blob42
/
ldap-openpgp-keyserver
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

first commit

Browse Source
master
Chakib (spike) Benziane 11 years ago
commit 665f007dad
31 changed files with 68290 additions and 0 deletions
Show Stats Download Patch File Download Diff File

BIN
keys/pubring.gpg
View File

Binary file not shown.

BIN
keys/pubring.gpg~
View File

Binary file not shown.

0
keys/secring.gpg
Unescape Escape View File

BIN
keys/trustdb.gpg
View File

Binary file not shown.

15
ldap.conf
Unescape Escape View File

@ -0,0 +1,15 @@
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
#BASE dc=example,dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never

63062
ldap.ldif
View File

File diff suppressed because it is too large Load Diff

80
schema/README
Unescape Escape View File

@ -0,0 +1,80 @@
This directory contains user application schema definitions for use
with slapd(8).
File Description
---- -----------
collective.schema Collective attributes (experimental)
corba.schema Corba Object
core.schema OpenLDAP "core"
cosine.schema COSINE Pilot
duaconf.schema Client Configuration (work in progress)
dyngroup.schema Dynamic Group (experimental)
inetorgperson.schema InetOrgPerson
java.schema Java Object
misc.schema Miscellaneous Schema (experimental)
nadf.schema North American Directory Forum (obsolete)
nis.schema Network Information Service (experimental)
openldap.schema OpenLDAP Project (FYI)
ppolicy.schema Password Policy Schema (work in progress)
Additional "generally useful" schema definitions can be submitted
using the OpenLDAP Issue Tracking System <http://www.openldap.org/its/>.
Submissions should include a stable reference to a mature, open
technical specification (e.g., an RFC) for the schema.
The core.ldif and openldap.ldif files are equivalent to their
corresponding .schema files. They have been provided as examples
for use with the dynamic configuration backend. These example files
are not actually necessary since slapd will automatically convert any
included *.schema files into LDIF when converting a slapd.conf file
to a configuration database, but they serve as a model of how to
convert schema files in general.
---
This notice applies to all files in this directory.
Copyright 1998-2010 The OpenLDAP Foundation, Redwood City, California, USA
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted only as authorized by the OpenLDAP
Public License. A copy of this license is available at
http://www.OpenLDAP.org/license.html or in file LICENSE in the
top-level directory of the distribution.
---
This notice applies to all schema in this directory which are derived
from RFCs and other IETF documents.
Portions Copyright 1991-2004, The Internet Society. All Rights Reserved.
This document and translations of it may be copied and furnished
to others, and derivative works that comment on or otherwise explain
it or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph
are included on all such copies and derivative works. However,
this document itself may not be modified in any way, such as by
removing the copyright notice or references to the Internet Society
or other Internet organizations, except as needed for the purpose
of developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not
be revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on
an "AS IS" basis and THE AUTHORS, THE INTERNET SOCIETY, AND THE
INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE
OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY
IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR
PURPOSE.
---
$OpenLDAP: pkg/ldap/servers/slapd/schema/README,v 1.29.2.5 2010/04/13 20:23:47 kurt Exp $

65
schema/collective.schema
Unescape Escape View File

@ -0,0 +1,65 @@
# collective.schema -- Collective attribute schema
# $OpenLDAP: pkg/ldap/servers/slapd/schema/collective.schema,v 1.12.2.2 2007/08/31 23:14:06 quanah Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
#
# The version of this file as distributed by the OpenLDAP Foundation
# contains text from an IETF RFC explaining the schema. Unfortunately,
# that text is covered by a license that doesn't meet Debian's Free
# Software Guidelines. This is a stripped version of the schema that
# contains only the functional schema definition, not the text of the
# RFC.
#
# For an explanation of this schema, see RFC 3671, at (among other
# places): http://www.ietf.org/rfc/rfc3671.txt
attributeType ( 2.5.4.7.1 NAME 'c-l'
SUP l COLLECTIVE )
attributeType ( 2.5.4.8.1 NAME 'c-st'
SUP st COLLECTIVE )
attributeType ( 2.5.4.9.1 NAME 'c-street'
SUP street COLLECTIVE )
attributeType ( 2.5.4.10.1 NAME 'c-o'
SUP o COLLECTIVE )
attributeType ( 2.5.4.11.1 NAME 'c-ou'
SUP ou COLLECTIVE )
attributeType ( 2.5.4.16.1 NAME 'c-PostalAddress'
SUP postalAddress COLLECTIVE )
attributeType ( 2.5.4.17.1 NAME 'c-PostalCode'
SUP postalCode COLLECTIVE )
attributeType ( 2.5.4.18.1 NAME 'c-PostOfficeBox'
SUP postOfficeBox COLLECTIVE )
attributeType ( 2.5.4.19.1 NAME 'c-PhysicalDeliveryOfficeName'
SUP physicalDeliveryOfficeName COLLECTIVE )
attributeType ( 2.5.4.20.1 NAME 'c-TelephoneNumber'
SUP telephoneNumber COLLECTIVE )
attributeType ( 2.5.4.21.1 NAME 'c-TelexNumber'
SUP telexNumber COLLECTIVE )
attributeType ( 2.5.4.23.1 NAME 'c-FacsimileTelephoneNumber'
SUP facsimileTelephoneNumber COLLECTIVE )
attributeType ( 2.5.4.25.1 NAME 'c-InternationalISDNNumber'
SUP internationalISDNNumber COLLECTIVE )

61
schema/corba.schema
Unescape Escape View File

@ -0,0 +1,61 @@
# corba.schema -- Corba Object Schema
# depends upon core.schema
# $OpenLDAP: pkg/ldap/servers/slapd/schema/corba.schema,v 1.4.2.3 2007/01/02 21:44:09 kurt Exp $
# $OpenLDAP: pkg/ldap/servers/slapd/schema/corba.schema,v 1.4.2.3 2007/01/02 21:44:09 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
#
# The version of this file as distributed by the OpenLDAP Foundation
# contains text from an IETF RFC explaining the schema. Unfortunately,
# that text is covered by a license that doesn't meet Debian's Free
# Software Guidelines. This is a stripped version of the schema that
# contains only the functional schema definition, not the text of the
# RFC.
#
# For an explanation of this schema, see RFC 2714, at (among other
# places): http://www.ietf.org/rfc/rfc2714.txt
attributetype ( 1.3.6.1.4.1.42.2.27.4.1.14
NAME 'corbaIor'
DESC 'Stringified interoperable object reference of a CORBA object'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.42.2.27.4.1.15
NAME 'corbaRepositoryId'
DESC 'Repository ids of interfaces implemented by a CORBA object'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
objectclass ( 1.3.6.1.4.1.42.2.27.4.2.10
NAME 'corbaContainer'
DESC 'Container for a CORBA object'
SUP top
STRUCTURAL
MUST cn )
objectclass ( 1.3.6.1.4.1.42.2.27.4.2.9
NAME 'corbaObject'
DESC 'CORBA object representation'
SUP top
ABSTRACT
MAY ( corbaRepositoryId $ description ) )
objectclass ( 1.3.6.1.4.1.42.2.27.4.2.11
NAME 'corbaObjectReference'
DESC 'CORBA interoperable object reference'
SUP corbaObject
AUXILIARY
MUST corbaIor )

600
schema/core.ldif
Unescape Escape View File

@ -0,0 +1,600 @@
# OpenLDAP Core schema
# $OpenLDAP: pkg/ldap/servers/slapd/schema/core.ldif,v 1.1.2.5 2007/01/02 21:44:09 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
#
# The version of this file as distributed by the OpenLDAP Foundation
# contains text claiming copyright by the Internet Society and including
# the IETF RFC license, which does not meet Debian's Free Software
# Guidelines. However, apart from short and obvious comments, the text of
# this file is purely a functional interface specification, which is not
# subject to that license and is not copyrightable under US law.
#
# The license statement is retained below so as not to remove credit, but
# as best as we can determine, it is not applicable to the contents of
# this file.
## Portions Copyright (C) The Internet Society (1997-2003).
## All Rights Reserved.
##
## This document and translations of it may be copied and furnished to
## others, and derivative works that comment on or otherwise explain it
## or assist in its implementation may be prepared, copied, published
## and distributed, in whole or in part, without restriction of any
## kind, provided that the above copyright notice and this paragraph are
## included on all such copies and derivative works. However, this
## document itself may not be modified in any way, such as by removing
## the copyright notice or references to the Internet Society or other
## Internet organizations, except as needed for the purpose of
## developing Internet standards in which case the procedures for
## copyrights defined in the Internet Standards process must be
## followed, or as required to translate it into languages other than
## English.
##
## The limited permissions granted above are perpetual and will not be
## revoked by the Internet Society or its successors or assigns.
##
## This document and the information contained herein is provided on an
## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
#
#
#
# Includes LDAPv3 schema items from:
# RFC 2252/2256 (LDAPv3)
#
# Select standard track schema items:
# RFC 1274 (uid/dc)
# RFC 2079 (URI)
# RFC 2247 (dc/dcObject)
# RFC 2587 (PKI)
# RFC 2589 (Dynamic Directory Services)
#
# Select informational schema items:
# RFC 2377 (uidObject)
#
#
# Standard attribute types from RFC 2256
#
dn: cn=core,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: core
#
# system schema
#olcAttributeTypes: ( 2.5.4.0 NAME 'objectClass'
# DESC 'RFC2256: object classes of the entity'
# EQUALITY objectIdentifierMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
#
# system schema
#olcAttributeTypes: ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' )
# DESC 'RFC2256: name of aliased object'
# EQUALITY distinguishedNameMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
#
olcAttributeTypes: ( 2.5.4.2 NAME 'knowledgeInformation'
DESC 'RFC2256: knowledge information'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
#
# system schema
#olcAttributeTypes: ( 2.5.4.3 NAME ( 'cn' 'commonName' )
# DESC 'RFC2256: common name(s) for which the entity is known by'
# SUP name )
#
olcAttributeTypes: ( 2.5.4.4 NAME ( 'sn' 'surname' )
DESC 'RFC2256: last (family) name(s) for which the entity is known by'
SUP name )
#
olcAttributeTypes: ( 2.5.4.5 NAME 'serialNumber'
DESC 'RFC2256: serial number of the entity'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} )
#
olcAttributeTypes: ( 2.5.4.6 NAME ( 'c' 'countryName' )
DESC 'RFC2256: ISO-3166 country 2-letter code'
SUP name SINGLE-VALUE )
#
olcAttributeTypes: ( 2.5.4.7 NAME ( 'l' 'localityName' )
DESC 'RFC2256: locality which this object resides in'
SUP name )
#
olcAttributeTypes: ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' )
DESC 'RFC2256: state or province which this object resides in'
SUP name )
#
olcAttributeTypes: ( 2.5.4.9 NAME ( 'street' 'streetAddress' )
DESC 'RFC2256: street address of this object'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
#
olcAttributeTypes: ( 2.5.4.10 NAME ( 'o' 'organizationName' )
DESC 'RFC2256: organization this object belongs to'
SUP name )
#
olcAttributeTypes: ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' )
DESC 'RFC2256: organizational unit this object belongs to'
SUP name )
#
olcAttributeTypes: ( 2.5.4.12 NAME 'title'
DESC 'RFC2256: title associated with the entity'
SUP name )
#
# system schema
#olcAttributeTypes: ( 2.5.4.13 NAME 'description'
# DESC 'RFC2256: descriptive information'
# EQUALITY caseIgnoreMatch
# SUBSTR caseIgnoreSubstringsMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
#
# Deprecated by enhancedSearchGuide
olcAttributeTypes: ( 2.5.4.14 NAME 'searchGuide'
DESC 'RFC2256: search guide, deprecated by enhancedSearchGuide'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 )
#
olcAttributeTypes: ( 2.5.4.15 NAME 'businessCategory'
DESC 'RFC2256: business category'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
#
olcAttributeTypes: ( 2.5.4.16 NAME 'postalAddress'
DESC 'RFC2256: postal address'
EQUALITY caseIgnoreListMatch
SUBSTR caseIgnoreListSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
#
olcAttributeTypes: ( 2.5.4.17 NAME 'postalCode'
DESC 'RFC2256: postal code'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
#
olcAttributeTypes: ( 2.5.4.18 NAME 'postOfficeBox'
DESC 'RFC2256: Post Office Box'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
#
olcAttributeTypes: ( 2.5.4.19 NAME 'physicalDeliveryOfficeName'
DESC 'RFC2256: Physical Delivery Office Name'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
#
olcAttributeTypes: ( 2.5.4.20 NAME 'telephoneNumber'
DESC 'RFC2256: Telephone Number'
EQUALITY telephoneNumberMatch
SUBSTR telephoneNumberSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} )
#
olcAttributeTypes: ( 2.5.4.21 NAME 'telexNumber'
DESC 'RFC2256: Telex Number'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 )
#
olcAttributeTypes: ( 2.5.4.22 NAME 'teletexTerminalIdentifier'
DESC 'RFC2256: Teletex Terminal Identifier'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 )
#
olcAttributeTypes: ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' )
DESC 'RFC2256: Facsimile (Fax) Telephone Number'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 )
#
olcAttributeTypes: ( 2.5.4.24 NAME 'x121Address'
DESC 'RFC2256: X.121 Address'
EQUALITY numericStringMatch
SUBSTR numericStringSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} )
#
olcAttributeTypes: ( 2.5.4.25 NAME 'internationaliSDNNumber'
DESC 'RFC2256: international ISDN number'
EQUALITY numericStringMatch
SUBSTR numericStringSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} )
#
olcAttributeTypes: ( 2.5.4.26 NAME 'registeredAddress'
DESC 'RFC2256: registered postal address'
SUP postalAddress
SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
#
olcAttributeTypes: ( 2.5.4.27 NAME 'destinationIndicator'
DESC 'RFC2256: destination indicator'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} )
#
olcAttributeTypes: ( 2.5.4.28 NAME 'preferredDeliveryMethod'
DESC 'RFC2256: preferred delivery method'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.14
SINGLE-VALUE )
#
olcAttributeTypes: ( 2.5.4.29 NAME 'presentationAddress'
DESC 'RFC2256: presentation address'
EQUALITY presentationAddressMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.43
SINGLE-VALUE )
#
olcAttributeTypes: ( 2.5.4.30 NAME 'supportedApplicationContext'
DESC 'RFC2256: supported application context'
EQUALITY objectIdentifierMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
#
olcAttributeTypes: ( 2.5.4.31 NAME 'member'
DESC 'RFC2256: member of a group'
SUP distinguishedName )
#
olcAttributeTypes: ( 2.5.4.32 NAME 'owner'
DESC 'RFC2256: owner (of the object)'
SUP distinguishedName )
#
olcAttributeTypes: ( 2.5.4.33 NAME 'roleOccupant'
DESC 'RFC2256: occupant of role'
SUP distinguishedName )
#
# system schema
#olcAttributeTypes: ( 2.5.4.34 NAME 'seeAlso'
# DESC 'RFC2256: DN of related object'
# SUP distinguishedName )
#
# system schema
#olcAttributeTypes: ( 2.5.4.35 NAME 'userPassword'
# DESC 'RFC2256/2307: password of user'
# EQUALITY octetStringMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
#
# Must be transferred using ;binary
# with certificateExactMatch rule (per X.509)
olcAttributeTypes: ( 2.5.4.36 NAME 'userCertificate'
DESC 'RFC2256: X.509 user certificate, use ;binary'
EQUALITY certificateExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
#
# Must be transferred using ;binary
# with certificateExactMatch rule (per X.509)
olcAttributeTypes: ( 2.5.4.37 NAME 'cACertificate'
DESC 'RFC2256: X.509 CA certificate, use ;binary'
EQUALITY certificateExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
#
# Must be transferred using ;binary
olcAttributeTypes: ( 2.5.4.38 NAME 'authorityRevocationList'
DESC 'RFC2256: X.509 authority revocation list, use ;binary'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
#
# Must be transferred using ;binary
olcAttributeTypes: ( 2.5.4.39 NAME 'certificateRevocationList'
DESC 'RFC2256: X.509 certificate revocation list, use ;binary'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
#
# Must be stored and requested in the binary form
olcAttributeTypes: ( 2.5.4.40 NAME 'crossCertificatePair'
DESC 'RFC2256: X.509 cross certificate pair, use ;binary'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 )
#
# 2.5.4.41 is defined above as it's used for subtyping
#olcAttributeTypes: ( 2.5.4.41 NAME 'name'
# EQUALITY caseIgnoreMatch
# SUBSTR caseIgnoreSubstringsMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
#
olcAttributeTypes: ( 2.5.4.42 NAME ( 'givenName' 'gn' )
DESC 'RFC2256: first name(s) for which the entity is known by'
SUP name )
#
olcAttributeTypes: ( 2.5.4.43 NAME 'initials'
DESC 'RFC2256: initials of some or all of names, but not the surname(s).'
SUP name )
#
olcAttributeTypes: ( 2.5.4.44 NAME 'generationQualifier'
DESC 'RFC2256: name qualifier indicating a generation'
SUP name )
#
olcAttributeTypes: ( 2.5.4.45 NAME 'x500UniqueIdentifier'
DESC 'RFC2256: X.500 unique identifier'
EQUALITY bitStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )
#
olcAttributeTypes: ( 2.5.4.46 NAME 'dnQualifier'
DESC 'RFC2256: DN qualifier'
EQUALITY caseIgnoreMatch
ORDERING caseIgnoreOrderingMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
#
olcAttributeTypes: ( 2.5.4.47 NAME 'enhancedSearchGuide'
DESC 'RFC2256: enhanced search guide'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 )
#
olcAttributeTypes: ( 2.5.4.48 NAME 'protocolInformation'
DESC 'RFC2256: protocol information'
EQUALITY protocolInformationMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 )
#
# 2.5.4.49 is defined above as it's used for subtyping
#olcAttributeTypes: ( 2.5.4.49 NAME 'distinguishedName'
# EQUALITY distinguishedNameMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
#
olcAttributeTypes: ( 2.5.4.50 NAME 'uniqueMember'
DESC 'RFC2256: unique member of a group'
EQUALITY uniqueMemberMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 )
#
olcAttributeTypes: ( 2.5.4.51 NAME 'houseIdentifier'
DESC 'RFC2256: house identifier'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
#
# Must be transferred using ;binary
olcAttributeTypes: ( 2.5.4.52 NAME 'supportedAlgorithms'
DESC 'RFC2256: supported algorithms'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 )
#
# Must be transferred using ;binary
olcAttributeTypes: ( 2.5.4.53 NAME 'deltaRevocationList'
DESC 'RFC2256: delta revocation list; use ;binary'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
#
olcAttributeTypes: ( 2.5.4.54 NAME 'dmdName'
DESC 'RFC2256: name of DMD'
SUP name )
#
olcAttributeTypes: ( 2.5.4.65 NAME 'pseudonym'
DESC 'X.520(4th): pseudonym for the object'
SUP name )
#
# Standard object classes from RFC2256
#
# system schema
#olcObjectClasses: ( 2.5.6.1 NAME 'alias'
# DESC 'RFC2256: an alias'
# SUP top STRUCTURAL
# MUST aliasedObjectName )
#
olcObjectClasses: ( 2.5.6.2 NAME 'country'
DESC 'RFC2256: a country'
SUP top STRUCTURAL
MUST c
MAY ( searchGuide $ description ) )
#
olcObjectClasses: ( 2.5.6.3 NAME 'locality'
DESC 'RFC2256: a locality'
SUP top STRUCTURAL
MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) )
#
olcObjectClasses: ( 2.5.6.4 NAME 'organization'
DESC 'RFC2256: an organization'
SUP top STRUCTURAL
MUST o
MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $
facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
#
olcObjectClasses: ( 2.5.6.5 NAME 'organizationalUnit'
DESC 'RFC2256: an organizational unit'
SUP top STRUCTURAL
MUST ou
MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $
facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
#
olcObjectClasses: ( 2.5.6.6 NAME 'person'
DESC 'RFC2256: a person'
SUP top STRUCTURAL
MUST ( sn $ cn )
MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) )
#
olcObjectClasses: ( 2.5.6.7 NAME 'organizationalPerson'
DESC 'RFC2256: an organizational person'
SUP person STRUCTURAL
MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $
facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) )
#
olcObjectClasses: ( 2.5.6.8 NAME 'organizationalRole'
DESC 'RFC2256: an organizational role'
SUP top STRUCTURAL
MUST cn
MAY ( x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $
postOfficeBox $ postalCode $ postalAddress $
physicalDeliveryOfficeName $ ou $ st $ l $ description ) )
#
olcObjectClasses: ( 2.5.6.9 NAME 'groupOfNames'
DESC 'RFC2256: a group of names (DNs)'
SUP top STRUCTURAL
MUST ( member $ cn )
MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
#
olcObjectClasses: ( 2.5.6.10 NAME 'residentialPerson'
DESC 'RFC2256: an residential person'
SUP person STRUCTURAL
MUST l
MAY ( businessCategory $ x121Address $ registeredAddress $
destinationIndicator $ preferredDeliveryMethod $ telexNumber $
teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $
facsimileTelephoneNumber $ preferredDeliveryMethod $ street $
postOfficeBox $ postalCode $ postalAddress $
physicalDeliveryOfficeName $ st $ l ) )
#
olcObjectClasses: ( 2.5.6.11 NAME 'applicationProcess'
DESC 'RFC2256: an application process'
SUP top STRUCTURAL
MUST cn
MAY ( seeAlso $ ou $ l $ description ) )
#
olcObjectClasses: ( 2.5.6.12 NAME 'applicationEntity'
DESC 'RFC2256: an application entity'
SUP top STRUCTURAL
MUST ( presentationAddress $ cn )
MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $
description ) )
#
olcObjectClasses: ( 2.5.6.13 NAME 'dSA'
DESC 'RFC2256: a directory system agent (a server)'
SUP applicationEntity STRUCTURAL
MAY knowledgeInformation )
#
olcObjectClasses: ( 2.5.6.14 NAME 'device'
DESC 'RFC2256: a device'
SUP top STRUCTURAL
MUST cn
MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) )
#
olcObjectClasses: ( 2.5.6.15 NAME 'strongAuthenticationUser'
DESC 'RFC2256: a strong authentication user'
SUP top AUXILIARY
MUST userCertificate )
#
olcObjectClasses: ( 2.5.6.16 NAME 'certificationAuthority'
DESC 'RFC2256: a certificate authority'
SUP top AUXILIARY
MUST ( authorityRevocationList $ certificateRevocationList $
cACertificate ) MAY crossCertificatePair )
#
olcObjectClasses: ( 2.5.6.17 NAME 'groupOfUniqueNames'
DESC 'RFC2256: a group of unique names (DN and Unique Identifier)'
SUP top STRUCTURAL
MUST ( uniqueMember $ cn )
MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
#
olcObjectClasses: ( 2.5.6.18 NAME 'userSecurityInformation'
DESC 'RFC2256: a user security information'
SUP top AUXILIARY
MAY ( supportedAlgorithms ) )
#
olcObjectClasses: ( 2.5.6.16.2 NAME 'certificationAuthority-V2'
SUP certificationAuthority
AUXILIARY MAY ( deltaRevocationList ) )
#
olcObjectClasses: ( 2.5.6.19 NAME 'cRLDistributionPoint'
SUP top STRUCTURAL
MUST ( cn )
MAY ( certificateRevocationList $ authorityRevocationList $
deltaRevocationList ) )
#
olcObjectClasses: ( 2.5.6.20 NAME 'dmd'
SUP top STRUCTURAL
MUST ( dmdName )
MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
street $ postOfficeBox $ postalCode $ postalAddress $
physicalDeliveryOfficeName $ st $ l $ description ) )
#
#
# Object Classes from RFC 2587
#
olcObjectClasses: ( 2.5.6.21 NAME 'pkiUser'
DESC 'RFC2587: a PKI user'
SUP top AUXILIARY
MAY userCertificate )
#
olcObjectClasses: ( 2.5.6.22 NAME 'pkiCA'
DESC 'RFC2587: PKI certificate authority'
SUP top AUXILIARY
MAY ( authorityRevocationList $ certificateRevocationList $
cACertificate $ crossCertificatePair ) )
#
olcObjectClasses: ( 2.5.6.23 NAME 'deltaCRL'
DESC 'RFC2587: PKI user'
SUP top AUXILIARY
MAY deltaRevocationList )
#
#
# Standard Track URI label schema from RFC 2079
# system schema
#olcAttributeTypes: ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI'
# DESC 'RFC2079: Uniform Resource Identifier with optional label'
# EQUALITY caseExactMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
#
olcObjectClasses: ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject'
DESC 'RFC2079: object that contains the URI attribute type'
MAY ( labeledURI )
SUP top AUXILIARY )
#
#
# Derived from RFC 1274, but with new "short names"
#
#olcAttributeTypes: ( 0.9.2342.19200300.100.1.1
# NAME ( 'uid' 'userid' )
# DESC 'RFC1274: user identifier'
# EQUALITY caseIgnoreMatch
# SUBSTR caseIgnoreSubstringsMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
#
olcAttributeTypes: ( 0.9.2342.19200300.100.1.3
NAME ( 'mail' 'rfc822Mailbox' )
DESC 'RFC1274: RFC822 Mailbox'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
#
olcObjectClasses: ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
DESC 'RFC1274: simple security object'
SUP top AUXILIARY
MUST userPassword )
#
# RFC 1274 + RFC 2247
olcAttributeTypes: ( 0.9.2342.19200300.100.1.25
NAME ( 'dc' 'domainComponent' )
DESC 'RFC1274/2247: domain component'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
#
# RFC 2247
olcObjectClasses: ( 1.3.6.1.4.1.1466.344 NAME 'dcObject'
DESC 'RFC2247: domain component object'
SUP top AUXILIARY MUST dc )
#
# RFC 2377
olcObjectClasses: ( 1.3.6.1.1.3.1 NAME 'uidObject'
DESC 'RFC2377: uid object'
SUP top AUXILIARY MUST uid )
#
# From COSINE Pilot
olcAttributeTypes: ( 0.9.2342.19200300.100.1.37
NAME 'associatedDomain'
DESC 'RFC1274: domain associated with object'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
#
# RFC 2459 -- deprecated in favor of 'mail' (in cosine.schema)
olcAttributeTypes: ( 1.2.840.113549.1.9.1
NAME ( 'email' 'emailAddress' 'pkcs9email' )
DESC 'RFC3280: legacy attribute for email addresses in DNs'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
#

603
schema/core.schema
Unescape Escape View File

@ -0,0 +1,603 @@
# OpenLDAP Core schema
# $OpenLDAP: pkg/ldap/servers/slapd/schema/core.schema,v 1.79.2.8 2007/01/02 21:44:09 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
#
# The version of this file as distributed by the OpenLDAP Foundation
# contains text claiming copyright by the Internet Society and including
# the IETF RFC license, which does not meet Debian's Free Software
# Guidelines. However, apart from short and obvious comments, the text of
# this file is purely a functional interface specification, which is not
# subject to that license and is not copyrightable under US law.
#
# The license statement is retained below so as not to remove credit, but
# as best as we can determine, it is not applicable to the contents of
# this file.
## Portions Copyright (C) The Internet Society (1997-2003).
## All Rights Reserved.
##
## This document and translations of it may be copied and furnished to
## others, and derivative works that comment on or otherwise explain it
## or assist in its implementation may be prepared, copied, published
## and distributed, in whole or in part, without restriction of any
## kind, provided that the above copyright notice and this paragraph are
## included on all such copies and derivative works. However, this
## document itself may not be modified in any way, such as by removing
## the copyright notice or references to the Internet Society or other
## Internet organizations, except as needed for the purpose of
## developing Internet standards in which case the procedures for
## copyrights defined in the Internet Standards process must be
## followed, or as required to translate it into languages other than
## English.
##
## The limited permissions granted above are perpetual and will not be
## revoked by the Internet Society or its successors or assigns.
##
## This document and the information contained herein is provided on an
## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
#
#
# Includes LDAPv3 schema items from:
# RFC 2252/2256 (LDAPv3)
#
# Select standard track schema items:
# RFC 1274 (uid/dc)
# RFC 2079 (URI)
# RFC 2247 (dc/dcObject)
# RFC 2587 (PKI)
# RFC 2589 (Dynamic Directory Services)
#
# Select informational schema items:
# RFC 2377 (uidObject)
#
# Standard attribute types from RFC 2256
#
# system schema
#attributetype ( 2.5.4.0 NAME 'objectClass'
# DESC 'RFC2256: object classes of the entity'
# EQUALITY objectIdentifierMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
# system schema
#attributetype ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' )
# DESC 'RFC2256: name of aliased object'
# EQUALITY distinguishedNameMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
attributetype ( 2.5.4.2 NAME 'knowledgeInformation'
DESC 'RFC2256: knowledge information'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
# system schema
#attributetype ( 2.5.4.3 NAME ( 'cn' 'commonName' )
# DESC 'RFC2256: common name(s) for which the entity is known by'
# SUP name )
attributetype ( 2.5.4.4 NAME ( 'sn' 'surname' )
DESC 'RFC2256: last (family) name(s) for which the entity is known by'
SUP name )
attributetype ( 2.5.4.5 NAME 'serialNumber'
DESC 'RFC2256: serial number of the entity'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} )
attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' )
DESC 'RFC2256: ISO-3166 country 2-letter code'
SUP name SINGLE-VALUE )
attributetype ( 2.5.4.7 NAME ( 'l' 'localityName' )
DESC 'RFC2256: locality which this object resides in'
SUP name )
attributetype ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' )
DESC 'RFC2256: state or province which this object resides in'
SUP name )
attributetype ( 2.5.4.9 NAME ( 'street' 'streetAddress' )
DESC 'RFC2256: street address of this object'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
attributetype ( 2.5.4.10 NAME ( 'o' 'organizationName' )
DESC 'RFC2256: organization this object belongs to'
SUP name )
attributetype ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' )
DESC 'RFC2256: organizational unit this object belongs to'
SUP name )
attributetype ( 2.5.4.12 NAME 'title'
DESC 'RFC2256: title associated with the entity'
SUP name )
# system schema
#attributetype ( 2.5.4.13 NAME 'description'
# DESC 'RFC2256: descriptive information'
# EQUALITY caseIgnoreMatch
# SUBSTR caseIgnoreSubstringsMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
# Deprecated by enhancedSearchGuide
attributetype ( 2.5.4.14 NAME 'searchGuide'
DESC 'RFC2256: search guide, deprecated by enhancedSearchGuide'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 )
attributetype ( 2.5.4.15 NAME 'businessCategory'
DESC 'RFC2256: business category'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
attributetype ( 2.5.4.16 NAME 'postalAddress'
DESC 'RFC2256: postal address'
EQUALITY caseIgnoreListMatch
SUBSTR caseIgnoreListSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
attributetype ( 2.5.4.17 NAME 'postalCode'
DESC 'RFC2256: postal code'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
attributetype ( 2.5.4.18 NAME 'postOfficeBox'
DESC 'RFC2256: Post Office Box'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
attributetype ( 2.5.4.19 NAME 'physicalDeliveryOfficeName'
DESC 'RFC2256: Physical Delivery Office Name'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
attributetype ( 2.5.4.20 NAME 'telephoneNumber'
DESC 'RFC2256: Telephone Number'
EQUALITY telephoneNumberMatch
SUBSTR telephoneNumberSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} )
attributetype ( 2.5.4.21 NAME 'telexNumber'
DESC 'RFC2256: Telex Number'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 )
attributetype ( 2.5.4.22 NAME 'teletexTerminalIdentifier'
DESC 'RFC2256: Teletex Terminal Identifier'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 )
attributetype ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' )
DESC 'RFC2256: Facsimile (Fax) Telephone Number'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 )
attributetype ( 2.5.4.24 NAME 'x121Address'
DESC 'RFC2256: X.121 Address'
EQUALITY numericStringMatch
SUBSTR numericStringSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} )
attributetype ( 2.5.4.25 NAME 'internationaliSDNNumber'
DESC 'RFC2256: international ISDN number'
EQUALITY numericStringMatch
SUBSTR numericStringSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} )
attributetype ( 2.5.4.26 NAME 'registeredAddress'
DESC 'RFC2256: registered postal address'
SUP postalAddress
SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
attributetype ( 2.5.4.27 NAME 'destinationIndicator'
DESC 'RFC2256: destination indicator'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} )
attributetype ( 2.5.4.28 NAME 'preferredDeliveryMethod'
DESC 'RFC2256: preferred delivery method'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.14
SINGLE-VALUE )
attributetype ( 2.5.4.29 NAME 'presentationAddress'
DESC 'RFC2256: presentation address'
EQUALITY presentationAddressMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.43
SINGLE-VALUE )
attributetype ( 2.5.4.30 NAME 'supportedApplicationContext'
DESC 'RFC2256: supported application context'
EQUALITY objectIdentifierMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
attributetype ( 2.5.4.31 NAME 'member'
DESC 'RFC2256: member of a group'
SUP distinguishedName )
attributetype ( 2.5.4.32 NAME 'owner'
DESC 'RFC2256: owner (of the object)'
SUP distinguishedName )
attributetype ( 2.5.4.33 NAME 'roleOccupant'
DESC 'RFC2256: occupant of role'
SUP distinguishedName )
# system schema
#attributetype ( 2.5.4.34 NAME 'seeAlso'
# DESC 'RFC2256: DN of related object'
# SUP distinguishedName )
# system schema
#attributetype ( 2.5.4.35 NAME 'userPassword'
# DESC 'RFC2256/2307: password of user'
# EQUALITY octetStringMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
# Must be transferred using ;binary
# with certificateExactMatch rule (per X.509)
attributetype ( 2.5.4.36 NAME 'userCertificate'
DESC 'RFC2256: X.509 user certificate, use ;binary'
EQUALITY certificateExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
# Must be transferred using ;binary
# with certificateExactMatch rule (per X.509)
attributetype ( 2.5.4.37 NAME 'cACertificate'
DESC 'RFC2256: X.509 CA certificate, use ;binary'
EQUALITY certificateExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
# Must be transferred using ;binary
attributetype ( 2.5.4.38 NAME 'authorityRevocationList'
DESC 'RFC2256: X.509 authority revocation list, use ;binary'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
# Must be transferred using ;binary
attributetype ( 2.5.4.39 NAME 'certificateRevocationList'
DESC 'RFC2256: X.509 certificate revocation list, use ;binary'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
# Must be stored and requested in the binary form
attributetype ( 2.5.4.40 NAME 'crossCertificatePair'
DESC 'RFC2256: X.509 cross certificate pair, use ;binary'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 )
# system schema
#attributetype ( 2.5.4.41 NAME 'name'
# EQUALITY caseIgnoreMatch
# SUBSTR caseIgnoreSubstringsMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
attributetype ( 2.5.4.42 NAME ( 'givenName' 'gn' )
DESC 'RFC2256: first name(s) for which the entity is known by'
SUP name )
attributetype ( 2.5.4.43 NAME 'initials'
DESC 'RFC2256: initials of some or all of names, but not the surname(s).'
SUP name )
attributetype ( 2.5.4.44 NAME 'generationQualifier'
DESC 'RFC2256: name qualifier indicating a generation'
SUP name )
attributetype ( 2.5.4.45 NAME 'x500UniqueIdentifier'
DESC 'RFC2256: X.500 unique identifier'
EQUALITY bitStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )
attributetype ( 2.5.4.46 NAME 'dnQualifier'
DESC 'RFC2256: DN qualifier'
EQUALITY caseIgnoreMatch
ORDERING caseIgnoreOrderingMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
attributetype ( 2.5.4.47 NAME 'enhancedSearchGuide'
DESC 'RFC2256: enhanced search guide'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 )
attributetype ( 2.5.4.48 NAME 'protocolInformation'
DESC 'RFC2256: protocol information'
EQUALITY protocolInformationMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 )
# system schema
#attributetype ( 2.5.4.49 NAME 'distinguishedName'
# EQUALITY distinguishedNameMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 2.5.4.50 NAME 'uniqueMember'
DESC 'RFC2256: unique member of a group'
EQUALITY uniqueMemberMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 )
attributetype ( 2.5.4.51 NAME 'houseIdentifier'
DESC 'RFC2256: house identifier'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
# Must be transferred using ;binary
attributetype ( 2.5.4.52 NAME 'supportedAlgorithms'
DESC 'RFC2256: supported algorithms'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 )
# Must be transferred using ;binary
attributetype ( 2.5.4.53 NAME 'deltaRevocationList'
DESC 'RFC2256: delta revocation list; use ;binary'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
attributetype ( 2.5.4.54 NAME 'dmdName'
DESC 'RFC2256: name of DMD'
SUP name )
attributetype ( 2.5.4.65 NAME 'pseudonym'
DESC 'X.520(4th): pseudonym for the object'
SUP name )
# Standard object classes from RFC2256
# system schema
#objectclass ( 2.5.6.0 NAME 'top'
# DESC 'RFC2256: top of the superclass chain'
# ABSTRACT
# MUST objectClass )
# system schema
#objectclass ( 2.5.6.1 NAME 'alias'
# DESC 'RFC2256: an alias'
# SUP top STRUCTURAL
# MUST aliasedObjectName )
objectclass ( 2.5.6.2 NAME 'country'
DESC 'RFC2256: a country'
SUP top STRUCTURAL
MUST c
MAY ( searchGuide $ description ) )
objectclass ( 2.5.6.3 NAME 'locality'
DESC 'RFC2256: a locality'
SUP top STRUCTURAL
MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) )
objectclass ( 2.5.6.4 NAME 'organization'
DESC 'RFC2256: an organization'
SUP top STRUCTURAL
MUST o
MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $
facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
objectclass ( 2.5.6.5 NAME 'organizationalUnit'
DESC 'RFC2256: an organizational unit'
SUP top STRUCTURAL
MUST ou
MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $
facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
objectclass ( 2.5.6.6 NAME 'person'
DESC 'RFC2256: a person'
SUP top STRUCTURAL
MUST ( sn $ cn )
MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) )
objectclass ( 2.5.6.7 NAME 'organizationalPerson'
DESC 'RFC2256: an organizational person'
SUP person STRUCTURAL
MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $
facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) )
objectclass ( 2.5.6.8 NAME 'organizationalRole'
DESC 'RFC2256: an organizational role'
SUP top STRUCTURAL
MUST cn
MAY ( x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $
postOfficeBox $ postalCode $ postalAddress $
physicalDeliveryOfficeName $ ou $ st $ l $ description ) )
objectclass ( 2.5.6.9 NAME 'groupOfNames'
DESC 'RFC2256: a group of names (DNs)'
SUP top STRUCTURAL
MUST ( member $ cn )
MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
objectclass ( 2.5.6.10 NAME 'residentialPerson'
DESC 'RFC2256: an residential person'
SUP person STRUCTURAL
MUST l
MAY ( businessCategory $ x121Address $ registeredAddress $
destinationIndicator $ preferredDeliveryMethod $ telexNumber $
teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $
facsimileTelephoneNumber $ preferredDeliveryMethod $ street $
postOfficeBox $ postalCode $ postalAddress $
physicalDeliveryOfficeName $ st $ l ) )
objectclass ( 2.5.6.11 NAME 'applicationProcess'
DESC 'RFC2256: an application process'
SUP top STRUCTURAL
MUST cn
MAY ( seeAlso $ ou $ l $ description ) )
objectclass ( 2.5.6.12 NAME 'applicationEntity'
DESC 'RFC2256: an application entity'
SUP top STRUCTURAL
MUST ( presentationAddress $ cn )
MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $
description ) )
objectclass ( 2.5.6.13 NAME 'dSA'
DESC 'RFC2256: a directory system agent (a server)'
SUP applicationEntity STRUCTURAL
MAY knowledgeInformation )
objectclass ( 2.5.6.14 NAME 'device'
DESC 'RFC2256: a device'
SUP top STRUCTURAL
MUST cn
MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) )
objectclass ( 2.5.6.15 NAME 'strongAuthenticationUser'
DESC 'RFC2256: a strong authentication user'
SUP top AUXILIARY
MUST userCertificate )
objectclass ( 2.5.6.16 NAME 'certificationAuthority'
DESC 'RFC2256: a certificate authority'
SUP top AUXILIARY
MUST ( authorityRevocationList $ certificateRevocationList $
cACertificate ) MAY crossCertificatePair )
objectclass ( 2.5.6.17 NAME 'groupOfUniqueNames'
DESC 'RFC2256: a group of unique names (DN and Unique Identifier)'
SUP top STRUCTURAL
MUST ( uniqueMember $ cn )
MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
objectclass ( 2.5.6.18 NAME 'userSecurityInformation'
DESC 'RFC2256: a user security information'
SUP top AUXILIARY
MAY ( supportedAlgorithms ) )
objectclass ( 2.5.6.16.2 NAME 'certificationAuthority-V2'
SUP certificationAuthority
AUXILIARY MAY ( deltaRevocationList ) )
objectclass ( 2.5.6.19 NAME 'cRLDistributionPoint'
SUP top STRUCTURAL
MUST ( cn )
MAY ( certificateRevocationList $ authorityRevocationList $
deltaRevocationList ) )
objectclass ( 2.5.6.20 NAME 'dmd'
SUP top STRUCTURAL
MUST ( dmdName )
MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
street $ postOfficeBox $ postalCode $ postalAddress $
physicalDeliveryOfficeName $ st $ l $ description ) )
#
# Object Classes from RFC 2587
#
objectclass ( 2.5.6.21 NAME 'pkiUser'
DESC 'RFC2587: a PKI user'
SUP top AUXILIARY
MAY userCertificate )
objectclass ( 2.5.6.22 NAME 'pkiCA'
DESC 'RFC2587: PKI certificate authority'
SUP top AUXILIARY
MAY ( authorityRevocationList $ certificateRevocationList $
cACertificate $ crossCertificatePair ) )
objectclass ( 2.5.6.23 NAME 'deltaCRL'
DESC 'RFC2587: PKI user'
SUP top AUXILIARY
MAY deltaRevocationList )
#
# Standard Track URI label schema from RFC 2079
# system schema
#attributetype ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI'
# DESC 'RFC2079: Uniform Resource Identifier with optional label'
# EQUALITY caseExactMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
objectclass ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject'
DESC 'RFC2079: object that contains the URI attribute type'
SUP top AUXILIARY
MAY ( labeledURI ) )
#
# Derived from RFC 1274, but with new "short names"
#
#attributetype ( 0.9.2342.19200300.100.1.1
# NAME ( 'uid' 'userid' )
# DESC 'RFC1274: user identifier'
# EQUALITY caseIgnoreMatch
# SUBSTR caseIgnoreSubstringsMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 0.9.2342.19200300.100.1.3
NAME ( 'mail' 'rfc822Mailbox' )
DESC 'RFC1274: RFC822 Mailbox'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
DESC 'RFC1274: simple security object'
SUP top AUXILIARY
MUST userPassword )
# RFC 1274 + RFC 2247
attributetype ( 0.9.2342.19200300.100.1.25
NAME ( 'dc' 'domainComponent' )
DESC 'RFC1274/2247: domain component'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
# RFC 2247
objectclass ( 1.3.6.1.4.1.1466.344 NAME 'dcObject'
DESC 'RFC2247: domain component object'
SUP top AUXILIARY MUST dc )
# RFC 2377
objectclass ( 1.3.6.1.1.3.1 NAME 'uidObject'
DESC 'RFC2377: uid object'
SUP top AUXILIARY MUST uid )
# From COSINE Pilot
attributetype ( 0.9.2342.19200300.100.1.37
NAME 'associatedDomain'
DESC 'RFC1274: domain associated with object'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
# RFC 2459 -- deprecated in favor of 'mail' (in cosine.schema)
attributetype ( 1.2.840.113549.1.9.1
NAME ( 'email' 'emailAddress' 'pkcs9email' )
DESC 'RFC3280: legacy attribute for email addresses in DNs'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )

200
schema/cosine.ldif
Unescape Escape View File

@ -0,0 +1,200 @@
# RFC1274: Cosine and Internet X.500 schema
# $OpenLDAP: pkg/ldap/servers/slapd/schema/cosine.ldif,v 1.1.2.5 2010/04/13 20:23:48 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2010 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
#
# RFC1274: Cosine and Internet X.500 schema
#
# This file contains LDAPv3 schema derived from X.500 COSINE "pilot"
# schema. As this schema was defined for X.500(89), some
# oddities were introduced in the mapping to LDAPv3. The
# mappings were based upon: draft-ietf-asid-ldapv3-attributes-03.txt
# (a work in progress)
#
# Note: It seems that the pilot schema evolved beyond what was
# described in RFC1274. However, this document attempts to describes
# RFC1274 as published.
#
# Depends on core.ldif
#
# This file was automatically generated from cosine.schema; see that
# file for complete background.
#
dn: cn=cosine,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: cosine
olcAttributeTypes: ( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress'
EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.
1466.115.121.1.15{256} )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.4 NAME 'info' DESC 'RFC1274: g
eneral information' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.5 NAME ( 'drink' 'favouriteDri
nk' ) DESC 'RFC1274: favorite drink' EQUALITY caseIgnoreMatch SUBSTR caseIgno
reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' DESC 'RFC1
274: room number' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch S
YNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.7 NAME 'photo' DESC 'RFC1274:
photo (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000} )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.8 NAME 'userClass' DESC 'RFC12
74: category of user' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMat
ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.9 NAME 'host' DESC 'RFC1274: h
ost computer' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTA
X 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.10 NAME 'manager' DESC 'RFC127
4: DN of manager' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115
.121.1.12 )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier' D
ESC 'RFC1274: unique identifier of document' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle' DESC '
RFC1274: title of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstri
ngsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion' DES
C 'RFC1274: version of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSu
bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor' DESC
'RFC1274: DN of author of document' EQUALITY distinguishedNameMatch SYNTAX 1
.3.6.1.4.1.1466.115.121.1.12 )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation' DE
SC 'RFC1274: location of document original' EQUALITY caseIgnoreMatch SUBSTR c
aseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.20 NAME ( 'homePhone' 'homeTe
lephoneNumber' ) DESC 'RFC1274: home telephone number' EQUALITY telephoneNumb
erMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121
.1.50 )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.21 NAME 'secretary' DESC 'RFC
1274: DN of secretary' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.146
6.115.121.1.12 )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox' SYNTAX
1.3.6.1.4.1.1466.115.121.1.39 )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.26 NAME 'aRecord' EQUALITY ca
seIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.27 NAME 'mDRecord' EQUALITY c
aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.28 NAME 'mXRecord' EQUALITY c
aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.29 NAME 'nSRecord' EQUALITY c
aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.30 NAME 'sOARecord' EQUALITY
caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord' EQUALIT
Y caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.38 NAME 'associatedName' DESC
'RFC1274: DN of entry associated with domain' EQUALITY distinguishedNameMatc
h SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress' D
ESC 'RFC1274: home postal address' EQUALITY caseIgnoreListMatch SUBSTR caseIg
noreListSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.40 NAME 'personalTitle' DESC
'RFC1274: personal title' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring
sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.41 NAME ( 'mobile' 'mobileTel
ephoneNumber' ) DESC 'RFC1274: mobile telephone number' EQUALITY telephoneNum
berMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12
1.1.50 )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.42 NAME ( 'pager' 'pagerTelep
honeNumber' ) DESC 'RFC1274: pager telephone number' EQUALITY telephoneNumber
Match SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1
.50 )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.43 NAME ( 'co' 'friendlyCount
ryName' ) DESC 'RFC1274: friendly country name' EQUALITY caseIgnoreMatch SUBS
TR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier' DE
SC 'RFC1274: unique identifer' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.14
66.115.121.1.15{256} )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus
' DESC 'RFC1274: organizational status' EQUALITY caseIgnoreMatch SUBSTR caseI
gnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox' DESC '
RFC1274: Janet mailbox' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Subst
ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.47 NAME 'mailPreferenceOption
' DESC 'RFC1274: mail preference option' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
)
olcAttributeTypes: ( 0.9.2342.19200300.100.1.48 NAME 'buildingName' DESC '
RFC1274: name of building' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrin
gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.49 NAME 'dSAQuality' DESC 'RF
C1274: DSA Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.19 SINGLE-VALUE )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.50 NAME 'singleLevelQuality'
DESC 'RFC1274: Single Level Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SIN
GLE-VALUE )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.51 NAME 'subtreeMinimumQualit
y' DESC 'RFC1274: Subtree Mininum Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.
13 SINGLE-VALUE )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.52 NAME 'subtreeMaximumQualit
y' DESC 'RFC1274: Subtree Maximun Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.
13 SINGLE-VALUE )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.53 NAME 'personalSignature' D
ESC 'RFC1274: Personal Signature (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.
23 )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect' DESC 'R
FC1274: DIT Redirect' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466
.115.121.1.12 )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.55 NAME 'audio' DESC 'RFC1274
: audio (u-law)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.4{25000} )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher' D
ESC 'RFC1274: publisher of document' EQUALITY caseIgnoreMatch SUBSTR caseIgno
reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcObjectClasses: ( 0.9.2342.19200300.100.4.4 NAME ( 'pilotPerson' 'newPilo
tPerson' ) SUP person STRUCTURAL MAY ( userid $ textEncodedORAddress $ rfc822
Mailbox $ favouriteDrink $ roomNumber $ userClass $ homeTelephoneNumber $ hom
ePostalAddress $ secretary $ personalTitle $ preferredDeliveryMethod $ busine
ssCategory $ janetMailbox $ otherMailbox $ mobileTelephoneNumber $ pagerTelep
honeNumber $ organizationalStatus $ mailPreferenceOption $ personalSignature
) )
olcObjectClasses: ( 0.9.2342.19200300.100.4.5 NAME 'account' SUP top STRUCT
URAL MUST userid MAY ( description $ seeAlso $ localityName $ organizationNam
e $ organizationalUnitName $ host ) )
olcObjectClasses: ( 0.9.2342.19200300.100.4.6 NAME 'document' SUP top STRUC
TURAL MUST documentIdentifier MAY ( commonName $ description $ seeAlso $ loca
lityName $ organizationName $ organizationalUnitName $ documentTitle $ docume
ntVersion $ documentAuthor $ documentLocation $ documentPublisher ) )
olcObjectClasses: ( 0.9.2342.19200300.100.4.7 NAME 'room' SUP top STRUCTURA
L MUST commonName MAY ( roomNumber $ description $ seeAlso $ telephoneNumber
) )
olcObjectClasses: ( 0.9.2342.19200300.100.4.9 NAME 'documentSeries' SUP top
STRUCTURAL MUST commonName MAY ( description $ seeAlso $ telephonenumber $ l
ocalityName $ organizationName $ organizationalUnitName ) )
olcObjectClasses: ( 0.9.2342.19200300.100.4.13 NAME 'domain' SUP top STRUCT
URAL MUST domainComponent MAY ( associatedName $ organizationName $ descripti
on $ businessCategory $ seeAlso $ searchGuide $ userPassword $ localityName $
stateOrProvinceName $ streetAddress $ physicalDeliveryOfficeName $ postalAdd
ress $ postalCode $ postOfficeBox $ streetAddress $ facsimileTelephoneNumber
$ internationalISDNNumber $ telephoneNumber $ teletexTerminalIdentifier $ tel
exNumber $ preferredDeliveryMethod $ destinationIndicator $ registeredAddress
$ x121Address ) )
olcObjectClasses: ( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart' SUP d
omain STRUCTURAL MAY ( commonName $ surname $ description $ seeAlso $ telepho
neNumber $ physicalDeliveryOfficeName $ postalAddress $ postalCode $ postOffi
ceBox $ streetAddress $ facsimileTelephoneNumber $ internationalISDNNumber $
telephoneNumber $ teletexTerminalIdentifier $ telexNumber $ preferredDelivery
Method $ destinationIndicator $ registeredAddress $ x121Address ) )
olcObjectClasses: ( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain' SUP domain
STRUCTURAL MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $ SOARecord $ CNAME
Record ) )
olcObjectClasses: ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject' D
ESC 'RFC1274: an object related to an domain' SUP top AUXILIARY MUST associat
edDomain )
olcObjectClasses: ( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry' SUP c
ountry STRUCTURAL MUST friendlyCountryName )
olcObjectClasses: ( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization' SU
P ( organization $ organizationalUnit ) STRUCTURAL MAY buildingName )
olcObjectClasses: ( 0.9.2342.19200300.100.4.21 NAME 'pilotDSA' SUP dsa STR
UCTURAL MAY dSAQuality )
olcObjectClasses: ( 0.9.2342.19200300.100.4.22 NAME 'qualityLabelledData'
SUP top AUXILIARY MUST dsaQuality MAY ( subtreeMinimumQuality $ subtreeMaximu
mQuality ) )

404
schema/cosine.schema
Unescape Escape View File

@ -0,0 +1,404 @@
# RFC1274: Cosine and Internet X.500 schema
# $OpenLDAP: pkg/ldap/servers/slapd/schema/cosine.schema,v 1.19.2.5 2007/01/02 21:44:09 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
# RFC1274: Cosine and Internet X.500 schema
#
# This file contains LDAPv3 schema derived from X.500 COSINE "pilot"
# schema. As this schema was defined for X.500(89), some
# oddities were introduced in the mapping to LDAPv3. The
# mappings were based upon: draft-ietf-asid-ldapv3-attributes-03.txt
# (a work in progress)
#
# Note: It seems that the pilot schema evolved beyond what was
# described in RFC1274. However, this document attempts to describes
# RFC1274 as published.
#
# Depends on core.schema
# The version of this file as distributed by the OpenLDAP Foundation
# contains text from an IETF RFC explaining the schema. Unfortunately,
# that text is covered by a license that doesn't meet Debian's Free
# Software Guidelines. This is a stripped version of the schema that
# contains only the functional schema definition, not the text of the
# RFC.
#
# For an explanation of this schema, see RFC 1274, at (among other
# places): http://www.ietf.org/rfc/rfc1274.txt
#(in core.schema)
##attributetype ( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' )
## EQUALITY caseIgnoreMatch
## SUBSTR caseIgnoreSubstringsMatch
## SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
#(in core.schema)
##attributetype ( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822Mailbox' )
## EQUALITY caseIgnoreIA5Match
## SUBSTR caseIgnoreIA5SubstringsMatch
## SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
attributetype ( 0.9.2342.19200300.100.1.4 NAME 'info'
DESC 'RFC1274: general information'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} )
attributetype ( 0.9.2342.19200300.100.1.5
NAME ( 'drink' 'favouriteDrink' )
DESC 'RFC1274: favorite drink'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber'
DESC 'RFC1274: room number'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 0.9.2342.19200300.100.1.7 NAME 'photo'
DESC 'RFC1274: photo (G3 fax)'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000} )
attributetype ( 0.9.2342.19200300.100.1.8 NAME 'userClass'
DESC 'RFC1274: category of user'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 0.9.2342.19200300.100.1.9 NAME 'host'
DESC 'RFC1274: host computer'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 0.9.2342.19200300.100.1.10 NAME 'manager'
DESC 'RFC1274: DN of manager'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier'
DESC 'RFC1274: unique identifier of document'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle'
DESC 'RFC1274: title of document'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion'
DESC 'RFC1274: version of document'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor'
DESC 'RFC1274: DN of author of document'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation'
DESC 'RFC1274: location of document original'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 0.9.2342.19200300.100.1.20
NAME ( 'homePhone' 'homeTelephoneNumber' )
DESC 'RFC1274: home telephone number'
EQUALITY telephoneNumberMatch
SUBSTR telephoneNumberSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
attributetype ( 0.9.2342.19200300.100.1.21 NAME 'secretary'
DESC 'RFC1274: DN of secretary'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.39 )
## Deprecated in favor of modifyTimeStamp
#attributetype ( 0.9.2342.19200300.100.1.23 NAME 'lastModifiedTime'
# DESC 'RFC1274: time of last modify, replaced by modifyTimestamp'
# OBSOLETE
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.53
# USAGE directoryOperation )
## Deprecated in favor of modifiersName
#attributetype ( 0.9.2342.19200300.100.1.24 NAME 'lastModifiedBy'
# DESC 'RFC1274: last modifier, replaced by modifiersName'
# OBSOLETE
# EQUALITY distinguishedNameMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
# USAGE directoryOperation )
##(in core.schema)
##attributetype ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domainComponent' )
## EQUALITY caseIgnoreIA5Match
## SUBSTR caseIgnoreIA5SubstringsMatch
## SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
## incorrect syntax?
attributetype ( 0.9.2342.19200300.100.1.26 NAME 'aRecord'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
## missing from RFC1274
## incorrect syntax?
attributetype ( 0.9.2342.19200300.100.1.27 NAME 'mDRecord'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
## incorrect syntax!!
attributetype ( 0.9.2342.19200300.100.1.28 NAME 'mXRecord'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
## incorrect syntax!!
attributetype ( 0.9.2342.19200300.100.1.29 NAME 'nSRecord'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
## incorrect syntax!!
attributetype ( 0.9.2342.19200300.100.1.30 NAME 'sOARecord'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
## incorrect syntax!!
attributetype ( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
#attributetype ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain'
# EQUALITY caseIgnoreIA5Match
# SUBSTR caseIgnoreIA5SubstringsMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 0.9.2342.19200300.100.1.38 NAME 'associatedName'
DESC 'RFC1274: DN of entry associated with domain'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress'
DESC 'RFC1274: home postal address'
EQUALITY caseIgnoreListMatch
SUBSTR caseIgnoreListSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
attributetype ( 0.9.2342.19200300.100.1.40 NAME 'personalTitle'
DESC 'RFC1274: personal title'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 0.9.2342.19200300.100.1.41
NAME ( 'mobile' 'mobileTelephoneNumber' )
DESC 'RFC1274: mobile telephone number'
EQUALITY telephoneNumberMatch
SUBSTR telephoneNumberSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
attributetype ( 0.9.2342.19200300.100.1.42
NAME ( 'pager' 'pagerTelephoneNumber' )
DESC 'RFC1274: pager telephone number'
EQUALITY telephoneNumberMatch
SUBSTR telephoneNumberSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
attributetype ( 0.9.2342.19200300.100.1.43
NAME ( 'co' 'friendlyCountryName' )
DESC 'RFC1274: friendly country name'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier'
DESC 'RFC1274: unique identifer'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus'
DESC 'RFC1274: organizational status'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox'
DESC 'RFC1274: Janet mailbox'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
attributetype ( 0.9.2342.19200300.100.1.47
NAME 'mailPreferenceOption'
DESC 'RFC1274: mail preference option'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
attributetype ( 0.9.2342.19200300.100.1.48 NAME 'buildingName'
DESC 'RFC1274: name of building'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 0.9.2342.19200300.100.1.49 NAME 'dSAQuality'
DESC 'RFC1274: DSA Quality'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.19 SINGLE-VALUE )
attributetype ( 0.9.2342.19200300.100.1.50 NAME 'singleLevelQuality'
DESC 'RFC1274: Single Level Quality'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE )
attributetype ( 0.9.2342.19200300.100.1.51 NAME 'subtreeMinimumQuality'
DESC 'RFC1274: Subtree Mininum Quality'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE )
attributetype ( 0.9.2342.19200300.100.1.52 NAME 'subtreeMaximumQuality'
DESC 'RFC1274: Subtree Maximun Quality'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE )
attributetype ( 0.9.2342.19200300.100.1.53 NAME 'personalSignature'
DESC 'RFC1274: Personal Signature (G3 fax)'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.23 )
attributetype ( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect'
DESC 'RFC1274: DIT Redirect'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 0.9.2342.19200300.100.1.55 NAME 'audio'
DESC 'RFC1274: audio (u-law)'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.4{25000} )
attributetype ( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher'
DESC 'RFC1274: publisher of document'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
#objectclass ( 0.9.2342.19200300.100.4.3 NAME 'pilotObject'
# DESC 'RFC1274: pilot object'
# SUP top AUXILIARY
# MAY ( info $ photo $ manager $ uniqueIdentifier $
# lastModifiedTime $ lastModifiedBy $ dITRedirect $ audio )
# )
objectclass ( 0.9.2342.19200300.100.4.4
NAME ( 'pilotPerson' 'newPilotPerson' )
SUP person STRUCTURAL
MAY ( userid $ textEncodedORAddress $ rfc822Mailbox $
favouriteDrink $ roomNumber $ userClass $
homeTelephoneNumber $ homePostalAddress $ secretary $
personalTitle $ preferredDeliveryMethod $ businessCategory $
janetMailbox $ otherMailbox $ mobileTelephoneNumber $
pagerTelephoneNumber $ organizationalStatus $
mailPreferenceOption $ personalSignature )
)
objectclass ( 0.9.2342.19200300.100.4.5 NAME 'account'
SUP top STRUCTURAL
MUST userid
MAY ( description $ seeAlso $ localityName $
organizationName $ organizationalUnitName $ host )
)
objectclass ( 0.9.2342.19200300.100.4.6 NAME 'document'
SUP top STRUCTURAL
MUST documentIdentifier
MAY ( commonName $ description $ seeAlso $ localityName $
organizationName $ organizationalUnitName $
documentTitle $ documentVersion $ documentAuthor $
documentLocation $ documentPublisher )
)
objectclass ( 0.9.2342.19200300.100.4.7 NAME 'room'
SUP top STRUCTURAL
MUST commonName
MAY ( roomNumber $ description $ seeAlso $ telephoneNumber )
)
objectclass ( 0.9.2342.19200300.100.4.9 NAME 'documentSeries'
SUP top STRUCTURAL
MUST commonName
MAY ( description $ seeAlso $ telephonenumber $
localityName $ organizationName $ organizationalUnitName )
)
objectclass ( 0.9.2342.19200300.100.4.13 NAME 'domain'
SUP top STRUCTURAL
MUST domainComponent
MAY ( associatedName $ organizationName $ description $
businessCategory $ seeAlso $ searchGuide $ userPassword $
localityName $ stateOrProvinceName $ streetAddress $
physicalDeliveryOfficeName $ postalAddress $ postalCode $
postOfficeBox $ streetAddress $
facsimileTelephoneNumber $ internationalISDNNumber $
telephoneNumber $ teletexTerminalIdentifier $ telexNumber $
preferredDeliveryMethod $ destinationIndicator $
registeredAddress $ x121Address )
)
objectclass ( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart'
SUP domain STRUCTURAL
MAY ( commonName $ surname $ description $ seeAlso $ telephoneNumber $
physicalDeliveryOfficeName $ postalAddress $ postalCode $
postOfficeBox $ streetAddress $
facsimileTelephoneNumber $ internationalISDNNumber $
telephoneNumber $ teletexTerminalIdentifier $
telexNumber $ preferredDeliveryMethod $ destinationIndicator $
registeredAddress $ x121Address )
)
objectclass ( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain'
SUP domain STRUCTURAL
MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $
SOARecord $ CNAMERecord )
)
objectclass ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject'
DESC 'RFC1274: an object related to an domain'
SUP top AUXILIARY
MUST associatedDomain )
objectclass ( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry'
SUP country STRUCTURAL
MUST friendlyCountryName )
## (in core.schema)
## objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
## SUP top AUXILIARY
## MUST userPassword )
objectclass ( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization'
SUP ( organization $ organizationalUnit ) STRUCTURAL
MAY buildingName )
objectclass ( 0.9.2342.19200300.100.4.21 NAME 'pilotDSA'
SUP dsa STRUCTURAL
MAY dSAQuality )
objectclass ( 0.9.2342.19200300.100.4.22 NAME 'qualityLabelledData'
SUP top AUXILIARY
MUST dsaQuality
MAY ( subtreeMinimumQuality $ subtreeMaximumQuality )
)

261
schema/duaconf.schema
Unescape Escape View File

@ -0,0 +1,261 @@
# $OpenLDAP: pkg/ldap/servers/slapd/schema/duaconf.schema,v 1.5.2.5 2010/04/13 20:23:48 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2010 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
# DUA schema from draft-joslin-config-schema (a work in progress)
# Contents of this file are subject to change (including deletion)
# without notice.
#
# Not recommended for production use!
# Use with extreme caution!
## Notes:
## - The matching rule for attributes followReferrals and dereferenceAliases
## has been changed to booleanMatch since their syntax is boolean
## - There was a typo in the name of the dereferenceAliases attributeType
## in the DUAConfigProfile objectClass definition
## - Credit goes to the original Authors
#
# Application Working Group M. Ansari
# INTERNET-DRAFT Sun Microsystems, Inc.
# Expires Febuary 2003 L. Howard
# PADL Software Pty. Ltd.
# B. Joslin [ed.]
# Hewlett-Packard Company
#
# September 15th, 2003
# Intended Category: Informational
#
#
# A Configuration Schema for LDAP Based
# Directory User Agents
# <draft-joslin-config-schema-07.txt>
#
#Status of this Memo
#
# This memo provides information for the Internet community. This
# memo does not specify an Internet standard of any kind. Distribu-
# tion of this memo is unlimited.
#
# This document is an Internet-Draft and is in full conformance with
# all provisions of Section 10 of RFC2026.
#
# This document is an Internet-Draft. Internet-Drafts are working
# documents of the Internet Engineering Task Force (IETF), its areas,
# and its working groups. Note that other groups may also distribute
# working documents as Internet-Drafts.
#
# Internet-Drafts are draft documents valid for a maximum of six
# months. Internet-Drafts may be updated, replaced, or made obsolete
# by other documents at any time. It is not appropriate to use
# Internet-Drafts as reference material or to cite them other than as
# a "working draft" or "work in progress".
#
# To learn the current status of any Internet-Draft, please check the
# 1id-abstracts.txt listing contained in the Internet-Drafts Shadow
# Directories on ds.internic.net (US East Coast), nic.nordu.net
# (Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific
# Rim).
#
# Distribution of this document is unlimited.
#
#
# Abstract
#
# This document describes a mechanism for global configuration of
# similar directory user agents. This document defines a schema for
# configuration of these DUAs that may be discovered using the Light-
# weight Directory Access Protocol in RFC 2251[17]. A set of attri-
# bute types and an objectclass are proposed, along with specific
# guidelines for interpreting them. A significant feature of the
# global configuration policy for DUAs is a mechanism that allows
# DUAs to re-configure their schema to that of the end user's
# environment. This configuration is achieved through attribute and
# objectclass mapping. This document is intended to be a skeleton
# for future documents that describe configuration of specific DUA
# services.
#
#
# [trimmed]
#
#
# 2. General Issues
#
# The schema defined by this document is defined under the "DUA Con-
# figuration Schema." This schema is derived from the OID: iso (1)
# org (3) dod (6) internet (1) private (4) enterprises (1) Hewlett-
# Packard Company (11) directory (1) LDAP-UX Integration Project (3)
# DUA Configuration Schema (1). This OID is represented in this
# document by the keystring "DUAConfSchemaOID"
# (1.3.6.1.4.1.11.1.3.1).
objectidentifier DUAConfSchemaOID 1.3.6.1.4.1.11.1.3.1
#
# 2.2 Attributes
#
# The attributes and classes defined in this document are summarized
# below.
#
# The following attributes are defined in this document:
#
# preferredServerList
# defaultServerList
# defaultSearchBase
# defaultSearchScope
# authenticationMethod
# credentialLevel
# serviceSearchDescriptor
#
#
#
# Joslin [Page 3]
# Internet-Draft DUA Configuration Schema October 2002
#
#
# serviceCredentialLevel
# serviceAuthenticationMethod
# attributeMap
# objectclassMap
# searchTimeLimit
# bindTimeLimit
# followReferrals
# dereferenceAliases
# profileTTL
#
# 2.3 Object Classes
#
# The following object class is defined in this document:
#
# DUAConfigProfile
#
#
attributeType ( DUAConfSchemaOID:1.0 NAME 'defaultServerList'
DESC 'Default LDAP server host address used by a DUA'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
attributeType ( DUAConfSchemaOID:1.1 NAME 'defaultSearchBase'
DESC 'Default LDAP base DN used by a DUA'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
SINGLE-VALUE )
attributeType ( DUAConfSchemaOID:1.2 NAME 'preferredServerList'
DESC 'Preferred LDAP server host addresses to be used by a
DUA'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
attributeType ( DUAConfSchemaOID:1.3 NAME 'searchTimeLimit'
DESC 'Maximum time in seconds a DUA should allow for a
search to complete'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributeType ( DUAConfSchemaOID:1.4 NAME 'bindTimeLimit'
DESC 'Maximum time in seconds a DUA should allow for the
bind operation to complete'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributeType ( DUAConfSchemaOID:1.5 NAME 'followReferrals'
DESC 'Tells DUA if it should follow referrals
returned by a DSA search result'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE )
attributeType ( DUAConfSchemaOID:1.16 NAME 'dereferenceAliases'
DESC 'Tells DUA if it should dereference aliases'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE )
attributeType ( DUAConfSchemaOID:1.6 NAME 'authenticationMethod'
DESC 'A keystring which identifies the type of
authentication method used to contact the DSA'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
attributeType ( DUAConfSchemaOID:1.7 NAME 'profileTTL'
DESC 'Time to live, in seconds, before a client DUA
should re-read this configuration profile'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributeType ( DUAConfSchemaOID:1.14 NAME 'serviceSearchDescriptor'
DESC 'LDAP search descriptor list used by a DUA'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributeType ( DUAConfSchemaOID:1.9 NAME 'attributeMap'
DESC 'Attribute mappings used by a DUA'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributeType ( DUAConfSchemaOID:1.10 NAME 'credentialLevel'
DESC 'Identifies type of credentials a DUA should
use when binding to the LDAP server'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
attributeType ( DUAConfSchemaOID:1.11 NAME 'objectclassMap'
DESC 'Objectclass mappings used by a DUA'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributeType ( DUAConfSchemaOID:1.12 NAME 'defaultSearchScope'
DESC 'Default search scope used by a DUA'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
attributeType ( DUAConfSchemaOID:1.13 NAME 'serviceCredentialLevel'
DESC 'Identifies type of credentials a DUA
should use when binding to the LDAP server for a
specific service'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributeType ( DUAConfSchemaOID:1.15 NAME 'serviceAuthenticationMethod'
DESC 'Authentication method used by a service of the DUA'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
#
# 4. Class Definition
#
# The objectclass below is constructed from the attributes defined in
# 3, with the exception of the cn attribute, which is defined in RFC
# 2256 [8]. cn is used to represent the name of the DUA configura-
# tion profile.
#
objectClass ( DUAConfSchemaOID:2.5 NAME 'DUAConfigProfile'
SUP top STRUCTURAL
DESC 'Abstraction of a base configuration for a DUA'
MUST ( cn )
MAY ( defaultServerList $ preferredServerList $
defaultSearchBase $ defaultSearchScope $
searchTimeLimit $ bindTimeLimit $
credentialLevel $ authenticationMethod $
followReferrals $ dereferenceAliases $
serviceSearchDescriptor $ serviceCredentialLevel $
serviceAuthenticationMethod $ objectclassMap $
attributeMap $ profileTTL ) )

91
schema/dyngroup.schema
Unescape Escape View File

@ -0,0 +1,91 @@
# dyngroup.schema -- Dynamic Group schema
# $OpenLDAP: pkg/ldap/servers/slapd/schema/dyngroup.schema,v 1.6.2.6 2010/04/13 20:23:48 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2010 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
#
# Dynamic Group schema (experimental), as defined by Netscape. See
# http://www.redhat.com/docs/manuals/ent-server/pdf/esadmin611.pdf
# page 70 for details on how these groups were used.
#
# A description of the objectclass definition is available here:
# http://www.redhat.com/docs/manuals/dir-server/schema/7.1/oc_dir.html#1303745
#
# depends upon:
# core.schema
#
# These definitions are considered experimental due to the lack of
# a formal specification (e.g., RFC).
#
# NOT RECOMMENDED FOR PRODUCTION USE! USE WITH CAUTION!
#
# The Netscape documentation describes this as an auxiliary objectclass
# but their implementations have always defined it as a structural class.
# The sloppiness here is because Netscape-derived servers don't actually
# implement the X.500 data model, and they don't honor the distinction
# between structural and auxiliary classes. This fact is noted here:
# http://forum.java.sun.com/thread.jspa?threadID=5016864&messageID=9034636
#
# In accordance with other existing implementations, we define it as a
# structural class.
#
# Our definition of memberURL also does not match theirs but again
# their published definition and what works in practice do not agree.
# In other words, the Netscape definitions are broken and interoperability
# is not guaranteed.
#
# Also see the new DynGroup proposed spec at
# http://tools.ietf.org/html/draft-haripriya-dynamicgroup-02
objectIdentifier NetscapeRoot 2.16.840.1.113730
objectIdentifier NetscapeLDAP NetscapeRoot:3
objectIdentifier NetscapeLDAPattributeType NetscapeLDAP:1
objectIdentifier NetscapeLDAPobjectClass NetscapeLDAP:2
objectIdentifier OpenLDAPExp11 1.3.6.1.4.1.4203.666.11
objectIdentifier DynGroupBase OpenLDAPExp11:8
objectIdentifier DynGroupAttr DynGroupBase:1
objectIdentifier DynGroupOC DynGroupBase:2
attributetype ( NetscapeLDAPattributeType:198
NAME 'memberURL'
DESC 'Identifies an URL associated with each member of a group. Any type of labeled URL can be used.'
SUP labeledURI )
attributetype ( DynGroupAttr:1
NAME 'dgIdentity'
DESC 'Identity to use when processing the memberURL'
SUP distinguishedName SINGLE-VALUE )
attributeType ( DynGroupAttr:2
NAME 'dgAuthz'
DESC 'Optional authorization rules that determine who is allowed to assume the dgIdentity'
EQUALITY authzMatch
SYNTAX 1.3.6.1.4.1.4203.666.2.7
X-ORDERED 'VALUES' )
objectClass ( NetscapeLDAPobjectClass:33
NAME 'groupOfURLs'
SUP top STRUCTURAL
MUST cn
MAY ( memberURL $ businessCategory $ description $ o $ ou $
owner $ seeAlso ) )
# The Haripriya dyngroup schema still needs a lot of work.
# We're just adding support for the dgIdentity attribute for now...
objectClass ( DynGroupOC:1
NAME 'dgIdentityAux'
SUP top AUXILIARY
MAY ( dgIdentity $ dgAuthz ) )

69
schema/inetorgperson.ldif
Unescape Escape View File

@ -0,0 +1,69 @@
# InetOrgPerson (RFC2798)
# $OpenLDAP: pkg/ldap/servers/slapd/schema/inetorgperson.ldif,v 1.1.2.5 2010/04/13 20:23:48 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2010 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
#
# InetOrgPerson (RFC2798)
#
# Depends upon
# Definition of an X.500 Attribute Type and an Object Class to Hold
# Uniform Resource Identifiers (URIs) [RFC2079]
# (core.ldif)
#
# A Summary of the X.500(96) User Schema for use with LDAPv3 [RFC2256]
# (core.ldif)
#
# The COSINE and Internet X.500 Schema [RFC1274] (cosine.ldif)
#
# This file was automatically generated from inetorgperson.schema; see
# that file for complete references.
#
dn: cn=inetorgperson,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: inetorgperson
olcAttributeTypes: ( 2.16.840.1.113730.3.1.1 NAME 'carLicense' DESC 'RFC279
8: vehicle license or registration plate' EQUALITY caseIgnoreMatch SUBSTR cas
eIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: ( 2.16.840.1.113730.3.1.2 NAME 'departmentNumber' DESC '
RFC2798: identifies a department within an organization' EQUALITY caseIgnoreM
atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: ( 2.16.840.1.113730.3.1.241 NAME 'displayName' DESC 'RFC
2798: preferred name to be used when displaying entries' EQUALITY caseIgnoreM
atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI
NGLE-VALUE )
olcAttributeTypes: ( 2.16.840.1.113730.3.1.3 NAME 'employeeNumber' DESC 'RF
C2798: numerically identifies an employee within an organization' EQUALITY ca
seIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12
1.1.15 SINGLE-VALUE )
olcAttributeTypes: ( 2.16.840.1.113730.3.1.4 NAME 'employeeType' DESC 'RFC2
798: type of employment for a person' EQUALITY caseIgnoreMatch SUBSTR caseIgn
oreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' DESC 'RFC2
798: a JPEG image' SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 )
olcAttributeTypes: ( 2.16.840.1.113730.3.1.39 NAME 'preferredLanguage' DESC
'RFC2798: preferred written or spoken language for a person' EQUALITY caseIg
noreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.
15 SINGLE-VALUE )
olcAttributeTypes: ( 2.16.840.1.113730.3.1.40 NAME 'userSMIMECertificate' D
ESC 'RFC2798: PKCS#7 SignedData used to support S/MIME' SYNTAX 1.3.6.1.4.1.14
66.115.121.1.5 )
olcAttributeTypes: ( 2.16.840.1.113730.3.1.216 NAME 'userPKCS12' DESC 'RFC2
798: personal identity information, a PKCS #12 PFX' SYNTAX 1.3.6.1.4.1.1466.1
15.121.1.5 )
olcObjectClasses: ( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson' DESC 'RFC2
798: Internet Organizational Person' SUP organizationalPerson STRUCTURAL MAY
( audio $ businessCategory $ carLicense $ departmentNumber $ displayName $ em
ployeeNumber $ employeeType $ givenName $ homePhone $ homePostalAddress $ ini
tials $ jpegPhoto $ labeledURI $ mail $ manager $ mobile $ o $ pager $ photo
$ roomNumber $ secretary $ uid $ userCertificate $ x500uniqueIdentifier $ pre
ferredLanguage $ userSMIMECertificate $ userPKCS12 ) )

155
schema/inetorgperson.schema
Unescape Escape View File

@ -0,0 +1,155 @@
# inetorgperson.schema -- InetOrgPerson (RFC2798)
# $OpenLDAP: pkg/ldap/servers/slapd/schema/inetorgperson.schema,v 1.18.2.5 2010/04/13 20:23:48 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2010 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
#
# InetOrgPerson (RFC2798)
#
# Depends upon
# Definition of an X.500 Attribute Type and an Object Class to Hold
# Uniform Resource Identifiers (URIs) [RFC2079]
# (core.schema)
#
# A Summary of the X.500(96) User Schema for use with LDAPv3 [RFC2256]
# (core.schema)
#
# The COSINE and Internet X.500 Schema [RFC1274] (cosine.schema)
# carLicense
# This multivalued field is used to record the values of the license or
# registration plate associated with an individual.
attributetype ( 2.16.840.1.113730.3.1.1
NAME 'carLicense'
DESC 'RFC2798: vehicle license or registration plate'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
# departmentNumber
# Code for department to which a person belongs. This can also be
# strictly numeric (e.g., 1234) or alphanumeric (e.g., ABC/123).
attributetype ( 2.16.840.1.113730.3.1.2
NAME 'departmentNumber'
DESC 'RFC2798: identifies a department within an organization'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
# displayName
# When displaying an entry, especially within a one-line summary list, it
# is useful to be able to identify a name to be used. Since other attri-
# bute types such as 'cn' are multivalued, an additional attribute type is
# needed. Display name is defined for this purpose.
attributetype ( 2.16.840.1.113730.3.1.241
NAME 'displayName'
DESC 'RFC2798: preferred name to be used when displaying entries'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
# employeeNumber
# Numeric or alphanumeric identifier assigned to a person, typically based
# on order of hire or association with an organization. Single valued.
attributetype ( 2.16.840.1.113730.3.1.3
NAME 'employeeNumber'
DESC 'RFC2798: numerically identifies an employee within an organization'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
# employeeType
# Used to identify the employer to employee relationship. Typical values
# used will be "Contractor", "Employee", "Intern", "Temp", "External", and
# "Unknown" but any value may be used.
attributetype ( 2.16.840.1.113730.3.1.4
NAME 'employeeType'
DESC 'RFC2798: type of employment for a person'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
# jpegPhoto
# Used to store one or more images of a person using the JPEG File
# Interchange Format [JFIF].
# Note that the jpegPhoto attribute type was defined for use in the
# Internet X.500 pilots but no referencable definition for it could be
# located.
attributetype ( 0.9.2342.19200300.100.1.60
NAME 'jpegPhoto'
DESC 'RFC2798: a JPEG image'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 )
# preferredLanguage
# Used to indicate an individual's preferred written or spoken
# language. This is useful for international correspondence or human-
# computer interaction. Values for this attribute type MUST conform to
# the definition of the Accept-Language header field defined in
# [RFC2068] with one exception: the sequence "Accept-Language" ":"
# should be omitted. This is a single valued attribute type.
attributetype ( 2.16.840.1.113730.3.1.39
NAME 'preferredLanguage'
DESC 'RFC2798: preferred written or spoken language for a person'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
# userSMIMECertificate
# A PKCS#7 [RFC2315] SignedData, where the content that is signed is
# ignored by consumers of userSMIMECertificate values. It is
# recommended that values have a `contentType' of data with an absent
# `content' field. Values of this attribute contain a person's entire
# certificate chain and an smimeCapabilities field [RFC2633] that at a
# minimum describes their SMIME algorithm capabilities. Values for
# this attribute are to be stored and requested in binary form, as
# 'userSMIMECertificate;binary'. If available, this attribute is
# preferred over the userCertificate attribute for S/MIME applications.
## OpenLDAP note: ";binary" transfer should NOT be used as syntax is binary
attributetype ( 2.16.840.1.113730.3.1.40
NAME 'userSMIMECertificate'
DESC 'RFC2798: PKCS#7 SignedData used to support S/MIME'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
# userPKCS12
# PKCS #12 [PKCS12] provides a format for exchange of personal identity
# information. When such information is stored in a directory service,
# the userPKCS12 attribute should be used. This attribute is to be stored
# and requested in binary form, as 'userPKCS12;binary'. The attribute
# values are PFX PDUs stored as binary data.
## OpenLDAP note: ";binary" transfer should NOT be used as syntax is binary
attributetype ( 2.16.840.1.113730.3.1.216
NAME 'userPKCS12'
DESC 'RFC2798: personal identity information, a PKCS #12 PFX'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
# inetOrgPerson
# The inetOrgPerson represents people who are associated with an
# organization in some way. It is a structural class and is derived
# from the organizationalPerson which is defined in X.521 [X521].
objectclass ( 2.16.840.1.113730.3.2.2
NAME 'inetOrgPerson'
DESC 'RFC2798: Internet Organizational Person'
SUP organizationalPerson
STRUCTURAL
MAY (
audio $ businessCategory $ carLicense $ departmentNumber $
displayName $ employeeNumber $ employeeType $ givenName $
homePhone $ homePostalAddress $ initials $ jpegPhoto $
labeledURI $ mail $ manager $ mobile $ o $ pager $
photo $ roomNumber $ secretary $ uid $ userCertificate $
x500uniqueIdentifier $ preferredLanguage $
userSMIMECertificate $ userPKCS12 )
)

109
schema/java.schema
Unescape Escape View File

@ -0,0 +1,109 @@
# java.schema -- Java Object Schema
# $OpenLDAP: pkg/ldap/servers/slapd/schema/java.schema,v 1.5.2.3 2007/01/02 21:44:09 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
#
# Java Object Schema (defined in RFC 2713)
# depends upon core.schema
#
# The version of this file as distributed by the OpenLDAP Foundation
# contains text from an IETF RFC explaining the schema. Unfortunately,
# that text is covered by a license that doesn't meet Debian's Free
# Software Guidelines. This is a stripped version of the schema that
# contains only the functional schema definition, not the text of the
# RFC.
#
# For an explanation of this schema, see RFC 2713, at (among other
# places): http://www.ietf.org/rfc/rfc2713.txt
attributetype ( 1.3.6.1.4.1.42.2.27.4.1.6
NAME 'javaClassName'
DESC 'Fully qualified name of distinguished Java class or interface'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.42.2.27.4.1.7
NAME 'javaCodebase'
DESC 'URL(s) specifying the location of class definition'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.42.2.27.4.1.13
NAME 'javaClassNames'
DESC 'Fully qualified Java class or interface name'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.42.2.27.4.1.8
NAME 'javaSerializedData'
DESC 'Serialized form of a Java object'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.42.2.27.4.1.10
NAME 'javaFactory'
DESC 'Fully qualified Java class name of a JNDI object factory'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.42.2.27.4.1.11
NAME 'javaReferenceAddress'
DESC 'Addresses associated with a JNDI Reference'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.42.2.27.4.1.12
NAME 'javaDoc'
DESC 'The Java documentation for the class'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
objectclass ( 1.3.6.1.4.1.42.2.27.4.2.1
NAME 'javaContainer'
DESC 'Container for a Java object'
SUP top
STRUCTURAL
MUST cn )
objectclass ( 1.3.6.1.4.1.42.2.27.4.2.4
NAME 'javaObject'
DESC 'Java object representation'
SUP top
ABSTRACT
MUST javaClassName
MAY ( javaClassNames $ javaCodebase $
javaDoc $ description ) )
objectclass ( 1.3.6.1.4.1.42.2.27.4.2.5
NAME 'javaSerializedObject'
DESC 'Java serialized object'
SUP javaObject
AUXILIARY
MUST javaSerializedData )
objectclass ( 1.3.6.1.4.1.42.2.27.4.2.8
NAME 'javaMarshalledObject'
DESC 'Java marshalled object'
SUP javaObject
AUXILIARY
MUST javaSerializedData )
objectclass ( 1.3.6.1.4.1.42.2.27.4.2.7
NAME 'javaNamingReference'
DESC 'JNDI reference'
SUP javaObject
AUXILIARY
MAY ( javaReferenceAddress $ javaFactory ) )

75
schema/misc.schema
Unescape Escape View File

@ -0,0 +1,75 @@
# misc.schema -- assorted schema definitions
# $OpenLDAP: pkg/ldap/servers/slapd/schema/misc.schema,v 1.30.2.5 2010/04/13 20:23:48 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2010 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
#
# Assorted definitions from several sources, including
# ''works in progress''. Contents of this file are
# subject to change (including deletion) without notice.
#
# Not recommended for production use!
# Use with extreme caution!
#-----------------------------------------------------------
# draft-lachman-laser-ldap-mail-routing-02.txt !!!EXPIRED!!!
# (a work in progress)
#
attributetype ( 2.16.840.1.113730.3.1.13
NAME 'mailLocalAddress'
DESC 'RFC822 email address of this recipient'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
attributetype ( 2.16.840.1.113730.3.1.18
NAME 'mailHost'
DESC 'FQDN of the SMTP/MTA of this recipient'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
SINGLE-VALUE )
attributetype ( 2.16.840.1.113730.3.1.47
NAME 'mailRoutingAddress'
DESC 'RFC822 routing address of this recipient'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
SINGLE-VALUE )
# I-D leaves this OID TBD.
# iPlanet uses 2.16.840.1.113.730.3.2.147 but that is an
# improperly delegated OID. A typo is likely.
objectclass ( 2.16.840.1.113730.3.2.147
NAME 'inetLocalMailRecipient'
DESC 'Internet local mail recipient'
SUP top AUXILIARY
MAY ( mailLocalAddress $ mailHost $ mailRoutingAddress ) )
#-----------------------------------------------------------
# draft-srivastava-ldap-mail-00.txt !!!EXPIRED!!!
# (a work in progress)
#
attributetype ( 1.3.6.1.4.1.42.2.27.2.1.15
NAME 'rfc822MailMember'
DESC 'rfc822 mail address of group member(s)'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
#-----------------------------------------------------------
# !!!no I-D!!!
# (a work in progress)
#
objectclass ( 1.3.6.1.4.1.42.2.27.1.2.5
NAME 'nisMailAlias'
DESC 'NIS mail alias'
SUP top STRUCTURAL
MUST cn
MAY rfc822MailMember )

120
schema/nis.ldif
Unescape Escape View File

@ -0,0 +1,120 @@
# NIS (RFC2307)
# $OpenLDAP: pkg/ldap/servers/slapd/schema/nis.ldif,v 1.1.2.5 2010/04/13 20:23:48 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2010 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
#
# Definitions from RFC2307 (Experimental)
# An Approach for Using LDAP as a Network Information Service
#
# Depends upon core.ldif and cosine.ldif
#
# This file was automatically generated from nis.schema; see that file
# for complete references.
#
dn: cn=nis,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: nis
olcAttributeTypes: ( 1.3.6.1.1.1.1.2 NAME 'gecos' DESC 'The GECOS field; th
e common name' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatc
h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory' DESC 'The absolut
e path to the home directory' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1
466.115.121.1.26 SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.1.1.1.4 NAME 'loginShell' DESC 'The path to th
e login shell' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.2
6 SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' EQUALITY integ
erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.1.1.1.6 NAME 'shadowMin' EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.1.1.1.7 NAME 'shadowMax' EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning' EQUALITY integerM
atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive' EQUALITY integer
Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire' EQUALITY integerM
atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag' EQUALITY integerMat
ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.1.1.1.12 NAME 'memberUid' EQUALITY caseExactI
A5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.
26 )
olcAttributeTypes: ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup' EQUALITY ca
seExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.11
5.121.1.26 )
olcAttributeTypes: ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' DESC 'Netgr
oup triple' SYNTAX 1.3.6.1.1.1.0.0 )
olcAttributeTypes: ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort' EQUALITY intege
rMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol' SUP name )
olcAttributeTypes: ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber' EQUALITY int
egerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber' EQUALITY integer
Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber' DESC 'IP address
' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
olcAttributeTypes: ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber' DESC 'IP netw
ork' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SI
NGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber' DESC 'IP netm
ask' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SI
NGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.1.1.1.22 NAME 'macAddress' DESC 'MAC address'
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
olcAttributeTypes: ( 1.3.6.1.1.1.1.23 NAME 'bootParameter' DESC 'rpc.bootp
aramd parameter' SYNTAX 1.3.6.1.1.1.0.1 )
olcAttributeTypes: ( 1.3.6.1.1.1.1.24 NAME 'bootFile' DESC 'Boot image nam
e' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: ( 1.3.6.1.1.1.1.26 NAME 'nisMapName' SUP name )
olcAttributeTypes: ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry' EQUALITY caseExac
tIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.
1.26{1024} SINGLE-VALUE )
olcObjectClasses: ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' DESC 'Abstraction o
f an account with POSIX attributes' SUP top AUXILIARY MUST ( cn $ uid $ uidNu
mber $ gidNumber $ homeDirectory ) MAY ( userPassword $ loginShell $ gecos $
description ) )
olcObjectClasses: ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' DESC 'Additional a
ttributes for shadow passwords' SUP top AUXILIARY MUST uid MAY ( userPassword
$ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive
$ shadowExpire $ shadowFlag $ description ) )
olcObjectClasses: ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' DESC 'Abstraction of
a group of accounts' SUP top STRUCTURAL MUST ( cn $ gidNumber ) MAY ( userPas
sword $ memberUid $ description ) )
olcObjectClasses: ( 1.3.6.1.1.1.2.3 NAME 'ipService' DESC 'Abstraction an I
nternet Protocol service' SUP top STRUCTURAL MUST ( cn $ ipServicePort $ ipSe
rviceProtocol ) MAY description )
olcObjectClasses: ( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' DESC 'Abstraction of
an IP protocol' SUP top STRUCTURAL MUST ( cn $ ipProtocolNumber $ description
) MAY description )
olcObjectClasses: ( 1.3.6.1.1.1.2.5 NAME 'oncRpc' DESC 'Abstraction of an O
NC/RPC binding' SUP top STRUCTURAL MUST ( cn $ oncRpcNumber $ description ) M
AY description )
olcObjectClasses: ( 1.3.6.1.1.1.2.6 NAME 'ipHost' DESC 'Abstraction of a ho
st, an IP device' SUP top AUXILIARY MUST ( cn $ ipHostNumber ) MAY ( l $ desc
ription $ manager ) )
olcObjectClasses: ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' DESC 'Abstraction of a
n IP network' SUP top STRUCTURAL MUST ( cn $ ipNetworkNumber ) MAY ( ipNetmas
kNumber $ l $ description $ manager ) )
olcObjectClasses: ( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' DESC 'Abstraction of
a netgroup' SUP top STRUCTURAL MUST cn MAY ( nisNetgroupTriple $ memberNisNe
tgroup $ description ) )
olcObjectClasses: ( 1.3.6.1.1.1.2.9 NAME 'nisMap' DESC 'A generic abstracti
on of a NIS map' SUP top STRUCTURAL MUST nisMapName MAY description )
olcObjectClasses: ( 1.3.6.1.1.1.2.10 NAME 'nisObject' DESC 'An entry in a
NIS map' SUP top STRUCTURAL MUST ( cn $ nisMapEntry $ nisMapName ) MAY descri
ption )
olcObjectClasses: ( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' DESC 'A device w
ith a MAC address' SUP top AUXILIARY MAY macAddress )
olcObjectClasses: ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' DESC 'A device
with boot parameters' SUP top AUXILIARY MAY ( bootFile $ bootParameter ) )

237
schema/nis.schema
Unescape Escape View File

@ -0,0 +1,237 @@
# $OpenLDAP: pkg/ldap/servers/slapd/schema/nis.schema,v 1.15.2.5 2010/04/13 20:23:48 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2010 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
# Definitions from RFC2307 (Experimental)
# An Approach for Using LDAP as a Network Information Service
# Depends upon core.schema and cosine.schema
# Note: The definitions in RFC2307 are given in syntaxes closely related
# to those in RFC2252, however, some liberties are taken that are not
# supported by RFC2252. This file has been written following RFC2252
# strictly.
# OID Base is iso(1) org(3) dod(6) internet(1) directory(1) nisSchema(1).
# i.e. nisSchema in RFC2307 is 1.3.6.1.1.1
#
# Syntaxes are under 1.3.6.1.1.1.0 (two new syntaxes are defined)
# validaters for these syntaxes are incomplete, they only
# implement printable string validation (which is good as the
# common use of these syntaxes violates the specification).
# Attribute types are under 1.3.6.1.1.1.1
# Object classes are under 1.3.6.1.1.1.2
# Attribute Type Definitions
# builtin
#attributetype ( 1.3.6.1.1.1.1.0 NAME 'uidNumber'
# DESC 'An integer uniquely identifying a user in an administrative domain'
# EQUALITY integerMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
# builtin
#attributetype ( 1.3.6.1.1.1.1.1 NAME 'gidNumber'
# DESC 'An integer uniquely identifying a group in an administrative domain'
# EQUALITY integerMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.2 NAME 'gecos'
DESC 'The GECOS field; the common name'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory'
DESC 'The absolute path to the home directory'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.4 NAME 'loginShell'
DESC 'The path to the login shell'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.6 NAME 'shadowMin'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.7 NAME 'shadowMax'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.12 NAME 'memberUid'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple'
DESC 'Netgroup triple'
SYNTAX 1.3.6.1.1.1.0.0 )
attributetype ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol'
SUP name )
attributetype ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber'
DESC 'IP address'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
attributetype ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber'
DESC 'IP network'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber'
DESC 'IP netmask'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.22 NAME 'macAddress'
DESC 'MAC address'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
attributetype ( 1.3.6.1.1.1.1.23 NAME 'bootParameter'
DESC 'rpc.bootparamd parameter'
SYNTAX 1.3.6.1.1.1.0.1 )
attributetype ( 1.3.6.1.1.1.1.24 NAME 'bootFile'
DESC 'Boot image name'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.1.1.1.26 NAME 'nisMapName'
SUP name )
attributetype ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1024} SINGLE-VALUE )
# Object Class Definitions
objectclass ( 1.3.6.1.1.1.2.0 NAME 'posixAccount'
DESC 'Abstraction of an account with POSIX attributes'
SUP top AUXILIARY
MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory )
MAY ( userPassword $ loginShell $ gecos $ description ) )
objectclass ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount'
DESC 'Additional attributes for shadow passwords'
SUP top AUXILIARY
MUST uid
MAY ( userPassword $ shadowLastChange $ shadowMin $
shadowMax $ shadowWarning $ shadowInactive $
shadowExpire $ shadowFlag $ description ) )
objectclass ( 1.3.6.1.1.1.2.2 NAME 'posixGroup'
DESC 'Abstraction of a group of accounts'
SUP top STRUCTURAL
MUST ( cn $ gidNumber )
MAY ( userPassword $ memberUid $ description ) )
objectclass ( 1.3.6.1.1.1.2.3 NAME 'ipService'
DESC 'Abstraction an Internet Protocol service'
SUP top STRUCTURAL
MUST ( cn $ ipServicePort $ ipServiceProtocol )
MAY ( description ) )
objectclass ( 1.3.6.1.1.1.2.4 NAME 'ipProtocol'
DESC 'Abstraction of an IP protocol'
SUP top STRUCTURAL
MUST ( cn $ ipProtocolNumber $ description )
MAY description )
objectclass ( 1.3.6.1.1.1.2.5 NAME 'oncRpc'
DESC 'Abstraction of an ONC/RPC binding'
SUP top STRUCTURAL
MUST ( cn $ oncRpcNumber $ description )
MAY description )
objectclass ( 1.3.6.1.1.1.2.6 NAME 'ipHost'
DESC 'Abstraction of a host, an IP device'
SUP top AUXILIARY
MUST ( cn $ ipHostNumber )
MAY ( l $ description $ manager ) )
objectclass ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork'
DESC 'Abstraction of an IP network'
SUP top STRUCTURAL
MUST ( cn $ ipNetworkNumber )
MAY ( ipNetmaskNumber $ l $ description $ manager ) )
objectclass ( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup'
DESC 'Abstraction of a netgroup'
SUP top STRUCTURAL
MUST cn
MAY ( nisNetgroupTriple $ memberNisNetgroup $ description ) )
objectclass ( 1.3.6.1.1.1.2.9 NAME 'nisMap'
DESC 'A generic abstraction of a NIS map'
SUP top STRUCTURAL
MUST nisMapName
MAY description )
objectclass ( 1.3.6.1.1.1.2.10 NAME 'nisObject'
DESC 'An entry in a NIS map'
SUP top STRUCTURAL
MUST ( cn $ nisMapEntry $ nisMapName )
MAY description )
objectclass ( 1.3.6.1.1.1.2.11 NAME 'ieee802Device'
DESC 'A device with a MAC address'
SUP top AUXILIARY
MAY macAddress )
objectclass ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice'
DESC 'A device with boot parameters'
SUP top AUXILIARY
MAY ( bootFile $ bootParameter ) )

88
schema/openldap.ldif
Unescape Escape View File

@ -0,0 +1,88 @@
# $OpenLDAP: pkg/ldap/servers/slapd/schema/openldap.ldif,v 1.2.2.6 2010/04/13 20:23:49 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2010 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
#
#
# OpenLDAP Project's directory schema items
#
# depends upon:
# core.schema
# cosine.schema
# inetorgperson.schema
#
# These are provided for informational purposes only.
#
# This openldap.ldif file is provided as a demonstration of how to
# convert a *.schema file into *.ldif format. The key points:
# In LDIF, a blank line terminates an entry. Blank lines in a *.schema
# file should be replaced with a single '#' to turn them into
# comments, or they should just be removed.
# In addition to the actual schema directives, the file needs a small
# header to make it a valid LDAP entry. This header must provide the
# dn of the entry, the objectClass, and the cn, as shown here:
#
dn: cn=openldap,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: openldap
#
# The schema directives need to be changed to LDAP Attributes.
# First a basic string substitution can be done on each of the keywords:
# objectIdentifier -> olcObjectIdentifier:
# objectClass -> olcObjectClasses:
# attributeType -> olcAttributeTypes:
# Then leading whitespace must be fixed. The slapd.conf format allows
# tabs or spaces to denote line continuation, while LDIF only allows
# the space character.
# Also slapd.conf preserves the continuation character, while LDIF strips
# it out. So a single TAB/SPACE in slapd.conf must be replaced with
# two SPACEs in LDIF, otherwise the continued text may get joined as
# a single word.
# The directives must be listed in a proper sequence:
# All olcObjectIdentifiers must be first, so they may be referenced by
# any following definitions.
# All olcAttributeTypes must be next, so they may be referenced by any
# following objectClass definitions.
# All olcObjectClasses must be after the olcAttributeTypes.
# And of course, any superior must occur before anything that inherits
# from it.
#
olcObjectIdentifier: OpenLDAProot 1.3.6.1.4.1.4203
#
olcObjectIdentifier: OpenLDAP OpenLDAProot:1
olcObjectIdentifier: OpenLDAPattributeType OpenLDAP:3
olcObjectIdentifier: OpenLDAPobjectClass OpenLDAP:4
#
olcObjectClasses: ( OpenLDAPobjectClass:3
NAME 'OpenLDAPorg'
DESC 'OpenLDAP Organizational Object'
SUP organization
MAY ( buildingName $ displayName $ labeledURI ) )
#
olcObjectClasses: ( OpenLDAPobjectClass:4
NAME 'OpenLDAPou'
DESC 'OpenLDAP Organizational Unit Object'
SUP organizationalUnit
MAY ( buildingName $ displayName $ labeledURI $ o ) )
#
olcObjectClasses: ( OpenLDAPobjectClass:5
NAME 'OpenLDAPperson'
DESC 'OpenLDAP Person'
SUP ( pilotPerson $ inetOrgPerson )
MUST ( uid $ cn )
MAY ( givenName $ labeledURI $ o ) )
#
olcObjectClasses: ( OpenLDAPobjectClass:6
NAME 'OpenLDAPdisplayableObject'
DESC 'OpenLDAP Displayable Object'
AUXILIARY
MAY displayName )

54
schema/openldap.schema
Unescape Escape View File

@ -0,0 +1,54 @@
# $OpenLDAP: pkg/ldap/servers/slapd/schema/openldap.schema,v 1.24.2.6 2010/04/13 20:23:49 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2010 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
#
# OpenLDAP Project's directory schema items
#
# depends upon:
# core.schema
# cosine.schema
# inetorgperson.schema
#
# These are provided for informational purposes only.
objectIdentifier OpenLDAProot 1.3.6.1.4.1.4203
objectIdentifier OpenLDAP OpenLDAProot:1
objectIdentifier OpenLDAPattributeType OpenLDAP:3
objectIdentifier OpenLDAPobjectClass OpenLDAP:4
objectClass ( OpenLDAPobjectClass:3
NAME 'OpenLDAPorg'
DESC 'OpenLDAP Organizational Object'
SUP organization
MAY ( buildingName $ displayName $ labeledURI ) )
objectClass ( OpenLDAPobjectClass:4
NAME 'OpenLDAPou'
DESC 'OpenLDAP Organizational Unit Object'
SUP organizationalUnit
MAY ( buildingName $ displayName $ labeledURI $ o ) )
objectClass ( OpenLDAPobjectClass:5
NAME 'OpenLDAPperson'
DESC 'OpenLDAP Person'
SUP ( pilotPerson $ inetOrgPerson )
MUST ( uid $ cn )
MAY ( givenName $ labeledURI $ o ) )
objectClass ( OpenLDAPobjectClass:6
NAME 'OpenLDAPdisplayableObject'
DESC 'OpenLDAP Displayable Object'
AUXILIARY
MAY displayName )

142
schema/pgp-keyserver.schema
Unescape Escape View File

@ -0,0 +1,142 @@
###############################################################################
#
# PGP Keyserver schema for OpenLDAP
# Copyright 2001, 2002, 2003 PGP Corporation
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
#
# Redistributions of source code must retain the above copyright notice, this
# list of conditions and the following disclaimer.
#
# Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
#
# Neither the name of PGP Corporation nor its trademarks nor the names of its
# contributors may be used to endorse or promote products containing this
# software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY, TITLE, NONINFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
#
# IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY
# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
###############################################################################
attributeType ( 1.3.6.1.4.1.3401.8.2.8 NAME 'pgpBaseKeySpaceDN'
DESC 'Points to DN of the object that will store the PGP keys.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
SINGLE-VALUE
X-ORIGIN 'Pretty Good Privacy (PGP)' )
attributeType ( 1.3.6.1.4.1.3401.8.2.9 NAME 'pgpSoftware'
DESC 'pgpSoftware attribute for PGP'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
X-ORIGIN 'Pretty Good Privacy (PGP)' )
attributeType ( 1.3.6.1.4.1.3401.8.2.10 NAME 'pgpVersion'
DESC 'pgpVersion attribute for PGP'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
X-ORIGIN 'Pretty Good Privacy (PGP)' )
attributeType ( 1.3.6.1.4.1.3401.8.2.11 NAME 'pgpKey'
DESC 'pgpKey attribute for PGP'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
X-ORIGIN 'Pretty Good Privacy (PGP)' )
attributeType ( 1.3.6.1.4.1.3401.8.2.12 NAME 'pgpCertID'
DESC 'pgpCertID attribute for PGP'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
X-ORIGIN 'Pretty Good Privacy (PGP)' )
attributeType ( 1.3.6.1.4.1.3401.8.2.13 NAME 'pgpDisabled'
DESC 'pgpDisabled attribute for PGP'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
X-ORIGIN 'Pretty Good Privacy (PGP)' )
attributeType ( 1.3.6.1.4.1.3401.8.2.14 NAME 'pgpKeyID'
DESC 'pgpKeyID attribute for PGP'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
X-ORIGIN 'Pretty Good Privacy (PGP)' )
attributeType ( 1.3.6.1.4.1.3401.8.2.15 NAME 'pgpKeyType'
DESC 'pgpKeyType attribute for PGP'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
X-ORIGIN 'Pretty Good Privacy (PGP)' )
attributeType ( 1.3.6.1.4.1.3401.8.2.16 NAME 'pgpUserID'
DESC 'User ID(s) associated with the PGP key.'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
X-ORIGIN 'Pretty Good Privacy (PGP)' )
attributeType ( 1.3.6.1.4.1.3401.8.2.17 NAME 'pgpKeyCreateTime'
DESC 'pgpKeyCreateTime attribute for PGP'
EQUALITY caseIgnoreMatch
ORDERING caseIgnoreOrderingMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
X-ORIGIN 'Pretty Good Privacy (PGP)' )
attributeType ( 1.3.6.1.4.1.3401.8.2.18 NAME 'pgpSignerID'
DESC 'pgpSignerID attribute for PGP'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
X-ORIGIN 'Pretty Good Privacy (PGP)' )
attributeType ( 1.3.6.1.4.1.3401.8.2.19 NAME 'pgpRevoked'
DESC 'pgpRevoked attribute for PGP'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
X-ORIGIN 'Pretty Good Privacy (PGP)' )
attributeType ( 1.3.6.1.4.1.3401.8.2.20 NAME 'pgpSubKeyID'
DESC 'Sub-key ID(s) of the PGP key.'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SUBSTR caseIgnoreSubstringsMatch
X-ORIGIN 'Pretty Good Privacy (PGP)' )
attributeType ( 1.3.6.1.4.1.3401.8.2.21 NAME 'pgpKeySize'
DESC 'pgpKeySize attribute for PGP'
EQUALITY caseIgnoreMatch
ORDERING caseIgnoreOrderingMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
X-ORIGIN 'Pretty Good Privacy (PGP)' )
attributeType ( 1.3.6.1.4.1.3401.8.2.22 NAME 'pgpKeyExpireTime'
DESC 'pgpKeyExpireTime attribute for PGP'
EQUALITY caseIgnoreMatch
ORDERING caseIgnoreOrderingMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
X-ORIGIN 'Pretty Good Privacy (PGP)' )
objectClass ( 1.3.6.1.4.1.3401.8.2.23 NAME 'pgpServerInfo'
DESC 'PGP defined objectclass to maintain information about PGP key space store'
SUP top
MUST ( cn $ pgpBaseKeySpaceDN )
MAY ( pgpSoftware $ pgpVersion )
X-ORIGIN 'Pretty Good Privacy (PGP)' )
objectClass ( 1.3.6.1.4.1.3401.8.2.24 NAME 'pgpKeyInfo'
DESC 'PGP defined objectclass to maintain information about a PGP key'
SUP top
MUST ( pgpCertID $ pgpKey )
MAY ( pgpDisabled $ pgpKeyID $ pgpKeyType $ pgpUserID $ pgpKeyCreateTime $ pgpSignerID $ pgpRevoked $ pgpSubKeyID $ pgpKeySize $ pgpKeyExpireTime )
X-ORIGIN 'Pretty Good Privacy (PGP)' )

464
schema/pmi.schema
Unescape Escape View File

@ -0,0 +1,464 @@
# OpenLDAP X.509 PMI schema
# $OpenLDAP: pkg/ldap/servers/slapd/schema/pmi.schema,v 1.1.2.3 2010/04/13 20:23:49 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2010 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
#
## Portions Copyright (C) The Internet Society (1997-2006).
## All Rights Reserved.
##
## This document and translations of it may be copied and furnished to
## others, and derivative works that comment on or otherwise explain it
## or assist in its implementation may be prepared, copied, published
## and distributed, in whole or in part, without restriction of any
## kind, provided that the above copyright notice and this paragraph are
## included on all such copies and derivative works. However, this
## document itself may not be modified in any way, such as by removing
## the copyright notice or references to the Internet Society or other
## Internet organizations, except as needed for the purpose of
## developing Internet standards in which case the procedures for
## copyrights defined in the Internet Standards process must be
## followed, or as required to translate it into languages other than
## English.
##
## The limited permissions granted above are perpetual and will not be
## revoked by the Internet Society or its successors or assigns.
##
## This document and the information contained herein is provided on an
## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
#
#
# Includes LDAPv3 schema items from:
# ITU X.509 (08/2005)
#
## X.509 (08/2005) pp. 120-121
##
## -- object identifier assignments --
## -- object classes --
## id-oc-pmiUser OBJECT IDENTIFIER ::= {id-oc 24}
## id-oc-pmiAA OBJECT IDENTIFIER ::= {id-oc 25}
## id-oc-pmiSOA OBJECT IDENTIFIER ::= {id-oc 26}
## id-oc-attCertCRLDistributionPts OBJECT IDENTIFIER ::= {id-oc 27}
## id-oc-privilegePolicy OBJECT IDENTIFIER ::= {id-oc 32}
## id-oc-pmiDelegationPath OBJECT IDENTIFIER ::= {id-oc 33}
## id-oc-protectedPrivilegePolicy OBJECT IDENTIFIER ::= {id-oc 34}
## -- directory attributes --
## id-at-attributeCertificate OBJECT IDENTIFIER ::= {id-at 58}
## id-at-attributeCertificateRevocationList OBJECT IDENTIFIER ::= {id-at 59}
## id-at-aACertificate OBJECT IDENTIFIER ::= {id-at 61}
## id-at-attributeDescriptorCertificate OBJECT IDENTIFIER ::= {id-at 62}
## id-at-attributeAuthorityRevocationList OBJECT IDENTIFIER ::= {id-at 63}
## id-at-privPolicy OBJECT IDENTIFIER ::= {id-at 71}
## id-at-role OBJECT IDENTIFIER ::= {id-at 72}
## id-at-delegationPath OBJECT IDENTIFIER ::= {id-at 73}
## id-at-protPrivPolicy OBJECT IDENTIFIER ::= {id-at 74}
## id-at-xMLPrivilegeInfo OBJECT IDENTIFIER ::= {id-at 75}
## id-at-xMLPprotPrivPolicy OBJECT IDENTIFIER ::= {id-at 76}
## -- attribute certificate extensions --
## id-ce-authorityAttributeIdentifier OBJECT IDENTIFIER ::= {id-ce 38}
## id-ce-roleSpecCertIdentifier OBJECT IDENTIFIER ::= {id-ce 39}
## id-ce-basicAttConstraints OBJECT IDENTIFIER ::= {id-ce 41}
## id-ce-delegatedNameConstraints OBJECT IDENTIFIER ::= {id-ce 42}
## id-ce-timeSpecification OBJECT IDENTIFIER ::= {id-ce 43}
## id-ce-attributeDescriptor OBJECT IDENTIFIER ::= {id-ce 48}
## id-ce-userNotice OBJECT IDENTIFIER ::= {id-ce 49}
## id-ce-sOAIdentifier OBJECT IDENTIFIER ::= {id-ce 50}
## id-ce-acceptableCertPolicies OBJECT IDENTIFIER ::= {id-ce 52}
## id-ce-targetInformation OBJECT IDENTIFIER ::= {id-ce 55}
## id-ce-noRevAvail OBJECT IDENTIFIER ::= {id-ce 56}
## id-ce-acceptablePrivilegePolicies OBJECT IDENTIFIER ::= {id-ce 57}
## id-ce-indirectIssuer OBJECT IDENTIFIER ::= {id-ce 61}
## id-ce-noAssertion OBJECT IDENTIFIER ::= {id-ce 62}
## id-ce-issuedOnBehalfOf OBJECT IDENTIFIER ::= {id-ce 64}
## -- PMI matching rules --
## id-mr-attributeCertificateMatch OBJECT IDENTIFIER ::= {id-mr 42}
## id-mr-attributeCertificateExactMatch OBJECT IDENTIFIER ::= {id-mr 45}
## id-mr-holderIssuerMatch OBJECT IDENTIFIER ::= {id-mr 46}
## id-mr-authAttIdMatch OBJECT IDENTIFIER ::= {id-mr 53}
## id-mr-roleSpecCertIdMatch OBJECT IDENTIFIER ::= {id-mr 54}
## id-mr-basicAttConstraintsMatch OBJECT IDENTIFIER ::= {id-mr 55}
## id-mr-delegatedNameConstraintsMatch OBJECT IDENTIFIER ::= {id-mr 56}
## id-mr-timeSpecMatch OBJECT IDENTIFIER ::= {id-mr 57}
## id-mr-attDescriptorMatch OBJECT IDENTIFIER ::= {id-mr 58}
## id-mr-acceptableCertPoliciesMatch OBJECT IDENTIFIER ::= {id-mr 59}
## id-mr-delegationPathMatch OBJECT IDENTIFIER ::= {id-mr 61}
## id-mr-sOAIdentifierMatch OBJECT IDENTIFIER ::= {id-mr 66}
## id-mr-indirectIssuerMatch OBJECT IDENTIFIER ::= {id-mr 67}
##
##
## X.509 (08/2005) pp. 71, 86-89
##
## 14.4.1 Role attribute
## role ATTRIBUTE ::= {
## WITH SYNTAX RoleSyntax
## ID id-at-role }
## RoleSyntax ::= SEQUENCE {
## roleAuthority [0] GeneralNames OPTIONAL,
## roleName [1] GeneralName }
##
## 14.5 XML privilege information attribute
## xmlPrivilegeInfo ATTRIBUTE ::= {
## WITH SYNTAX UTF8String -- contains XML-encoded privilege information
## ID id-at-xMLPrivilegeInfo }
##
## 17.1 PMI directory object classes
##
## 17.1.1 PMI user object class
## pmiUser OBJECT-CLASS ::= {
## -- a PMI user (i.e., a "holder")
## SUBCLASS OF {top}
## KIND auxiliary
## MAY CONTAIN {attributeCertificateAttribute}
## ID id-oc-pmiUser }
##
## 17.1.2 PMI AA object class
## pmiAA OBJECT-CLASS ::= {
## -- a PMI AA
## SUBCLASS OF {top}
## KIND auxiliary
## MAY CONTAIN {aACertificate |
## attributeCertificateRevocationList |
## attributeAuthorityRevocationList}
## ID id-oc-pmiAA }
##
## 17.1.3 PMI SOA object class
## pmiSOA OBJECT-CLASS ::= { -- a PMI Source of Authority
## SUBCLASS OF {top}
## KIND auxiliary
## MAY CONTAIN {attributeCertificateRevocationList |
## attributeAuthorityRevocationList |
## attributeDescriptorCertificate}
## ID id-oc-pmiSOA }
##
## 17.1.4 Attribute certificate CRL distribution point object class
## attCertCRLDistributionPt OBJECT-CLASS ::= {
## SUBCLASS OF {top}
## KIND auxiliary
## MAY CONTAIN { attributeCertificateRevocationList |
## attributeAuthorityRevocationList }
## ID id-oc-attCertCRLDistributionPts }
##
## 17.1.5 PMI delegation path
## pmiDelegationPath OBJECT-CLASS ::= {
## SUBCLASS OF {top}
## KIND auxiliary
## MAY CONTAIN { delegationPath }
## ID id-oc-pmiDelegationPath }
##
## 17.1.6 Privilege policy object class
## privilegePolicy OBJECT-CLASS ::= {
## SUBCLASS OF {top}
## KIND auxiliary
## MAY CONTAIN {privPolicy }
## ID id-oc-privilegePolicy }
##
## 17.1.7 Protected privilege policy object class
## protectedPrivilegePolicy OBJECT-CLASS ::= {
## SUBCLASS OF {top}
## KIND auxiliary
## MAY CONTAIN {protPrivPolicy }
## ID id-oc-protectedPrivilegePolicy }
##
## 17.2 PMI Directory attributes
##
## 17.2.1 Attribute certificate attribute
## attributeCertificateAttribute ATTRIBUTE ::= {
## WITH SYNTAX AttributeCertificate
## EQUALITY MATCHING RULE attributeCertificateExactMatch
## ID id-at-attributeCertificate }
##
## 17.2.2 AA certificate attribute
## aACertificate ATTRIBUTE ::= {
## WITH SYNTAX AttributeCertificate
## EQUALITY MATCHING RULE attributeCertificateExactMatch
## ID id-at-aACertificate }
##
## 17.2.3 Attribute descriptor certificate attribute
## attributeDescriptorCertificate ATTRIBUTE ::= {
## WITH SYNTAX AttributeCertificate
## EQUALITY MATCHING RULE attributeCertificateExactMatch
## ID id-at-attributeDescriptorCertificate }
##
## 17.2.4 Attribute certificate revocation list attribute
## attributeCertificateRevocationList ATTRIBUTE ::= {
## WITH SYNTAX CertificateList
## EQUALITY MATCHING RULE certificateListExactMatch
## ID id-at-attributeCertificateRevocationList}
##
## 17.2.5 AA certificate revocation list attribute
## attributeAuthorityRevocationList ATTRIBUTE ::= {
## WITH SYNTAX CertificateList
## EQUALITY MATCHING RULE certificateListExactMatch
## ID id-at-attributeAuthorityRevocationList }
##
## 17.2.6 Delegation path attribute
## delegationPath ATTRIBUTE ::= {
## WITH SYNTAX AttCertPath
## ID id-at-delegationPath }
## AttCertPath ::= SEQUENCE OF AttributeCertificate
##
## 17.2.7 Privilege policy attribute
## privPolicy ATTRIBUTE ::= {
## WITH SYNTAX PolicySyntax
## ID id-at-privPolicy }
##
## 17.2.8 Protected privilege policy attribute
## protPrivPolicy ATTRIBUTE ::= {
## WITH SYNTAX AttributeCertificate
## EQUALITY MATCHING RULE attributeCertificateExactMatch
## ID id-at-protPrivPolicy }
##
## 17.2.9 XML Protected privilege policy attribute
## xmlPrivPolicy ATTRIBUTE ::= {
## WITH SYNTAX UTF8String -- contains XML-encoded privilege policy information
## ID id-at-xMLPprotPrivPolicy }
##
## -- object identifier assignments --
## -- object classes --
objectidentifier id-oc-pmiUser 2.5.6.24
objectidentifier id-oc-pmiAA 2.5.6.25
objectidentifier id-oc-pmiSOA 2.5.6.26
objectidentifier id-oc-attCertCRLDistributionPts 2.5.6.27
objectidentifier id-oc-privilegePolicy 2.5.6.32
objectidentifier id-oc-pmiDelegationPath 2.5.6.33
objectidentifier id-oc-protectedPrivilegePolicy 2.5.6.34
## -- directory attributes --
objectidentifier id-at-attributeCertificate 2.5.4.58
objectidentifier id-at-attributeCertificateRevocationList 2.5.4.59
objectidentifier id-at-aACertificate 2.5.4.61
objectidentifier id-at-attributeDescriptorCertificate 2.5.4.62
objectidentifier id-at-attributeAuthorityRevocationList 2.5.4.63
objectidentifier id-at-privPolicy 2.5.4.71
objectidentifier id-at-role 2.5.4.72
objectidentifier id-at-delegationPath 2.5.4.73
objectidentifier id-at-protPrivPolicy 2.5.4.74
objectidentifier id-at-xMLPrivilegeInfo 2.5.4.75
objectidentifier id-at-xMLPprotPrivPolicy 2.5.4.76
## -- attribute certificate extensions --
## id-ce-authorityAttributeIdentifier OBJECT IDENTIFIER ::= {id-ce 38}
## id-ce-roleSpecCertIdentifier OBJECT IDENTIFIER ::= {id-ce 39}
## id-ce-basicAttConstraints OBJECT IDENTIFIER ::= {id-ce 41}
## id-ce-delegatedNameConstraints OBJECT IDENTIFIER ::= {id-ce 42}
## id-ce-timeSpecification OBJECT IDENTIFIER ::= {id-ce 43}
## id-ce-attributeDescriptor OBJECT IDENTIFIER ::= {id-ce 48}
## id-ce-userNotice OBJECT IDENTIFIER ::= {id-ce 49}
## id-ce-sOAIdentifier OBJECT IDENTIFIER ::= {id-ce 50}
## id-ce-acceptableCertPolicies OBJECT IDENTIFIER ::= {id-ce 52}
## id-ce-targetInformation OBJECT IDENTIFIER ::= {id-ce 55}
## id-ce-noRevAvail OBJECT IDENTIFIER ::= {id-ce 56}
## id-ce-acceptablePrivilegePolicies OBJECT IDENTIFIER ::= {id-ce 57}
## id-ce-indirectIssuer OBJECT IDENTIFIER ::= {id-ce 61}
## id-ce-noAssertion OBJECT IDENTIFIER ::= {id-ce 62}
## id-ce-issuedOnBehalfOf OBJECT IDENTIFIER ::= {id-ce 64}
## -- PMI matching rules --
objectidentifier id-mr 2.5.13
objectidentifier id-mr-attributeCertificateMatch id-mr:42
objectidentifier id-mr-attributeCertificateExactMatch id-mr:45
objectidentifier id-mr-holderIssuerMatch id-mr:46
objectidentifier id-mr-authAttIdMatch id-mr:53
objectidentifier id-mr-roleSpecCertIdMatch id-mr:54
objectidentifier id-mr-basicAttConstraintsMatch id-mr:55
objectidentifier id-mr-delegatedNameConstraintsMatch id-mr:56
objectidentifier id-mr-timeSpecMatch id-mr:57
objectidentifier id-mr-attDescriptorMatch id-mr:58
objectidentifier id-mr-acceptableCertPoliciesMatch id-mr:59
objectidentifier id-mr-delegationPathMatch id-mr:61
objectidentifier id-mr-sOAIdentifierMatch id-mr:66
objectidentifier id-mr-indirectIssuerMatch id-mr:67
## -- syntaxes --
## NOTE: 1.3.6.1.4.1.4203.666.11.10 is the oid arc assigned by OpenLDAP
## to this work in progress
objectidentifier AttributeCertificate 1.3.6.1.4.1.4203.666.11.10.2.1
objectidentifier CertificateList 1.3.6.1.4.1.1466.115.121.1.9
objectidentifier AttCertPath 1.3.6.1.4.1.4203.666.11.10.2.4
objectidentifier PolicySyntax 1.3.6.1.4.1.4203.666.11.10.2.5
objectidentifier RoleSyntax 1.3.6.1.4.1.4203.666.11.10.2.6
# NOTE: OIDs from <draft-ietf-pkix-ldap-schema-02.txt> (expired)
#objectidentifier AttributeCertificate 1.2.826.0.1.3344810.7.5
#objectidentifier AttCertPath 1.2.826.0.1.3344810.7.10
#objectidentifier PolicySyntax 1.2.826.0.1.3344810.7.17
#objectidentifier RoleSyntax 1.2.826.0.1.3344810.7.13
##
## Substitute syntaxes
##
## AttCertPath
ldapsyntax ( 1.3.6.1.4.1.4203.666.11.10.2.4
NAME 'AttCertPath'
DESC 'X.509 PMI attribute cartificate path: SEQUENCE OF AttributeCertificate'
X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' )
##
## PolicySyntax
ldapsyntax ( 1.3.6.1.4.1.4203.666.11.10.2.5
NAME 'PolicySyntax'
DESC 'X.509 PMI policy syntax'
X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' )
##
## RoleSyntax
ldapsyntax ( 1.3.6.1.4.1.4203.666.11.10.2.6
NAME 'RoleSyntax'
DESC 'X.509 PMI role syntax'
X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' )
##
## X.509 (08/2005) pp. 71, 86-89
##
## 14.4.1 Role attribute
attributeType ( id-at-role
NAME 'role'
DESC 'X.509 Role attribute, use ;binary'
SYNTAX RoleSyntax )
##
## 14.5 XML privilege information attribute
## -- contains XML-encoded privilege information
attributeType ( id-at-xMLPrivilegeInfo
NAME 'xmlPrivilegeInfo'
DESC 'X.509 XML privilege information attribute'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
##
## 17.2 PMI Directory attributes
##
## 17.2.1 Attribute certificate attribute
attributeType ( id-at-attributeCertificate
NAME 'attributeCertificateAttribute'
DESC 'X.509 Attribute certificate attribute, use ;binary'
SYNTAX AttributeCertificate
EQUALITY attributeCertificateExactMatch )
##
## 17.2.2 AA certificate attribute
attributeType ( id-at-aACertificate
NAME 'aACertificate'
DESC 'X.509 AA certificate attribute, use ;binary'
SYNTAX AttributeCertificate
EQUALITY attributeCertificateExactMatch )
##
## 17.2.3 Attribute descriptor certificate attribute
attributeType ( id-at-attributeDescriptorCertificate
NAME 'attributeDescriptorCertificate'
DESC 'X.509 Attribute descriptor certificate attribute, use ;binary'
SYNTAX AttributeCertificate
EQUALITY attributeCertificateExactMatch )
##
## 17.2.4 Attribute certificate revocation list attribute
attributeType ( id-at-attributeCertificateRevocationList
NAME 'attributeCertificateRevocationList'
DESC 'X.509 Attribute certificate revocation list attribute, use ;binary'
SYNTAX CertificateList
X-EQUALITY 'certificateListExactMatch, not implemented yet' )
##
## 17.2.5 AA certificate revocation list attribute
attributeType ( id-at-attributeAuthorityRevocationList
NAME 'attributeAuthorityRevocationList'
DESC 'X.509 AA certificate revocation list attribute, use ;binary'
SYNTAX CertificateList
X-EQUALITY 'certificateListExactMatch, not implemented yet' )
##
## 17.2.6 Delegation path attribute
attributeType ( id-at-delegationPath
NAME 'delegationPath'
DESC 'X.509 Delegation path attribute, use ;binary'
SYNTAX AttCertPath )
## AttCertPath ::= SEQUENCE OF AttributeCertificate
##
## 17.2.7 Privilege policy attribute
attributeType ( id-at-privPolicy
NAME 'privPolicy'
DESC 'X.509 Privilege policy attribute, use ;binary'
SYNTAX PolicySyntax )
##
## 17.2.8 Protected privilege policy attribute
attributeType ( id-at-protPrivPolicy
NAME 'protPrivPolicy'
DESC 'X.509 Protected privilege policy attribute, use ;binary'
SYNTAX AttributeCertificate
EQUALITY attributeCertificateExactMatch )
##
## 17.2.9 XML Protected privilege policy attribute
## -- contains XML-encoded privilege policy information
attributeType ( id-at-xMLPprotPrivPolicy
NAME 'xmlPrivPolicy'
DESC 'X.509 XML Protected privilege policy attribute'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
##
## 17.1 PMI directory object classes
##
## 17.1.1 PMI user object class
## -- a PMI user (i.e., a "holder")
objectClass ( id-oc-pmiUser
NAME 'pmiUser'
DESC 'X.509 PMI user object class'
SUP top
AUXILIARY
MAY ( attributeCertificateAttribute ) )
##
## 17.1.2 PMI AA object class
## -- a PMI AA
objectClass ( id-oc-pmiAA
NAME 'pmiAA'
DESC 'X.509 PMI AA object class'
SUP top
AUXILIARY
MAY ( aACertificate $
attributeCertificateRevocationList $
attributeAuthorityRevocationList
) )
##
## 17.1.3 PMI SOA object class
## -- a PMI Source of Authority
objectClass ( id-oc-pmiSOA
NAME 'pmiSOA'
DESC 'X.509 PMI SOA object class'
SUP top
AUXILIARY
MAY ( attributeCertificateRevocationList $
attributeAuthorityRevocationList $
attributeDescriptorCertificate
) )
##
## 17.1.4 Attribute certificate CRL distribution point object class
objectClass ( id-oc-attCertCRLDistributionPts
NAME 'attCertCRLDistributionPt'
DESC 'X.509 Attribute certificate CRL distribution point object class'
SUP top
AUXILIARY
MAY ( attributeCertificateRevocationList $
attributeAuthorityRevocationList
) )
##
## 17.1.5 PMI delegation path
objectClass ( id-oc-pmiDelegationPath
NAME 'pmiDelegationPath'
DESC 'X.509 PMI delegation path'
SUP top
AUXILIARY
MAY ( delegationPath ) )
##
## 17.1.6 Privilege policy object class
objectClass ( id-oc-privilegePolicy
NAME 'privilegePolicy'
DESC 'X.509 Privilege policy object class'
SUP top
AUXILIARY
MAY ( privPolicy ) )
##
## 17.1.7 Protected privilege policy object class
objectClass ( id-oc-protectedPrivilegePolicy
NAME 'protectedPrivilegePolicy'
DESC 'X.509 Protected privilege policy object class'
SUP top
AUXILIARY
MAY ( protPrivPolicy ) )

149
schema/ppolicy.schema
Unescape Escape View File

@ -0,0 +1,149 @@
# $OpenLDAP: pkg/ldap/servers/slapd/schema/ppolicy.schema,v 1.2.2.4 2007/01/02 21:44:09 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 2004-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
#
## Portions Copyright (C) The Internet Society (2004).
## Please see full copyright statement below.
# Definitions from Draft behera-ldap-password-policy-07 (a work in progress)
# Password Policy for LDAP Directories
# With extensions from Hewlett-Packard:
# pwdCheckModule etc.
# Contents of this file are subject to change (including deletion)
# without notice.
#
# Not recommended for production use!
# Use with extreme caution!
# The version of this file as distributed by the OpenLDAP Foundation
# contains text from an IETF Internet-Draft explaining the schema.
# Unfortunately, that text is covered by a license that doesn't meet
# Debian's Free Software Guidelines. This is a stripped version of the
# schema that contains only the functional schema definition, not the text
# of the Internet-Draft.
#
# For an explanation of this schema, see
# draft-behera-ldap-password-policy-08.txt.
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.1
NAME 'pwdAttribute'
EQUALITY objectIdentifierMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.2
NAME 'pwdMinAge'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.3
NAME 'pwdMaxAge'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.4
NAME 'pwdInHistory'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.5
NAME 'pwdCheckQuality'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.6
NAME 'pwdMinLength'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.7
NAME 'pwdExpireWarning'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.8
NAME 'pwdGraceAuthNLimit'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.9
NAME 'pwdLockout'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.10
NAME 'pwdLockoutDuration'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.11
NAME 'pwdMaxFailure'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.12
NAME 'pwdFailureCountInterval'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.13
NAME 'pwdMustChange'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.14
NAME 'pwdAllowUserChange'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.15
NAME 'pwdSafeModify'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.4754.1.99.1
NAME 'pwdCheckModule'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
DESC 'Loadable module that instantiates "check_password() function'
SINGLE-VALUE )
objectclass ( 1.3.6.1.4.1.4754.2.99.1
NAME 'pwdPolicyChecker'
SUP top
AUXILIARY
MAY ( pwdCheckModule ) )
objectclass ( 1.3.6.1.4.1.42.2.27.8.2.1
NAME 'pwdPolicy'
SUP top
AUXILIARY
MUST ( pwdAttribute )
MAY ( pwdMinAge $ pwdMaxAge $ pwdInHistory $ pwdCheckQuality $
pwdMinLength $ pwdExpireWarning $ pwdGraceAuthNLimit $ pwdLockout
$ pwdLockoutDuration $ pwdMaxFailure $ pwdFailureCountInterval $
pwdMustChange $ pwdAllowUserChange $ pwdSafeModify ) )

575
schema/samba_3.2.schema
Unescape Escape View File

@ -0,0 +1,575 @@
##
## schema file for OpenLDAP 2.x
## Schema for storing Samba user accounts and group maps in LDAP
## OIDs are owned by the Samba Team
##
## Prerequisite schemas - uid (cosine.schema)
## - displayName (inetorgperson.schema)
## - gidNumber (nis.schema)
##
## 1.3.6.1.4.1.7165.2.1.x - attributetypes
## 1.3.6.1.4.1.7165.2.2.x - objectclasses
##
## Printer support
## 1.3.6.1.4.1.7165.2.3.1.x - attributetypes
## 1.3.6.1.4.1.7165.2.3.2.x - objectclasses
##
## Samba4
## 1.3.6.1.4.1.7165.4.1.x - attributetypes
## 1.3.6.1.4.1.7165.4.2.x - objectclasses
## 1.3.6.1.4.1.7165.4.3.x - LDB/LDAP Controls
## 1.3.6.1.4.1.7165.4.4.x - LDB/LDAP Extended Operations
## 1.3.6.1.4.1.7165.4.255.x - mapped OIDs due to conflicts between AD and standards-track
##
## ----- READ THIS WHEN ADDING A NEW ATTRIBUTE OR OBJECT CLASS ------
##
## Run the 'get_next_oid' bash script in this directory to find the
## next available OID for attribute type and object classes.
##
## $ ./get_next_oid
## attributetype ( 1.3.6.1.4.1.7165.2.1.XX NAME ....
## objectclass ( 1.3.6.1.4.1.7165.2.2.XX NAME ....
##
## Also ensure that new entries adhere to the declaration style
## used throughout this file
##
## <attributetype|objectclass> ( 1.3.6.1.4.1.7165.2.XX.XX NAME ....
## ^ ^ ^
##
## The spaces are required for the get_next_oid script (and for
## readability).
##
## ------------------------------------------------------------------
# objectIdentifier SambaRoot 1.3.6.1.4.1.7165
# objectIdentifier Samba3 SambaRoot:2
# objectIdentifier Samba3Attrib Samba3:1
# objectIdentifier Samba3ObjectClass Samba3:2
# objectIdentifier Samba4 SambaRoot:4
########################################################################
## HISTORICAL ##
########################################################################
##
## Password hashes
##
#attributetype ( 1.3.6.1.4.1.7165.2.1.1 NAME 'lmPassword'
# DESC 'LanManager Passwd'
# EQUALITY caseIgnoreIA5Match
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
#attributetype ( 1.3.6.1.4.1.7165.2.1.2 NAME 'ntPassword'
# DESC 'NT Passwd'
# EQUALITY caseIgnoreIA5Match
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
##
## Account flags in string format ([UWDX ])
##
#attributetype ( 1.3.6.1.4.1.7165.2.1.4 NAME 'acctFlags'
# DESC 'Account Flags'
# EQUALITY caseIgnoreIA5Match
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE )
##
## Password timestamps & policies
##
#attributetype ( 1.3.6.1.4.1.7165.2.1.3 NAME 'pwdLastSet'
# DESC 'NT pwdLastSet'
# EQUALITY integerMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
#attributetype ( 1.3.6.1.4.1.7165.2.1.5 NAME 'logonTime'
# DESC 'NT logonTime'
# EQUALITY integerMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
#attributetype ( 1.3.6.1.4.1.7165.2.1.6 NAME 'logoffTime'
# DESC 'NT logoffTime'
# EQUALITY integerMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
#attributetype ( 1.3.6.1.4.1.7165.2.1.7 NAME 'kickoffTime'
# DESC 'NT kickoffTime'
# EQUALITY integerMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
#attributetype ( 1.3.6.1.4.1.7165.2.1.8 NAME 'pwdCanChange'
# DESC 'NT pwdCanChange'
# EQUALITY integerMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
#attributetype ( 1.3.6.1.4.1.7165.2.1.9 NAME 'pwdMustChange'
# DESC 'NT pwdMustChange'
# EQUALITY integerMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
##
## string settings
##
#attributetype ( 1.3.6.1.4.1.7165.2.1.10 NAME 'homeDrive'
# DESC 'NT homeDrive'
# EQUALITY caseIgnoreIA5Match
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE )
#attributetype ( 1.3.6.1.4.1.7165.2.1.11 NAME 'scriptPath'
# DESC 'NT scriptPath'
# EQUALITY caseIgnoreIA5Match
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )
#attributetype ( 1.3.6.1.4.1.7165.2.1.12 NAME 'profilePath'
# DESC 'NT profilePath'
# EQUALITY caseIgnoreIA5Match
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )
#attributetype ( 1.3.6.1.4.1.7165.2.1.13 NAME 'userWorkstations'
# DESC 'userWorkstations'
# EQUALITY caseIgnoreIA5Match
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )
#attributetype ( 1.3.6.1.4.1.7165.2.1.17 NAME 'smbHome'
# DESC 'smbHome'
# EQUALITY caseIgnoreIA5Match
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
#attributetype ( 1.3.6.1.4.1.7165.2.1.18 NAME 'domain'
# DESC 'Windows NT domain to which the user belongs'
# EQUALITY caseIgnoreIA5Match
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
##
## user and group RID
##
#attributetype ( 1.3.6.1.4.1.7165.2.1.14 NAME 'rid'
# DESC 'NT rid'
# EQUALITY integerMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
#attributetype ( 1.3.6.1.4.1.7165.2.1.15 NAME 'primaryGroupID'
# DESC 'NT Group RID'
# EQUALITY integerMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
##
## The smbPasswordEntry objectclass has been depreciated in favor of the
## sambaAccount objectclass
##
#objectclass ( 1.3.6.1.4.1.7165.2.2.1 NAME 'smbPasswordEntry' SUP top AUXILIARY
# DESC 'Samba smbpasswd entry'
# MUST ( uid $ uidNumber )
# MAY ( lmPassword $ ntPassword $ pwdLastSet $ acctFlags ))
#objectclass ( 1.3.6.1.4.1.7165.2.2.2 NAME 'sambaAccount' SUP top STRUCTURAL
# DESC 'Samba Account'
# MUST ( uid $ rid )
# MAY ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
# logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $
# displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $
# description $ userWorkstations $ primaryGroupID $ domain ))
#objectclass ( 1.3.6.1.4.1.7165.2.2.3 NAME 'sambaAccount' SUP top AUXILIARY
# DESC 'Samba Auxiliary Account'
# MUST ( uid $ rid )
# MAY ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
# logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $
# displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $
# description $ userWorkstations $ primaryGroupID $ domain ))
########################################################################
## END OF HISTORICAL ##
########################################################################
#######################################################################
## Attributes used by Samba 3.0 schema ##
#######################################################################
##
## Password hashes
##
attributetype ( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword'
DESC 'LanManager Password'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword'
DESC 'MD4 hash of the unicode password'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
##
## Account flags in string format ([UWDX ])
##
attributetype ( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags'
DESC 'Account Flags'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE )
##
## Password timestamps & policies
##
attributetype ( 1.3.6.1.4.1.7165.2.1.27 NAME 'sambaPwdLastSet'
DESC 'Timestamp of the last password update'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.7165.2.1.28 NAME 'sambaPwdCanChange'
DESC 'Timestamp of when the user is allowed to update the password'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange'
DESC 'Timestamp of when the password will expire'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.7165.2.1.30 NAME 'sambaLogonTime'
DESC 'Timestamp of last logon'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.7165.2.1.31 NAME 'sambaLogoffTime'
DESC 'Timestamp of last logoff'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.7165.2.1.32 NAME 'sambaKickoffTime'
DESC 'Timestamp of when the user will be logged off automatically'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.7165.2.1.48 NAME 'sambaBadPasswordCount'
DESC 'Bad password attempt count'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.7165.2.1.49 NAME 'sambaBadPasswordTime'
DESC 'Time of the last bad password attempt'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.7165.2.1.55 NAME 'sambaLogonHours'
DESC 'Logon Hours'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{42} SINGLE-VALUE )
##
## string settings
##
attributetype ( 1.3.6.1.4.1.7165.2.1.33 NAME 'sambaHomeDrive'
DESC 'Driver letter of home directory mapping'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.7165.2.1.34 NAME 'sambaLogonScript'
DESC 'Logon script path'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.7165.2.1.35 NAME 'sambaProfilePath'
DESC 'Roaming profile path'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.7165.2.1.36 NAME 'sambaUserWorkstations'
DESC 'List of user workstations the user is allowed to logon to'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.7165.2.1.37 NAME 'sambaHomePath'
DESC 'Home directory UNC path'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
attributetype ( 1.3.6.1.4.1.7165.2.1.38 NAME 'sambaDomainName'
DESC 'Windows NT domain to which the user belongs'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
attributetype ( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial'
DESC 'Base64 encoded user parameter string'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} )
attributetype ( 1.3.6.1.4.1.7165.2.1.54 NAME 'sambaPasswordHistory'
DESC 'Concatenated MD5 hashes of the salted NT passwords used on this account'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} )
##
## SID, of any type
##
attributetype ( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID'
DESC 'Security ID'
EQUALITY caseIgnoreIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
##
## Primary group SID, compatible with ntSid
##
attributetype ( 1.3.6.1.4.1.7165.2.1.23 NAME 'sambaPrimaryGroupSID'
DESC 'Primary Group Security ID'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.7165.2.1.51 NAME 'sambaSIDList'
DESC 'Security ID List'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} )
##
## group mapping attributes
##
attributetype ( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType'
DESC 'NT Group Type'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
##
## Store info on the domain
##
attributetype ( 1.3.6.1.4.1.7165.2.1.21 NAME 'sambaNextUserRid'
DESC 'Next NT rid to give our for users'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.7165.2.1.22 NAME 'sambaNextGroupRid'
DESC 'Next NT rid to give out for groups'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.7165.2.1.39 NAME 'sambaNextRid'
DESC 'Next NT rid to give out for anything'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.7165.2.1.40 NAME 'sambaAlgorithmicRidBase'
DESC 'Base at which the samba RID generation algorithm should operate'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.7165.2.1.41 NAME 'sambaShareName'
DESC 'Share Name'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.7165.2.1.42 NAME 'sambaOptionName'
DESC 'Option Name'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 1.3.6.1.4.1.7165.2.1.43 NAME 'sambaBoolOption'
DESC 'A boolean option'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.7165.2.1.44 NAME 'sambaIntegerOption'
DESC 'An integer option'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.7165.2.1.45 NAME 'sambaStringOption'
DESC 'A string option'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.7165.2.1.46 NAME 'sambaStringListOption'
DESC 'A string list option'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
##attributetype ( 1.3.6.1.4.1.7165.2.1.50 NAME 'sambaPrivName'
## SUP name )
##attributetype ( 1.3.6.1.4.1.7165.2.1.52 NAME 'sambaPrivilegeList'
## DESC 'Privileges List'
## EQUALITY caseIgnoreIA5Match
## SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} )
attributetype ( 1.3.6.1.4.1.7165.2.1.53 NAME 'sambaTrustFlags'
DESC 'Trust Password Flags'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
# "min password length"
attributetype ( 1.3.6.1.4.1.7165.2.1.58 NAME 'sambaMinPwdLength'
DESC 'Minimal password length (default: 5)'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
# "password history"
attributetype ( 1.3.6.1.4.1.7165.2.1.59 NAME 'sambaPwdHistoryLength'
DESC 'Length of Password History Entries (default: 0 => off)'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
# "user must logon to change password"
attributetype ( 1.3.6.1.4.1.7165.2.1.60 NAME 'sambaLogonToChgPwd'
DESC 'Force Users to logon for password change (default: 0 => off, 2 => on)'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
# "maximum password age"
attributetype ( 1.3.6.1.4.1.7165.2.1.61 NAME 'sambaMaxPwdAge'
DESC 'Maximum password age, in seconds (default: -1 => never expire passwords)'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
# "minimum password age"
attributetype ( 1.3.6.1.4.1.7165.2.1.62 NAME 'sambaMinPwdAge'
DESC 'Minimum password age, in seconds (default: 0 => allow immediate password change)'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
# "lockout duration"
attributetype ( 1.3.6.1.4.1.7165.2.1.63 NAME 'sambaLockoutDuration'
DESC 'Lockout duration in minutes (default: 30, -1 => forever)'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
# "reset count minutes"
attributetype ( 1.3.6.1.4.1.7165.2.1.64 NAME 'sambaLockoutObservationWindow'
DESC 'Reset time after lockout in minutes (default: 30)'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
# "bad lockout attempt"
attributetype ( 1.3.6.1.4.1.7165.2.1.65 NAME 'sambaLockoutThreshold'
DESC 'Lockout users after bad logon attempts (default: 0 => off)'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
# "disconnect time"
attributetype ( 1.3.6.1.4.1.7165.2.1.66 NAME 'sambaForceLogoff'
DESC 'Disconnect Users outside logon hours (default: -1 => off, 0 => on)'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
# "refuse machine password change"
attributetype ( 1.3.6.1.4.1.7165.2.1.67 NAME 'sambaRefuseMachinePwdChange'
DESC 'Allow Machine Password changes (default: 0 => off)'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
#
attributetype ( 1.3.6.1.4.1.7165.2.1.68 NAME 'sambaClearTextPassword'
DESC 'Clear text password (used for trusted domain passwords)'
EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
#
attributetype ( 1.3.6.1.4.1.7165.2.1.69 NAME 'sambaPreviousClearTextPassword'
DESC 'Previous clear text password (used for trusted domain passwords)'
EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
#######################################################################
## objectClasses used by Samba 3.0 schema ##
#######################################################################
## The X.500 data model (and therefore LDAPv3) says that each entry can
## only have one structural objectclass. OpenLDAP 2.0 does not enforce
## this currently but will in v2.1
##
## added new objectclass (and OID) for 3.0 to help us deal with backwards
## compatibility with 2.2 installations (e.g. ldapsam_compat) --jerry
##
objectclass ( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' SUP top AUXILIARY
DESC 'Samba 3.0 Auxilary SAM Account'
MUST ( uid $ sambaSID )
MAY ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $
sambaLogonTime $ sambaLogoffTime $ sambaKickoffTime $
sambaPwdCanChange $ sambaPwdMustChange $ sambaAcctFlags $
displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScript $
sambaProfilePath $ description $ sambaUserWorkstations $
sambaPrimaryGroupSID $ sambaDomainName $ sambaMungedDial $
sambaBadPasswordCount $ sambaBadPasswordTime $
sambaPasswordHistory $ sambaLogonHours))
##
## Group mapping info
##
objectclass ( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' SUP top AUXILIARY
DESC 'Samba Group Mapping'
MUST ( gidNumber $ sambaSID $ sambaGroupType )
MAY ( displayName $ description $ sambaSIDList ))
##
## Trust password for trust relationships (any kind)
##
objectclass ( 1.3.6.1.4.1.7165.2.2.14 NAME 'sambaTrustPassword' SUP top STRUCTURAL
DESC 'Samba Trust Password'
MUST ( sambaDomainName $ sambaNTPassword $ sambaTrustFlags )
MAY ( sambaSID $ sambaPwdLastSet ))
##
## Trust password for trusted domains
## (to be stored beneath the trusting sambaDomain object in the DIT)
##
objectclass ( 1.3.6.1.4.1.7165.2.2.15 NAME 'sambaTrustedDomainPassword' SUP top STRUCTURAL
DESC 'Samba Trusted Domain Password'
MUST ( sambaDomainName $ sambaSID $
sambaClearTextPassword $ sambaPwdLastSet )
MAY ( sambaPreviousClearTextPassword ))
##
## Whole-of-domain info
##
objectclass ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' SUP top STRUCTURAL
DESC 'Samba Domain Information'
MUST ( sambaDomainName $
sambaSID )
MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $
sambaAlgorithmicRidBase $
sambaMinPwdLength $ sambaPwdHistoryLength $ sambaLogonToChgPwd $
sambaMaxPwdAge $ sambaMinPwdAge $
sambaLockoutDuration $ sambaLockoutObservationWindow $ sambaLockoutThreshold $
sambaForceLogoff $ sambaRefuseMachinePwdChange ))
##
## used for idmap_ldap module
##
objectclass ( 1.3.6.1.4.1.7165.2.2.7 NAME 'sambaUnixIdPool' SUP top AUXILIARY
DESC 'Pool for allocating UNIX uids/gids'
MUST ( uidNumber $ gidNumber ) )
objectclass ( 1.3.6.1.4.1.7165.2.2.8 NAME 'sambaIdmapEntry' SUP top AUXILIARY
DESC 'Mapping from a SID to an ID'
MUST ( sambaSID )
MAY ( uidNumber $ gidNumber ) )
objectclass ( 1.3.6.1.4.1.7165.2.2.9 NAME 'sambaSidEntry' SUP top STRUCTURAL
DESC 'Structural Class for a SID'
MUST ( sambaSID ) )
objectclass ( 1.3.6.1.4.1.7165.2.2.10 NAME 'sambaConfig' SUP top AUXILIARY
DESC 'Samba Configuration Section'
MAY ( description ) )
objectclass ( 1.3.6.1.4.1.7165.2.2.11 NAME 'sambaShare' SUP top STRUCTURAL
DESC 'Samba Share Section'
MUST ( sambaShareName )
MAY ( description ) )
objectclass ( 1.3.6.1.4.1.7165.2.2.12 NAME 'sambaConfigOption' SUP top STRUCTURAL
DESC 'Samba Configuration Option'
MUST ( sambaOptionName )
MAY ( sambaBoolOption $ sambaIntegerOption $ sambaStringOption $
sambaStringListoption $ description ) )
## retired during privilege rewrite
##objectclass ( 1.3.6.1.4.1.7165.2.2.13 NAME 'sambaPrivilege' SUP top AUXILIARY
## DESC 'Samba Privilege'
## MUST ( sambaSID )
## MAY ( sambaPrivilegeList ) )

57
schema/smartjog.schema
Unescape Escape View File

@ -0,0 +1,57 @@
# OpenLDAP custom schema
attributetype ( 43.1 NAME 'use'
DESC 'Services used by user'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{42} )
# Not using 'RFC1274', this cause slapd crash when more than 2 number in field
attributetype ( 43.2 NAME 'businessPhone'
DESC 'Business telephone number'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{42} )
# Not using 'RFC1274', this cause slapd crash when more than 2 number in field
attributetype ( 43.3 NAME 'personalPhone'
DESC 'Personal telephone number'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{42} )
attributetype ( 43.4 NAME 'sshKey'
DESC 'ssh key'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
attributetype ( 43.5 NAME 'gpgKey'
DESC 'User gpg key'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
attributetype ( 43.6 NAME 'ipAddress'
DESC 'IP Address'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
attributetype ( 43.7 NAME 'lanAddress'
DESC 'Lan IP'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
attributetype ( 43.8 NAME 'vpnAddress'
DESC 'VPN RLA IP'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{15} )
attributetype ( 43.9 NAME 'userPicture'
DESC 'Identification Picture'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 )
objectclass ( 42.0 NAME 'companyAccount'
SUP top STRUCTURAL
MUST ( cn )
MAY ( c $ userPassword $ mail $ businessPhone $ personalPhone $ userPicture $ macAddress $ lanAddress $ vpnAddress $ sshkey $ gpgkey $ host $ description $ use)
)
objectclass ( 42.1 NAME 'companyHost'
SUP top STRUCTURAL
MUST ( cn )
MAY ( macAddress $ ipAddress $ description )
)

292
sj_gpgldapkeys.py
Unescape Escape View File

@ -0,0 +1,292 @@
#!/usr/bin/env python
import ldap
import subprocess
import re
# LDAP SERVER INFORMATIONS
###########
HOST = '192.168.0.138'
BINDDN = 'cn=admin,dc=company,dc=lan'
CREDENTIALS = 'toto'
USERSDN = 'ou=users,dc=company,dc=lan'
DEFAULT_SCOPE = ldap.SCOPE_SUBTREE
# LDAP KEYSERVER SPECEFIC INFORMATIONS
###########
# PGP KEY SCHEMA
##
PGP_KEY_SCHEMA = {
'pgpCertID': '',
'pgpKey': '',
'pgpDisabled': '',
'pgpKeyID': '',
'pgpKeyType': '',
'pgpUserID': '',
'pgpKeyCreateTime': '',
'pgpSignerID': '',
'pgpRevoked': '',
'pgpSubKeyID': '',
'pgpKeySize': '',
'pgpKeyExpireTime': '',
}
# KEY SERVER INFO DN
###
PGP_SERVER_INFO = 'cn=pgpServerInfo,dc=company,dc=lan'
# BASE KEY SPACE DN
##
BASE_KEY_SPACE = 'ou=pgpKeys,dc=company,dc=lan'
############
# GPG SPECEFIC OPTIONS
############
# GPG COMMAND ARGUMETNS
##
GPG_HOME_DIR = "/home/spike/ldap/keys/"
GPG_IMPORT_STDIN = [
'gpg',
'--batch',
'--no-tty',
'--homedir',
GPG_HOME_DIR,
'--import',
'-',
]
GPG_GET_FINGERPRINT = [
'gpg',
'--batch',
'--no-tty',
'--with-colons',
'--homedir',
GPG_HOME_DIR,
'--fingerprint',
]
class LdapServer(object):
"""
LdapServer : Handle connection to ldap server.
Provides a simple interface to get and search pgp keys
stored by users
Attributes :
host : the ip or lookup name to the Ldap server
binddn : binddn
cred : your credentials associated to your binddn
usersdn : base dn to start looking for users in
Methods:
- test_search
- get_user_key
"""
host = HOST
binddn = BINDDN
cred = CREDENTIALS
usersdn = USERSDN
scope = DEFAULT_SCOPE
attrs = ['gpgkey']
userKeys = {}
def __init__(self):
try:
self.ldapHandle = ldap.init(self.host)
self.ldapHandle.bind(self.binddn, self.cred)
except ldap.SERVER_DOWN as error:
print 'init failed -> %s -> at %s' % (error, self.host)
def test_search(self):
"""
Perform a test search on the ldap server
returns ldap.result() return type
"""
self.test = self.ldapHandle.search_s(self.usersdn,ldap.SCOPE_SUBTREE,
'(cn=cbenzian)', ['mail','phone'])
return (self.test)
def get_user_key(self, user):
"""
This method lookup for the pgp key stored by the user,
user must be in form 'cbenzian'
Return a list in the form {userdn : gpgkey, }
"""
print 'Searching for user %s gpgkey in ldap ou=users database ...' \
% user
try:
msgid = self.ldapHandle.search(self.usersdn, self.scope, 'cn=%s' % \
user, self.attrs)
result = self.ldapHandle.result(msgid)[1]
if result == []:
raise ldap.NO_RESULTS_RETURNED('user %s not found' % user)
except Exception, error:
raise ValueError(error)
return self._fetch_result(result)
def updateKeyEntry(self, ldapKey):
"""
Updates or creates a new ldap key entry
If key exists it gets overwritten
ldapKey must be a dict in the form PGP_KEY_SCHEMA
"""
# NOTE: first we just want to add a key. We'll look to
# update late
key_dn = ''.join(['pgpCertID=%s,' % ldapKey['pgpCertID'],BASE_KEY_SPACE])
key_record = [
('objectClass', ['pgpKeyInfo']),
('pgpCertID', [ldapKey['pgpCertID']]),
('pgpKey', [ldapKey['pgpKey']]),
('pgpKeyID', [ldapKey['pgpKeyID']])
]
try:
msgid = self.ldapHandle.add(key_dn,key_record)
result = self.ldapHandle.result(msgid)
except Exception, e:
raise e
def _fetch_result(self, ldap_result):
"""
Fetches a result from an ldap result tupple and returns
a dict of form {userdn: gpgkey,}
"""
print 'Fetching results...'
#print ldap_result
tmp = ldap_result.pop(0)
key_name = tmp[0].split(',')[0].split('=')[1]
self.userKeys[key_name] = tmp[1]['gpgKey'].pop()
return self.userKeys
class gpgKeyHandler(object):
"""Interface to manipulate gpgKeys, store on local keyring,
send, update, or any key managment in the `ldap keys server`.
The object initialization takes a dict in the form {'user' : key } .
The following methods are available to manipulate keys:
- saveKeyMsg: generates a file containing the public key armor
- importUserKey: given a username imports it's public key message
in the local defined keyring using gpg command line tools
- getLdapReadyKey
- getUserkeys
- updateLdapKey : prepare specified key to be updated in ldap key server
"""
user_keys = {}
ldapReadyKeys = {}
def __init__(self, keys={}):
"""
Populate keys, takes a dict or raises an exception
"""
if type(keys).__name__ != 'dict':
raise TypeError ('%s takes a dict argument, %s given' %
(gpgKeyHandler, type(keys).__name__))
self.user_keys = keys
self.ldapHandle = LdapServer()
def getLdapReadyKeys(self):
"""returns the keys prepared to be updated to ldap"""
return self.ldapReadyKeys
def getUserkeys(self):
"""returns public keys loaded from ldap users entries"""
return user_keys
def saveKeyMsg(self, user):
"""Save given key message in a file"""
key = self.user_keys[user]
filename = '%s.asc' % user
try:
file = open(filename, 'w')
file.write(key)
file.close()
except IOError, error:
print 'Read Write error %s' % error
def importUserKey(self, user):
"""imports key block message of the user in form 'cbenzian'
to the defined local keyring
"""
self.user_keys.update(self.ldapHandle.get_user_key(user))
key = self.user_keys[user]
gpg_proc = subprocess.Popen(GPG_IMPORT_STDIN,
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
output = gpg_proc.communicate(key)
def ParseLdapKey(self, user):
"""Parse user public key in a structure that fits
in the ldap keyserver entries see PGP_KEY_SCHEMA
"""
self.importUserKey(user)
keyInfo = PGP_KEY_SCHEMA
keyInfo['pgpKey'] = self.user_keys[user]
keyInfo['pgpCertID'] = self.fetchCertId(user)
keyInfo['pgpKeyID'] = keyInfo['pgpCertID'][8:]
keyInfo['pgpKeyType'] = self.fetchKeyType(user)
self.ldapReadyKeys[user] = keyInfo
def updateLdapKey(self, user):
"""
Sends user's parsed key to ldap keys server
We user ldapHandler's method updateKeyEntry()
to do this.
"""
self.ldapHandle.updateKeyEntry(self.ldapReadyKeys[user])
def fetchCertId(self, user):
"""
Returns CertID of user's public key by taking the
last 8 bytes of the key's fingerprint
"""
find_pattern = re.compile(r"(([0-9a-fA-F]{4,4}){4,4}):")
args = GPG_GET_FINGERPRINT
args.append(user)
gpg_proc = subprocess.Popen(args,
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
output = gpg_proc.communicate()
# get gpg process output
# and grep the CertID in the key's fingerprint
fingerprint = output[0].split('\n')
fingerprint = find_pattern.search(fingerprint[1])
fingerprint = fingerprint.group(0).rstrip(':')
certID = fingerprint.replace(' ','')
return certID
def fetchKeyType(self, user):
""" Returns user's key type """
if __name__ == "__main__":
keyHandler = gpgKeyHandler()
keyHandler.ParseLdapKey('tvincent')
#keyHandler.updateLdapKey('tvincent')
keyHandler.saveKeyMsg('tvincent')

197
slapd.conf
Unescape Escape View File

@ -0,0 +1,197 @@
# Loading of backend modules - automatically generated
modulepath /usr/lib/ldap
moduleload back_bdb
moduleload syncprov
# This is the main ldapd configuration file. See slapd.conf(5) for more
# info on the configuration options.
# Schema and objectClass definitions
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/inetorgperson.schema
# include /etc/ldap/schema/extension.schema
include /etc/ldap/schema/nis.schema
#include /etc/ldap/schema/samba.schema
include /etc/ldap/schema/samba_3.2.schema
# include /etc/ldap/schema/radius.schema
# include /etc/ldap/schema/courier-authldap.schema
# include /etc/ldap/schema/thunderbird.schema
include /etc/ldap/schema/company.schema
include /etc/ldap/schema/pgp-keyserver.schema
# Schema check allows for forcing entries to
# match schemas for their objectClasses's
#schemacheck no
allow bind_anon_dn
allow update_anon
# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile /var/run/slapd/slapd.pid
# List of arguments that were passed to the server
argsfile /var/run/slapd/slapd.args
# Where to store the replica logs
#replogfile /var/lib/ldap/replog
# Read slapd.conf(5) for possible values
loglevel 4095
#loglevel stats
# le plus intÃressant
#loglevel 256
#loglevel 8
#loglevel 0
#TLSCipherSuite HIGH
#TLSCertificateFile /etc/ssl/certs/auth.fr.lan.crt
# TLSCertificateFile /etc/ldap/auth.fr.lan_plus_sj-int-services.crt
# TLSCertificateKeyFile /etc/ssl/private/auth.fr.lan.key
#TLSCACertificateFile /etc/ldap/sj-ldap-chain.crt
# TLSCACertificateFile /etc/ssl/certs/sj-int-services.crt
# TLSVerifyClient never
# allow bind_v2
# password-hash {SSHA}lolololololololololo
# security ssf=128
#######################################################################
# ldbm database definitions
#######################################################################
# The backend type, ldbm, is the default standard
database bdb
# The base of your directory
suffix "dc=company,dc=lan"
rootdn "cn=admin,dc=company,dc=lan"
rootpw {SSHA}yLwpWPrzXwthjmtI+0zEDzBo4wC7UJqf
cachesize 50000
checkpoint 8 15
dirtyread
index objectClass,entryCSN,entryUUID eq
index cn,uid,mail,givenName,memberUid,uidNumber pres,eq
#sessionlog 0 999999999
#
# new 2.3 sync configuration
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
directory /var/lib/ldap
lockdetect default
limits dn="cn=ldapsync,ou=systemusers,dc=company,dc=lan" size=unlimited
# time=unlimited
limits users size=unlimited
# Save the time that the entry gets modified
lastmod on
## Unix
access to attrs=shadowLastChange,shadowMin,shadowMax,shadowWarning,shadowInactive,shadowExpire
by self write
by dn="cn=password,ou=systemusers,dc=company,dc=lan" write
by dn="cn=admin_rw,ou=systemusers,dc=company,dc=lan" write
by * read
## User password
access to attrs=userPassword
by self write
by dn="cn=ldapsync,ou=systemusers,dc=company,dc=lan" read
by dn="cn=lansync,ou=systemusers,dc=company,dc=lan" read
by dn="cn=password,ou=systemusers,dc=company,dc=lan" write
by dn="cn=admin_rw,ou=systemusers,dc=company,dc=lan" write
by dn="cn=admin_ro,ou=systemusers,dc=company,dc=lan" read
by * auth
## User customizable field
access to attrs=personalPhone,userPicture,sshkey,gpgkey
by self write
by dn="cn=admin_rw,ou=systemusers,dc=company,dc=lan" write
by * read
## Change business phone number : sjit, Alexandre, and Bertrand
access to dn.one="ou=users,dc=company,dc=lan" attrs=businessPhone
by dn.exact="cn=bdarnaul,ou=users,dc=company,dc=lan" write
by dn.exact="cn=abuisine,ou=users,dc=company,dc=lan" write
by dn="cn=admin_rw,ou=systemusers,dc=company,dc=lan" write
by * read
#by group/posixGroup/memberUid="cn=sjit,ou=groups,dc=company,dc=lan" write
## Contacts
access to dn.children="ou=contacts,dc=company,dc=lan"
by dn.children="ou=users,dc=company,dc=lan" write
by * read
access to dn.regex="ou=contacts,dc=company,dc=lan" attrs=children
by dn.children="ou=users,dc=company,dc=lan" write
by users read
## CRM
access to dn.subtree="ou=crm,dc=company,dc=lan"
by dn.exact="cn=vtiger,ou=systemusers,dc=company,dc=lan" write
by users read
## Samba
# Samba password related attributes
access to attrs=sambaLMPassword,sambaNTPassword,sambaPasswordHistory,sambaPwdHistoryLength,sambaPwdMustChange,sambaPwdLastSet
by dn.exact="cn=samba,ou=systemusers,dc=company,dc=lan" write
by dn="cn=password,ou=systemusers,dc=company,dc=lan" write
by dn.exact="cn=ldapsync,ou=systemusers,dc=company,dc=lan" read
by dn="cn=admin_rw,ou=systemusers,dc=company,dc=lan" write
by dn="cn=admin_ro,ou=systemusers,dc=company,dc=lan" read
by self write
# Samba machines
access to dn.subtree="ou=smbmachines,dc=company,dc=lan"
by dn.exact="cn=samba,ou=systemusers,dc=company,dc=lan" write
by dn="cn=admin_rw,ou=systemusers,dc=company,dc=lan" write
by dn="cn=admin_ro,ou=systemusers,dc=company,dc=lan" read
# Samba domain name
access to dn.subtree="sambaDomainName=company,dc=company,dc=lan"
by dn.exact="cn=samba,ou=systemusers,dc=company,dc=lan" write
by dn="cn=admin_rw,ou=systemusers,dc=company,dc=lan" read
by dn="cn=admin_ro,ou=systemusers,dc=company,dc=lan" read
# read/write access to any samba attribute for the samba server
access to attrs=description,displayName,sambaAcctFlags,sambaAlgorithmicRidBase,sambaBadPasswordCount,sambaBadPasswordTime,sambaBoolOption,sambaDomainName,sambaForceLogoff,sambaGroupType,sambaHomeDrive,sambaHomePath,sambaIntegerOption,sambaKickoffTime,sambaLockoutDuration,sambaLockoutObservationWindow,sambaLockoutThreshold,sambaLogoffTime,sambaLogonHours,sambaLogonScript,sambaLogonTime,sambaLogonToChgPwd,sambaMaxPwdAge,sambaMinPwdAge,sambaMinPwdLength,sambaMungedDial,sambaNextGroupRid,sambaNextRid,sambaNextUserRid,sambaOptionName,sambaPreviousClearTextPassword,sambaPrimaryGroupSID,sambaProfilePath,sambaPwdCanChange,sambaPwdLastSet,sambaPwdMustChange,sambaRefuseMachinePwdChange,sambaSID,sambaSIDList,sambaShareName,sambaStringListOption,sambaStringOption,sambaTrustFlags,sambaUserWorkstations
by dn.exact="cn=samba,ou=systemusers,dc=company,dc=lan" write
by dn="cn=admin_rw,ou=systemusers,dc=company,dc=lan" write
by dn="cn=admin_ro,ou=systemusers,dc=company,dc=lan" read
#access to dn.regex="cn=ntadmin,ou=users,dc=company,dc=lan"
# by dn.exact="cn=samba,ou=systemusers,dc=company,dc=lan" write
# by users read
# by * read
# let PGP discover the keystore base DN
access to dn="cn=pgpServerInfo,dc=company,dc=lan"
by * read
## PGP keystore: only users of "ou=PGP Users,dc=EXAMPLE,dc=COM" may write
access to dn.subtree="ou=pgpKeys,dc=company,dc=lan"
by dn.regex="^cn=([^,]+),ou=users,dc=company,dc=lan$" write
by self write
by * read
## Last ACL
access to *
by dn="cn=admin_rw,ou=systemusers,dc=company,dc=lan" write
by * read

65
tvincent.asc
Unescape Escape View File

@ -0,0 +1,65 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.10 (GNU/Linux)
mQINBEsVQ/wBEAClXNRdSUm3RXQ/DnxRzW1ui2LdxY2B2Sck6N2Gy3Bx/gkGL70/
I9gE4UnHFQl8F1m7nJ56XO93P+JWdBkYZupJwdpOf//PFjYQIXfHj6x5IoS/uuvN
h46iB188cTXu9BwzqAv9pjmrXGBSK7VuXH9Cxm4APvoQSf9mfM0cffM2B3sjHn8r
QrRZ8dIJIpEghIAuPxbbDiEj4XFNG2tbhR5sb8zIxkewNvIU8pUh0VxOz7EwBkVj
/OOj6D8LkFeBV/vTSimTWjEqjYdx3lQodx4uQFJlbuwlpRRMbmllO7VjXYRQ0WhE
JjJbRZQQQ2AZDJ1/Wzay1ZHm29ZlVFgslmVa06ovlITtKxo3KrOelYkZjW0Mxf9X
x2+hLv+CsD3oa2brpfBqb174eUrpBp70EetMvXI3faJoJMEwrAWfpQ9eL5ISNHmF
pgR8NmGIraSj38VbsbHA0WgujwIEBwcZP3liYD8bzz1sivZe3KJzfwFOxI583fNc
HlSEmGoJVN3NB9GgNeqCy41HZBhOho33ossKSiYdqT9symcFpaEq4XVdxsVcc5Mz
DB6xcEvso47z5S2qtNsJjl1i1xT0Mw1cs+kgs8Jq+O/9v2yMpdjl7jyx8f1GvjfL
uYBI9wBwSrFiqyYNhR1s91IeCXu7tDegQb39RG6/fBAgmUhVeRpcPJ8dOQARAQAB
tDBUaGliYXVsdCBWSU5DRU5UIDx0aGliYXVsdC52aW5jZW50QHNtYXJ0am9nLmNv
bT6JAj4EEwECACgFAksVQ/wCGwMFCQHhM4AGCwkIBwMCBhUIAgkKCwQWAgMBAh4B
AheAAAoJEEtbpw2b6p8jefgP+wX2Y7Ykqrsibrbxsaisn15noL0KJSa3k2KSV3F/
CoJzXpstHn0w7BLoqGzxtigfwBuvKbJQbj2hVetmy01EL94lW1ql/h1Ur+p0WM9V
AH6jwlBjZDZv7eFGpDGDUwgD7MGBdBllTicOzaUJ/eD34dRXzpcSCLde3eHQqMAb
n9Yy52Tg3WUnRDxYtlsZD/41MAObvvQR9SG2r+5pIAWq8aCeeh3Eu11hNIC5WpGj
BX53ptXtcwde4Aki/cL6GaStsBBM4mYgLwPbOuAQ4yTteOH9AeGXA8Ok9d2kcVQD
NYAzUP3YnxWK5tTIL/GFpRiUo9mCejR4J0zpCbbaNyxKLhzk8NA9KiatDOqq41Pk
MNsJPD5pzkhFHqo2/6ZJobMf+Dlz4i0dn25isqCIZ6HEVeC638/4EgFHoJ2PZnKw
SoXOfRZOcPcdttdKQmOFYejY1R19LhLzNHB1BzgPh0Y211dkZ2NSPz4Q73sp7HZ4
1m5ghZB9LUyS6BepbKXvnF2v+9H8AVRrmLY//UguRYncEeczn1yXh+itRLGEPszH
faHbw7DAn4oTlgdIOpfzZh28nedZTB6vrPm7tmNCxK2tCMUTqZZqYovs+z+gLIFk
Ai3yPha5ipkrpWTKR3NHv2HPVTybCmhDEYxqMFw0SfD+J+qkuzW8oV959ggLp7fD
tlSktChUaGliYXVsdCBWSU5DRU5UIDx0dmluY2VudEBzbWFydGpvZy5jb20+iQI+
BBMBAgAoBQJLFUTDAhsDBQkB4TOABgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAK
CRBLW6cNm+qfI0o6D/9P7taO61wGJnuwFXf/nMqOI0TIU0RB00yhG0RB70uZrvZt
P5GCvAFJlu6kwv7rgafNLfob8ojHAImz4FefkQ0L/U+Lz0KFnKt/gqnXgrYmk4bS
rhj0voqTbRR0dqgIm1pCeSkRk7xmDhZCyHOVjkJgPHE4/BimXYtTSNyTwAEZIR/0
5QFkMYy8JlzALwMtwBmhXmTQg9CD3n+HkmaMi9JmKY20uZQqZkwTKZSseDDhgmhD
iZ4/GlSEcLCAw46N232TRQMUzawtSmvMqwEh12DptSJabM9lz8NcxuJF/wVPhAxt
Vz+PX1JJ4Eb+HRPfGB+iWNxJafhHt6PJH6davYftkGvW7P4C13YiQj0itL9emTgv
g6Xs/u2RoF/4HTEFxChkuDvFppmyb18800ehfclrnybYsrXJSDs5Nynh07ok9kgT
aphJHhfixalFdNn8S/fz3s+Dfu/LQw6BgO45j73A2wc4+qzCBv4pQZ6Dx8OE97MM
XwCAWBN24BGYTBpoSInoVSQKztotDhj/8LsjjaEThogVyj5f6SK1iMKSYhzkM0FD
eBDcJR2dZozT/uO3zC1xkh7E/fb0NJeeKsaly53p/acISF3+xjV3S7O9Gkho28Iw
h9+w3q4tDRhd4SDGDATrEzcnPYuLm6Eg15/ib/PgqsTxgdnQ6nmV7f9VQNJIOrkC
DQRLFUP8ARAA+hNeAootLteCrQVnSiv2EH0qY+C6hbBjcX9hsEReVucXpN2s2+vx
22FWctDTQ50P1OvAmzDYKezxRc4QGjdR8NRXKjRKysGBqZ41mP8op1m0HnqH7h/g
V3hCA+DeIGcFxdsL4+2FnMRd46D2d7rp/a8TDz64BQHFYALub7e2SoZvs6GOE8Zz
nxVhcNH1hpNBxxwOcSSg1e/PKw0KBI5cSRy51Pd8RWl1FJ6k/kj7ZgoXsTiRY4Gd
upMlSgv5Z2o5+Jc7Nj5vxvdmjmbXQMk59HuchXzyyzsApwz6wUY9/vpVZ1pri2Zo
Hh9RPHzAHp3Av05xagTSeV9vDwJAmqBrL8N2DEf8VdukeqCai5dv7iuqp/gm0NL1
k9uhqNO5q+MPWtobw24BczrqtShR8XaaKdeg8mSjz99o/r4s0jiw8sP37nqVddMB
X4ClUE18MMsH5NlqrA3pJ6sY/trIUieFR8sSJJPtv+4R5cqaGCzw8sq4Y+V4FleD
CwDXxHH03/kxxcW0pkUrQCWElNpTcVvZ7Hhrv8j9L5cdOezkn7AJM0dp0B7rtv2n
Ngh6Px5Cvv7adrqbjGL9WQg1ZtkY3gFE3Qfkafv/dksIZLc0Wemsc58uF0/2342b
nyHeCOlS26NiS9Uw/GfTZXaeyga3UkLE5z1sXAwOYSr57bugOof2OD0AEQEAAYkC
JQQYAQIADwUCSxVD/AIbDAUJAeEzgAAKCRBLW6cNm+qfIzUgD/sHmRsX7/yMUtlB
nsV8aiivlwvnTLrsQOxyC6ypXTpGi9r0GrfT9Zkres3FQ0hZVygiuv9heEHBf6e2
aAN++NN+c+j475DY/j+BG0kFAqO8MMmLBVCoGarhIaLjkF+GZeEu5c9cwXgQNKsi
t4Nn1Eoq0LtgaVPme4EU2mparyJpDT7SbgtYgtYaB7Dq0mj51y6/Ufewlvrp3Ybk
iYChOCvPHvN2oqlDcPRHCtspw1pkykocBID691RXesh/2P0Km37OgqEdmctFzMHq
ve5dRjUHDJOmIxYK5O7RIFyKWgjNObnzFSqyil0dh72sH7erbDyysBBYWYNm/d1a
kfkYxHwf5Y8Cr0ClfbNxNrv2T7iuWVVIMpXTdxPzhkIp/Fc3en635xX6kiSGqpn8
N5K0/l1XHhBsxyeRoNfxL2gEz8mrI6Njj2g3mpUY0p44CDGbu58nbeROFoA+Bj64
Wj6GyI+xnpscq+E/7PLWugFiKbFyrosNao11YTV3LDBsb/4b6ZQz+CligoTPOD6j
1V5h10DlzKgfPOQhlQ3QkCHdWuChapNB29za0J1ItQ+JR91h7iYDMydlCENUE64E
0yroOY1b9zE1I2qwTyM7a1G5tedL6IaUwJydbSp+HqO4kIq9c+Ibor0k4cIn6jzs
Q0UL8jMKGp0DrwfUPcszGhuU9khCMQ==
=RKto
-----END PGP PUBLIC KEY BLOCK-----
Write Preview
Loading…
Cancel
Save