are +## included on all such copies and derivative works. However, this +## document itself may not be modified in any way, such as by removing +## the copyright notice or references to the Internet Society or other +## Internet organizations, except as needed for the purpose of +## developing Internet standards in which case the procedures for +## copyrights defined in the Internet Standards process must be +## followed, or as required to translate it into languages other than +## English. +## +## The limited permissions granted above are perpetual and will not be +## revoked by the Internet Society or its successors or assigns. +## +## This document and the information contained herein is provided on an +## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING +## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING +## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION +## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF +## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + +# +# +# Includes LDAPv3 schema items from: +# ITU X.509 (08/2005) +# +## X.509 (08/2005) pp. 120-121 +## +## -- object identifier assignments -- +## -- object classes -- +## id-oc-pmiUser OBJECT IDENTIFIER ::= {id-oc 24} +## id-oc-pmiAA OBJECT IDENTIFIER ::= {id-oc 25} +## id-oc-pmiSOA OBJECT IDENTIFIER ::= {id-oc 26} +## id-oc-attCertCRLDistributionPts OBJECT IDENTIFIER ::= {id-oc 27} +## id-oc-privilegePolicy OBJECT IDENTIFIER ::= {id-oc 32} +## id-oc-pmiDelegationPath OBJECT IDENTIFIER ::= {id-oc 33} +## id-oc-protectedPrivilegePolicy OBJECT IDENTIFIER ::= {id-oc 34} +## -- directory attributes -- +## id-at-attributeCertificate OBJECT IDENTIFIER ::= {id-at 58} +## id-at-attributeCertificateRevocationList OBJECT IDENTIFIER ::= {id-at 59} +## id-at-aACertificate OBJECT IDENTIFIER ::= {id-at 61} +## id-at-attributeDescriptorCertificate OBJECT IDENTIFIER ::= {id-at 62} +## id-at-attributeAuthorityRevocationList OBJECT IDENTIFIER ::= {id-at 63} +## id-at-privPolicy OBJECT IDENTIFIER ::= {id-at 71} +## id-at-role OBJECT IDENTIFIER ::= {id-at 72} +## id-at-delegationPath OBJECT IDENTIFIER ::= {id-at 73} +## id-at-protPrivPolicy OBJECT IDENTIFIER ::= {id-at 74} +## id-at-xMLPrivilegeInfo OBJECT IDENTIFIER ::= {id-at 75} +## id-at-xMLPprotPrivPolicy OBJECT IDENTIFIER ::= {id-at 76} +## -- attribute certificate extensions -- +## id-ce-authorityAttributeIdentifier OBJECT IDENTIFIER ::= {id-ce 38} +## id-ce-roleSpecCertIdentifier OBJECT IDENTIFIER ::= {id-ce 39} +## id-ce-basicAttConstraints OBJECT IDENTIFIER ::= {id-ce 41} +## id-ce-delegatedNameConstraints OBJECT IDENTIFIER ::= {id-ce 42} +## id-ce-timeSpecification OBJECT IDENTIFIER ::= {id-ce 43} +## id-ce-attributeDescriptor OBJECT IDENTIFIER ::= {id-ce 48} +## id-ce-userNotice OBJECT IDENTIFIER ::= {id-ce 49} +## id-ce-sOAIdentifier OBJECT IDENTIFIER ::= {id-ce 50} +## id-ce-acceptableCertPolicies OBJECT IDENTIFIER ::= {id-ce 52} +## id-ce-targetInformation OBJECT IDENTIFIER ::= {id-ce 55} +## id-ce-noRevAvail OBJECT IDENTIFIER ::= {id-ce 56} +## id-ce-acceptablePrivilegePolicies OBJECT IDENTIFIER ::= {id-ce 57} +## id-ce-indirectIssuer OBJECT IDENTIFIER ::= {id-ce 61} +## id-ce-noAssertion OBJECT IDENTIFIER ::= {id-ce 62} +## id-ce-issuedOnBehalfOf OBJECT IDENTIFIER ::= {id-ce 64} +## -- PMI matching rules -- +## id-mr-attributeCertificateMatch OBJECT IDENTIFIER ::= {id-mr 42} +## id-mr-attributeCertificateExactMatch OBJECT IDENTIFIER ::= {id-mr 45} +## id-mr-holderIssuerMatch OBJECT IDENTIFIER ::= {id-mr 46} +## id-mr-authAttIdMatch OBJECT IDENTIFIER ::= {id-mr 53} +## id-mr-roleSpecCertIdMatch OBJECT IDENTIFIER ::= {id-mr 54} +## id-mr-basicAttConstraintsMatch OBJECT IDENTIFIER ::= {id-mr 55} +## id-mr-delegatedNameConstraintsMatch OBJECT IDENTIFIER ::= {id-mr 56} +## id-mr-timeSpecMatch OBJECT IDENTIFIER ::= {id-mr 57} +## id-mr-attDescriptorMatch OBJECT IDENTIFIER ::= {id-mr 58} +## id-mr-acceptableCertPoliciesMatch OBJECT IDENTIFIER ::= {id-mr 59} +## id-mr-delegationPathMatch OBJECT IDENTIFIER ::= {id-mr 61} +## id-mr-sOAIdentifierMatch OBJECT IDENTIFIER ::= {id-mr 66} +## id-mr-indirectIssuerMatch OBJECT IDENTIFIER ::= {id-mr 67} +## +## +## X.509 (08/2005) pp. 71, 86-89 +## +## 14.4.1 Role attribute +## role ATTRIBUTE ::= { +## WITH SYNTAX RoleSyntax +## ID id-at-role } +## RoleSyntax ::= SEQUENCE { +## roleAuthority [0] GeneralNames OPTIONAL, +## roleName [1] GeneralName } +## +## 14.5 XML privilege information attribute +## xmlPrivilegeInfo ATTRIBUTE ::= { +## WITH SYNTAX UTF8String -- contains XML-encoded privilege information +## ID id-at-xMLPrivilegeInfo } +## +## 17.1 PMI directory object classes +## +## 17.1.1 PMI user object class +## pmiUser OBJECT-CLASS ::= { +## -- a PMI user (i.e., a "holder") +## SUBCLASS OF {top} +## KIND auxiliary +## MAY CONTAIN {attributeCertificateAttribute} +## ID id-oc-pmiUser } +## +## 17.1.2 PMI AA object class +## pmiAA OBJECT-CLASS ::= { +## -- a PMI AA +## SUBCLASS OF {top} +## KIND auxiliary +## MAY CONTAIN {aACertificate | +## attributeCertificateRevocationList | +## attributeAuthorityRevocationList} +## ID id-oc-pmiAA } +## +## 17.1.3 PMI SOA object class +## pmiSOA OBJECT-CLASS ::= { -- a PMI Source of Authority +## SUBCLASS OF {top} +## KIND auxiliary +## MAY CONTAIN {attributeCertificateRevocationList | +## attributeAuthorityRevocationList | +## attributeDescriptorCertificate} +## ID id-oc-pmiSOA } +## +## 17.1.4 Attribute certificate CRL distribution point object class +## attCertCRLDistributionPt OBJECT-CLASS ::= { +## SUBCLASS OF {top} +## KIND auxiliary +## MAY CONTAIN { attributeCertificateRevocationList | +## attributeAuthorityRevocationList } +## ID id-oc-attCertCRLDistributionPts } +## +## 17.1.5 PMI delegation path +## pmiDelegationPath OBJECT-CLASS ::= { +## SUBCLASS OF {top} +## KIND auxiliary +## MAY CONTAIN { delegationPath } +## ID id-oc-pmiDelegationPath } +## +## 17.1.6 Privilege policy object class +## privilegePolicy OBJECT-CLASS ::= { +## SUBCLASS OF {top} +## KIND auxiliary +## MAY CONTAIN {privPolicy } +## ID id-oc-privilegePolicy } +## +## 17.1.7 Protected privilege policy object class +## protectedPrivilegePolicy OBJECT-CLASS ::= { +## SUBCLASS OF {top} +## KIND auxiliary +## MAY CONTAIN {protPrivPolicy } +## ID id-oc-protectedPrivilegePolicy } +## +## 17.2 PMI Directory attributes +## +## 17.2.1 Attribute certificate attribute +## attributeCertificateAttribute ATTRIBUTE ::= { +## WITH SYNTAX AttributeCertificate +## EQUALITY MATCHING RULE attributeCertificateExactMatch +## ID id-at-attributeCertificate } +## +## 17.2.2 AA certificate attribute +## aACertificate ATTRIBUTE ::= { +## WITH SYNTAX AttributeCertificate +## EQUALITY MATCHING RULE attributeCertificateExactMatch +## ID id-at-aACertificate } +## +## 17.2.3 Attribute descriptor certificate attribute +## attributeDescriptorCertificate ATTRIBUTE ::= { +## WITH SYNTAX AttributeCertificate +## EQUALITY MATCHING RULE attributeCertificateExactMatch +## ID id-at-attributeDescriptorCertificate } +## +## 17.2.4 Attribute certificate revocation list attribute +## attributeCertificateRevocationList ATTRIBUTE ::= { +## WITH SYNTAX CertificateList +## EQUALITY MATCHING RULE certificateListExactMatch +## ID id-at-attributeCertificateRevocationList} +## +## 17.2.5 AA certificate revocation list attribute +## attributeAuthorityRevocationList ATTRIBUTE ::= { +## WITH SYNTAX CertificateList +## EQUALITY MATCHING RULE certificateListExactMatch +## ID id-at-attributeAuthorityRevocationList } +## +## 17.2.6 Delegation path attribute +## delegationPath ATTRIBUTE ::= { +## WITH SYNTAX AttCertPath +## ID id-at-delegationPath } +## AttCertPath ::= SEQUENCE OF AttributeCertificate +## +## 17.2.7 Privilege policy attribute +## privPolicy ATTRIBUTE ::= { +## WITH SYNTAX PolicySyntax +## ID id-at-privPolicy } +## +## 17.2.8 Protected privilege policy attribute +## protPrivPolicy ATTRIBUTE ::= { +## WITH SYNTAX AttributeCertificate +## EQUALITY MATCHING RULE attributeCertificateExactMatch +## ID id-at-protPrivPolicy } +## +## 17.2.9 XML Protected privilege policy attribute +## xmlPrivPolicy ATTRIBUTE ::= { +## WITH SYNTAX UTF8String -- contains XML-encoded privilege policy information +## ID id-at-xMLPprotPrivPolicy } +## + +## -- object identifier assignments -- +## -- object classes -- +objectidentifier id-oc-pmiUser 2.5.6.24 +objectidentifier id-oc-pmiAA 2.5.6.25 +objectidentifier id-oc-pmiSOA 2.5.6.26 +objectidentifier id-oc-attCertCRLDistributionPts 2.5.6.27 +objectidentifier id-oc-privilegePolicy 2.5.6.32 +objectidentifier id-oc-pmiDelegationPath 2.5.6.33 +objectidentifier id-oc-protectedPrivilegePolicy 2.5.6.34 +## -- directory attributes -- +objectidentifier id-at-attributeCertificate 2.5.4.58 +objectidentifier id-at-attributeCertificateRevocationList 2.5.4.59 +objectidentifier id-at-aACertificate 2.5.4.61 +objectidentifier id-at-attributeDescriptorCertificate 2.5.4.62 +objectidentifier id-at-attributeAuthorityRevocationList 2.5.4.63 +objectidentifier id-at-privPolicy 2.5.4.71 +objectidentifier id-at-role 2.5.4.72 +objectidentifier id-at-delegationPath 2.5.4.73 +objectidentifier id-at-protPrivPolicy 2.5.4.74 +objectidentifier id-at-xMLPrivilegeInfo 2.5.4.75 +objectidentifier id-at-xMLPprotPrivPolicy 2.5.4.76 +## -- attribute certificate extensions -- +## id-ce-authorityAttributeIdentifier OBJECT IDENTIFIER ::= {id-ce 38} +## id-ce-roleSpecCertIdentifier OBJECT IDENTIFIER ::= {id-ce 39} +## id-ce-basicAttConstraints OBJECT IDENTIFIER ::= {id-ce 41} +## id-ce-delegatedNameConstraints OBJECT IDENTIFIER ::= {id-ce 42} +## id-ce-timeSpecification OBJECT IDENTIFIER ::= {id-ce 43} +## id-ce-attributeDescriptor OBJECT IDENTIFIER ::= {id-ce 48} +## id-ce-userNotice OBJECT IDENTIFIER ::= {id-ce 49} +## id-ce-sOAIdentifier OBJECT IDENTIFIER ::= {id-ce 50} +## id-ce-acceptableCertPolicies OBJECT IDENTIFIER ::= {id-ce 52} +## id-ce-targetInformation OBJECT IDENTIFIER ::= {id-ce 55} +## id-ce-noRevAvail OBJECT IDENTIFIER ::= {id-ce 56} +## id-ce-acceptablePrivilegePolicies OBJECT IDENTIFIER ::= {id-ce 57} +## id-ce-indirectIssuer OBJECT IDENTIFIER ::= {id-ce 61} +## id-ce-noAssertion OBJECT IDENTIFIER ::= {id-ce 62} +## id-ce-issuedOnBehalfOf OBJECT IDENTIFIER ::= {id-ce 64} +## -- PMI matching rules -- +objectidentifier id-mr 2.5.13 +objectidentifier id-mr-attributeCertificateMatch id-mr:42 +objectidentifier id-mr-attributeCertificateExactMatch id-mr:45 +objectidentifier id-mr-holderIssuerMatch id-mr:46 +objectidentifier id-mr-authAttIdMatch id-mr:53 +objectidentifier id-mr-roleSpecCertIdMatch id-mr:54 +objectidentifier id-mr-basicAttConstraintsMatch id-mr:55 +objectidentifier id-mr-delegatedNameConstraintsMatch id-mr:56 +objectidentifier id-mr-timeSpecMatch id-mr:57 +objectidentifier id-mr-attDescriptorMatch id-mr:58 +objectidentifier id-mr-acceptableCertPoliciesMatch id-mr:59 +objectidentifier id-mr-delegationPathMatch id-mr:61 +objectidentifier id-mr-sOAIdentifierMatch id-mr:66 +objectidentifier id-mr-indirectIssuerMatch id-mr:67 +## -- syntaxes -- +## NOTE: 1.3.6.1.4.1.4203.666.11.10 is the oid arc assigned by OpenLDAP +## to this work in progress +objectidentifier AttributeCertificate 1.3.6.1.4.1.4203.666.11.10.2.1 +objectidentifier CertificateList 1.3.6.1.4.1.1466.115.121.1.9 +objectidentifier AttCertPath 1.3.6.1.4.1.4203.666.11.10.2.4 +objectidentifier PolicySyntax 1.3.6.1.4.1.4203.666.11.10.2.5 +objectidentifier RoleSyntax 1.3.6.1.4.1.4203.666.11.10.2.6 +# NOTE: OIDs from (expired) +#objectidentifier AttributeCertificate 1.2.826.0.1.3344810.7.5 +#objectidentifier AttCertPath 1.2.826.0.1.3344810.7.10 +#objectidentifier PolicySyntax 1.2.826.0.1.3344810.7.17 +#objectidentifier RoleSyntax 1.2.826.0.1.3344810.7.13 +## +## Substitute syntaxes +## +## AttCertPath +ldapsyntax ( 1.3.6.1.4.1.4203.666.11.10.2.4 + NAME 'AttCertPath' + DESC 'X.509 PMI attribute cartificate path: SEQUENCE OF AttributeCertificate' + X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' ) +## +## PolicySyntax +ldapsyntax ( 1.3.6.1.4.1.4203.666.11.10.2.5 + NAME 'PolicySyntax' + DESC 'X.509 PMI policy syntax' + X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' ) +## +## RoleSyntax +ldapsyntax ( 1.3.6.1.4.1.4203.666.11.10.2.6 + NAME 'RoleSyntax' + DESC 'X.509 PMI role syntax' + X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' ) +## +## X.509 (08/2005) pp. 71, 86-89 +## +## 14.4.1 Role attribute +attributeType ( id-at-role + NAME 'role' + DESC 'X.509 Role attribute, use ;binary' + SYNTAX RoleSyntax ) +## +## 14.5 XML privilege information attribute +## -- contains XML-encoded privilege information +attributeType ( id-at-xMLPrivilegeInfo + NAME 'xmlPrivilegeInfo' + DESC 'X.509 XML privilege information attribute' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +## +## 17.2 PMI Directory attributes +## +## 17.2.1 Attribute certificate attribute +attributeType ( id-at-attributeCertificate + NAME 'attributeCertificateAttribute' + DESC 'X.509 Attribute certificate attribute, use ;binary' + SYNTAX AttributeCertificate + EQUALITY attributeCertificateExactMatch ) +## +## 17.2.2 AA certificate attribute +attributeType ( id-at-aACertificate + NAME 'aACertificate' + DESC 'X.509 AA certificate attribute, use ;binary' + SYNTAX AttributeCertificate + EQUALITY attributeCertificateExactMatch ) +## +## 17.2.3 Attribute descriptor certificate attribute +attributeType ( id-at-attributeDescriptorCertificate + NAME 'attributeDescriptorCertificate' + DESC 'X.509 Attribute descriptor certificate attribute, use ;binary' + SYNTAX AttributeCertificate + EQUALITY attributeCertificateExactMatch ) +## +## 17.2.4 Attribute certificate revocation list attribute +attributeType ( id-at-attributeCertificateRevocationList + NAME 'attributeCertificateRevocationList' + DESC 'X.509 Attribute certificate revocation list attribute, use ;binary' + SYNTAX CertificateList + X-EQUALITY 'certificateListExactMatch, not implemented yet' ) +## +## 17.2.5 AA certificate revocation list attribute +attributeType ( id-at-attributeAuthorityRevocationList + NAME 'attributeAuthorityRevocationList' + DESC 'X.509 AA certificate revocation list attribute, use ;binary' + SYNTAX CertificateList + X-EQUALITY 'certificateListExactMatch, not implemented yet' ) +## +## 17.2.6 Delegation path attribute +attributeType ( id-at-delegationPath + NAME 'delegationPath' + DESC 'X.509 Delegation path attribute, use ;binary' + SYNTAX AttCertPath ) +## AttCertPath ::= SEQUENCE OF AttributeCertificate +## +## 17.2.7 Privilege policy attribute +attributeType ( id-at-privPolicy + NAME 'privPolicy' + DESC 'X.509 Privilege policy attribute, use ;binary' + SYNTAX PolicySyntax ) +## +## 17.2.8 Protected privilege policy attribute +attributeType ( id-at-protPrivPolicy + NAME 'protPrivPolicy' + DESC 'X.509 Protected privilege policy attribute, use ;binary' + SYNTAX AttributeCertificate + EQUALITY attributeCertificateExactMatch ) +## +## 17.2.9 XML Protected privilege policy attribute +## -- contains XML-encoded privilege policy information +attributeType ( id-at-xMLPprotPrivPolicy + NAME 'xmlPrivPolicy' + DESC 'X.509 XML Protected privilege policy attribute' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +## +## 17.1 PMI directory object classes +## +## 17.1.1 PMI user object class +## -- a PMI user (i.e., a "holder") +objectClass ( id-oc-pmiUser + NAME 'pmiUser' + DESC 'X.509 PMI user object class' + SUP top + AUXILIARY + MAY ( attributeCertificateAttribute ) ) +## +## 17.1.2 PMI AA object class +## -- a PMI AA +objectClass ( id-oc-pmiAA + NAME 'pmiAA' + DESC 'X.509 PMI AA object class' + SUP top + AUXILIARY + MAY ( aACertificate $ + attributeCertificateRevocationList $ + attributeAuthorityRevocationList + ) ) +## +## 17.1.3 PMI SOA object class +## -- a PMI Source of Authority +objectClass ( id-oc-pmiSOA + NAME 'pmiSOA' + DESC 'X.509 PMI SOA object class' + SUP top + AUXILIARY + MAY ( attributeCertificateRevocationList $ + attributeAuthorityRevocationList $ + attributeDescriptorCertificate + ) ) +## +## 17.1.4 Attribute certificate CRL distribution point object class +objectClass ( id-oc-attCertCRLDistributionPts + NAME 'attCertCRLDistributionPt' + DESC 'X.509 Attribute certificate CRL distribution point object class' + SUP top + AUXILIARY + MAY ( attributeCertificateRevocationList $ + attributeAuthorityRevocationList + ) ) +## +## 17.1.5 PMI delegation path +objectClass ( id-oc-pmiDelegationPath + NAME 'pmiDelegationPath' + DESC 'X.509 PMI delegation path' + SUP top + AUXILIARY + MAY ( delegationPath ) ) +## +## 17.1.6 Privilege policy object class +objectClass ( id-oc-privilegePolicy + NAME 'privilegePolicy' + DESC 'X.509 Privilege policy object class' + SUP top + AUXILIARY + MAY ( privPolicy ) ) +## +## 17.1.7 Protected privilege policy object class +objectClass ( id-oc-protectedPrivilegePolicy + NAME 'protectedPrivilegePolicy' + DESC 'X.509 Protected privilege policy object class' + SUP top + AUXILIARY + MAY ( protPrivPolicy ) ) + diff --git a/config-archive/etc/openldap/schema/pmi.schema.dist b/config-archive/etc/openldap/schema/pmi.schema.dist new file mode 100644 index 00000000..45257cc2 --- /dev/null +++ b/config-archive/etc/openldap/schema/pmi.schema.dist @@ -0,0 +1,464 @@ +# OpenLDAP X.509 PMI schema +# $OpenLDAP$ +## This work is part of OpenLDAP Software . +## +## Copyright 1998-2011 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## . +# +## Portions Copyright (C) The Internet Society (1997-2006). +## All Rights Reserved. +## +## This document and translations of it may be copied and furnished to +## others, and derivative works that comment on or otherwise explain it +## or assist in its implementation may be prepared, copied, published +## and distributed, in whole or in part, without restriction of any +## kind, provided that the above copyright notice and this paragraph are +## included on all such copies and derivative works. However, this +## document itself may not be modified in any way, such as by removing +## the copyright notice or references to the Internet Society or other +## Internet organizations, except as needed for the purpose of +## developing Internet standards in which case the procedures for +## copyrights defined in the Internet Standards process must be +## followed, or as required to translate it into languages other than +## English. +## +## The limited permissions granted above are perpetual and will not be +## revoked by the Internet Society or its successors or assigns. +## +## This document and the information contained herein is provided on an +## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING +## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING +## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION +## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF +## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + +# +# +# Includes LDAPv3 schema items from: +# ITU X.509 (08/2005) +# +## X.509 (08/2005) pp. 120-121 +## +## -- object identifier assignments -- +## -- object classes -- +## id-oc-pmiUser OBJECT IDENTIFIER ::= {id-oc 24} +## id-oc-pmiAA OBJECT IDENTIFIER ::= {id-oc 25} +## id-oc-pmiSOA OBJECT IDENTIFIER ::= {id-oc 26} +## id-oc-attCertCRLDistributionPts OBJECT IDENTIFIER ::= {id-oc 27} +## id-oc-privilegePolicy OBJECT IDENTIFIER ::= {id-oc 32} +## id-oc-pmiDelegationPath OBJECT IDENTIFIER ::= {id-oc 33} +## id-oc-protectedPrivilegePolicy OBJECT IDENTIFIER ::= {id-oc 34} +## -- directory attributes -- +## id-at-attributeCertificate OBJECT IDENTIFIER ::= {id-at 58} +## id-at-attributeCertificateRevocationList OBJECT IDENTIFIER ::= {id-at 59} +## id-at-aACertificate OBJECT IDENTIFIER ::= {id-at 61} +## id-at-attributeDescriptorCertificate OBJECT IDENTIFIER ::= {id-at 62} +## id-at-attributeAuthorityRevocationList OBJECT IDENTIFIER ::= {id-at 63} +## id-at-privPolicy OBJECT IDENTIFIER ::= {id-at 71} +## id-at-role OBJECT IDENTIFIER ::= {id-at 72} +## id-at-delegationPath OBJECT IDENTIFIER ::= {id-at 73} +## id-at-protPrivPolicy OBJECT IDENTIFIER ::= {id-at 74} +## id-at-xMLPrivilegeInfo OBJECT IDENTIFIER ::= {id-at 75} +## id-at-xMLPprotPrivPolicy OBJECT IDENTIFIER ::= {id-at 76} +## -- attribute certificate extensions -- +## id-ce-authorityAttributeIdentifier OBJECT IDENTIFIER ::= {id-ce 38} +## id-ce-roleSpecCertIdentifier OBJECT IDENTIFIER ::= {id-ce 39} +## id-ce-basicAttConstraints OBJECT IDENTIFIER ::= {id-ce 41} +## id-ce-delegatedNameConstraints OBJECT IDENTIFIER ::= {id-ce 42} +## id-ce-timeSpecification OBJECT IDENTIFIER ::= {id-ce 43} +## id-ce-attributeDescriptor OBJECT IDENTIFIER ::= {id-ce 48} +## id-ce-userNotice OBJECT IDENTIFIER ::= {id-ce 49} +## id-ce-sOAIdentifier OBJECT IDENTIFIER ::= {id-ce 50} +## id-ce-acceptableCertPolicies OBJECT IDENTIFIER ::= {id-ce 52} +## id-ce-targetInformation OBJECT IDENTIFIER ::= {id-ce 55} +## id-ce-noRevAvail OBJECT IDENTIFIER ::= {id-ce 56} +## id-ce-acceptablePrivilegePolicies OBJECT IDENTIFIER ::= {id-ce 57} +## id-ce-indirectIssuer OBJECT IDENTIFIER ::= {id-ce 61} +## id-ce-noAssertion OBJECT IDENTIFIER ::= {id-ce 62} +## id-ce-issuedOnBehalfOf OBJECT IDENTIFIER ::= {id-ce 64} +## -- PMI matching rules -- +## id-mr-attributeCertificateMatch OBJECT IDENTIFIER ::= {id-mr 42} +## id-mr-attributeCertificateExactMatch OBJECT IDENTIFIER ::= {id-mr 45} +## id-mr-holderIssuerMatch OBJECT IDENTIFIER ::= {id-mr 46} +## id-mr-authAttIdMatch OBJECT IDENTIFIER ::= {id-mr 53} +## id-mr-roleSpecCertIdMatch OBJECT IDENTIFIER ::= {id-mr 54} +## id-mr-basicAttConstraintsMatch OBJECT IDENTIFIER ::= {id-mr 55} +## id-mr-delegatedNameConstraintsMatch OBJECT IDENTIFIER ::= {id-mr 56} +## id-mr-timeSpecMatch OBJECT IDENTIFIER ::= {id-mr 57} +## id-mr-attDescriptorMatch OBJECT IDENTIFIER ::= {id-mr 58} +## id-mr-acceptableCertPoliciesMatch OBJECT IDENTIFIER ::= {id-mr 59} +## id-mr-delegationPathMatch OBJECT IDENTIFIER ::= {id-mr 61} +## id-mr-sOAIdentifierMatch OBJECT IDENTIFIER ::= {id-mr 66} +## id-mr-indirectIssuerMatch OBJECT IDENTIFIER ::= {id-mr 67} +## +## +## X.509 (08/2005) pp. 71, 86-89 +## +## 14.4.1 Role attribute +## role ATTRIBUTE ::= { +## WITH SYNTAX RoleSyntax +## ID id-at-role } +## RoleSyntax ::= SEQUENCE { +## roleAuthority [0] GeneralNames OPTIONAL, +## roleName [1] GeneralName } +## +## 14.5 XML privilege information attribute +## xmlPrivilegeInfo ATTRIBUTE ::= { +## WITH SYNTAX UTF8String -- contains XML-encoded privilege information +## ID id-at-xMLPrivilegeInfo } +## +## 17.1 PMI directory object classes +## +## 17.1.1 PMI user object class +## pmiUser OBJECT-CLASS ::= { +## -- a PMI user (i.e., a "holder") +## SUBCLASS OF {top} +## KIND auxiliary +## MAY CONTAIN {attributeCertificateAttribute} +## ID id-oc-pmiUser } +## +## 17.1.2 PMI AA object class +## pmiAA OBJECT-CLASS ::= { +## -- a PMI AA +## SUBCLASS OF {top} +## KIND auxiliary +## MAY CONTAIN {aACertificate | +## attributeCertificateRevocationList | +## attributeAuthorityRevocationList} +## ID id-oc-pmiAA } +## +## 17.1.3 PMI SOA object class +## pmiSOA OBJECT-CLASS ::= { -- a PMI Source of Authority +## SUBCLASS OF {top} +## KIND auxiliary +## MAY CONTAIN {attributeCertificateRevocationList | +## attributeAuthorityRevocationList | +## attributeDescriptorCertificate} +## ID id-oc-pmiSOA } +## +## 17.1.4 Attribute certificate CRL distribution point object class +## attCertCRLDistributionPt OBJECT-CLASS ::= { +## SUBCLASS OF {top} +## KIND auxiliary +## MAY CONTAIN { attributeCertificateRevocationList | +## attributeAuthorityRevocationList } +## ID id-oc-attCertCRLDistributionPts } +## +## 17.1.5 PMI delegation path +## pmiDelegationPath OBJECT-CLASS ::= { +## SUBCLASS OF {top} +## KIND auxiliary +## MAY CONTAIN { delegationPath } +## ID id-oc-pmiDelegationPath } +## +## 17.1.6 Privilege policy object class +## privilegePolicy OBJECT-CLASS ::= { +## SUBCLASS OF {top} +## KIND auxiliary +## MAY CONTAIN {privPolicy } +## ID id-oc-privilegePolicy } +## +## 17.1.7 Protected privilege policy object class +## protectedPrivilegePolicy OBJECT-CLASS ::= { +## SUBCLASS OF {top} +## KIND auxiliary +## MAY CONTAIN {protPrivPolicy } +## ID id-oc-protectedPrivilegePolicy } +## +## 17.2 PMI Directory attributes +## +## 17.2.1 Attribute certificate attribute +## attributeCertificateAttribute ATTRIBUTE ::= { +## WITH SYNTAX AttributeCertificate +## EQUALITY MATCHING RULE attributeCertificateExactMatch +## ID id-at-attributeCertificate } +## +## 17.2.2 AA certificate attribute +## aACertificate ATTRIBUTE ::= { +## WITH SYNTAX AttributeCertificate +## EQUALITY MATCHING RULE attributeCertificateExactMatch +## ID id-at-aACertificate } +## +## 17.2.3 Attribute descriptor certificate attribute +## attributeDescriptorCertificate ATTRIBUTE ::= { +## WITH SYNTAX AttributeCertificate +## EQUALITY MATCHING RULE attributeCertificateExactMatch +## ID id-at-attributeDescriptorCertificate } +## +## 17.2.4 Attribute certificate revocation list attribute +## attributeCertificateRevocationList ATTRIBUTE ::= { +## WITH SYNTAX CertificateList +## EQUALITY MATCHING RULE certificateListExactMatch +## ID id-at-attributeCertificateRevocationList} +## +## 17.2.5 AA certificate revocation list attribute +## attributeAuthorityRevocationList ATTRIBUTE ::= { +## WITH SYNTAX CertificateList +## EQUALITY MATCHING RULE certificateListExactMatch +## ID id-at-attributeAuthorityRevocationList } +## +## 17.2.6 Delegation path attribute +## delegationPath ATTRIBUTE ::= { +## WITH SYNTAX AttCertPath +## ID id-at-delegationPath } +## AttCertPath ::= SEQUENCE OF AttributeCertificate +## +## 17.2.7 Privilege policy attribute +## privPolicy ATTRIBUTE ::= { +## WITH SYNTAX PolicySyntax +## ID id-at-privPolicy } +## +## 17.2.8 Protected privilege policy attribute +## protPrivPolicy ATTRIBUTE ::= { +## WITH SYNTAX AttributeCertificate +## EQUALITY MATCHING RULE attributeCertificateExactMatch +## ID id-at-protPrivPolicy } +## +## 17.2.9 XML Protected privilege policy attribute +## xmlPrivPolicy ATTRIBUTE ::= { +## WITH SYNTAX UTF8String -- contains XML-encoded privilege policy information +## ID id-at-xMLPprotPrivPolicy } +## + +## -- object identifier assignments -- +## -- object classes -- +objectidentifier id-oc-pmiUser 2.5.6.24 +objectidentifier id-oc-pmiAA 2.5.6.25 +objectidentifier id-oc-pmiSOA 2.5.6.26 +objectidentifier id-oc-attCertCRLDistributionPts 2.5.6.27 +objectidentifier id-oc-privilegePolicy 2.5.6.32 +objectidentifier id-oc-pmiDelegationPath 2.5.6.33 +objectidentifier id-oc-protectedPrivilegePolicy 2.5.6.34 +## -- directory attributes -- +objectidentifier id-at-attributeCertificate 2.5.4.58 +objectidentifier id-at-attributeCertificateRevocationList 2.5.4.59 +objectidentifier id-at-aACertificate 2.5.4.61 +objectidentifier id-at-attributeDescriptorCertificate 2.5.4.62 +objectidentifier id-at-attributeAuthorityRevocationList 2.5.4.63 +objectidentifier id-at-privPolicy 2.5.4.71 +objectidentifier id-at-role 2.5.4.72 +objectidentifier id-at-delegationPath 2.5.4.73 +objectidentifier id-at-protPrivPolicy 2.5.4.74 +objectidentifier id-at-xMLPrivilegeInfo 2.5.4.75 +objectidentifier id-at-xMLPprotPrivPolicy 2.5.4.76 +## -- attribute certificate extensions -- +## id-ce-authorityAttributeIdentifier OBJECT IDENTIFIER ::= {id-ce 38} +## id-ce-roleSpecCertIdentifier OBJECT IDENTIFIER ::= {id-ce 39} +## id-ce-basicAttConstraints OBJECT IDENTIFIER ::= {id-ce 41} +## id-ce-delegatedNameConstraints OBJECT IDENTIFIER ::= {id-ce 42} +## id-ce-timeSpecification OBJECT IDENTIFIER ::= {id-ce 43} +## id-ce-attributeDescriptor OBJECT IDENTIFIER ::= {id-ce 48} +## id-ce-userNotice OBJECT IDENTIFIER ::= {id-ce 49} +## id-ce-sOAIdentifier OBJECT IDENTIFIER ::= {id-ce 50} +## id-ce-acceptableCertPolicies OBJECT IDENTIFIER ::= {id-ce 52} +## id-ce-targetInformation OBJECT IDENTIFIER ::= {id-ce 55} +## id-ce-noRevAvail OBJECT IDENTIFIER ::= {id-ce 56} +## id-ce-acceptablePrivilegePolicies OBJECT IDENTIFIER ::= {id-ce 57} +## id-ce-indirectIssuer OBJECT IDENTIFIER ::= {id-ce 61} +## id-ce-noAssertion OBJECT IDENTIFIER ::= {id-ce 62} +## id-ce-issuedOnBehalfOf OBJECT IDENTIFIER ::= {id-ce 64} +## -- PMI matching rules -- +objectidentifier id-mr 2.5.13 +objectidentifier id-mr-attributeCertificateMatch id-mr:42 +objectidentifier id-mr-attributeCertificateExactMatch id-mr:45 +objectidentifier id-mr-holderIssuerMatch id-mr:46 +objectidentifier id-mr-authAttIdMatch id-mr:53 +objectidentifier id-mr-roleSpecCertIdMatch id-mr:54 +objectidentifier id-mr-basicAttConstraintsMatch id-mr:55 +objectidentifier id-mr-delegatedNameConstraintsMatch id-mr:56 +objectidentifier id-mr-timeSpecMatch id-mr:57 +objectidentifier id-mr-attDescriptorMatch id-mr:58 +objectidentifier id-mr-acceptableCertPoliciesMatch id-mr:59 +objectidentifier id-mr-delegationPathMatch id-mr:61 +objectidentifier id-mr-sOAIdentifierMatch id-mr:66 +objectidentifier id-mr-indirectIssuerMatch id-mr:67 +## -- syntaxes -- +## NOTE: 1.3.6.1.4.1.4203.666.11.10 is the oid arc assigned by OpenLDAP +## to this work in progress +objectidentifier AttributeCertificate 1.3.6.1.4.1.4203.666.11.10.2.1 +objectidentifier CertificateList 1.3.6.1.4.1.1466.115.121.1.9 +objectidentifier AttCertPath 1.3.6.1.4.1.4203.666.11.10.2.4 +objectidentifier PolicySyntax 1.3.6.1.4.1.4203.666.11.10.2.5 +objectidentifier RoleSyntax 1.3.6.1.4.1.4203.666.11.10.2.6 +# NOTE: OIDs from (expired) +#objectidentifier AttributeCertificate 1.2.826.0.1.3344810.7.5 +#objectidentifier AttCertPath 1.2.826.0.1.3344810.7.10 +#objectidentifier PolicySyntax 1.2.826.0.1.3344810.7.17 +#objectidentifier RoleSyntax 1.2.826.0.1.3344810.7.13 +## +## Substitute syntaxes +## +## AttCertPath +ldapsyntax ( 1.3.6.1.4.1.4203.666.11.10.2.4 + NAME 'AttCertPath' + DESC 'X.509 PMI attribute cartificate path: SEQUENCE OF AttributeCertificate' + X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' ) +## +## PolicySyntax +ldapsyntax ( 1.3.6.1.4.1.4203.666.11.10.2.5 + NAME 'PolicySyntax' + DESC 'X.509 PMI policy syntax' + X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' ) +## +## RoleSyntax +ldapsyntax ( 1.3.6.1.4.1.4203.666.11.10.2.6 + NAME 'RoleSyntax' + DESC 'X.509 PMI role syntax' + X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' ) +## +## X.509 (08/2005) pp. 71, 86-89 +## +## 14.4.1 Role attribute +attributeType ( id-at-role + NAME 'role' + DESC 'X.509 Role attribute, use ;binary' + SYNTAX RoleSyntax ) +## +## 14.5 XML privilege information attribute +## -- contains XML-encoded privilege information +attributeType ( id-at-xMLPrivilegeInfo + NAME 'xmlPrivilegeInfo' + DESC 'X.509 XML privilege information attribute' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +## +## 17.2 PMI Directory attributes +## +## 17.2.1 Attribute certificate attribute +attributeType ( id-at-attributeCertificate + NAME 'attributeCertificateAttribute' + DESC 'X.509 Attribute certificate attribute, use ;binary' + SYNTAX AttributeCertificate + EQUALITY attributeCertificateExactMatch ) +## +## 17.2.2 AA certificate attribute +attributeType ( id-at-aACertificate + NAME 'aACertificate' + DESC 'X.509 AA certificate attribute, use ;binary' + SYNTAX AttributeCertificate + EQUALITY attributeCertificateExactMatch ) +## +## 17.2.3 Attribute descriptor certificate attribute +attributeType ( id-at-attributeDescriptorCertificate + NAME 'attributeDescriptorCertificate' + DESC 'X.509 Attribute descriptor certificate attribute, use ;binary' + SYNTAX AttributeCertificate + EQUALITY attributeCertificateExactMatch ) +## +## 17.2.4 Attribute certificate revocation list attribute +attributeType ( id-at-attributeCertificateRevocationList + NAME 'attributeCertificateRevocationList' + DESC 'X.509 Attribute certificate revocation list attribute, use ;binary' + SYNTAX CertificateList + X-EQUALITY 'certificateListExactMatch, not implemented yet' ) +## +## 17.2.5 AA certificate revocation list attribute +attributeType ( id-at-attributeAuthorityRevocationList + NAME 'attributeAuthorityRevocationList' + DESC 'X.509 AA certificate revocation list attribute, use ;binary' + SYNTAX CertificateList + X-EQUALITY 'certificateListExactMatch, not implemented yet' ) +## +## 17.2.6 Delegation path attribute +attributeType ( id-at-delegationPath + NAME 'delegationPath' + DESC 'X.509 Delegation path attribute, use ;binary' + SYNTAX AttCertPath ) +## AttCertPath ::= SEQUENCE OF AttributeCertificate +## +## 17.2.7 Privilege policy attribute +attributeType ( id-at-privPolicy + NAME 'privPolicy' + DESC 'X.509 Privilege policy attribute, use ;binary' + SYNTAX PolicySyntax ) +## +## 17.2.8 Protected privilege policy attribute +attributeType ( id-at-protPrivPolicy + NAME 'protPrivPolicy' + DESC 'X.509 Protected privilege policy attribute, use ;binary' + SYNTAX AttributeCertificate + EQUALITY attributeCertificateExactMatch ) +## +## 17.2.9 XML Protected privilege policy attribute +## -- contains XML-encoded privilege policy information +attributeType ( id-at-xMLPprotPrivPolicy + NAME 'xmlPrivPolicy' + DESC 'X.509 XML Protected privilege policy attribute' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +## +## 17.1 PMI directory object classes +## +## 17.1.1 PMI user object class +## -- a PMI user (i.e., a "holder") +objectClass ( id-oc-pmiUser + NAME 'pmiUser' + DESC 'X.509 PMI user object class' + SUP top + AUXILIARY + MAY ( attributeCertificateAttribute ) ) +## +## 17.1.2 PMI AA object class +## -- a PMI AA +objectClass ( id-oc-pmiAA + NAME 'pmiAA' + DESC 'X.509 PMI AA object class' + SUP top + AUXILIARY + MAY ( aACertificate $ + attributeCertificateRevocationList $ + attributeAuthorityRevocationList + ) ) +## +## 17.1.3 PMI SOA object class +## -- a PMI Source of Authority +objectClass ( id-oc-pmiSOA + NAME 'pmiSOA' + DESC 'X.509 PMI SOA object class' + SUP top + AUXILIARY + MAY ( attributeCertificateRevocationList $ + attributeAuthorityRevocationList $ + attributeDescriptorCertificate + ) ) +## +## 17.1.4 Attribute certificate CRL distribution point object class +objectClass ( id-oc-attCertCRLDistributionPts + NAME 'attCertCRLDistributionPt' + DESC 'X.509 Attribute certificate CRL distribution point object class' + SUP top + AUXILIARY + MAY ( attributeCertificateRevocationList $ + attributeAuthorityRevocationList + ) ) +## +## 17.1.5 PMI delegation path +objectClass ( id-oc-pmiDelegationPath + NAME 'pmiDelegationPath' + DESC 'X.509 PMI delegation path' + SUP top + AUXILIARY + MAY ( delegationPath ) ) +## +## 17.1.6 Privilege policy object class +objectClass ( id-oc-privilegePolicy + NAME 'privilegePolicy' + DESC 'X.509 Privilege policy object class' + SUP top + AUXILIARY + MAY ( privPolicy ) ) +## +## 17.1.7 Protected privilege policy object class +objectClass ( id-oc-protectedPrivilegePolicy + NAME 'protectedPrivilegePolicy' + DESC 'X.509 Protected privilege policy object class' + SUP top + AUXILIARY + MAY ( protPrivPolicy ) ) + diff --git a/config-archive/etc/openldap/schema/ppolicy.schema b/config-archive/etc/openldap/schema/ppolicy.schema new file mode 100644 index 00000000..a1df1c33 --- /dev/null +++ b/config-archive/etc/openldap/schema/ppolicy.schema @@ -0,0 +1,531 @@ +# $OpenLDAP: pkg/ldap/servers/slapd/schema/ppolicy.schema,v 1.7.2.6 2011/01/04 23:50:52 kurt Exp $ +## This work is part of OpenLDAP Software . +## +## Copyright 2004-2011 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## . +# +## Portions Copyright (C) The Internet Society (2004). +## Please see full copyright statement below. + +# Definitions from Draft behera-ldap-password-policy-07 (a work in progress) +# Password Policy for LDAP Directories +# With extensions from Hewlett-Packard: +# pwdCheckModule etc. + +# Contents of this file are subject to change (including deletion) +# without notice. +# +# Not recommended for production use! +# Use with extreme caution! + +#Network Working Group J. Sermersheim +#Internet-Draft Novell, Inc +#Expires: April 24, 2005 L. Poitou +# Sun Microsystems +# October 24, 2004 +# +# +# Password Policy for LDAP Directories +# draft-behera-ldap-password-policy-08.txt +# +#Status of this Memo +# +# This document is an Internet-Draft and is subject to all provisions +# of section 3 of RFC 3667. By submitting this Internet-Draft, each +# author represents that any applicable patent or other IPR claims of +# which he or she is aware have been or will be disclosed, and any of +# which he or she become aware will be disclosed, in accordance with +# RFC 3668. +# +# Internet-Drafts are working documents of the Internet Engineering +# Task Force (IETF), its areas, and its working groups. Note that +# other groups may also distribute working documents as +# Internet-Drafts. +# +# Internet-Drafts are draft documents valid for a maximum of six months +# and may be updated, replaced, or obsoleted by other documents at any +# time. It is inappropriate to use Internet-Drafts as reference +# material or to cite them other than as "work in progress." +# +# The list of current Internet-Drafts can be accessed at +# http://www.ietf.org/ietf/1id-abstracts.txt. +# +# The list of Internet-Draft Shadow Directories can be accessed at +# http://www.ietf.org/shadow.html. +# +# This Internet-Draft will expire on April 24, 2005. +# +#Copyright Notice +# +# Copyright (C) The Internet Society (2004). +# +#Abstract +# +# Password policy as described in this document is a set of rules that +# controls how passwords are used and administered in Lightweight +# Directory Access Protocol (LDAP) based directories. In order to +# improve the security of LDAP directories and make it difficult for +# password cracking programs to break into directories, it is desirable +# to enforce a set of rules on password usage. These rules are made to +# +# [trimmed] +# +#5. Schema used for Password Policy +# +# The schema elements defined here fall into two general categories. A +# password policy object class is defined which contains a set of +# administrative password policy attributes, and a set of operational +# attributes are defined that hold general password policy state +# information for each user. +# +#5.2 Attribute Types used in the pwdPolicy ObjectClass +# +# Following are the attribute types used by the pwdPolicy object class. +# +#5.2.1 pwdAttribute +# +# This holds the name of the attribute to which the password policy is +# applied. For example, the password policy may be applied to the +# userPassword attribute. + +attributetype ( 1.3.6.1.4.1.42.2.27.8.1.1 + NAME 'pwdAttribute' + EQUALITY objectIdentifierMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) + +#5.2.2 pwdMinAge +# +# This attribute holds the number of seconds that must elapse between +# modifications to the password. If this attribute is not present, 0 +# seconds is assumed. + +attributetype ( 1.3.6.1.4.1.42.2.27.8.1.2 + NAME 'pwdMinAge' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +#5.2.3 pwdMaxAge +# +# This attribute holds the number of seconds after which a modified +# password will expire. +# +# If this attribute is not present, or if the value is 0 the password +# does not expire. If not 0, the value must be greater than or equal +# to the value of the pwdMinAge. + +attributetype ( 1.3.6.1.4.1.42.2.27.8.1.3 + NAME 'pwdMaxAge' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +#5.2.4 pwdInHistory +# +# This attribute specifies the maximum number of used passwords stored +# in the pwdHistory attribute. +# +# If this attribute is not present, or if the value is 0, used +# passwords are not stored in the pwdHistory attribute and thus may be +# reused. + +attributetype ( 1.3.6.1.4.1.42.2.27.8.1.4 + NAME 'pwdInHistory' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +#5.2.5 pwdCheckQuality +# +# {TODO: Consider changing the syntax to OID. Each OID will list a +# quality rule (like min len, # of special characters, etc). These +# rules can be specified outsid ethis document.} +# +# {TODO: Note that even though this is meant to be a check that happens +# during password modification, it may also be allowed to happen during +# authN. This is useful for situations where the password is encrypted +# when modified, but decrypted when used to authN.} +# +# This attribute indicates how the password quality will be verified +# while being modified or added. If this attribute is not present, or +# if the value is '0', quality checking will not be enforced. A value +# of '1' indicates that the server will check the quality, and if the +# server is unable to check it (due to a hashed password or other +# reasons) it will be accepted. A value of '2' indicates that the +# server will check the quality, and if the server is unable to verify +# it, it will return an error refusing the password. + +attributetype ( 1.3.6.1.4.1.42.2.27.8.1.5 + NAME 'pwdCheckQuality' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +#5.2.6 pwdMinLength +# +# When quality checking is enabled, this attribute holds the minimum +# number of characters that must be used in a password. If this +# attribute is not present, no minimum password length will be +# enforced. If the server is unable to check the length (due to a +# hashed password or otherwise), the server will, depending on the +# value of the pwdCheckQuality attribute, either accept the password +# without checking it ('0' or '1') or refuse it ('2'). + +attributetype ( 1.3.6.1.4.1.42.2.27.8.1.6 + NAME 'pwdMinLength' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +#5.2.7 pwdExpireWarning +# +# This attribute specifies the maximum number of seconds before a +# password is due to expire that expiration warning messages will be +# returned to an authenticating user. +# +# If this attribute is not present, or if the value is 0 no warnings +# will be returned. If not 0, the value must be smaller than the value +# of the pwdMaxAge attribute. + +attributetype ( 1.3.6.1.4.1.42.2.27.8.1.7 + NAME 'pwdExpireWarning' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +#5.2.8 pwdGraceAuthNLimit +# +# This attribute specifies the number of times an expired password can +# be used to authenticate. If this attribute is not present or if the +# value is 0, authentication will fail. + +attributetype ( 1.3.6.1.4.1.42.2.27.8.1.8 + NAME 'pwdGraceAuthNLimit' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +#5.2.9 pwdLockout +# +# This attribute indicates, when its value is "TRUE", that the password +# may not be used to authenticate after a specified number of +# consecutive failed bind attempts. The maximum number of consecutive +# failed bind attempts is specified in pwdMaxFailure. +# +# If this attribute is not present, or if the value is "FALSE", the +# password may be used to authenticate when the number of failed bind +# attempts has been reached. + +attributetype ( 1.3.6.1.4.1.42.2.27.8.1.9 + NAME 'pwdLockout' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +#5.2.10 pwdLockoutDuration +# +# This attribute holds the number of seconds that the password cannot +# be used to authenticate due to too many failed bind attempts. If +# this attribute is not present, or if the value is 0 the password +# cannot be used to authenticate until reset by a password +# administrator. + +attributetype ( 1.3.6.1.4.1.42.2.27.8.1.10 + NAME 'pwdLockoutDuration' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +#5.2.11 pwdMaxFailure +# +# This attribute specifies the number of consecutive failed bind +# attempts after which the password may not be used to authenticate. +# If this attribute is not present, or if the value is 0, this policy +# is not checked, and the value of pwdLockout will be ignored. + +attributetype ( 1.3.6.1.4.1.42.2.27.8.1.11 + NAME 'pwdMaxFailure' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +#5.2.12 pwdFailureCountInterval +# +# This attribute holds the number of seconds after which the password +# failures are purged from the failure counter, even though no +# successful authentication occurred. +# +# If this attribute is not present, or if its value is 0, the failure +# counter is only reset by a successful authentication. + +attributetype ( 1.3.6.1.4.1.42.2.27.8.1.12 + NAME 'pwdFailureCountInterval' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +#5.2.13 pwdMustChange +# +# This attribute specifies with a value of "TRUE" that users must +# change their passwords when they first bind to the directory after a +# password is set or reset by a password administrator. If this +# attribute is not present, or if the value is "FALSE", users are not +# required to change their password upon binding after the password +# administrator sets or resets the password. This attribute is not set +# due to any actions specified by this document, it is typically set by +# a password administrator after resetting a user's password. + +attributetype ( 1.3.6.1.4.1.42.2.27.8.1.13 + NAME 'pwdMustChange' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +#5.2.14 pwdAllowUserChange +# +# This attribute indicates whether users can change their own +# passwords, although the change operation is still subject to access +# control. If this attribute is not present, a value of "TRUE" is +# assumed. This attribute is intended to be used in the absense of an +# access control mechanism. + +attributetype ( 1.3.6.1.4.1.42.2.27.8.1.14 + NAME 'pwdAllowUserChange' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +#5.2.15 pwdSafeModify +# +# This attribute specifies whether or not the existing password must be +# sent along with the new password when being changed. If this +# attribute is not present, a "FALSE" value is assumed. + +attributetype ( 1.3.6.1.4.1.42.2.27.8.1.15 + NAME 'pwdSafeModify' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +# HP extensions +# +# pwdCheckModule +# +# This attribute names a user-defined loadable module that provides +# a check_password() function. If pwdCheckQuality is set to '1' or '2' +# this function will be called after all of the internal password +# quality checks have been passed. The function has this prototype: +# +# int check_password( char *password, char **errormessage, void *arg ) +# +# The function should return LDAP_SUCCESS for a valid password. + +attributetype ( 1.3.6.1.4.1.4754.1.99.1 + NAME 'pwdCheckModule' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + DESC 'Loadable module that instantiates "check_password() function' + SINGLE-VALUE ) + +objectclass ( 1.3.6.1.4.1.4754.2.99.1 + NAME 'pwdPolicyChecker' + SUP top + AUXILIARY + MAY ( pwdCheckModule ) ) + +#5.1 The pwdPolicy Object Class +# +# This object class contains the attributes defining a password policy +# in effect for a set of users. Section 10 describes the +# administration of this object, and the relationship between it and +# particular objects. +# +objectclass ( 1.3.6.1.4.1.42.2.27.8.2.1 + NAME 'pwdPolicy' + SUP top + AUXILIARY + MUST ( pwdAttribute ) + MAY ( pwdMinAge $ pwdMaxAge $ pwdInHistory $ pwdCheckQuality $ + pwdMinLength $ pwdExpireWarning $ pwdGraceAuthNLimit $ pwdLockout + $ pwdLockoutDuration $ pwdMaxFailure $ pwdFailureCountInterval $ + pwdMustChange $ pwdAllowUserChange $ pwdSafeModify ) ) + +#5.3 Attribute Types for Password Policy State Information +# +# Password policy state information must be maintained for each user. +# The information is located in each user entry as a set of operational +# attributes. These operational attributes are: pwdChangedTime, +# pwdAccountLockedTime, pwdFailureTime, pwdHistory, pwdGraceUseTime, +# pwdReset, pwdPolicySubEntry. +# +#5.3.1 Password Policy State Attribute Option +# +# Since the password policy could apply to several attributes used to +# store passwords, each of the above operational attributes must have +# an option to specify which pwdAttribute it applies to. The password +# policy option is defined as the following: +# +# pwd- +# +# where passwordAttribute a string following the OID syntax +# (1.3.6.1.4.1.1466.115.121.1.38). The attribute type descriptor +# (short name) MUST be used. +# +# For example, if the pwdPolicy object has for pwdAttribute +# "userPassword" then the pwdChangedTime operational attribute, in a +# user entry, will be: +# +# pwdChangedTime;pwd-userPassword: 20000103121520Z +# +# This attribute option follows sub-typing semantics. If a client +# requests a password policy state attribute to be returned in a search +# operation, and does not specify an option, all subtypes of that +# policy state attribute are returned. +# +#5.3.2 pwdChangedTime +# +# This attribute specifies the last time the entry's password was +# changed. This is used by the password expiration policy. If this +# attribute does not exist, the password will never expire. +# +# ( 1.3.6.1.4.1.42.2.27.8.1.16 +# NAME 'pwdChangedTime' +# DESC 'The time the password was last changed' +# EQUALITY generalizedTimeMatch +# ORDERING generalizedTimeOrderingMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 +# SINGLE-VALUE +# USAGE directoryOperation ) +# +#5.3.3 pwdAccountLockedTime +# +# This attribute holds the time that the user's account was locked. A +# locked account means that the password may no longer be used to +# authenticate. A 000001010000Z value means that the account has been +# locked permanently, and that only a password administrator can unlock +# the account. +# +# ( 1.3.6.1.4.1.42.2.27.8.1.17 +# NAME 'pwdAccountLockedTime' +# DESC 'The time an user account was locked' +# EQUALITY generalizedTimeMatch +# ORDERING generalizedTimeOrderingMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 +# SINGLE-VALUE +# USAGE directoryOperation ) +# +#5.3.4 pwdFailureTime +# +# This attribute holds the timestamps of the consecutive authentication +# failures. +# +# ( 1.3.6.1.4.1.42.2.27.8.1.19 +# NAME 'pwdFailureTime' +# DESC 'The timestamps of the last consecutive authentication +# failures' +# EQUALITY generalizedTimeMatch +# ORDERING generalizedTimeOrderingMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 +# USAGE directoryOperation ) +# +#5.3.5 pwdHistory +# +# This attribute holds a history of previously used passwords. Values +# of this attribute are transmitted in string format as given by the +# following ABNF: +# +# pwdHistory = time "#" syntaxOID "#" length "#" data +# +# time = +# +# syntaxOID = numericoid ; the string representation of the +# ; dotted-decimal OID that defines the +# ; syntax used to store the password. +# ; numericoid is described in 4.1 +# ; of [RFC2252]. +# +# length = numericstring ; the number of octets in data. +# ; numericstring is described in 4.1 +# ; of [RFC2252]. +# +# data = . +# +# This format allows the server to store, and transmit a history of +# passwords that have been used. In order for equality matching to +# function properly, the time field needs to adhere to a consistent +# format. For this purpose, the time field MUST be in GMT format. +# +# ( 1.3.6.1.4.1.42.2.27.8.1.20 +# NAME 'pwdHistory' +# DESC 'The history of user s passwords' +# EQUALITY octetStringMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 +# USAGE directoryOperation ) +# +#5.3.6 pwdGraceUseTime +# +# This attribute holds the timestamps of grace authentications after a +# password has expired. +# +# ( 1.3.6.1.4.1.42.2.27.8.1.21 +# NAME 'pwdGraceUseTime' +# DESC 'The timestamps of the grace authentication after the +# password has expired' +# EQUALITY generalizedTimeMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 +# +#5.3.7 pwdReset +# +# This attribute holds a flag to indicate (when TRUE) that the password +# has been updated by the password administrator and must be changed by +# the user on first authentication. +# +# ( 1.3.6.1.4.1.42.2.27.8.1.22 +# NAME 'pwdReset' +# DESC 'The indication that the password has been reset' +# EQUALITY booleanMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 +# SINGLE-VALUE +# USAGE directoryOperation ) +# +#5.3.8 pwdPolicySubentry +# +# This attribute points to the pwdPolicy subentry in effect for this +# object. +# +# ( 1.3.6.1.4.1.42.2.27.8.1.23 +# NAME 'pwdPolicySubentry' +# DESC 'The pwdPolicy subentry in effect for this object' +# EQUALITY distinguishedNameMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 +# SINGLE-VALUE +# USAGE directoryOperation ) +# +# +#Disclaimer of Validity +# +# This document and the information contained herein are provided on an +# "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS +# OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET +# ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, +# INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE +# INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED +# WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. +# +# +#Copyright Statement +# +# Copyright (C) The Internet Society (2004). This document is subject +# to the rights, licenses and restrictions contained in BCP 78, and +# except as set forth therein, the authors retain all their rights. + diff --git a/config-archive/etc/openldap/schema/ppolicy.schema.dist b/config-archive/etc/openldap/schema/ppolicy.schema.dist new file mode 100644 index 00000000..b88c9821 --- /dev/null +++ b/config-archive/etc/openldap/schema/ppolicy.schema.dist @@ -0,0 +1,531 @@ +# $OpenLDAP$ +## This work is part of OpenLDAP Software . +## +## Copyright 2004-2011 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## . +# +## Portions Copyright (C) The Internet Society (2004). +## Please see full copyright statement below. + +# Definitions from Draft behera-ldap-password-policy-07 (a work in progress) +# Password Policy for LDAP Directories +# With extensions from Hewlett-Packard: +# pwdCheckModule etc. + +# Contents of this file are subject to change (including deletion) +# without notice. +# +# Not recommended for production use! +# Use with extreme caution! + +#Network Working Group J. Sermersheim +#Internet-Draft Novell, Inc +#Expires: April 24, 2005 L. Poitou +# Sun Microsystems +# October 24, 2004 +# +# +# Password Policy for LDAP Directories +# draft-behera-ldap-password-policy-08.txt +# +#Status of this Memo +# +# This document is an Internet-Draft and is subject to all provisions +# of section 3 of RFC 3667. By submitting this Internet-Draft, each +# author represents that any applicable patent or other IPR claims of +# which he or she is aware have been or will be disclosed, and any of +# which he or she become aware will be disclosed, in accordance with +# RFC 3668. +# +# Internet-Drafts are working documents of the Internet Engineering +# Task Force (IETF), its areas, and its working groups. Note that +# other groups may also distribute working documents as +# Internet-Drafts. +# +# Internet-Drafts are draft documents valid for a maximum of six months +# and may be updated, replaced, or obsoleted by other documents at any +# time. It is inappropriate to use Internet-Drafts as reference +# material or to cite them other than as "work in progress." +# +# The list of current Internet-Drafts can be accessed at +# http://www.ietf.org/ietf/1id-abstracts.txt. +# +# The list of Internet-Draft Shadow Directories can be accessed at +# http://www.ietf.org/shadow.html. +# +# This Internet-Draft will expire on April 24, 2005. +# +#Copyright Notice +# +# Copyright (C) The Internet Society (2004). +# +#Abstract +# +# Password policy as described in this document is a set of rules that +# controls how passwords are used and administered in Lightweight +# Directory Access Protocol (LDAP) based directories. In order to +# improve the security of LDAP directories and make it difficult for +# password cracking programs to break into directories, it is desirable +# to enforce a set of rules on password usage. These rules are made to +# +# [trimmed] +# +#5. Schema used for Password Policy +# +# The schema elements defined here fall into two general categories. A +# password policy object class is defined which contains a set of +# administrative password policy attributes, and a set of operational +# attributes are defined that hold general password policy state +# information for each user. +# +#5.2 Attribute Types used in the pwdPolicy ObjectClass +# +# Following are the attribute types used by the pwdPolicy object class. +# +#5.2.1 pwdAttribute +# +# This holds the name of the attribute to which the password policy is +# applied. For example, the password policy may be applied to the +# userPassword attribute. + +attributetype ( 1.3.6.1.4.1.42.2.27.8.1.1 + NAME 'pwdAttribute' + EQUALITY objectIdentifierMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) + +#5.2.2 pwdMinAge +# +# This attribute holds the number of seconds that must elapse between +# modifications to the password. If this attribute is not present, 0 +# seconds is assumed. + +attributetype ( 1.3.6.1.4.1.42.2.27.8.1.2 + NAME 'pwdMinAge' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +#5.2.3 pwdMaxAge +# +# This attribute holds the number of seconds after which a modified +# password will expire. +# +# If this attribute is not present, or if the value is 0 the password +# does not expire. If not 0, the value must be greater than or equal +# to the value of the pwdMinAge. + +attributetype ( 1.3.6.1.4.1.42.2.27.8.1.3 + NAME 'pwdMaxAge' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +#5.2.4 pwdInHistory +# +# This attribute specifies the maximum number of used passwords stored +# in the pwdHistory attribute. +# +# If this attribute is not present, or if the value is 0, used +# passwords are not stored in the pwdHistory attribute and thus may be +# reused. + +attributetype ( 1.3.6.1.4.1.42.2.27.8.1.4 + NAME 'pwdInHistory' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +#5.2.5 pwdCheckQuality +# +# {TODO: Consider changing the syntax to OID. Each OID will list a +# quality rule (like min len, # of special characters, etc). These +# rules can be specified outsid ethis document.} +# +# {TODO: Note that even though this is meant to be a check that happens +# during password modification, it may also be allowed to happen during +# authN. This is useful for situations where the password is encrypted +# when modified, but decrypted when used to authN.} +# +# This attribute indicates how the password quality will be verified +# while being modified or added. If this attribute is not present, or +# if the value is '0', quality checking will not be enforced. A value +# of '1' indicates that the server will check the quality, and if the +# server is unable to check it (due to a hashed password or other +# reasons) it will be accepted. A value of '2' indicates that the +# server will check the quality, and if the server is unable to verify +# it, it will return an error refusing the password. + +attributetype ( 1.3.6.1.4.1.42.2.27.8.1.5 + NAME 'pwdCheckQuality' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +#5.2.6 pwdMinLength +# +# When quality checking is enabled, this attribute holds the minimum +# number of characters that must be used in a password. If this +# attribute is not present, no minimum password length will be +# enforced. If the server is unable to check the length (due to a +# hashed password or otherwise), the server will, depending on the +# value of the pwdCheckQuality attribute, either accept the password +# without checking it ('0' or '1') or refuse it ('2'). + +attributetype ( 1.3.6.1.4.1.42.2.27.8.1.6 + NAME 'pwdMinLength' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +#5.2.7 pwdExpireWarning +# +# This attribute specifies the maximum number of seconds before a +# password is due to expire that expiration warning messages will be +# returned to an authenticating user. +# +# If this attribute is not present, or if the value is 0 no warnings +# will be returned. If not 0, the value must be smaller than the value +# of the pwdMaxAge attribute. + +attributetype ( 1.3.6.1.4.1.42.2.27.8.1.7 + NAME 'pwdExpireWarning' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +#5.2.8 pwdGraceAuthNLimit +# +# This attribute specifies the number of times an expired password can +# be used to authenticate. If this attribute is not present or if the +# value is 0, authentication will fail. + +attributetype ( 1.3.6.1.4.1.42.2.27.8.1.8 + NAME 'pwdGraceAuthNLimit' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +#5.2.9 pwdLockout +# +# This attribute indicates, when its value is "TRUE", that the password +# may not be used to authenticate after a specified number of +# consecutive failed bind attempts. The maximum number of consecutive +# failed bind attempts is specified in pwdMaxFailure. +# +# If this attribute is not present, or if the value is "FALSE", the +# password may be used to authenticate when the number of failed bind +# attempts has been reached. + +attributetype ( 1.3.6.1.4.1.42.2.27.8.1.9 + NAME 'pwdLockout' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +#5.2.10 pwdLockoutDuration +# +# This attribute holds the number of seconds that the password cannot +# be used to authenticate due to too many failed bind attempts. If +# this attribute is not present, or if the value is 0 the password +# cannot be used to authenticate until reset by a password +# administrator. + +attributetype ( 1.3.6.1.4.1.42.2.27.8.1.10 + NAME 'pwdLockoutDuration' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +#5.2.11 pwdMaxFailure +# +# This attribute specifies the number of consecutive failed bind +# attempts after which the password may not be used to authenticate. +# If this attribute is not present, or if the value is 0, this policy +# is not checked, and the value of pwdLockout will be ignored. + +attributetype ( 1.3.6.1.4.1.42.2.27.8.1.11 + NAME 'pwdMaxFailure' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +#5.2.12 pwdFailureCountInterval +# +# This attribute holds the number of seconds after which the password +# failures are purged from the failure counter, even though no +# successful authentication occurred. +# +# If this attribute is not present, or if its value is 0, the failure +# counter is only reset by a successful authentication. + +attributetype ( 1.3.6.1.4.1.42.2.27.8.1.12 + NAME 'pwdFailureCountInterval' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +#5.2.13 pwdMustChange +# +# This attribute specifies with a value of "TRUE" that users must +# change their passwords when they first bind to the directory after a +# password is set or reset by a password administrator. If this +# attribute is not present, or if the value is "FALSE", users are not +# required to change their password upon binding after the password +# administrator sets or resets the password. This attribute is not set +# due to any actions specified by this document, it is typically set by +# a password administrator after resetting a user's password. + +attributetype ( 1.3.6.1.4.1.42.2.27.8.1.13 + NAME 'pwdMustChange' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +#5.2.14 pwdAllowUserChange +# +# This attribute indicates whether users can change their own +# passwords, although the change operation is still subject to access +# control. If this attribute is not present, a value of "TRUE" is +# assumed. This attribute is intended to be used in the absense of an +# access control mechanism. + +attributetype ( 1.3.6.1.4.1.42.2.27.8.1.14 + NAME 'pwdAllowUserChange' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +#5.2.15 pwdSafeModify +# +# This attribute specifies whether or not the existing password must be +# sent along with the new password when being changed. If this +# attribute is not present, a "FALSE" value is assumed. + +attributetype ( 1.3.6.1.4.1.42.2.27.8.1.15 + NAME 'pwdSafeModify' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +# HP extensions +# +# pwdCheckModule +# +# This attribute names a user-defined loadable module that provides +# a check_password() function. If pwdCheckQuality is set to '1' or '2' +# this function will be called after all of the internal password +# quality checks have been passed. The function has this prototype: +# +# int check_password( char *password, char **errormessage, void *arg ) +# +# The function should return LDAP_SUCCESS for a valid password. + +attributetype ( 1.3.6.1.4.1.4754.1.99.1 + NAME 'pwdCheckModule' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + DESC 'Loadable module that instantiates "check_password() function' + SINGLE-VALUE ) + +objectclass ( 1.3.6.1.4.1.4754.2.99.1 + NAME 'pwdPolicyChecker' + SUP top + AUXILIARY + MAY ( pwdCheckModule ) ) + +#5.1 The pwdPolicy Object Class +# +# This object class contains the attributes defining a password policy +# in effect for a set of users. Section 10 describes the +# administration of this object, and the relationship between it and +# particular objects. +# +objectclass ( 1.3.6.1.4.1.42.2.27.8.2.1 + NAME 'pwdPolicy' + SUP top + AUXILIARY + MUST ( pwdAttribute ) + MAY ( pwdMinAge $ pwdMaxAge $ pwdInHistory $ pwdCheckQuality $ + pwdMinLength $ pwdExpireWarning $ pwdGraceAuthNLimit $ pwdLockout + $ pwdLockoutDuration $ pwdMaxFailure $ pwdFailureCountInterval $ + pwdMustChange $ pwdAllowUserChange $ pwdSafeModify ) ) + +#5.3 Attribute Types for Password Policy State Information +# +# Password policy state information must be maintained for each user. +# The information is located in each user entry as a set of operational +# attributes. These operational attributes are: pwdChangedTime, +# pwdAccountLockedTime, pwdFailureTime, pwdHistory, pwdGraceUseTime, +# pwdReset, pwdPolicySubEntry. +# +#5.3.1 Password Policy State Attribute Option +# +# Since the password policy could apply to several attributes used to +# store passwords, each of the above operational attributes must have +# an option to specify which pwdAttribute it applies to. The password +# policy option is defined as the following: +# +# pwd- +# +# where passwordAttribute a string following the OID syntax +# (1.3.6.1.4.1.1466.115.121.1.38). The attribute type descriptor +# (short name) MUST be used. +# +# For example, if the pwdPolicy object has for pwdAttribute +# "userPassword" then the pwdChangedTime operational attribute, in a +# user entry, will be: +# +# pwdChangedTime;pwd-userPassword: 20000103121520Z +# +# This attribute option follows sub-typing semantics. If a client +# requests a password policy state attribute to be returned in a search +# operation, and does not specify an option, all subtypes of that +# policy state attribute are returned. +# +#5.3.2 pwdChangedTime +# +# This attribute specifies the last time the entry's password was +# changed. This is used by the password expiration policy. If this +# attribute does not exist, the password will never expire. +# +# ( 1.3.6.1.4.1.42.2.27.8.1.16 +# NAME 'pwdChangedTime' +# DESC 'The time the password was last changed' +# EQUALITY generalizedTimeMatch +# ORDERING generalizedTimeOrderingMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 +# SINGLE-VALUE +# USAGE directoryOperation ) +# +#5.3.3 pwdAccountLockedTime +# +# This attribute holds the time that the user's account was locked. A +# locked account means that the password may no longer be used to +# authenticate. A 000001010000Z value means that the account has been +# locked permanently, and that only a password administrator can unlock +# the account. +# +# ( 1.3.6.1.4.1.42.2.27.8.1.17 +# NAME 'pwdAccountLockedTime' +# DESC 'The time an user account was locked' +# EQUALITY generalizedTimeMatch +# ORDERING generalizedTimeOrderingMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 +# SINGLE-VALUE +# USAGE directoryOperation ) +# +#5.3.4 pwdFailureTime +# +# This attribute holds the timestamps of the consecutive authentication +# failures. +# +# ( 1.3.6.1.4.1.42.2.27.8.1.19 +# NAME 'pwdFailureTime' +# DESC 'The timestamps of the last consecutive authentication +# failures' +# EQUALITY generalizedTimeMatch +# ORDERING generalizedTimeOrderingMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 +# USAGE directoryOperation ) +# +#5.3.5 pwdHistory +# +# This attribute holds a history of previously used passwords. Values +# of this attribute are transmitted in string format as given by the +# following ABNF: +# +# pwdHistory = time "#" syntaxOID "#" length "#" data +# +# time = +# +# syntaxOID = numericoid ; the string representation of the +# ; dotted-decimal OID that defines the +# ; syntax used to store the password. +# ; numericoid is described in 4.1 +# ; of [RFC2252]. +# +# length = numericstring ; the number of octets in data. +# ; numericstring is described in 4.1 +# ; of [RFC2252]. +# +# data = . +# +# This format allows the server to store, and transmit a history of +# passwords that have been used. In order for equality matching to +# function properly, the time field needs to adhere to a consistent +# format. For this purpose, the time field MUST be in GMT format. +# +# ( 1.3.6.1.4.1.42.2.27.8.1.20 +# NAME 'pwdHistory' +# DESC 'The history of user s passwords' +# EQUALITY octetStringMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 +# USAGE directoryOperation ) +# +#5.3.6 pwdGraceUseTime +# +# This attribute holds the timestamps of grace authentications after a +# password has expired. +# +# ( 1.3.6.1.4.1.42.2.27.8.1.21 +# NAME 'pwdGraceUseTime' +# DESC 'The timestamps of the grace authentication after the +# password has expired' +# EQUALITY generalizedTimeMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 +# +#5.3.7 pwdReset +# +# This attribute holds a flag to indicate (when TRUE) that the password +# has been updated by the password administrator and must be changed by +# the user on first authentication. +# +# ( 1.3.6.1.4.1.42.2.27.8.1.22 +# NAME 'pwdReset' +# DESC 'The indication that the password has been reset' +# EQUALITY booleanMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 +# SINGLE-VALUE +# USAGE directoryOperation ) +# +#5.3.8 pwdPolicySubentry +# +# This attribute points to the pwdPolicy subentry in effect for this +# object. +# +# ( 1.3.6.1.4.1.42.2.27.8.1.23 +# NAME 'pwdPolicySubentry' +# DESC 'The pwdPolicy subentry in effect for this object' +# EQUALITY distinguishedNameMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 +# SINGLE-VALUE +# USAGE directoryOperation ) +# +# +#Disclaimer of Validity +# +# This document and the information contained herein are provided on an +# "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS +# OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET +# ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, +# INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE +# INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED +# WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. +# +# +#Copyright Statement +# +# Copyright (C) The Internet Society (2004). This document is subject +# to the rights, licenses and restrictions contained in BCP 78, and +# except as set forth therein, the authors retain all their rights. + diff --git a/init.d/._cfg0000_slapd b/init.d/._cfg0000_slapd deleted file mode 100755 index 005a3c10..00000000 --- a/init.d/._cfg0000_slapd +++ /dev/null @@ -1,35 +0,0 @@ -#!/sbin/runscript -# Copyright 1999-2012 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/files/slapd-initd-2.4.28-r1,v 1.2 2012/02/12 21:35:04 robbat2 Exp $ - -extra_commands="checkconfig" - -[ -z "$INSTANCE" ] && INSTANCE="openldap${SVCNAME#slapd}" - -depend() { - need net - before dbus hald avahi-daemon - provide ldap -} - -start() { - if ! checkconfig -Q ; then - eerror "There is a problem with your slapd.conf!" - return 1 - fi - ebegin "Starting ldap-server" - [ -n "$KRB5_KTNAME" ] && export KRB5_KTNAME - eval start-stop-daemon --start --pidfile /var/run/openldap/${SVCNAME}.pid --exec /usr/lib64/openldap/slapd -- -u ldap -g ldap "${OPTS}" - eend $? -} - -stop() { - ebegin "Stopping ldap-server" - start-stop-daemon --stop --signal 2 --quiet --pidfile /var/run/openldap/${SVCNAME}.pid - eend $? -} - -checkconfig() { - /usr/sbin/slaptest -u "$@" ${OPTS_CONF} -} diff --git a/init.d/slapd b/init.d/slapd index a4329446..005a3c10 100755 --- a/init.d/slapd +++ b/init.d/slapd @@ -1,7 +1,11 @@ #!/sbin/runscript -# Copyright 1999-2004 Gentoo Foundation +# Copyright 1999-2012 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/files/slapd-initd2,v 1.1 2010/04/11 15:14:48 jokey Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/files/slapd-initd-2.4.28-r1,v 1.2 2012/02/12 21:35:04 robbat2 Exp $ + +extra_commands="checkconfig" + +[ -z "$INSTANCE" ] && INSTANCE="openldap${SVCNAME#slapd}" depend() { need net @@ -10,13 +14,22 @@ depend() { } start() { + if ! checkconfig -Q ; then + eerror "There is a problem with your slapd.conf!" + return 1 + fi ebegin "Starting ldap-server" - eval start-stop-daemon --start --pidfile /var/run/openldap/slapd.pid --exec /usr/lib64/openldap/slapd -- -u ldap -g ldap "${OPTS}" + [ -n "$KRB5_KTNAME" ] && export KRB5_KTNAME + eval start-stop-daemon --start --pidfile /var/run/openldap/${SVCNAME}.pid --exec /usr/lib64/openldap/slapd -- -u ldap -g ldap "${OPTS}" eend $? } stop() { ebegin "Stopping ldap-server" - start-stop-daemon --stop --signal 2 --quiet --pidfile /var/run/openldap/slapd.pid + start-stop-daemon --stop --signal 2 --quiet --pidfile /var/run/openldap/${SVCNAME}.pid eend $? } + +checkconfig() { + /usr/sbin/slaptest -u "$@" ${OPTS_CONF} +} diff --git a/mke2fs.conf b/mke2fs.conf index 52fe58ed..0871f777 100644 --- a/mke2fs.conf +++ b/mke2fs.conf @@ -1,5 +1,7 @@ [defaults] base_features = sparse_super,filetype,resize_inode,dir_index,ext_attr + default_mntopts = acl,user_xattr + enable_periodic_fsck = 0 blocksize = 4096 inode_size = 256 inode_ratio = 16384 @@ -10,6 +12,7 @@ } ext4 = { features = has_journal,extent,huge_file,flex_bg,uninit_bg,dir_nlink,extra_isize + auto_64-bit_support = 1 inode_size = 256 } ext4dev = { @@ -27,6 +30,12 @@ inode_size = 128 inode_ratio = 8192 } + big = { + inode_ratio = 32768 + } + huge = { + inode_ratio = 65536 + } news = { inode_ratio = 4096 } diff --git a/openldap/._cfg0000_DB_CONFIG.example b/openldap/._cfg0000_DB_CONFIG.example deleted file mode 100644 index d0f2c682..00000000 --- a/openldap/._cfg0000_DB_CONFIG.example +++ /dev/null @@ -1,28 +0,0 @@ -# $OpenLDAP$ -# Example DB_CONFIG file for use with slapd(8) BDB/HDB databases. -# -# See the Oracle Berkeley DB documentation -# -# for detail description of DB_CONFIG syntax and semantics. -# -# Hints can also be found in the OpenLDAP Software FAQ -# -# in particular: -# - -# Note: most DB_CONFIG settings will take effect only upon rebuilding -# the DB environment. - -# one 0.25 GB cache -set_cachesize 0 268435456 1 - -# Data Directory -#set_data_dir db - -# Transaction Log settings -set_lg_regionmax 262144 -set_lg_bsize 2097152 -#set_lg_dir logs - -# Note: special DB_CONFIG flags are no longer needed for "quick" -# slapadd(8) or slapindex(8) access (see their -q option). diff --git a/openldap/DB_CONFIG.example b/openldap/DB_CONFIG.example index e7cf5baf..d0f2c682 100644 --- a/openldap/DB_CONFIG.example +++ b/openldap/DB_CONFIG.example @@ -1,4 +1,4 @@ -# $OpenLDAP: pkg/ldap/servers/slapd/DB_CONFIG,v 1.3.2.4 2007/12/18 11:53:27 ghenry Exp $ +# $OpenLDAP$ # Example DB_CONFIG file for use with slapd(8) BDB/HDB databases. # # See the Oracle Berkeley DB documentation diff --git a/openldap/schema/._cfg0000_README b/openldap/schema/._cfg0000_README deleted file mode 100644 index a2f61a12..00000000 --- a/openldap/schema/._cfg0000_README +++ /dev/null @@ -1,80 +0,0 @@ -This directory contains user application schema definitions for use -with slapd(8). - -File Description ----- ----------- -collective.schema Collective attributes (experimental) -corba.schema Corba Object -core.schema OpenLDAP "core" -cosine.schema COSINE Pilot -duaconf.schema Client Configuration (work in progress) -dyngroup.schema Dynamic Group (experimental) -inetorgperson.schema InetOrgPerson -java.schema Java Object -misc.schema Miscellaneous Schema (experimental) -nadf.schema North American Directory Forum (obsolete) -nis.schema Network Information Service (experimental) -openldap.schema OpenLDAP Project (FYI) -ppolicy.schema Password Policy Schema (work in progress) - -Additional "generally useful" schema definitions can be submitted -using the OpenLDAP Issue Tracking System . -Submissions should include a stable reference to a mature, open -technical specification (e.g., an RFC) for the schema. - -The core.ldif and openldap.ldif files are equivalent to their -corresponding .schema files. They have been provided as examples -for use with the dynamic configuration backend. These example files -are not actually necessary since slapd will automatically convert any -included *.schema files into LDIF when converting a slapd.conf file -to a configuration database, but they serve as a model of how to -convert schema files in general. - ---- - -This notice applies to all files in this directory. - -Copyright 1998-2011 The OpenLDAP Foundation, Redwood City, California, USA -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted only as authorized by the OpenLDAP -Public License. A copy of this license is available at -http://www.OpenLDAP.org/license.html or in file LICENSE in the -top-level directory of the distribution. - ---- - -This notice applies to all schema in this directory which are derived -from RFCs and other IETF documents. - -Portions Copyright 1991-2004, The Internet Society. All Rights Reserved. - -This document and translations of it may be copied and furnished -to others, and derivative works that comment on or otherwise explain -it or assist in its implementation may be prepared, copied, published -and distributed, in whole or in part, without restriction of any -kind, provided that the above copyright notice and this paragraph -are included on all such copies and derivative works. However, -this document itself may not be modified in any way, such as by -removing the copyright notice or references to the Internet Society -or other Internet organizations, except as needed for the purpose -of developing Internet standards in which case the procedures for -copyrights defined in the Internet Standards process must be -followed, or as required to translate it into languages other than -English. - -The limited permissions granted above are perpetual and will not -be revoked by the Internet Society or its successors or assigns. - -This document and the information contained herein is provided on -an "AS IS" basis and THE AUTHORS, THE INTERNET SOCIETY, AND THE -INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS -OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE -OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY -IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR -PURPOSE. - - ---- -$OpenLDAP$ diff --git a/openldap/schema/._cfg0000_collective.schema b/openldap/schema/._cfg0000_collective.schema deleted file mode 100644 index 63cad87b..00000000 --- a/openldap/schema/._cfg0000_collective.schema +++ /dev/null @@ -1,190 +0,0 @@ -# collective.schema -- Collective attribute schema -# $OpenLDAP$ -## This work is part of OpenLDAP Software . -## -## Copyright 1998-2011 The OpenLDAP Foundation. -## All rights reserved. -## -## Redistribution and use in source and binary forms, with or without -## modification, are permitted only as authorized by the OpenLDAP -## Public License. -## -## A copy of this license is available in the file LICENSE in the -## top-level directory of the distribution or, alternatively, at -## . -# -## Portions Copyright (C) The Internet Society (2003). -## Please see full copyright statement below. - -# From RFC 3671 [portions trimmed]: -# Collective Attributes in LDAP - -#Abstract -# -# X.500 collective attributes allow common characteristics to be shared -# between collections of entries. This document summarizes the X.500 -# information model for collective attributes and describes use of -# collective attributes in LDAP (Lightweight Directory Access Protocol). -# This document provides schema definitions for collective attributes -# for use in LDAP. - -#3. Collective Attribute Types -# -# A userApplications attribute type can be defined to be COLLECTIVE -# [RFC2252]. This indicates that the same attribute values will appear -# in the entries of an entry collection subject to the use of the -# collectiveExclusions attribute and other administrative controls. -# -# Collective attribute types are commonly defined as subtypes of non- -# collective attribute types. By convention, collective attributes are -# named by prefixing the name of their non-collective supertype with -# "c-". For example, the collective telephone attribute is named -# c-TelephoneNumber after its non-collective supertype telephoneNumber. -# -# Non-collective attributes types SHALL NOT subtype collective -# attributes. -# -# Collective attributes SHALL NOT be SINGLE-VALUED. Collective -# attribute types SHALL NOT appear in the attribute types of an object -# class definition. -# -# Operational attributes SHALL NOT be defined to be collective. -# -# The remainder of section provides a summary of collective attributes -# derived from those defined in [X.520]. Implementations of this -# specification SHOULD support the following collective attributes and -# MAY support additional collective attributes. -# -# -#3.1. Collective Locality Name -# -# The c-l attribute type specifies a locality name for a collection of -# entries. -# -attributeType ( 2.5.4.7.1 NAME 'c-l' - SUP l COLLECTIVE ) -# -# -#3.2. Collective State or Province Name -# -# The c-st attribute type specifies a state or province name for a -# collection of entries. -# -attributeType ( 2.5.4.8.1 NAME 'c-st' - SUP st COLLECTIVE ) -# -# -#3.3. Collective Street Address -# -# The c-street attribute type specifies a street address for a -# collection of entries. -# -attributeType ( 2.5.4.9.1 NAME 'c-street' - SUP street COLLECTIVE ) -# -# -#3.4. Collective Organization Name -# -# The c-o attribute type specifies an organization name for a collection -# of entries. -# -attributeType ( 2.5.4.10.1 NAME 'c-o' - SUP o COLLECTIVE ) -# -# -#3.5. Collective Organizational Unit Name -# -# The c-ou attribute type specifies an organizational unit name for a -# collection of entries. -# -attributeType ( 2.5.4.11.1 NAME 'c-ou' - SUP ou COLLECTIVE ) -# -# -#3.6. Collective Postal Address -# -# The c-PostalAddress attribute type specifies a postal address for a -# collection of entries. -# -attributeType ( 2.5.4.16.1 NAME 'c-PostalAddress' - SUP postalAddress COLLECTIVE ) -# -# -#3.7. Collective Postal Code -# -# The c-PostalCode attribute type specifies a postal code for a -# collection of entries. -# -attributeType ( 2.5.4.17.1 NAME 'c-PostalCode' - SUP postalCode COLLECTIVE ) -# -# -#3.8. Collective Post Office Box -# -# The c-PostOfficeBox attribute type specifies a post office box for a -# collection of entries. -# -attributeType ( 2.5.4.18.1 NAME 'c-PostOfficeBox' - SUP postOfficeBox COLLECTIVE ) -# -# -#3.9. Collective Physical Delivery Office Name -# -# The c-PhysicalDeliveryOfficeName attribute type specifies a physical -# delivery office name for a collection of entries. -# -attributeType ( 2.5.4.19.1 NAME 'c-PhysicalDeliveryOfficeName' - SUP physicalDeliveryOfficeName COLLECTIVE ) -# -# -#3.10. Collective Telephone Number -# -# The c-TelephoneNumber attribute type specifies a telephone number for -# a collection of entries. -# -attributeType ( 2.5.4.20.1 NAME 'c-TelephoneNumber' - SUP telephoneNumber COLLECTIVE ) -# -# -#3.11. Collective Telex Number -# -# The c-TelexNumber attribute type specifies a telex number for a -# collection of entries. -# -attributeType ( 2.5.4.21.1 NAME 'c-TelexNumber' - SUP telexNumber COLLECTIVE ) -# -# -#3.13. Collective Facsimile Telephone Number -# -# The c-FacsimileTelephoneNumber attribute type specifies a facsimile -# telephone number for a collection of entries. -# -attributeType ( 2.5.4.23.1 NAME 'c-FacsimileTelephoneNumber' - SUP facsimileTelephoneNumber COLLECTIVE ) -# -# -#3.14. Collective International ISDN Number -# -# The c-InternationalISDNNumber attribute type specifies an -# international ISDN number for a collection of entries. -# -attributeType ( 2.5.4.25.1 NAME 'c-InternationalISDNNumber' - SUP internationalISDNNumber COLLECTIVE ) - -# Full Copyright -# -# Copyright (C) The Internet Society (2003). All Rights Reserved. -# -# This document and translations of it may be copied and furnished -# to others, and derivative works that comment on or otherwise explain -# it or assist in its implmentation may be prepared, copied, published -# and distributed, in whole or in part, without restriction of any -# kind, provided that the above copyright notice and this paragraph -# are included on all such copies and derivative works. However, -# this document itself may not be modified in any way, such as by -# removing the copyright notice or references to the Internet Society -# or other Internet organizations, except as needed for the purpose -# of developing Internet standards in which case the procedures for -# copyrights defined in the Internet Standards process must be followed, -# or as required to translate it into languages other than English. diff --git a/openldap/schema/._cfg0000_corba.schema b/openldap/schema/._cfg0000_corba.schema deleted file mode 100644 index 54b5b167..00000000 --- a/openldap/schema/._cfg0000_corba.schema +++ /dev/null @@ -1,239 +0,0 @@ -# corba.schema -- Corba Object Schema -# depends upon core.schema -# $OpenLDAP$ -# $OpenLDAP$ -## This work is part of OpenLDAP Software . -## -## Copyright 1998-2011 The OpenLDAP Foundation. -## All rights reserved. -## -## Redistribution and use in source and binary forms, with or without -## modification, are permitted only as authorized by the OpenLDAP -## Public License. -## -## A copy of this license is available in the file LICENSE in the -## top-level directory of the distribution or, alternatively, at -## . -# -## Portions Copyright (C) The Internet Society (1999). -## Please see full copyright statement below. - - -# Network Working Group V. Ryan -# Request for Comments: 2714 R. Lee -# Category: Informational S. Seligman -# Sun Microsystems, Inc. -# October 1999 -# -# -# Schema for Representing CORBA Object References in an LDAP Directory -# -# Status of this Memo -# -# This memo provides information for the Internet community. It does -# not specify an Internet standard of any kind. Distribution of this -# memo is unlimited. -# -# Copyright Notice -# -# Copyright (C) The Internet Society (1999). All Rights Reserved. -# -# Abstract -# -# CORBA [CORBA] is the Common Object Request Broker Architecture -# defined by the Object Management Group. This document defines the -# schema for representing CORBA object references in an LDAP directory -# [LDAPv3]. -# -# [trimmed] - -# 3. Attribute Type Definitions -# -# The following attribute types are defined in this document: -# -# corbaIor -# corbaRepositoryId -# -# 3.1 corbaIor -# -# This attribute stores the string representation of the interoperable -# object reference (IOR) for a CORBA object. An IOR is an opaque handle -# for the object which contains the information necessary to locate the -# object, even if the object is in another ORB. -# -# This attribute's syntax is 'IA5 String' and its case is -# insignificant. -# -# ( 1.3.6.1.4.1.42.2.27.4.1.14 -# NAME 'corbaIor' -# DESC 'Stringified interoperable object reference of a CORBA object' -# EQUALITY caseIgnoreIA5Match -# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 -# SINGLE-VALUE -# ) -# -attributetype ( 1.3.6.1.4.1.42.2.27.4.1.14 - NAME 'corbaIor' - DESC 'Stringified interoperable object reference of a CORBA object' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - SINGLE-VALUE ) - -# 3.2 corbaRepositoryId -# -# Each CORBA interface has a unique "repository id" (also called "type -# id") that identifies the interface. A CORBA object has one or more -# repository ids, one for each interface that it implements. -# -# The format of a repository id can be any string, but the OMG -# specifies four standard formats: -# -# a. IDL-style -# -# IDL:Prefix/ModuleName/InterfaceName:VersionNumber -# -# For example, the repository id for the "NamingContext" in OMG's COS -# Naming module is: "IDL:omg.org/CosNaming/NamingContext:1.0". -# -# b. RMI-style -# -# RMI:ClassName:HashCode[:SUID] -# -# This format is used by RMI-IIOP remote objects [RMI-IIOP]. -# "ClassName" is the fully qualified name of the class (for example, -# "java.lang.String"). "HashCode" is the object's hash code (that is, -# that obtained by invoking the "hashCode()" method). "SUID" is the -# "stream unique identifier", which is a 64-bit number that uniquely -# identifies the serialization version of the class; SUID is optional -# in the repository id. -# -# c. DCE-style -# -# DCE:UUID -# -# This format is used for DCE/CORBA interoperability [CORBA-DCE]. -# "UUID" represents a DCE UUID. -# -# d. "local" -# -# This format is defined by the local Object Request Broker (ORB). -# -# The corbaRepositoryId attribute is a multivalued attribute; each -# value records a single repository id of an interface implemented by -# the CORBA object. This attribute need not contain a complete list of -# the interfaces implemented by the CORBA object. -# -# This attribute's syntax is 'Directory String' and its case is -# significant. The values of this attribute are encoded using UTF-8. -# Some values may require translation from their native representation -# in order to be correctly encoded using UTF-8. -# -# ( 1.3.6.1.4.1.42.2.27.4.1.15 -# NAME 'corbaRepositoryId' -# DESC 'Repository ids of interfaces implemented by a CORBA object' -# EQUALITY caseExactMatch -# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 -# ) -# -# -attributetype ( 1.3.6.1.4.1.42.2.27.4.1.15 - NAME 'corbaRepositoryId' - DESC 'Repository ids of interfaces implemented by a CORBA object' - EQUALITY caseExactMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) - -# 4. Object Class Definitions -# -# The following object classes are defined in this document: -# -# corbaContainer -# corbaObject -# corbaObjectReference -# -# 4.1 corbaContainer -# -# This structural object class represents a container for a CORBA -# object. -# -# ( 1.3.6.1.4.1.42.2.27.4.2.10 -# NAME 'corbaContainer' -# DESC 'Container for a CORBA object' -# SUP top -# STRUCTURAL -# MUST ( cn ) -# ) -# -objectclass ( 1.3.6.1.4.1.42.2.27.4.2.10 - NAME 'corbaContainer' - DESC 'Container for a CORBA object' - SUP top - STRUCTURAL - MUST cn ) - -# 4.2 corbaObject -# -# This abstract object class is the root class for representing a CORBA -# object. -# -# ( 1.3.6.1.4.1.42.2.27.4.2.9 -# NAME 'corbaObject' -# DESC 'CORBA object representation' -# SUP top -# ABSTRACT -# MAY ( corbaRepositoryId $ description ) -# ) -# -objectclass ( 1.3.6.1.4.1.42.2.27.4.2.9 - NAME 'corbaObject' - DESC 'CORBA object representation' - SUP top - ABSTRACT - MAY ( corbaRepositoryId $ description ) ) - -# 4.3 corbaObjectReference -# -# This auxiliary object class represents a CORBA object reference. It -# must be mixed in with a structural object class. -# -# ( 1.3.6.1.4.1.42.2.27.4.2.11 -# NAME 'corbaObjectReference' -# DESC 'CORBA interoperable object reference' -# SUP corbaObject -# AUXILIARY -# MUST ( corbaIor ) -# ) -# -objectclass ( 1.3.6.1.4.1.42.2.27.4.2.11 - NAME 'corbaObjectReference' - DESC 'CORBA interoperable object reference' - SUP corbaObject - AUXILIARY - MUST corbaIor ) - -# 10. Full Copyright Statement -# -# Copyright (C) The Internet Society (1999). All Rights Reserved. -# -# This document and translations of it may be copied and furnished to -# others, and derivative works that comment on or otherwise explain it -# or assist in its implementation may be prepared, copied, published -# and distributed, in whole or in part, without restriction of any -# kind, provided that the above copyright notice and this paragraph are -# included on all such copies and derivative works. However, this -# document itself may not be modified in any way, such as by removing -# the copyright notice or references to the Internet Society or other -# Internet organizations, except as needed for the purpose of -# developing Internet standards in which case the procedures for -# copyrights defined in the Internet Standards process must be -# followed, or as required to translate it into languages other than -# English. -# -# The limited permissions granted above are perpetual and will not be -# revoked by the Internet Society or its successors or assigns. -# -# This document and the information contained herein is provided on an -# "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING -# TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING -# BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION -# HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF -# MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. diff --git a/openldap/schema/._cfg0000_core.ldif b/openldap/schema/._cfg0000_core.ldif deleted file mode 100644 index 59ec15af..00000000 --- a/openldap/schema/._cfg0000_core.ldif +++ /dev/null @@ -1,591 +0,0 @@ -# OpenLDAP Core schema -# $OpenLDAP$ -## This work is part of OpenLDAP Software . -## -## Copyright 1998-2011 The OpenLDAP Foundation. -## All rights reserved. -## -## Redistribution and use in source and binary forms, with or without -## modification, are permitted only as authorized by the OpenLDAP -## Public License. -## -## A copy of this license is available in the file LICENSE in the -## top-level directory of the distribution or, alternatively, at -## . -# -## Portions Copyright (C) The Internet Society (1997-2003). -## All Rights Reserved. -## -## This document and translations of it may be copied and furnished to -## others, and derivative works that comment on or otherwise explain it -## or assist in its implementation may be prepared, copied, published -## and distributed, in whole or in part, without restriction of any -## kind, provided that the above copyright notice and this paragraph are -## included on all such copies and derivative works. However, this -## document itself may not be modified in any way, such as by removing -## the copyright notice or references to the Internet Society or other -## Internet organizations, except as needed for the purpose of -## developing Internet standards in which case the procedures for -## copyrights defined in the Internet Standards process must be -## followed, or as required to translate it into languages other than -## English. -## -## The limited permissions granted above are perpetual and will not be -## revoked by the Internet Society or its successors or assigns. -## -## This document and the information contained herein is provided on an -## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING -## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING -## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION -## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF -## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. -# -# -# -# Includes LDAPv3 schema items from: -# RFC 2252/2256 (LDAPv3) -# -# Select standard track schema items: -# RFC 1274 (uid/dc) -# RFC 2079 (URI) -# RFC 2247 (dc/dcObject) -# RFC 2587 (PKI) -# RFC 2589 (Dynamic Directory Services) -# -# Select informational schema items: -# RFC 2377 (uidObject) -# -# -# Standard attribute types from RFC 2256 -# -dn: cn=core,cn=schema,cn=config -objectClass: olcSchemaConfig -cn: core -# -# system schema -#olcAttributeTypes: ( 2.5.4.0 NAME 'objectClass' -# DESC 'RFC2256: object classes of the entity' -# EQUALITY objectIdentifierMatch -# SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) -# -# system schema -#olcAttributeTypes: ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' ) -# DESC 'RFC2256: name of aliased object' -# EQUALITY distinguishedNameMatch -# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) -# -olcAttributeTypes: ( 2.5.4.2 NAME 'knowledgeInformation' - DESC 'RFC2256: knowledge information' - EQUALITY caseIgnoreMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) -# -# system schema -#olcAttributeTypes: ( 2.5.4.3 NAME ( 'cn' 'commonName' ) -# DESC 'RFC2256: common name(s) for which the entity is known by' -# SUP name ) -# -olcAttributeTypes: ( 2.5.4.4 NAME ( 'sn' 'surname' ) - DESC 'RFC2256: last (family) name(s) for which the entity is known by' - SUP name ) -# -olcAttributeTypes: ( 2.5.4.5 NAME 'serialNumber' - DESC 'RFC2256: serial number of the entity' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} ) -# -# RFC 4519 definition ('countryName' in X.500 and RFC2256) -olcAttributeTypes: ( 2.5.4.6 NAME ( 'c' 'countryName' ) - DESC 'RFC4519: two-letter ISO-3166 country code' - SUP name - SYNTAX 1.3.6.1.4.1.1466.115.121.1.11 - SINGLE-VALUE ) -# -olcAttributeTypes: ( 2.5.4.7 NAME ( 'l' 'localityName' ) - DESC 'RFC2256: locality which this object resides in' - SUP name ) -# -olcAttributeTypes: ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' ) - DESC 'RFC2256: state or province which this object resides in' - SUP name ) -# -olcAttributeTypes: ( 2.5.4.9 NAME ( 'street' 'streetAddress' ) - DESC 'RFC2256: street address of this object' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) -# -olcAttributeTypes: ( 2.5.4.10 NAME ( 'o' 'organizationName' ) - DESC 'RFC2256: organization this object belongs to' - SUP name ) -# -olcAttributeTypes: ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' ) - DESC 'RFC2256: organizational unit this object belongs to' - SUP name ) -# -olcAttributeTypes: ( 2.5.4.12 NAME 'title' - DESC 'RFC2256: title associated with the entity' - SUP name ) -# -# system schema -#olcAttributeTypes: ( 2.5.4.13 NAME 'description' -# DESC 'RFC2256: descriptive information' -# EQUALITY caseIgnoreMatch -# SUBSTR caseIgnoreSubstringsMatch -# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} ) -# -# Deprecated by enhancedSearchGuide -olcAttributeTypes: ( 2.5.4.14 NAME 'searchGuide' - DESC 'RFC2256: search guide, deprecated by enhancedSearchGuide' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 ) -# -olcAttributeTypes: ( 2.5.4.15 NAME 'businessCategory' - DESC 'RFC2256: business category' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) -# -olcAttributeTypes: ( 2.5.4.16 NAME 'postalAddress' - DESC 'RFC2256: postal address' - EQUALITY caseIgnoreListMatch - SUBSTR caseIgnoreListSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) -# -olcAttributeTypes: ( 2.5.4.17 NAME 'postalCode' - DESC 'RFC2256: postal code' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} ) -# -olcAttributeTypes: ( 2.5.4.18 NAME 'postOfficeBox' - DESC 'RFC2256: Post Office Box' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} ) -# -olcAttributeTypes: ( 2.5.4.19 NAME 'physicalDeliveryOfficeName' - DESC 'RFC2256: Physical Delivery Office Name' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) -# -olcAttributeTypes: ( 2.5.4.20 NAME 'telephoneNumber' - DESC 'RFC2256: Telephone Number' - EQUALITY telephoneNumberMatch - SUBSTR telephoneNumberSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} ) -# -olcAttributeTypes: ( 2.5.4.21 NAME 'telexNumber' - DESC 'RFC2256: Telex Number' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 ) -# -olcAttributeTypes: ( 2.5.4.22 NAME 'teletexTerminalIdentifier' - DESC 'RFC2256: Teletex Terminal Identifier' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 ) -# -olcAttributeTypes: ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' ) - DESC 'RFC2256: Facsimile (Fax) Telephone Number' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 ) -# -olcAttributeTypes: ( 2.5.4.24 NAME 'x121Address' - DESC 'RFC2256: X.121 Address' - EQUALITY numericStringMatch - SUBSTR numericStringSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} ) -# -olcAttributeTypes: ( 2.5.4.25 NAME 'internationaliSDNNumber' - DESC 'RFC2256: international ISDN number' - EQUALITY numericStringMatch - SUBSTR numericStringSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} ) -# -olcAttributeTypes: ( 2.5.4.26 NAME 'registeredAddress' - DESC 'RFC2256: registered postal address' - SUP postalAddress - SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) -# -olcAttributeTypes: ( 2.5.4.27 NAME 'destinationIndicator' - DESC 'RFC2256: destination indicator' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} ) -# -olcAttributeTypes: ( 2.5.4.28 NAME 'preferredDeliveryMethod' - DESC 'RFC2256: preferred delivery method' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.14 - SINGLE-VALUE ) -# -olcAttributeTypes: ( 2.5.4.29 NAME 'presentationAddress' - DESC 'RFC2256: presentation address' - EQUALITY presentationAddressMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.43 - SINGLE-VALUE ) -# -olcAttributeTypes: ( 2.5.4.30 NAME 'supportedApplicationContext' - DESC 'RFC2256: supported application context' - EQUALITY objectIdentifierMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) -# -olcAttributeTypes: ( 2.5.4.31 NAME 'member' - DESC 'RFC2256: member of a group' - SUP distinguishedName ) -# -olcAttributeTypes: ( 2.5.4.32 NAME 'owner' - DESC 'RFC2256: owner (of the object)' - SUP distinguishedName ) -# -olcAttributeTypes: ( 2.5.4.33 NAME 'roleOccupant' - DESC 'RFC2256: occupant of role' - SUP distinguishedName ) -# -# system schema -#olcAttributeTypes: ( 2.5.4.34 NAME 'seeAlso' -# DESC 'RFC2256: DN of related object' -# SUP distinguishedName ) -# -# system schema -#olcAttributeTypes: ( 2.5.4.35 NAME 'userPassword' -# DESC 'RFC2256/2307: password of user' -# EQUALITY octetStringMatch -# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} ) -# -# Must be transferred using ;binary -# with certificateExactMatch rule (per X.509) -olcAttributeTypes: ( 2.5.4.36 NAME 'userCertificate' - DESC 'RFC2256: X.509 user certificate, use ;binary' - EQUALITY certificateExactMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 ) -# -# Must be transferred using ;binary -# with certificateExactMatch rule (per X.509) -olcAttributeTypes: ( 2.5.4.37 NAME 'cACertificate' - DESC 'RFC2256: X.509 CA certificate, use ;binary' - EQUALITY certificateExactMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 ) -# -# Must be transferred using ;binary -olcAttributeTypes: ( 2.5.4.38 NAME 'authorityRevocationList' - DESC 'RFC2256: X.509 authority revocation list, use ;binary' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) -# -# Must be transferred using ;binary -olcAttributeTypes: ( 2.5.4.39 NAME 'certificateRevocationList' - DESC 'RFC2256: X.509 certificate revocation list, use ;binary' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) -# -# Must be stored and requested in the binary form -olcAttributeTypes: ( 2.5.4.40 NAME 'crossCertificatePair' - DESC 'RFC2256: X.509 cross certificate pair, use ;binary' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 ) -# -# 2.5.4.41 is defined above as it's used for subtyping -#olcAttributeTypes: ( 2.5.4.41 NAME 'name' -# EQUALITY caseIgnoreMatch -# SUBSTR caseIgnoreSubstringsMatch -# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) -# -olcAttributeTypes: ( 2.5.4.42 NAME ( 'givenName' 'gn' ) - DESC 'RFC2256: first name(s) for which the entity is known by' - SUP name ) -# -olcAttributeTypes: ( 2.5.4.43 NAME 'initials' - DESC 'RFC2256: initials of some or all of names, but not the surname(s).' - SUP name ) -# -olcAttributeTypes: ( 2.5.4.44 NAME 'generationQualifier' - DESC 'RFC2256: name qualifier indicating a generation' - SUP name ) -# -olcAttributeTypes: ( 2.5.4.45 NAME 'x500UniqueIdentifier' - DESC 'RFC2256: X.500 unique identifier' - EQUALITY bitStringMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 ) -# -olcAttributeTypes: ( 2.5.4.46 NAME 'dnQualifier' - DESC 'RFC2256: DN qualifier' - EQUALITY caseIgnoreMatch - ORDERING caseIgnoreOrderingMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 ) -# -olcAttributeTypes: ( 2.5.4.47 NAME 'enhancedSearchGuide' - DESC 'RFC2256: enhanced search guide' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 ) -# -olcAttributeTypes: ( 2.5.4.48 NAME 'protocolInformation' - DESC 'RFC2256: protocol information' - EQUALITY protocolInformationMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 ) -# -# 2.5.4.49 is defined above as it's used for subtyping -#olcAttributeTypes: ( 2.5.4.49 NAME 'distinguishedName' -# EQUALITY distinguishedNameMatch -# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) -# -olcAttributeTypes: ( 2.5.4.50 NAME 'uniqueMember' - DESC 'RFC2256: unique member of a group' - EQUALITY uniqueMemberMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 ) -# -olcAttributeTypes: ( 2.5.4.51 NAME 'houseIdentifier' - DESC 'RFC2256: house identifier' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) -# -# Must be transferred using ;binary -olcAttributeTypes: ( 2.5.4.52 NAME 'supportedAlgorithms' - DESC 'RFC2256: supported algorithms' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 ) -# -# Must be transferred using ;binary -olcAttributeTypes: ( 2.5.4.53 NAME 'deltaRevocationList' - DESC 'RFC2256: delta revocation list; use ;binary' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) -# -olcAttributeTypes: ( 2.5.4.54 NAME 'dmdName' - DESC 'RFC2256: name of DMD' - SUP name ) -# -olcAttributeTypes: ( 2.5.4.65 NAME 'pseudonym' - DESC 'X.520(4th): pseudonym for the object' - SUP name ) -# -# Standard object classes from RFC2256 -# -# system schema -#olcObjectClasses: ( 2.5.6.1 NAME 'alias' -# DESC 'RFC2256: an alias' -# SUP top STRUCTURAL -# MUST aliasedObjectName ) -# -olcObjectClasses: ( 2.5.6.2 NAME 'country' - DESC 'RFC2256: a country' - SUP top STRUCTURAL - MUST c - MAY ( searchGuide $ description ) ) -# -olcObjectClasses: ( 2.5.6.3 NAME 'locality' - DESC 'RFC2256: a locality' - SUP top STRUCTURAL - MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) ) -# -olcObjectClasses: ( 2.5.6.4 NAME 'organization' - DESC 'RFC2256: an organization' - SUP top STRUCTURAL - MUST o - MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ - x121Address $ registeredAddress $ destinationIndicator $ - preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ - telephoneNumber $ internationaliSDNNumber $ - facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ - postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) ) -# -olcObjectClasses: ( 2.5.6.5 NAME 'organizationalUnit' - DESC 'RFC2256: an organizational unit' - SUP top STRUCTURAL - MUST ou - MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ - x121Address $ registeredAddress $ destinationIndicator $ - preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ - telephoneNumber $ internationaliSDNNumber $ - facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ - postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) ) -# -olcObjectClasses: ( 2.5.6.6 NAME 'person' - DESC 'RFC2256: a person' - SUP top STRUCTURAL - MUST ( sn $ cn ) - MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) ) -# -olcObjectClasses: ( 2.5.6.7 NAME 'organizationalPerson' - DESC 'RFC2256: an organizational person' - SUP person STRUCTURAL - MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $ - preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ - telephoneNumber $ internationaliSDNNumber $ - facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ - postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) ) -# -olcObjectClasses: ( 2.5.6.8 NAME 'organizationalRole' - DESC 'RFC2256: an organizational role' - SUP top STRUCTURAL - MUST cn - MAY ( x121Address $ registeredAddress $ destinationIndicator $ - preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ - telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ - seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $ - postOfficeBox $ postalCode $ postalAddress $ - physicalDeliveryOfficeName $ ou $ st $ l $ description ) ) -# -olcObjectClasses: ( 2.5.6.9 NAME 'groupOfNames' - DESC 'RFC2256: a group of names (DNs)' - SUP top STRUCTURAL - MUST ( member $ cn ) - MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) ) -# -olcObjectClasses: ( 2.5.6.10 NAME 'residentialPerson' - DESC 'RFC2256: an residential person' - SUP person STRUCTURAL - MUST l - MAY ( businessCategory $ x121Address $ registeredAddress $ - destinationIndicator $ preferredDeliveryMethod $ telexNumber $ - teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ - facsimileTelephoneNumber $ preferredDeliveryMethod $ street $ - postOfficeBox $ postalCode $ postalAddress $ - physicalDeliveryOfficeName $ st $ l ) ) -# -olcObjectClasses: ( 2.5.6.11 NAME 'applicationProcess' - DESC 'RFC2256: an application process' - SUP top STRUCTURAL - MUST cn - MAY ( seeAlso $ ou $ l $ description ) ) -# -olcObjectClasses: ( 2.5.6.12 NAME 'applicationEntity' - DESC 'RFC2256: an application entity' - SUP top STRUCTURAL - MUST ( presentationAddress $ cn ) - MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $ - description ) ) -# -olcObjectClasses: ( 2.5.6.13 NAME 'dSA' - DESC 'RFC2256: a directory system agent (a server)' - SUP applicationEntity STRUCTURAL - MAY knowledgeInformation ) -# -olcObjectClasses: ( 2.5.6.14 NAME 'device' - DESC 'RFC2256: a device' - SUP top STRUCTURAL - MUST cn - MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) ) -# -olcObjectClasses: ( 2.5.6.15 NAME 'strongAuthenticationUser' - DESC 'RFC2256: a strong authentication user' - SUP top AUXILIARY - MUST userCertificate ) -# -olcObjectClasses: ( 2.5.6.16 NAME 'certificationAuthority' - DESC 'RFC2256: a certificate authority' - SUP top AUXILIARY - MUST ( authorityRevocationList $ certificateRevocationList $ - cACertificate ) MAY crossCertificatePair ) -# -olcObjectClasses: ( 2.5.6.17 NAME 'groupOfUniqueNames' - DESC 'RFC2256: a group of unique names (DN and Unique Identifier)' - SUP top STRUCTURAL - MUST ( uniqueMember $ cn ) - MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) ) -# -olcObjectClasses: ( 2.5.6.18 NAME 'userSecurityInformation' - DESC 'RFC2256: a user security information' - SUP top AUXILIARY - MAY ( supportedAlgorithms ) ) -# -olcObjectClasses: ( 2.5.6.16.2 NAME 'certificationAuthority-V2' - SUP certificationAuthority - AUXILIARY MAY ( deltaRevocationList ) ) -# -olcObjectClasses: ( 2.5.6.19 NAME 'cRLDistributionPoint' - SUP top STRUCTURAL - MUST ( cn ) - MAY ( certificateRevocationList $ authorityRevocationList $ - deltaRevocationList ) ) -# -olcObjectClasses: ( 2.5.6.20 NAME 'dmd' - SUP top STRUCTURAL - MUST ( dmdName ) - MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ - x121Address $ registeredAddress $ destinationIndicator $ - preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ - telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ - street $ postOfficeBox $ postalCode $ postalAddress $ - physicalDeliveryOfficeName $ st $ l $ description ) ) -# -# -# Object Classes from RFC 2587 -# -olcObjectClasses: ( 2.5.6.21 NAME 'pkiUser' - DESC 'RFC2587: a PKI user' - SUP top AUXILIARY - MAY userCertificate ) -# -olcObjectClasses: ( 2.5.6.22 NAME 'pkiCA' - DESC 'RFC2587: PKI certificate authority' - SUP top AUXILIARY - MAY ( authorityRevocationList $ certificateRevocationList $ - cACertificate $ crossCertificatePair ) ) -# -olcObjectClasses: ( 2.5.6.23 NAME 'deltaCRL' - DESC 'RFC2587: PKI user' - SUP top AUXILIARY - MAY deltaRevocationList ) -# -# -# Standard Track URI label schema from RFC 2079 -# system schema -#olcAttributeTypes: ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI' -# DESC 'RFC2079: Uniform Resource Identifier with optional label' -# EQUALITY caseExactMatch -# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) -# -olcObjectClasses: ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject' - DESC 'RFC2079: object that contains the URI attribute type' - MAY ( labeledURI ) - SUP top AUXILIARY ) -# -# -# Derived from RFC 1274, but with new "short names" -# -#olcAttributeTypes: ( 0.9.2342.19200300.100.1.1 -# NAME ( 'uid' 'userid' ) -# DESC 'RFC1274: user identifier' -# EQUALITY caseIgnoreMatch -# SUBSTR caseIgnoreSubstringsMatch -# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) -# -olcAttributeTypes: ( 0.9.2342.19200300.100.1.3 - NAME ( 'mail' 'rfc822Mailbox' ) - DESC 'RFC1274: RFC822 Mailbox' - EQUALITY caseIgnoreIA5Match - SUBSTR caseIgnoreIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) -# -olcObjectClasses: ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject' - DESC 'RFC1274: simple security object' - SUP top AUXILIARY - MUST userPassword ) -# -# RFC 1274 + RFC 2247 -olcAttributeTypes: ( 0.9.2342.19200300.100.1.25 - NAME ( 'dc' 'domainComponent' ) - DESC 'RFC1274/2247: domain component' - EQUALITY caseIgnoreIA5Match - SUBSTR caseIgnoreIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) -# -# RFC 2247 -olcObjectClasses: ( 1.3.6.1.4.1.1466.344 NAME 'dcObject' - DESC 'RFC2247: domain component object' - SUP top AUXILIARY MUST dc ) -# -# RFC 2377 -olcObjectClasses: ( 1.3.6.1.1.3.1 NAME 'uidObject' - DESC 'RFC2377: uid object' - SUP top AUXILIARY MUST uid ) -# -# From COSINE Pilot -olcAttributeTypes: ( 0.9.2342.19200300.100.1.37 - NAME 'associatedDomain' - DESC 'RFC1274: domain associated with object' - EQUALITY caseIgnoreIA5Match - SUBSTR caseIgnoreIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) -# -# RFC 2459 -- deprecated in favor of 'mail' (in cosine.schema) -olcAttributeTypes: ( 1.2.840.113549.1.9.1 - NAME ( 'email' 'emailAddress' 'pkcs9email' ) - DESC 'RFC3280: legacy attribute for email addresses in DNs' - EQUALITY caseIgnoreIA5Match - SUBSTR caseIgnoreIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) -# diff --git a/openldap/schema/._cfg0000_core.schema b/openldap/schema/._cfg0000_core.schema deleted file mode 100644 index f4644709..00000000 --- a/openldap/schema/._cfg0000_core.schema +++ /dev/null @@ -1,610 +0,0 @@ -# OpenLDAP Core schema -# $OpenLDAP$ -## This work is part of OpenLDAP Software . -## -## Copyright 1998-2011 The OpenLDAP Foundation. -## All rights reserved. -## -## Redistribution and use in source and binary forms, with or without -## modification, are permitted only as authorized by the OpenLDAP -## Public License. -## -## A copy of this license is available in the file LICENSE in the -## top-level directory of the distribution or, alternatively, at -## . -# -## Portions Copyright (C) The Internet Society (1997-2006). -## All Rights Reserved. -## -## This document and translations of it may be copied and furnished to -## others, and derivative works that comment on or otherwise explain it -## or assist in its implementation may be prepared, copied, published -## and distributed, in whole or in part, without restriction of any -## kind, provided that the above copyright notice and this paragraph are -## included on all such copies and derivative works. However, this -## document itself may not be modified in any way, such as by removing -## the copyright notice or references to the Internet Society or other -## Internet organizations, except as needed for the purpose of -## developing Internet standards in which case the procedures for -## copyrights defined in the Internet Standards process must be -## followed, or as required to translate it into languages other than -## English. -## -## The limited permissions granted above are perpetual and will not be -## revoked by the Internet Society or its successors or assigns. -## -## This document and the information contained herein is provided on an -## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING -## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING -## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION -## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF -## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. - -# -# -# Includes LDAPv3 schema items from: -# RFC 2252/2256 (LDAPv3) -# -# Select standard track schema items: -# RFC 1274 (uid/dc) -# RFC 2079 (URI) -# RFC 2247 (dc/dcObject) -# RFC 2587 (PKI) -# RFC 2589 (Dynamic Directory Services) -# RFC 4524 (associatedDomain) -# -# Select informational schema items: -# RFC 2377 (uidObject) - -# -# Standard attribute types from RFC 2256 -# - -# system schema -#attributetype ( 2.5.4.0 NAME 'objectClass' -# DESC 'RFC2256: object classes of the entity' -# EQUALITY objectIdentifierMatch -# SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) - -# system schema -#attributetype ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' ) -# DESC 'RFC2256: name of aliased object' -# EQUALITY distinguishedNameMatch -# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) - -attributetype ( 2.5.4.2 NAME 'knowledgeInformation' - DESC 'RFC2256: knowledge information' - EQUALITY caseIgnoreMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) - -# system schema -#attributetype ( 2.5.4.3 NAME ( 'cn' 'commonName' ) -# DESC 'RFC2256: common name(s) for which the entity is known by' -# SUP name ) - -attributetype ( 2.5.4.4 NAME ( 'sn' 'surname' ) - DESC 'RFC2256: last (family) name(s) for which the entity is known by' - SUP name ) - -attributetype ( 2.5.4.5 NAME 'serialNumber' - DESC 'RFC2256: serial number of the entity' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} ) - -# RFC 4519 definition ('countryName' in X.500 and RFC2256) -attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' ) - DESC 'RFC4519: two-letter ISO-3166 country code' - SUP name - SYNTAX 1.3.6.1.4.1.1466.115.121.1.11 - SINGLE-VALUE ) - -#attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' ) -# DESC 'RFC2256: ISO-3166 country 2-letter code' -# SUP name SINGLE-VALUE ) - -attributetype ( 2.5.4.7 NAME ( 'l' 'localityName' ) - DESC 'RFC2256: locality which this object resides in' - SUP name ) - -attributetype ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' ) - DESC 'RFC2256: state or province which this object resides in' - SUP name ) - -attributetype ( 2.5.4.9 NAME ( 'street' 'streetAddress' ) - DESC 'RFC2256: street address of this object' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) - -attributetype ( 2.5.4.10 NAME ( 'o' 'organizationName' ) - DESC 'RFC2256: organization this object belongs to' - SUP name ) - -attributetype ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' ) - DESC 'RFC2256: organizational unit this object belongs to' - SUP name ) - -attributetype ( 2.5.4.12 NAME 'title' - DESC 'RFC2256: title associated with the entity' - SUP name ) - -# system schema -#attributetype ( 2.5.4.13 NAME 'description' -# DESC 'RFC2256: descriptive information' -# EQUALITY caseIgnoreMatch -# SUBSTR caseIgnoreSubstringsMatch -# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} ) - -# Deprecated by enhancedSearchGuide -attributetype ( 2.5.4.14 NAME 'searchGuide' - DESC 'RFC2256: search guide, deprecated by enhancedSearchGuide' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 ) - -attributetype ( 2.5.4.15 NAME 'businessCategory' - DESC 'RFC2256: business category' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) - -attributetype ( 2.5.4.16 NAME 'postalAddress' - DESC 'RFC2256: postal address' - EQUALITY caseIgnoreListMatch - SUBSTR caseIgnoreListSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) - -attributetype ( 2.5.4.17 NAME 'postalCode' - DESC 'RFC2256: postal code' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} ) - -attributetype ( 2.5.4.18 NAME 'postOfficeBox' - DESC 'RFC2256: Post Office Box' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} ) - -attributetype ( 2.5.4.19 NAME 'physicalDeliveryOfficeName' - DESC 'RFC2256: Physical Delivery Office Name' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) - -attributetype ( 2.5.4.20 NAME 'telephoneNumber' - DESC 'RFC2256: Telephone Number' - EQUALITY telephoneNumberMatch - SUBSTR telephoneNumberSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} ) - -attributetype ( 2.5.4.21 NAME 'telexNumber' - DESC 'RFC2256: Telex Number' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 ) - -attributetype ( 2.5.4.22 NAME 'teletexTerminalIdentifier' - DESC 'RFC2256: Teletex Terminal Identifier' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 ) - -attributetype ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' ) - DESC 'RFC2256: Facsimile (Fax) Telephone Number' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 ) - -attributetype ( 2.5.4.24 NAME 'x121Address' - DESC 'RFC2256: X.121 Address' - EQUALITY numericStringMatch - SUBSTR numericStringSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} ) - -attributetype ( 2.5.4.25 NAME 'internationaliSDNNumber' - DESC 'RFC2256: international ISDN number' - EQUALITY numericStringMatch - SUBSTR numericStringSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} ) - -attributetype ( 2.5.4.26 NAME 'registeredAddress' - DESC 'RFC2256: registered postal address' - SUP postalAddress - SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) - -attributetype ( 2.5.4.27 NAME 'destinationIndicator' - DESC 'RFC2256: destination indicator' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} ) - -attributetype ( 2.5.4.28 NAME 'preferredDeliveryMethod' - DESC 'RFC2256: preferred delivery method' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.14 - SINGLE-VALUE ) - -attributetype ( 2.5.4.29 NAME 'presentationAddress' - DESC 'RFC2256: presentation address' - EQUALITY presentationAddressMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.43 - SINGLE-VALUE ) - -attributetype ( 2.5.4.30 NAME 'supportedApplicationContext' - DESC 'RFC2256: supported application context' - EQUALITY objectIdentifierMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) - -attributetype ( 2.5.4.31 NAME 'member' - DESC 'RFC2256: member of a group' - SUP distinguishedName ) - -attributetype ( 2.5.4.32 NAME 'owner' - DESC 'RFC2256: owner (of the object)' - SUP distinguishedName ) - -attributetype ( 2.5.4.33 NAME 'roleOccupant' - DESC 'RFC2256: occupant of role' - SUP distinguishedName ) - -# system schema -#attributetype ( 2.5.4.34 NAME 'seeAlso' -# DESC 'RFC2256: DN of related object' -# SUP distinguishedName ) - -# system schema -#attributetype ( 2.5.4.35 NAME 'userPassword' -# DESC 'RFC2256/2307: password of user' -# EQUALITY octetStringMatch -# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} ) - -# Must be transferred using ;binary -# with certificateExactMatch rule (per X.509) -attributetype ( 2.5.4.36 NAME 'userCertificate' - DESC 'RFC2256: X.509 user certificate, use ;binary' - EQUALITY certificateExactMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 ) - -# Must be transferred using ;binary -# with certificateExactMatch rule (per X.509) -attributetype ( 2.5.4.37 NAME 'cACertificate' - DESC 'RFC2256: X.509 CA certificate, use ;binary' - EQUALITY certificateExactMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 ) - -# Must be transferred using ;binary -attributetype ( 2.5.4.38 NAME 'authorityRevocationList' - DESC 'RFC2256: X.509 authority revocation list, use ;binary' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) - -# Must be transferred using ;binary -attributetype ( 2.5.4.39 NAME 'certificateRevocationList' - DESC 'RFC2256: X.509 certificate revocation list, use ;binary' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) - -# Must be stored and requested in the binary form -attributetype ( 2.5.4.40 NAME 'crossCertificatePair' - DESC 'RFC2256: X.509 cross certificate pair, use ;binary' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 ) - -# system schema -#attributetype ( 2.5.4.41 NAME 'name' -# EQUALITY caseIgnoreMatch -# SUBSTR caseIgnoreSubstringsMatch -# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) - -attributetype ( 2.5.4.42 NAME ( 'givenName' 'gn' ) - DESC 'RFC2256: first name(s) for which the entity is known by' - SUP name ) - -attributetype ( 2.5.4.43 NAME 'initials' - DESC 'RFC2256: initials of some or all of names, but not the surname(s).' - SUP name ) - -attributetype ( 2.5.4.44 NAME 'generationQualifier' - DESC 'RFC2256: name qualifier indicating a generation' - SUP name ) - -attributetype ( 2.5.4.45 NAME 'x500UniqueIdentifier' - DESC 'RFC2256: X.500 unique identifier' - EQUALITY bitStringMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 ) - -attributetype ( 2.5.4.46 NAME 'dnQualifier' - DESC 'RFC2256: DN qualifier' - EQUALITY caseIgnoreMatch - ORDERING caseIgnoreOrderingMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 ) - -attributetype ( 2.5.4.47 NAME 'enhancedSearchGuide' - DESC 'RFC2256: enhanced search guide' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 ) - -attributetype ( 2.5.4.48 NAME 'protocolInformation' - DESC 'RFC2256: protocol information' - EQUALITY protocolInformationMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 ) - -# system schema -#attributetype ( 2.5.4.49 NAME 'distinguishedName' -# EQUALITY distinguishedNameMatch -# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) - -attributetype ( 2.5.4.50 NAME 'uniqueMember' - DESC 'RFC2256: unique member of a group' - EQUALITY uniqueMemberMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 ) - -attributetype ( 2.5.4.51 NAME 'houseIdentifier' - DESC 'RFC2256: house identifier' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) - -# Must be transferred using ;binary -attributetype ( 2.5.4.52 NAME 'supportedAlgorithms' - DESC 'RFC2256: supported algorithms' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 ) - -# Must be transferred using ;binary -attributetype ( 2.5.4.53 NAME 'deltaRevocationList' - DESC 'RFC2256: delta revocation list; use ;binary' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) - -attributetype ( 2.5.4.54 NAME 'dmdName' - DESC 'RFC2256: name of DMD' - SUP name ) - -attributetype ( 2.5.4.65 NAME 'pseudonym' - DESC 'X.520(4th): pseudonym for the object' - SUP name ) - -# Standard object classes from RFC2256 - -# system schema -#objectclass ( 2.5.6.0 NAME 'top' -# DESC 'RFC2256: top of the superclass chain' -# ABSTRACT -# MUST objectClass ) - -# system schema -#objectclass ( 2.5.6.1 NAME 'alias' -# DESC 'RFC2256: an alias' -# SUP top STRUCTURAL -# MUST aliasedObjectName ) - -objectclass ( 2.5.6.2 NAME 'country' - DESC 'RFC2256: a country' - SUP top STRUCTURAL - MUST c - MAY ( searchGuide $ description ) ) - -objectclass ( 2.5.6.3 NAME 'locality' - DESC 'RFC2256: a locality' - SUP top STRUCTURAL - MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) ) - -objectclass ( 2.5.6.4 NAME 'organization' - DESC 'RFC2256: an organization' - SUP top STRUCTURAL - MUST o - MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ - x121Address $ registeredAddress $ destinationIndicator $ - preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ - telephoneNumber $ internationaliSDNNumber $ - facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ - postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) ) - -objectclass ( 2.5.6.5 NAME 'organizationalUnit' - DESC 'RFC2256: an organizational unit' - SUP top STRUCTURAL - MUST ou - MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ - x121Address $ registeredAddress $ destinationIndicator $ - preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ - telephoneNumber $ internationaliSDNNumber $ - facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ - postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) ) - -objectclass ( 2.5.6.6 NAME 'person' - DESC 'RFC2256: a person' - SUP top STRUCTURAL - MUST ( sn $ cn ) - MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) ) - -objectclass ( 2.5.6.7 NAME 'organizationalPerson' - DESC 'RFC2256: an organizational person' - SUP person STRUCTURAL - MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $ - preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ - telephoneNumber $ internationaliSDNNumber $ - facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ - postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) ) - -objectclass ( 2.5.6.8 NAME 'organizationalRole' - DESC 'RFC2256: an organizational role' - SUP top STRUCTURAL - MUST cn - MAY ( x121Address $ registeredAddress $ destinationIndicator $ - preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ - telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ - seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $ - postOfficeBox $ postalCode $ postalAddress $ - physicalDeliveryOfficeName $ ou $ st $ l $ description ) ) - -objectclass ( 2.5.6.9 NAME 'groupOfNames' - DESC 'RFC2256: a group of names (DNs)' - SUP top STRUCTURAL - MUST ( member $ cn ) - MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) ) - -objectclass ( 2.5.6.10 NAME 'residentialPerson' - DESC 'RFC2256: an residential person' - SUP person STRUCTURAL - MUST l - MAY ( businessCategory $ x121Address $ registeredAddress $ - destinationIndicator $ preferredDeliveryMethod $ telexNumber $ - teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ - facsimileTelephoneNumber $ preferredDeliveryMethod $ street $ - postOfficeBox $ postalCode $ postalAddress $ - physicalDeliveryOfficeName $ st $ l ) ) - -objectclass ( 2.5.6.11 NAME 'applicationProcess' - DESC 'RFC2256: an application process' - SUP top STRUCTURAL - MUST cn - MAY ( seeAlso $ ou $ l $ description ) ) - -objectclass ( 2.5.6.12 NAME 'applicationEntity' - DESC 'RFC2256: an application entity' - SUP top STRUCTURAL - MUST ( presentationAddress $ cn ) - MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $ - description ) ) - -objectclass ( 2.5.6.13 NAME 'dSA' - DESC 'RFC2256: a directory system agent (a server)' - SUP applicationEntity STRUCTURAL - MAY knowledgeInformation ) - -objectclass ( 2.5.6.14 NAME 'device' - DESC 'RFC2256: a device' - SUP top STRUCTURAL - MUST cn - MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) ) - -objectclass ( 2.5.6.15 NAME 'strongAuthenticationUser' - DESC 'RFC2256: a strong authentication user' - SUP top AUXILIARY - MUST userCertificate ) - -objectclass ( 2.5.6.16 NAME 'certificationAuthority' - DESC 'RFC2256: a certificate authority' - SUP top AUXILIARY - MUST ( authorityRevocationList $ certificateRevocationList $ - cACertificate ) MAY crossCertificatePair ) - -objectclass ( 2.5.6.17 NAME 'groupOfUniqueNames' - DESC 'RFC2256: a group of unique names (DN and Unique Identifier)' - SUP top STRUCTURAL - MUST ( uniqueMember $ cn ) - MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) ) - -objectclass ( 2.5.6.18 NAME 'userSecurityInformation' - DESC 'RFC2256: a user security information' - SUP top AUXILIARY - MAY ( supportedAlgorithms ) ) - -objectclass ( 2.5.6.16.2 NAME 'certificationAuthority-V2' - SUP certificationAuthority - AUXILIARY MAY ( deltaRevocationList ) ) - -objectclass ( 2.5.6.19 NAME 'cRLDistributionPoint' - SUP top STRUCTURAL - MUST ( cn ) - MAY ( certificateRevocationList $ authorityRevocationList $ - deltaRevocationList ) ) - -objectclass ( 2.5.6.20 NAME 'dmd' - SUP top STRUCTURAL - MUST ( dmdName ) - MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ - x121Address $ registeredAddress $ destinationIndicator $ - preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ - telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ - street $ postOfficeBox $ postalCode $ postalAddress $ - physicalDeliveryOfficeName $ st $ l $ description ) ) - -# -# Object Classes from RFC 2587 -# -objectclass ( 2.5.6.21 NAME 'pkiUser' - DESC 'RFC2587: a PKI user' - SUP top AUXILIARY - MAY userCertificate ) - -objectclass ( 2.5.6.22 NAME 'pkiCA' - DESC 'RFC2587: PKI certificate authority' - SUP top AUXILIARY - MAY ( authorityRevocationList $ certificateRevocationList $ - cACertificate $ crossCertificatePair ) ) - -objectclass ( 2.5.6.23 NAME 'deltaCRL' - DESC 'RFC2587: PKI user' - SUP top AUXILIARY - MAY deltaRevocationList ) - -# -# Standard Track URI label schema from RFC 2079 -# system schema -#attributetype ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI' -# DESC 'RFC2079: Uniform Resource Identifier with optional label' -# EQUALITY caseExactMatch -# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) - -objectclass ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject' - DESC 'RFC2079: object that contains the URI attribute type' - SUP top AUXILIARY - MAY ( labeledURI ) ) - -# -# Derived from RFC 1274, but with new "short names" -# -#attributetype ( 0.9.2342.19200300.100.1.1 -# NAME ( 'uid' 'userid' ) -# DESC 'RFC1274: user identifier' -# EQUALITY caseIgnoreMatch -# SUBSTR caseIgnoreSubstringsMatch -# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) - -attributetype ( 0.9.2342.19200300.100.1.3 - NAME ( 'mail' 'rfc822Mailbox' ) - DESC 'RFC1274: RFC822 Mailbox' - EQUALITY caseIgnoreIA5Match - SUBSTR caseIgnoreIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) - -objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject' - DESC 'RFC1274: simple security object' - SUP top AUXILIARY - MUST userPassword ) - -# RFC 1274 + RFC 2247 -attributetype ( 0.9.2342.19200300.100.1.25 - NAME ( 'dc' 'domainComponent' ) - DESC 'RFC1274/2247: domain component' - EQUALITY caseIgnoreIA5Match - SUBSTR caseIgnoreIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) - -# RFC 2247 -objectclass ( 1.3.6.1.4.1.1466.344 NAME 'dcObject' - DESC 'RFC2247: domain component object' - SUP top AUXILIARY MUST dc ) - -# RFC 2377 -objectclass ( 1.3.6.1.1.3.1 NAME 'uidObject' - DESC 'RFC2377: uid object' - SUP top AUXILIARY MUST uid ) - -# RFC 4524 -# The 'associatedDomain' attribute specifies DNS [RFC1034][RFC2181] -# host names [RFC1123] that are associated with an object. That is, -# values of this attribute should conform to the following ABNF: -# -# domain = root / label *( DOT label ) -# root = SPACE -# label = LETDIG [ *61( LETDIG / HYPHEN ) LETDIG ] -# LETDIG = %x30-39 / %x41-5A / %x61-7A ; "0" - "9" / "A"-"Z" / "a"-"z" -# SPACE = %x20 ; space (" ") -# HYPHEN = %x2D ; hyphen ("-") -# DOT = %x2E ; period (".") -attributetype ( 0.9.2342.19200300.100.1.37 - NAME 'associatedDomain' - DESC 'RFC1274: domain associated with object' - EQUALITY caseIgnoreIA5Match - SUBSTR caseIgnoreIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -# RFC 2459 -- deprecated in favor of 'mail' (in cosine.schema) -attributetype ( 1.2.840.113549.1.9.1 - NAME ( 'email' 'emailAddress' 'pkcs9email' ) - DESC 'RFC3280: legacy attribute for email addresses in DNs' - EQUALITY caseIgnoreIA5Match - SUBSTR caseIgnoreIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) - diff --git a/openldap/schema/._cfg0000_cosine.ldif b/openldap/schema/._cfg0000_cosine.ldif deleted file mode 100644 index da3e4901..00000000 --- a/openldap/schema/._cfg0000_cosine.ldif +++ /dev/null @@ -1,200 +0,0 @@ -# RFC1274: Cosine and Internet X.500 schema -# $OpenLDAP$ -## This work is part of OpenLDAP Software . -## -## Copyright 1998-2011 The OpenLDAP Foundation. -## All rights reserved. -## -## Redistribution and use in source and binary forms, with or without -## modification, are permitted only as authorized by the OpenLDAP -## Public License. -## -## A copy of this license is available in the file LICENSE in the -## top-level directory of the distribution or, alternatively, at -## . -# -# RFC1274: Cosine and Internet X.500 schema -# -# This file contains LDAPv3 schema derived from X.500 COSINE "pilot" -# schema. As this schema was defined for X.500(89), some -# oddities were introduced in the mapping to LDAPv3. The -# mappings were based upon: draft-ietf-asid-ldapv3-attributes-03.txt -# (a work in progress) -# -# Note: It seems that the pilot schema evolved beyond what was -# described in RFC1274. However, this document attempts to describes -# RFC1274 as published. -# -# Depends on core.ldif -# -# This file was automatically generated from cosine.schema; see that -# file for complete background. -# -dn: cn=cosine,cn=schema,cn=config -objectClass: olcSchemaConfig -cn: cosine -olcAttributeTypes: ( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress' - EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1. - 1466.115.121.1.15{256} ) -olcAttributeTypes: ( 0.9.2342.19200300.100.1.4 NAME 'info' DESC 'RFC1274: g - eneral information' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} ) -olcAttributeTypes: ( 0.9.2342.19200300.100.1.5 NAME ( 'drink' 'favouriteDri - nk' ) DESC 'RFC1274: favorite drink' EQUALITY caseIgnoreMatch SUBSTR caseIgno - reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) -olcAttributeTypes: ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' DESC 'RFC1 - 274: room number' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch S - YNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) -olcAttributeTypes: ( 0.9.2342.19200300.100.1.7 NAME 'photo' DESC 'RFC1274: - photo (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000} ) -olcAttributeTypes: ( 0.9.2342.19200300.100.1.8 NAME 'userClass' DESC 'RFC12 - 74: category of user' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMat - ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) -olcAttributeTypes: ( 0.9.2342.19200300.100.1.9 NAME 'host' DESC 'RFC1274: h - ost computer' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTA - X 1.3.6.1.4.1.1466.115.121.1.15{256} ) -olcAttributeTypes: ( 0.9.2342.19200300.100.1.10 NAME 'manager' DESC 'RFC127 - 4: DN of manager' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115 - .121.1.12 ) -olcAttributeTypes: ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier' D - ESC 'RFC1274: unique identifier of document' EQUALITY caseIgnoreMatch SUBSTR - caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) -olcAttributeTypes: ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle' DESC ' - RFC1274: title of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstri - ngsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) -olcAttributeTypes: ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion' DES - C 'RFC1274: version of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSu - bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) -olcAttributeTypes: ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor' DESC - 'RFC1274: DN of author of document' EQUALITY distinguishedNameMatch SYNTAX 1 - .3.6.1.4.1.1466.115.121.1.12 ) -olcAttributeTypes: ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation' DE - SC 'RFC1274: location of document original' EQUALITY caseIgnoreMatch SUBSTR c - aseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) -olcAttributeTypes: ( 0.9.2342.19200300.100.1.20 NAME ( 'homePhone' 'homeTe - lephoneNumber' ) DESC 'RFC1274: home telephone number' EQUALITY telephoneNumb - erMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121 - .1.50 ) -olcAttributeTypes: ( 0.9.2342.19200300.100.1.21 NAME 'secretary' DESC 'RFC - 1274: DN of secretary' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.146 - 6.115.121.1.12 ) -olcAttributeTypes: ( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox' SYNTAX - 1.3.6.1.4.1.1466.115.121.1.39 ) -olcAttributeTypes: ( 0.9.2342.19200300.100.1.26 NAME 'aRecord' EQUALITY ca - seIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) -olcAttributeTypes: ( 0.9.2342.19200300.100.1.27 NAME 'mDRecord' EQUALITY c - aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) -olcAttributeTypes: ( 0.9.2342.19200300.100.1.28 NAME 'mXRecord' EQUALITY c - aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) -olcAttributeTypes: ( 0.9.2342.19200300.100.1.29 NAME 'nSRecord' EQUALITY c - aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) -olcAttributeTypes: ( 0.9.2342.19200300.100.1.30 NAME 'sOARecord' EQUALITY - caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) -olcAttributeTypes: ( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord' EQUALIT - Y caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) -olcAttributeTypes: ( 0.9.2342.19200300.100.1.38 NAME 'associatedName' DESC - 'RFC1274: DN of entry associated with domain' EQUALITY distinguishedNameMatc - h SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) -olcAttributeTypes: ( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress' D - ESC 'RFC1274: home postal address' EQUALITY caseIgnoreListMatch SUBSTR caseIg - noreListSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) -olcAttributeTypes: ( 0.9.2342.19200300.100.1.40 NAME 'personalTitle' DESC - 'RFC1274: personal title' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring - sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) -olcAttributeTypes: ( 0.9.2342.19200300.100.1.41 NAME ( 'mobile' 'mobileTel - ephoneNumber' ) DESC 'RFC1274: mobile telephone number' EQUALITY telephoneNum - berMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 - 1.1.50 ) -olcAttributeTypes: ( 0.9.2342.19200300.100.1.42 NAME ( 'pager' 'pagerTelep - honeNumber' ) DESC 'RFC1274: pager telephone number' EQUALITY telephoneNumber - Match SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 - .50 ) -olcAttributeTypes: ( 0.9.2342.19200300.100.1.43 NAME ( 'co' 'friendlyCount - ryName' ) DESC 'RFC1274: friendly country name' EQUALITY caseIgnoreMatch SUBS - TR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) -olcAttributeTypes: ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier' DE - SC 'RFC1274: unique identifer' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.14 - 66.115.121.1.15{256} ) -olcAttributeTypes: ( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus - ' DESC 'RFC1274: organizational status' EQUALITY caseIgnoreMatch SUBSTR caseI - gnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) -olcAttributeTypes: ( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox' DESC ' - RFC1274: Janet mailbox' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Subst - ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) -olcAttributeTypes: ( 0.9.2342.19200300.100.1.47 NAME 'mailPreferenceOption - ' DESC 'RFC1274: mail preference option' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 - ) -olcAttributeTypes: ( 0.9.2342.19200300.100.1.48 NAME 'buildingName' DESC ' - RFC1274: name of building' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrin - gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) -olcAttributeTypes: ( 0.9.2342.19200300.100.1.49 NAME 'dSAQuality' DESC 'RF - C1274: DSA Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.19 SINGLE-VALUE ) -olcAttributeTypes: ( 0.9.2342.19200300.100.1.50 NAME 'singleLevelQuality' - DESC 'RFC1274: Single Level Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SIN - GLE-VALUE ) -olcAttributeTypes: ( 0.9.2342.19200300.100.1.51 NAME 'subtreeMinimumQualit - y' DESC 'RFC1274: Subtree Mininum Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1. - 13 SINGLE-VALUE ) -olcAttributeTypes: ( 0.9.2342.19200300.100.1.52 NAME 'subtreeMaximumQualit - y' DESC 'RFC1274: Subtree Maximun Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1. - 13 SINGLE-VALUE ) -olcAttributeTypes: ( 0.9.2342.19200300.100.1.53 NAME 'personalSignature' D - ESC 'RFC1274: Personal Signature (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1. - 23 ) -olcAttributeTypes: ( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect' DESC 'R - FC1274: DIT Redirect' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466 - .115.121.1.12 ) -olcAttributeTypes: ( 0.9.2342.19200300.100.1.55 NAME 'audio' DESC 'RFC1274 - : audio (u-law)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.4{25000} ) -olcAttributeTypes: ( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher' D - ESC 'RFC1274: publisher of document' EQUALITY caseIgnoreMatch SUBSTR caseIgno - reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) -olcObjectClasses: ( 0.9.2342.19200300.100.4.4 NAME ( 'pilotPerson' 'newPilo - tPerson' ) SUP person STRUCTURAL MAY ( userid $ textEncodedORAddress $ rfc822 - Mailbox $ favouriteDrink $ roomNumber $ userClass $ homeTelephoneNumber $ hom - ePostalAddress $ secretary $ personalTitle $ preferredDeliveryMethod $ busine - ssCategory $ janetMailbox $ otherMailbox $ mobileTelephoneNumber $ pagerTelep - honeNumber $ organizationalStatus $ mailPreferenceOption $ personalSignature - ) ) -olcObjectClasses: ( 0.9.2342.19200300.100.4.5 NAME 'account' SUP top STRUCT - URAL MUST userid MAY ( description $ seeAlso $ localityName $ organizationNam - e $ organizationalUnitName $ host ) ) -olcObjectClasses: ( 0.9.2342.19200300.100.4.6 NAME 'document' SUP top STRUC - TURAL MUST documentIdentifier MAY ( commonName $ description $ seeAlso $ loca - lityName $ organizationName $ organizationalUnitName $ documentTitle $ docume - ntVersion $ documentAuthor $ documentLocation $ documentPublisher ) ) -olcObjectClasses: ( 0.9.2342.19200300.100.4.7 NAME 'room' SUP top STRUCTURA - L MUST commonName MAY ( roomNumber $ description $ seeAlso $ telephoneNumber - ) ) -olcObjectClasses: ( 0.9.2342.19200300.100.4.9 NAME 'documentSeries' SUP top - STRUCTURAL MUST commonName MAY ( description $ seeAlso $ telephonenumber $ l - ocalityName $ organizationName $ organizationalUnitName ) ) -olcObjectClasses: ( 0.9.2342.19200300.100.4.13 NAME 'domain' SUP top STRUCT - URAL MUST domainComponent MAY ( associatedName $ organizationName $ descripti - on $ businessCategory $ seeAlso $ searchGuide $ userPassword $ localityName $ - stateOrProvinceName $ streetAddress $ physicalDeliveryOfficeName $ postalAdd - ress $ postalCode $ postOfficeBox $ streetAddress $ facsimileTelephoneNumber - $ internationalISDNNumber $ telephoneNumber $ teletexTerminalIdentifier $ tel - exNumber $ preferredDeliveryMethod $ destinationIndicator $ registeredAddress - $ x121Address ) ) -olcObjectClasses: ( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart' SUP d - omain STRUCTURAL MAY ( commonName $ surname $ description $ seeAlso $ telepho - neNumber $ physicalDeliveryOfficeName $ postalAddress $ postalCode $ postOffi - ceBox $ streetAddress $ facsimileTelephoneNumber $ internationalISDNNumber $ - telephoneNumber $ teletexTerminalIdentifier $ telexNumber $ preferredDelivery - Method $ destinationIndicator $ registeredAddress $ x121Address ) ) -olcObjectClasses: ( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain' SUP domain - STRUCTURAL MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $ SOARecord $ CNAME - Record ) ) -olcObjectClasses: ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject' D - ESC 'RFC1274: an object related to an domain' SUP top AUXILIARY MUST associat - edDomain ) -olcObjectClasses: ( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry' SUP c - ountry STRUCTURAL MUST friendlyCountryName ) -olcObjectClasses: ( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization' SU - P ( organization $ organizationalUnit ) STRUCTURAL MAY buildingName ) -olcObjectClasses: ( 0.9.2342.19200300.100.4.21 NAME 'pilotDSA' SUP dsa STR - UCTURAL MAY dSAQuality ) -olcObjectClasses: ( 0.9.2342.19200300.100.4.22 NAME 'qualityLabelledData' - SUP top AUXILIARY MUST dsaQuality MAY ( subtreeMinimumQuality $ subtreeMaximu - mQuality ) ) diff --git a/openldap/schema/._cfg0000_cosine.schema b/openldap/schema/._cfg0000_cosine.schema deleted file mode 100644 index ef70696a..00000000 --- a/openldap/schema/._cfg0000_cosine.schema +++ /dev/null @@ -1,2571 +0,0 @@ -# RFC1274: Cosine and Internet X.500 schema -# $OpenLDAP$ -## This work is part of OpenLDAP Software . -## -## Copyright 1998-2011 The OpenLDAP Foundation. -## All rights reserved. -## -## Redistribution and use in source and binary forms, with or without -## modification, are permitted only as authorized by the OpenLDAP -## Public License. -## -## A copy of this license is available in the file LICENSE in the -## top-level directory of the distribution or, alternatively, at -## . -# -# RFC1274: Cosine and Internet X.500 schema -# -# This file contains LDAPv3 schema derived from X.500 COSINE "pilot" -# schema. As this schema was defined for X.500(89), some -# oddities were introduced in the mapping to LDAPv3. The -# mappings were based upon: draft-ietf-asid-ldapv3-attributes-03.txt -# (a work in progress) -# -# Note: It seems that the pilot schema evolved beyond what was -# described in RFC1274. However, this document attempts to describes -# RFC1274 as published. -# -# Depends on core.schema - - -# Network Working Group P. Barker -# Request for Comments: 1274 S. Kille -# University College London -# November 1991 -# -# The COSINE and Internet X.500 Schema -# -# [trimmed] -# -# Abstract -# -# This document suggests an X.500 Directory Schema, or Naming -# Architecture, for use in the COSINE and Internet X.500 pilots. The -# schema is independent of any specific implementation. As well as -# indicating support for the standard object classes and attributes, a -# large number of generally useful object classes and attributes are -# also defined. An appendix to this document includes a machine -# processable version of the schema. -# -# [trimmed] - -# 7. Object Identifiers -# -# Some additional object identifiers are defined for this schema. -# These are also reproduced in Appendix C. -# -# data OBJECT IDENTIFIER ::= {ccitt 9} -# pss OBJECT IDENTIFIER ::= {data 2342} -# ucl OBJECT IDENTIFIER ::= {pss 19200300} -# pilot OBJECT IDENTIFIER ::= {ucl 100} -# -# pilotAttributeType OBJECT IDENTIFIER ::= {pilot 1} -# pilotAttributeSyntax OBJECT IDENTIFIER ::= {pilot 3} -# pilotObjectClass OBJECT IDENTIFIER ::= {pilot 4} -# pilotGroups OBJECT IDENTIFIER ::= {pilot 10} -# -# iA5StringSyntax OBJECT IDENTIFIER ::= {pilotAttributeSyntax 4} -# caseIgnoreIA5StringSyntax OBJECT IDENTIFIER ::= -# {pilotAttributeSyntax 5} -# -# 8. Object Classes -# [relocated after 9] - -# -# 9. Attribute Types -# -# 9.1. X.500 standard attribute types -# -# A number of generally useful attribute types are defined in X.520, -# and these are supported. Refer to that document for descriptions of -# the suggested usage of these attribute types. The ASN.1 for these -# attribute types is reproduced for completeness in Appendix C. -# -# 9.2. X.400 standard attribute types -# -# The standard X.400 attribute types are supported. See X.402 for full -# details. The ASN.1 for these attribute types is reproduced in -# Appendix C. -# -# 9.3. COSINE/Internet attribute types -# -# This section describes all the attribute types defined for use in the -# COSINE and Internet pilots. Descriptions are given as to the -# suggested usage of these attribute types. The ASN.1 for these -# attribute types is reproduced in Appendix C. -# -# 9.3.1. Userid -# -# The Userid attribute type specifies a computer system login name. -# -# userid ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-user-identifier)) -# ::= {pilotAttributeType 1} -# -#(in core.schema) -##attributetype ( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' ) -## EQUALITY caseIgnoreMatch -## SUBSTR caseIgnoreSubstringsMatch -## SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) - -# 9.3.2. Text Encoded O/R Address -# -# The Text Encoded O/R Address attribute type specifies a text encoding -# of an X.400 O/R address, as specified in RFC 987. The use of this -# attribute is deprecated as the attribute is intended for interim use -# only. This attribute will be the first candidate for the attribute -# expiry mechanisms! -# -# textEncodedORAddress ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-text-encoded-or-address)) -# ::= {pilotAttributeType 2} -# -attributetype ( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) - -# 9.3.3. RFC 822 Mailbox -# -# The RFC822 Mailbox attribute type specifies an electronic mailbox -# attribute following the syntax specified in RFC 822. Note that this -# attribute should not be used for greybook or other non-Internet order -# mailboxes. -# -# rfc822Mailbox ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreIA5StringSyntax -# (SIZE (1 .. ub-rfc822-mailbox)) -# ::= {pilotAttributeType 3} -# -#(in core.schema) -##attributetype ( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822Mailbox' ) -## EQUALITY caseIgnoreIA5Match -## SUBSTR caseIgnoreIA5SubstringsMatch -## SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) - -# 9.3.4. Information -# -# The Information attribute type specifies any general information -# pertinent to an object. It is recommended that specific usage of -# this attribute type is avoided, and that specific requirements are -# met by other (possibly additional) attribute types. -# -# info ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-information)) -# ::= {pilotAttributeType 4} -# -attributetype ( 0.9.2342.19200300.100.1.4 NAME 'info' - DESC 'RFC1274: general information' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} ) - - -# 9.3.5. Favourite Drink -# -# The Favourite Drink attribute type specifies the favourite drink of -# an object (or person). -# -# favouriteDrink ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-favourite-drink)) -# ::= {pilotAttributeType 5} -# -attributetype ( 0.9.2342.19200300.100.1.5 - NAME ( 'drink' 'favouriteDrink' ) - DESC 'RFC1274: favorite drink' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) - -# 9.3.6. Room Number -# -# The Room Number attribute type specifies the room number of an -# object. Note that the commonName attribute should be used for naming -# room objects. -# -# roomNumber ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-room-number)) -# ::= {pilotAttributeType 6} -# -attributetype ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' - DESC 'RFC1274: room number' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) - -# 9.3.7. Photo -# -# The Photo attribute type specifies a "photograph" for an object. -# This should be encoded in G3 fax as explained in recommendation T.4, -# with an ASN.1 wrapper to make it compatible with an X.400 BodyPart as -# defined in X.420. -# -# IMPORT G3FacsimileBodyPart FROM { mhs-motis ipms modules -# information-objects } -# -# photo ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# CHOICE { -# g3-facsimile [3] G3FacsimileBodyPart -# } -# (SIZE (1 .. ub-photo)) -# ::= {pilotAttributeType 7} -# -attributetype ( 0.9.2342.19200300.100.1.7 NAME 'photo' - DESC 'RFC1274: photo (G3 fax)' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000} ) - -# 9.3.8. User Class -# -# The User Class attribute type specifies a category of computer user. -# The semantics placed on this attribute are for local interpretation. -# Examples of current usage od this attribute in academia are -# undergraduate student, researcher, lecturer, etc. Note that the -# organizationalStatus attribute may now often be preferred as it makes -# no distinction between computer users and others. -# -# userClass ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-user-class)) -# ::= {pilotAttributeType 8} -# -attributetype ( 0.9.2342.19200300.100.1.8 NAME 'userClass' - DESC 'RFC1274: category of user' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) - -# 9.3.9. Host -# -# The Host attribute type specifies a host computer. -# -# host ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-host)) -# ::= {pilotAttributeType 9} -# -attributetype ( 0.9.2342.19200300.100.1.9 NAME 'host' - DESC 'RFC1274: host computer' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) - -# 9.3.10. Manager -# -# The Manager attribute type specifies the manager of an object -# represented by an entry. -# -# manager ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# distinguishedNameSyntax -# ::= {pilotAttributeType 10} -# -attributetype ( 0.9.2342.19200300.100.1.10 NAME 'manager' - DESC 'RFC1274: DN of manager' - EQUALITY distinguishedNameMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) - -# 9.3.11. Document Identifier -# -# The Document Identifier attribute type specifies a unique identifier -# for a document. -# -# documentIdentifier ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-document-identifier)) -# ::= {pilotAttributeType 11} -# -attributetype ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier' - DESC 'RFC1274: unique identifier of document' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) - -# 9.3.12. Document Title -# -# The Document Title attribute type specifies the title of a document. -# -# documentTitle ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-document-title)) -# ::= {pilotAttributeType 12} -# -attributetype ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle' - DESC 'RFC1274: title of document' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) - -# 9.3.13. Document Version -# -# The Document Version attribute type specifies the version number of a -# document. -# -# documentVersion ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-document-version)) -# ::= {pilotAttributeType 13} -# -attributetype ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion' - DESC 'RFC1274: version of document' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) - -# 9.3.14. Document Author -# -# The Document Author attribute type specifies the distinguished name -# of the author of a document. -# -# documentAuthor ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# distinguishedNameSyntax -# ::= {pilotAttributeType 14} -# -attributetype ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor' - DESC 'RFC1274: DN of author of document' - EQUALITY distinguishedNameMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) - -# 9.3.15. Document Location -# -# The Document Location attribute type specifies the location of the -# document original. -# -# documentLocation ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-document-location)) -# ::= {pilotAttributeType 15} -# -attributetype ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation' - DESC 'RFC1274: location of document original' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) - -# 9.3.16. Home Telephone Number -# -# The Home Telephone Number attribute type specifies a home telephone -# number associated with a person. Attribute values should follow the -# agreed format for international telephone numbers: i.e., "+44 71 123 -# 4567". -# -# homeTelephoneNumber ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# telephoneNumberSyntax -# ::= {pilotAttributeType 20} -# -attributetype ( 0.9.2342.19200300.100.1.20 - NAME ( 'homePhone' 'homeTelephoneNumber' ) - DESC 'RFC1274: home telephone number' - EQUALITY telephoneNumberMatch - SUBSTR telephoneNumberSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ) - -# 9.3.17. Secretary -# -# The Secretary attribute type specifies the secretary of a person. -# The attribute value for Secretary is a distinguished name. -# -# secretary ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# distinguishedNameSyntax -# ::= {pilotAttributeType 21} -# -attributetype ( 0.9.2342.19200300.100.1.21 NAME 'secretary' - DESC 'RFC1274: DN of secretary' - EQUALITY distinguishedNameMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) - -# 9.3.18. Other Mailbox -# -# The Other Mailbox attribute type specifies values for electronic -# mailbox types other than X.400 and rfc822. -# -# otherMailbox ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# SEQUENCE { -# mailboxType PrintableString, -- e.g. Telemail -# mailbox IA5String -- e.g. X378:Joe -# } -# ::= {pilotAttributeType 22} -# -attributetype ( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.39 ) - -# 9.3.19. Last Modified Time -# -# The Last Modified Time attribute type specifies the last time, in UTC -# time, that an entry was modified. Ideally, this attribute should be -# maintained by the DSA. -# -# lastModifiedTime ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# uTCTimeSyntax -# ::= {pilotAttributeType 23} -# -## Deprecated in favor of modifyTimeStamp -#attributetype ( 0.9.2342.19200300.100.1.23 NAME 'lastModifiedTime' -# DESC 'RFC1274: time of last modify, replaced by modifyTimestamp' -# OBSOLETE -# SYNTAX 1.3.6.1.4.1.1466.115.121.1.53 -# USAGE directoryOperation ) - -# 9.3.20. Last Modified By -# -# The Last Modified By attribute specifies the distinguished name of -# the last user to modify the associated entry. Ideally, this -# attribute should be maintained by the DSA. -# -# lastModifiedBy ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# distinguishedNameSyntax -# ::= {pilotAttributeType 24} -# -## Deprecated in favor of modifiersName -#attributetype ( 0.9.2342.19200300.100.1.24 NAME 'lastModifiedBy' -# DESC 'RFC1274: last modifier, replaced by modifiersName' -# OBSOLETE -# EQUALITY distinguishedNameMatch -# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 -# USAGE directoryOperation ) - -# 9.3.21. Domain Component -# -# The Domain Component attribute type specifies a DNS/NRS domain. For -# example, "uk" or "ac". -# -# domainComponent ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreIA5StringSyntax -# SINGLE VALUE -# ::= {pilotAttributeType 25} -# -##(in core.schema) -##attributetype ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domainComponent' ) -## EQUALITY caseIgnoreIA5Match -## SUBSTR caseIgnoreIA5SubstringsMatch -## SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) - -# 9.3.22. DNS ARecord -# -# The A Record attribute type specifies a type A (Address) DNS resource -# record [6] [7]. -# -# aRecord ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# DNSRecordSyntax -# ::= {pilotAttributeType 26} -# -## incorrect syntax? -attributetype ( 0.9.2342.19200300.100.1.26 NAME 'aRecord' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -## missing from RFC1274 -## incorrect syntax? -attributetype ( 0.9.2342.19200300.100.1.27 NAME 'mDRecord' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -# 9.3.23. MX Record -# -# The MX Record attribute type specifies a type MX (Mail Exchange) DNS -# resource record [6] [7]. -# -# mXRecord ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# DNSRecordSyntax -# ::= {pilotAttributeType 28} -# -## incorrect syntax!! -attributetype ( 0.9.2342.19200300.100.1.28 NAME 'mXRecord' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -# 9.3.24. NS Record -# -# The NS Record attribute type specifies an NS (Name Server) DNS -# resource record [6] [7]. -# -# nSRecord ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# DNSRecordSyntax -# ::= {pilotAttributeType 29} -# -## incorrect syntax!! -attributetype ( 0.9.2342.19200300.100.1.29 NAME 'nSRecord' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -# 9.3.25. SOA Record -# -# The SOA Record attribute type specifies a type SOA (Start of -# Authority) DNS resorce record [6] [7]. -# -# sOARecord ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# DNSRecordSyntax -# ::= {pilotAttributeType 30} -# -## incorrect syntax!! -attributetype ( 0.9.2342.19200300.100.1.30 NAME 'sOARecord' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -# 9.3.26. CNAME Record -# -# The CNAME Record attribute type specifies a type CNAME (Canonical -# Name) DNS resource record [6] [7]. -# -# cNAMERecord ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# iA5StringSyntax -# ::= {pilotAttributeType 31} -# -## incorrect syntax!! -attributetype ( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -# 9.3.27. Associated Domain -# -# The Associated Domain attribute type specifies a DNS or NRS domain -# which is associated with an object in the DIT. For example, the entry -# in the DIT with a distinguished name "C=GB, O=University College -# London" would have an associated domain of "UCL.AC.UK. Note that all -# domains should be represented in rfc822 order. See [3] for more -# details of usage of this attribute. -# -# associatedDomain ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreIA5StringSyntax -# ::= {pilotAttributeType 37} -# -#attributetype ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain' -# EQUALITY caseIgnoreIA5Match -# SUBSTR caseIgnoreIA5SubstringsMatch -# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -# 9.3.28. Associated Name -# -# The Associated Name attribute type specifies an entry in the -# organisational DIT associated with a DNS/NRS domain. See [3] for -# more details of usage of this attribute. -# -# associatedName ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# distinguishedNameSyntax -# ::= {pilotAttributeType 38} -# -attributetype ( 0.9.2342.19200300.100.1.38 NAME 'associatedName' - DESC 'RFC1274: DN of entry associated with domain' - EQUALITY distinguishedNameMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) - -# 9.3.29. Home postal address -# -# The Home postal address attribute type specifies a home postal -# address for an object. This should be limited to up to 6 lines of 30 -# characters each. -# -# homePostalAddress ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# postalAddress -# MATCHES FOR EQUALITY -# ::= {pilotAttributeType 39} -# -attributetype ( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress' - DESC 'RFC1274: home postal address' - EQUALITY caseIgnoreListMatch - SUBSTR caseIgnoreListSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) - -# 9.3.30. Personal Title -# -# The Personal Title attribute type specifies a personal title for a -# person. Examples of personal titles are "Ms", "Dr", "Prof" and "Rev". -# -# personalTitle ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-personal-title)) -# ::= {pilotAttributeType 40} -# -attributetype ( 0.9.2342.19200300.100.1.40 NAME 'personalTitle' - DESC 'RFC1274: personal title' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) - -# 9.3.31. Mobile Telephone Number -# -# The Mobile Telephone Number attribute type specifies a mobile -# telephone number associated with a person. Attribute values should -# follow the agreed format for international telephone numbers: i.e., -# "+44 71 123 4567". -# -# mobileTelephoneNumber ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# telephoneNumberSyntax -# ::= {pilotAttributeType 41} -# -attributetype ( 0.9.2342.19200300.100.1.41 - NAME ( 'mobile' 'mobileTelephoneNumber' ) - DESC 'RFC1274: mobile telephone number' - EQUALITY telephoneNumberMatch - SUBSTR telephoneNumberSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ) - -# 9.3.32. Pager Telephone Number -# -# The Pager Telephone Number attribute type specifies a pager telephone -# number for an object. Attribute values should follow the agreed -# format for international telephone numbers: i.e., "+44 71 123 4567". -# -# pagerTelephoneNumber ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# telephoneNumberSyntax -# ::= {pilotAttributeType 42} -# -attributetype ( 0.9.2342.19200300.100.1.42 - NAME ( 'pager' 'pagerTelephoneNumber' ) - DESC 'RFC1274: pager telephone number' - EQUALITY telephoneNumberMatch - SUBSTR telephoneNumberSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ) - -# 9.3.33. Friendly Country Name -# -# The Friendly Country Name attribute type specifies names of countries -# in human readable format. The standard attribute country name must -# be one of the two-letter codes defined in ISO 3166. -# -# friendlyCountryName ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# ::= {pilotAttributeType 43} -# -attributetype ( 0.9.2342.19200300.100.1.43 - NAME ( 'co' 'friendlyCountryName' ) - DESC 'RFC1274: friendly country name' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) - -# 9.3.34. Unique Identifier -# -# The Unique Identifier attribute type specifies a "unique identifier" -# for an object represented in the Directory. The domain within which -# the identifier is unique, and the exact semantics of the identifier, -# are for local definition. For a person, this might be an -# institution-wide payroll number. For an organisational unit, it -# might be a department code. -# -# uniqueIdentifier ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-unique-identifier)) -# ::= {pilotAttributeType 44} -# -attributetype ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier' - DESC 'RFC1274: unique identifer' - EQUALITY caseIgnoreMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) - -# 9.3.35. Organisational Status -# -# The Organisational Status attribute type specifies a category by -# which a person is often referred to in an organisation. Examples of -# usage in academia might include undergraduate student, researcher, -# lecturer, etc. -# -# A Directory administrator should probably consider carefully the -# distinctions between this and the title and userClass attributes. -# -# organizationalStatus ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-organizational-status)) -# ::= {pilotAttributeType 45} -# -attributetype ( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus' - DESC 'RFC1274: organizational status' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) - -# 9.3.36. Janet Mailbox -# -# The Janet Mailbox attribute type specifies an electronic mailbox -# attribute following the syntax specified in the Grey Book of the -# Coloured Book series. This attribute is intended for the convenience -# of U.K users unfamiliar with rfc822 and little-endian mail addresses. -# Entries using this attribute MUST also include an rfc822Mailbox -# attribute. -# -# janetMailbox ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreIA5StringSyntax -# (SIZE (1 .. ub-janet-mailbox)) -# ::= {pilotAttributeType 46} -# -attributetype ( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox' - DESC 'RFC1274: Janet mailbox' - EQUALITY caseIgnoreIA5Match - SUBSTR caseIgnoreIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) - -# 9.3.37. Mail Preference Option -# -# An attribute to allow users to indicate a preference for inclusion of -# their names on mailing lists (electronic or physical). The absence -# of such an attribute should be interpreted as if the attribute was -# present with value "no-list-inclusion". This attribute should be -# interpreted by anyone using the directory to derive mailing lists, -# and its value respected. -# -# mailPreferenceOption ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX ENUMERATED { -# no-list-inclusion(0), -# any-list-inclusion(1), -- may be added to any lists -# professional-list-inclusion(2) -# -- may be added to lists -# -- which the list provider -# -- views as related to the -# -- users professional inter- -# -- ests, perhaps evaluated -# -- from the business of the -# -- organisation or keywords -# -- in the entry. -# } -# ::= {pilotAttributeType 47} -# -attributetype ( 0.9.2342.19200300.100.1.47 - NAME 'mailPreferenceOption' - DESC 'RFC1274: mail preference option' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) - -# 9.3.38. Building Name -# -# The Building Name attribute type specifies the name of the building -# where an organisation or organisational unit is based. -# -# buildingName ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-building-name)) -# ::= {pilotAttributeType 48} -# -attributetype ( 0.9.2342.19200300.100.1.48 NAME 'buildingName' - DESC 'RFC1274: name of building' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) - -# 9.3.39. DSA Quality -# -# The DSA Quality attribute type specifies the purported quality of a -# DSA. It allows a DSA manager to indicate the expected level of -# availability of the DSA. See [8] for details of the syntax. -# -# dSAQuality ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX DSAQualitySyntax -# SINGLE VALUE -# ::= {pilotAttributeType 49} -# -attributetype ( 0.9.2342.19200300.100.1.49 NAME 'dSAQuality' - DESC 'RFC1274: DSA Quality' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.19 SINGLE-VALUE ) - -# 9.3.40. Single Level Quality -# -# The Single Level Quality attribute type specifies the purported data -# quality at the level immediately below in the DIT. See [8] for -# details of the syntax. -# -# singleLevelQuality ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX DataQualitySyntax -# SINGLE VALUE -# ::= {pilotAttributeType 50} -# -attributetype ( 0.9.2342.19200300.100.1.50 NAME 'singleLevelQuality' - DESC 'RFC1274: Single Level Quality' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE ) - -# 9.3.41. Subtree Minimum Quality -# -# The Subtree Minimum Quality attribute type specifies the purported -# minimum data quality for a DIT subtree. See [8] for more discussion -# and details of the syntax. -# -# subtreeMinimumQuality ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX DataQualitySyntax -# SINGLE VALUE -# -- Defaults to singleLevelQuality -# ::= {pilotAttributeType 51} -# -attributetype ( 0.9.2342.19200300.100.1.51 NAME 'subtreeMinimumQuality' - DESC 'RFC1274: Subtree Mininum Quality' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE ) - -# 9.3.42. Subtree Maximum Quality -# -# The Subtree Maximum Quality attribute type specifies the purported -# maximum data quality for a DIT subtree. See [8] for more discussion -# and details of the syntax. -# -# subtreeMaximumQuality ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX DataQualitySyntax -# SINGLE VALUE -# -- Defaults to singleLevelQuality -# ::= {pilotAttributeType 52} -# -attributetype ( 0.9.2342.19200300.100.1.52 NAME 'subtreeMaximumQuality' - DESC 'RFC1274: Subtree Maximun Quality' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE ) - -# 9.3.43. Personal Signature -# -# The Personal Signature attribute type allows for a representation of -# a person's signature. This should be encoded in G3 fax as explained -# in recommendation T.4, with an ASN.1 wrapper to make it compatible -# with an X.400 BodyPart as defined in X.420. -# -# IMPORT G3FacsimileBodyPart FROM { mhs-motis ipms modules -# information-objects } -# -# personalSignature ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# CHOICE { -# g3-facsimile [3] G3FacsimileBodyPart -# } -# (SIZE (1 .. ub-personal-signature)) -# ::= {pilotAttributeType 53} -# -attributetype ( 0.9.2342.19200300.100.1.53 NAME 'personalSignature' - DESC 'RFC1274: Personal Signature (G3 fax)' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.23 ) - -# 9.3.44. DIT Redirect -# -# The DIT Redirect attribute type is used to indicate that the object -# described by one entry now has a newer entry in the DIT. The entry -# containing the redirection attribute should be expired after a -# suitable grace period. This attribute may be used when an individual -# changes his/her place of work, and thus acquires a new organisational -# DN. -# -# dITRedirect ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# distinguishedNameSyntax -# ::= {pilotAttributeType 54} -# -attributetype ( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect' - DESC 'RFC1274: DIT Redirect' - EQUALITY distinguishedNameMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) - -# 9.3.45. Audio -# -# The Audio attribute type allows the storing of sounds in the -# Directory. The attribute uses a u-law encoded sound file as used by -# the "play" utility on a Sun 4. This is an interim format. -# -# audio ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# Audio -# (SIZE (1 .. ub-audio)) -# ::= {pilotAttributeType 55} -# -attributetype ( 0.9.2342.19200300.100.1.55 NAME 'audio' - DESC 'RFC1274: audio (u-law)' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.4{25000} ) - -# 9.3.46. Publisher of Document -# -# -# The Publisher of Document attribute is the person and/or organization -# that published a document. -# -# documentPublisher ATTRIBUTE -# WITH ATTRIBUTE SYNTAX caseIgnoreStringSyntax -# ::= {pilotAttributeType 56} -# -attributetype ( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher' - DESC 'RFC1274: publisher of document' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) - -# 9.4. Generally useful syntaxes -# -# caseIgnoreIA5StringSyntax ATTRIBUTE-SYNTAX -# IA5String -# MATCHES FOR EQUALITY SUBSTRINGS -# -# iA5StringSyntax ATTRIBUTE-SYNTAX -# IA5String -# MATCHES FOR EQUALITY SUBSTRINGS -# -# -# -- Syntaxes to support the DNS attributes -# -# DNSRecordSyntax ATTRIBUTE-SYNTAX -# IA5String -# MATCHES FOR EQUALITY -# -# -# NRSInformationSyntax ATTRIBUTE-SYNTAX -# NRSInformation -# MATCHES FOR EQUALITY -# -# -# NRSInformation ::= SET { -# [0] Context, -# [1] Address-space-id, -# routes [2] SEQUENCE OF SEQUENCE { -# Route-cost, -# Addressing-info } -# } -# -# -# 9.5. Upper bounds on length of attribute values -# -# -# ub-document-identifier INTEGER ::= 256 -# -# ub-document-location INTEGER ::= 256 -# -# ub-document-title INTEGER ::= 256 -# -# ub-document-version INTEGER ::= 256 -# -# ub-favourite-drink INTEGER ::= 256 -# -# ub-host INTEGER ::= 256 -# -# ub-information INTEGER ::= 2048 -# -# ub-unique-identifier INTEGER ::= 256 -# -# ub-personal-title INTEGER ::= 256 -# -# ub-photo INTEGER ::= 250000 -# -# ub-rfc822-mailbox INTEGER ::= 256 -# -# ub-room-number INTEGER ::= 256 -# -# ub-text-or-address INTEGER ::= 256 -# -# ub-user-class INTEGER ::= 256 -# -# ub-user-identifier INTEGER ::= 256 -# -# ub-organizational-status INTEGER ::= 256 -# -# ub-janet-mailbox INTEGER ::= 256 -# -# ub-building-name INTEGER ::= 256 -# -# ub-personal-signature ::= 50000 -# -# ub-audio INTEGER ::= 250000 -# - -# [back to 8] -# 8. Object Classes -# -# 8.1. X.500 standard object classes -# -# A number of generally useful object classes are defined in X.521, and -# these are supported. Refer to that document for descriptions of the -# suggested usage of these object classes. The ASN.1 for these object -# classes is reproduced for completeness in Appendix C. -# -# 8.2. X.400 standard object classes -# -# A number of object classes defined in X.400 are supported. Refer to -# X.402 for descriptions of the usage of these object classes. The -# ASN.1 for these object classes is reproduced for completeness in -# Appendix C. -# -# 8.3. COSINE/Internet object classes -# -# This section attempts to fuse together the object classes designed -# for use in the COSINE and Internet pilot activities. Descriptions -# are given of the suggested usage of these object classes. The ASN.1 -# for these object classes is also reproduced in Appendix C. -# -# 8.3.1. Pilot Object -# -# The PilotObject object class is used as a sub-class to allow some -# common, useful attributes to be assigned to entries of all other -# object classes. -# -# pilotObject OBJECT-CLASS -# SUBCLASS OF top -# MAY CONTAIN { -# info, -# photo, -# manager, -# uniqueIdentifier, -# lastModifiedTime, -# lastModifiedBy, -# dITRedirect, -# audio} -# ::= {pilotObjectClass 3} -# -#objectclass ( 0.9.2342.19200300.100.4.3 NAME 'pilotObject' -# DESC 'RFC1274: pilot object' -# SUP top AUXILIARY -# MAY ( info $ photo $ manager $ uniqueIdentifier $ -# lastModifiedTime $ lastModifiedBy $ dITRedirect $ audio ) -# ) - -# 8.3.2. Pilot Person -# -# The PilotPerson object class is used as a sub-class of person, to -# allow the use of a number of additional attributes to be assigned to -# entries of object class person. -# -# pilotPerson OBJECT-CLASS -# SUBCLASS OF person -# MAY CONTAIN { -# userid, -# textEncodedORAddress, -# rfc822Mailbox, -# favouriteDrink, -# roomNumber, -# userClass, -# homeTelephoneNumber, -# homePostalAddress, -# secretary, -# personalTitle, -# preferredDeliveryMethod, -# businessCategory, -# janetMailbox, -# otherMailbox, -# mobileTelephoneNumber, -# pagerTelephoneNumber, -# organizationalStatus, -# mailPreferenceOption, -# personalSignature} -# ::= {pilotObjectClass 4} -# -objectclass ( 0.9.2342.19200300.100.4.4 - NAME ( 'pilotPerson' 'newPilotPerson' ) - SUP person STRUCTURAL - MAY ( userid $ textEncodedORAddress $ rfc822Mailbox $ - favouriteDrink $ roomNumber $ userClass $ - homeTelephoneNumber $ homePostalAddress $ secretary $ - personalTitle $ preferredDeliveryMethod $ businessCategory $ - janetMailbox $ otherMailbox $ mobileTelephoneNumber $ - pagerTelephoneNumber $ organizationalStatus $ - mailPreferenceOption $ personalSignature ) - ) - -# 8.3.3. Account -# -# The Account object class is used to define entries representing -# computer accounts. The userid attribute should be used for naming -# entries of this object class. -# -# account OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# userid} -# MAY CONTAIN { -# description, -# seeAlso, -# localityName, -# organizationName, -# organizationalUnitName, -# host} -# ::= {pilotObjectClass 5} -# -objectclass ( 0.9.2342.19200300.100.4.5 NAME 'account' - SUP top STRUCTURAL - MUST userid - MAY ( description $ seeAlso $ localityName $ - organizationName $ organizationalUnitName $ host ) - ) - -# 8.3.4. Document -# -# The Document object class is used to define entries which represent -# documents. -# -# document OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# documentIdentifier} -# MAY CONTAIN { -# commonName, -# description, -# seeAlso, -# localityName, -# organizationName, -# organizationalUnitName, -# documentTitle, -# documentVersion, -# documentAuthor, -# documentLocation, -# documentPublisher} -# ::= {pilotObjectClass 6} -# -objectclass ( 0.9.2342.19200300.100.4.6 NAME 'document' - SUP top STRUCTURAL - MUST documentIdentifier - MAY ( commonName $ description $ seeAlso $ localityName $ - organizationName $ organizationalUnitName $ - documentTitle $ documentVersion $ documentAuthor $ - documentLocation $ documentPublisher ) - ) - -# 8.3.5. Room -# -# The Room object class is used to define entries representing rooms. -# The commonName attribute should be used for naming pentries of this -# object class. -# -# room OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# commonName} -# MAY CONTAIN { -# roomNumber, -# description, -# seeAlso, -# telephoneNumber} -# ::= {pilotObjectClass 7} -# -objectclass ( 0.9.2342.19200300.100.4.7 NAME 'room' - SUP top STRUCTURAL - MUST commonName - MAY ( roomNumber $ description $ seeAlso $ telephoneNumber ) - ) - -# 8.3.6. Document Series -# -# The Document Series object class is used to define an entry which -# represents a series of documents (e.g., The Request For Comments -# papers). -# -# documentSeries OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# commonName} -# MAY CONTAIN { -# description, -# seeAlso, -# telephoneNumber, -# localityName, -# organizationName, -# organizationalUnitName} -# ::= {pilotObjectClass 9} -# -objectclass ( 0.9.2342.19200300.100.4.9 NAME 'documentSeries' - SUP top STRUCTURAL - MUST commonName - MAY ( description $ seeAlso $ telephonenumber $ - localityName $ organizationName $ organizationalUnitName ) - ) - -# 8.3.7. Domain -# -# The Domain object class is used to define entries which represent DNS -# or NRS domains. The domainComponent attribute should be used for -# naming entries of this object class. The usage of this object class -# is described in more detail in [3]. -# -# domain OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# domainComponent} -# MAY CONTAIN { -# associatedName, -# organizationName, -# organizationalAttributeSet} -# ::= {pilotObjectClass 13} -# -objectclass ( 0.9.2342.19200300.100.4.13 NAME 'domain' - SUP top STRUCTURAL - MUST domainComponent - MAY ( associatedName $ organizationName $ description $ - businessCategory $ seeAlso $ searchGuide $ userPassword $ - localityName $ stateOrProvinceName $ streetAddress $ - physicalDeliveryOfficeName $ postalAddress $ postalCode $ - postOfficeBox $ streetAddress $ - facsimileTelephoneNumber $ internationalISDNNumber $ - telephoneNumber $ teletexTerminalIdentifier $ telexNumber $ - preferredDeliveryMethod $ destinationIndicator $ - registeredAddress $ x121Address ) - ) - -# 8.3.8. RFC822 Local Part -# -# The RFC822 Local Part object class is used to define entries which -# represent the local part of RFC822 mail addresses. This treats this -# part of an RFC822 address as a domain. The usage of this object -# class is described in more detail in [3]. -# -# rFC822localPart OBJECT-CLASS -# SUBCLASS OF domain -# MAY CONTAIN { -# commonName, -# surname, -# description, -# seeAlso, -# telephoneNumber, -# postalAttributeSet, -# telecommunicationAttributeSet} -# ::= {pilotObjectClass 14} -# -objectclass ( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart' - SUP domain STRUCTURAL - MAY ( commonName $ surname $ description $ seeAlso $ telephoneNumber $ - physicalDeliveryOfficeName $ postalAddress $ postalCode $ - postOfficeBox $ streetAddress $ - facsimileTelephoneNumber $ internationalISDNNumber $ - telephoneNumber $ teletexTerminalIdentifier $ - telexNumber $ preferredDeliveryMethod $ destinationIndicator $ - registeredAddress $ x121Address ) - ) - -# 8.3.9. DNS Domain -# -# The DNS Domain (Domain NameServer) object class is used to define -# entries for DNS domains. The usage of this object class is described -# in more detail in [3]. -# -# dNSDomain OBJECT-CLASS -# SUBCLASS OF domain -# MAY CONTAIN { -# ARecord, -# MDRecord, -# MXRecord, -# NSRecord, -# SOARecord, -# CNAMERecord} -# ::= {pilotObjectClass 15} -# -objectclass ( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain' - SUP domain STRUCTURAL - MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $ - SOARecord $ CNAMERecord ) - ) - -# 8.3.10. Domain Related Object -# -# The Domain Related Object object class is used to define entries -# which represent DNS/NRS domains which are "equivalent" to an X.500 -# domain: e.g., an organisation or organisational unit. The usage of -# this object class is described in more detail in [3]. -# -# domainRelatedObject OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# associatedDomain} -# ::= {pilotObjectClass 17} -# -objectclass ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject' - DESC 'RFC1274: an object related to an domain' - SUP top AUXILIARY - MUST associatedDomain ) - -# 8.3.11. Friendly Country -# -# The Friendly Country object class is used to define country entries -# in the DIT. The object class is used to allow friendlier naming of -# countries than that allowed by the object class country. The naming -# attribute of object class country, countryName, has to be a 2 letter -# string defined in ISO 3166. -# -# friendlyCountry OBJECT-CLASS -# SUBCLASS OF country -# MUST CONTAIN { -# friendlyCountryName} -# ::= {pilotObjectClass 18} -# -objectclass ( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry' - SUP country STRUCTURAL - MUST friendlyCountryName ) - -# 8.3.12. Simple Security Object -# -# The Simple Security Object object class is used to allow an entry to -# have a userPassword attribute when an entry's principal object -# classes do not allow userPassword as an attribute type. -# -# simpleSecurityObject OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# userPassword } -# ::= {pilotObjectClass 19} -# -## (in core.schema) -## objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject' -## SUP top AUXILIARY -## MUST userPassword ) - -# 8.3.13. Pilot Organization -# -# The PilotOrganization object class is used as a sub-class of -# organization and organizationalUnit to allow a number of additional -# attributes to be assigned to entries of object classes organization -# and organizationalUnit. -# -# pilotOrganization OBJECT-CLASS -# SUBCLASS OF organization, organizationalUnit -# MAY CONTAIN { -# buildingName} -# ::= {pilotObjectClass 20} -# -objectclass ( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization' - SUP ( organization $ organizationalUnit ) STRUCTURAL - MAY buildingName ) - -# 8.3.14. Pilot DSA -# -# The PilotDSA object class is used as a sub-class of the dsa object -# class to allow additional attributes to be assigned to entries for -# DSAs. -# -# pilotDSA OBJECT-CLASS -# SUBCLASS OF dsa -# MUST CONTAIN { -# dSAQuality} -# ::= {pilotObjectClass 21} -# -objectclass ( 0.9.2342.19200300.100.4.21 NAME 'pilotDSA' - SUP dsa STRUCTURAL - MAY dSAQuality ) - -# 8.3.15. Quality Labelled Data -# -# The Quality Labelled Data object class is used to allow the -# assignment of the data quality attributes to subtrees in the DIT. -# -# See [8] for more details. -# -# qualityLabelledData OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# dSAQuality} -# MAY CONTAIN { -# subtreeMinimumQuality, -# subtreeMaximumQuality} -# ::= {pilotObjectClass 22} -objectclass ( 0.9.2342.19200300.100.4.22 NAME 'qualityLabelledData' - SUP top AUXILIARY - MUST dsaQuality - MAY ( subtreeMinimumQuality $ subtreeMaximumQuality ) - ) - - -# References -# -# [1] CCITT/ISO, "X.500, The Directory - overview of concepts, -# models and services, CCITT /ISO IS 9594. -# -# [2] Kille, S., "The THORN and RARE X.500 Naming Architecture, in -# University College London, Department of Computer Science -# Research Note 89/48, May 1989. -# -# [3] Kille, S., "X.500 and Domains", RFC 1279, University College -# London, November 1991. -# -# [4] Rose, M., "PSI/NYSERNet White Pages Pilot Project: Status -# Report", Technical Report 90-09-10-1, published by NYSERNet -# Inc, 1990. -# -# [5] Craigie, J., "UK Academic Community Directory Service Pilot -# Project, pp. 305-310 in Computer Networks and ISDN Systems -# 17 (1989), published by North Holland. -# -# [6] Mockapetris, P., "Domain Names - Concepts and Facilities", -# RFC 1034, USC/Information Sciences Institute, November 1987. -# -# [7] Mockapetris, P., "Domain Names - Implementation and -# Specification, RFC 1035, USC/Information Sciences Institute, -# November 1987. -# -# [8] Kille, S., "Handling QOS (Quality of service) in the -# Directory," publication in process, March 1991. -# -# -# APPENDIX C - Summary of all Object Classes and Attribute Types -# -# -- Some Important Object Identifiers -# -# data OBJECT IDENTIFIER ::= {ccitt 9} -# pss OBJECT IDENTIFIER ::= {data 2342} -# ucl OBJECT IDENTIFIER ::= {pss 19200300} -# pilot OBJECT IDENTIFIER ::= {ucl 100} -# -# pilotAttributeType OBJECT IDENTIFIER ::= {pilot 1} -# pilotAttributeSyntax OBJECT IDENTIFIER ::= {pilot 3} -# pilotObjectClass OBJECT IDENTIFIER ::= {pilot 4} -# pilotGroups OBJECT IDENTIFIER ::= {pilot 10} -# -# iA5StringSyntax OBJECT IDENTIFIER ::= {pilotAttributeSyntax 4} -# caseIgnoreIA5StringSyntax OBJECT IDENTIFIER ::= -# {pilotAttributeSyntax 5} -# -# -- Standard Object Classes -# -# top OBJECT-CLASS -# MUST CONTAIN { -# objectClass} -# ::= {objectClass 0} -# -# -# alias OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# aliasedObjectName} -# ::= {objectClass 1} -# -# -# country OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# countryName} -# MAY CONTAIN { -# description, -# searchGuide} -# ::= {objectClass 2} -# -# -# locality OBJECT-CLASS -# SUBCLASS OF top -# MAY CONTAIN { -# description, -# localityName, -# stateOrProvinceName, -# searchGuide, -# seeAlso, -# streetAddress} -# ::= {objectClass 3} -# -# -# organization OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# organizationName} -# MAY CONTAIN { -# organizationalAttributeSet} -# ::= {objectClass 4} -# -# -# organizationalUnit OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# organizationalUnitName} -# MAY CONTAIN { -# organizationalAttributeSet} -# ::= {objectClass 5} -# -# -# person OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# commonName, -# surname} -# MAY CONTAIN { -# description, -# seeAlso, -# telephoneNumber, -# userPassword} -# ::= {objectClass 6} -# -# -# organizationalPerson OBJECT-CLASS -# SUBCLASS OF person -# MAY CONTAIN { -# localeAttributeSet, -# organizationalUnitName, -# postalAttributeSet, -# telecommunicationAttributeSet, -# title} -# ::= {objectClass 7} -# -# -# organizationalRole OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# commonName} -# MAY CONTAIN { -# description, -# localeAttributeSet, -# organizationalUnitName, -# postalAttributeSet, -# preferredDeliveryMethod, -# roleOccupant, -# seeAlso, -# telecommunicationAttributeSet} -# ::= {objectClass 8} -# -# -# groupOfNames OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# commonName, -# member} -# MAY CONTAIN { -# description, -# organizationName, -# organizationalUnitName, -# owner, -# seeAlso, -# businessCategory} -# ::= {objectClass 9} -# -# -# residentialPerson OBJECT-CLASS -# SUBCLASS OF person -# MUST CONTAIN { -# localityName} -# MAY CONTAIN { -# localeAttributeSet, -# postalAttributeSet, -# preferredDeliveryMethod, -# telecommunicationAttributeSet, -# businessCategory} -# ::= {objectClass 10} -# -# -# applicationProcess OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# commonName} -# MAY CONTAIN { -# description, -# localityName, -# organizationalUnitName, -# seeAlso} -# ::= {objectClass 11} -# -# -# applicationEntity OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# commonName, -# presentationAddress} -# MAY CONTAIN { -# description, -# localityName, -# organizationName, -# organizationalUnitName, -# seeAlso, -# supportedApplicationContext} -# ::= {objectClass 12} -# -# -# dSA OBJECT-CLASS -# SUBCLASS OF applicationEntity -# MAY CONTAIN { -# knowledgeInformation} -# ::= {objectClass 13} -# -# -# device OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# commonName} -# MAY CONTAIN { -# description, -# localityName, -# organizationName, -# organizationalUnitName, -# owner, -# seeAlso, -# serialNumber} -# ::= {objectClass 14} -# -# -# strongAuthenticationUser OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# userCertificate} -# ::= {objectClass 15} -# -# -# certificationAuthority OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# cACertificate, -# certificateRevocationList, -# authorityRevocationList} -# MAY CONTAIN { -# crossCertificatePair} -# ::= {objectClass 16} -# -# -- Standard MHS Object Classes -# -# mhsDistributionList OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# commonName, -# mhsDLSubmitPermissions, -# mhsORAddresses} -# MAY CONTAIN { -# description, -# organizationName, -# organizationalUnitName, -# owner, -# seeAlso, -# mhsDeliverableContentTypes, -# mhsdeliverableEits, -# mhsDLMembers, -# mhsPreferredDeliveryMethods} -# ::= {mhsObjectClass 0} -# -# -# mhsMessageStore OBJECT-CLASS -# SUBCLASS OF applicationEntity -# MAY CONTAIN { -# description, -# owner, -# mhsSupportedOptionalAttributes, -# mhsSupportedAutomaticActions, -# mhsSupportedContentTypes} -# ::= {mhsObjectClass 1} -# -# -# mhsMessageTransferAgent OBJECT-CLASS -# SUBCLASS OF applicationEntity -# MAY CONTAIN { -# description, -# owner, -# mhsDeliverableContentLength} -# ::= {mhsObjectClass 2} -# -# -# mhsOrganizationalUser OBJECT-CLASS -# SUBCLASS OF organizationalPerson -# MUST CONTAIN { -# mhsORAddresses} -# MAY CONTAIN { -# mhsDeliverableContentLength, -# mhsDeliverableContentTypes, -# mhsDeliverableEits, -# mhsMessageStoreName, -# mhsPreferredDeliveryMethods } -# ::= {mhsObjectClass 3} -# -# -# mhsResidentialUser OBJECT-CLASS -# SUBCLASS OF residentialPerson -# MUST CONTAIN { -# mhsORAddresses} -# MAY CONTAIN { -# mhsDeliverableContentLength, -# mhsDeliverableContentTypes, -# mhsDeliverableEits, -# mhsMessageStoreName, -# mhsPreferredDeliveryMethods } -# ::= {mhsObjectClass 4} -# -# -# mhsUserAgent OBJECT-CLASS -# SUBCLASS OF applicationEntity -# MAY CONTAIN { -# mhsDeliverableContentLength, -# mhsDeliverableContentTypes, -# mhsDeliverableEits, -# mhsORAddresses, -# owner} -# ::= {mhsObjectClass 5} -# -# -# -# -# -- Pilot Object Classes -# -# pilotObject OBJECT-CLASS -# SUBCLASS OF top -# MAY CONTAIN { -# info, -# photo, -# manager, -# uniqueIdentifier, -# lastModifiedTime, -# lastModifiedBy, -# dITRedirect, -# audio} -# ::= {pilotObjectClass 3} -# pilotPerson OBJECT-CLASS -# SUBCLASS OF person -# MAY CONTAIN { -# userid, -# textEncodedORAddress, -# rfc822Mailbox, -# favouriteDrink, -# roomNumber, -# userClass, -# homeTelephoneNumber, -# homePostalAddress, -# secretary, -# personalTitle, -# preferredDeliveryMethod, -# businessCategory, -# janetMailbox, -# otherMailbox, -# mobileTelephoneNumber, -# pagerTelephoneNumber, -# organizationalStatus, -# mailPreferenceOption, -# personalSignature} -# ::= {pilotObjectClass 4} -# -# -# account OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# userid} -# MAY CONTAIN { -# description, -# seeAlso, -# localityName, -# organizationName, -# organizationalUnitName, -# host} -# ::= {pilotObjectClass 5} -# -# -# document OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# documentIdentifier} -# MAY CONTAIN { -# commonName, -# description, -# seeAlso, -# localityName, -# organizationName, -# organizationalUnitName, -# documentTitle, -# documentVersion, -# documentAuthor, -# documentLocation, -# documentPublisher} -# ::= {pilotObjectClass 6} -# -# -# room OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# commonName} -# MAY CONTAIN { -# roomNumber, -# description, -# seeAlso, -# telephoneNumber} -# ::= {pilotObjectClass 7} -# -# -# documentSeries OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# commonName} -# MAY CONTAIN { -# description, -# seeAlso, -# telephoneNumber, -# localityName, -# organizationName, -# organizationalUnitName} -# ::= {pilotObjectClass 9} -# -# -# domain OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# domainComponent} -# MAY CONTAIN { -# associatedName, -# organizationName, -# organizationalAttributeSet} -# ::= {pilotObjectClass 13} -# -# -# rFC822localPart OBJECT-CLASS -# SUBCLASS OF domain -# MAY CONTAIN { -# commonName, -# surname, -# description, -# seeAlso, -# telephoneNumber, -# postalAttributeSet, -# telecommunicationAttributeSet} -# ::= {pilotObjectClass 14} -# -# -# dNSDomain OBJECT-CLASS -# SUBCLASS OF domain -# MAY CONTAIN { -# ARecord, -# MDRecord, -# MXRecord, -# NSRecord, -# SOARecord, -# CNAMERecord} -# ::= {pilotObjectClass 15} -# -# -# domainRelatedObject OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# associatedDomain} -# ::= {pilotObjectClass 17} -# -# -# friendlyCountry OBJECT-CLASS -# SUBCLASS OF country -# MUST CONTAIN { -# friendlyCountryName} -# ::= {pilotObjectClass 18} -# -# -# simpleSecurityObject OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# userPassword } -# ::= {pilotObjectClass 19} -# -# -# pilotOrganization OBJECT-CLASS -# SUBCLASS OF organization, organizationalUnit -# MAY CONTAIN { -# buildingName} -# ::= {pilotObjectClass 20} -# -# -# pilotDSA OBJECT-CLASS -# SUBCLASS OF dsa -# MUST CONTAIN { -# dSAQuality} -# ::= {pilotObjectClass 21} -# -# -# qualityLabelledData OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# dSAQuality} -# MAY CONTAIN { -# subtreeMinimumQuality, -# subtreeMaximumQuality} -# ::= {pilotObjectClass 22} -# -# -# -# -# -- Standard Attribute Types -# -# objectClass ObjectClass -# ::= {attributeType 0} -# -# -# aliasedObjectName AliasedObjectName -# ::= {attributeType 1} -# -# -# knowledgeInformation ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX caseIgnoreString -# ::= {attributeType 2} -# -# -# commonName ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax -# (SIZE (1..ub-common-name)) -# ::= {attributeType 3} -# -# -# surname ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax -# (SIZE (1..ub-surname)) -# ::= {attributeType 4} -# -# -# serialNumber ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX printableStringSyntax -# (SIZE (1..ub-serial-number)) -# ::= {attributeType 5} -# -# -# countryName ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX PrintableString -# (SIZE (1..ub-country-code)) -# SINGLE VALUE -# ::= {attributeType 6} -# -# -# localityName ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax -# (SIZE (1..ub-locality-name)) -# ::= {attributeType 7} -# -# -# stateOrProvinceName ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax -# (SIZE (1..ub-state-name)) -# ::= {attributeType 8} -# -# -# streetAddress ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax -# (SIZE (1..ub-street-address)) -# ::= {attributeType 9} -# -# -# organizationName ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax -# (SIZE (1..ub-organization-name)) -# ::= {attributeType 10} -# -# -# organizationalUnitName ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax -# (SIZE (1..ub-organizational-unit-name)) -# ::= {attributeType 11} -# -# -# title ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax -# (SIZE (1..ub-title)) -# ::= {attributeType 12} -# -# -# description ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax -# (SIZE (1..ub-description)) -# ::= {attributeType 13} -# -# -# searchGuide ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX Guide -# ::= {attributeType 14} -# -# -# businessCategory ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax -# (SIZE (1..ub-business-category)) -# ::= {attributeType 15} -# -# -# postalAddress ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX PostalAddress -# MATCHES FOR EQUALITY -# ::= {attributeType 16} -# -# -# postalCode ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax -# (SIZE (1..ub-postal-code)) -# ::= {attributeType 17} -# -# -# postOfficeBox ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax -# (SIZE (1..ub-post-office-box)) -# ::= {attributeType 18} -# -# -# physicalDeliveryOfficeName ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax -# (SIZE (1..ub-physical-office-name)) -# ::= {attributeType 19} -# -# -# telephoneNumber ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX telephoneNumberSyntax -# (SIZE (1..ub-telephone-number)) -# ::= {attributeType 20} -# -# -# telexNumber ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX TelexNumber -# (SIZE (1..ub-telex)) -# ::= {attributeType 21} -# -# -# teletexTerminalIdentifier ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX TeletexTerminalIdentifier -# (SIZE (1..ub-teletex-terminal-id)) -# ::= {attributeType 22} -# -# -# facsimileTelephoneNumber ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX FacsimileTelephoneNumber -# ::= {attributeType 23} -# -# -# x121Address ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX NumericString -# (SIZE (1..ub-x121-address)) -# ::= {attributeType 24} -# -# -# internationaliSDNNumber ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX NumericString -# (SIZE (1..ub-isdn-address)) -# ::= {attributeType 25} -# -# -# registeredAddress ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX PostalAddress -# ::= {attributeType 26} -# -# -# destinationIndicator ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX PrintableString -# (SIZE (1..ub-destination-indicator)) -# MATCHES FOR EQUALITY SUBSTRINGS -# ::= {attributeType 27} -# -# -# preferredDeliveryMethod ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX deliveryMethod -# ::= {attributeType 28} -# -# -# presentationAddress ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX PresentationAddress -# MATCHES FOR EQUALITY -# ::= {attributeType 29} -# -# -# supportedApplicationContext ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX objectIdentifierSyntax -# ::= {attributeType 30} -# -# -# member ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax -# ::= {attributeType 31} -# -# -# owner ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax -# ::= {attributeType 32} -# -# -# roleOccupant ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax -# ::= {attributeType 33} -# -# -# seeAlso ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax -# ::= {attributeType 34} -# -# -# userPassword ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX Userpassword -# ::= {attributeType 35} -# -# -# userCertificate ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX UserCertificate -# ::= {attributeType 36} -# -# -# cACertificate ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX cACertificate -# ::= {attributeType 37} -# -# -# authorityRevocationList ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX AuthorityRevocationList -# ::= {attributeType 38} -# -# -# certificateRevocationList ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX CertificateRevocationList -# ::= {attributeType 39} -# -# -# crossCertificatePair ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX CrossCertificatePair -# ::= {attributeType 40} -# -# -# -# -# -- Standard MHS Attribute Types -# -# mhsDeliverableContentLength ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX integer -# ::= {mhsAttributeType 0} -# -# -# mhsDeliverableContentTypes ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX oID -# ::= {mhsAttributeType 1} -# -# -# mhsDeliverableEits ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX oID -# ::= {mhsAttributeType 2} -# -# -# mhsDLMembers ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX oRName -# ::= {mhsAttributeType 3} -# -# -# mhsDLSubmitPermissions ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX dLSubmitPermission -# ::= {mhsAttributeType 4} -# -# -# mhsMessageStoreName ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX dN -# ::= {mhsAttributeType 5} -# -# -# mhsORAddresses ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX oRAddress -# ::= {mhsAttributeType 6} -# -# -# mhsPreferredDeliveryMethods ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX deliveryMethod -# ::= {mhsAttributeType 7} -# -# -# mhsSupportedAutomaticActions ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX oID -# ::= {mhsAttributeType 8} -# -# -# mhsSupportedContentTypes ATTRIBUTE -# -# WITH ATTRIBUTE-SYNTAX oID -# ::= {mhsAttributeType 9} -# -# -# mhsSupportedOptionalAttributes ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX oID -# ::= {mhsAttributeType 10} -# -# -# -# -# -- Pilot Attribute Types -# -# userid ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-user-identifier)) -# ::= {pilotAttributeType 1} -# -# -# textEncodedORAddress ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-text-encoded-or-address)) -# ::= {pilotAttributeType 2} -# -# -# rfc822Mailbox ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreIA5StringSyntax -# (SIZE (1 .. ub-rfc822-mailbox)) -# ::= {pilotAttributeType 3} -# -# -# info ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-information)) -# ::= {pilotAttributeType 4} -# -# -# favouriteDrink ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-favourite-drink)) -# ::= {pilotAttributeType 5} -# -# -# roomNumber ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-room-number)) -# ::= {pilotAttributeType 6} -# -# -# photo ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# CHOICE { -# g3-facsimile [3] G3FacsimileBodyPart -# } -# (SIZE (1 .. ub-photo)) -# ::= {pilotAttributeType 7} -# -# -# userClass ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-user-class)) -# ::= {pilotAttributeType 8} -# -# -# host ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-host)) -# ::= {pilotAttributeType 9} -# -# -# manager ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# distinguishedNameSyntax -# ::= {pilotAttributeType 10} -# -# -# documentIdentifier ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-document-identifier)) -# ::= {pilotAttributeType 11} -# -# -# documentTitle ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-document-title)) -# ::= {pilotAttributeType 12} -# -# -# documentVersion ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-document-version)) -# ::= {pilotAttributeType 13} -# -# -# documentAuthor ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# distinguishedNameSyntax -# ::= {pilotAttributeType 14} -# -# -# documentLocation ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-document-location)) -# ::= {pilotAttributeType 15} -# -# -# homeTelephoneNumber ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# telephoneNumberSyntax -# ::= {pilotAttributeType 20} -# -# -# secretary ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# distinguishedNameSyntax -# ::= {pilotAttributeType 21} -# -# -# otherMailbox ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# SEQUENCE { -# mailboxType PrintableString, -- e.g. Telemail -# mailbox IA5String -- e.g. X378:Joe -# } -# ::= {pilotAttributeType 22} -# -# -# lastModifiedTime ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# uTCTimeSyntax -# ::= {pilotAttributeType 23} -# -# -# lastModifiedBy ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# distinguishedNameSyntax -# ::= {pilotAttributeType 24} -# -# -# domainComponent ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreIA5StringSyntax -# SINGLE VALUE -# ::= {pilotAttributeType 25} -# -# -# aRecord ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# DNSRecordSyntax -# ::= {pilotAttributeType 26} -# -# -# mXRecord ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# DNSRecordSyntax -# ::= {pilotAttributeType 28} -# -# -# nSRecord ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# DNSRecordSyntax -# ::= {pilotAttributeType 29} -# -# sOARecord ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# DNSRecordSyntax -# ::= {pilotAttributeType 30} -# -# -# cNAMERecord ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# iA5StringSyntax -# ::= {pilotAttributeType 31} -# -# -# associatedDomain ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreIA5StringSyntax -# ::= {pilotAttributeType 37} -# -# -# associatedName ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# distinguishedNameSyntax -# ::= {pilotAttributeType 38} -# -# -# homePostalAddress ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# postalAddress -# MATCHES FOR EQUALITY -# ::= {pilotAttributeType 39} -# -# -# personalTitle ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-personal-title)) -# ::= {pilotAttributeType 40} -# -# -# mobileTelephoneNumber ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# telephoneNumberSyntax -# ::= {pilotAttributeType 41} -# -# -# pagerTelephoneNumber ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# telephoneNumberSyntax -# ::= {pilotAttributeType 42} -# -# -# friendlyCountryName ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# ::= {pilotAttributeType 43} -# -# -# uniqueIdentifier ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-unique-identifier)) -# ::= {pilotAttributeType 44} -# -# -# organizationalStatus ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-organizational-status)) -# ::= {pilotAttributeType 45} -# -# -# janetMailbox ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreIA5StringSyntax -# (SIZE (1 .. ub-janet-mailbox)) -# ::= {pilotAttributeType 46} -# -# -# mailPreferenceOption ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX ENUMERATED { -# no-list-inclusion(0), -# any-list-inclusion(1), -- may be added to any lists -# professional-list-inclusion(2) -# -- may be added to lists -# -- which the list provider -# -- views as related to the -# -- users professional inter- -# -- ests, perhaps evaluated -# -- from the business of the -# -- organisation or keywords -# -- in the entry. -# } -# ::= {pilotAttributeType 47} -# -# -# buildingName ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-building-name)) -# ::= {pilotAttributeType 48} -# -# -# dSAQuality ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX DSAQualitySyntax -# SINGLE VALUE -# ::= {pilotAttributeType 49} -# -# -# singleLevelQuality ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX DataQualitySyntax -# SINGLE VALUE -# -# -# subtreeMinimumQuality ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX DataQualitySyntax -# SINGLE VALUE -# -- Defaults to singleLevelQuality -# ::= {pilotAttributeType 51} -# -# -# subtreeMaximumQuality ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX DataQualitySyntax -# SINGLE VALUE -# -- Defaults to singleLevelQuality -# ::= {pilotAttributeType 52} -# -# -# personalSignature ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# CHOICE { -# g3-facsimile [3] G3FacsimileBodyPart -# } -# (SIZE (1 .. ub-personal-signature)) -# ::= {pilotAttributeType 53} -# -# -# dITRedirect ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# distinguishedNameSyntax -# ::= {pilotAttributeType 54} -# -# -# audio ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# Audio -# (SIZE (1 .. ub-audio)) -# ::= {pilotAttributeType 55} -# -# documentPublisher ATTRIBUTE -# WITH ATTRIBUTE SYNTAX caseIgnoreStringSyntax -# ::= {pilotAttributeType 56} -# -# -# -# -- Generally useful syntaxes -# -# -# caseIgnoreIA5StringSyntax ATTRIBUTE-SYNTAX -# IA5String -# MATCHES FOR EQUALITY SUBSTRINGS -# -# -# iA5StringSyntax ATTRIBUTE-SYNTAX -# IA5String -# MATCHES FOR EQUALITY SUBSTRINGS -# -# -# -- Syntaxes to support the DNS attributes -# -# DNSRecordSyntax ATTRIBUTE-SYNTAX -# IA5String -# MATCHES FOR EQUALITY -# -# -# NRSInformationSyntax ATTRIBUTE-SYNTAX -# NRSInformation -# MATCHES FOR EQUALITY -# -# -# NRSInformation ::= SET { -# [0] Context, -# [1] Address-space-id, -# routes [2] SEQUENCE OF SEQUENCE { -# Route-cost, -# Addressing-info } -# } -# -# -# -- Upper bounds on length of attribute values -# -# -# ub-document-identifier INTEGER ::= 256 -# -# ub-document-location INTEGER ::= 256 -# -# ub-document-title INTEGER ::= 256 -# -# ub-document-version INTEGER ::= 256 -# -# ub-favourite-drink INTEGER ::= 256 -# -# ub-host INTEGER ::= 256 -# -# ub-information INTEGER ::= 2048 -# -# ub-unique-identifier INTEGER ::= 256 -# -# ub-personal-title INTEGER ::= 256 -# -# ub-photo INTEGER ::= 250000 -# -# ub-rfc822-mailbox INTEGER ::= 256 -# -# ub-room-number INTEGER ::= 256 -# -# ub-text-or-address INTEGER ::= 256 -# -# ub-user-class INTEGER ::= 256 -# -# ub-user-identifier INTEGER ::= 256 -# -# ub-organizational-status INTEGER ::= 256 -# -# ub-janet-mailbox INTEGER ::= 256 -# -# ub-building-name INTEGER ::= 256 -# -# ub-personal-signature ::= 50000 -# -# ub-audio INTEGER ::= 250000 -# -# [remainder of memo trimmed] - diff --git a/openldap/schema/._cfg0000_duaconf.schema b/openldap/schema/._cfg0000_duaconf.schema deleted file mode 100644 index 17538541..00000000 --- a/openldap/schema/._cfg0000_duaconf.schema +++ /dev/null @@ -1,261 +0,0 @@ -# $OpenLDAP$ -## This work is part of OpenLDAP Software . -## -## Copyright 1998-2011 The OpenLDAP Foundation. -## All rights reserved. -## -## Redistribution and use in source and binary forms, with or without -## modification, are permitted only as authorized by the OpenLDAP -## Public License. -## -## A copy of this license is available in the file LICENSE in the -## top-level directory of the distribution or, alternatively, at -## . - -# DUA schema from draft-joslin-config-schema (a work in progress) - -# Contents of this file are subject to change (including deletion) -# without notice. -# -# Not recommended for production use! -# Use with extreme caution! - -## Notes: -## - The matching rule for attributes followReferrals and dereferenceAliases -## has been changed to booleanMatch since their syntax is boolean -## - There was a typo in the name of the dereferenceAliases attributeType -## in the DUAConfigProfile objectClass definition -## - Credit goes to the original Authors - -# -# Application Working Group M. Ansari -# INTERNET-DRAFT Sun Microsystems, Inc. -# Expires Febuary 2003 L. Howard -# PADL Software Pty. Ltd. -# B. Joslin [ed.] -# Hewlett-Packard Company -# -# September 15th, 2003 -# Intended Category: Informational -# -# -# A Configuration Schema for LDAP Based -# Directory User Agents -# -# -#Status of this Memo -# -# This memo provides information for the Internet community. This -# memo does not specify an Internet standard of any kind. Distribu- -# tion of this memo is unlimited. -# -# This document is an Internet-Draft and is in full conformance with -# all provisions of Section 10 of RFC2026. -# -# This document is an Internet-Draft. Internet-Drafts are working -# documents of the Internet Engineering Task Force (IETF), its areas, -# and its working groups. Note that other groups may also distribute -# working documents as Internet-Drafts. -# -# Internet-Drafts are draft documents valid for a maximum of six -# months. Internet-Drafts may be updated, replaced, or made obsolete -# by other documents at any time. It is not appropriate to use -# Internet-Drafts as reference material or to cite them other than as -# a "working draft" or "work in progress". -# -# To learn the current status of any Internet-Draft, please check the -# 1id-abstracts.txt listing contained in the Internet-Drafts Shadow -# Directories on ds.internic.net (US East Coast), nic.nordu.net -# (Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific -# Rim). -# -# Distribution of this document is unlimited. -# -# -# Abstract -# -# This document describes a mechanism for global configuration of -# similar directory user agents. This document defines a schema for -# configuration of these DUAs that may be discovered using the Light- -# weight Directory Access Protocol in RFC 2251[17]. A set of attri- -# bute types and an objectclass are proposed, along with specific -# guidelines for interpreting them. A significant feature of the -# global configuration policy for DUAs is a mechanism that allows -# DUAs to re-configure their schema to that of the end user's -# environment. This configuration is achieved through attribute and -# objectclass mapping. This document is intended to be a skeleton -# for future documents that describe configuration of specific DUA -# services. -# -# -# [trimmed] -# -# -# 2. General Issues -# -# The schema defined by this document is defined under the "DUA Con- -# figuration Schema." This schema is derived from the OID: iso (1) -# org (3) dod (6) internet (1) private (4) enterprises (1) Hewlett- -# Packard Company (11) directory (1) LDAP-UX Integration Project (3) -# DUA Configuration Schema (1). This OID is represented in this -# document by the keystring "DUAConfSchemaOID" -# (1.3.6.1.4.1.11.1.3.1). -objectidentifier DUAConfSchemaOID 1.3.6.1.4.1.11.1.3.1 -# -# 2.2 Attributes -# -# The attributes and classes defined in this document are summarized -# below. -# -# The following attributes are defined in this document: -# -# preferredServerList -# defaultServerList -# defaultSearchBase -# defaultSearchScope -# authenticationMethod -# credentialLevel -# serviceSearchDescriptor -# -# -# -# Joslin [Page 3] -# Internet-Draft DUA Configuration Schema October 2002 -# -# -# serviceCredentialLevel -# serviceAuthenticationMethod -# attributeMap -# objectclassMap -# searchTimeLimit -# bindTimeLimit -# followReferrals -# dereferenceAliases -# profileTTL -# -# 2.3 Object Classes -# -# The following object class is defined in this document: -# -# DUAConfigProfile -# -# -attributeType ( DUAConfSchemaOID:1.0 NAME 'defaultServerList' - DESC 'Default LDAP server host address used by a DUA' - EQUALITY caseIgnoreMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 - SINGLE-VALUE ) - -attributeType ( DUAConfSchemaOID:1.1 NAME 'defaultSearchBase' - DESC 'Default LDAP base DN used by a DUA' - EQUALITY distinguishedNameMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 - SINGLE-VALUE ) - -attributeType ( DUAConfSchemaOID:1.2 NAME 'preferredServerList' - DESC 'Preferred LDAP server host addresses to be used by a - DUA' - EQUALITY caseIgnoreMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 - SINGLE-VALUE ) - -attributeType ( DUAConfSchemaOID:1.3 NAME 'searchTimeLimit' - DESC 'Maximum time in seconds a DUA should allow for a - search to complete' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 - SINGLE-VALUE ) - -attributeType ( DUAConfSchemaOID:1.4 NAME 'bindTimeLimit' - DESC 'Maximum time in seconds a DUA should allow for the - bind operation to complete' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 - SINGLE-VALUE ) - -attributeType ( DUAConfSchemaOID:1.5 NAME 'followReferrals' - DESC 'Tells DUA if it should follow referrals - returned by a DSA search result' - EQUALITY booleanMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 - SINGLE-VALUE ) - -attributeType ( DUAConfSchemaOID:1.16 NAME 'dereferenceAliases' - DESC 'Tells DUA if it should dereference aliases' - EQUALITY booleanMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 - SINGLE-VALUE ) - -attributeType ( DUAConfSchemaOID:1.6 NAME 'authenticationMethod' - DESC 'A keystring which identifies the type of - authentication method used to contact the DSA' - EQUALITY caseIgnoreMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 - SINGLE-VALUE ) - -attributeType ( DUAConfSchemaOID:1.7 NAME 'profileTTL' - DESC 'Time to live, in seconds, before a client DUA - should re-read this configuration profile' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 - SINGLE-VALUE ) - -attributeType ( DUAConfSchemaOID:1.14 NAME 'serviceSearchDescriptor' - DESC 'LDAP search descriptor list used by a DUA' - EQUALITY caseExactMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) - -attributeType ( DUAConfSchemaOID:1.9 NAME 'attributeMap' - DESC 'Attribute mappings used by a DUA' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -attributeType ( DUAConfSchemaOID:1.10 NAME 'credentialLevel' - DESC 'Identifies type of credentials a DUA should - use when binding to the LDAP server' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - SINGLE-VALUE ) - -attributeType ( DUAConfSchemaOID:1.11 NAME 'objectclassMap' - DESC 'Objectclass mappings used by a DUA' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -attributeType ( DUAConfSchemaOID:1.12 NAME 'defaultSearchScope' - DESC 'Default search scope used by a DUA' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - SINGLE-VALUE ) - -attributeType ( DUAConfSchemaOID:1.13 NAME 'serviceCredentialLevel' - DESC 'Identifies type of credentials a DUA - should use when binding to the LDAP server for a - specific service' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -attributeType ( DUAConfSchemaOID:1.15 NAME 'serviceAuthenticationMethod' - DESC 'Authentication method used by a service of the DUA' - EQUALITY caseIgnoreMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) -# -# 4. Class Definition -# -# The objectclass below is constructed from the attributes defined in -# 3, with the exception of the cn attribute, which is defined in RFC -# 2256 [8]. cn is used to represent the name of the DUA configura- -# tion profile. -# -objectClass ( DUAConfSchemaOID:2.5 NAME 'DUAConfigProfile' - SUP top STRUCTURAL - DESC 'Abstraction of a base configuration for a DUA' - MUST ( cn ) - MAY ( defaultServerList $ preferredServerList $ - defaultSearchBase $ defaultSearchScope $ - searchTimeLimit $ bindTimeLimit $ - credentialLevel $ authenticationMethod $ - followReferrals $ dereferenceAliases $ - serviceSearchDescriptor $ serviceCredentialLevel $ - serviceAuthenticationMethod $ objectclassMap $ - attributeMap $ profileTTL ) ) diff --git a/openldap/schema/._cfg0000_dyngroup.ldif b/openldap/schema/._cfg0000_dyngroup.ldif deleted file mode 100644 index 4a65e4b1..00000000 --- a/openldap/schema/._cfg0000_dyngroup.ldif +++ /dev/null @@ -1,71 +0,0 @@ -# dyngroup.schema -- Dynamic Group schema -# $OpenLDAP$ -## This work is part of OpenLDAP Software . -## -## Copyright 1998-2011 The OpenLDAP Foundation. -## All rights reserved. -## -## Redistribution and use in source and binary forms, with or without -## modification, are permitted only as authorized by the OpenLDAP -## Public License. -## -## A copy of this license is available in the file LICENSE in the -## top-level directory of the distribution or, alternatively, at -## . -# -# Dynamic Group schema (experimental), as defined by Netscape. See -# http://www.redhat.com/docs/manuals/ent-server/pdf/esadmin611.pdf -# page 70 for details on how these groups were used. -# -# A description of the objectclass definition is available here: -# http://www.redhat.com/docs/manuals/dir-server/schema/7.1/oc_dir.html#1303745 -# -# depends upon: -# core.schema -# -# These definitions are considered experimental due to the lack of -# a formal specification (e.g., RFC). -# -# NOT RECOMMENDED FOR PRODUCTION USE! USE WITH CAUTION! -# -# The Netscape documentation describes this as an auxiliary objectclass -# but their implementations have always defined it as a structural class. -# The sloppiness here is because Netscape-derived servers don't actually -# implement the X.500 data model, and they don't honor the distinction -# between structural and auxiliary classes. This fact is noted here: -# http://forum.java.sun.com/thread.jspa?threadID=5016864&messageID=9034636 -# -# In accordance with other existing implementations, we define it as a -# structural class. -# -# Our definition of memberURL also does not match theirs but again -# their published definition and what works in practice do not agree. -# In other words, the Netscape definitions are broken and interoperability -# is not guaranteed. -# -# Also see the new DynGroup proposed spec at -# http://tools.ietf.org/html/draft-haripriya-dynamicgroup-02 -dn: cn=dyngroup,cn=schema,cn=config -objectClass: olcSchemaConfig -cn: dyngroup -olcObjectIdentifier: {0}NetscapeRoot 2.16.840.1.113730 -olcObjectIdentifier: {1}NetscapeLDAP NetscapeRoot:3 -olcObjectIdentifier: {2}NetscapeLDAPattributeType NetscapeLDAP:1 -olcObjectIdentifier: {3}NetscapeLDAPobjectClass NetscapeLDAP:2 -olcObjectIdentifier: {4}OpenLDAPExp11 1.3.6.1.4.1.4203.666.11 -olcObjectIdentifier: {5}DynGroupBase OpenLDAPExp11:8 -olcObjectIdentifier: {6}DynGroupAttr DynGroupBase:1 -olcObjectIdentifier: {7}DynGroupOC DynGroupBase:2 -olcAttributeTypes: {0}( NetscapeLDAPattributeType:198 NAME 'memberURL' DESC 'I - dentifies an URL associated with each member of a group. Any type of labeled - URL can be used.' SUP labeledURI ) -olcAttributeTypes: {1}( DynGroupAttr:1 NAME 'dgIdentity' DESC 'Identity to use - when processing the memberURL' SUP distinguishedName SINGLE-VALUE ) -olcAttributeTypes: {2}( DynGroupAttr:2 NAME 'dgAuthz' DESC 'Optional authoriza - tion rules that determine who is allowed to assume the dgIdentity' EQUALITY a - uthzMatch SYNTAX 1.3.6.1.4.1.4203.666.2.7 X-ORDERED 'VALUES' ) -olcObjectClasses: {0}( NetscapeLDAPobjectClass:33 NAME 'groupOfURLs' SUP top S - TRUCTURAL MUST cn MAY ( memberURL $ businessCategory $ description $ o $ ou $ - owner $ seeAlso ) ) -olcObjectClasses: {1}( DynGroupOC:1 NAME 'dgIdentityAux' SUP top AUXILIARY MAY - ( dgIdentity $ dgAuthz ) ) diff --git a/openldap/schema/._cfg0000_dyngroup.schema b/openldap/schema/._cfg0000_dyngroup.schema deleted file mode 100644 index 211f6e6a..00000000 --- a/openldap/schema/._cfg0000_dyngroup.schema +++ /dev/null @@ -1,91 +0,0 @@ -# dyngroup.schema -- Dynamic Group schema -# $OpenLDAP$ -## This work is part of OpenLDAP Software . -## -## Copyright 1998-2011 The OpenLDAP Foundation. -## All rights reserved. -## -## Redistribution and use in source and binary forms, with or without -## modification, are permitted only as authorized by the OpenLDAP -## Public License. -## -## A copy of this license is available in the file LICENSE in the -## top-level directory of the distribution or, alternatively, at -## . -# -# Dynamic Group schema (experimental), as defined by Netscape. See -# http://www.redhat.com/docs/manuals/ent-server/pdf/esadmin611.pdf -# page 70 for details on how these groups were used. -# -# A description of the objectclass definition is available here: -# http://www.redhat.com/docs/manuals/dir-server/schema/7.1/oc_dir.html#1303745 -# -# depends upon: -# core.schema -# -# These definitions are considered experimental due to the lack of -# a formal specification (e.g., RFC). -# -# NOT RECOMMENDED FOR PRODUCTION USE! USE WITH CAUTION! -# -# The Netscape documentation describes this as an auxiliary objectclass -# but their implementations have always defined it as a structural class. -# The sloppiness here is because Netscape-derived servers don't actually -# implement the X.500 data model, and they don't honor the distinction -# between structural and auxiliary classes. This fact is noted here: -# http://forum.java.sun.com/thread.jspa?threadID=5016864&messageID=9034636 -# -# In accordance with other existing implementations, we define it as a -# structural class. -# -# Our definition of memberURL also does not match theirs but again -# their published definition and what works in practice do not agree. -# In other words, the Netscape definitions are broken and interoperability -# is not guaranteed. -# -# Also see the new DynGroup proposed spec at -# http://tools.ietf.org/html/draft-haripriya-dynamicgroup-02 - -objectIdentifier NetscapeRoot 2.16.840.1.113730 - -objectIdentifier NetscapeLDAP NetscapeRoot:3 -objectIdentifier NetscapeLDAPattributeType NetscapeLDAP:1 -objectIdentifier NetscapeLDAPobjectClass NetscapeLDAP:2 - -objectIdentifier OpenLDAPExp11 1.3.6.1.4.1.4203.666.11 -objectIdentifier DynGroupBase OpenLDAPExp11:8 -objectIdentifier DynGroupAttr DynGroupBase:1 -objectIdentifier DynGroupOC DynGroupBase:2 - -attributetype ( NetscapeLDAPattributeType:198 - NAME 'memberURL' - DESC 'Identifies an URL associated with each member of a group. Any type of labeled URL can be used.' - SUP labeledURI ) - -attributetype ( DynGroupAttr:1 - NAME 'dgIdentity' - DESC 'Identity to use when processing the memberURL' - SUP distinguishedName SINGLE-VALUE ) - -attributeType ( DynGroupAttr:2 - NAME 'dgAuthz' - DESC 'Optional authorization rules that determine who is allowed to assume the dgIdentity' - EQUALITY authzMatch - SYNTAX 1.3.6.1.4.1.4203.666.2.7 - X-ORDERED 'VALUES' ) - -objectClass ( NetscapeLDAPobjectClass:33 - NAME 'groupOfURLs' - SUP top STRUCTURAL - MUST cn - MAY ( memberURL $ businessCategory $ description $ o $ ou $ - owner $ seeAlso ) ) - -# The Haripriya dyngroup schema still needs a lot of work. -# We're just adding support for the dgIdentity attribute for now... -objectClass ( DynGroupOC:1 - NAME 'dgIdentityAux' - SUP top AUXILIARY - MAY ( dgIdentity $ dgAuthz ) ) - - diff --git a/openldap/schema/._cfg0000_inetorgperson.ldif b/openldap/schema/._cfg0000_inetorgperson.ldif deleted file mode 100644 index 80698c84..00000000 --- a/openldap/schema/._cfg0000_inetorgperson.ldif +++ /dev/null @@ -1,69 +0,0 @@ -# InetOrgPerson (RFC2798) -# $OpenLDAP$ -## This work is part of OpenLDAP Software . -## -## Copyright 1998-2011 The OpenLDAP Foundation. -## All rights reserved. -## -## Redistribution and use in source and binary forms, with or without -## modification, are permitted only as authorized by the OpenLDAP -## Public License. -## -## A copy of this license is available in the file LICENSE in the -## top-level directory of the distribution or, alternatively, at -## . -# -# InetOrgPerson (RFC2798) -# -# Depends upon -# Definition of an X.500 Attribute Type and an Object Class to Hold -# Uniform Resource Identifiers (URIs) [RFC2079] -# (core.ldif) -# -# A Summary of the X.500(96) User Schema for use with LDAPv3 [RFC2256] -# (core.ldif) -# -# The COSINE and Internet X.500 Schema [RFC1274] (cosine.ldif) -# -# This file was automatically generated from inetorgperson.schema; see -# that file for complete references. -# -dn: cn=inetorgperson,cn=schema,cn=config -objectClass: olcSchemaConfig -cn: inetorgperson -olcAttributeTypes: ( 2.16.840.1.113730.3.1.1 NAME 'carLicense' DESC 'RFC279 - 8: vehicle license or registration plate' EQUALITY caseIgnoreMatch SUBSTR cas - eIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) -olcAttributeTypes: ( 2.16.840.1.113730.3.1.2 NAME 'departmentNumber' DESC ' - RFC2798: identifies a department within an organization' EQUALITY caseIgnoreM - atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) -olcAttributeTypes: ( 2.16.840.1.113730.3.1.241 NAME 'displayName' DESC 'RFC - 2798: preferred name to be used when displaying entries' EQUALITY caseIgnoreM - atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI - NGLE-VALUE ) -olcAttributeTypes: ( 2.16.840.1.113730.3.1.3 NAME 'employeeNumber' DESC 'RF - C2798: numerically identifies an employee within an organization' EQUALITY ca - seIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 - 1.1.15 SINGLE-VALUE ) -olcAttributeTypes: ( 2.16.840.1.113730.3.1.4 NAME 'employeeType' DESC 'RFC2 - 798: type of employment for a person' EQUALITY caseIgnoreMatch SUBSTR caseIgn - oreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) -olcAttributeTypes: ( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' DESC 'RFC2 - 798: a JPEG image' SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 ) -olcAttributeTypes: ( 2.16.840.1.113730.3.1.39 NAME 'preferredLanguage' DESC - 'RFC2798: preferred written or spoken language for a person' EQUALITY caseIg - noreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. - 15 SINGLE-VALUE ) -olcAttributeTypes: ( 2.16.840.1.113730.3.1.40 NAME 'userSMIMECertificate' D - ESC 'RFC2798: PKCS#7 SignedData used to support S/MIME' SYNTAX 1.3.6.1.4.1.14 - 66.115.121.1.5 ) -olcAttributeTypes: ( 2.16.840.1.113730.3.1.216 NAME 'userPKCS12' DESC 'RFC2 - 798: personal identity information, a PKCS #12 PFX' SYNTAX 1.3.6.1.4.1.1466.1 - 15.121.1.5 ) -olcObjectClasses: ( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson' DESC 'RFC2 - 798: Internet Organizational Person' SUP organizationalPerson STRUCTURAL MAY - ( audio $ businessCategory $ carLicense $ departmentNumber $ displayName $ em - ployeeNumber $ employeeType $ givenName $ homePhone $ homePostalAddress $ ini - tials $ jpegPhoto $ labeledURI $ mail $ manager $ mobile $ o $ pager $ photo - $ roomNumber $ secretary $ uid $ userCertificate $ x500uniqueIdentifier $ pre - ferredLanguage $ userSMIMECertificate $ userPKCS12 ) ) diff --git a/openldap/schema/._cfg0000_inetorgperson.schema b/openldap/schema/._cfg0000_inetorgperson.schema deleted file mode 100644 index 6ba88f3f..00000000 --- a/openldap/schema/._cfg0000_inetorgperson.schema +++ /dev/null @@ -1,155 +0,0 @@ -# inetorgperson.schema -- InetOrgPerson (RFC2798) -# $OpenLDAP$ -## This work is part of OpenLDAP Software . -## -## Copyright 1998-2011 The OpenLDAP Foundation. -## All rights reserved. -## -## Redistribution and use in source and binary forms, with or without -## modification, are permitted only as authorized by the OpenLDAP -## Public License. -## -## A copy of this license is available in the file LICENSE in the -## top-level directory of the distribution or, alternatively, at -## . -# -# InetOrgPerson (RFC2798) -# -# Depends upon -# Definition of an X.500 Attribute Type and an Object Class to Hold -# Uniform Resource Identifiers (URIs) [RFC2079] -# (core.schema) -# -# A Summary of the X.500(96) User Schema for use with LDAPv3 [RFC2256] -# (core.schema) -# -# The COSINE and Internet X.500 Schema [RFC1274] (cosine.schema) - -# carLicense -# This multivalued field is used to record the values of the license or -# registration plate associated with an individual. -attributetype ( 2.16.840.1.113730.3.1.1 - NAME 'carLicense' - DESC 'RFC2798: vehicle license or registration plate' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) - -# departmentNumber -# Code for department to which a person belongs. This can also be -# strictly numeric (e.g., 1234) or alphanumeric (e.g., ABC/123). -attributetype ( 2.16.840.1.113730.3.1.2 - NAME 'departmentNumber' - DESC 'RFC2798: identifies a department within an organization' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) - -# displayName -# When displaying an entry, especially within a one-line summary list, it -# is useful to be able to identify a name to be used. Since other attri- -# bute types such as 'cn' are multivalued, an additional attribute type is -# needed. Display name is defined for this purpose. -attributetype ( 2.16.840.1.113730.3.1.241 - NAME 'displayName' - DESC 'RFC2798: preferred name to be used when displaying entries' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 - SINGLE-VALUE ) - -# employeeNumber -# Numeric or alphanumeric identifier assigned to a person, typically based -# on order of hire or association with an organization. Single valued. -attributetype ( 2.16.840.1.113730.3.1.3 - NAME 'employeeNumber' - DESC 'RFC2798: numerically identifies an employee within an organization' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 - SINGLE-VALUE ) - -# employeeType -# Used to identify the employer to employee relationship. Typical values -# used will be "Contractor", "Employee", "Intern", "Temp", "External", and -# "Unknown" but any value may be used. -attributetype ( 2.16.840.1.113730.3.1.4 - NAME 'employeeType' - DESC 'RFC2798: type of employment for a person' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) - -# jpegPhoto -# Used to store one or more images of a person using the JPEG File -# Interchange Format [JFIF]. -# Note that the jpegPhoto attribute type was defined for use in the -# Internet X.500 pilots but no referencable definition for it could be -# located. -attributetype ( 0.9.2342.19200300.100.1.60 - NAME 'jpegPhoto' - DESC 'RFC2798: a JPEG image' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 ) - -# preferredLanguage -# Used to indicate an individual's preferred written or spoken -# language. This is useful for international correspondence or human- -# computer interaction. Values for this attribute type MUST conform to -# the definition of the Accept-Language header field defined in -# [RFC2068] with one exception: the sequence "Accept-Language" ":" -# should be omitted. This is a single valued attribute type. -attributetype ( 2.16.840.1.113730.3.1.39 - NAME 'preferredLanguage' - DESC 'RFC2798: preferred written or spoken language for a person' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 - SINGLE-VALUE ) - -# userSMIMECertificate -# A PKCS#7 [RFC2315] SignedData, where the content that is signed is -# ignored by consumers of userSMIMECertificate values. It is -# recommended that values have a `contentType' of data with an absent -# `content' field. Values of this attribute contain a person's entire -# certificate chain and an smimeCapabilities field [RFC2633] that at a -# minimum describes their SMIME algorithm capabilities. Values for -# this attribute are to be stored and requested in binary form, as -# 'userSMIMECertificate;binary'. If available, this attribute is -# preferred over the userCertificate attribute for S/MIME applications. -## OpenLDAP note: ";binary" transfer should NOT be used as syntax is binary -attributetype ( 2.16.840.1.113730.3.1.40 - NAME 'userSMIMECertificate' - DESC 'RFC2798: PKCS#7 SignedData used to support S/MIME' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ) - -# userPKCS12 -# PKCS #12 [PKCS12] provides a format for exchange of personal identity -# information. When such information is stored in a directory service, -# the userPKCS12 attribute should be used. This attribute is to be stored -# and requested in binary form, as 'userPKCS12;binary'. The attribute -# values are PFX PDUs stored as binary data. -## OpenLDAP note: ";binary" transfer should NOT be used as syntax is binary -attributetype ( 2.16.840.1.113730.3.1.216 - NAME 'userPKCS12' - DESC 'RFC2798: personal identity information, a PKCS #12 PFX' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ) - - -# inetOrgPerson -# The inetOrgPerson represents people who are associated with an -# organization in some way. It is a structural class and is derived -# from the organizationalPerson which is defined in X.521 [X521]. -objectclass ( 2.16.840.1.113730.3.2.2 - NAME 'inetOrgPerson' - DESC 'RFC2798: Internet Organizational Person' - SUP organizationalPerson - STRUCTURAL - MAY ( - audio $ businessCategory $ carLicense $ departmentNumber $ - displayName $ employeeNumber $ employeeType $ givenName $ - homePhone $ homePostalAddress $ initials $ jpegPhoto $ - labeledURI $ mail $ manager $ mobile $ o $ pager $ - photo $ roomNumber $ secretary $ uid $ userCertificate $ - x500uniqueIdentifier $ preferredLanguage $ - userSMIMECertificate $ userPKCS12 ) - ) diff --git a/openldap/schema/._cfg0000_java.schema b/openldap/schema/._cfg0000_java.schema deleted file mode 100644 index 379c476b..00000000 --- a/openldap/schema/._cfg0000_java.schema +++ /dev/null @@ -1,403 +0,0 @@ -# java.schema -- Java Object Schema -# $OpenLDAP$ -## This work is part of OpenLDAP Software . -## -## Copyright 1998-2011 The OpenLDAP Foundation. -## All rights reserved. -## -## Redistribution and use in source and binary forms, with or without -## modification, are permitted only as authorized by the OpenLDAP -## Public License. -## -## A copy of this license is available in the file LICENSE in the -## top-level directory of the distribution or, alternatively, at -## . -# -# Java Object Schema (defined in RFC 2713) -# depends upon core.schema -# - -# Network Working Group V. Ryan -# Request for Comments: 2713 S. Seligman -# Category: Informational R. Lee -# Sun Microsystems, Inc. -# October 1999 -# -# -# Schema for Representing Java(tm) Objects in an LDAP Directory -# -# Status of this Memo -# -# This memo provides information for the Internet community. It does -# not specify an Internet standard of any kind. Distribution of this -# memo is unlimited. -# -# Copyright Notice -# -# Copyright (C) The Internet Society (1999). All Rights Reserved. -# -# Abstract -# -# This document defines the schema for representing Java(tm) objects in -# an LDAP directory [LDAPv3]. It defines schema elements to represent -# a Java serialized object [Serial], a Java marshalled object [RMI], a -# Java remote object [RMI], and a JNDI reference [JNDI]. -# - -# [trimmed] - -# 3 Attribute Type Definitions -# -# The following attribute types are defined in this document: -# -# javaClassName -# javaClassNames -# javaCodebase -# javaSerializedData -# javaFactory -# javaReferenceAddress -# javaDoc -# -# 3.1 javaClassName -# -# This attribute stores the fully qualified name of the Java object's -# "distinguished" class or interface (for example, "java.lang.String"). -# It is a single-valued attribute. This attribute's syntax is ' -# Directory String' and its case is significant. -# -# ( 1.3.6.1.4.1.42.2.27.4.1.6 -# NAME 'javaClassName' -# DESC 'Fully qualified name of distinguished Java class or -# interface' -# EQUALITY caseExactMatch -# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 -# SINGLE-VALUE -# ) -# -attributetype ( 1.3.6.1.4.1.42.2.27.4.1.6 - NAME 'javaClassName' - DESC 'Fully qualified name of distinguished Java class or interface' - EQUALITY caseExactMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 - SINGLE-VALUE ) - -# 3.2 javaCodebase -# -# This attribute stores the Java class definition's locations. It -# specifies the locations from which to load the class definition for -# the class specified by the javaClassName attribute. Each value of -# the attribute contains an ordered list of URLs, separated by spaces. -# For example, a value of "url1 url2 url3" means that the three -# (possibly interdependent) URLs (url1, url2, and url3) form the -# codebase for loading in the Java class definition. -# -# If the javaCodebase attribute contains more than one value, each -# value is an independent codebase. That is, there is no relationship -# between the URLs in one value and those in another; each value can be -# viewed as an alternate source for loading the Java class definition. -# See [Java] for information regarding class loading. -# -# This attribute's syntax is 'IA5 String' and its case is significant. -# -# ( 1.3.6.1.4.1.42.2.27.4.1.7 -# NAME 'javaCodebase' -# DESC 'URL(s) specifying the location of class definition' -# EQUALITY caseExactIA5Match -# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 -# ) -# -attributetype ( 1.3.6.1.4.1.42.2.27.4.1.7 - NAME 'javaCodebase' - DESC 'URL(s) specifying the location of class definition' - EQUALITY caseExactIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -# 3.3 javaClassNames -# -# This attribute stores the Java object's fully qualified class or -# interface names (for example, "java.lang.String"). It is a -# multivalued attribute. When more than one value is present, each is -# the name of a class or interface, or ancestor class or interface, of -# this object. -# -# This attribute's syntax is 'Directory String' and its case is -# significant. -# -# ( 1.3.6.1.4.1.42.2.27.4.1.13 -# NAME 'javaClassNames' -# DESC 'Fully qualified Java class or interface name' -# EQUALITY caseExactMatch -# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 -# ) -# -# -attributetype ( 1.3.6.1.4.1.42.2.27.4.1.13 - NAME 'javaClassNames' - DESC 'Fully qualified Java class or interface name' - EQUALITY caseExactMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) - -# 3.4 javaSerializedData -# -# This attribute stores the serialized form of a Java object. The -# serialized form is described in [Serial]. -# -# This attribute's syntax is 'Octet String'. -# -# ( 1.3.6.1.4.1.42.2.27.4.1.8 -# NAME 'javaSerializedData -# DESC 'Serialized form of a Java object' -# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 -# SINGLE-VALUE -# ) -# -attributetype ( 1.3.6.1.4.1.42.2.27.4.1.8 - NAME 'javaSerializedData' - DESC 'Serialized form of a Java object' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 - SINGLE-VALUE ) - -# 3.5 javaFactory -# -# This attribute stores the fully qualified class name of the object -# factory (for example, "com.wiz.jndi.WizObjectFactory") that can be -# used to create an instance of the object identified by the -# javaClassName attribute. -# -# This attribute's syntax is 'Directory String' and its case is -# significant. -# -# ( 1.3.6.1.4.1.42.2.27.4.1.10 -# NAME 'javaFactory' -# DESC 'Fully qualified Java class name of a JNDI object factory' -# EQUALITY caseExactMatch -# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 -# SINGLE-VALUE -# ) -# -attributetype ( 1.3.6.1.4.1.42.2.27.4.1.10 - NAME 'javaFactory' - DESC 'Fully qualified Java class name of a JNDI object factory' - EQUALITY caseExactMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 - SINGLE-VALUE ) - -# 3.6 javaReferenceAddress -# -# This attribute represents the sequence of addresses of a JNDI -# reference. Each of its values represents one address, a Java object -# of type javax.naming.RefAddr. Its value is a concatenation of the -# address type and address contents, preceded by a sequence number (the -# order of addresses in a JNDI reference is significant). For example: -# -# #0#TypeA#ValA -# #1#TypeB#ValB -# #2#TypeC##rO0ABXNyABpq... -# -# In more detail, the value is encoded as follows: -# -# The delimiter is the first character of the value. For readability -# the character '#' is recommended when it is not otherwise used -# anywhere in the value, but any character may be used subject to -# restrictions given below. -# -# The first delimiter is followed by the sequence number. The sequence -# number of an address is its position in the JNDI reference, with the -# first address being numbered 0. It is represented by its shortest -# string form, in decimal notation. -# -# The sequence number is followed by a delimiter, then by the address -# type, and then by another delimiter. If the address is of Java class -# javax.naming.StringRefAddr, then this delimiter is followed by the -# value of the address contents (which is a string). Otherwise, this -# delimiter is followed immediately by another delimiter, and then by -# the Base64 encoding of the serialized form of the entire address. -# -# The delimiter may be any character other than a digit or a character -# contained in the address type. In addition, if the address contents -# is a string, the delimiter may not be the first character of that -# string. -# -# This attribute's syntax is 'Directory String' and its case is -# significant. It can contain multiple values. -# -# ( 1.3.6.1.4.1.42.2.27.4.1.11 -# NAME 'javaReferenceAddress' -# DESC 'Addresses associated with a JNDI Reference' -# EQUALITY caseExactMatch -# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 -# ) -# -attributetype ( 1.3.6.1.4.1.42.2.27.4.1.11 - NAME 'javaReferenceAddress' - DESC 'Addresses associated with a JNDI Reference' - EQUALITY caseExactMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) - -# 3.7 javaDoc -# -# This attribute stores a pointer to the Java documentation for the -# class. It's value is a URL. For example, the following URL points to -# the specification of the java.lang.String class: -# http://java.sun.com/products/jdk/1.2/docs/api/java/lang/String.html -# -# This attribute's syntax is 'IA5 String' and its case is significant. -# -# ( 1.3.6.1.4.1.42.2.27.4.1.12 -# NAME 'javaDoc' -# DESC 'The Java documentation for the class' -# EQUALITY caseExactIA5Match -# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 -# ) -# -attributetype ( 1.3.6.1.4.1.42.2.27.4.1.12 - NAME 'javaDoc' - DESC 'The Java documentation for the class' - EQUALITY caseExactIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -# 4 Object Class Definitions -# -# The following object classes are defined in this document: -# -# javaContainer -# javaObject -# javaSerializedObject -# javaMarshalledObject -# javaNamingReference -# -# 4.1 javaContainer -# -# This structural object class represents a container for a Java -# object. -# -# ( 1.3.6.1.4.1.42.2.27.4.2.1 -# NAME 'javaContainer' -# DESC 'Container for a Java object' -# SUP top -# STRUCTURAL -# MUST ( cn ) -# ) -# -objectclass ( 1.3.6.1.4.1.42.2.27.4.2.1 - NAME 'javaContainer' - DESC 'Container for a Java object' - SUP top - STRUCTURAL - MUST cn ) - -# 4.2 javaObject -# -# This abstract object class represents a Java object. A javaObject -# cannot exist in the directory; only auxiliary or structural -# subclasses of it can exist in the directory. -# -# ( 1.3.6.1.4.1.42.2.27.4.2.4 -# NAME 'javaObject' -# DESC 'Java object representation' -# SUP top -# ABSTRACT -# MUST ( javaClassName ) -# MAY ( javaClassNames $ -# javaCodebase $ -# javaDoc $ -# description ) -# ) -# -objectclass ( 1.3.6.1.4.1.42.2.27.4.2.4 - NAME 'javaObject' - DESC 'Java object representation' - SUP top - ABSTRACT - MUST javaClassName - MAY ( javaClassNames $ javaCodebase $ - javaDoc $ description ) ) - -# 4.3 javaSerializedObject -# -# This auxiliary object class represents a Java serialized object. It -# must be mixed in with a structural object class. -# -# ( 1.3.6.1.4.1.42.2.27.4.2.5 -# NAME 'javaSerializedObject' -# DESC 'Java serialized object' -# SUP javaObject -# AUXILIARY -# MUST ( javaSerializedData ) -# ) -# -objectclass ( 1.3.6.1.4.1.42.2.27.4.2.5 - NAME 'javaSerializedObject' - DESC 'Java serialized object' - SUP javaObject - AUXILIARY - MUST javaSerializedData ) - -# 4.4 javaMarshalledObject -# -# This auxiliary object class represents a Java marshalled object. It -# must be mixed in with a structural object class. -# -# ( 1.3.6.1.4.1.42.2.27.4.2.8 -# NAME 'javaMarshalledObject' -# DESC 'Java marshalled object' -# SUP javaObject -# AUXILIARY -# MUST ( javaSerializedData ) -# ) -# -objectclass ( 1.3.6.1.4.1.42.2.27.4.2.8 - NAME 'javaMarshalledObject' - DESC 'Java marshalled object' - SUP javaObject - AUXILIARY - MUST javaSerializedData ) - -# 4.5 javaNamingReference -# -# This auxiliary object class represents a JNDI reference. It must be -# mixed in with a structural object class. -# -# ( 1.3.6.1.4.1.42.2.27.4.2.7 -# NAME 'javaNamingReference' -# DESC 'JNDI reference' -# SUP javaObject -# AUXILIARY -# MAY ( javaReferenceAddress $ -# javaFactory ) -# ) -# -objectclass ( 1.3.6.1.4.1.42.2.27.4.2.7 - NAME 'javaNamingReference' - DESC 'JNDI reference' - SUP javaObject - AUXILIARY - MAY ( javaReferenceAddress $ javaFactory ) ) - -# Full Copyright Statement -# -# Copyright (C) The Internet Society (1999). All Rights Reserved. -# -# This document and translations of it may be copied and furnished to -# others, and derivative works that comment on or otherwise explain it -# or assist in its implementation may be prepared, copied, published -# and distributed, in whole or in part, without restriction of any -# kind, provided that the above copyright notice and this paragraph are -# included on all such copies and derivative works. However, this -# document itself may not be modified in any way, such as by removing -# the copyright notice or references to the Internet Society or other -# Internet organizations, except as needed for the purpose of -# developing Internet standards in which case the procedures for -# copyrights defined in the Internet Standards process must be -# followed, or as required to translate it into languages other than -# English. -# -# The limited permissions granted above are perpetual and will not be -# revoked by the Internet Society or its successors or assigns. -# -# This document and the information contained herein is provided on an -# "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING -# TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING -# BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION -# HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF -# MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. diff --git a/openldap/schema/._cfg0000_misc.schema b/openldap/schema/._cfg0000_misc.schema deleted file mode 100644 index f4886c4f..00000000 --- a/openldap/schema/._cfg0000_misc.schema +++ /dev/null @@ -1,75 +0,0 @@ -# misc.schema -- assorted schema definitions -# $OpenLDAP$ -## This work is part of OpenLDAP Software . -## -## Copyright 1998-2011 The OpenLDAP Foundation. -## All rights reserved. -## -## Redistribution and use in source and binary forms, with or without -## modification, are permitted only as authorized by the OpenLDAP -## Public License. -## -## A copy of this license is available in the file LICENSE in the -## top-level directory of the distribution or, alternatively, at -## . -# -# Assorted definitions from several sources, including -# ''works in progress''. Contents of this file are -# subject to change (including deletion) without notice. -# -# Not recommended for production use! -# Use with extreme caution! - -#----------------------------------------------------------- -# draft-lachman-laser-ldap-mail-routing-02.txt !!!EXPIRED!!! -# (a work in progress) -# -attributetype ( 2.16.840.1.113730.3.1.13 - NAME 'mailLocalAddress' - DESC 'RFC822 email address of this recipient' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) - -attributetype ( 2.16.840.1.113730.3.1.18 - NAME 'mailHost' - DESC 'FQDN of the SMTP/MTA of this recipient' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} - SINGLE-VALUE ) - -attributetype ( 2.16.840.1.113730.3.1.47 - NAME 'mailRoutingAddress' - DESC 'RFC822 routing address of this recipient' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} - SINGLE-VALUE ) - -# I-D leaves this OID TBD. -# iPlanet uses 2.16.840.1.113.730.3.2.147 but that is an -# improperly delegated OID. A typo is likely. -objectclass ( 2.16.840.1.113730.3.2.147 - NAME 'inetLocalMailRecipient' - DESC 'Internet local mail recipient' - SUP top AUXILIARY - MAY ( mailLocalAddress $ mailHost $ mailRoutingAddress ) ) - -#----------------------------------------------------------- -# draft-srivastava-ldap-mail-00.txt !!!EXPIRED!!! -# (a work in progress) -# -attributetype ( 1.3.6.1.4.1.42.2.27.2.1.15 - NAME 'rfc822MailMember' - DESC 'rfc822 mail address of group member(s)' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -#----------------------------------------------------------- -# !!!no I-D!!! -# (a work in progress) -# -objectclass ( 1.3.6.1.4.1.42.2.27.1.2.5 - NAME 'nisMailAlias' - DESC 'NIS mail alias' - SUP top STRUCTURAL - MUST cn - MAY rfc822MailMember ) diff --git a/openldap/schema/._cfg0000_nis.ldif b/openldap/schema/._cfg0000_nis.ldif deleted file mode 100644 index f2c7df2c..00000000 --- a/openldap/schema/._cfg0000_nis.ldif +++ /dev/null @@ -1,120 +0,0 @@ -# NIS (RFC2307) -# $OpenLDAP$ -## This work is part of OpenLDAP Software . -## -## Copyright 1998-2011 The OpenLDAP Foundation. -## All rights reserved. -## -## Redistribution and use in source and binary forms, with or without -## modification, are permitted only as authorized by the OpenLDAP -## Public License. -## -## A copy of this license is available in the file LICENSE in the -## top-level directory of the distribution or, alternatively, at -## . -# -# Definitions from RFC2307 (Experimental) -# An Approach for Using LDAP as a Network Information Service -# -# Depends upon core.ldif and cosine.ldif -# -# This file was automatically generated from nis.schema; see that file -# for complete references. -# -dn: cn=nis,cn=schema,cn=config -objectClass: olcSchemaConfig -cn: nis -olcAttributeTypes: ( 1.3.6.1.1.1.1.2 NAME 'gecos' DESC 'The GECOS field; th - e common name' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatc - h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) -olcAttributeTypes: ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory' DESC 'The absolut - e path to the home directory' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1 - 466.115.121.1.26 SINGLE-VALUE ) -olcAttributeTypes: ( 1.3.6.1.1.1.1.4 NAME 'loginShell' DESC 'The path to th - e login shell' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.2 - 6 SINGLE-VALUE ) -olcAttributeTypes: ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' EQUALITY integ - erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) -olcAttributeTypes: ( 1.3.6.1.1.1.1.6 NAME 'shadowMin' EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) -olcAttributeTypes: ( 1.3.6.1.1.1.1.7 NAME 'shadowMax' EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) -olcAttributeTypes: ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning' EQUALITY integerM - atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) -olcAttributeTypes: ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive' EQUALITY integer - Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) -olcAttributeTypes: ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire' EQUALITY integerM - atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) -olcAttributeTypes: ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag' EQUALITY integerMat - ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) -olcAttributeTypes: ( 1.3.6.1.1.1.1.12 NAME 'memberUid' EQUALITY caseExactI - A5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. - 26 ) -olcAttributeTypes: ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup' EQUALITY ca - seExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.11 - 5.121.1.26 ) -olcAttributeTypes: ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' DESC 'Netgr - oup triple' SYNTAX 1.3.6.1.1.1.0.0 ) -olcAttributeTypes: ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort' EQUALITY intege - rMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) -olcAttributeTypes: ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol' SUP name ) -olcAttributeTypes: ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber' EQUALITY int - egerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) -olcAttributeTypes: ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber' EQUALITY integer - Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) -olcAttributeTypes: ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber' DESC 'IP address - ' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) -olcAttributeTypes: ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber' DESC 'IP netw - ork' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SI - NGLE-VALUE ) -olcAttributeTypes: ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber' DESC 'IP netm - ask' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SI - NGLE-VALUE ) -olcAttributeTypes: ( 1.3.6.1.1.1.1.22 NAME 'macAddress' DESC 'MAC address' - EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) -olcAttributeTypes: ( 1.3.6.1.1.1.1.23 NAME 'bootParameter' DESC 'rpc.bootp - aramd parameter' SYNTAX 1.3.6.1.1.1.0.1 ) -olcAttributeTypes: ( 1.3.6.1.1.1.1.24 NAME 'bootFile' DESC 'Boot image nam - e' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) -olcAttributeTypes: ( 1.3.6.1.1.1.1.26 NAME 'nisMapName' SUP name ) -olcAttributeTypes: ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry' EQUALITY caseExac - tIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121. - 1.26{1024} SINGLE-VALUE ) -olcObjectClasses: ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' DESC 'Abstraction o - f an account with POSIX attributes' SUP top AUXILIARY MUST ( cn $ uid $ uidNu - mber $ gidNumber $ homeDirectory ) MAY ( userPassword $ loginShell $ gecos $ - description ) ) -olcObjectClasses: ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' DESC 'Additional a - ttributes for shadow passwords' SUP top AUXILIARY MUST uid MAY ( userPassword - $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive - $ shadowExpire $ shadowFlag $ description ) ) -olcObjectClasses: ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' DESC 'Abstraction of - a group of accounts' SUP top STRUCTURAL MUST ( cn $ gidNumber ) MAY ( userPas - sword $ memberUid $ description ) ) -olcObjectClasses: ( 1.3.6.1.1.1.2.3 NAME 'ipService' DESC 'Abstraction an I - nternet Protocol service' SUP top STRUCTURAL MUST ( cn $ ipServicePort $ ipSe - rviceProtocol ) MAY description ) -olcObjectClasses: ( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' DESC 'Abstraction of - an IP protocol' SUP top STRUCTURAL MUST ( cn $ ipProtocolNumber $ description - ) MAY description ) -olcObjectClasses: ( 1.3.6.1.1.1.2.5 NAME 'oncRpc' DESC 'Abstraction of an O - NC/RPC binding' SUP top STRUCTURAL MUST ( cn $ oncRpcNumber $ description ) M - AY description ) -olcObjectClasses: ( 1.3.6.1.1.1.2.6 NAME 'ipHost' DESC 'Abstraction of a ho - st, an IP device' SUP top AUXILIARY MUST ( cn $ ipHostNumber ) MAY ( l $ desc - ription $ manager ) ) -olcObjectClasses: ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' DESC 'Abstraction of a - n IP network' SUP top STRUCTURAL MUST ( cn $ ipNetworkNumber ) MAY ( ipNetmas - kNumber $ l $ description $ manager ) ) -olcObjectClasses: ( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' DESC 'Abstraction of - a netgroup' SUP top STRUCTURAL MUST cn MAY ( nisNetgroupTriple $ memberNisNe - tgroup $ description ) ) -olcObjectClasses: ( 1.3.6.1.1.1.2.9 NAME 'nisMap' DESC 'A generic abstracti - on of a NIS map' SUP top STRUCTURAL MUST nisMapName MAY description ) -olcObjectClasses: ( 1.3.6.1.1.1.2.10 NAME 'nisObject' DESC 'An entry in a - NIS map' SUP top STRUCTURAL MUST ( cn $ nisMapEntry $ nisMapName ) MAY descri - ption ) -olcObjectClasses: ( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' DESC 'A device w - ith a MAC address' SUP top AUXILIARY MAY macAddress ) -olcObjectClasses: ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' DESC 'A device - with boot parameters' SUP top AUXILIARY MAY ( bootFile $ bootParameter ) ) diff --git a/openldap/schema/._cfg0000_nis.schema b/openldap/schema/._cfg0000_nis.schema deleted file mode 100644 index c4ac5c6b..00000000 --- a/openldap/schema/._cfg0000_nis.schema +++ /dev/null @@ -1,237 +0,0 @@ -# $OpenLDAP$ -## This work is part of OpenLDAP Software . -## -## Copyright 1998-2011 The OpenLDAP Foundation. -## All rights reserved. -## -## Redistribution and use in source and binary forms, with or without -## modification, are permitted only as authorized by the OpenLDAP -## Public License. -## -## A copy of this license is available in the file LICENSE in the -## top-level directory of the distribution or, alternatively, at -## . - -# Definitions from RFC2307 (Experimental) -# An Approach for Using LDAP as a Network Information Service - -# Depends upon core.schema and cosine.schema - -# Note: The definitions in RFC2307 are given in syntaxes closely related -# to those in RFC2252, however, some liberties are taken that are not -# supported by RFC2252. This file has been written following RFC2252 -# strictly. - -# OID Base is iso(1) org(3) dod(6) internet(1) directory(1) nisSchema(1). -# i.e. nisSchema in RFC2307 is 1.3.6.1.1.1 -# -# Syntaxes are under 1.3.6.1.1.1.0 (two new syntaxes are defined) -# validaters for these syntaxes are incomplete, they only -# implement printable string validation (which is good as the -# common use of these syntaxes violates the specification). -# Attribute types are under 1.3.6.1.1.1.1 -# Object classes are under 1.3.6.1.1.1.2 - -# Attribute Type Definitions - -# builtin -#attributetype ( 1.3.6.1.1.1.1.0 NAME 'uidNumber' -# DESC 'An integer uniquely identifying a user in an administrative domain' -# EQUALITY integerMatch -# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) - -# builtin -#attributetype ( 1.3.6.1.1.1.1.1 NAME 'gidNumber' -# DESC 'An integer uniquely identifying a group in an administrative domain' -# EQUALITY integerMatch -# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) - -attributetype ( 1.3.6.1.1.1.1.2 NAME 'gecos' - DESC 'The GECOS field; the common name' - EQUALITY caseIgnoreIA5Match - SUBSTR caseIgnoreIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) - -attributetype ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory' - DESC 'The absolute path to the home directory' - EQUALITY caseExactIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) - -attributetype ( 1.3.6.1.1.1.1.4 NAME 'loginShell' - DESC 'The path to the login shell' - EQUALITY caseExactIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) - -attributetype ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) - -attributetype ( 1.3.6.1.1.1.1.6 NAME 'shadowMin' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) - -attributetype ( 1.3.6.1.1.1.1.7 NAME 'shadowMax' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) - -attributetype ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) - -attributetype ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) - -attributetype ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) - -attributetype ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) - -attributetype ( 1.3.6.1.1.1.1.12 NAME 'memberUid' - EQUALITY caseExactIA5Match - SUBSTR caseExactIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -attributetype ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup' - EQUALITY caseExactIA5Match - SUBSTR caseExactIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -attributetype ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' - DESC 'Netgroup triple' - SYNTAX 1.3.6.1.1.1.0.0 ) - -attributetype ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) - -attributetype ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol' - SUP name ) - -attributetype ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) - -attributetype ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) - -attributetype ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber' - DESC 'IP address' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) - -attributetype ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber' - DESC 'IP network' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGLE-VALUE ) - -attributetype ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber' - DESC 'IP netmask' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGLE-VALUE ) - -attributetype ( 1.3.6.1.1.1.1.22 NAME 'macAddress' - DESC 'MAC address' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) - -attributetype ( 1.3.6.1.1.1.1.23 NAME 'bootParameter' - DESC 'rpc.bootparamd parameter' - SYNTAX 1.3.6.1.1.1.0.1 ) - -attributetype ( 1.3.6.1.1.1.1.24 NAME 'bootFile' - DESC 'Boot image name' - EQUALITY caseExactIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -attributetype ( 1.3.6.1.1.1.1.26 NAME 'nisMapName' - SUP name ) - -attributetype ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry' - EQUALITY caseExactIA5Match - SUBSTR caseExactIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1024} SINGLE-VALUE ) - -# Object Class Definitions - -objectclass ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' - DESC 'Abstraction of an account with POSIX attributes' - SUP top AUXILIARY - MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory ) - MAY ( userPassword $ loginShell $ gecos $ description ) ) - -objectclass ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' - DESC 'Additional attributes for shadow passwords' - SUP top AUXILIARY - MUST uid - MAY ( userPassword $ shadowLastChange $ shadowMin $ - shadowMax $ shadowWarning $ shadowInactive $ - shadowExpire $ shadowFlag $ description ) ) - -objectclass ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' - DESC 'Abstraction of a group of accounts' - SUP top STRUCTURAL - MUST ( cn $ gidNumber ) - MAY ( userPassword $ memberUid $ description ) ) - -objectclass ( 1.3.6.1.1.1.2.3 NAME 'ipService' - DESC 'Abstraction an Internet Protocol service' - SUP top STRUCTURAL - MUST ( cn $ ipServicePort $ ipServiceProtocol ) - MAY ( description ) ) - -objectclass ( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' - DESC 'Abstraction of an IP protocol' - SUP top STRUCTURAL - MUST ( cn $ ipProtocolNumber $ description ) - MAY description ) - -objectclass ( 1.3.6.1.1.1.2.5 NAME 'oncRpc' - DESC 'Abstraction of an ONC/RPC binding' - SUP top STRUCTURAL - MUST ( cn $ oncRpcNumber $ description ) - MAY description ) - -objectclass ( 1.3.6.1.1.1.2.6 NAME 'ipHost' - DESC 'Abstraction of a host, an IP device' - SUP top AUXILIARY - MUST ( cn $ ipHostNumber ) - MAY ( l $ description $ manager ) ) - -objectclass ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' - DESC 'Abstraction of an IP network' - SUP top STRUCTURAL - MUST ( cn $ ipNetworkNumber ) - MAY ( ipNetmaskNumber $ l $ description $ manager ) ) - -objectclass ( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' - DESC 'Abstraction of a netgroup' - SUP top STRUCTURAL - MUST cn - MAY ( nisNetgroupTriple $ memberNisNetgroup $ description ) ) - -objectclass ( 1.3.6.1.1.1.2.9 NAME 'nisMap' - DESC 'A generic abstraction of a NIS map' - SUP top STRUCTURAL - MUST nisMapName - MAY description ) - -objectclass ( 1.3.6.1.1.1.2.10 NAME 'nisObject' - DESC 'An entry in a NIS map' - SUP top STRUCTURAL - MUST ( cn $ nisMapEntry $ nisMapName ) - MAY description ) - -objectclass ( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' - DESC 'A device with a MAC address' - SUP top AUXILIARY - MAY macAddress ) - -objectclass ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' - DESC 'A device with boot parameters' - SUP top AUXILIARY - MAY ( bootFile $ bootParameter ) ) diff --git a/openldap/schema/._cfg0000_openldap.ldif b/openldap/schema/._cfg0000_openldap.ldif deleted file mode 100644 index c680d928..00000000 --- a/openldap/schema/._cfg0000_openldap.ldif +++ /dev/null @@ -1,88 +0,0 @@ -# $OpenLDAP$ -## This work is part of OpenLDAP Software . -## -## Copyright 1998-2011 The OpenLDAP Foundation. -## All rights reserved. -## -## Redistribution and use in source and binary forms, with or without -## modification, are permitted only as authorized by the OpenLDAP -## Public License. -## -## A copy of this license is available in the file LICENSE in the -## top-level directory of the distribution or, alternatively, at -## . -# -# -# OpenLDAP Project's directory schema items -# -# depends upon: -# core.schema -# cosine.schema -# inetorgperson.schema -# -# These are provided for informational purposes only. -# -# This openldap.ldif file is provided as a demonstration of how to -# convert a *.schema file into *.ldif format. The key points: -# In LDIF, a blank line terminates an entry. Blank lines in a *.schema -# file should be replaced with a single '#' to turn them into -# comments, or they should just be removed. -# In addition to the actual schema directives, the file needs a small -# header to make it a valid LDAP entry. This header must provide the -# dn of the entry, the objectClass, and the cn, as shown here: -# -dn: cn=openldap,cn=schema,cn=config -objectClass: olcSchemaConfig -cn: openldap -# -# The schema directives need to be changed to LDAP Attributes. -# First a basic string substitution can be done on each of the keywords: -# objectIdentifier -> olcObjectIdentifier: -# objectClass -> olcObjectClasses: -# attributeType -> olcAttributeTypes: -# Then leading whitespace must be fixed. The slapd.conf format allows -# tabs or spaces to denote line continuation, while LDIF only allows -# the space character. -# Also slapd.conf preserves the continuation character, while LDIF strips -# it out. So a single TAB/SPACE in slapd.conf must be replaced with -# two SPACEs in LDIF, otherwise the continued text may get joined as -# a single word. -# The directives must be listed in a proper sequence: -# All olcObjectIdentifiers must be first, so they may be referenced by -# any following definitions. -# All olcAttributeTypes must be next, so they may be referenced by any -# following objectClass definitions. -# All olcObjectClasses must be after the olcAttributeTypes. -# And of course, any superior must occur before anything that inherits -# from it. -# -olcObjectIdentifier: OpenLDAProot 1.3.6.1.4.1.4203 -# -olcObjectIdentifier: OpenLDAP OpenLDAProot:1 -olcObjectIdentifier: OpenLDAPattributeType OpenLDAP:3 -olcObjectIdentifier: OpenLDAPobjectClass OpenLDAP:4 -# -olcObjectClasses: ( OpenLDAPobjectClass:3 - NAME 'OpenLDAPorg' - DESC 'OpenLDAP Organizational Object' - SUP organization - MAY ( buildingName $ displayName $ labeledURI ) ) -# -olcObjectClasses: ( OpenLDAPobjectClass:4 - NAME 'OpenLDAPou' - DESC 'OpenLDAP Organizational Unit Object' - SUP organizationalUnit - MAY ( buildingName $ displayName $ labeledURI $ o ) ) -# -olcObjectClasses: ( OpenLDAPobjectClass:5 - NAME 'OpenLDAPperson' - DESC 'OpenLDAP Person' - SUP ( pilotPerson $ inetOrgPerson ) - MUST ( uid $ cn ) - MAY ( givenName $ labeledURI $ o ) ) -# -olcObjectClasses: ( OpenLDAPobjectClass:6 - NAME 'OpenLDAPdisplayableObject' - DESC 'OpenLDAP Displayable Object' - AUXILIARY - MAY displayName ) diff --git a/openldap/schema/._cfg0000_openldap.schema b/openldap/schema/._cfg0000_openldap.schema deleted file mode 100644 index d4b336da..00000000 --- a/openldap/schema/._cfg0000_openldap.schema +++ /dev/null @@ -1,54 +0,0 @@ -# $OpenLDAP$ -## This work is part of OpenLDAP Software . -## -## Copyright 1998-2011 The OpenLDAP Foundation. -## All rights reserved. -## -## Redistribution and use in source and binary forms, with or without -## modification, are permitted only as authorized by the OpenLDAP -## Public License. -## -## A copy of this license is available in the file LICENSE in the -## top-level directory of the distribution or, alternatively, at -## . - -# -# OpenLDAP Project's directory schema items -# -# depends upon: -# core.schema -# cosine.schema -# inetorgperson.schema -# -# These are provided for informational purposes only. - -objectIdentifier OpenLDAProot 1.3.6.1.4.1.4203 - -objectIdentifier OpenLDAP OpenLDAProot:1 -objectIdentifier OpenLDAPattributeType OpenLDAP:3 -objectIdentifier OpenLDAPobjectClass OpenLDAP:4 - -objectClass ( OpenLDAPobjectClass:3 - NAME 'OpenLDAPorg' - DESC 'OpenLDAP Organizational Object' - SUP organization - MAY ( buildingName $ displayName $ labeledURI ) ) - -objectClass ( OpenLDAPobjectClass:4 - NAME 'OpenLDAPou' - DESC 'OpenLDAP Organizational Unit Object' - SUP organizationalUnit - MAY ( buildingName $ displayName $ labeledURI $ o ) ) - -objectClass ( OpenLDAPobjectClass:5 - NAME 'OpenLDAPperson' - DESC 'OpenLDAP Person' - SUP ( pilotPerson $ inetOrgPerson ) - MUST ( uid $ cn ) - MAY ( givenName $ labeledURI $ o ) ) - -objectClass ( OpenLDAPobjectClass:6 - NAME 'OpenLDAPdisplayableObject' - DESC 'OpenLDAP Displayable Object' - AUXILIARY - MAY displayName ) diff --git a/openldap/schema/._cfg0000_pmi.schema b/openldap/schema/._cfg0000_pmi.schema deleted file mode 100644 index 45257cc2..00000000 --- a/openldap/schema/._cfg0000_pmi.schema +++ /dev/null @@ -1,464 +0,0 @@ -# OpenLDAP X.509 PMI schema -# $OpenLDAP$ -## This work is part of OpenLDAP Software . -## -## Copyright 1998-2011 The OpenLDAP Foundation. -## All rights reserved. -## -## Redistribution and use in source and binary forms, with or without -## modification, are permitted only as authorized by the OpenLDAP -## Public License. -## -## A copy of this license is available in the file LICENSE in the -## top-level directory of the distribution or, alternatively, at -## . -# -## Portions Copyright (C) The Internet Society (1997-2006). -## All Rights Reserved. -## -## This document and translations of it may be copied and furnished to -## others, and derivative works that comment on or otherwise explain it -## or assist in its implementation may be prepared, copied, published -## and distributed, in whole or in part, without restriction of any -## kind, provided that the above copyright notice and this paragraph are -## included on all such copies and derivative works. However, this -## document itself may not be modified in any way, such as by removing -## the copyright notice or references to the Internet Society or other -## Internet organizations, except as needed for the purpose of -## developing Internet standards in which case the procedures for -## copyrights defined in the Internet Standards process must be -## followed, or as required to translate it into languages other than -## English. -## -## The limited permissions granted above are perpetual and will not be -## revoked by the Internet Society or its successors or assigns. -## -## This document and the information contained herein is provided on an -## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING -## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING -## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION -## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF -## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. - -# -# -# Includes LDAPv3 schema items from: -# ITU X.509 (08/2005) -# -## X.509 (08/2005) pp. 120-121 -## -## -- object identifier assignments -- -## -- object classes -- -## id-oc-pmiUser OBJECT IDENTIFIER ::= {id-oc 24} -## id-oc-pmiAA OBJECT IDENTIFIER ::= {id-oc 25} -## id-oc-pmiSOA OBJECT IDENTIFIER ::= {id-oc 26} -## id-oc-attCertCRLDistributionPts OBJECT IDENTIFIER ::= {id-oc 27} -## id-oc-privilegePolicy OBJECT IDENTIFIER ::= {id-oc 32} -## id-oc-pmiDelegationPath OBJECT IDENTIFIER ::= {id-oc 33} -## id-oc-protectedPrivilegePolicy OBJECT IDENTIFIER ::= {id-oc 34} -## -- directory attributes -- -## id-at-attributeCertificate OBJECT IDENTIFIER ::= {id-at 58} -## id-at-attributeCertificateRevocationList OBJECT IDENTIFIER ::= {id-at 59} -## id-at-aACertificate OBJECT IDENTIFIER ::= {id-at 61} -## id-at-attributeDescriptorCertificate OBJECT IDENTIFIER ::= {id-at 62} -## id-at-attributeAuthorityRevocationList OBJECT IDENTIFIER ::= {id-at 63} -## id-at-privPolicy OBJECT IDENTIFIER ::= {id-at 71} -## id-at-role OBJECT IDENTIFIER ::= {id-at 72} -## id-at-delegationPath OBJECT IDENTIFIER ::= {id-at 73} -## id-at-protPrivPolicy OBJECT IDENTIFIER ::= {id-at 74} -## id-at-xMLPrivilegeInfo OBJECT IDENTIFIER ::= {id-at 75} -## id-at-xMLPprotPrivPolicy OBJECT IDENTIFIER ::= {id-at 76} -## -- attribute certificate extensions -- -## id-ce-authorityAttributeIdentifier OBJECT IDENTIFIER ::= {id-ce 38} -## id-ce-roleSpecCertIdentifier OBJECT IDENTIFIER ::= {id-ce 39} -## id-ce-basicAttConstraints OBJECT IDENTIFIER ::= {id-ce 41} -## id-ce-delegatedNameConstraints OBJECT IDENTIFIER ::= {id-ce 42} -## id-ce-timeSpecification OBJECT IDENTIFIER ::= {id-ce 43} -## id-ce-attributeDescriptor OBJECT IDENTIFIER ::= {id-ce 48} -## id-ce-userNotice OBJECT IDENTIFIER ::= {id-ce 49} -## id-ce-sOAIdentifier OBJECT IDENTIFIER ::= {id-ce 50} -## id-ce-acceptableCertPolicies OBJECT IDENTIFIER ::= {id-ce 52} -## id-ce-targetInformation OBJECT IDENTIFIER ::= {id-ce 55} -## id-ce-noRevAvail OBJECT IDENTIFIER ::= {id-ce 56} -## id-ce-acceptablePrivilegePolicies OBJECT IDENTIFIER ::= {id-ce 57} -## id-ce-indirectIssuer OBJECT IDENTIFIER ::= {id-ce 61} -## id-ce-noAssertion OBJECT IDENTIFIER ::= {id-ce 62} -## id-ce-issuedOnBehalfOf OBJECT IDENTIFIER ::= {id-ce 64} -## -- PMI matching rules -- -## id-mr-attributeCertificateMatch OBJECT IDENTIFIER ::= {id-mr 42} -## id-mr-attributeCertificateExactMatch OBJECT IDENTIFIER ::= {id-mr 45} -## id-mr-holderIssuerMatch OBJECT IDENTIFIER ::= {id-mr 46} -## id-mr-authAttIdMatch OBJECT IDENTIFIER ::= {id-mr 53} -## id-mr-roleSpecCertIdMatch OBJECT IDENTIFIER ::= {id-mr 54} -## id-mr-basicAttConstraintsMatch OBJECT IDENTIFIER ::= {id-mr 55} -## id-mr-delegatedNameConstraintsMatch OBJECT IDENTIFIER ::= {id-mr 56} -## id-mr-timeSpecMatch OBJECT IDENTIFIER ::= {id-mr 57} -## id-mr-attDescriptorMatch OBJECT IDENTIFIER ::= {id-mr 58} -## id-mr-acceptableCertPoliciesMatch OBJECT IDENTIFIER ::= {id-mr 59} -## id-mr-delegationPathMatch OBJECT IDENTIFIER ::= {id-mr 61} -## id-mr-sOAIdentifierMatch OBJECT IDENTIFIER ::= {id-mr 66} -## id-mr-indirectIssuerMatch OBJECT IDENTIFIER ::= {id-mr 67} -## -## -## X.509 (08/2005) pp. 71, 86-89 -## -## 14.4.1 Role attribute -## role ATTRIBUTE ::= { -## WITH SYNTAX RoleSyntax -## ID id-at-role } -## RoleSyntax ::= SEQUENCE { -## roleAuthority [0] GeneralNames OPTIONAL, -## roleName [1] GeneralName } -## -## 14.5 XML privilege information attribute -## xmlPrivilegeInfo ATTRIBUTE ::= { -## WITH SYNTAX UTF8String -- contains XML-encoded privilege information -## ID id-at-xMLPrivilegeInfo } -## -## 17.1 PMI directory object classes -## -## 17.1.1 PMI user object class -## pmiUser OBJECT-CLASS ::= { -## -- a PMI user (i.e., a "holder") -## SUBCLASS OF {top} -## KIND auxiliary -## MAY CONTAIN {attributeCertificateAttribute} -## ID id-oc-pmiUser } -## -## 17.1.2 PMI AA object class -## pmiAA OBJECT-CLASS ::= { -## -- a PMI AA -## SUBCLASS OF {top} -## KIND auxiliary -## MAY CONTAIN {aACertificate | -## attributeCertificateRevocationList | -## attributeAuthorityRevocationList} -## ID id-oc-pmiAA } -## -## 17.1.3 PMI SOA object class -## pmiSOA OBJECT-CLASS ::= { -- a PMI Source of Authority -## SUBCLASS OF {top} -## KIND auxiliary -## MAY CONTAIN {attributeCertificateRevocationList | -## attributeAuthorityRevocationList | -## attributeDescriptorCertificate} -## ID id-oc-pmiSOA } -## -## 17.1.4 Attribute certificate CRL distribution point object class -## attCertCRLDistributionPt OBJECT-CLASS ::= { -## SUBCLASS OF {top} -## KIND auxiliary -## MAY CONTAIN { attributeCertificateRevocationList | -## attributeAuthorityRevocationList } -## ID id-oc-attCertCRLDistributionPts } -## -## 17.1.5 PMI delegation path -## pmiDelegationPath OBJECT-CLASS ::= { -## SUBCLASS OF {top} -## KIND auxiliary -## MAY CONTAIN { delegationPath } -## ID id-oc-pmiDelegationPath } -## -## 17.1.6 Privilege policy object class -## privilegePolicy OBJECT-CLASS ::= { -## SUBCLASS OF {top} -## KIND auxiliary -## MAY CONTAIN {privPolicy } -## ID id-oc-privilegePolicy } -## -## 17.1.7 Protected privilege policy object class -## protectedPrivilegePolicy OBJECT-CLASS ::= { -## SUBCLASS OF {top} -## KIND auxiliary -## MAY CONTAIN {protPrivPolicy } -## ID id-oc-protectedPrivilegePolicy } -## -## 17.2 PMI Directory attributes -## -## 17.2.1 Attribute certificate attribute -## attributeCertificateAttribute ATTRIBUTE ::= { -## WITH SYNTAX AttributeCertificate -## EQUALITY MATCHING RULE attributeCertificateExactMatch -## ID id-at-attributeCertificate } -## -## 17.2.2 AA certificate attribute -## aACertificate ATTRIBUTE ::= { -## WITH SYNTAX AttributeCertificate -## EQUALITY MATCHING RULE attributeCertificateExactMatch -## ID id-at-aACertificate } -## -## 17.2.3 Attribute descriptor certificate attribute -## attributeDescriptorCertificate ATTRIBUTE ::= { -## WITH SYNTAX AttributeCertificate -## EQUALITY MATCHING RULE attributeCertificateExactMatch -## ID id-at-attributeDescriptorCertificate } -## -## 17.2.4 Attribute certificate revocation list attribute -## attributeCertificateRevocationList ATTRIBUTE ::= { -## WITH SYNTAX CertificateList -## EQUALITY MATCHING RULE certificateListExactMatch -## ID id-at-attributeCertificateRevocationList} -## -## 17.2.5 AA certificate revocation list attribute -## attributeAuthorityRevocationList ATTRIBUTE ::= { -## WITH SYNTAX CertificateList -## EQUALITY MATCHING RULE certificateListExactMatch -## ID id-at-attributeAuthorityRevocationList } -## -## 17.2.6 Delegation path attribute -## delegationPath ATTRIBUTE ::= { -## WITH SYNTAX AttCertPath -## ID id-at-delegationPath } -## AttCertPath ::= SEQUENCE OF AttributeCertificate -## -## 17.2.7 Privilege policy attribute -## privPolicy ATTRIBUTE ::= { -## WITH SYNTAX PolicySyntax -## ID id-at-privPolicy } -## -## 17.2.8 Protected privilege policy attribute -## protPrivPolicy ATTRIBUTE ::= { -## WITH SYNTAX AttributeCertificate -## EQUALITY MATCHING RULE attributeCertificateExactMatch -## ID id-at-protPrivPolicy } -## -## 17.2.9 XML Protected privilege policy attribute -## xmlPrivPolicy ATTRIBUTE ::= { -## WITH SYNTAX UTF8String -- contains XML-encoded privilege policy information -## ID id-at-xMLPprotPrivPolicy } -## - -## -- object identifier assignments -- -## -- object classes -- -objectidentifier id-oc-pmiUser 2.5.6.24 -objectidentifier id-oc-pmiAA 2.5.6.25 -objectidentifier id-oc-pmiSOA 2.5.6.26 -objectidentifier id-oc-attCertCRLDistributionPts 2.5.6.27 -objectidentifier id-oc-privilegePolicy 2.5.6.32 -objectidentifier id-oc-pmiDelegationPath 2.5.6.33 -objectidentifier id-oc-protectedPrivilegePolicy 2.5.6.34 -## -- directory attributes -- -objectidentifier id-at-attributeCertificate 2.5.4.58 -objectidentifier id-at-attributeCertificateRevocationList 2.5.4.59 -objectidentifier id-at-aACertificate 2.5.4.61 -objectidentifier id-at-attributeDescriptorCertificate 2.5.4.62 -objectidentifier id-at-attributeAuthorityRevocationList 2.5.4.63 -objectidentifier id-at-privPolicy 2.5.4.71 -objectidentifier id-at-role 2.5.4.72 -objectidentifier id-at-delegationPath 2.5.4.73 -objectidentifier id-at-protPrivPolicy 2.5.4.74 -objectidentifier id-at-xMLPrivilegeInfo 2.5.4.75 -objectidentifier id-at-xMLPprotPrivPolicy 2.5.4.76 -## -- attribute certificate extensions -- -## id-ce-authorityAttributeIdentifier OBJECT IDENTIFIER ::= {id-ce 38} -## id-ce-roleSpecCertIdentifier OBJECT IDENTIFIER ::= {id-ce 39} -## id-ce-basicAttConstraints OBJECT IDENTIFIER ::= {id-ce 41} -## id-ce-delegatedNameConstraints OBJECT IDENTIFIER ::= {id-ce 42} -## id-ce-timeSpecification OBJECT IDENTIFIER ::= {id-ce 43} -## id-ce-attributeDescriptor OBJECT IDENTIFIER ::= {id-ce 48} -## id-ce-userNotice OBJECT IDENTIFIER ::= {id-ce 49} -## id-ce-sOAIdentifier OBJECT IDENTIFIER ::= {id-ce 50} -## id-ce-acceptableCertPolicies OBJECT IDENTIFIER ::= {id-ce 52} -## id-ce-targetInformation OBJECT IDENTIFIER ::= {id-ce 55} -## id-ce-noRevAvail OBJECT IDENTIFIER ::= {id-ce 56} -## id-ce-acceptablePrivilegePolicies OBJECT IDENTIFIER ::= {id-ce 57} -## id-ce-indirectIssuer OBJECT IDENTIFIER ::= {id-ce 61} -## id-ce-noAssertion OBJECT IDENTIFIER ::= {id-ce 62} -## id-ce-issuedOnBehalfOf OBJECT IDENTIFIER ::= {id-ce 64} -## -- PMI matching rules -- -objectidentifier id-mr 2.5.13 -objectidentifier id-mr-attributeCertificateMatch id-mr:42 -objectidentifier id-mr-attributeCertificateExactMatch id-mr:45 -objectidentifier id-mr-holderIssuerMatch id-mr:46 -objectidentifier id-mr-authAttIdMatch id-mr:53 -objectidentifier id-mr-roleSpecCertIdMatch id-mr:54 -objectidentifier id-mr-basicAttConstraintsMatch id-mr:55 -objectidentifier id-mr-delegatedNameConstraintsMatch id-mr:56 -objectidentifier id-mr-timeSpecMatch id-mr:57 -objectidentifier id-mr-attDescriptorMatch id-mr:58 -objectidentifier id-mr-acceptableCertPoliciesMatch id-mr:59 -objectidentifier id-mr-delegationPathMatch id-mr:61 -objectidentifier id-mr-sOAIdentifierMatch id-mr:66 -objectidentifier id-mr-indirectIssuerMatch id-mr:67 -## -- syntaxes -- -## NOTE: 1.3.6.1.4.1.4203.666.11.10 is the oid arc assigned by OpenLDAP -## to this work in progress -objectidentifier AttributeCertificate 1.3.6.1.4.1.4203.666.11.10.2.1 -objectidentifier CertificateList 1.3.6.1.4.1.1466.115.121.1.9 -objectidentifier AttCertPath 1.3.6.1.4.1.4203.666.11.10.2.4 -objectidentifier PolicySyntax 1.3.6.1.4.1.4203.666.11.10.2.5 -objectidentifier RoleSyntax 1.3.6.1.4.1.4203.666.11.10.2.6 -# NOTE: OIDs from (expired) -#objectidentifier AttributeCertificate 1.2.826.0.1.3344810.7.5 -#objectidentifier AttCertPath 1.2.826.0.1.3344810.7.10 -#objectidentifier PolicySyntax 1.2.826.0.1.3344810.7.17 -#objectidentifier RoleSyntax 1.2.826.0.1.3344810.7.13 -## -## Substitute syntaxes -## -## AttCertPath -ldapsyntax ( 1.3.6.1.4.1.4203.666.11.10.2.4 - NAME 'AttCertPath' - DESC 'X.509 PMI attribute cartificate path: SEQUENCE OF AttributeCertificate' - X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' ) -## -## PolicySyntax -ldapsyntax ( 1.3.6.1.4.1.4203.666.11.10.2.5 - NAME 'PolicySyntax' - DESC 'X.509 PMI policy syntax' - X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' ) -## -## RoleSyntax -ldapsyntax ( 1.3.6.1.4.1.4203.666.11.10.2.6 - NAME 'RoleSyntax' - DESC 'X.509 PMI role syntax' - X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' ) -## -## X.509 (08/2005) pp. 71, 86-89 -## -## 14.4.1 Role attribute -attributeType ( id-at-role - NAME 'role' - DESC 'X.509 Role attribute, use ;binary' - SYNTAX RoleSyntax ) -## -## 14.5 XML privilege information attribute -## -- contains XML-encoded privilege information -attributeType ( id-at-xMLPrivilegeInfo - NAME 'xmlPrivilegeInfo' - DESC 'X.509 XML privilege information attribute' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) -## -## 17.2 PMI Directory attributes -## -## 17.2.1 Attribute certificate attribute -attributeType ( id-at-attributeCertificate - NAME 'attributeCertificateAttribute' - DESC 'X.509 Attribute certificate attribute, use ;binary' - SYNTAX AttributeCertificate - EQUALITY attributeCertificateExactMatch ) -## -## 17.2.2 AA certificate attribute -attributeType ( id-at-aACertificate - NAME 'aACertificate' - DESC 'X.509 AA certificate attribute, use ;binary' - SYNTAX AttributeCertificate - EQUALITY attributeCertificateExactMatch ) -## -## 17.2.3 Attribute descriptor certificate attribute -attributeType ( id-at-attributeDescriptorCertificate - NAME 'attributeDescriptorCertificate' - DESC 'X.509 Attribute descriptor certificate attribute, use ;binary' - SYNTAX AttributeCertificate - EQUALITY attributeCertificateExactMatch ) -## -## 17.2.4 Attribute certificate revocation list attribute -attributeType ( id-at-attributeCertificateRevocationList - NAME 'attributeCertificateRevocationList' - DESC 'X.509 Attribute certificate revocation list attribute, use ;binary' - SYNTAX CertificateList - X-EQUALITY 'certificateListExactMatch, not implemented yet' ) -## -## 17.2.5 AA certificate revocation list attribute -attributeType ( id-at-attributeAuthorityRevocationList - NAME 'attributeAuthorityRevocationList' - DESC 'X.509 AA certificate revocation list attribute, use ;binary' - SYNTAX CertificateList - X-EQUALITY 'certificateListExactMatch, not implemented yet' ) -## -## 17.2.6 Delegation path attribute -attributeType ( id-at-delegationPath - NAME 'delegationPath' - DESC 'X.509 Delegation path attribute, use ;binary' - SYNTAX AttCertPath ) -## AttCertPath ::= SEQUENCE OF AttributeCertificate -## -## 17.2.7 Privilege policy attribute -attributeType ( id-at-privPolicy - NAME 'privPolicy' - DESC 'X.509 Privilege policy attribute, use ;binary' - SYNTAX PolicySyntax ) -## -## 17.2.8 Protected privilege policy attribute -attributeType ( id-at-protPrivPolicy - NAME 'protPrivPolicy' - DESC 'X.509 Protected privilege policy attribute, use ;binary' - SYNTAX AttributeCertificate - EQUALITY attributeCertificateExactMatch ) -## -## 17.2.9 XML Protected privilege policy attribute -## -- contains XML-encoded privilege policy information -attributeType ( id-at-xMLPprotPrivPolicy - NAME 'xmlPrivPolicy' - DESC 'X.509 XML Protected privilege policy attribute' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) -## -## 17.1 PMI directory object classes -## -## 17.1.1 PMI user object class -## -- a PMI user (i.e., a "holder") -objectClass ( id-oc-pmiUser - NAME 'pmiUser' - DESC 'X.509 PMI user object class' - SUP top - AUXILIARY - MAY ( attributeCertificateAttribute ) ) -## -## 17.1.2 PMI AA object class -## -- a PMI AA -objectClass ( id-oc-pmiAA - NAME 'pmiAA' - DESC 'X.509 PMI AA object class' - SUP top - AUXILIARY - MAY ( aACertificate $ - attributeCertificateRevocationList $ - attributeAuthorityRevocationList - ) ) -## -## 17.1.3 PMI SOA object class -## -- a PMI Source of Authority -objectClass ( id-oc-pmiSOA - NAME 'pmiSOA' - DESC 'X.509 PMI SOA object class' - SUP top - AUXILIARY - MAY ( attributeCertificateRevocationList $ - attributeAuthorityRevocationList $ - attributeDescriptorCertificate - ) ) -## -## 17.1.4 Attribute certificate CRL distribution point object class -objectClass ( id-oc-attCertCRLDistributionPts - NAME 'attCertCRLDistributionPt' - DESC 'X.509 Attribute certificate CRL distribution point object class' - SUP top - AUXILIARY - MAY ( attributeCertificateRevocationList $ - attributeAuthorityRevocationList - ) ) -## -## 17.1.5 PMI delegation path -objectClass ( id-oc-pmiDelegationPath - NAME 'pmiDelegationPath' - DESC 'X.509 PMI delegation path' - SUP top - AUXILIARY - MAY ( delegationPath ) ) -## -## 17.1.6 Privilege policy object class -objectClass ( id-oc-privilegePolicy - NAME 'privilegePolicy' - DESC 'X.509 Privilege policy object class' - SUP top - AUXILIARY - MAY ( privPolicy ) ) -## -## 17.1.7 Protected privilege policy object class -objectClass ( id-oc-protectedPrivilegePolicy - NAME 'protectedPrivilegePolicy' - DESC 'X.509 Protected privilege policy object class' - SUP top - AUXILIARY - MAY ( protPrivPolicy ) ) - diff --git a/openldap/schema/._cfg0000_ppolicy.schema b/openldap/schema/._cfg0000_ppolicy.schema deleted file mode 100644 index b88c9821..00000000 --- a/openldap/schema/._cfg0000_ppolicy.schema +++ /dev/null @@ -1,531 +0,0 @@ -# $OpenLDAP$ -## This work is part of OpenLDAP Software . -## -## Copyright 2004-2011 The OpenLDAP Foundation. -## All rights reserved. -## -## Redistribution and use in source and binary forms, with or without -## modification, are permitted only as authorized by the OpenLDAP -## Public License. -## -## A copy of this license is available in the file LICENSE in the -## top-level directory of the distribution or, alternatively, at -## . -# -## Portions Copyright (C) The Internet Society (2004). -## Please see full copyright statement below. - -# Definitions from Draft behera-ldap-password-policy-07 (a work in progress) -# Password Policy for LDAP Directories -# With extensions from Hewlett-Packard: -# pwdCheckModule etc. - -# Contents of this file are subject to change (including deletion) -# without notice. -# -# Not recommended for production use! -# Use with extreme caution! - -#Network Working Group J. Sermersheim -#Internet-Draft Novell, Inc -#Expires: April 24, 2005 L. Poitou -# Sun Microsystems -# October 24, 2004 -# -# -# Password Policy for LDAP Directories -# draft-behera-ldap-password-policy-08.txt -# -#Status of this Memo -# -# This document is an Internet-Draft and is subject to all provisions -# of section 3 of RFC 3667. By submitting this Internet-Draft, each -# author represents that any applicable patent or other IPR claims of -# which he or she is aware have been or will be disclosed, and any of -# which he or she become aware will be disclosed, in accordance with -# RFC 3668. -# -# Internet-Drafts are working documents of the Internet Engineering -# Task Force (IETF), its areas, and its working groups. Note that -# other groups may also distribute working documents as -# Internet-Drafts. -# -# Internet-Drafts are draft documents valid for a maximum of six months -# and may be updated, replaced, or obsoleted by other documents at any -# time. It is inappropriate to use Internet-Drafts as reference -# material or to cite them other than as "work in progress." -# -# The list of current Internet-Drafts can be accessed at -# http://www.ietf.org/ietf/1id-abstracts.txt. -# -# The list of Internet-Draft Shadow Directories can be accessed at -# http://www.ietf.org/shadow.html. -# -# This Internet-Draft will expire on April 24, 2005. -# -#Copyright Notice -# -# Copyright (C) The Internet Society (2004). -# -#Abstract -# -# Password policy as described in this document is a set of rules that -# controls how passwords are used and administered in Lightweight -# Directory Access Protocol (LDAP) based directories. In order to -# improve the security of LDAP directories and make it difficult for -# password cracking programs to break into directories, it is desirable -# to enforce a set of rules on password usage. These rules are made to -# -# [trimmed] -# -#5. Schema used for Password Policy -# -# The schema elements defined here fall into two general categories. A -# password policy object class is defined which contains a set of -# administrative password policy attributes, and a set of operational -# attributes are defined that hold general password policy state -# information for each user. -# -#5.2 Attribute Types used in the pwdPolicy ObjectClass -# -# Following are the attribute types used by the pwdPolicy object class. -# -#5.2.1 pwdAttribute -# -# This holds the name of the attribute to which the password policy is -# applied. For example, the password policy may be applied to the -# userPassword attribute. - -attributetype ( 1.3.6.1.4.1.42.2.27.8.1.1 - NAME 'pwdAttribute' - EQUALITY objectIdentifierMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) - -#5.2.2 pwdMinAge -# -# This attribute holds the number of seconds that must elapse between -# modifications to the password. If this attribute is not present, 0 -# seconds is assumed. - -attributetype ( 1.3.6.1.4.1.42.2.27.8.1.2 - NAME 'pwdMinAge' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 - SINGLE-VALUE ) - -#5.2.3 pwdMaxAge -# -# This attribute holds the number of seconds after which a modified -# password will expire. -# -# If this attribute is not present, or if the value is 0 the password -# does not expire. If not 0, the value must be greater than or equal -# to the value of the pwdMinAge. - -attributetype ( 1.3.6.1.4.1.42.2.27.8.1.3 - NAME 'pwdMaxAge' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 - SINGLE-VALUE ) - -#5.2.4 pwdInHistory -# -# This attribute specifies the maximum number of used passwords stored -# in the pwdHistory attribute. -# -# If this attribute is not present, or if the value is 0, used -# passwords are not stored in the pwdHistory attribute and thus may be -# reused. - -attributetype ( 1.3.6.1.4.1.42.2.27.8.1.4 - NAME 'pwdInHistory' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 - SINGLE-VALUE ) - -#5.2.5 pwdCheckQuality -# -# {TODO: Consider changing the syntax to OID. Each OID will list a -# quality rule (like min len, # of special characters, etc). These -# rules can be specified outsid ethis document.} -# -# {TODO: Note that even though this is meant to be a check that happens -# during password modification, it may also be allowed to happen during -# authN. This is useful for situations where the password is encrypted -# when modified, but decrypted when used to authN.} -# -# This attribute indicates how the password quality will be verified -# while being modified or added. If this attribute is not present, or -# if the value is '0', quality checking will not be enforced. A value -# of '1' indicates that the server will check the quality, and if the -# server is unable to check it (due to a hashed password or other -# reasons) it will be accepted. A value of '2' indicates that the -# server will check the quality, and if the server is unable to verify -# it, it will return an error refusing the password. - -attributetype ( 1.3.6.1.4.1.42.2.27.8.1.5 - NAME 'pwdCheckQuality' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 - SINGLE-VALUE ) - -#5.2.6 pwdMinLength -# -# When quality checking is enabled, this attribute holds the minimum -# number of characters that must be used in a password. If this -# attribute is not present, no minimum password length will be -# enforced. If the server is unable to check the length (due to a -# hashed password or otherwise), the server will, depending on the -# value of the pwdCheckQuality attribute, either accept the password -# without checking it ('0' or '1') or refuse it ('2'). - -attributetype ( 1.3.6.1.4.1.42.2.27.8.1.6 - NAME 'pwdMinLength' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 - SINGLE-VALUE ) - -#5.2.7 pwdExpireWarning -# -# This attribute specifies the maximum number of seconds before a -# password is due to expire that expiration warning messages will be -# returned to an authenticating user. -# -# If this attribute is not present, or if the value is 0 no warnings -# will be returned. If not 0, the value must be smaller than the value -# of the pwdMaxAge attribute. - -attributetype ( 1.3.6.1.4.1.42.2.27.8.1.7 - NAME 'pwdExpireWarning' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 - SINGLE-VALUE ) - -#5.2.8 pwdGraceAuthNLimit -# -# This attribute specifies the number of times an expired password can -# be used to authenticate. If this attribute is not present or if the -# value is 0, authentication will fail. - -attributetype ( 1.3.6.1.4.1.42.2.27.8.1.8 - NAME 'pwdGraceAuthNLimit' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 - SINGLE-VALUE ) - -#5.2.9 pwdLockout -# -# This attribute indicates, when its value is "TRUE", that the password -# may not be used to authenticate after a specified number of -# consecutive failed bind attempts. The maximum number of consecutive -# failed bind attempts is specified in pwdMaxFailure. -# -# If this attribute is not present, or if the value is "FALSE", the -# password may be used to authenticate when the number of failed bind -# attempts has been reached. - -attributetype ( 1.3.6.1.4.1.42.2.27.8.1.9 - NAME 'pwdLockout' - EQUALITY booleanMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 - SINGLE-VALUE ) - -#5.2.10 pwdLockoutDuration -# -# This attribute holds the number of seconds that the password cannot -# be used to authenticate due to too many failed bind attempts. If -# this attribute is not present, or if the value is 0 the password -# cannot be used to authenticate until reset by a password -# administrator. - -attributetype ( 1.3.6.1.4.1.42.2.27.8.1.10 - NAME 'pwdLockoutDuration' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 - SINGLE-VALUE ) - -#5.2.11 pwdMaxFailure -# -# This attribute specifies the number of consecutive failed bind -# attempts after which the password may not be used to authenticate. -# If this attribute is not present, or if the value is 0, this policy -# is not checked, and the value of pwdLockout will be ignored. - -attributetype ( 1.3.6.1.4.1.42.2.27.8.1.11 - NAME 'pwdMaxFailure' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 - SINGLE-VALUE ) - -#5.2.12 pwdFailureCountInterval -# -# This attribute holds the number of seconds after which the password -# failures are purged from the failure counter, even though no -# successful authentication occurred. -# -# If this attribute is not present, or if its value is 0, the failure -# counter is only reset by a successful authentication. - -attributetype ( 1.3.6.1.4.1.42.2.27.8.1.12 - NAME 'pwdFailureCountInterval' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 - SINGLE-VALUE ) - -#5.2.13 pwdMustChange -# -# This attribute specifies with a value of "TRUE" that users must -# change their passwords when they first bind to the directory after a -# password is set or reset by a password administrator. If this -# attribute is not present, or if the value is "FALSE", users are not -# required to change their password upon binding after the password -# administrator sets or resets the password. This attribute is not set -# due to any actions specified by this document, it is typically set by -# a password administrator after resetting a user's password. - -attributetype ( 1.3.6.1.4.1.42.2.27.8.1.13 - NAME 'pwdMustChange' - EQUALITY booleanMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 - SINGLE-VALUE ) - -#5.2.14 pwdAllowUserChange -# -# This attribute indicates whether users can change their own -# passwords, although the change operation is still subject to access -# control. If this attribute is not present, a value of "TRUE" is -# assumed. This attribute is intended to be used in the absense of an -# access control mechanism. - -attributetype ( 1.3.6.1.4.1.42.2.27.8.1.14 - NAME 'pwdAllowUserChange' - EQUALITY booleanMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 - SINGLE-VALUE ) - -#5.2.15 pwdSafeModify -# -# This attribute specifies whether or not the existing password must be -# sent along with the new password when being changed. If this -# attribute is not present, a "FALSE" value is assumed. - -attributetype ( 1.3.6.1.4.1.42.2.27.8.1.15 - NAME 'pwdSafeModify' - EQUALITY booleanMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 - SINGLE-VALUE ) - -# HP extensions -# -# pwdCheckModule -# -# This attribute names a user-defined loadable module that provides -# a check_password() function. If pwdCheckQuality is set to '1' or '2' -# this function will be called after all of the internal password -# quality checks have been passed. The function has this prototype: -# -# int check_password( char *password, char **errormessage, void *arg ) -# -# The function should return LDAP_SUCCESS for a valid password. - -attributetype ( 1.3.6.1.4.1.4754.1.99.1 - NAME 'pwdCheckModule' - EQUALITY caseExactIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - DESC 'Loadable module that instantiates "check_password() function' - SINGLE-VALUE ) - -objectclass ( 1.3.6.1.4.1.4754.2.99.1 - NAME 'pwdPolicyChecker' - SUP top - AUXILIARY - MAY ( pwdCheckModule ) ) - -#5.1 The pwdPolicy Object Class -# -# This object class contains the attributes defining a password policy -# in effect for a set of users. Section 10 describes the -# administration of this object, and the relationship between it and -# particular objects. -# -objectclass ( 1.3.6.1.4.1.42.2.27.8.2.1 - NAME 'pwdPolicy' - SUP top - AUXILIARY - MUST ( pwdAttribute ) - MAY ( pwdMinAge $ pwdMaxAge $ pwdInHistory $ pwdCheckQuality $ - pwdMinLength $ pwdExpireWarning $ pwdGraceAuthNLimit $ pwdLockout - $ pwdLockoutDuration $ pwdMaxFailure $ pwdFailureCountInterval $ - pwdMustChange $ pwdAllowUserChange $ pwdSafeModify ) ) - -#5.3 Attribute Types for Password Policy State Information -# -# Password policy state information must be maintained for each user. -# The information is located in each user entry as a set of operational -# attributes. These operational attributes are: pwdChangedTime, -# pwdAccountLockedTime, pwdFailureTime, pwdHistory, pwdGraceUseTime, -# pwdReset, pwdPolicySubEntry. -# -#5.3.1 Password Policy State Attribute Option -# -# Since the password policy could apply to several attributes used to -# store passwords, each of the above operational attributes must have -# an option to specify which pwdAttribute it applies to. The password -# policy option is defined as the following: -# -# pwd- -# -# where passwordAttribute a string following the OID syntax -# (1.3.6.1.4.1.1466.115.121.1.38). The attribute type descriptor -# (short name) MUST be used. -# -# For example, if the pwdPolicy object has for pwdAttribute -# "userPassword" then the pwdChangedTime operational attribute, in a -# user entry, will be: -# -# pwdChangedTime;pwd-userPassword: 20000103121520Z -# -# This attribute option follows sub-typing semantics. If a client -# requests a password policy state attribute to be returned in a search -# operation, and does not specify an option, all subtypes of that -# policy state attribute are returned. -# -#5.3.2 pwdChangedTime -# -# This attribute specifies the last time the entry's password was -# changed. This is used by the password expiration policy. If this -# attribute does not exist, the password will never expire. -# -# ( 1.3.6.1.4.1.42.2.27.8.1.16 -# NAME 'pwdChangedTime' -# DESC 'The time the password was last changed' -# EQUALITY generalizedTimeMatch -# ORDERING generalizedTimeOrderingMatch -# SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 -# SINGLE-VALUE -# USAGE directoryOperation ) -# -#5.3.3 pwdAccountLockedTime -# -# This attribute holds the time that the user's account was locked. A -# locked account means that the password may no longer be used to -# authenticate. A 000001010000Z value means that the account has been -# locked permanently, and that only a password administrator can unlock -# the account. -# -# ( 1.3.6.1.4.1.42.2.27.8.1.17 -# NAME 'pwdAccountLockedTime' -# DESC 'The time an user account was locked' -# EQUALITY generalizedTimeMatch -# ORDERING generalizedTimeOrderingMatch -# SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 -# SINGLE-VALUE -# USAGE directoryOperation ) -# -#5.3.4 pwdFailureTime -# -# This attribute holds the timestamps of the consecutive authentication -# failures. -# -# ( 1.3.6.1.4.1.42.2.27.8.1.19 -# NAME 'pwdFailureTime' -# DESC 'The timestamps of the last consecutive authentication -# failures' -# EQUALITY generalizedTimeMatch -# ORDERING generalizedTimeOrderingMatch -# SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 -# USAGE directoryOperation ) -# -#5.3.5 pwdHistory -# -# This attribute holds a history of previously used passwords. Values -# of this attribute are transmitted in string format as given by the -# following ABNF: -# -# pwdHistory = time "#" syntaxOID "#" length "#" data -# -# time = -# -# syntaxOID = numericoid ; the string representation of the -# ; dotted-decimal OID that defines the -# ; syntax used to store the password. -# ; numericoid is described in 4.1 -# ; of [RFC2252]. -# -# length = numericstring ; the number of octets in data. -# ; numericstring is described in 4.1 -# ; of [RFC2252]. -# -# data = . -# -# This format allows the server to store, and transmit a history of -# passwords that have been used. In order for equality matching to -# function properly, the time field needs to adhere to a consistent -# format. For this purpose, the time field MUST be in GMT format. -# -# ( 1.3.6.1.4.1.42.2.27.8.1.20 -# NAME 'pwdHistory' -# DESC 'The history of user s passwords' -# EQUALITY octetStringMatch -# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 -# USAGE directoryOperation ) -# -#5.3.6 pwdGraceUseTime -# -# This attribute holds the timestamps of grace authentications after a -# password has expired. -# -# ( 1.3.6.1.4.1.42.2.27.8.1.21 -# NAME 'pwdGraceUseTime' -# DESC 'The timestamps of the grace authentication after the -# password has expired' -# EQUALITY generalizedTimeMatch -# SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 -# -#5.3.7 pwdReset -# -# This attribute holds a flag to indicate (when TRUE) that the password -# has been updated by the password administrator and must be changed by -# the user on first authentication. -# -# ( 1.3.6.1.4.1.42.2.27.8.1.22 -# NAME 'pwdReset' -# DESC 'The indication that the password has been reset' -# EQUALITY booleanMatch -# SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 -# SINGLE-VALUE -# USAGE directoryOperation ) -# -#5.3.8 pwdPolicySubentry -# -# This attribute points to the pwdPolicy subentry in effect for this -# object. -# -# ( 1.3.6.1.4.1.42.2.27.8.1.23 -# NAME 'pwdPolicySubentry' -# DESC 'The pwdPolicy subentry in effect for this object' -# EQUALITY distinguishedNameMatch -# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 -# SINGLE-VALUE -# USAGE directoryOperation ) -# -# -#Disclaimer of Validity -# -# This document and the information contained herein are provided on an -# "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS -# OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET -# ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, -# INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE -# INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED -# WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. -# -# -#Copyright Statement -# -# Copyright (C) The Internet Society (2004). This document is subject -# to the rights, licenses and restrictions contained in BCP 78, and -# except as set forth therein, the authors retain all their rights. - diff --git a/openldap/schema/README b/openldap/schema/README index e4a20126..a2f61a12 100644 --- a/openldap/schema/README +++ b/openldap/schema/README @@ -77,4 +77,4 @@ PURPOSE. --- -$OpenLDAP: pkg/ldap/servers/slapd/schema/README,v 1.29.2.6 2011/01/04 23:50:51 kurt Exp $ +$OpenLDAP$ diff --git a/openldap/schema/collective.schema b/openldap/schema/collective.schema index 15c8194c..63cad87b 100644 --- a/openldap/schema/collective.schema +++ b/openldap/schema/collective.schema @@ -1,5 +1,5 @@ # collective.schema -- Collective attribute schema -# $OpenLDAP: pkg/ldap/servers/slapd/schema/collective.schema,v 1.12.2.6 2011/01/04 23:50:51 kurt Exp $ +# $OpenLDAP$ ## This work is part of OpenLDAP Software . ## ## Copyright 1998-2011 The OpenLDAP Foundation. diff --git a/openldap/schema/corba.schema b/openldap/schema/corba.schema index a5800b6a..54b5b167 100644 --- a/openldap/schema/corba.schema +++ b/openldap/schema/corba.schema @@ -1,7 +1,7 @@ # corba.schema -- Corba Object Schema # depends upon core.schema -# $OpenLDAP: pkg/ldap/servers/slapd/schema/corba.schema,v 1.7.2.6 2011/01/04 23:50:51 kurt Exp $ -# $OpenLDAP: pkg/ldap/servers/slapd/schema/corba.schema,v 1.7.2.6 2011/01/04 23:50:51 kurt Exp $ +# $OpenLDAP$ +# $OpenLDAP$ ## This work is part of OpenLDAP Software . ## ## Copyright 1998-2011 The OpenLDAP Foundation. diff --git a/openldap/schema/core.ldif b/openldap/schema/core.ldif index 56a94ad3..59ec15af 100644 --- a/openldap/schema/core.ldif +++ b/openldap/schema/core.ldif @@ -1,5 +1,5 @@ # OpenLDAP Core schema -# $OpenLDAP: pkg/ldap/servers/slapd/schema/core.ldif,v 1.2.2.8 2011/01/04 23:50:51 kurt Exp $ +# $OpenLDAP$ ## This work is part of OpenLDAP Software . ## ## Copyright 1998-2011 The OpenLDAP Foundation. diff --git a/openldap/schema/core.schema b/openldap/schema/core.schema index 77ea8a89..f4644709 100644 --- a/openldap/schema/core.schema +++ b/openldap/schema/core.schema @@ -1,5 +1,5 @@ # OpenLDAP Core schema -# $OpenLDAP: pkg/ldap/servers/slapd/schema/core.schema,v 1.88.2.9 2011/01/04 23:50:51 kurt Exp $ +# $OpenLDAP$ ## This work is part of OpenLDAP Software . ## ## Copyright 1998-2011 The OpenLDAP Foundation. diff --git a/openldap/schema/cosine.ldif b/openldap/schema/cosine.ldif index e7e53868..da3e4901 100644 --- a/openldap/schema/cosine.ldif +++ b/openldap/schema/cosine.ldif @@ -1,5 +1,5 @@ # RFC1274: Cosine and Internet X.500 schema -# $OpenLDAP: pkg/ldap/servers/slapd/schema/cosine.ldif,v 1.1.2.6 2011/01/04 23:50:51 kurt Exp $ +# $OpenLDAP$ ## This work is part of OpenLDAP Software . ## ## Copyright 1998-2011 The OpenLDAP Foundation. diff --git a/openldap/schema/cosine.schema b/openldap/schema/cosine.schema index a300cc88..ef70696a 100644 --- a/openldap/schema/cosine.schema +++ b/openldap/schema/cosine.schema @@ -1,5 +1,5 @@ # RFC1274: Cosine and Internet X.500 schema -# $OpenLDAP: pkg/ldap/servers/slapd/schema/cosine.schema,v 1.23.2.6 2011/01/04 23:50:51 kurt Exp $ +# $OpenLDAP$ ## This work is part of OpenLDAP Software . ## ## Copyright 1998-2011 The OpenLDAP Foundation. diff --git a/openldap/schema/duaconf.schema b/openldap/schema/duaconf.schema index d0a62bd5..17538541 100644 --- a/openldap/schema/duaconf.schema +++ b/openldap/schema/duaconf.schema @@ -1,4 +1,4 @@ -# $OpenLDAP: pkg/ldap/servers/slapd/schema/duaconf.schema,v 1.5.2.6 2011/01/04 23:50:51 kurt Exp $ +# $OpenLDAP$ ## This work is part of OpenLDAP Software . ## ## Copyright 1998-2011 The OpenLDAP Foundation. diff --git a/openldap/schema/dyngroup.ldif b/openldap/schema/dyngroup.ldif index 1068ac4b..4a65e4b1 100644 --- a/openldap/schema/dyngroup.ldif +++ b/openldap/schema/dyngroup.ldif @@ -1,5 +1,5 @@ # dyngroup.schema -- Dynamic Group schema -# $OpenLDAP: pkg/ldap/servers/slapd/schema/dyngroup.ldif,v 1.1.2.3 2011/01/04 23:50:51 kurt Exp $ +# $OpenLDAP$ ## This work is part of OpenLDAP Software . ## ## Copyright 1998-2011 The OpenLDAP Foundation. diff --git a/openldap/schema/dyngroup.schema b/openldap/schema/dyngroup.schema index 7c43e0d5..211f6e6a 100644 --- a/openldap/schema/dyngroup.schema +++ b/openldap/schema/dyngroup.schema @@ -1,5 +1,5 @@ # dyngroup.schema -- Dynamic Group schema -# $OpenLDAP: pkg/ldap/servers/slapd/schema/dyngroup.schema,v 1.6.2.7 2011/01/04 23:50:51 kurt Exp $ +# $OpenLDAP$ ## This work is part of OpenLDAP Software . ## ## Copyright 1998-2011 The OpenLDAP Foundation. diff --git a/openldap/schema/inetorgperson.ldif b/openldap/schema/inetorgperson.ldif index 317c680d..80698c84 100644 --- a/openldap/schema/inetorgperson.ldif +++ b/openldap/schema/inetorgperson.ldif @@ -1,5 +1,5 @@ # InetOrgPerson (RFC2798) -# $OpenLDAP: pkg/ldap/servers/slapd/schema/inetorgperson.ldif,v 1.1.2.6 2011/01/04 23:50:52 kurt Exp $ +# $OpenLDAP$ ## This work is part of OpenLDAP Software . ## ## Copyright 1998-2011 The OpenLDAP Foundation. diff --git a/openldap/schema/inetorgperson.schema b/openldap/schema/inetorgperson.schema index d04810a7..6ba88f3f 100644 --- a/openldap/schema/inetorgperson.schema +++ b/openldap/schema/inetorgperson.schema @@ -1,5 +1,5 @@ # inetorgperson.schema -- InetOrgPerson (RFC2798) -# $OpenLDAP: pkg/ldap/servers/slapd/schema/inetorgperson.schema,v 1.18.2.6 2011/01/04 23:50:52 kurt Exp $ +# $OpenLDAP$ ## This work is part of OpenLDAP Software . ## ## Copyright 1998-2011 The OpenLDAP Foundation. diff --git a/openldap/schema/java.schema b/openldap/schema/java.schema index 5b4dc527..379c476b 100644 --- a/openldap/schema/java.schema +++ b/openldap/schema/java.schema @@ -1,5 +1,5 @@ # java.schema -- Java Object Schema -# $OpenLDAP: pkg/ldap/servers/slapd/schema/java.schema,v 1.7.2.6 2011/01/04 23:50:52 kurt Exp $ +# $OpenLDAP$ ## This work is part of OpenLDAP Software . ## ## Copyright 1998-2011 The OpenLDAP Foundation. diff --git a/openldap/schema/misc.schema b/openldap/schema/misc.schema index a22db3b9..f4886c4f 100644 --- a/openldap/schema/misc.schema +++ b/openldap/schema/misc.schema @@ -1,5 +1,5 @@ # misc.schema -- assorted schema definitions -# $OpenLDAP: pkg/ldap/servers/slapd/schema/misc.schema,v 1.30.2.6 2011/01/04 23:50:52 kurt Exp $ +# $OpenLDAP$ ## This work is part of OpenLDAP Software . ## ## Copyright 1998-2011 The OpenLDAP Foundation. diff --git a/openldap/schema/nis.ldif b/openldap/schema/nis.ldif index e7544712..f2c7df2c 100644 --- a/openldap/schema/nis.ldif +++ b/openldap/schema/nis.ldif @@ -1,5 +1,5 @@ # NIS (RFC2307) -# $OpenLDAP: pkg/ldap/servers/slapd/schema/nis.ldif,v 1.1.2.6 2011/01/04 23:50:52 kurt Exp $ +# $OpenLDAP$ ## This work is part of OpenLDAP Software . ## ## Copyright 1998-2011 The OpenLDAP Foundation. diff --git a/openldap/schema/nis.schema b/openldap/schema/nis.schema index 8fc10887..c4ac5c6b 100644 --- a/openldap/schema/nis.schema +++ b/openldap/schema/nis.schema @@ -1,4 +1,4 @@ -# $OpenLDAP: pkg/ldap/servers/slapd/schema/nis.schema,v 1.15.2.6 2011/01/04 23:50:52 kurt Exp $ +# $OpenLDAP$ ## This work is part of OpenLDAP Software . ## ## Copyright 1998-2011 The OpenLDAP Foundation. diff --git a/openldap/schema/openldap.ldif b/openldap/schema/openldap.ldif index 1c532f7d..c680d928 100644 --- a/openldap/schema/openldap.ldif +++ b/openldap/schema/openldap.ldif @@ -1,4 +1,4 @@ -# $OpenLDAP: pkg/ldap/servers/slapd/schema/openldap.ldif,v 1.2.2.7 2011/01/04 23:50:52 kurt Exp $ +# $OpenLDAP$ ## This work is part of OpenLDAP Software . ## ## Copyright 1998-2011 The OpenLDAP Foundation. diff --git a/openldap/schema/openldap.schema b/openldap/schema/openldap.schema index c8b92905..d4b336da 100644 --- a/openldap/schema/openldap.schema +++ b/openldap/schema/openldap.schema @@ -1,4 +1,4 @@ -# $OpenLDAP: pkg/ldap/servers/slapd/schema/openldap.schema,v 1.24.2.7 2011/01/04 23:50:52 kurt Exp $ +# $OpenLDAP$ ## This work is part of OpenLDAP Software . ## ## Copyright 1998-2011 The OpenLDAP Foundation. diff --git a/openldap/schema/pmi.schema b/openldap/schema/pmi.schema index adac7a38..45257cc2 100644 --- a/openldap/schema/pmi.schema +++ b/openldap/schema/pmi.schema @@ -1,5 +1,5 @@ # OpenLDAP X.509 PMI schema -# $OpenLDAP: pkg/ldap/servers/slapd/schema/pmi.schema,v 1.1.2.4 2011/01/04 23:50:52 kurt Exp $ +# $OpenLDAP$ ## This work is part of OpenLDAP Software . ## ## Copyright 1998-2011 The OpenLDAP Foundation. diff --git a/openldap/schema/ppolicy.schema b/openldap/schema/ppolicy.schema index a1df1c33..b88c9821 100644 --- a/openldap/schema/ppolicy.schema +++ b/openldap/schema/ppolicy.schema @@ -1,4 +1,4 @@ -# $OpenLDAP: pkg/ldap/servers/slapd/schema/ppolicy.schema,v 1.7.2.6 2011/01/04 23:50:52 kurt Exp $ +# $OpenLDAP$ ## This work is part of OpenLDAP Software . ## ## Copyright 2004-2011 The OpenLDAP Foundation.