github
/
entitlements-config
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

First commit

This commit is contained in:
Dan Hoerst 2022-05-03 12:04:51 -04:00
Коммит a91e6732fa
43 изменённых файлов: 2605 добавлений и 0 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

57
config/entitlements.yaml Normal file
Просмотреть файл

@ -0,0 +1,57 @@
<%-
begin
require_relative "/data/entitlements/lib/entitlements-and-plugins"
rescue Exception
begin
require_relative "lib/entitlements-and-plugins"
rescue Exception
# We might not have the plugins installed and still want this file to be
# loaded. Don't raise anything but silently fail.
end
end
-%>
---
backends:
dockerized-ldap:
ldap_binddn: <%= ENV["LDAP_BINDDN"] %>
ldap_bindpw: <%= ENV["LDAP_BINDPW"] %>
ldap_uri: <%= ENV["LDAP_URI"] %>
person_dn_format: uid=%KEY%,ou=People,dc=kittens,dc=net
type: ldap
github-entitlements-org:
addr: <%= ENV["GITHUB_API_BASE"] %>
org: github-entitlements
token: <%= ENV["GITHUB_ENTITLEMENTS_ORG_TOKEN"] %>
type: github_org
github-entitlements-team:
addr: <%= ENV["GITHUB_API_BASE"] %>
org: github-entitlements
token: <%= ENV["GITHUB_ENTITLEMENTS_ORG_TOKEN"] %>
type: github_team
configuration_path: ../
extras:
ldap_group: {}
orgchart:
manager_map_file: ../common/manager-map.yaml
groups:
dummy-ou:
type: dummy
dummy-ou-renamed:
type: dummy
dir: dummy-ou-special
entitlements:
backend: dockerized-ldap
base: ou=Entitlements,ou=Groups,dc=kittens,dc=net
people:
ldap:
type: ldap
config:
base: ou=People,dc=kittens,dc=net
ldap_binddn: <%= ENV["LDAP_BINDDN"] %>
ldap_bindpw: <%= ENV["LDAP_BINDPW"] %>
ldap_uri: <%= ENV["LDAP_URI"] %>
person_dn_format: uid=%KEY%,ou=People,dc=kittens,dc=net
additional_attributes:
- shellentitlements
people_data_source: ldap

42
docker-compose.yml Normal file
Просмотреть файл

@ -0,0 +1,42 @@
version: '2'
networks:
ldap-network:
internal: true
services:
entitlements-github-plugin:
build:
context: "${DIR}"
dockerfile: "Dockerfile.entitlements"
networks:
ldap-network:
aliases:
- entitlements-github-plugin.fake
volumes:
- "${DIR}:/:ro"
ldap-server:
entrypoint: /script/ldap-server/run-server.sh
image: osixia/openldap:1.2.2
networks:
ldap-network:
aliases:
- ldap-server.fake
ports:
- "127.0.0.1:636:636"
volumes:
- "${DIR}/spec/acceptance:/acceptance:ro"
github-server:
build:
context: "${DIR}/spec/acceptance/github-server"
dockerfile: "Dockerfile"
networks:
ldap-network:
aliases:
- github.fake
ports:
- "127.0.0.1:443:443"
volumes:
- "${DIR}/spec/acceptance:/acceptance:ro"
ports:
- "127.0.0.1:80:80"

2
github.com/github-entitlements/org/admin.txt Normal file
Просмотреть файл

@ -0,0 +1,2 @@
description = Admins of the github-entitlements org
username = danhoerst

4
github.com/github-entitlements/org/member.txt Normal file
Просмотреть файл

@ -0,0 +1,4 @@
description = Members of the github-entitlements
# Prefer admin over member if defined in both places
group != github.com/github/org/admin

51
script/ldap-server/env/default.startup.yaml поставляемый Normal file
Просмотреть файл

@ -0,0 +1,51 @@
# This is the default image startup configuration file
# this file define environment variables used during the container **first start** in **startup files**.
# This file is deleted right after startup files are processed for the first time,
# after that all these values will not be available in the container environment.
# This helps to keep your container configuration secret.
# more information : https://github.com/osixia/docker-light-baseimage
# Required and used for new ldap server only
LDAP_ORGANISATION: Kittens are Awesome, Inc.
LDAP_DOMAIN: kittens.net
LDAP_BASE_DN: dc=kittens,dc=net
LDAP_ADMIN_PASSWORD: admin
LDAP_CONFIG_PASSWORD: config
LDAP_READONLY_USER: false
LDAP_READONLY_USER_USERNAME: readonly
LDAP_READONLY_USER_PASSWORD: readonly
LDAP_RFC2307BIS_SCHEMA: false
# Backend
LDAP_BACKEND: hdb
# Tls
LDAP_TLS: true
LDAP_TLS_CRT_FILENAME: ldap.crt
LDAP_TLS_KEY_FILENAME: ldap.key
LDAP_TLS_CA_CRT_FILENAME: ca.crt
LDAP_TLS_ENFORCE: true
LDAP_TLS_CIPHER_SUITE: SECURE256:+SECURE128:-VERS-TLS-ALL:+VERS-TLS1.2:-RSA:-DHE-DSS:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC
LDAP_TLS_VERIFY_CLIENT: never
# Replication
LDAP_REPLICATION: false
# Do not change the ldap config
# - If set to true with an existing database, config will remain unchanged. Image tls and replication config will not be run.
# The container can be started with LDAP_ADMIN_PASSWORD and LDAP_CONFIG_PASSWORD empty or filled with fake data.
# - If set to true when bootstrapping a new database, bootstap ldif and schema will not be added and tls and replication config will not be run.
KEEP_EXISTING_CONFIG: false
# Remove config after setup
LDAP_REMOVE_CONFIG_AFTER_SETUP: true
# ssl-helper environment variables prefix
LDAP_SSL_HELPER_PREFIX: ldap # ssl-helper first search config from LDAP_SSL_HELPER_* variables, before SSL_HELPER_* variables.
SSL_HELPER_AUTO_RENEW_SERVICES_IMPACTED: slapd

10
script/ldap-server/env/default.yaml поставляемый Normal file
Просмотреть файл

@ -0,0 +1,10 @@
# This is the default image configuration file
# These values will persists in container environment.
# All environment variables used after the container first start
# must be defined here.
# more information : https://github.com/osixia/docker-light-baseimage
# General container configuration
# see table 5.1 in http://www.openldap.org/doc/admin24/slapdconf2.html for the available log levels.
LDAP_LOG_LEVEL: 0

0
script/ldap-server/ldif/.gitkeep Normal file
Просмотреть файл

6
script/ldap-server/ldif/bootstrap/03-ldapi.ldif Normal file
Просмотреть файл

@ -0,0 +1,6 @@
dn: olcDatabase={1}{{ LDAP_BACKEND }},cn=config
changetype: modify
delete: olcAccess
-
add: olcAccess
olcAccess: to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage

0
script/ldap-server/ldif/data/.gitkeep Normal file
Просмотреть файл

4
script/ldap-server/ldif/data/01-config/bump-sizelimit.ldif Normal file
Просмотреть файл

@ -0,0 +1,4 @@
dn: cn=config
changetype: modify
replace: olcSizeLimit
olcSizeLimit: 5000

0
script/ldap-server/ldif/data/05-ou/.gitkeep Normal file
Просмотреть файл

3
script/ldap-server/ldif/data/05-ou/groups-ou.ldif Normal file
Просмотреть файл

@ -0,0 +1,3 @@
dn: ou=Groups,dc=kittens,dc=net
objectClass: organizationalUnit
ou: groups

3
script/ldap-server/ldif/data/05-ou/people-ou.ldif Normal file
Просмотреть файл

@ -0,0 +1,3 @@
dn: ou=People,dc=kittens,dc=net
objectClass: organizationalUnit
ou: people

0
script/ldap-server/ldif/data/10-ou-custom/.gitkeep Normal file
Просмотреть файл

3
script/ldap-server/ldif/data/10-ou-custom/groups-entitlements-ou.ldif Normal file
Просмотреть файл

@ -0,0 +1,3 @@
dn: ou=Entitlements,ou=Groups,dc=kittens,dc=net
objectClass: organizationalUnit
ou: groups

0
script/ldap-server/ldif/data/20-groups/.gitkeep Normal file
Просмотреть файл

0
script/ldap-server/ldif/data/20-people/.gitkeep Normal file
Просмотреть файл

33
script/ldap-server/ldif/data/20-people/danhoerst.ldif Normal file
Просмотреть файл

@ -0,0 +1,33 @@
dn: uid=danhoerst,ou=People,dc=kittens,dc=net
cn: danhoerst
displayname: danhoerst
employeenumber: 000001
gecos: danhoerst
gidnumber: 100
givenname: danhoerst
homedirectory: /home/danhoerst
loginshell: /bin/bash
mail: danhoerst@kittens.net
manager: uid=oJosazuLEs,ou=People,dc=kittens,dc=net
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: simpleSecurityObject
objectclass: shadowAccount
objectclass: entitlementsUser
postaladdress: 123 Cuddle Drive, Purrville CA 12345
postalcode: 12345
shadowinactive: 15
shadowlastchange: 16252
shadowmax: 120
shadowmin: 0
shadowwarning: 15
sn: danhoerst
street: 123 Cuddle Drive
telephonenumber: +12005551212
uid: danhoerst
uidnumber: 20244
userpassword:: e0JDUllQVH0kMmEkMTAkMTdIazZxSExIanM5a2JyMkN0WUk4T1pLUkZQa3ZQ
WWRtWEE1dFNiSUxKVzNxTU1DU2VEQ08=

18
script/ldap-server/ldif/data/99-bind-account/emmy.ldif Normal file
Просмотреть файл

@ -0,0 +1,18 @@
dn: ou=Service_Accounts,dc=kittens,dc=net
objectClass: organizationalUnit
ou: people
dn: uid=emmy,ou=Service_Accounts,dc=kittens,dc=net
objectClass: account
objectClass: simpleSecurityObject
uid: emmy
userpassword: kittens
dn: olcDatabase={1}hdb,cn=config
changetype: modify
delete: olcAccess
-
add: olcAccess
olcAccess: to attrs=userPassword,shadowLastChange by self write by anonymous auth by * none
olcAccess: to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
by self manage by users manage by * none

106
script/ldap-server/run-server.sh Executable file
Просмотреть файл

@ -0,0 +1,106 @@
#!/bin/bash
# This is the script that runs INSIDE the LDAP server container when it first boots up.
# This script should:
# 1) Configure certificates and anything else in the OS
# 2) Load in the schema and data fixtures
# 3) Start the LDAP server process
# Remember: The `spec/acceptance` directory from the repo will be mounted read-only on `/acceptance`
# in this container, so use that to your advantage!
[ -z "$LDAP_DOMAIN_SUFFIX" ] && export LDAP_DOMAIN_SUFFIX="dc=kittens,dc=net"
# Method to wait for LDAP server to become available
wait_for_server() {
COUNTER=0
while [ $COUNTER -lt 30 ]; do
let COUNTER=COUNTER+1
if /usr/bin/ldapsearch -Y EXTERNAL -H ldapi:/// -b "$LDAP_DOMAIN_SUFFIX" >/dev/null 2>&1; then
return 0
fi
echo "Waiting for openldap to become available... ${COUNTER}/30" 1>&2
sleep 1
done
echo "LDAP server did not become available after 30 seconds. :shrug:" 1>&2
exit 1
}
# Kill existing data
rm -rf /var/lib/ldap/*
rm -rf /etc/ldap/slapd.d/*
# Pre-install our certificates
rm -f /container/service/slapd/assets/certs/*
cp /acceptance/ca/intermediate/private/ldap-server.fake.key.pem /container/service/slapd/assets/certs/ldap.key
cp /acceptance/ca/intermediate/certs/ldap-server.fake.cert.pem /container/service/slapd/assets/certs/ldap.crt
cp /acceptance/ca/intermediate/certs/ca-chain.cert.pem /container/service/slapd/assets/certs/ca.crt
cp /acceptance/ldap-server/tls/dhparam.pem /container/service/slapd/assets/certs/dhparam.pem
chown -R root:root /container/service/slapd/assets/certs
# Pre-install our configuration environment
rm -f /container/environment/99-default/*.yaml
cp /acceptance/ldap-server/env/*.yaml /container/environment/99-default
# Pre-install our schema (after killing most of the defaults from the container)
rm -f /container/service/slapd/assets/config/bootstrap/ldif/0[345]*.ldif
rm -rf /container/service/slapd/assets/config/bootstrap/schema/mmc
rm -f /etc/ldap/schema/*
cp /acceptance/ldap-server/schema/* /etc/ldap/schema/
cp /acceptance/ldap-server/ldif/bootstrap/*.ldif /container/service/slapd/assets/config/bootstrap/ldif
# Launch openldap
nohup /usr/bin/python -u /container/tool/run -l info &
OPENLDAP_PID=$!
# Wait for the process to be running and connectable
wait_for_server
# Add any schema items that are missing
for file in /etc/ldap/schema/*.ldif; do
# Loading some of these configs can prompt a server restart. Avoid a race condition
# by verifying that the server is running before trying to do anything.
wait_for_server
SCHEMA=$(basename "$file" | sed -e 's/\.ldif$//')
if /usr/bin/ldapsearch -Y EXTERNAL -H ldapi:/// -b 'cn=config' 2>/dev/null | grep -q "dn: cn={[0-9]*}${SCHEMA},cn=schema,cn=config"; then
echo "Schema ${SCHEMA} already loaded"
echo ""
else
echo "Loading schema ${SCHEMA}"
/usr/bin/ldapadd -Y EXTERNAL -H ldapi:// -f "/etc/ldap/schema/${SCHEMA}.ldif"
fi
done
# Loading some of the above configs can prompt a server restart. Avoid a race condition
# by verifying that the server is running before trying to do anything.
wait_for_server
# Install our data
cd /acceptance/ldap-server/ldif/data
for dir in *; do
# Need to skip if there aren't any files in that directory.
if ls "$dir/"*.ldif >/dev/null 2>&1; then
:
else
continue
fi
for ldif in "${dir}"/*.ldif; do
echo "Starting to import: ${ldif}"
if /usr/bin/ldapadd -Y EXTERNAL -H ldapi:/// < "$ldif" > "/tmp/result.out" 2>&1; then
echo "Success: Committed ${ldif}"
else
echo "FAILURE: Could not commit ${ldif}"
cat "/tmp/result.out"
kill -9 "$OPENLDAP_PID"
exit 255
fi
done
done
echo ""
echo "Hey there, I'm all done setting up! The LDAP server is running on port 636. Test away!"
echo ""
# Wait for openldap
wait $OPENLDAP_PID

80
script/ldap-server/schema/README Normal file
Просмотреть файл

@ -0,0 +1,80 @@
This directory contains user application schema definitions for use
with slapd(8).
File Description
---- -----------
collective.schema Collective attributes (experimental)
corba.schema Corba Object
core.schema OpenLDAP "core"
cosine.schema COSINE Pilot
duaconf.schema Client Configuration (work in progress)
dyngroup.schema Dynamic Group (experimental)
inetorgperson.schema InetOrgPerson
java.schema Java Object
misc.schema Miscellaneous Schema (experimental)
nadf.schema North American Directory Forum (obsolete)
nis.schema Network Information Service (experimental)
openldap.schema OpenLDAP Project (FYI)
ppolicy.schema Password Policy Schema (work in progress)
Additional "generally useful" schema definitions can be submitted
using the OpenLDAP Issue Tracking System <http://www.openldap.org/its/>.
Submissions should include a stable reference to a mature, open
technical specification (e.g., an RFC) for the schema.
The core.ldif and openldap.ldif files are equivalent to their
corresponding .schema files. They have been provided as examples
for use with the dynamic configuration backend. These example files
are not actually necessary since slapd will automatically convert any
included *.schema files into LDIF when converting a slapd.conf file
to a configuration database, but they serve as a model of how to
convert schema files in general.
---
This notice applies to all files in this directory.
Copyright 1998-2014 The OpenLDAP Foundation, Redwood City, California, USA
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted only as authorized by the OpenLDAP
Public License. A copy of this license is available at
http://www.OpenLDAP.org/license.html or in file LICENSE in the
top-level directory of the distribution.
---
This notice applies to all schema in this directory which are derived
from RFCs and other IETF documents.
Portions Copyright 1991-2004, The Internet Society. All Rights Reserved.
This document and translations of it may be copied and furnished
to others, and derivative works that comment on or otherwise explain
it or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph
are included on all such copies and derivative works. However,
this document itself may not be modified in any way, such as by
removing the copyright notice or references to the Internet Society
or other Internet organizations, except as needed for the purpose
of developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not
be revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on
an "AS IS" basis and THE AUTHORS, THE INTERNET SOCIETY, AND THE
INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE
OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY
IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR
PURPOSE.
---
$OpenLDAP$

48
script/ldap-server/schema/collective.ldif Normal file
Просмотреть файл

@ -0,0 +1,48 @@
# collective.ldif -- Collective attribute schema
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2014 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
#
## Portions Copyright (C) The Internet Society (2003).
## Please see full copyright statement below.
#
# From RFC 3671 [portions trimmed]:
# Collective Attributes in LDAP
#
# This file was automatically generated from collective.schema; see that file
# for complete references.
#
dn: cn=collective,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: collective
olcAttributeTypes: {0}( 2.5.4.7.1 NAME 'c-l' SUP l COLLECTIVE )
olcAttributeTypes: {1}( 2.5.4.8.1 NAME 'c-st' SUP st COLLECTIVE )
olcAttributeTypes: {2}( 2.5.4.9.1 NAME 'c-street' SUP street COLLECTIVE )
olcAttributeTypes: {3}( 2.5.4.10.1 NAME 'c-o' SUP o COLLECTIVE )
olcAttributeTypes: {4}( 2.5.4.11.1 NAME 'c-ou' SUP ou COLLECTIVE )
olcAttributeTypes: {5}( 2.5.4.16.1 NAME 'c-PostalAddress' SUP postalAddress CO
LLECTIVE )
olcAttributeTypes: {6}( 2.5.4.17.1 NAME 'c-PostalCode' SUP postalCode COLLECTI
VE )
olcAttributeTypes: {7}( 2.5.4.18.1 NAME 'c-PostOfficeBox' SUP postOfficeBox CO
LLECTIVE )
olcAttributeTypes: {8}( 2.5.4.19.1 NAME 'c-PhysicalDeliveryOfficeName' SUP phy
sicalDeliveryOfficeName COLLECTIVE )
olcAttributeTypes: {9}( 2.5.4.20.1 NAME 'c-TelephoneNumber' SUP telephoneNumbe
r COLLECTIVE )
olcAttributeTypes: {10}( 2.5.4.21.1 NAME 'c-TelexNumber' SUP telexNumber COLLE
CTIVE )
olcAttributeTypes: {11}( 2.5.4.23.1 NAME 'c-FacsimileTelephoneNumber' SUP facs
imileTelephoneNumber COLLECTIVE )
olcAttributeTypes: {12}( 2.5.4.25.1 NAME 'c-InternationalISDNNumber' SUP inter
nationalISDNNumber COLLECTIVE )

42
script/ldap-server/schema/corba.ldif Normal file
Просмотреть файл

@ -0,0 +1,42 @@
# corba.ldif -- Corba Object Schema
# depends upon core.ldif
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2014 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
#
## Portions Copyright (C) The Internet Society (1999).
## Please see full copyright statement below.
#
# From RFC 2714 [portions trimmed]:
# Schema for Representing CORBA Object References in an LDAP Directory
#
# This file was automatically generated from corba.schema; see that file
# for complete references.
#
dn: cn=corba,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: corba
olcAttributeTypes: {0}( 1.3.6.1.4.1.42.2.27.4.1.14 NAME 'corbaIor' DESC 'Strin
gified interoperable object reference of a CORBA object' EQUALITY caseIgnoreI
A5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
olcAttributeTypes: {1}( 1.3.6.1.4.1.42.2.27.4.1.15 NAME 'corbaRepositoryId' DE
SC 'Repository ids of interfaces implemented by a CORBA object' EQUALITY case
ExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcObjectClasses: {0}( 1.3.6.1.4.1.42.2.27.4.2.10 NAME 'corbaContainer' DESC '
Container for a CORBA object' SUP top STRUCTURAL MUST cn )
olcObjectClasses: {1}( 1.3.6.1.4.1.42.2.27.4.2.9 NAME 'corbaObject' DESC 'CORB
A object representation' SUP top ABSTRACT MAY ( corbaRepositoryId $ descripti
on ) )
olcObjectClasses: {2}( 1.3.6.1.4.1.42.2.27.4.2.11 NAME 'corbaObjectReference'
DESC 'CORBA interoperable object reference' SUP corbaObject AUXILIARY MUST co
rbaIor )

603
script/ldap-server/schema/core.ldif Normal file
Просмотреть файл

@ -0,0 +1,603 @@
# OpenLDAP Core schema
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2014 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
#
# The version of this file as distributed by the OpenLDAP Foundation
# contains text claiming copyright by the Internet Society and including
# the IETF RFC license, which does not meet Debian's Free Software
# Guidelines. However, apart from short and obvious comments, the text of
# this file is purely a functional interface specification, which is not
# subject to that license and is not copyrightable under US law.
#
# The license statement is retained below so as not to remove credit, but
# as best as we can determine, it is not applicable to the contents of
# this file.
## Portions Copyright (C) The Internet Society (1997-2003).
## All Rights Reserved.
##
## This document and translations of it may be copied and furnished to
## others, and derivative works that comment on or otherwise explain it
## or assist in its implementation may be prepared, copied, published
## and distributed, in whole or in part, without restriction of any
## kind, provided that the above copyright notice and this paragraph are
## included on all such copies and derivative works. However, this
## document itself may not be modified in any way, such as by removing
## the copyright notice or references to the Internet Society or other
## Internet organizations, except as needed for the purpose of
## developing Internet standards in which case the procedures for
## copyrights defined in the Internet Standards process must be
## followed, or as required to translate it into languages other than
## English.
##
## The limited permissions granted above are perpetual and will not be
## revoked by the Internet Society or its successors or assigns.
##
## This document and the information contained herein is provided on an
## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
#
#
#
# Includes LDAPv3 schema items from:
# RFC 2252/2256 (LDAPv3)
#
# Select standard track schema items:
# RFC 1274 (uid/dc)
# RFC 2079 (URI)
# RFC 2247 (dc/dcObject)
# RFC 2587 (PKI)
# RFC 2589 (Dynamic Directory Services)
#
# Select informational schema items:
# RFC 2377 (uidObject)
#
#
# Standard attribute types from RFC 2256
#
dn: cn=core,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: core
#
# system schema
#olcAttributeTypes: ( 2.5.4.0 NAME 'objectClass'
# DESC 'RFC2256: object classes of the entity'
# EQUALITY objectIdentifierMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
#
# system schema
#olcAttributeTypes: ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' )
# DESC 'RFC2256: name of aliased object'
# EQUALITY distinguishedNameMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
#
olcAttributeTypes: ( 2.5.4.2 NAME 'knowledgeInformation'
DESC 'RFC2256: knowledge information'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
#
# system schema
#olcAttributeTypes: ( 2.5.4.3 NAME ( 'cn' 'commonName' )
# DESC 'RFC2256: common name(s) for which the entity is known by'
# SUP name )
#
olcAttributeTypes: ( 2.5.4.4 NAME ( 'sn' 'surname' )
DESC 'RFC2256: last (family) name(s) for which the entity is known by'
SUP name )
#
olcAttributeTypes: ( 2.5.4.5 NAME 'serialNumber'
DESC 'RFC2256: serial number of the entity'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} )
#
# RFC 4519 definition ('countryName' in X.500 and RFC2256)
olcAttributeTypes: ( 2.5.4.6 NAME ( 'c' 'countryName' )
DESC 'RFC4519: two-letter ISO-3166 country code'
SUP name
SYNTAX 1.3.6.1.4.1.1466.115.121.1.11
SINGLE-VALUE )
#
olcAttributeTypes: ( 2.5.4.7 NAME ( 'l' 'localityName' )
DESC 'RFC2256: locality which this object resides in'
SUP name )
#
olcAttributeTypes: ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' )
DESC 'RFC2256: state or province which this object resides in'
SUP name )
#
olcAttributeTypes: ( 2.5.4.9 NAME ( 'street' 'streetAddress' )
DESC 'RFC2256: street address of this object'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
#
olcAttributeTypes: ( 2.5.4.10 NAME ( 'o' 'organizationName' )
DESC 'RFC2256: organization this object belongs to'
SUP name )
#
olcAttributeTypes: ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' )
DESC 'RFC2256: organizational unit this object belongs to'
SUP name )
#
olcAttributeTypes: ( 2.5.4.12 NAME 'title'
DESC 'RFC2256: title associated with the entity'
SUP name )
#
# system schema
#olcAttributeTypes: ( 2.5.4.13 NAME 'description'
# DESC 'RFC2256: descriptive information'
# EQUALITY caseIgnoreMatch
# SUBSTR caseIgnoreSubstringsMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
#
# Deprecated by enhancedSearchGuide
olcAttributeTypes: ( 2.5.4.14 NAME 'searchGuide'
DESC 'RFC2256: search guide, deprecated by enhancedSearchGuide'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 )
#
olcAttributeTypes: ( 2.5.4.15 NAME 'businessCategory'
DESC 'RFC2256: business category'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
#
olcAttributeTypes: ( 2.5.4.16 NAME 'postalAddress'
DESC 'RFC2256: postal address'
EQUALITY caseIgnoreListMatch
SUBSTR caseIgnoreListSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
#
olcAttributeTypes: ( 2.5.4.17 NAME 'postalCode'
DESC 'RFC2256: postal code'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
#
olcAttributeTypes: ( 2.5.4.18 NAME 'postOfficeBox'
DESC 'RFC2256: Post Office Box'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
#
olcAttributeTypes: ( 2.5.4.19 NAME 'physicalDeliveryOfficeName'
DESC 'RFC2256: Physical Delivery Office Name'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
#
olcAttributeTypes: ( 2.5.4.20 NAME 'telephoneNumber'
DESC 'RFC2256: Telephone Number'
EQUALITY telephoneNumberMatch
SUBSTR telephoneNumberSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} )
#
olcAttributeTypes: ( 2.5.4.21 NAME 'telexNumber'
DESC 'RFC2256: Telex Number'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 )
#
olcAttributeTypes: ( 2.5.4.22 NAME 'teletexTerminalIdentifier'
DESC 'RFC2256: Teletex Terminal Identifier'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 )
#
olcAttributeTypes: ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' )
DESC 'RFC2256: Facsimile (Fax) Telephone Number'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 )
#
olcAttributeTypes: ( 2.5.4.24 NAME 'x121Address'
DESC 'RFC2256: X.121 Address'
EQUALITY numericStringMatch
SUBSTR numericStringSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} )
#
olcAttributeTypes: ( 2.5.4.25 NAME 'internationaliSDNNumber'
DESC 'RFC2256: international ISDN number'
EQUALITY numericStringMatch
SUBSTR numericStringSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} )
#
olcAttributeTypes: ( 2.5.4.26 NAME 'registeredAddress'
DESC 'RFC2256: registered postal address'
SUP postalAddress
SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
#
olcAttributeTypes: ( 2.5.4.27 NAME 'destinationIndicator'
DESC 'RFC2256: destination indicator'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} )
#
olcAttributeTypes: ( 2.5.4.28 NAME 'preferredDeliveryMethod'
DESC 'RFC2256: preferred delivery method'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.14
SINGLE-VALUE )
#
olcAttributeTypes: ( 2.5.4.29 NAME 'presentationAddress'
DESC 'RFC2256: presentation address'
EQUALITY presentationAddressMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.43
SINGLE-VALUE )
#
olcAttributeTypes: ( 2.5.4.30 NAME 'supportedApplicationContext'
DESC 'RFC2256: supported application context'
EQUALITY objectIdentifierMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
#
olcAttributeTypes: ( 2.5.4.31 NAME 'member'
DESC 'RFC2256: member of a group'
SUP distinguishedName )
#
olcAttributeTypes: ( 2.5.4.32 NAME 'owner'
DESC 'RFC2256: owner (of the object)'
SUP distinguishedName )
#
olcAttributeTypes: ( 2.5.4.33 NAME 'roleOccupant'
DESC 'RFC2256: occupant of role'
SUP distinguishedName )
#
# system schema
#olcAttributeTypes: ( 2.5.4.34 NAME 'seeAlso'
# DESC 'RFC2256: DN of related object'
# SUP distinguishedName )
#
# system schema
#olcAttributeTypes: ( 2.5.4.35 NAME 'userPassword'
# DESC 'RFC2256/2307: password of user'
# EQUALITY octetStringMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
#
# Must be transferred using ;binary
# with certificateExactMatch rule (per X.509)
olcAttributeTypes: ( 2.5.4.36 NAME 'userCertificate'
DESC 'RFC2256: X.509 user certificate, use ;binary'
EQUALITY certificateExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
#
# Must be transferred using ;binary
# with certificateExactMatch rule (per X.509)
olcAttributeTypes: ( 2.5.4.37 NAME 'cACertificate'
DESC 'RFC2256: X.509 CA certificate, use ;binary'
EQUALITY certificateExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
#
# Must be transferred using ;binary
olcAttributeTypes: ( 2.5.4.38 NAME 'authorityRevocationList'
DESC 'RFC2256: X.509 authority revocation list, use ;binary'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
#
# Must be transferred using ;binary
olcAttributeTypes: ( 2.5.4.39 NAME 'certificateRevocationList'
DESC 'RFC2256: X.509 certificate revocation list, use ;binary'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
#
# Must be stored and requested in the binary form
olcAttributeTypes: ( 2.5.4.40 NAME 'crossCertificatePair'
DESC 'RFC2256: X.509 cross certificate pair, use ;binary'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 )
#
# 2.5.4.41 is defined above as it's used for subtyping
#olcAttributeTypes: ( 2.5.4.41 NAME 'name'
# EQUALITY caseIgnoreMatch
# SUBSTR caseIgnoreSubstringsMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
#
olcAttributeTypes: ( 2.5.4.42 NAME ( 'givenName' 'gn' )
DESC 'RFC2256: first name(s) for which the entity is known by'
SUP name )
#
olcAttributeTypes: ( 2.5.4.43 NAME 'initials'
DESC 'RFC2256: initials of some or all of names, but not the surname(s).'
SUP name )
#
olcAttributeTypes: ( 2.5.4.44 NAME 'generationQualifier'
DESC 'RFC2256: name qualifier indicating a generation'
SUP name )
#
olcAttributeTypes: ( 2.5.4.45 NAME 'x500UniqueIdentifier'
DESC 'RFC2256: X.500 unique identifier'
EQUALITY bitStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )
#
olcAttributeTypes: ( 2.5.4.46 NAME 'dnQualifier'
DESC 'RFC2256: DN qualifier'
EQUALITY caseIgnoreMatch
ORDERING caseIgnoreOrderingMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
#
olcAttributeTypes: ( 2.5.4.47 NAME 'enhancedSearchGuide'
DESC 'RFC2256: enhanced search guide'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 )
#
olcAttributeTypes: ( 2.5.4.48 NAME 'protocolInformation'
DESC 'RFC2256: protocol information'
EQUALITY protocolInformationMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 )
#
# 2.5.4.49 is defined above as it's used for subtyping
#olcAttributeTypes: ( 2.5.4.49 NAME 'distinguishedName'
# EQUALITY distinguishedNameMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
#
olcAttributeTypes: ( 2.5.4.50 NAME 'uniqueMember'
DESC 'RFC2256: unique member of a group'
EQUALITY uniqueMemberMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 )
#
olcAttributeTypes: ( 2.5.4.51 NAME 'houseIdentifier'
DESC 'RFC2256: house identifier'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
#
# Must be transferred using ;binary
olcAttributeTypes: ( 2.5.4.52 NAME 'supportedAlgorithms'
DESC 'RFC2256: supported algorithms'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 )
#
# Must be transferred using ;binary
olcAttributeTypes: ( 2.5.4.53 NAME 'deltaRevocationList'
DESC 'RFC2256: delta revocation list; use ;binary'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
#
olcAttributeTypes: ( 2.5.4.54 NAME 'dmdName'
DESC 'RFC2256: name of DMD'
SUP name )
#
olcAttributeTypes: ( 2.5.4.65 NAME 'pseudonym'
DESC 'X.520(4th): pseudonym for the object'
SUP name )
#
# Standard object classes from RFC2256
#
# system schema
#olcObjectClasses: ( 2.5.6.1 NAME 'alias'
# DESC 'RFC2256: an alias'
# SUP top STRUCTURAL
# MUST aliasedObjectName )
#
olcObjectClasses: ( 2.5.6.2 NAME 'country'
DESC 'RFC2256: a country'
SUP top STRUCTURAL
MUST c
MAY ( searchGuide $ description ) )
#
olcObjectClasses: ( 2.5.6.3 NAME 'locality'
DESC 'RFC2256: a locality'
SUP top STRUCTURAL
MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) )
#
olcObjectClasses: ( 2.5.6.4 NAME 'organization'
DESC 'RFC2256: an organization'
SUP top STRUCTURAL
MUST o
MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $
facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
#
olcObjectClasses: ( 2.5.6.5 NAME 'organizationalUnit'
DESC 'RFC2256: an organizational unit'
SUP top STRUCTURAL
MUST ou
MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $
facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
#
olcObjectClasses: ( 2.5.6.6 NAME 'person'
DESC 'RFC2256: a person'
SUP top STRUCTURAL
MUST ( sn $ cn )
MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) )
#
olcObjectClasses: ( 2.5.6.7 NAME 'organizationalPerson'
DESC 'RFC2256: an organizational person'
SUP person STRUCTURAL
MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $
facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) )
#
olcObjectClasses: ( 2.5.6.8 NAME 'organizationalRole'
DESC 'RFC2256: an organizational role'
SUP top STRUCTURAL
MUST cn
MAY ( x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $
postOfficeBox $ postalCode $ postalAddress $
physicalDeliveryOfficeName $ ou $ st $ l $ description ) )
#
olcObjectClasses: ( 2.5.6.9 NAME 'groupOfNames'
DESC 'RFC2256: a group of names (DNs)'
SUP top STRUCTURAL
MUST ( member $ cn )
MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
#
olcObjectClasses: ( 2.5.6.10 NAME 'residentialPerson'
DESC 'RFC2256: an residential person'
SUP person STRUCTURAL
MUST l
MAY ( businessCategory $ x121Address $ registeredAddress $
destinationIndicator $ preferredDeliveryMethod $ telexNumber $
teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $
facsimileTelephoneNumber $ preferredDeliveryMethod $ street $
postOfficeBox $ postalCode $ postalAddress $
physicalDeliveryOfficeName $ st $ l ) )
#
olcObjectClasses: ( 2.5.6.11 NAME 'applicationProcess'
DESC 'RFC2256: an application process'
SUP top STRUCTURAL
MUST cn
MAY ( seeAlso $ ou $ l $ description ) )
#
olcObjectClasses: ( 2.5.6.12 NAME 'applicationEntity'
DESC 'RFC2256: an application entity'
SUP top STRUCTURAL
MUST ( presentationAddress $ cn )
MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $
description ) )
#
olcObjectClasses: ( 2.5.6.13 NAME 'dSA'
DESC 'RFC2256: a directory system agent (a server)'
SUP applicationEntity STRUCTURAL
MAY knowledgeInformation )
#
olcObjectClasses: ( 2.5.6.14 NAME 'device'
DESC 'RFC2256: a device'
SUP top STRUCTURAL
MUST cn
MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) )
#
olcObjectClasses: ( 2.5.6.15 NAME 'strongAuthenticationUser'
DESC 'RFC2256: a strong authentication user'
SUP top AUXILIARY
MUST userCertificate )
#
olcObjectClasses: ( 2.5.6.16 NAME 'certificationAuthority'
DESC 'RFC2256: a certificate authority'
SUP top AUXILIARY
MUST ( authorityRevocationList $ certificateRevocationList $
cACertificate ) MAY crossCertificatePair )
#
olcObjectClasses: ( 2.5.6.17 NAME 'groupOfUniqueNames'
DESC 'RFC2256: a group of unique names (DN and Unique Identifier)'
SUP top STRUCTURAL
MUST ( uniqueMember $ cn )
MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
#
olcObjectClasses: ( 2.5.6.18 NAME 'userSecurityInformation'
DESC 'RFC2256: a user security information'
SUP top AUXILIARY
MAY ( supportedAlgorithms ) )
#
olcObjectClasses: ( 2.5.6.16.2 NAME 'certificationAuthority-V2'
SUP certificationAuthority
AUXILIARY MAY ( deltaRevocationList ) )
#
olcObjectClasses: ( 2.5.6.19 NAME 'cRLDistributionPoint'
SUP top STRUCTURAL
MUST ( cn )
MAY ( certificateRevocationList $ authorityRevocationList $
deltaRevocationList ) )
#
olcObjectClasses: ( 2.5.6.20 NAME 'dmd'
SUP top STRUCTURAL
MUST ( dmdName )
MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
street $ postOfficeBox $ postalCode $ postalAddress $
physicalDeliveryOfficeName $ st $ l $ description ) )
#
#
# Object Classes from RFC 2587
#
olcObjectClasses: ( 2.5.6.21 NAME 'pkiUser'
DESC 'RFC2587: a PKI user'
SUP top AUXILIARY
MAY userCertificate )
#
olcObjectClasses: ( 2.5.6.22 NAME 'pkiCA'
DESC 'RFC2587: PKI certificate authority'
SUP top AUXILIARY
MAY ( authorityRevocationList $ certificateRevocationList $
cACertificate $ crossCertificatePair ) )
#
olcObjectClasses: ( 2.5.6.23 NAME 'deltaCRL'
DESC 'RFC2587: PKI user'
SUP top AUXILIARY
MAY deltaRevocationList )
#
#
# Standard Track URI label schema from RFC 2079
# system schema
#olcAttributeTypes: ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI'
# DESC 'RFC2079: Uniform Resource Identifier with optional label'
# EQUALITY caseExactMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
#
olcObjectClasses: ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject'
DESC 'RFC2079: object that contains the URI attribute type'
MAY ( labeledURI )
SUP top AUXILIARY )
#
#
# Derived from RFC 1274, but with new "short names"
#
#olcAttributeTypes: ( 0.9.2342.19200300.100.1.1
# NAME ( 'uid' 'userid' )
# DESC 'RFC1274: user identifier'
# EQUALITY caseIgnoreMatch
# SUBSTR caseIgnoreSubstringsMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
#
olcAttributeTypes: ( 0.9.2342.19200300.100.1.3
NAME ( 'mail' 'rfc822Mailbox' )
DESC 'RFC1274: RFC822 Mailbox'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
#
olcObjectClasses: ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
DESC 'RFC1274: simple security object'
SUP top AUXILIARY
MUST userPassword )
#
# RFC 1274 + RFC 2247
olcAttributeTypes: ( 0.9.2342.19200300.100.1.25
NAME ( 'dc' 'domainComponent' )
DESC 'RFC1274/2247: domain component'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
#
# RFC 2247
olcObjectClasses: ( 1.3.6.1.4.1.1466.344 NAME 'dcObject'
DESC 'RFC2247: domain component object'
SUP top AUXILIARY MUST dc )
#
# RFC 2377
olcObjectClasses: ( 1.3.6.1.1.3.1 NAME 'uidObject'
DESC 'RFC2377: uid object'
SUP top AUXILIARY MUST uid )
#
# From COSINE Pilot
olcAttributeTypes: ( 0.9.2342.19200300.100.1.37
NAME 'associatedDomain'
DESC 'RFC1274: domain associated with object'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
#
# RFC 2459 -- deprecated in favor of 'mail' (in cosine.schema)
olcAttributeTypes: ( 1.2.840.113549.1.9.1
NAME ( 'email' 'emailAddress' 'pkcs9email' )
DESC 'RFC3280: legacy attribute for email addresses in DNs'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
#

200
script/ldap-server/schema/cosine.ldif Normal file
Просмотреть файл

@ -0,0 +1,200 @@
# RFC1274: Cosine and Internet X.500 schema
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2014 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
#
# RFC1274: Cosine and Internet X.500 schema
#
# This file contains LDAPv3 schema derived from X.500 COSINE "pilot"
# schema. As this schema was defined for X.500(89), some
# oddities were introduced in the mapping to LDAPv3. The
# mappings were based upon: draft-ietf-asid-ldapv3-attributes-03.txt
# (a work in progress)
#
# Note: It seems that the pilot schema evolved beyond what was
# described in RFC1274. However, this document attempts to describes
# RFC1274 as published.
#
# Depends on core.ldif
#
# This file was automatically generated from cosine.schema; see that
# file for complete background.
#
dn: cn=cosine,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: cosine
olcAttributeTypes: ( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress'
EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.
1466.115.121.1.15{256} )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.4 NAME 'info' DESC 'RFC1274: g
eneral information' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.5 NAME ( 'drink' 'favouriteDri
nk' ) DESC 'RFC1274: favorite drink' EQUALITY caseIgnoreMatch SUBSTR caseIgno
reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' DESC 'RFC1
274: room number' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch S
YNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.7 NAME 'photo' DESC 'RFC1274:
photo (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000} )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.8 NAME 'userClass' DESC 'RFC12
74: category of user' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMat
ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.9 NAME 'host' DESC 'RFC1274: h
ost computer' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTA
X 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.10 NAME 'manager' DESC 'RFC127
4: DN of manager' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115
.121.1.12 )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier' D
ESC 'RFC1274: unique identifier of document' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle' DESC '
RFC1274: title of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstri
ngsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion' DES
C 'RFC1274: version of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSu
bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor' DESC
'RFC1274: DN of author of document' EQUALITY distinguishedNameMatch SYNTAX 1
.3.6.1.4.1.1466.115.121.1.12 )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation' DE
SC 'RFC1274: location of document original' EQUALITY caseIgnoreMatch SUBSTR c
aseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.20 NAME ( 'homePhone' 'homeTe
lephoneNumber' ) DESC 'RFC1274: home telephone number' EQUALITY telephoneNumb
erMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121
.1.50 )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.21 NAME 'secretary' DESC 'RFC
1274: DN of secretary' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.146
6.115.121.1.12 )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox' SYNTAX
1.3.6.1.4.1.1466.115.121.1.39 )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.26 NAME 'aRecord' EQUALITY ca
seIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.27 NAME 'mDRecord' EQUALITY c
aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.28 NAME 'mXRecord' EQUALITY c
aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.29 NAME 'nSRecord' EQUALITY c
aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.30 NAME 'sOARecord' EQUALITY
caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord' EQUALIT
Y caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.38 NAME 'associatedName' DESC
'RFC1274: DN of entry associated with domain' EQUALITY distinguishedNameMatc
h SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress' D
ESC 'RFC1274: home postal address' EQUALITY caseIgnoreListMatch SUBSTR caseIg
noreListSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.40 NAME 'personalTitle' DESC
'RFC1274: personal title' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring
sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.41 NAME ( 'mobile' 'mobileTel
ephoneNumber' ) DESC 'RFC1274: mobile telephone number' EQUALITY telephoneNum
berMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12
1.1.50 )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.42 NAME ( 'pager' 'pagerTelep
honeNumber' ) DESC 'RFC1274: pager telephone number' EQUALITY telephoneNumber
Match SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1
.50 )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.43 NAME ( 'co' 'friendlyCount
ryName' ) DESC 'RFC1274: friendly country name' EQUALITY caseIgnoreMatch SUBS
TR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier' DE
SC 'RFC1274: unique identifer' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.14
66.115.121.1.15{256} )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus
' DESC 'RFC1274: organizational status' EQUALITY caseIgnoreMatch SUBSTR caseI
gnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox' DESC '
RFC1274: Janet mailbox' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Subst
ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.47 NAME 'mailPreferenceOption
' DESC 'RFC1274: mail preference option' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
)
olcAttributeTypes: ( 0.9.2342.19200300.100.1.48 NAME 'buildingName' DESC '
RFC1274: name of building' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrin
gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.49 NAME 'dSAQuality' DESC 'RF
C1274: DSA Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.19 SINGLE-VALUE )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.50 NAME 'singleLevelQuality'
DESC 'RFC1274: Single Level Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SIN
GLE-VALUE )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.51 NAME 'subtreeMinimumQualit
y' DESC 'RFC1274: Subtree Mininum Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.
13 SINGLE-VALUE )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.52 NAME 'subtreeMaximumQualit
y' DESC 'RFC1274: Subtree Maximun Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.
13 SINGLE-VALUE )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.53 NAME 'personalSignature' D
ESC 'RFC1274: Personal Signature (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.
23 )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect' DESC 'R
FC1274: DIT Redirect' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466
.115.121.1.12 )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.55 NAME 'audio' DESC 'RFC1274
: audio (u-law)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.4{25000} )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher' D
ESC 'RFC1274: publisher of document' EQUALITY caseIgnoreMatch SUBSTR caseIgno
reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcObjectClasses: ( 0.9.2342.19200300.100.4.4 NAME ( 'pilotPerson' 'newPilo
tPerson' ) SUP person STRUCTURAL MAY ( userid $ textEncodedORAddress $ rfc822
Mailbox $ favouriteDrink $ roomNumber $ userClass $ homeTelephoneNumber $ hom
ePostalAddress $ secretary $ personalTitle $ preferredDeliveryMethod $ busine
ssCategory $ janetMailbox $ otherMailbox $ mobileTelephoneNumber $ pagerTelep
honeNumber $ organizationalStatus $ mailPreferenceOption $ personalSignature
) )
olcObjectClasses: ( 0.9.2342.19200300.100.4.5 NAME 'account' SUP top STRUCT
URAL MUST userid MAY ( description $ seeAlso $ localityName $ organizationNam
e $ organizationalUnitName $ host ) )
olcObjectClasses: ( 0.9.2342.19200300.100.4.6 NAME 'document' SUP top STRUC
TURAL MUST documentIdentifier MAY ( commonName $ description $ seeAlso $ loca
lityName $ organizationName $ organizationalUnitName $ documentTitle $ docume
ntVersion $ documentAuthor $ documentLocation $ documentPublisher ) )
olcObjectClasses: ( 0.9.2342.19200300.100.4.7 NAME 'room' SUP top STRUCTURA
L MUST commonName MAY ( roomNumber $ description $ seeAlso $ telephoneNumber
) )
olcObjectClasses: ( 0.9.2342.19200300.100.4.9 NAME 'documentSeries' SUP top
STRUCTURAL MUST commonName MAY ( description $ seeAlso $ telephonenumber $ l
ocalityName $ organizationName $ organizationalUnitName ) )
olcObjectClasses: ( 0.9.2342.19200300.100.4.13 NAME 'domain' SUP top STRUCT
URAL MUST domainComponent MAY ( associatedName $ organizationName $ descripti
on $ businessCategory $ seeAlso $ searchGuide $ userPassword $ localityName $
stateOrProvinceName $ streetAddress $ physicalDeliveryOfficeName $ postalAdd
ress $ postalCode $ postOfficeBox $ streetAddress $ facsimileTelephoneNumber
$ internationalISDNNumber $ telephoneNumber $ teletexTerminalIdentifier $ tel
exNumber $ preferredDeliveryMethod $ destinationIndicator $ registeredAddress
$ x121Address ) )
olcObjectClasses: ( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart' SUP d
omain STRUCTURAL MAY ( commonName $ surname $ description $ seeAlso $ telepho
neNumber $ physicalDeliveryOfficeName $ postalAddress $ postalCode $ postOffi
ceBox $ streetAddress $ facsimileTelephoneNumber $ internationalISDNNumber $
telephoneNumber $ teletexTerminalIdentifier $ telexNumber $ preferredDelivery
Method $ destinationIndicator $ registeredAddress $ x121Address ) )
olcObjectClasses: ( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain' SUP domain
STRUCTURAL MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $ SOARecord $ CNAME
Record ) )
olcObjectClasses: ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject' D
ESC 'RFC1274: an object related to an domain' SUP top AUXILIARY MUST associat
edDomain )
olcObjectClasses: ( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry' SUP c
ountry STRUCTURAL MUST friendlyCountryName )
olcObjectClasses: ( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization' SU
P ( organization $ organizationalUnit ) STRUCTURAL MAY buildingName )
olcObjectClasses: ( 0.9.2342.19200300.100.4.21 NAME 'pilotDSA' SUP dsa STR
UCTURAL MAY dSAQuality )
olcObjectClasses: ( 0.9.2342.19200300.100.4.22 NAME 'qualityLabelledData'
SUP top AUXILIARY MUST dsaQuality MAY ( subtreeMinimumQuality $ subtreeMaximu
mQuality ) )

224
script/ldap-server/schema/dhcp.ldif Normal file
Просмотреть файл

@ -0,0 +1,224 @@
dn: cn=dhcp,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: dhcp
olcAttributeTypes: {0}( 2.16.840.1.113719.1.203.4.1 NAME 'dhcpPrimaryDN' DESC
'The DN of the dhcpServer which is the primary server for the configuration.'
EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-
VALUE )
olcAttributeTypes: {1}( 2.16.840.1.113719.1.203.4.2 NAME 'dhcpSecondaryDN' DES
C 'The DN of dhcpServer(s) which provide backup service for the configuration
.' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
olcAttributeTypes: {2}( 2.16.840.1.113719.1.203.4.3 NAME 'dhcpStatements' DESC
'Flexible storage for specific data depending on what object this exists in.
Like conditional statements, server parameters, etc. This allows the standar
d to evolve without needing to adjust the schema.' EQUALITY caseIgnoreIA5Matc
h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {3}( 2.16.840.1.113719.1.203.4.4 NAME 'dhcpRange' DESC 'The
starting & ending IP Addresses in the range (inclusive), separated by a hyph
en; if the range only contains one address, then just the address can be spec
ified with no hyphen. Each range is defined as a separate value.' EQUALITY c
aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {4}( 2.16.840.1.113719.1.203.4.5 NAME 'dhcpPermitList' DESC
'This attribute contains the permit lists associated with a pool. Each permi
t list is defined as a separate value.' EQUALITY caseIgnoreIA5Match SYNTAX 1.
3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {5}( 2.16.840.1.113719.1.203.4.6 NAME 'dhcpNetMask' DESC 'T
he subnet mask length for the subnet. The mask can be easily computed from t
his length.' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGL
E-VALUE )
olcAttributeTypes: {6}( 2.16.840.1.113719.1.203.4.7 NAME 'dhcpOption' DESC 'En
coded option values to be sent to clients. Each value represents a single op
tion and contains (OptionTag, Length, OptionValue) encoded in the format used
by DHCP.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {7}( 2.16.840.1.113719.1.203.4.8 NAME 'dhcpClassData' DESC
'Encoded text string or list of bytes expressed in hexadecimal, separated by
colons. Clients match subclasses based on matching the class data with the r
esults of match or spawn with statements in the class name declarations.' EQU
ALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
olcAttributeTypes: {8}( 2.16.840.1.113719.1.203.4.9 NAME 'dhcpOptionsDN' DESC
'The distinguished name(s) of the dhcpOption objects containing the configura
tion options provided by the server.' EQUALITY distinguishedNameMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.12 )
olcAttributeTypes: {9}( 2.16.840.1.113719.1.203.4.10 NAME 'dhcpHostDN' DESC 't
he distinguished name(s) of the dhcpHost objects.' EQUALITY distinguishedName
Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
olcAttributeTypes: {10}( 2.16.840.1.113719.1.203.4.11 NAME 'dhcpPoolDN' DESC '
The distinguished name(s) of pools.' EQUALITY distinguishedNameMatch SYNTAX 1
.3.6.1.4.1.1466.115.121.1.12 )
olcAttributeTypes: {11}( 2.16.840.1.113719.1.203.4.12 NAME 'dhcpGroupDN' DESC
'The distinguished name(s) of the groups.' EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
olcAttributeTypes: {12}( 2.16.840.1.113719.1.203.4.13 NAME 'dhcpSubnetDN' DESC
'The distinguished name(s) of the subnets.' EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
olcAttributeTypes: {13}( 2.16.840.1.113719.1.203.4.14 NAME 'dhcpLeaseDN' DESC
'The distinguished name of a client address.' EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
olcAttributeTypes: {14}( 2.16.840.1.113719.1.203.4.15 NAME 'dhcpLeasesDN' DESC
'The distinguished name(s) client addresses.' EQUALITY distinguishedNameMatc
h SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
olcAttributeTypes: {15}( 2.16.840.1.113719.1.203.4.16 NAME 'dhcpClassesDN' DES
C 'The distinguished name(s) of a class(es) in a subclass.' EQUALITY distingu
ishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
olcAttributeTypes: {16}( 2.16.840.1.113719.1.203.4.17 NAME 'dhcpSubclassesDN'
DESC 'The distinguished name(s) of subclass(es).' EQUALITY distinguishedNameM
atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
olcAttributeTypes: {17}( 2.16.840.1.113719.1.203.4.18 NAME 'dhcpSharedNetworkD
N' DESC 'The distinguished name(s) of sharedNetworks.' EQUALITY distinguished
NameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
olcAttributeTypes: {18}( 2.16.840.1.113719.1.203.4.19 NAME 'dhcpServiceDN' DES
C 'The DN of dhcpService object(s)which contain the configuration information
. Each dhcpServer object has this attribute identifying the DHCP configuratio
n(s) that the server is associated with.' EQUALITY distinguishedNameMatch SYN
TAX 1.3.6.1.4.1.1466.115.121.1.12 )
olcAttributeTypes: {19}( 2.16.840.1.113719.1.203.4.20 NAME 'dhcpVersion' DESC
'The version attribute of this object.' EQUALITY caseIgnoreIA5Match SYNTAX 1.
3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
olcAttributeTypes: {20}( 2.16.840.1.113719.1.203.4.21 NAME 'dhcpImplementation
' DESC 'Description of the DHCP Server implementation e.g. DHCP Servers vendo
r.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-V
ALUE )
olcAttributeTypes: {21}( 2.16.840.1.113719.1.203.4.22 NAME 'dhcpAddressState'
DESC 'This stores information about the current binding-status of an address.
For dynamic addresses managed by DHCP, the values should be restricted to t
he following: "FREE", "ACTIVE", "EXPIRED", "RELEASED", "RESET", "ABANDONED",
"BACKUP". For other addresses, it SHOULD be one of the following: "UNKNOWN",
"RESERVED" (an address that is managed by DHCP that is reserved for a specif
ic client), "RESERVED-ACTIVE" (same as reserved, but address is currently in
use), "ASSIGNED" (assigned manually or by some other mechanism), "UNASSIGNED"
, "NOTASSIGNABLE".' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.1
21.1.26 SINGLE-VALUE )
olcAttributeTypes: {22}( 2.16.840.1.113719.1.203.4.23 NAME 'dhcpExpirationTime
' DESC 'This is the time the current lease for an address expires.' EQUALITY
generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
olcAttributeTypes: {23}( 2.16.840.1.113719.1.203.4.24 NAME 'dhcpStartTimeOfSta
te' DESC 'This is the time of the last state change for a leased address.' EQ
UALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE
)
olcAttributeTypes: {24}( 2.16.840.1.113719.1.203.4.25 NAME 'dhcpLastTransactio
nTime' DESC 'This is the last time a valid DHCP packet was received from the
client.' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 S
INGLE-VALUE )
olcAttributeTypes: {25}( 2.16.840.1.113719.1.203.4.26 NAME 'dhcpBootpFlag' DES
C 'This indicates whether the address was assigned via BOOTP.' EQUALITY boole
anMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
olcAttributeTypes: {26}( 2.16.840.1.113719.1.203.4.27 NAME 'dhcpDomainName' DE
SC 'This is the name of the domain sent to the client by the server. It is e
ssentially the same as the value for DHCP option 15 sent to the client, and r
epresents only the domain - not the full FQDN. To obtain the full FQDN assig
ned to the client you must prepend the "dhcpAssignedHostName" to this value w
ith a ".".' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
olcAttributeTypes: {27}( 2.16.840.1.113719.1.203.4.28 NAME 'dhcpDnsStatus' DES
C 'This indicates the status of updating DNS resource records on behalf of th
e client by the DHCP server for this address. The value is a 16-bit bitmask.
' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {28}( 2.16.840.1.113719.1.203.4.29 NAME 'dhcpRequestedHostN
ame' DESC 'This is the hostname that was requested by the client.' EQUALITY c
aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
olcAttributeTypes: {29}( 2.16.840.1.113719.1.203.4.30 NAME 'dhcpAssignedHostNa
me' DESC 'This is the actual hostname that was assigned to a client. It may n
ot be the name that was requested by the client. The fully qualified domain
name can be determined by appending the value of "dhcpDomainName" (with a dot
separator) to this name.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.146
6.115.121.1.26 SINGLE-VALUE )
olcAttributeTypes: {30}( 2.16.840.1.113719.1.203.4.31 NAME 'dhcpReservedForCli
ent' DESC 'The distinguished name of a "dhcpClient" that an address is reserv
ed for. This may not be the same as the "dhcpAssignedToClient" attribute if
the address is being reassigned but the current lease has not yet expired.' E
QUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VA
LUE )
olcAttributeTypes: {31}( 2.16.840.1.113719.1.203.4.32 NAME 'dhcpAssignedToClie
nt' DESC 'This is the distinguished name of a "dhcpClient" that an address is
currently assigned to. This attribute is only present in the class when the
address is leased.' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.
115.121.1.12 SINGLE-VALUE )
olcAttributeTypes: {32}( 2.16.840.1.113719.1.203.4.33 NAME 'dhcpRelayAgentInfo
' DESC 'If the client request was received via a relay agent, this contains i
nformation about the relay agent that was available from the DHCP request. T
his is a hex-encoded option value.' EQUALITY octetStringMatch SYNTAX 1.3.6.1.
4.1.1466.115.121.1.40 SINGLE-VALUE )
olcAttributeTypes: {33}( 2.16.840.1.113719.1.203.4.34 NAME 'dhcpHWAddress' DES
C 'The clients hardware address that requested this IP address.' EQUALITY oct
etStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
olcAttributeTypes: {34}( 2.16.840.1.113719.1.203.4.35 NAME 'dhcpHashBucketAssi
gnment' DESC 'HashBucketAssignment bit map for the DHCP Server, as defined in
DHC Load Balancing Algorithm [RFC 3074].' EQUALITY octetStringMatch SYNTAX 1
.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
olcAttributeTypes: {35}( 2.16.840.1.113719.1.203.4.36 NAME 'dhcpDelayedService
Parameter' DESC 'Delay in seconds corresponding to Delayed Service Parameter
configuration, as defined in DHC Load Balancing Algorithm [RFC 3074]. ' EQUA
LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {36}( 2.16.840.1.113719.1.203.4.37 NAME 'dhcpMaxClientLeadT
ime' DESC 'Maximum Client Lead Time configuration in seconds, as defined in D
HCP Failover Protocol [FAILOVR]' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.146
6.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {37}( 2.16.840.1.113719.1.203.4.38 NAME 'dhcpFailOverEndpoi
ntState' DESC 'Server (Failover Endpoint) state, as defined in DHCP Failover
Protocol [FAILOVR]' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.1
21.1.26 SINGLE-VALUE )
olcAttributeTypes: {38}( 2.16.840.1.113719.1.203.4.39 NAME 'dhcpErrorLog' DESC
'Generic error log attribute that allows logging error conditions within a d
hcpService or a dhcpSubnet, like no IP addresses available for lease.' EQUALI
TY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
olcObjectClasses: {0}( 2.16.840.1.113719.1.203.6.1 NAME 'dhcpService' DESC 'Se
rvice object that represents the actual DHCP Service configuration. This is a
container object.' SUP top STRUCTURAL MUST ( cn $ dhcpPrimaryDN ) MAY ( dhcp
SecondaryDN $ dhcpSharedNetworkDN $ dhcpSubnetDN $ dhcpGroupDN $ dhcpHostDN $
dhcpClassesDN $ dhcpOptionsDN $ dhcpStatements ) )
olcObjectClasses: {1}( 2.16.840.1.113719.1.203.6.2 NAME 'dhcpSharedNetwork' DE
SC 'This stores configuration information for a shared network.' SUP top STRU
CTURAL MUST cn MAY ( dhcpSubnetDN $ dhcpPoolDN $ dhcpOptionsDN $ dhcpStatemen
ts ) X-NDS_CONTAINMENT 'dhcpService' )
olcObjectClasses: {2}( 2.16.840.1.113719.1.203.6.3 NAME 'dhcpSubnet' DESC 'Thi
s class defines a subnet. This is a container object.' SUP top STRUCTURAL MUS
T ( cn $ dhcpNetMask ) MAY ( dhcpRange $ dhcpPoolDN $ dhcpGroupDN $ dhcpHostD
N $ dhcpClassesDN $ dhcpLeasesDN $ dhcpOptionsDN $ dhcpStatements ) X-NDS_CON
TAINMENT ( 'dhcpService' 'dhcpSharedNetwork' ) )
olcObjectClasses: {3}( 2.16.840.1.113719.1.203.6.4 NAME 'dhcpPool' DESC 'This
stores configuration information about a pool.' SUP top STRUCTURAL MUST ( cn
$ dhcpRange ) MAY ( dhcpClassesDN $ dhcpPermitList $ dhcpLeasesDN $ dhcpOptio
nsDN $ dhcpStatements ) X-NDS_CONTAINMENT ( 'dhcpSubnet' 'dhcpSharedNetwork'
) )
olcObjectClasses: {4}( 2.16.840.1.113719.1.203.6.5 NAME 'dhcpGroup' DESC 'Grou
p object that lists host DNs and parameters. This is a container object.' SUP
top STRUCTURAL MUST cn MAY ( dhcpHostDN $ dhcpOptionsDN $ dhcpStatements ) X
-NDS_CONTAINMENT ( 'dhcpSubnet' 'dhcpService' ) )
olcObjectClasses: {5}( 2.16.840.1.113719.1.203.6.6 NAME 'dhcpHost' DESC 'This
represents information about a particular client' SUP top STRUCTURAL MUST cn
MAY ( dhcpLeaseDN $ dhcpHWAddress $ dhcpOptionsDN $ dhcpStatements ) X-NDS_CO
NTAINMENT ( 'dhcpService' 'dhcpSubnet' 'dhcpGroup' ) )
olcObjectClasses: {6}( 2.16.840.1.113719.1.203.6.7 NAME 'dhcpClass' DESC 'Repr
esents information about a collection of related clients.' SUP top STRUCTURAL
MUST cn MAY ( dhcpSubClassesDN $ dhcpOptionsDN $ dhcpStatements ) X-NDS_CONT
AINMENT ( 'dhcpService' 'dhcpSubnet' ) )
olcObjectClasses: {7}( 2.16.840.1.113719.1.203.6.8 NAME 'dhcpSubClass' DESC 'R
epresents information about a collection of related classes.' SUP top STRUCTU
RAL MUST cn MAY ( dhcpClassData $ dhcpOptionsDN $ dhcpStatements ) X-NDS_CONT
AINMENT 'dhcpClass' )
olcObjectClasses: {8}( 2.16.840.1.113719.1.203.6.9 NAME 'dhcpOptions' DESC 'Re
presents information about a collection of options defined.' SUP top AUXILIAR
Y MUST cn MAY dhcpOption X-NDS_CONTAINMENT ( 'dhcpService' 'dhcpSharedNetwork
' 'dhcpSubnet' 'dhcpPool' 'dhcpGroup' 'dhcpHost' 'dhcpClass' ) )
olcObjectClasses: {9}( 2.16.840.1.113719.1.203.6.10 NAME 'dhcpLeases' DESC 'Th
is class represents an IP Address, which may or may not have been leased.' SU
P top STRUCTURAL MUST ( cn $ dhcpAddressState ) MAY ( dhcpExpirationTime $ dh
cpStartTimeOfState $ dhcpLastTransactionTime $ dhcpBootpFlag $ dhcpDomainName
$ dhcpDnsStatus $ dhcpRequestedHostName $ dhcpAssignedHostName $ dhcpReserve
dForClient $ dhcpAssignedToClient $ dhcpRelayAgentInfo $ dhcpHWAddress ) X-ND
S_CONTAINMENT ( 'dhcpService' 'dhcpSubnet' 'dhcpPool' ) )
olcObjectClasses: {10}( 2.16.840.1.113719.1.203.6.11 NAME 'dhcpLog' DESC 'This
is the object that holds past information about the IP address. The cn is th
e time/date stamp when the address was assigned or released, the address stat
e at the time, if the address was assigned or released.' SUP top STRUCTURAL M
UST cn MAY ( dhcpAddressState $ dhcpExpirationTime $ dhcpStartTimeOfState $ d
hcpLastTransactionTime $ dhcpBootpFlag $ dhcpDomainName $ dhcpDnsStatus $ dhc
pRequestedHostName $ dhcpAssignedHostName $ dhcpReservedForClient $ dhcpAssig
nedToClient $ dhcpRelayAgentInfo $ dhcpHWAddress $ dhcpErrorLog ) X-NDS_CONTA
INMENT ( 'dhcpLeases' 'dhcpPool' 'dhcpSubnet' 'dhcpSharedNetwork' 'dhcpServic
e' ) )
olcObjectClasses: {11}( 2.16.840.1.113719.1.203.6.12 NAME 'dhcpServer' DESC 'D
HCP Server Object' SUP top STRUCTURAL MUST ( cn $ dhcpServiceDN ) MAY ( dhcpV
ersion $ dhcpImplementation $ dhcpHashBucketAssignment $ dhcpDelayedServicePa
rameter $ dhcpMaxClientLeadTime $ dhcpFailOverEndpointState $ dhcpStatements
) X-NDS_CONTAINMENT ( 'o' 'ou' 'dc' ) )

83
script/ldap-server/schema/dnszone.ldif Normal file
Просмотреть файл

@ -0,0 +1,83 @@
dn: cn=dnszone,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: dnszone
olcAttributeTypes: {0}( 1.3.6.1.4.1.2428.20.0.0 NAME 'dNSTTL' DESC 'An integer
denoting time to live' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121
.1.27 )
olcAttributeTypes: {1}( 1.3.6.1.4.1.2428.20.0.1 NAME 'dNSClass' DESC 'The clas
s of a resource record' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.1
15.121.1.26 )
olcAttributeTypes: {2}( 1.3.6.1.4.1.2428.20.0.2 NAME 'zoneName' DESC 'The name
of a zone, i.e. the name of the highest node in the zone' EQUALITY caseIgnor
eIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121
.1.26 )
olcAttributeTypes: {3}( 1.3.6.1.4.1.2428.20.0.3 NAME 'relativeDomainName' DESC
'The starting labels of a domain name' EQUALITY caseIgnoreIA5Match SUBSTR ca
seIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {4}( 1.3.6.1.4.1.2428.20.1.12 NAME 'pTRRecord' DESC 'domain
name pointer, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Subs
tringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {5}( 1.3.6.1.4.1.2428.20.1.13 NAME 'hInfoRecord' DESC 'host
information, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Subst
ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {6}( 1.3.6.1.4.1.2428.20.1.14 NAME 'mInfoRecord' DESC 'mail
box or mail list information, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR ca
seIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {7}( 1.3.6.1.4.1.2428.20.1.16 NAME 'tXTRecord' DESC 'text s
tring, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMa
tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {8}( 1.3.6.1.4.1.2428.20.1.18 NAME 'aFSDBRecord' DESC 'for
AFS Data Base location, RFC 1183' EQUALITY caseIgnoreIA5Match SUBSTR caseIgno
reIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {9}( 1.3.6.1.4.1.2428.20.1.24 NAME 'SigRecord' DESC 'Signat
ure, RFC 2535' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatc
h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {10}( 1.3.6.1.4.1.2428.20.1.25 NAME 'KeyRecord' DESC 'Key,
RFC 2535' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYN
TAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {11}( 1.3.6.1.4.1.2428.20.1.28 NAME 'aAAARecord' DESC 'IPv6
address, RFC 1886' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substring
sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {12}( 1.3.6.1.4.1.2428.20.1.29 NAME 'LocRecord' DESC 'Locat
ion, RFC 1876' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatc
h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {13}( 1.3.6.1.4.1.2428.20.1.30 NAME 'nXTRecord' DESC 'non-e
xistant, RFC 2535' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substrings
Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {14}( 1.3.6.1.4.1.2428.20.1.33 NAME 'sRVRecord' DESC 'servi
ce location, RFC 2782' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substr
ingsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {15}( 1.3.6.1.4.1.2428.20.1.35 NAME 'nAPTRRecord' DESC 'Nam
ing Authority Pointer, RFC 2915' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnor
eIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {16}( 1.3.6.1.4.1.2428.20.1.36 NAME 'kXRecord' DESC 'Key Ex
change Delegation, RFC 2230' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5
SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {17}( 1.3.6.1.4.1.2428.20.1.37 NAME 'certRecord' DESC 'cert
ificate, RFC 2538' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substrings
Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {18}( 1.3.6.1.4.1.2428.20.1.38 NAME 'a6Record' DESC 'A6 Rec
ord Type, RFC 2874' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substring
sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {19}( 1.3.6.1.4.1.2428.20.1.39 NAME 'dNameRecord' DESC 'Non
-Terminal DNS Name Redirection, RFC 2672' EQUALITY caseIgnoreIA5Match SUBSTR
caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {20}( 1.3.6.1.4.1.2428.20.1.43 NAME 'dSRecord' DESC 'Delega
tion Signer, RFC 3658' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substr
ingsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {21}( 1.3.6.1.4.1.2428.20.1.44 NAME 'sSHFPRecord' DESC 'SSH
Key Fingerprint, draft-ietf-secsh-dns-05.txt' EQUALITY caseIgnoreIA5Match SU
BSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {22}( 1.3.6.1.4.1.2428.20.1.46 NAME 'rRSIGRecord' DESC 'RRS
IG, RFC 3755' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {23}( 1.3.6.1.4.1.2428.20.1.47 NAME 'nSECRecord' DESC 'NSEC
, RFC 3755' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch S
YNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcObjectClasses: {0}( 1.3.6.1.4.1.2428.20.3 NAME 'dNSZone' SUP top STRUCTURAL
MUST ( zoneName $ relativeDomainName ) MAY ( DNSTTL $ DNSClass $ ARecord $ M
DRecord $ MXRecord $ NSRecord $ SOARecord $ CNAMERecord $ PTRRecord $ HINFORe
cord $ MINFORecord $ TXTRecord $ AFSDBRecord $ SIGRecord $ KEYRecord $ AAAARe
cord $ LOCRecord $ NXTRecord $ SRVRecord $ NAPTRRecord $ KXRecord $ CERTRecor
d $ A6Record $ DNAMERecord $ DSRecord $ SSHFPRecord $ RRSIGRecord $ NSECRecor
d ) )

83
script/ldap-server/schema/duaconf.ldif Normal file
Просмотреть файл

@ -0,0 +1,83 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2014 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
#
# DUA schema from draft-joslin-config-schema (a work in progress)
#
# This file was automatically generated from duaconf.schema; see that file
# for complete references.
#
dn: cn=duaconf,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: duaconf
olcObjectIdentifier: {0}DUAConfSchemaOID 1.3.6.1.4.1.11.1.3.1
olcAttributeTypes: {0}( DUAConfSchemaOID:1.0 NAME 'defaultServerList' DESC 'De
fault LDAP server host address used by a DUA' EQUALITY caseIgnoreMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
olcAttributeTypes: {1}( DUAConfSchemaOID:1.1 NAME 'defaultSearchBase' DESC 'De
fault LDAP base DN used by a DUA' EQUALITY distinguishedNameMatch SYNTAX 1.3.
6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
olcAttributeTypes: {2}( DUAConfSchemaOID:1.2 NAME 'preferredServerList' DESC '
Preferred LDAP server host addresses to be used by a DUA' EQUALITY
caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
olcAttributeTypes: {3}( DUAConfSchemaOID:1.3 NAME 'searchTimeLimit' DESC 'Maxi
mum time in seconds a DUA should allow for a search to complete' E
QUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {4}( DUAConfSchemaOID:1.4 NAME 'bindTimeLimit' DESC 'Maximu
m time in seconds a DUA should allow for the bind operation to com
plete' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALU
E )
olcAttributeTypes: {5}( DUAConfSchemaOID:1.5 NAME 'followReferrals' DESC 'Tell
s DUA if it should follow referrals returned by a DSA search resul
t' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
olcAttributeTypes: {6}( DUAConfSchemaOID:1.16 NAME 'dereferenceAliases' DESC '
Tells DUA if it should dereference aliases' EQUALITY booleanMatch SYNTAX 1.3.
6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
olcAttributeTypes: {7}( DUAConfSchemaOID:1.6 NAME 'authenticationMethod' DESC
'A keystring which identifies the type of authentication method us
ed to contact the DSA' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.1
21.1.15 SINGLE-VALUE )
olcAttributeTypes: {8}( DUAConfSchemaOID:1.7 NAME 'profileTTL' DESC 'Time to l
ive, in seconds, before a client DUA should re-read this configura
tion profile' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SING
LE-VALUE )
olcAttributeTypes: {9}( DUAConfSchemaOID:1.14 NAME 'serviceSearchDescriptor' D
ESC 'LDAP search descriptor list used by a DUA' EQUALITY caseExactMatch SYNTA
X 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: {10}( DUAConfSchemaOID:1.9 NAME 'attributeMap' DESC 'Attrib
ute mappings used by a DUA' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.14
66.115.121.1.26 )
olcAttributeTypes: {11}( DUAConfSchemaOID:1.10 NAME 'credentialLevel' DESC 'Id
entifies type of credentials a DUA should use when binding to the
LDAP server' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
olcAttributeTypes: {12}( DUAConfSchemaOID:1.11 NAME 'objectclassMap' DESC 'Obj
ectclass mappings used by a DUA' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4
.1.1466.115.121.1.26 )
olcAttributeTypes: {13}( DUAConfSchemaOID:1.12 NAME 'defaultSearchScope' DESC
'Default search scope used by a DUA' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6
.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
olcAttributeTypes: {14}( DUAConfSchemaOID:1.13 NAME 'serviceCredentialLevel' D
ESC 'Identifies type of credentials a DUA should use when binding
to the LDAP server for a specific service' EQUALITY caseIgnoreIA5M
atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {15}( DUAConfSchemaOID:1.15 NAME 'serviceAuthenticationMeth
od' DESC 'Authentication method used by a service of the DUA' EQUALITY caseIg
noreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcObjectClasses: {0}( DUAConfSchemaOID:2.5 NAME 'DUAConfigProfile' DESC 'Abst
raction of a base configuration for a DUA' SUP top STRUCTURAL MUST cn MAY ( d
efaultServerList $ preferredServerList $ defaultSearchBase $ defaultSearchSco
pe $ searchTimeLimit $ bindTimeLimit $ credentialLevel $ authenticationMethod
$ followReferrals $ dereferenceAliases $ serviceSearchDescriptor $ serviceCr
edentialLevel $ serviceAuthenticationMethod $ objectclassMap $ attributeMap $
profileTTL ) )

71
script/ldap-server/schema/dyngroup.ldif Normal file
Просмотреть файл

@ -0,0 +1,71 @@
# dyngroup.schema -- Dynamic Group schema
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2014 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
#
# Dynamic Group schema (experimental), as defined by Netscape. See
# http://www.redhat.com/docs/manuals/ent-server/pdf/esadmin611.pdf
# page 70 for details on how these groups were used.
#
# A description of the objectclass definition is available here:
# http://www.redhat.com/docs/manuals/dir-server/schema/7.1/oc_dir.html#1303745
#
# depends upon:
# core.schema
#
# These definitions are considered experimental due to the lack of
# a formal specification (e.g., RFC).
#
# NOT RECOMMENDED FOR PRODUCTION USE! USE WITH CAUTION!
#
# The Netscape documentation describes this as an auxiliary objectclass
# but their implementations have always defined it as a structural class.
# The sloppiness here is because Netscape-derived servers don't actually
# implement the X.500 data model, and they don't honor the distinction
# between structural and auxiliary classes. This fact is noted here:
# http://forum.java.sun.com/thread.jspa?threadID=5016864&messageID=9034636
#
# In accordance with other existing implementations, we define it as a
# structural class.
#
# Our definition of memberURL also does not match theirs but again
# their published definition and what works in practice do not agree.
# In other words, the Netscape definitions are broken and interoperability
# is not guaranteed.
#
# Also see the new DynGroup proposed spec at
# http://tools.ietf.org/html/draft-haripriya-dynamicgroup-02
dn: cn=dyngroup,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: dyngroup
olcObjectIdentifier: {0}NetscapeRoot 2.16.840.1.113730
olcObjectIdentifier: {1}NetscapeLDAP NetscapeRoot:3
olcObjectIdentifier: {2}NetscapeLDAPattributeType NetscapeLDAP:1
olcObjectIdentifier: {3}NetscapeLDAPobjectClass NetscapeLDAP:2
olcObjectIdentifier: {4}OpenLDAPExp11 1.3.6.1.4.1.4203.666.11
olcObjectIdentifier: {5}DynGroupBase OpenLDAPExp11:8
olcObjectIdentifier: {6}DynGroupAttr DynGroupBase:1
olcObjectIdentifier: {7}DynGroupOC DynGroupBase:2
olcAttributeTypes: {0}( NetscapeLDAPattributeType:198 NAME 'memberURL' DESC 'I
dentifies an URL associated with each member of a group. Any type of labeled
URL can be used.' SUP labeledURI )
olcAttributeTypes: {1}( DynGroupAttr:1 NAME 'dgIdentity' DESC 'Identity to use
when processing the memberURL' SUP distinguishedName SINGLE-VALUE )
olcAttributeTypes: {2}( DynGroupAttr:2 NAME 'dgAuthz' DESC 'Optional authoriza
tion rules that determine who is allowed to assume the dgIdentity' EQUALITY a
uthzMatch SYNTAX 1.3.6.1.4.1.4203.666.2.7 X-ORDERED 'VALUES' )
olcObjectClasses: {0}( NetscapeLDAPobjectClass:33 NAME 'groupOfURLs' SUP top S
TRUCTURAL MUST cn MAY ( memberURL $ businessCategory $ description $ o $ ou $
owner $ seeAlso ) )
olcObjectClasses: {1}( DynGroupOC:1 NAME 'dgIdentityAux' SUP top AUXILIARY MAY
( dgIdentity $ dgAuthz ) )

160
script/ldap-server/schema/githubiam.ldif Normal file
Просмотреть файл

@ -0,0 +1,160 @@
dn: cn=githubiam,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: githubiam
olcAttributeTypes: ( 1.3.6.1.4.1.43558.389.1.1.1
NAME 'githubDotcomId'
DESC 'GitHubUsername'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.43558.389.1.1.2
NAME 'campfireId'
DESC 'campfireID'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.43558.389.1.1.3
NAME 'lastPassEmail'
DESC 'LastPass email'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.43558.389.1.1.4
NAME 'slackId'
DESC 'Slack ID'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.43558.389.1.1.5
NAME 'amazonResourceName'
DESC 'Amazon Resource Name (ARN) of user.'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: ( 1.3.6.1.4.1.43558.389.1.1.6
NAME 'pagerDutyEmail'
DESC 'email address used on PagerDuty'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.43558.389.1.1.7
NAME 'herokuEmail'
DESC 'email address used on Heroku'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.43558.389.1.1.8
NAME 'bluejeansEmail'
DESC 'email address used on bluejeans'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.43558.389.1.1.9
NAME 'yubikeyId'
DESC 'first 12 characters of yubikey OTP'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: ( 1.3.6.1.4.1.43558.389.1.1.10
NAME 'shellEntitlements'
DESC 'DNs of shell entitlements groups the user belongs to'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
olcAttributeTypes: ( 1.3.6.1.4.1.43558.389.1.1.11
NAME 'country'
DESC 'Friendly name of the country the person lives in'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.43558.389.1.1.12
NAME 'msftAlias'
DESC 'Microsoft Alias'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.43558.389.1.1.13
NAME 'costCenterHierarchy'
DESC 'Cost Center Hierarchy'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.43558.389.1.1.14
NAME 'costCenter'
DESC 'Cost Center'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.43558.389.1.1.15
NAME 'managerDotcomId'
DESC 'Manager dotcom ID'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
olcObjectClasses: ( 1.3.6.1.4.1.43558.389.1.2.1
NAME 'githubDotcomUser'
DESC 'A GitHub User Account'
SUP top
AUXILIARY
MUST githubDotcomId )
olcObjectClasses: ( 1.3.6.1.4.1.43558.389.1.2.2
NAME 'campfireUser'
DESC 'A Camfire User Account'
SUP top AUXILIARY
MUST campfireId )
olcObjectClasses: ( 1.3.6.1.4.1.43558.389.1.2.3
NAME 'lastPassUser'
DESC 'LastPass user attributes'
SUP top
AUXILIARY
MUST lastPassEmail )
olcObjectClasses: ( 1.3.6.1.4.1.43558.389.1.2.4
NAME 'slackUser'
DESC 'Slack account user attributes'
SUP top
AUXILIARY
MUST slackId )
olcObjectClasses: ( 1.3.6.1.4.1.43558.389.1.2.5
NAME 'amazonWSUser'
DESC 'Amazon Web Services User'
SUP top
AUXILIARY
MUST amazonResourceName )
olcObjectClasses: ( 1.3.6.1.4.1.43558.389.1.2.6
NAME 'pagerDutyUser'
DESC 'PagerDuty User'
SUP top
AUXILIARY
MUST pagerDutyEmail )
olcObjectClasses: ( 1.3.6.1.4.1.43558.389.1.2.7
NAME 'herokuUser'
DESC 'Heroku User'
SUP top
AUXILIARY
MUST herokuEmail )
olcObjectClasses: ( 1.3.6.1.4.1.43558.389.1.2.8
NAME 'blujeansUser'
DESC 'Bluejeans User'
SUP top AUXILIARY
MUST bluejeansEmail )
olcObjectClasses: ( 1.3.6.1.4.1.43558.389.1.2.9
NAME 'yubikeyUser'
DESC 'Yubikey User'
SUP top
AUXILIARY
MUST yubikeyId )
olcObjectClasses: ( 1.3.6.1.4.1.43558.389.1.2.10
NAME 'entitlementsUser'
DESC 'Entitlements User'
SUP top
AUXILIARY
MAY shellEntitlements )
olcObjectClasses: ( 1.3.6.1.4.1.43558.389.1.2.11
NAME 'countryPerson'
DESC 'A Person who lives in a Country'
SUP top
AUXILIARY
MAY country )
olcObjectClasses: ( 1.3.6.1.4.1.43558.389.2.2.1
NAME 'githubPerson'
DESC 'A Hubber (or contractor)'
SUP top
AUXILIARY
MAY (msftAlias $ country $ costCenterHierarchy $ costCenter $ managerDotcomId))

69
script/ldap-server/schema/inetorgperson.ldif Normal file
Просмотреть файл

@ -0,0 +1,69 @@
# InetOrgPerson (RFC2798)
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2014 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
#
# InetOrgPerson (RFC2798)
#
# Depends upon
# Definition of an X.500 Attribute Type and an Object Class to Hold
# Uniform Resource Identifiers (URIs) [RFC2079]
# (core.ldif)
#
# A Summary of the X.500(96) User Schema for use with LDAPv3 [RFC2256]
# (core.ldif)
#
# The COSINE and Internet X.500 Schema [RFC1274] (cosine.ldif)
#
# This file was automatically generated from inetorgperson.schema; see
# that file for complete references.
#
dn: cn=inetorgperson,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: inetorgperson
olcAttributeTypes: ( 2.16.840.1.113730.3.1.1 NAME 'carLicense' DESC 'RFC279
8: vehicle license or registration plate' EQUALITY caseIgnoreMatch SUBSTR cas
eIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: ( 2.16.840.1.113730.3.1.2 NAME 'departmentNumber' DESC '
RFC2798: identifies a department within an organization' EQUALITY caseIgnoreM
atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: ( 2.16.840.1.113730.3.1.241 NAME 'displayName' DESC 'RFC
2798: preferred name to be used when displaying entries' EQUALITY caseIgnoreM
atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI
NGLE-VALUE )
olcAttributeTypes: ( 2.16.840.1.113730.3.1.3 NAME 'employeeNumber' DESC 'RF
C2798: numerically identifies an employee within an organization' EQUALITY ca
seIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12
1.1.15 SINGLE-VALUE )
olcAttributeTypes: ( 2.16.840.1.113730.3.1.4 NAME 'employeeType' DESC 'RFC2
798: type of employment for a person' EQUALITY caseIgnoreMatch SUBSTR caseIgn
oreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' DESC 'RFC2
798: a JPEG image' SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 )
olcAttributeTypes: ( 2.16.840.1.113730.3.1.39 NAME 'preferredLanguage' DESC
'RFC2798: preferred written or spoken language for a person' EQUALITY caseIg
noreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.
15 SINGLE-VALUE )
olcAttributeTypes: ( 2.16.840.1.113730.3.1.40 NAME 'userSMIMECertificate' D
ESC 'RFC2798: PKCS#7 SignedData used to support S/MIME' SYNTAX 1.3.6.1.4.1.14
66.115.121.1.5 )
olcAttributeTypes: ( 2.16.840.1.113730.3.1.216 NAME 'userPKCS12' DESC 'RFC2
798: personal identity information, a PKCS #12 PFX' SYNTAX 1.3.6.1.4.1.1466.1
15.121.1.5 )
olcObjectClasses: ( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson' DESC 'RFC2
798: Internet Organizational Person' SUP organizationalPerson STRUCTURAL MAY
( audio $ businessCategory $ carLicense $ departmentNumber $ displayName $ em
ployeeNumber $ employeeType $ givenName $ homePhone $ homePostalAddress $ ini
tials $ jpegPhoto $ labeledURI $ mail $ manager $ mobile $ o $ pager $ photo
$ roomNumber $ secretary $ uid $ userCertificate $ x500uniqueIdentifier $ pre
ferredLanguage $ userSMIMECertificate $ userPKCS12 ) )

59
script/ldap-server/schema/java.ldif Normal file
Просмотреть файл

@ -0,0 +1,59 @@
# java.ldif -- Java Object Schema
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2014 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
#
# Java Object Schema (defined in RFC 2713)
# depends upon core.ldif
#
# This file was automatically generated from java.schema; see that file
# for complete references.
#
dn: cn=java,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: java
olcAttributeTypes: {0}( 1.3.6.1.4.1.42.2.27.4.1.6 NAME 'javaClassName' DESC 'F
ully qualified name of distinguished Java class or interface' EQUALITY caseEx
actMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
olcAttributeTypes: {1}( 1.3.6.1.4.1.42.2.27.4.1.7 NAME 'javaCodebase' DESC 'UR
L(s) specifying the location of class definition' EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {2}( 1.3.6.1.4.1.42.2.27.4.1.13 NAME 'javaClassNames' DESC
'Fully qualified Java class or interface name' EQUALITY caseExactMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: {3}( 1.3.6.1.4.1.42.2.27.4.1.8 NAME 'javaSerializedData' DE
SC 'Serialized form of a Java object' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SI
NGLE-VALUE )
olcAttributeTypes: {4}( 1.3.6.1.4.1.42.2.27.4.1.10 NAME 'javaFactory' DESC 'Fu
lly qualified Java class name of a JNDI object factory' EQUALITY caseExactMat
ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
olcAttributeTypes: {5}( 1.3.6.1.4.1.42.2.27.4.1.11 NAME 'javaReferenceAddress'
DESC 'Addresses associated with a JNDI Reference' EQUALITY caseExactMatch SY
NTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: {6}( 1.3.6.1.4.1.42.2.27.4.1.12 NAME 'javaDoc' DESC 'The Ja
va documentation for the class' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1
.1466.115.121.1.26 )
olcObjectClasses: {0}( 1.3.6.1.4.1.42.2.27.4.2.1 NAME 'javaContainer' DESC 'Co
ntainer for a Java object' SUP top STRUCTURAL MUST cn )
olcObjectClasses: {1}( 1.3.6.1.4.1.42.2.27.4.2.4 NAME 'javaObject' DESC 'Java
object representation' SUP top ABSTRACT MUST javaClassName MAY ( javaClassNam
es $ javaCodebase $ javaDoc $ description ) )
olcObjectClasses: {2}( 1.3.6.1.4.1.42.2.27.4.2.5 NAME 'javaSerializedObject' D
ESC 'Java serialized object' SUP javaObject AUXILIARY MUST javaSerializedData
)
olcObjectClasses: {3}( 1.3.6.1.4.1.42.2.27.4.2.8 NAME 'javaMarshalledObject' D
ESC 'Java marshalled object' SUP javaObject AUXILIARY MUST javaSerializedData
)
olcObjectClasses: {4}( 1.3.6.1.4.1.42.2.27.4.2.7 NAME 'javaNamingReference' DE
SC 'JNDI reference' SUP javaObject AUXILIARY MAY ( javaReferenceAddress $ jav
aFactory ) )

45
script/ldap-server/schema/misc.ldif Normal file
Просмотреть файл

@ -0,0 +1,45 @@
# misc.ldif -- assorted schema definitions
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2014 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
#
# Assorted definitions from several sources, including
# ''works in progress''. Contents of this file are
# subject to change (including deletion) without notice.
#
# Not recommended for production use!
# Use with extreme caution!
#
# This file was automatically generated from misc.schema; see that file
# for complete references.
#
dn: cn=misc,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: misc
olcAttributeTypes: {0}( 2.16.840.1.113730.3.1.13 NAME 'mailLocalAddress' DESC
'RFC822 email address of this recipient' EQUALITY caseIgnoreIA5Match SYNTAX 1
.3.6.1.4.1.1466.115.121.1.26{256} )
olcAttributeTypes: {1}( 2.16.840.1.113730.3.1.18 NAME 'mailHost' DESC 'FQDN of
the SMTP/MTA of this recipient' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4
.1.1466.115.121.1.26{256} SINGLE-VALUE )
olcAttributeTypes: {2}( 2.16.840.1.113730.3.1.47 NAME 'mailRoutingAddress' DES
C 'RFC822 routing address of this recipient' EQUALITY caseIgnoreIA5Match SYNT
AX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )
olcAttributeTypes: {3}( 1.3.6.1.4.1.42.2.27.2.1.15 NAME 'rfc822MailMember' DES
C 'rfc822 mail address of group member(s)' EQUALITY caseIgnoreIA5Match SYNTAX
1.3.6.1.4.1.1466.115.121.1.26 )
olcObjectClasses: {0}( 2.16.840.1.113730.3.2.147 NAME 'inetLocalMailRecipient'
DESC 'Internet local mail recipient' SUP top AUXILIARY MAY ( mailLocalAddres
s $ mailHost $ mailRoutingAddress ) )
olcObjectClasses: {1}( 1.3.6.1.4.1.42.2.27.1.2.5 NAME 'nisMailAlias' DESC 'NIS
mail alias' SUP top STRUCTURAL MUST cn MAY rfc822MailMember )

120
script/ldap-server/schema/nis.ldif Normal file
Просмотреть файл

@ -0,0 +1,120 @@
# NIS (RFC2307)
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2014 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
#
# Definitions from RFC2307 (Experimental)
# An Approach for Using LDAP as a Network Information Service
#
# Depends upon core.ldif and cosine.ldif
#
# This file was automatically generated from nis.schema; see that file
# for complete references.
#
dn: cn=nis,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: nis
olcAttributeTypes: ( 1.3.6.1.1.1.1.2 NAME 'gecos' DESC 'The GECOS field; th
e common name' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatc
h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory' DESC 'The absolut
e path to the home directory' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1
466.115.121.1.26 SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.1.1.1.4 NAME 'loginShell' DESC 'The path to th
e login shell' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.2
6 SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' EQUALITY integ
erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.1.1.1.6 NAME 'shadowMin' EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.1.1.1.7 NAME 'shadowMax' EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning' EQUALITY integerM
atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive' EQUALITY integer
Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire' EQUALITY integerM
atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag' EQUALITY integerMat
ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.1.1.1.12 NAME 'memberUid' EQUALITY caseExactI
A5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.
26 )
olcAttributeTypes: ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup' EQUALITY ca
seExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.11
5.121.1.26 )
olcAttributeTypes: ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' DESC 'Netgr
oup triple' SYNTAX 1.3.6.1.1.1.0.0 )
olcAttributeTypes: ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort' EQUALITY intege
rMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol' SUP name )
olcAttributeTypes: ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber' EQUALITY int
egerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber' EQUALITY integer
Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber' DESC 'IP address
' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
olcAttributeTypes: ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber' DESC 'IP netw
ork' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SI
NGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber' DESC 'IP netm
ask' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SI
NGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.1.1.1.22 NAME 'macAddress' DESC 'MAC address'
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
olcAttributeTypes: ( 1.3.6.1.1.1.1.23 NAME 'bootParameter' DESC 'rpc.bootp
aramd parameter' SYNTAX 1.3.6.1.1.1.0.1 )
olcAttributeTypes: ( 1.3.6.1.1.1.1.24 NAME 'bootFile' DESC 'Boot image nam
e' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: ( 1.3.6.1.1.1.1.26 NAME 'nisMapName' SUP name )
olcAttributeTypes: ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry' EQUALITY caseExac
tIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.
1.26{1024} SINGLE-VALUE )
olcObjectClasses: ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' DESC 'Abstraction o
f an account with POSIX attributes' SUP top AUXILIARY MUST ( cn $ uid $ uidNu
mber $ gidNumber $ homeDirectory ) MAY ( userPassword $ loginShell $ gecos $
description ) )
olcObjectClasses: ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' DESC 'Additional a
ttributes for shadow passwords' SUP top AUXILIARY MUST uid MAY ( userPassword
$ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive
$ shadowExpire $ shadowFlag $ description ) )
olcObjectClasses: ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' DESC 'Abstraction of
a group of accounts' SUP top STRUCTURAL MUST ( cn $ gidNumber ) MAY ( userPas
sword $ memberUid $ description ) )
olcObjectClasses: ( 1.3.6.1.1.1.2.3 NAME 'ipService' DESC 'Abstraction an I
nternet Protocol service' SUP top STRUCTURAL MUST ( cn $ ipServicePort $ ipSe
rviceProtocol ) MAY description )
olcObjectClasses: ( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' DESC 'Abstraction of
an IP protocol' SUP top STRUCTURAL MUST ( cn $ ipProtocolNumber $ description
) MAY description )
olcObjectClasses: ( 1.3.6.1.1.1.2.5 NAME 'oncRpc' DESC 'Abstraction of an O
NC/RPC binding' SUP top STRUCTURAL MUST ( cn $ oncRpcNumber $ description ) M
AY description )
olcObjectClasses: ( 1.3.6.1.1.1.2.6 NAME 'ipHost' DESC 'Abstraction of a ho
st, an IP device' SUP top AUXILIARY MUST ( cn $ ipHostNumber ) MAY ( l $ desc
ription $ manager ) )
olcObjectClasses: ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' DESC 'Abstraction of a
n IP network' SUP top STRUCTURAL MUST ( cn $ ipNetworkNumber ) MAY ( ipNetmas
kNumber $ l $ description $ manager ) )
olcObjectClasses: ( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' DESC 'Abstraction of
a netgroup' SUP top STRUCTURAL MUST cn MAY ( nisNetgroupTriple $ memberNisNe
tgroup $ description ) )
olcObjectClasses: ( 1.3.6.1.1.1.2.9 NAME 'nisMap' DESC 'A generic abstracti
on of a NIS map' SUP top STRUCTURAL MUST nisMapName MAY description )
olcObjectClasses: ( 1.3.6.1.1.1.2.10 NAME 'nisObject' DESC 'An entry in a
NIS map' SUP top STRUCTURAL MUST ( cn $ nisMapEntry $ nisMapName ) MAY descri
ption )
olcObjectClasses: ( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' DESC 'A device w
ith a MAC address' SUP top AUXILIARY MAY macAddress )
olcObjectClasses: ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' DESC 'A device
with boot parameters' SUP top AUXILIARY MAY ( bootFile $ bootParameter ) )

14
script/ldap-server/schema/nssldap.ldif Normal file
Просмотреть файл

@ -0,0 +1,14 @@
# LDAP Name Service Additional Schema
# http://www.iana.org/assignments/gssapi-service-names
dn: cn=nssldap,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: nssldap
olcAttributeTypes: {0}( 1.3.6.1.4.1.5322.17.2.1 NAME 'authorizedService' DESC
'IANA GSS-API authorized service name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.
1.4.1.1466.115.121.1.15{256} X-ORIGIN 'NSS LDAP schema')
olcObjectClasses: {0}( 1.3.6.1.4.1.5322.17.1.1 NAME 'authorizedServiceObject'
DESC 'Auxiliary object class for adding authorizedService attribute' SUP top
AUXILIARY MAY authorizedService X-ORIGIN 'NSS LDAP schema')
olcObjectClasses: {1}( 1.3.6.1.4.1.5322.17.1.2 NAME 'hostObject' DESC 'Auxilia
ry object class for adding host attribute' SUP top AUXILIARY MAY host X-ORIGI
N 'NSS LDAP schema')

88
script/ldap-server/schema/openldap.ldif Normal file
Просмотреть файл

@ -0,0 +1,88 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2014 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
#
#
# OpenLDAP Project's directory schema items
#
# depends upon:
# core.schema
# cosine.schema
# inetorgperson.schema
#
# These are provided for informational purposes only.
#
# This openldap.ldif file is provided as a demonstration of how to
# convert a *.schema file into *.ldif format. The key points:
# In LDIF, a blank line terminates an entry. Blank lines in a *.schema
# file should be replaced with a single '#' to turn them into
# comments, or they should just be removed.
# In addition to the actual schema directives, the file needs a small
# header to make it a valid LDAP entry. This header must provide the
# dn of the entry, the objectClass, and the cn, as shown here:
#
dn: cn=openldap,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: openldap
#
# The schema directives need to be changed to LDAP Attributes.
# First a basic string substitution can be done on each of the keywords:
# objectIdentifier -> olcObjectIdentifier:
# objectClass -> olcObjectClasses:
# attributeType -> olcAttributeTypes:
# Then leading whitespace must be fixed. The slapd.conf format allows
# tabs or spaces to denote line continuation, while LDIF only allows
# the space character.
# Also slapd.conf preserves the continuation character, while LDIF strips
# it out. So a single TAB/SPACE in slapd.conf must be replaced with
# two SPACEs in LDIF, otherwise the continued text may get joined as
# a single word.
# The directives must be listed in a proper sequence:
# All olcObjectIdentifiers must be first, so they may be referenced by
# any following definitions.
# All olcAttributeTypes must be next, so they may be referenced by any
# following objectClass definitions.
# All olcObjectClasses must be after the olcAttributeTypes.
# And of course, any superior must occur before anything that inherits
# from it.
#
olcObjectIdentifier: OpenLDAProot 1.3.6.1.4.1.4203
#
olcObjectIdentifier: OpenLDAP OpenLDAProot:1
olcObjectIdentifier: OpenLDAPattributeType OpenLDAP:3
olcObjectIdentifier: OpenLDAPobjectClass OpenLDAP:4
#
olcObjectClasses: ( OpenLDAPobjectClass:3
NAME 'OpenLDAPorg'
DESC 'OpenLDAP Organizational Object'
SUP organization
MAY ( buildingName $ displayName $ labeledURI ) )
#
olcObjectClasses: ( OpenLDAPobjectClass:4
NAME 'OpenLDAPou'
DESC 'OpenLDAP Organizational Unit Object'
SUP organizationalUnit
MAY ( buildingName $ displayName $ labeledURI $ o ) )
#
olcObjectClasses: ( OpenLDAPobjectClass:5
NAME 'OpenLDAPperson'
DESC 'OpenLDAP Person'
SUP ( pilotPerson $ inetOrgPerson )
MUST ( uid $ cn )
MAY ( givenName $ labeledURI $ o ) )
#
olcObjectClasses: ( OpenLDAPobjectClass:6
NAME 'OpenLDAPdisplayableObject'
DESC 'OpenLDAP Displayable Object'
AUXILIARY
MAY displayName )

123
script/ldap-server/schema/pmi.ldif Normal file
Просмотреть файл

@ -0,0 +1,123 @@
# OpenLDAP X.509 PMI schema
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2014 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
#
## Portions Copyright (C) The Internet Society (1997-2006).
## All Rights Reserved.
#
# Includes LDAPv3 schema items from:
# ITU X.509 (08/2005)
#
# This file was automatically generated from pmi.schema; see that file
# for complete references.
#
dn: cn=pmi,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: pmi
olcObjectIdentifier: {0}id-oc-pmiUser 2.5.6.24
olcObjectIdentifier: {1}id-oc-pmiAA 2.5.6.25
olcObjectIdentifier: {2}id-oc-pmiSOA 2.5.6.26
olcObjectIdentifier: {3}id-oc-attCertCRLDistributionPts 2.5.6.27
olcObjectIdentifier: {4}id-oc-privilegePolicy 2.5.6.32
olcObjectIdentifier: {5}id-oc-pmiDelegationPath 2.5.6.33
olcObjectIdentifier: {6}id-oc-protectedPrivilegePolicy 2.5.6.34
olcObjectIdentifier: {7}id-at-attributeCertificate 2.5.4.58
olcObjectIdentifier: {8}id-at-attributeCertificateRevocationList 2.5.4.59
olcObjectIdentifier: {9}id-at-aACertificate 2.5.4.61
olcObjectIdentifier: {10}id-at-attributeDescriptorCertificate 2.5.4.62
olcObjectIdentifier: {11}id-at-attributeAuthorityRevocationList 2.5.4.63
olcObjectIdentifier: {12}id-at-privPolicy 2.5.4.71
olcObjectIdentifier: {13}id-at-role 2.5.4.72
olcObjectIdentifier: {14}id-at-delegationPath 2.5.4.73
olcObjectIdentifier: {15}id-at-protPrivPolicy 2.5.4.74
olcObjectIdentifier: {16}id-at-xMLPrivilegeInfo 2.5.4.75
olcObjectIdentifier: {17}id-at-xMLPprotPrivPolicy 2.5.4.76
olcObjectIdentifier: {18}id-mr 2.5.13
olcObjectIdentifier: {19}id-mr-attributeCertificateMatch id-mr:42
olcObjectIdentifier: {20}id-mr-attributeCertificateExactMatch id-mr:45
olcObjectIdentifier: {21}id-mr-holderIssuerMatch id-mr:46
olcObjectIdentifier: {22}id-mr-authAttIdMatch id-mr:53
olcObjectIdentifier: {23}id-mr-roleSpecCertIdMatch id-mr:54
olcObjectIdentifier: {24}id-mr-basicAttConstraintsMatch id-mr:55
olcObjectIdentifier: {25}id-mr-delegatedNameConstraintsMatch id-mr:56
olcObjectIdentifier: {26}id-mr-timeSpecMatch id-mr:57
olcObjectIdentifier: {27}id-mr-attDescriptorMatch id-mr:58
olcObjectIdentifier: {28}id-mr-acceptableCertPoliciesMatch id-mr:59
olcObjectIdentifier: {29}id-mr-delegationPathMatch id-mr:61
olcObjectIdentifier: {30}id-mr-sOAIdentifierMatch id-mr:66
olcObjectIdentifier: {31}id-mr-indirectIssuerMatch id-mr:67
olcObjectIdentifier: {32}AttributeCertificate 1.3.6.1.4.1.4203.666.11.10.2.1
olcObjectIdentifier: {33}CertificateList 1.3.6.1.4.1.1466.115.121.1.9
olcObjectIdentifier: {34}AttCertPath 1.3.6.1.4.1.4203.666.11.10.2.4
olcObjectIdentifier: {35}PolicySyntax 1.3.6.1.4.1.4203.666.11.10.2.5
olcObjectIdentifier: {36}RoleSyntax 1.3.6.1.4.1.4203.666.11.10.2.6
olcLdapSyntaxes: {0}( 1.3.6.1.4.1.4203.666.11.10.2.4 DESC 'X.509 PMI attribute
cartificate path: SEQUENCE OF AttributeCertificate' X-SUBST '1.3.6.1.4.1.146
6.115.121.1.15' )
olcLdapSyntaxes: {1}( 1.3.6.1.4.1.4203.666.11.10.2.5 DESC 'X.509 PMI policy sy
ntax' X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' )
olcLdapSyntaxes: {2}( 1.3.6.1.4.1.4203.666.11.10.2.6 DESC 'X.509 PMI role synt
ax' X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' )
olcAttributeTypes: {0}( id-at-role NAME 'role' DESC 'X.509 Role attribute, use
;binary' SYNTAX RoleSyntax )
olcAttributeTypes: {1}( id-at-xMLPrivilegeInfo NAME 'xmlPrivilegeInfo' DESC 'X
.509 XML privilege information attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1
5 )
olcAttributeTypes: {2}( id-at-attributeCertificate NAME 'attributeCertificateA
ttribute' DESC 'X.509 Attribute certificate attribute, use ;binary' EQUALITY
attributeCertificateExactMatch SYNTAX AttributeCertificate )
olcAttributeTypes: {3}( id-at-aACertificate NAME 'aACertificate' DESC 'X.509 A
A certificate attribute, use ;binary' EQUALITY attributeCertificateExactMatch
SYNTAX AttributeCertificate )
olcAttributeTypes: {4}( id-at-attributeDescriptorCertificate NAME 'attributeDe
scriptorCertificate' DESC 'X.509 Attribute descriptor certificate attribute,
use ;binary' EQUALITY attributeCertificateExactMatch SYNTAX AttributeCertific
ate )
olcAttributeTypes: {5}( id-at-attributeCertificateRevocationList NAME 'attribu
teCertificateRevocationList' DESC 'X.509 Attribute certificate revocation lis
t attribute, use ;binary' SYNTAX CertificateList X-EQUALITY 'certificateListE
xactMatch, not implemented yet' )
olcAttributeTypes: {6}( id-at-attributeAuthorityRevocationList NAME 'attribute
AuthorityRevocationList' DESC 'X.509 AA certificate revocation list attribute
, use ;binary' SYNTAX CertificateList X-EQUALITY 'certificateListExactMatch,
not implemented yet' )
olcAttributeTypes: {7}( id-at-delegationPath NAME 'delegationPath' DESC 'X.509
Delegation path attribute, use ;binary' SYNTAX AttCertPath )
olcAttributeTypes: {8}( id-at-privPolicy NAME 'privPolicy' DESC 'X.509 Privile
ge policy attribute, use ;binary' SYNTAX PolicySyntax )
olcAttributeTypes: {9}( id-at-protPrivPolicy NAME 'protPrivPolicy' DESC 'X.509
Protected privilege policy attribute, use ;binary' EQUALITY attributeCertifi
cateExactMatch SYNTAX AttributeCertificate )
olcAttributeTypes: {10}( id-at-xMLPprotPrivPolicy NAME 'xmlPrivPolicy' DESC 'X
.509 XML Protected privilege policy attribute' SYNTAX 1.3.6.1.4.1.1466.115.12
1.1.15 )
olcObjectClasses: {0}( id-oc-pmiUser NAME 'pmiUser' DESC 'X.509 PMI user objec
t class' SUP top AUXILIARY MAY attributeCertificateAttribute )
olcObjectClasses: {1}( id-oc-pmiAA NAME 'pmiAA' DESC 'X.509 PMI AA object clas
s' SUP top AUXILIARY MAY ( aACertificate $ attributeCertificateRevocationList
$ attributeAuthorityRevocationList ) )
olcObjectClasses: {2}( id-oc-pmiSOA NAME 'pmiSOA' DESC 'X.509 PMI SOA object c
lass' SUP top AUXILIARY MAY ( attributeCertificateRevocationList $ attributeA
uthorityRevocationList $ attributeDescriptorCertificate ) )
olcObjectClasses: {3}( id-oc-attCertCRLDistributionPts NAME 'attCertCRLDistrib
utionPt' DESC 'X.509 Attribute certificate CRL distribution point object clas
s' SUP top AUXILIARY MAY ( attributeCertificateRevocationList $ attributeAuth
orityRevocationList ) )
olcObjectClasses: {4}( id-oc-pmiDelegationPath NAME 'pmiDelegationPath' DESC '
X.509 PMI delegation path' SUP top AUXILIARY MAY delegationPath )
olcObjectClasses: {5}( id-oc-privilegePolicy NAME 'privilegePolicy' DESC 'X.50
9 Privilege policy object class' SUP top AUXILIARY MAY privPolicy )
olcObjectClasses: {6}( id-oc-protectedPrivilegePolicy NAME 'protectedPrivilege
Policy' DESC 'X.509 Protected privilege policy object class' SUP top AUXILIAR
Y MAY protPrivPolicy )

11
script/ldap-server/schema/postfix.ldif Normal file
Просмотреть файл

@ -0,0 +1,11 @@
dn: cn=postfix,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: postfix
olcAttributeTypes: {0}( 1.3.6.1.4.1.4203.666.1.200 NAME 'mailacceptinggenerali
d' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4
.1.1466.115.121.1.15{1024} )
olcAttributeTypes: {1}( 1.3.6.1.4.1.4203.666.1.201 NAME 'maildrop' EQUALITY ca
seIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12
1.1.15{1024} )
olcObjectClasses: {0}( 1.3.6.1.4.1.4203.666.1.100 NAME 'postfixUser' DESC 'Pos
tfix Mail User' SUP top AUXILIARY MAY ( mailacceptinggeneralid $ maildrop ) )

84
script/ldap-server/schema/ppolicy.ldif Normal file
Просмотреть файл

@ -0,0 +1,84 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 2004-2014 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
#
## Portions Copyright (C) The Internet Society (2004).
## Please see full copyright statement below.
#
# Definitions from Draft behera-ldap-password-policy-07 (a work in progress)
# Password Policy for LDAP Directories
# With extensions from Hewlett-Packard:
# pwdCheckModule etc.
#
# Contents of this file are subject to change (including deletion)
# without notice.
#
# Not recommended for production use!
# Use with extreme caution!
#
# This file was automatically generated from ppolicy.schema; see that file
# for complete references.
#
dn: cn=ppolicy,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: ppolicy
olcAttributeTypes: {0}( 1.3.6.1.4.1.42.2.27.8.1.1 NAME 'pwdAttribute' EQUALITY
objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
olcAttributeTypes: {1}( 1.3.6.1.4.1.42.2.27.8.1.2 NAME 'pwdMinAge' EQUALITY in
tegerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
olcAttributeTypes: {2}( 1.3.6.1.4.1.42.2.27.8.1.3 NAME 'pwdMaxAge' EQUALITY in
tegerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
olcAttributeTypes: {3}( 1.3.6.1.4.1.42.2.27.8.1.4 NAME 'pwdInHistory' EQUALITY
integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1
.27 SINGLE-VALUE )
olcAttributeTypes: {4}( 1.3.6.1.4.1.42.2.27.8.1.5 NAME 'pwdCheckQuality' EQUAL
ITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.12
1.1.27 SINGLE-VALUE )
olcAttributeTypes: {5}( 1.3.6.1.4.1.42.2.27.8.1.6 NAME 'pwdMinLength' EQUALITY
integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.
1.27 SINGLE-VALUE )
olcAttributeTypes: {6}( 1.3.6.1.4.1.42.2.27.8.1.7 NAME 'pwdExpireWarning' EQUA
LITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.
121.1.27 SINGLE-VALUE )
olcAttributeTypes: {7}( 1.3.6.1.4.1.42.2.27.8.1.8 NAME 'pwdGraceAuthNLimit' EQ
UALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.11
5.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {8}( 1.3.6.1.4.1.42.2.27.8.1.9 NAME 'pwdLockout' EQUALITY b
ooleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
olcAttributeTypes: {9}( 1.3.6.1.4.1.42.2.27.8.1.10 NAME 'pwdLockoutDuration' E
QUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.1
15.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {10}( 1.3.6.1.4.1.42.2.27.8.1.11 NAME 'pwdMaxFailure' EQUAL
ITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.1
21.1.27 SINGLE-VALUE )
olcAttributeTypes: {11}( 1.3.6.1.4.1.42.2.27.8.1.12 NAME 'pwdFailureCountInter
val' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.
1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {12}( 1.3.6.1.4.1.42.2.27.8.1.13 NAME 'pwdMustChange' EQUAL
ITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
olcAttributeTypes: {13}( 1.3.6.1.4.1.42.2.27.8.1.14 NAME 'pwdAllowUserChange'
EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
olcAttributeTypes: {14}( 1.3.6.1.4.1.42.2.27.8.1.15 NAME 'pwdSafeModify' EQUAL
ITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
olcAttributeTypes: {15}( 1.3.6.1.4.1.4754.1.99.1 NAME 'pwdCheckModule' DESC 'L
oadable module that instantiates "check_password() function' EQUALITY caseExa
ctIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
olcObjectClasses: {0}( 1.3.6.1.4.1.4754.2.99.1 NAME 'pwdPolicyChecker' SUP top
AUXILIARY MAY pwdCheckModule )
olcObjectClasses: {1}( 1.3.6.1.4.1.42.2.27.8.2.1 NAME 'pwdPolicy' SUP top AUXI
LIARY MUST pwdAttribute MAY ( pwdMinAge $ pwdMaxAge $ pwdInHistory $ pwdCheck
Quality $ pwdMinLength $ pwdExpireWarning $ pwdGraceAuthNLimit $ pwdLockout $
pwdLockoutDuration $ pwdMaxFailure $ pwdFailureCountInterval $ pwdMustChange
$ pwdAllowUserChange $ pwdSafeModify ) )

18
script/ldap-server/schema/puppet.ldif Normal file
Просмотреть файл

@ -0,0 +1,18 @@
dn: cn=puppet,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: puppet
olcAttributeTypes: {0}( 1.3.6.1.4.1.34380.1.1.3.10 NAME 'puppetClass' DESC 'Pu
ppet Node Class' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.
1.26 )
olcAttributeTypes: {1}( 1.3.6.1.4.1.34380.1.1.3.9 NAME 'parentNode' DESC 'Pupp
et Parent Node' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1
.26 SINGLE-VALUE )
olcAttributeTypes: {2}( 1.3.6.1.4.1.34380.1.1.3.11 NAME 'environment' DESC 'Pu
ppet Node Environment' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.11
5.121.1.26 )
olcAttributeTypes: {3}( 1.3.6.1.4.1.34380.1.1.3.12 NAME 'puppetVar' DESC 'A va
riable setting for puppet' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.146
6.115.121.1.26 )
olcObjectClasses: {0}( 1.3.6.1.4.1.34380.1.1.1.2 NAME 'puppetClient' DESC 'Pup
pet Client objectclass' SUP top AUXILIARY MAY ( puppetclass $ parentnode $ en
vironment $ puppetvar ) )

9
script/ldap-server/schema/sshaccount.ldif Normal file
Просмотреть файл

@ -0,0 +1,9 @@
dn: cn=sshaccount,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: sshaccount
olcAttributeTypes: {0}( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey' DES
C 'MANDATORY: OpenSSH Public key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.
1.1466.115.121.1.40 )
olcObjectClasses: {0}( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' DESC
'MANDATORY: OpenSSH LPK objectclass' SUP top AUXILIARY MAY ( sshPublicKey $
uid ) )

21
script/ldap-server/schema/sudoers.ldif Normal file
Просмотреть файл

@ -0,0 +1,21 @@
dn: cn=sudoers,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: sudoers
olcAttributeTypes: {0}( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC 'User(s)
who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMa
tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {1}( 1.3.6.1.4.1.15953.9.1.2 NAME 'sudoHost' DESC 'Host(s)
who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMat
ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {2}( 1.3.6.1.4.1.15953.9.1.3 NAME 'sudoCommand' DESC 'Comma
nd(s) to be executed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1
466.115.121.1.26 )
olcAttributeTypes: {3}( 1.3.6.1.4.1.15953.9.1.4 NAME 'sudoRunAs' DESC 'User(s)
impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115
.121.1.26 )
olcAttributeTypes: {4}( 1.3.6.1.4.1.15953.9.1.5 NAME 'sudoOption' DESC 'Option
s(s) followed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115
.121.1.26 )
olcObjectClasses: {0}( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' DESC 'Sudoer En
tries' SUP top STRUCTURAL MUST cn MAY ( sudoUser $ sudoHost $ sudoCommand $ s
udoRunAs $ sudoOption $ description ) )

8
script/ldap-server/tls/dhparam.pem Normal file
Просмотреть файл

@ -0,0 +1,8 @@
-----BEGIN DH PARAMETERS-----
MIIBCAKCAQEA4iGvgrZB4kM8xNGTC8uWmyTnomeJqatPI3zq9K6AbNv6GmfIklGo
IigkeNLejRCMn7VdliXmwFwkQyGiuyLl77mXOfs4lnZTb3sCmt9YLBZIDp2gtfXG
ryaeB70hUrjAMct5W+AntW+5MB+pPPDizpoqpAfJXhJGF2JJSKfaikphEnLeCQM1
WSFe/AydjlyUH+9NsWwiIDB5y6/tTNA86cdVL8+jpq0zxgrN0Je3anvg1U0yQBB0
WAJ0A+ow7fzbqXNK80fg0GtB5mYg6gR1zEG/G4hC/19bOf1aa27YzTmQxVTSA3jO
E726UAV7gWWfTElxx6xuPnUqlUR+/iWPkwIBAg==
-----END DH PARAMETERS-----