154 lines
6.1 KiB
Plaintext
154 lines
6.1 KiB
Plaintext
|
# $OpenLDAP$
|
||
|
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
|
||
|
##
|
||
|
## Copyright 1998-2014 The OpenLDAP Foundation.
|
||
|
## All rights reserved.
|
||
|
##
|
||
|
## Redistribution and use in source and binary forms, with or without
|
||
|
## modification, are permitted only as authorized by the OpenLDAP
|
||
|
## Public License.
|
||
|
##
|
||
|
## A copy of this license is available in the file LICENSE in the
|
||
|
## top-level directory of the distribution or, alternatively, at
|
||
|
## <http://www.OpenLDAP.org/license.html>.
|
||
|
|
||
|
# DUA schema from draft-joslin-config-schema (a work in progress)
|
||
|
|
||
|
# Contents of this file are subject to change (including deletion)
|
||
|
# without notice.
|
||
|
#
|
||
|
# Not recommended for production use!
|
||
|
# Use with extreme caution!
|
||
|
|
||
|
## Notes:
|
||
|
## - The matching rule for attributes followReferrals and dereferenceAliases
|
||
|
## has been changed to booleanMatch since their syntax is boolean
|
||
|
## - There was a typo in the name of the dereferenceAliases attributeType
|
||
|
## in the DUAConfigProfile objectClass definition
|
||
|
## - Credit goes to the original Authors
|
||
|
|
||
|
# The version of this file as distributed by the OpenLDAP Foundation
|
||
|
# contains text from an IETF Internet-Draft explaining the schema.
|
||
|
# Unfortunately, that text is covered by a license that doesn't meet
|
||
|
# Debian's Free Software Guidelines. This is a stripped version of the
|
||
|
# schema that contains only the functional schema definition, not the text
|
||
|
# of the Internet-Draft.
|
||
|
#
|
||
|
# For an explanation of this schema, see
|
||
|
# draft-joslin-config-schema-07.txt.
|
||
|
|
||
|
objectidentifier DUAConfSchemaOID 1.3.6.1.4.1.11.1.3.1
|
||
|
|
||
|
attributeType ( DUAConfSchemaOID:1.0 NAME 'defaultServerList'
|
||
|
DESC 'Default LDAP server host address used by a DUA'
|
||
|
EQUALITY caseIgnoreMatch
|
||
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
|
||
|
SINGLE-VALUE )
|
||
|
|
||
|
attributeType ( DUAConfSchemaOID:1.1 NAME 'defaultSearchBase'
|
||
|
DESC 'Default LDAP base DN used by a DUA'
|
||
|
EQUALITY distinguishedNameMatch
|
||
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
|
||
|
SINGLE-VALUE )
|
||
|
|
||
|
attributeType ( DUAConfSchemaOID:1.2 NAME 'preferredServerList'
|
||
|
DESC 'Preferred LDAP server host addresses to be used by a
|
||
|
DUA'
|
||
|
EQUALITY caseIgnoreMatch
|
||
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
|
||
|
SINGLE-VALUE )
|
||
|
|
||
|
attributeType ( DUAConfSchemaOID:1.3 NAME 'searchTimeLimit'
|
||
|
DESC 'Maximum time in seconds a DUA should allow for a
|
||
|
search to complete'
|
||
|
EQUALITY integerMatch
|
||
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
||
|
SINGLE-VALUE )
|
||
|
|
||
|
attributeType ( DUAConfSchemaOID:1.4 NAME 'bindTimeLimit'
|
||
|
DESC 'Maximum time in seconds a DUA should allow for the
|
||
|
bind operation to complete'
|
||
|
EQUALITY integerMatch
|
||
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
||
|
SINGLE-VALUE )
|
||
|
|
||
|
attributeType ( DUAConfSchemaOID:1.5 NAME 'followReferrals'
|
||
|
DESC 'Tells DUA if it should follow referrals
|
||
|
returned by a DSA search result'
|
||
|
EQUALITY booleanMatch
|
||
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
|
||
|
SINGLE-VALUE )
|
||
|
|
||
|
attributeType ( DUAConfSchemaOID:1.16 NAME 'dereferenceAliases'
|
||
|
DESC 'Tells DUA if it should dereference aliases'
|
||
|
EQUALITY booleanMatch
|
||
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
|
||
|
SINGLE-VALUE )
|
||
|
|
||
|
attributeType ( DUAConfSchemaOID:1.6 NAME 'authenticationMethod'
|
||
|
DESC 'A keystring which identifies the type of
|
||
|
authentication method used to contact the DSA'
|
||
|
EQUALITY caseIgnoreMatch
|
||
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
|
||
|
SINGLE-VALUE )
|
||
|
|
||
|
attributeType ( DUAConfSchemaOID:1.7 NAME 'profileTTL'
|
||
|
DESC 'Time to live, in seconds, before a client DUA
|
||
|
should re-read this configuration profile'
|
||
|
EQUALITY integerMatch
|
||
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
||
|
SINGLE-VALUE )
|
||
|
|
||
|
attributeType ( DUAConfSchemaOID:1.14 NAME 'serviceSearchDescriptor'
|
||
|
DESC 'LDAP search descriptor list used by a DUA'
|
||
|
EQUALITY caseExactMatch
|
||
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
|
||
|
|
||
|
attributeType ( DUAConfSchemaOID:1.9 NAME 'attributeMap'
|
||
|
DESC 'Attribute mappings used by a DUA'
|
||
|
EQUALITY caseIgnoreIA5Match
|
||
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
||
|
|
||
|
attributeType ( DUAConfSchemaOID:1.10 NAME 'credentialLevel'
|
||
|
DESC 'Identifies type of credentials a DUA should
|
||
|
use when binding to the LDAP server'
|
||
|
EQUALITY caseIgnoreIA5Match
|
||
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
|
||
|
SINGLE-VALUE )
|
||
|
|
||
|
attributeType ( DUAConfSchemaOID:1.11 NAME 'objectclassMap'
|
||
|
DESC 'Objectclass mappings used by a DUA'
|
||
|
EQUALITY caseIgnoreIA5Match
|
||
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
||
|
|
||
|
attributeType ( DUAConfSchemaOID:1.12 NAME 'defaultSearchScope'
|
||
|
DESC 'Default search scope used by a DUA'
|
||
|
EQUALITY caseIgnoreIA5Match
|
||
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
|
||
|
SINGLE-VALUE )
|
||
|
|
||
|
attributeType ( DUAConfSchemaOID:1.13 NAME 'serviceCredentialLevel'
|
||
|
DESC 'Identifies type of credentials a DUA
|
||
|
should use when binding to the LDAP server for a
|
||
|
specific service'
|
||
|
EQUALITY caseIgnoreIA5Match
|
||
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
||
|
|
||
|
attributeType ( DUAConfSchemaOID:1.15 NAME 'serviceAuthenticationMethod'
|
||
|
DESC 'Authentication method used by a service of the DUA'
|
||
|
EQUALITY caseIgnoreMatch
|
||
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
|
||
|
|
||
|
objectClass ( DUAConfSchemaOID:2.5 NAME 'DUAConfigProfile'
|
||
|
SUP top STRUCTURAL
|
||
|
DESC 'Abstraction of a base configuration for a DUA'
|
||
|
MUST ( cn )
|
||
|
MAY ( defaultServerList $ preferredServerList $
|
||
|
defaultSearchBase $ defaultSearchScope $
|
||
|
searchTimeLimit $ bindTimeLimit $
|
||
|
credentialLevel $ authenticationMethod $
|
||
|
followReferrals $ dereferenceAliases $
|
||
|
serviceSearchDescriptor $ serviceCredentialLevel $
|
||
|
serviceAuthenticationMethod $ objectclassMap $
|
||
|
attributeMap $ profileTTL ) )
|