WMDE
/
puppet-wmdeit_ldap
2
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

Added all schema files to the module

This commit is contained in:
Tobias Herre 2020-08-18 15:33:36 +02:00
parent f011188434
commit 4c9d5bedd7
58 changed files with 10071 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
files/schema/admin-settings.schema Normal file
View File

@ -0,0 +1,46 @@
# Copyright 2004-2017 Univention GmbH
#
# http://www.univention.de/
#
# All rights reserved.
#
# The source code of this program is made available
# under the terms of the GNU Affero General Public License version 3
# (GNU AGPL V3) as published by the Free Software Foundation.
#
# Binary versions of this program provided by Univention to you as
# well as other copyrighted, protected or trademarked materials like
# Logos, graphics, fonts, specific documentations and configurations,
# cryptographic keys etc. are subject to a license agreement between
# you and Univention and not subject to the GNU AGPL V3.
#
# In the case you use this program under the terms of the GNU AGPL V3,
# the program is provided in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public
# License with the Debian GNU/Linux or Univention distribution in file
# /usr/share/common-licenses/AGPL-3; if not, see
# <http://www.gnu.org/licenses/>.
objectclass ( 1.3.6.1.4.1.10176.2011 NAME 'univentionAdminUserSettings'
SUP 'top' STRUCTURAL
DESC 'User settings for Univention Admin'
MUST ( uid )
MAY ( univentionAdminListDNs $ univentionAdminListWizards $ univentionAdminListWebModules $
univentionAdminBaseDN $ univentionAdminMayOverrideSettings $ univentionAdminShowSelf $
univentionAdminSelfAttributes $ univentionPolicyObject $ univentionDnsObject $
univentionDhcpObject $ univentionUsersObject $ univentionGroupsObject $
univentionComputersObject $ univentionNetworksObject $ univentionSharesObject $
univentionPrintersObject $ univentionAdminListAttributes $ univentionAdminListBrowseAttributes))
objectclass ( 1.3.6.1.4.1.10176.2012 NAME 'univentionAdminGlobalSettings'
SUP 'top' STRUCTURAL
DESC 'Global settings for Univention Admin'
MUST ( cn )
MAY ( univentionAdminListWizards $ univentionAdminListModules ))
ditcontentrule ( 1.3.6.1.4.1.10176.2011 NAME 'univentionAdminUserSettings' )
ditcontentrule ( 1.3.6.1.4.1.10176.2012 NAME 'univentionAdminGlobalSettings' )

37
files/schema/as400.schema Normal file
View File

@ -0,0 +1,37 @@
# Copyright 2004-2017 Univention GmbH
#
# http://www.univention.de/
#
# All rights reserved.
#
# The source code of this program is made available
# under the terms of the GNU Affero General Public License version 3
# (GNU AGPL V3) as published by the Free Software Foundation.
#
# Binary versions of this program provided by Univention to you as
# well as other copyrighted, protected or trademarked materials like
# Logos, graphics, fonts, specific documentations and configurations,
# cryptographic keys etc. are subject to a license agreement between
# you and Univention and not subject to the GNU AGPL V3.
#
# In the case you use this program under the terms of the GNU AGPL V3,
# the program is provided in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public
# License with the Debian GNU/Linux or Univention distribution in file
# /usr/share/common-licenses/AGPL-3; if not, see
# <http://www.gnu.org/licenses/>.
attributetype ( 1.3.6.1.4.1.10176.2.899 NAME 'as400screen'
DESC 'AS400 Screen'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
objectclass ( 1.3.6.1.4.1.10176.1.899 NAME 'as400term'
DESC 'AS400 Terminal'
SUP top AUXILIARY
MAY ( as400screen ) )

28
files/schema/automount.schema Normal file
View File

@ -0,0 +1,28 @@
# Depends upon core.schema and cosine.schema
# original schema
#
# OID Base is 1.3.6.1.4.1.2312.4
#
# Attribute types are under 1.3.6.1.4.1.2312.4.1
# Object classes are under 1.3.6.1.4.1.2312.4.2
# Syntaxes are under 1.3.6.1.4.1.2312.4.3
# univention schema (modified objectClass automount
#
# $OID: 1.3.6.1.4.1.10176.1001.4 (Shares/autofs) $
attributetype ( 1.3.6.1.1.1.1.25 NAME 'automountInformation'
DESC 'Information used by the autofs automounter'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
objectclass ( 1.3.6.1.4.1.10176.1001.4.1 NAME 'automount' SUP top AUXILIARY
DESC 'An entry in an automounter map'
MUST ( cn )
MAY ( description $ automountInformation ) )
objectclass ( 1.3.6.1.4.1.2312.4.2.2 NAME 'automountMap' SUP top STRUCTURAL
DESC 'An group of related automount objects'
MUST ( ou ) )

65
files/schema/collective.schema Normal file
View File

@ -0,0 +1,65 @@
# collective.schema -- Collective attribute schema
# $OpenLDAP: pkg/ldap/servers/slapd/schema/collective.schema,v 1.12.2.2 2007/08/31 23:14:06 quanah Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
#
# The version of this file as distributed by the OpenLDAP Foundation
# contains text from an IETF RFC explaining the schema. Unfortunately,
# that text is covered by a license that doesn't meet Debian's Free
# Software Guidelines. This is a stripped version of the schema that
# contains only the functional schema definition, not the text of the
# RFC.
#
# For an explanation of this schema, see RFC 3671, at (among other
# places): http://www.ietf.org/rfc/rfc3671.txt
attributeType ( 2.5.4.7.1 NAME 'c-l'
SUP l COLLECTIVE )
attributeType ( 2.5.4.8.1 NAME 'c-st'
SUP st COLLECTIVE )
attributeType ( 2.5.4.9.1 NAME 'c-street'
SUP street COLLECTIVE )
attributeType ( 2.5.4.10.1 NAME 'c-o'
SUP o COLLECTIVE )
attributeType ( 2.5.4.11.1 NAME 'c-ou'
SUP ou COLLECTIVE )
attributeType ( 2.5.4.16.1 NAME 'c-PostalAddress'
SUP postalAddress COLLECTIVE )
attributeType ( 2.5.4.17.1 NAME 'c-PostalCode'
SUP postalCode COLLECTIVE )
attributeType ( 2.5.4.18.1 NAME 'c-PostOfficeBox'
SUP postOfficeBox COLLECTIVE )
attributeType ( 2.5.4.19.1 NAME 'c-PhysicalDeliveryOfficeName'
SUP physicalDeliveryOfficeName COLLECTIVE )
attributeType ( 2.5.4.20.1 NAME 'c-TelephoneNumber'
SUP telephoneNumber COLLECTIVE )
attributeType ( 2.5.4.21.1 NAME 'c-TelexNumber'
SUP telexNumber COLLECTIVE )
attributeType ( 2.5.4.23.1 NAME 'c-FacsimileTelephoneNumber'
SUP facsimileTelephoneNumber COLLECTIVE )
attributeType ( 2.5.4.25.1 NAME 'c-InternationalISDNNumber'
SUP internationalISDNNumber COLLECTIVE )

61
files/schema/corba.schema Normal file
View File

@ -0,0 +1,61 @@
# corba.schema -- Corba Object Schema
# depends upon core.schema
# $OpenLDAP: pkg/ldap/servers/slapd/schema/corba.schema,v 1.4.2.3 2007/01/02 21:44:09 kurt Exp $
# $OpenLDAP: pkg/ldap/servers/slapd/schema/corba.schema,v 1.4.2.3 2007/01/02 21:44:09 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
#
# The version of this file as distributed by the OpenLDAP Foundation
# contains text from an IETF RFC explaining the schema. Unfortunately,
# that text is covered by a license that doesn't meet Debian's Free
# Software Guidelines. This is a stripped version of the schema that
# contains only the functional schema definition, not the text of the
# RFC.
#
# For an explanation of this schema, see RFC 2714, at (among other
# places): http://www.ietf.org/rfc/rfc2714.txt
attributetype ( 1.3.6.1.4.1.42.2.27.4.1.14
NAME 'corbaIor'
DESC 'Stringified interoperable object reference of a CORBA object'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.42.2.27.4.1.15
NAME 'corbaRepositoryId'
DESC 'Repository ids of interfaces implemented by a CORBA object'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
objectclass ( 1.3.6.1.4.1.42.2.27.4.2.10
NAME 'corbaContainer'
DESC 'Container for a CORBA object'
SUP top
STRUCTURAL
MUST cn )
objectclass ( 1.3.6.1.4.1.42.2.27.4.2.9
NAME 'corbaObject'
DESC 'CORBA object representation'
SUP top
ABSTRACT
MAY ( corbaRepositoryId $ description ) )
objectclass ( 1.3.6.1.4.1.42.2.27.4.2.11
NAME 'corbaObjectReference'
DESC 'CORBA interoperable object reference'
SUP corbaObject
AUXILIARY
MUST corbaIor )

624
files/schema/core.schema Normal file
View File

@ -0,0 +1,624 @@
# OpenLDAP Core schema
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2014 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
#
# The version of this file as distributed by the OpenLDAP Foundation
# contains text claiming copyright by the Internet Society and including
# the IETF RFC license, which does not meet Debian's Free Software
# Guidelines. However, apart from short and obvious comments, the text of
# this file is purely a functional interface specification, which is not
# subject to that license and is not copyrightable under US law.
#
# The license statement is retained below so as not to remove credit, but
# as best as we can determine, it is not applicable to the contents of
# this file.
## Portions Copyright (C) The Internet Society (1997-2006).
## All Rights Reserved.
##
## This document and translations of it may be copied and furnished to
## others, and derivative works that comment on or otherwise explain it
## or assist in its implementation may be prepared, copied, published
## and distributed, in whole or in part, without restriction of any
## kind, provided that the above copyright notice and this paragraph are
## included on all such copies and derivative works. However, this
## document itself may not be modified in any way, such as by removing
## the copyright notice or references to the Internet Society or other
## Internet organizations, except as needed for the purpose of
## developing Internet standards in which case the procedures for
## copyrights defined in the Internet Standards process must be
## followed, or as required to translate it into languages other than
## English.
##
## The limited permissions granted above are perpetual and will not be
## revoked by the Internet Society or its successors or assigns.
##
## This document and the information contained herein is provided on an
## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
#
#
# Includes LDAPv3 schema items from:
# RFC 2252/2256 (LDAPv3)
#
# Select standard track schema items:
# RFC 1274 (uid/dc)
# RFC 2079 (URI)
# RFC 2247 (dc/dcObject)
# RFC 2587 (PKI)
# RFC 2589 (Dynamic Directory Services)
# RFC 4524 (associatedDomain)
#
# Select informational schema items:
# RFC 2377 (uidObject)
#
# Standard attribute types from RFC 2256
#
# system schema
#attributetype ( 2.5.4.0 NAME 'objectClass'
# DESC 'RFC2256: object classes of the entity'
# EQUALITY objectIdentifierMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
# system schema
#attributetype ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' )
# DESC 'RFC2256: name of aliased object'
# EQUALITY distinguishedNameMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
attributetype ( 2.5.4.2 NAME 'knowledgeInformation'
DESC 'RFC2256: knowledge information'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
# system schema
#attributetype ( 2.5.4.3 NAME ( 'cn' 'commonName' )
# DESC 'RFC2256: common name(s) for which the entity is known by'
# SUP name )
attributetype ( 2.5.4.4 NAME ( 'sn' 'surname' )
DESC 'RFC2256: last (family) name(s) for which the entity is known by'
SUP name )
attributetype ( 2.5.4.5 NAME 'serialNumber'
DESC 'RFC2256: serial number of the entity'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} )
# RFC 4519 definition ('countryName' in X.500 and RFC2256)
attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' )
DESC 'RFC4519: two-letter ISO-3166 country code'
SUP name
SYNTAX 1.3.6.1.4.1.1466.115.121.1.11
SINGLE-VALUE )
#attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' )
# DESC 'RFC2256: ISO-3166 country 2-letter code'
# SUP name SINGLE-VALUE )
attributetype ( 2.5.4.7 NAME ( 'l' 'localityName' )
DESC 'RFC2256: locality which this object resides in'
SUP name )
attributetype ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' )
DESC 'RFC2256: state or province which this object resides in'
SUP name )
attributetype ( 2.5.4.9 NAME ( 'street' 'streetAddress' )
DESC 'RFC2256: street address of this object'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
attributetype ( 2.5.4.10 NAME ( 'o' 'organizationName' )
DESC 'RFC2256: organization this object belongs to'
SUP name )
attributetype ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' )
DESC 'RFC2256: organizational unit this object belongs to'
SUP name )
attributetype ( 2.5.4.12 NAME 'title'
DESC 'RFC2256: title associated with the entity'
SUP name )
# system schema
#attributetype ( 2.5.4.13 NAME 'description'
# DESC 'RFC2256: descriptive information'
# EQUALITY caseIgnoreMatch
# SUBSTR caseIgnoreSubstringsMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
# Deprecated by enhancedSearchGuide
attributetype ( 2.5.4.14 NAME 'searchGuide'
DESC 'RFC2256: search guide, deprecated by enhancedSearchGuide'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 )
attributetype ( 2.5.4.15 NAME 'businessCategory'
DESC 'RFC2256: business category'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
attributetype ( 2.5.4.16 NAME 'postalAddress'
DESC 'RFC2256: postal address'
EQUALITY caseIgnoreListMatch
SUBSTR caseIgnoreListSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
attributetype ( 2.5.4.17 NAME 'postalCode'
DESC 'RFC2256: postal code'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
attributetype ( 2.5.4.18 NAME 'postOfficeBox'
DESC 'RFC2256: Post Office Box'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
attributetype ( 2.5.4.19 NAME 'physicalDeliveryOfficeName'
DESC 'RFC2256: Physical Delivery Office Name'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
attributetype ( 2.5.4.20 NAME 'telephoneNumber'
DESC 'RFC2256: Telephone Number'
EQUALITY telephoneNumberMatch
SUBSTR telephoneNumberSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} )
attributetype ( 2.5.4.21 NAME 'telexNumber'
DESC 'RFC2256: Telex Number'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 )
attributetype ( 2.5.4.22 NAME 'teletexTerminalIdentifier'
DESC 'RFC2256: Teletex Terminal Identifier'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 )
attributetype ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' )
DESC 'RFC2256: Facsimile (Fax) Telephone Number'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} )
attributetype ( 2.5.4.24 NAME 'x121Address'
DESC 'RFC2256: X.121 Address'
EQUALITY numericStringMatch
SUBSTR numericStringSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} )
attributetype ( 2.5.4.25 NAME 'internationaliSDNNumber'
DESC 'RFC2256: international ISDN number'
EQUALITY numericStringMatch
SUBSTR numericStringSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} )
attributetype ( 2.5.4.26 NAME 'registeredAddress'
DESC 'RFC2256: registered postal address'
SUP postalAddress
SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
attributetype ( 2.5.4.27 NAME 'destinationIndicator'
DESC 'RFC2256: destination indicator'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} )
attributetype ( 2.5.4.28 NAME 'preferredDeliveryMethod'
DESC 'RFC2256: preferred delivery method'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.14
SINGLE-VALUE )
attributetype ( 2.5.4.29 NAME 'presentationAddress'
DESC 'RFC2256: presentation address'
EQUALITY presentationAddressMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.43
SINGLE-VALUE )
attributetype ( 2.5.4.30 NAME 'supportedApplicationContext'
DESC 'RFC2256: supported application context'
EQUALITY objectIdentifierMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
attributetype ( 2.5.4.31 NAME 'member'
DESC 'RFC2256: member of a group'
SUP distinguishedName )
attributetype ( 2.5.4.32 NAME 'owner'
DESC 'RFC2256: owner (of the object)'
SUP distinguishedName )
attributetype ( 2.5.4.33 NAME 'roleOccupant'
DESC 'RFC2256: occupant of role'
SUP distinguishedName )
# system schema
#attributetype ( 2.5.4.34 NAME 'seeAlso'
# DESC 'RFC2256: DN of related object'
# SUP distinguishedName )
# system schema
#attributetype ( 2.5.4.35 NAME 'userPassword'
# DESC 'RFC2256/2307: password of user'
# EQUALITY octetStringMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
# Must be transferred using ;binary
# with certificateExactMatch rule (per X.509)
attributetype ( 2.5.4.36 NAME 'userCertificate'
DESC 'RFC2256: X.509 user certificate, use ;binary'
EQUALITY certificateExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
# Must be transferred using ;binary
# with certificateExactMatch rule (per X.509)
attributetype ( 2.5.4.37 NAME 'cACertificate'
DESC 'RFC2256: X.509 CA certificate, use ;binary'
EQUALITY certificateExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
# Must be transferred using ;binary
attributetype ( 2.5.4.38 NAME 'authorityRevocationList'
DESC 'RFC2256: X.509 authority revocation list, use ;binary'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
# Must be transferred using ;binary
attributetype ( 2.5.4.39 NAME 'certificateRevocationList'
DESC 'RFC2256: X.509 certificate revocation list, use ;binary'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
# Must be stored and requested in the binary form
attributetype ( 2.5.4.40 NAME 'crossCertificatePair'
DESC 'RFC2256: X.509 cross certificate pair, use ;binary'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 )
# system schema
#attributetype ( 2.5.4.41 NAME 'name'
# EQUALITY caseIgnoreMatch
# SUBSTR caseIgnoreSubstringsMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
attributetype ( 2.5.4.42 NAME ( 'givenName' 'gn' )
DESC 'RFC2256: first name(s) for which the entity is known by'
SUP name )
attributetype ( 2.5.4.43 NAME 'initials'
DESC 'RFC2256: initials of some or all of names, but not the surname(s).'
SUP name )
attributetype ( 2.5.4.44 NAME 'generationQualifier'
DESC 'RFC2256: name qualifier indicating a generation'
SUP name )
attributetype ( 2.5.4.45 NAME 'x500UniqueIdentifier'
DESC 'RFC2256: X.500 unique identifier'
EQUALITY bitStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )
attributetype ( 2.5.4.46 NAME 'dnQualifier'
DESC 'RFC2256: DN qualifier'
EQUALITY caseIgnoreMatch
ORDERING caseIgnoreOrderingMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
attributetype ( 2.5.4.47 NAME 'enhancedSearchGuide'
DESC 'RFC2256: enhanced search guide'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 )
attributetype ( 2.5.4.48 NAME 'protocolInformation'
DESC 'RFC2256: protocol information'
EQUALITY protocolInformationMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 )
# system schema
#attributetype ( 2.5.4.49 NAME 'distinguishedName'
# EQUALITY distinguishedNameMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 2.5.4.50 NAME 'uniqueMember'
DESC 'RFC2256: unique member of a group'
EQUALITY distinguishedNameMatch
SUP distinguishedName )
attributetype ( 2.5.4.51 NAME 'houseIdentifier'
DESC 'RFC2256: house identifier'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
# Must be transferred using ;binary
attributetype ( 2.5.4.52 NAME 'supportedAlgorithms'
DESC 'RFC2256: supported algorithms'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 )
# Must be transferred using ;binary
attributetype ( 2.5.4.53 NAME 'deltaRevocationList'
DESC 'RFC2256: delta revocation list; use ;binary'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
attributetype ( 2.5.4.54 NAME 'dmdName'
DESC 'RFC2256: name of DMD'
SUP name )
attributetype ( 2.5.4.65 NAME 'pseudonym'
DESC 'X.520(4th): pseudonym for the object'
SUP name )
# Standard object classes from RFC2256
# system schema
#objectclass ( 2.5.6.0 NAME 'top'
# DESC 'RFC2256: top of the superclass chain'
# ABSTRACT
# MUST objectClass )
# system schema
#objectclass ( 2.5.6.1 NAME 'alias'
# DESC 'RFC2256: an alias'
# SUP top STRUCTURAL
# MUST aliasedObjectName )
objectclass ( 2.5.6.2 NAME 'country'
DESC 'RFC2256: a country'
SUP top STRUCTURAL
MUST c
MAY ( searchGuide $ description ) )
objectclass ( 2.5.6.3 NAME 'locality'
DESC 'RFC2256: a locality'
SUP top STRUCTURAL
MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) )
objectclass ( 2.5.6.4 NAME 'organization'
DESC 'RFC2256: an organization'
SUP top STRUCTURAL
MUST o
MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $
facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
objectclass ( 2.5.6.5 NAME 'organizationalUnit'
DESC 'RFC2256: an organizational unit'
SUP top STRUCTURAL
MUST ou
MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $
facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
objectclass ( 2.5.6.6 NAME 'person'
DESC 'RFC2256: a person'
SUP top STRUCTURAL
MUST ( sn $ cn )
MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) )
objectclass ( 2.5.6.7 NAME 'organizationalPerson'
DESC 'RFC2256: an organizational person'
SUP person STRUCTURAL
MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $
facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) )
objectclass ( 2.5.6.8 NAME 'organizationalRole'
DESC 'RFC2256: an organizational role'
SUP top STRUCTURAL
MUST cn
MAY ( x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $
postOfficeBox $ postalCode $ postalAddress $
physicalDeliveryOfficeName $ ou $ st $ l $ description ) )
objectclass ( 2.5.6.9 NAME 'groupOfNames'
DESC 'RFC2256: a group of names (DNs)'
SUP top STRUCTURAL
MUST ( member $ cn )
MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
objectclass ( 2.5.6.10 NAME 'residentialPerson'
DESC 'RFC2256: an residential person'
SUP person STRUCTURAL
MUST l
MAY ( businessCategory $ x121Address $ registeredAddress $
destinationIndicator $ preferredDeliveryMethod $ telexNumber $
teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $
facsimileTelephoneNumber $ preferredDeliveryMethod $ street $
postOfficeBox $ postalCode $ postalAddress $
physicalDeliveryOfficeName $ st $ l ) )
objectclass ( 2.5.6.11 NAME 'applicationProcess'
DESC 'RFC2256: an application process'
SUP top STRUCTURAL
MUST cn
MAY ( seeAlso $ ou $ l $ description ) )
objectclass ( 2.5.6.12 NAME 'applicationEntity'
DESC 'RFC2256: an application entity'
SUP top STRUCTURAL
MUST ( presentationAddress $ cn )
MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $
description ) )
objectclass ( 2.5.6.13 NAME 'dSA'
DESC 'RFC2256: a directory system agent (a server)'
SUP applicationEntity STRUCTURAL
MAY knowledgeInformation )
objectclass ( 2.5.6.14 NAME 'device'
DESC 'RFC2256: a device'
SUP top STRUCTURAL
MUST cn
MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) )
objectclass ( 2.5.6.15 NAME 'strongAuthenticationUser'
DESC 'RFC2256: a strong authentication user'
SUP top AUXILIARY
MUST userCertificate )
objectclass ( 2.5.6.16 NAME 'certificationAuthority'
DESC 'RFC2256: a certificate authority'
SUP top AUXILIARY
MUST ( authorityRevocationList $ certificateRevocationList $
cACertificate ) MAY crossCertificatePair )
objectclass ( 2.5.6.17 NAME 'groupOfUniqueNames'
DESC 'RFC2256: a group of unique names (DN and Unique Identifier)'
SUP top STRUCTURAL
MUST ( uniqueMember $ cn )
MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
objectclass ( 2.5.6.18 NAME 'userSecurityInformation'
DESC 'RFC2256: a user security information'
SUP top AUXILIARY
MAY ( supportedAlgorithms ) )
objectclass ( 2.5.6.16.2 NAME 'certificationAuthority-V2'
SUP certificationAuthority
AUXILIARY MAY ( deltaRevocationList ) )
objectclass ( 2.5.6.19 NAME 'cRLDistributionPoint'
SUP top STRUCTURAL
MUST ( cn )
MAY ( certificateRevocationList $ authorityRevocationList $
deltaRevocationList ) )
objectclass ( 2.5.6.20 NAME 'dmd'
SUP top STRUCTURAL
MUST ( dmdName )
MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
street $ postOfficeBox $ postalCode $ postalAddress $
physicalDeliveryOfficeName $ st $ l $ description ) )
#
# Object Classes from RFC 2587
#
objectclass ( 2.5.6.21 NAME 'pkiUser'
DESC 'RFC2587: a PKI user'
SUP top AUXILIARY
MAY userCertificate )
objectclass ( 2.5.6.22 NAME 'pkiCA'
DESC 'RFC2587: PKI certificate authority'
SUP top AUXILIARY
MAY ( authorityRevocationList $ certificateRevocationList $
cACertificate $ crossCertificatePair ) )
objectclass ( 2.5.6.23 NAME 'deltaCRL'
DESC 'RFC2587: PKI user'
SUP top AUXILIARY
MAY deltaRevocationList )
#
# Standard Track URI label schema from RFC 2079
# system schema
#attributetype ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI'
# DESC 'RFC2079: Uniform Resource Identifier with optional label'
# EQUALITY caseExactMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
objectclass ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject'
DESC 'RFC2079: object that contains the URI attribute type'
SUP top AUXILIARY
MAY ( labeledURI ) )
#
# Derived from RFC 1274, but with new "short names"
#
#attributetype ( 0.9.2342.19200300.100.1.1
# NAME ( 'uid' 'userid' )
# DESC 'RFC1274: user identifier'
# EQUALITY caseIgnoreMatch
# SUBSTR caseIgnoreSubstringsMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 0.9.2342.19200300.100.1.3
NAME ( 'mail' 'rfc822Mailbox' )
DESC 'RFC1274: RFC822 Mailbox'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
DESC 'RFC1274: simple security object'
SUP top AUXILIARY
MUST userPassword )
# RFC 1274 + RFC 2247
attributetype ( 0.9.2342.19200300.100.1.25
NAME ( 'dc' 'domainComponent' )
DESC 'RFC1274/2247: domain component'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
# RFC 2247
objectclass ( 1.3.6.1.4.1.1466.344 NAME 'dcObject'
DESC 'RFC2247: domain component object'
SUP top AUXILIARY MUST dc )
# RFC 2377
objectclass ( 1.3.6.1.1.3.1 NAME 'uidObject'
DESC 'RFC2377: uid object'
SUP top AUXILIARY MUST uid )
# RFC 4524
# The 'associatedDomain' attribute specifies DNS [RFC1034][RFC2181]
# host names [RFC1123] that are associated with an object. That is,
# values of this attribute should conform to the following ABNF:
#
# domain = root / label *( DOT label )
# root = SPACE
# label = LETDIG [ *61( LETDIG / HYPHEN ) LETDIG ]
# LETDIG = %x30-39 / %x41-5A / %x61-7A ; "0" - "9" / "A"-"Z" / "a"-"z"
# SPACE = %x20 ; space (" ")
# HYPHEN = %x2D ; hyphen ("-")
# DOT = %x2E ; period (".")
attributetype ( 0.9.2342.19200300.100.1.37
NAME 'associatedDomain'
DESC 'RFC1274: domain associated with object'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
# RFC 2459 -- deprecated in favor of 'mail' (in cosine.schema)
attributetype ( 1.2.840.113549.1.9.1
NAME ( 'email' 'emailAddress' 'pkcs9email' )
DESC 'RFC3280: legacy attribute for email addresses in DNs'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )

405
files/schema/cosine.schema Normal file
View File

@ -0,0 +1,405 @@
# RFC1274: Cosine and Internet X.500 schema
# $OpenLDAP: pkg/ldap/servers/slapd/schema/cosine.schema,v 1.19.2.5 2007/01/02 21:44:09 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
# RFC1274: Cosine and Internet X.500 schema
#
# This file contains LDAPv3 schema derived from X.500 COSINE "pilot"
# schema. As this schema was defined for X.500(89), some
# oddities were introduced in the mapping to LDAPv3. The
# mappings were based upon: draft-ietf-asid-ldapv3-attributes-03.txt
# (a work in progress)
#
# Note: It seems that the pilot schema evolved beyond what was
# described in RFC1274. However, this document attempts to describes
# RFC1274 as published.
#
# Depends on core.schema
# The version of this file as distributed by the OpenLDAP Foundation
# contains text from an IETF RFC explaining the schema. Unfortunately,
# that text is covered by a license that doesn't meet Debian's Free
# Software Guidelines. This is a stripped version of the schema that
# contains only the functional schema definition, not the text of the
# RFC.
#
# For an explanation of this schema, see RFC 1274, at (among other
# places): http://www.ietf.org/rfc/rfc1274.txt
#(in core.schema)
##attributetype ( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' )
## EQUALITY caseIgnoreMatch
## SUBSTR caseIgnoreSubstringsMatch
## SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
#(in core.schema)
##attributetype ( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822Mailbox' )
## EQUALITY caseIgnoreIA5Match
## SUBSTR caseIgnoreIA5SubstringsMatch
## SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
attributetype ( 0.9.2342.19200300.100.1.4 NAME 'info'
DESC 'RFC1274: general information'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} )
attributetype ( 0.9.2342.19200300.100.1.5
NAME ( 'drink' 'favouriteDrink' )
DESC 'RFC1274: favorite drink'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber'
DESC 'RFC1274: room number'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 0.9.2342.19200300.100.1.7 NAME 'photo'
DESC 'RFC1274: photo (G3 fax)'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000} )
attributetype ( 0.9.2342.19200300.100.1.8 NAME 'userClass'
DESC 'RFC1274: category of user'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 0.9.2342.19200300.100.1.9 NAME 'host'
DESC 'RFC1274: host computer'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 0.9.2342.19200300.100.1.10 NAME 'manager'
DESC 'RFC1274: DN of manager'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier'
DESC 'RFC1274: unique identifier of document'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle'
DESC 'RFC1274: title of document'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion'
DESC 'RFC1274: version of document'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor'
DESC 'RFC1274: DN of author of document'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation'
DESC 'RFC1274: location of document original'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 0.9.2342.19200300.100.1.20
NAME ( 'homePhone' 'homeTelephoneNumber' )
DESC 'RFC1274: home telephone number'
EQUALITY telephoneNumberMatch
SUBSTR telephoneNumberSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
attributetype ( 0.9.2342.19200300.100.1.21 NAME 'secretary'
DESC 'RFC1274: DN of secretary'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.39 )
## Deprecated in favor of modifyTimeStamp
#attributetype ( 0.9.2342.19200300.100.1.23 NAME 'lastModifiedTime'
# DESC 'RFC1274: time of last modify, replaced by modifyTimestamp'
# OBSOLETE
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.53
# USAGE directoryOperation )
## Deprecated in favor of modifiersName
#attributetype ( 0.9.2342.19200300.100.1.24 NAME 'lastModifiedBy'
# DESC 'RFC1274: last modifier, replaced by modifiersName'
# OBSOLETE
# EQUALITY distinguishedNameMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
# USAGE directoryOperation )
##(in core.schema)
##attributetype ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domainComponent' )
## EQUALITY caseIgnoreIA5Match
## SUBSTR caseIgnoreIA5SubstringsMatch
## SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
## incorrect syntax?
attributetype ( 0.9.2342.19200300.100.1.26 NAME 'aRecord'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
## missing from RFC1274
## incorrect syntax?
attributetype ( 0.9.2342.19200300.100.1.27 NAME 'mDRecord'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
## incorrect syntax!!
attributetype ( 0.9.2342.19200300.100.1.28 NAME 'mXRecord'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
## incorrect syntax!!
attributetype ( 0.9.2342.19200300.100.1.29 NAME 'nSRecord'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
## incorrect syntax!!
attributetype ( 0.9.2342.19200300.100.1.30 NAME 'sOARecord'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
## incorrect syntax!!
attributetype ( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
#attributetype ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain'
# EQUALITY caseIgnoreIA5Match
# SUBSTR caseIgnoreIA5SubstringsMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 0.9.2342.19200300.100.1.38 NAME 'associatedName'
DESC 'RFC1274: DN of entry associated with domain'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress'
DESC 'RFC1274: home postal address'
EQUALITY caseIgnoreListMatch
SUBSTR caseIgnoreListSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
attributetype ( 0.9.2342.19200300.100.1.40 NAME 'personalTitle'
DESC 'RFC1274: personal title'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 0.9.2342.19200300.100.1.41
NAME ( 'mobile' 'mobileTelephoneNumber' )
DESC 'RFC1274: mobile telephone number'
EQUALITY telephoneNumberMatch
SUBSTR telephoneNumberSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
attributetype ( 0.9.2342.19200300.100.1.42
NAME ( 'pager' 'pagerTelephoneNumber' )
DESC 'RFC1274: pager telephone number'
EQUALITY telephoneNumberMatch
SUBSTR telephoneNumberSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
attributetype ( 0.9.2342.19200300.100.1.43
NAME ( 'co' 'friendlyCountryName' )
DESC 'RFC1274: friendly country name'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier'
DESC 'RFC1274: unique identifer'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus'
DESC 'RFC1274: organizational status'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox'
DESC 'RFC1274: Janet mailbox'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
attributetype ( 0.9.2342.19200300.100.1.47
NAME 'mailPreferenceOption'
DESC 'RFC1274: mail preference option'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
attributetype ( 0.9.2342.19200300.100.1.48 NAME 'buildingName'
DESC 'RFC1274: name of building'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 0.9.2342.19200300.100.1.49 NAME 'dSAQuality'
DESC 'RFC1274: DSA Quality'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.19 SINGLE-VALUE )
attributetype ( 0.9.2342.19200300.100.1.50 NAME 'singleLevelQuality'
DESC 'RFC1274: Single Level Quality'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE )
attributetype ( 0.9.2342.19200300.100.1.51 NAME 'subtreeMinimumQuality'
DESC 'RFC1274: Subtree Mininum Quality'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE )
attributetype ( 0.9.2342.19200300.100.1.52 NAME 'subtreeMaximumQuality'
DESC 'RFC1274: Subtree Maximun Quality'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE )
attributetype ( 0.9.2342.19200300.100.1.53 NAME 'personalSignature'
DESC 'RFC1274: Personal Signature (G3 fax)'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.23 )
attributetype ( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect'
DESC 'RFC1274: DIT Redirect'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 0.9.2342.19200300.100.1.55 NAME 'audio'
DESC 'RFC1274: audio (u-law)'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.4{25000} )
attributetype ( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher'
DESC 'RFC1274: publisher of document'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
#objectclass ( 0.9.2342.19200300.100.4.3 NAME 'pilotObject'
# DESC 'RFC1274: pilot object'
# SUP top AUXILIARY
# MAY ( info $ photo $ manager $ uniqueIdentifier $
# lastModifiedTime $ lastModifiedBy $ dITRedirect $ audio )
# )
objectclass ( 0.9.2342.19200300.100.4.4
NAME ( 'pilotPerson' 'newPilotPerson' )
SUP person STRUCTURAL
MAY ( userid $ textEncodedORAddress $ rfc822Mailbox $
favouriteDrink $ roomNumber $ userClass $
homeTelephoneNumber $ homePostalAddress $ secretary $
personalTitle $ preferredDeliveryMethod $ businessCategory $
janetMailbox $ otherMailbox $ mobileTelephoneNumber $
pagerTelephoneNumber $ organizationalStatus $
mailPreferenceOption $ personalSignature )
)
objectclass ( 0.9.2342.19200300.100.4.5 NAME 'account'
SUP top STRUCTURAL
MUST userid
MAY ( description $ seeAlso $ localityName $
organizationName $ organizationalUnitName $ host )
)
objectclass ( 0.9.2342.19200300.100.4.6 NAME 'document'
SUP top STRUCTURAL
MUST documentIdentifier
MAY ( commonName $ description $ seeAlso $ localityName $
organizationName $ organizationalUnitName $
documentTitle $ documentVersion $ documentAuthor $
documentLocation $ documentPublisher )
)
objectclass ( 0.9.2342.19200300.100.4.7 NAME 'room'
SUP top STRUCTURAL
MUST commonName
MAY ( roomNumber $ description $ seeAlso $ telephoneNumber )
)
objectclass ( 0.9.2342.19200300.100.4.9 NAME 'documentSeries'
SUP top STRUCTURAL
MUST commonName
MAY ( description $ seeAlso $ telephonenumber $
localityName $ organizationName $ organizationalUnitName )
)
objectclass ( 0.9.2342.19200300.100.4.13 NAME 'domain'
SUP top STRUCTURAL
MUST domainComponent
MAY ( associatedName $ organizationName $ description $
businessCategory $ seeAlso $ searchGuide $ userPassword $
localityName $ stateOrProvinceName $ streetAddress $
physicalDeliveryOfficeName $ postalAddress $ postalCode $
postOfficeBox $ streetAddress $
facsimileTelephoneNumber $ internationalISDNNumber $
telephoneNumber $ teletexTerminalIdentifier $ telexNumber $
preferredDeliveryMethod $ destinationIndicator $
registeredAddress $ x121Address )
)
objectclass ( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart'
SUP domain STRUCTURAL
MAY ( commonName $ surname $ description $ seeAlso $ telephoneNumber $
physicalDeliveryOfficeName $ postalAddress $ postalCode $
postOfficeBox $ streetAddress $
facsimileTelephoneNumber $ internationalISDNNumber $
telephoneNumber $ teletexTerminalIdentifier $
telexNumber $ preferredDeliveryMethod $ destinationIndicator $
registeredAddress $ x121Address )
)
objectclass ( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain'
SUP domain STRUCTURAL
MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $
SOARecord $ CNAMERecord )
)
objectclass ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject'
DESC 'RFC1274: an object related to an domain'
SUP top AUXILIARY
MUST associatedDomain )
objectclass ( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry'
SUP country STRUCTURAL
MUST friendlyCountryName )
## (in core.schema)
## objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
## SUP top AUXILIARY
## MUST userPassword )
objectclass ( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization'
SUP ( organization $ organizationalUnit ) STRUCTURAL
MAY buildingName )
objectclass ( 0.9.2342.19200300.100.4.21 NAME 'pilotDSA'
SUP dsa STRUCTURAL
MAY dSAQuality )
objectclass ( 0.9.2342.19200300.100.4.22 NAME 'qualityLabelledData'
SUP top AUXILIARY
MUST dsaQuality
MAY ( subtreeMinimumQuality $ subtreeMaximumQuality )
)

68
files/schema/courier.schema Normal file
View File

@ -0,0 +1,68 @@
#$Id: courier.schema,v 1.1.2.2 2004/05/19 09:47:15 stefan Exp $
#
# OID prefix: 1.3.6.1.4.1.10018
#
# Attributes: 1.3.6.1.4.1.10018.1.1
attributetype ( 1.3.6.1.4.1.10018.1.1.1 NAME 'mailbox'
DESC 'The absolute path to the mailbox for a mail account in a non-default location'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10018.1.1.2 NAME 'quota'
DESC 'A string that represents the quota on a mailbox'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10018.1.1.3 NAME 'clearPassword'
DESC 'A separate text that stores the mail account password in clear text'
EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128})
attributetype ( 1.3.6.1.4.1.10018.1.1.4 NAME 'maildrop'
DESC 'RFC822 Mailbox - mail alias'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
attributetype ( 1.3.6.1.4.1.10018.1.1.5 NAME 'mailsource'
DESC 'Message source'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10018.1.1.6 NAME 'virtualdomain'
DESC 'A mail domain that is mapped to a single mail account'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10018.1.1.7 NAME 'virtualdomainuser'
DESC 'Mailbox that receives mail for a mail domain'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10018.1.1.8 NAME 'defaultdelivery'
DESC 'Default mail delivery instructions'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
#
# Objects: 1.3.6.1.4.1.10018.1.2
#
objectclass ( 1.3.6.1.4.1.10018.1.2.1 NAME 'CourierMailAccount' SUP top AUXILIARY
DESC 'Mail account object as used by the Courier mail server'
MUST ( uidNumber $ gidNumber )
MAY ( mail $ homeDirectory $ mailbox $ uid $ cn $ gecos $ description $ loginShell $ quota $ userPassword $ clearPassword $ defaultdelivery) )
objectclass ( 1.3.6.1.4.1.10018.1.2.2 NAME 'CourierMailAlias' SUP top AUXILIARY
DESC 'Mail aliasing/forwarding entry'
MUST ( mail $ maildrop )
MAY ( mailsource $ description ) )
objectclass ( 1.3.6.1.4.1.10018.1.2.3 NAME 'CourierDomainAlias' SUP top AUXILIARY
DESC 'Domain mail aliasing/forwarding entry'
MUST ( virtualdomain $ virtualdomainuser )
MAY ( mailsource $ description ) )

552
files/schema/custom-attribute.schema Normal file
View File

@ -0,0 +1,552 @@
# Copyright 2004-2017 Univention GmbH
#
# http://www.univention.de/
#
# All rights reserved.
#
# The source code of this program is made available
# under the terms of the GNU Affero General Public License version 3
# (GNU AGPL V3) as published by the Free Software Foundation.
#
# Binary versions of this program provided by Univention to you as
# well as other copyrighted, protected or trademarked materials like
# Logos, graphics, fonts, specific documentations and configurations,
# cryptographic keys etc. are subject to a license agreement between
# you and Univention and not subject to the GNU AGPL V3.
#
# In the case you use this program under the terms of the GNU AGPL V3,
# the program is provided in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public
# License with the Debian GNU/Linux or Univention distribution in file
# /usr/share/common-licenses/AGPL-3; if not, see
# <http://www.gnu.org/licenses/>.
#using namespace 1.3.6.1.4.1.10176.200.*
attributetype ( 1.3.6.1.4.1.10176.200.1 NAME 'univentionAdminPropertyModule'
DESC ' determines which ldap module(s) is(are) related to this custom attribute '
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.200.2 NAME 'univentionAdminPropertyShortDescription'
DESC ' short description for the attribute'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.200.3 NAME 'univentionAdminPropertyLongDescription'
DESC ' some text describing the attribute eg.: "this is the numerical id of the user"'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.200.4 NAME 'univentionAdminPropertySyntax'
DESC ' datatype of the attribute eg.: string'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.200.5 NAME 'univentionAdminPropertyMultivalue'
DESC ' is this attribute a multivalue'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.200.6 NAME 'univentionAdminPropertyDefault'
DESC ' the default value for this attribute'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.200.7 NAME 'univentionAdminPropertyLdapMapping'
DESC ' determines which ldap attribute(s) is(are) related to this custom attribute '
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.200.8 NAME 'univentionAdminPropertyObjectClass'
DESC ' objectClass an Object must have '
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.200.9 NAME 'univentionAdminPropertyDeleteValues'
DESC ' delete these attributes when object deleted'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
attributetype ( 1.3.6.1.4.1.10176.200.10 NAME 'univentionAdminPropertyDeleteObjectClass'
DESC ' delete the objectclass'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.200.11 NAME 'univentionAdminPropertyLayoutTabName'
DESC ' name of the tab this attribute is placed on'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.200.12 NAME 'univentionAdminPropertyLayoutPosition'
DESC ' position on the tab this attribute is placed on'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
objectClass ( 1.3.6.1.4.1.10176.200.20 NAME 'univentionAdminProperty'
DESC ' defines a custom attribute for use in univention_ admin '
MUST ( cn $ univentionAdminPropertyModule $ univentionAdminPropertyShortDescription $ univentionAdminPropertyLdapMapping )
MAY ( univentionAdminPropertyLongDescription $ univentionAdminPropertySyntax $ univentionAdminPropertyMultivalue $ univentionAdminPropertyDefault $ univentionAdminPropertyObjectClass $ univentionAdminPropertyDeleteValues $ univentionAdminPropertyDeleteObjectClass $ univentionAdminPropertyLayoutTabName $ univentionAdminPropertyLayoutPosition ))
# #################################################################
attributetype ( 1.3.6.1.4.1.10176.200.100 NAME 'univentionUDMPropertyVersion'
DESC ' determines which object format is used for this custom attribute '
EQUALITY caseExactMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.200.101 NAME 'univentionUDMPropertyModule'
DESC ' determines which ldap module(s) is(are) related to this custom attribute '
EQUALITY caseExactMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.200.102 NAME 'univentionUDMPropertyShortDescription'
DESC ' short description for the attribute'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.200.103 NAME 'univentionUDMPropertyLongDescription'
DESC ' some text describing the attribute eg.: "this is the numerical id of the user"'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.200.104 NAME 'univentionUDMPropertySyntax'
DESC ' datatype of the attribute eg.: string'
EQUALITY caseExactMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.200.105 NAME 'univentionUDMPropertyMultivalue'
DESC ' is this attribute a multivalue'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.200.106 NAME 'univentionUDMPropertyDefault'
DESC ' the default value for this attribute'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.200.107 NAME 'univentionUDMPropertyLdapMapping'
DESC ' determines which ldap attribute(s) is(are) related to this custom attribute '
EQUALITY caseExactMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.200.108 NAME 'univentionUDMPropertyObjectClass'
DESC ' objectClass an Object must have '
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.200.109 NAME 'univentionUDMPropertyDeleteObjectClass'
DESC ' delete the objectclass'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.200.110 NAME 'univentionUDMPropertyValueMayChange'
DESC ' defines if value is readonly or writable '
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
attributetype ( 1.3.6.1.4.1.10176.200.111 NAME 'univentionUDMPropertyLayoutTabName'
DESC ' name of tab the custom attribute shall be displayed on '
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.200.112 NAME 'univentionUDMPropertyLayoutOverwriteTab'
DESC ' existing tab will be overwritten '
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.200.113 NAME 'univentionUDMPropertyLayoutOverwritePosition'
DESC ' existing widget at given position will be overwritten '
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.200.114 NAME 'univentionUDMPropertyLayoutPosition'
DESC ' position of custom attribute on given tab '
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.200.115 NAME 'univentionUDMPropertyCLIName'
DESC ' short description for the attribute'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.200.116 NAME 'univentionUDMPropertyTranslationShortDescription'
DESC ' some translated text describing the attribute eg.: "this is the numerical id of the user"'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
attributetype ( 1.3.6.1.4.1.10176.200.117 NAME 'univentionUDMPropertyTranslationLongDescription'
DESC ' some translated text describing the attribute eg.: "this is the numerical id of the user"'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
attributetype ( 1.3.6.1.4.1.10176.200.118 NAME 'univentionUDMPropertyTranslationTabName'
DESC ' some translated text describing the tab name eg.: "general"'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
attributetype ( 1.3.6.1.4.1.10176.200.119 NAME 'univentionUDMPropertyOptions'
DESC ' list of options '
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
attributetype ( 1.3.6.1.4.1.10176.200.120 NAME 'univentionUDMPropertyLayoutTabAdvanced'
DESC ' list of options '
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.200.121 NAME 'univentionUDMPropertyValueRequired'
DESC ' list of options '
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.200.122 NAME 'univentionUDMPropertyHook'
DESC ' list of options '
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.200.123 NAME 'univentionUDMPropertyDoNotSearch'
DESC ' list of options '
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.200.124 NAME 'univentionUDMPropertyAddEmptyValue'
DESC ' add empty value to choicelist '
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.200.125 NAME 'univentionUDMPropertyLayoutFullWidth'
DESC ' widget will be full width '
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.200.126 NAME 'univentionUDMPropertyValueNotEditable'
DESC ' defines if the user can directly modify the value '
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
# new with UCS 3.0
attributetype ( 1.3.6.1.4.1.10176.200.127 NAME 'univentionUDMPropertyLayoutGroupName'
DESC ' name of group the extended attribute shall be displayed in'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.200.128 NAME 'univentionUDMPropertyTranslationGroupName'
DESC ' some translated text describing the tab name eg.: "general"'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
attributetype ( 1.3.6.1.4.1.10176.200.129 NAME 'univentionUDMPropertyLayoutGroupPosition'
DESC ' position of group on given tab '
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.200.130 NAME 'univentionUDMPropertyLayoutDisable'
DESC ' defines if this attribute will be shown in UDM/UMC'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.200.131 NAME 'univentionUDMPropertyCopyable'
DESC 'defines if this attribute is copyable in UMC'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
objectclass ( 1.3.6.1.4.1.10176.200.199
NAME 'univentionUDMProperty'
DESC ' defines a custom attribute for use in univention directory manager '
MUST ( cn $
univentionUDMPropertyVersion $
univentionUDMPropertyModule $
univentionUDMPropertyShortDescription $
univentionUDMPropertyLdapMapping $
univentionUDMPropertyCLIName )
MAY ( univentionUDMPropertyLongDescription $
univentionUDMPropertyTranslationShortDescription $
univentionUDMPropertyTranslationLongDescription $
univentionUDMPropertyTranslationTabName $
univentionUDMPropertySyntax $
univentionUDMPropertyMultivalue $
univentionUDMPropertyDefault $
univentionUDMPropertyObjectClass $
univentionUDMPropertyDeleteObjectClass $
univentionUDMPropertyValueMayChange $
univentionUDMPropertyValueRequired $
univentionUDMPropertyValueNotEditable $
univentionUDMPropertyLayoutTabName $
univentionUDMPropertyLayoutOverwriteTab $
univentionUDMPropertyLayoutOverwritePosition $
univentionUDMPropertyLayoutFullWidth $
univentionUDMPropertyLayoutPosition $
univentionUDMPropertyOptions $
univentionUDMPropertyLayoutTabAdvanced $
univentionUDMPropertyHook $
univentionUDMPropertyDoNotSearch $
univentionUDMPropertyAddEmptyValue $
univentionUDMPropertyLayoutGroupName $
univentionUDMPropertyTranslationGroupName $
univentionUDMPropertyLayoutGroupPosition $
univentionUDMPropertyLayoutDisable $
univentionUDMPropertyCopyable
)
)
# #################################################################
attributetype ( 1.3.6.1.4.1.10176.200.200 NAME 'univentionUDMOptionShortDescription'
DESC ' short description for the option eg.: "Inventory"'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.200.201 NAME 'univentionUDMOptionLongDescription'
DESC ' some text describing the option eg.: "Options for inventorysation"'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.200.202 NAME 'univentionUDMOptionTranslationShortDescription'
DESC ' some translated text describing the option eg.: "Inventarisierung"'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
attributetype ( 1.3.6.1.4.1.10176.200.203 NAME 'univentionUDMOptionTranslationLongDescription'
DESC ' some translated text describing the option eg.: "Optionen für Inventarisierung"'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
attributetype ( 1.3.6.1.4.1.10176.200.204 NAME 'univentionUDMOptionDefault'
DESC 'is this option enabled by default'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.200.205 NAME 'univentionUDMOptionEditable'
DESC 'is this option changeable'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.200.206 NAME 'univentionUDMOptionModule'
DESC 'determines which ldap module(s) is(are) related to this extended option'
EQUALITY caseExactMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.200.207 NAME 'univentionUDMOptionObjectClass'
DESC 'objectClass an Object must have'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
#attributetype ( 1.3.6.1.4.1.10176.200.208 NAME 'univentionUDMOptionDisabled'
# DESC 'this option is disabled by the license'
# EQUALITY caseIgnoreIA5Match
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
objectclass ( 1.3.6.1.4.1.10176.200.299
NAME 'univentionUDMOption'
DESC 'defines an option for use in univention directory manager'
MUST ( cn $
univentionUDMOptionShortDescription $
univentionUDMOptionModule )
MAY ( univentionUDMPropertyOptions $
univentionUDMOptionLongDescription $
univentionUDMOptionTranslationShortDescription $
univentionUDMOptionTranslationLongDescription $
univentionUDMOptionDefault $
univentionUDMOptionEditable $
univentionUDMOptionObjectClass )
)
# ####################
attributetype ( 1.3.6.1.4.1.10176.200.1001 NAME 'univentionFreeAttribute1'
DESC ' unused custom attribute 1 '
EQUALITY caseExactMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.200.1002 NAME 'univentionFreeAttribute2'
DESC ' unused custom attribute 2 '
EQUALITY caseExactMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.200.1003 NAME 'univentionFreeAttribute3'
DESC ' unused custom attribute 3 '
EQUALITY caseExactMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.200.1004 NAME 'univentionFreeAttribute4'
DESC ' unused custom attribute 4 '
EQUALITY caseExactMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.200.1005 NAME 'univentionFreeAttribute5'
DESC ' unused custom attribute 5 '
EQUALITY caseExactMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.200.1006 NAME 'univentionFreeAttribute6'
DESC ' unused custom attribute 6 '
EQUALITY caseExactMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.200.1007 NAME 'univentionFreeAttribute7'
DESC ' unused custom attribute 7 '
EQUALITY caseExactMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.200.1008 NAME 'univentionFreeAttribute8'
DESC ' unused custom attribute 8 '
EQUALITY caseExactMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.200.1009 NAME 'univentionFreeAttribute9'
DESC ' unused custom attribute 9 '
EQUALITY caseExactMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.200.1010 NAME 'univentionFreeAttribute10'
DESC ' unused custom attribute 10 '
EQUALITY caseExactMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.200.1011 NAME 'univentionFreeAttribute11'
DESC ' unused custom attribute 11 '
EQUALITY caseExactMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.200.1012 NAME 'univentionFreeAttribute12'
DESC ' unused custom attribute 12 '
EQUALITY caseExactMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.200.1013 NAME 'univentionFreeAttribute13'
DESC ' unused custom attribute 13 '
EQUALITY caseExactMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.200.1014 NAME 'univentionFreeAttribute14'
DESC ' unused custom attribute 14 '
EQUALITY caseExactMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.200.1015 NAME 'univentionFreeAttribute15'
DESC ' unused custom attribute 15 '
EQUALITY caseExactMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.200.1016 NAME 'univentionFreeAttribute16'
DESC ' unused custom attribute 16 '
EQUALITY caseExactMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.200.1017 NAME 'univentionFreeAttribute17'
DESC ' unused custom attribute 17 '
EQUALITY caseExactMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.200.1018 NAME 'univentionFreeAttribute18'
DESC ' unused custom attribute 18 '
EQUALITY caseExactMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.200.1019 NAME 'univentionFreeAttribute19'
DESC ' unused custom attribute 19 '
EQUALITY caseExactMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.200.1020 NAME 'univentionFreeAttribute20'
DESC ' unused custom attribute 20 '
EQUALITY caseExactMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
objectclass ( 1.3.6.1.4.1.10176.200.1000
NAME 'univentionFreeAttributes'
DESC ' defines a custom attribute for use in univention directory manager '
SUP top AUXILIARY
MAY ( univentionFreeAttribute1 $
univentionFreeAttribute2 $
univentionFreeAttribute3 $
univentionFreeAttribute4 $
univentionFreeAttribute5 $
univentionFreeAttribute6 $
univentionFreeAttribute7 $
univentionFreeAttribute8 $
univentionFreeAttribute9 $
univentionFreeAttribute10 $
univentionFreeAttribute11 $
univentionFreeAttribute12 $
univentionFreeAttribute13 $
univentionFreeAttribute14 $
univentionFreeAttribute15 $
univentionFreeAttribute16 $
univentionFreeAttribute17 $
univentionFreeAttribute18 $
univentionFreeAttribute19 $
univentionFreeAttribute20
)
)

490
files/schema/dhcp.schema Normal file
View File

@ -0,0 +1,490 @@
# <https://github.com/dcantrell/ldap-for-dhcp.git>/dhcp.schema
attributetype ( 2.16.840.1.113719.1.203.4.1
NAME 'dhcpPrimaryDN'
EQUALITY distinguishedNameMatch
DESC 'The DN of the dhcpServer which is the primary server for the configuration.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.2
NAME 'dhcpSecondaryDN'
EQUALITY distinguishedNameMatch
DESC 'The DN of dhcpServer(s) which provide backup service for the configuration.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 2.16.840.1.113719.1.203.4.3
NAME 'dhcpStatements'
EQUALITY caseIgnoreIA5Match
DESC 'Flexible storage for specific data depending on what object this exists in. Like conditional statements, server parameters, etc. This allows the standard to evolve without needing to adjust the schema.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 2.16.840.1.113719.1.203.4.4
NAME 'dhcpRange'
EQUALITY caseIgnoreIA5Match
DESC 'The starting & ending IP Addresses in the range (inclusive), separated by a hyphen; if the range only contains one address, then just the address can be specified with no hyphen. Each range is defined as a separate value.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 2.16.840.1.113719.1.203.4.5
NAME 'dhcpPermitList'
EQUALITY caseIgnoreIA5Match
DESC 'This attribute contains the permit lists associated with a pool. Each permit list is defined as a separate value.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 2.16.840.1.113719.1.203.4.6
NAME 'dhcpNetMask'
EQUALITY integerMatch
DESC 'The subnet mask length for the subnet. The mask can be easily computed from this length.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.7
NAME 'dhcpOption'
EQUALITY caseIgnoreIA5Match
DESC 'Encoded option values to be sent to clients. Each value represents a single option and contains (OptionTag, Length, OptionValue) encoded in the format used by DHCP.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 2.16.840.1.113719.1.203.4.8
NAME 'dhcpClassData'
EQUALITY caseIgnoreIA5Match
DESC 'Encoded text string or list of bytes expressed in hexadecimal, separated by colons. Clients match subclasses based on matching the class data with the results of match or spawn with statements in the class name declarations.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.9
NAME 'dhcpOptionsDN'
EQUALITY distinguishedNameMatch
DESC 'The distinguished name(s) of the dhcpOption objects containing the configuration options provided by the server.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 2.16.840.1.113719.1.203.4.10
NAME 'dhcpHostDN'
EQUALITY distinguishedNameMatch
DESC 'the distinguished name(s) of the dhcpHost objects.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 2.16.840.1.113719.1.203.4.11
NAME 'dhcpPoolDN'
EQUALITY distinguishedNameMatch
DESC 'The distinguished name(s) of pools.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 2.16.840.1.113719.1.203.4.12
NAME 'dhcpGroupDN'
EQUALITY distinguishedNameMatch
DESC 'The distinguished name(s) of the groups.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 2.16.840.1.113719.1.203.4.13
NAME 'dhcpSubnetDN'
EQUALITY distinguishedNameMatch
DESC 'The distinguished name(s) of the subnets.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 2.16.840.1.113719.1.203.4.14
NAME 'dhcpLeaseDN'
EQUALITY distinguishedNameMatch
DESC 'The distinguished name of a client address.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE)
attributetype ( 2.16.840.1.113719.1.203.4.15
NAME 'dhcpLeasesDN'
DESC 'The distinguished name(s) client addresses.'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 2.16.840.1.113719.1.203.4.16
NAME 'dhcpClassesDN'
EQUALITY distinguishedNameMatch
DESC 'The distinguished name(s) of a class(es) in a subclass.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 2.16.840.1.113719.1.203.4.17
NAME 'dhcpSubclassesDN'
EQUALITY distinguishedNameMatch
DESC 'The distinguished name(s) of subclass(es).'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 2.16.840.1.113719.1.203.4.18
NAME 'dhcpSharedNetworkDN'
EQUALITY distinguishedNameMatch
DESC 'The distinguished name(s) of sharedNetworks.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 2.16.840.1.113719.1.203.4.19
NAME 'dhcpServiceDN'
EQUALITY distinguishedNameMatch
DESC 'The DN of dhcpService object(s)which contain the configuration information. Each dhcpServer object has this attribute identifying the DHCP configuration(s) that the server is associated with.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 2.16.840.1.113719.1.203.4.20
NAME 'dhcpVersion'
DESC 'The version attribute of this object.'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.21
NAME 'dhcpImplementation'
EQUALITY caseIgnoreIA5Match
DESC 'Description of the DHCP Server implementation e.g. DHCP Servers vendor.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.22
NAME 'dhcpAddressState'
EQUALITY caseIgnoreIA5Match
DESC 'This stores information about the current binding-status of an address. For dynamic addresses managed by DHCP, the values should be restricted to the following: "FREE", "ACTIVE", "EXPIRED", "RELEASED", "RESET", "ABANDONED", "BACKUP". For other addresses, it SHOULD be one of the following: "UNKNOWN", "RESERVED" (an address that is managed by DHCP that is reserved for a specific client), "RESERVED-ACTIVE" (same as reserved, but address is currently in use), "ASSIGNED" (assigned manually or by some other mechanism), "UNASSIGNED", "NOTASSIGNABLE".'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.23
NAME 'dhcpExpirationTime'
EQUALITY generalizedTimeMatch
DESC 'This is the time the current lease for an address expires.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.24
NAME 'dhcpStartTimeOfState'
EQUALITY generalizedTimeMatch
DESC 'This is the time of the last state change for a leased address.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.25
NAME 'dhcpLastTransactionTime'
EQUALITY generalizedTimeMatch
DESC 'This is the last time a valid DHCP packet was received from the client.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.26
NAME 'dhcpBootpFlag'
EQUALITY booleanMatch
DESC 'This indicates whether the address was assigned via BOOTP.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.27
NAME 'dhcpDomainName'
EQUALITY caseIgnoreIA5Match
DESC 'This is the name of the domain sent to the client by the server. It is essentially the same as the value for DHCP option 15 sent to the client, and represents only the domain - not the full FQDN. To obtain the full FQDN assigned to the client you must prepend the "dhcpAssignedHostName" to this value with a ".".'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.28
NAME 'dhcpDnsStatus'
EQUALITY integerMatch
DESC 'This indicates the status of updating DNS resource records on behalf of the client by the DHCP server for this address. The value is a 16-bit bitmask.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.29
NAME 'dhcpRequestedHostName'
EQUALITY caseIgnoreIA5Match
DESC 'This is the hostname that was requested by the client.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.30
NAME 'dhcpAssignedHostName'
EQUALITY caseIgnoreIA5Match
DESC 'This is the actual hostname that was assigned to a client. It may not be the name that was requested by the client. The fully qualified domain name can be determined by appending the value of "dhcpDomainName" (with a dot separator) to this name.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.31
NAME 'dhcpReservedForClient'
EQUALITY distinguishedNameMatch
DESC 'The distinguished name of a "dhcpClient" that an address is reserved for. This may not be the same as the "dhcpAssignedToClient" attribute if the address is being reassigned but the current lease has not yet expired.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.32
NAME 'dhcpAssignedToClient'
EQUALITY distinguishedNameMatch
DESC 'This is the distinguished name of a "dhcpClient" that an address is currently assigned to. This attribute is only present in the class when the address is leased.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.33
NAME 'dhcpRelayAgentInfo'
EQUALITY octetStringMatch
DESC 'If the client request was received via a relay agent, this contains information about the relay agent that was available from the DHCP request. This is a hex-encoded option value.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
# Bug #15211: s/IA5/Directory/
attributetype ( 2.16.840.1.113719.1.203.4.34
NAME 'dhcpHWAddress'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
DESC 'The clients hardware address that requested this IP address.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.35
NAME 'dhcpHashBucketAssignment'
EQUALITY octetStringMatch
DESC 'HashBucketAssignment bit map for the DHCP Server, as defined in DHC Load Balancing Algorithm [RFC 3074].'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.36
NAME 'dhcpDelayedServiceParameter'
EQUALITY integerMatch
DESC 'Delay in seconds corresponding to Delayed Service Parameter configuration, as defined in DHC Load Balancing Algorithm [RFC 3074]. '
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.37
NAME 'dhcpMaxClientLeadTime'
EQUALITY integerMatch
DESC 'Maximum Client Lead Time configuration in seconds, as defined in DHCP Failover Protocol [FAILOVR]'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.38
NAME 'dhcpFailOverEndpointState'
EQUALITY caseIgnoreIA5Match
DESC 'Server (Failover Endpoint) state, as defined in DHCP Failover Protocol [FAILOVR]'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.39
NAME 'dhcpErrorLog'
EQUALITY caseIgnoreIA5Match
DESC 'Generic error log attribute that allows logging error conditions within a dhcpService or a dhcpSubnet, like no IP addresses available for lease.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.40
NAME 'dhcpLocatorDN'
EQUALITY distinguishedNameMatch
DESC 'The DN of dhcpLocator object which contain the DNs of all DHCP configuration objects. There will be a single dhcpLocator object in the tree with links to all the DHCP objects in the tree'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 2.16.840.1.113719.1.203.4.41
NAME 'dhcpKeyAlgorithm'
EQUALITY caseIgnoreIA5Match
DESC 'Algorithm to generate TSIG Key'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.42
NAME 'dhcpKeySecret'
EQUALITY octetStringMatch
DESC 'Secret to generate TSIG Key' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.43
NAME 'dhcpDnsZoneServer'
EQUALITY caseIgnoreIA5Match
DESC 'Master server of the DNS Zone'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.44
NAME 'dhcpKeyDN'
EQUALITY distinguishedNameMatch
DESC 'The DNs of TSIG Key to use in secure dynamic updates. In case of locator object, this will be list of TSIG keys. In case of DHCP Service, Shared Network, Subnet and DNS Zone, it will be a single key.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
attributetype ( 2.16.840.1.113719.1.203.4.45
NAME 'dhcpZoneDN'
EQUALITY distinguishedNameMatch
DESC 'The DNs of DNS Zone. In case of locator object, this will be list of DNS Zones in the tree. In case of DHCP Service, Shared Network and Subnet, it will be a single DNS Zone.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
attributetype ( 2.16.840.1.113719.1.203.4.46
NAME 'dhcpFailOverPrimaryServer'
EQUALITY caseIgnoreIA5Match
DESC 'IP address or DNS name of the server playing primary role in DHC Load Balancing and Fail over.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 2.16.840.1.113719.1.203.4.47
NAME 'dhcpFailOverSecondaryServer'
EQUALITY caseIgnoreIA5Match
DESC 'IP address or DNS name of the server playing secondary role in DHC Load Balancing and Fail over.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 2.16.840.1.113719.1.203.4.48
NAME 'dhcpFailOverPrimaryPort'
EQUALITY integerMatch
DESC 'Port on which primary server listens for connections from its fail over peer (secondary server)'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
attributetype ( 2.16.840.1.113719.1.203.4.49
NAME 'dhcpFailOverSecondaryPort'
EQUALITY integerMatch
DESC 'Port on which secondary server listens for connections from its fail over peer (primary server)'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
attributetype ( 2.16.840.1.113719.1.203.4.50
NAME 'dhcpFailOverResponseDelay'
EQUALITY integerMatch
DESC 'Maximum response time in seconds, before Server assumes that connection to fail over peer has failed'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
attributetype ( 2.16.840.1.113719.1.203.4.51
NAME 'dhcpFailOverUnackedUpdates'
EQUALITY integerMatch
DESC 'Number of BNDUPD messages that server can send before it receives BNDACK from its fail over peer'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
attributetype ( 2.16.840.1.113719.1.203.4.52
NAME 'dhcpFailOverSplit'
EQUALITY integerMatch
DESC 'Split between the primary and secondary servers for fail over purpose'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
attributetype ( 2.16.840.1.113719.1.203.4.53
NAME 'dhcpFailOverLoadBalanceTime'
EQUALITY integerMatch
DESC 'Cutoff time in seconds, after which load balance is disabled'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
attributetype ( 2.16.840.1.113719.1.203.4.54
NAME 'dhcpFailOverPeerDN'
EQUALITY distinguishedNameMatch
DESC 'The DNs of Fail over peers. In case of locator object, this will be list of fail over peers in the tree. In case of Subnet and pool, it will be a single Fail Over Peer'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
#List of all servers in the tree
attributetype ( 2.16.840.1.113719.1.203.4.55
NAME 'dhcpServerDN'
EQUALITY distinguishedNameMatch
DESC 'List of all DHCP Servers in the tree. Used by dhcpLocatorObject'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 2.16.840.1.113719.1.203.4.56
NAME 'dhcpComments'
EQUALITY caseIgnoreIA5Match
DESC 'Generic attribute that allows coments within any DHCP object'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 2.16.840.1.113719.1.203.4.57
NAME 'dhcpClientId'
EQUALITY caseIgnoreIA5Match
DESC 'client Identifier.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 2.16.840.1.113719.1.203.4.58
NAME 'dhcpRange6'
EQUALITY caseIgnoreIA5Match
DESC 'The starting & ending IP Addresses in the range (inclusive), separated by a hyphen; if the range only contains one address, then just the address can be specified with no hyphen. Each range is defined as a separate value.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
# Classes
objectclass ( 2.16.840.1.113719.1.203.6.1
NAME 'dhcpService'
DESC 'Service object that represents the actual DHCP Service configuration. This is a container object.'
SUP top
MUST (cn)
MAY ( dhcpPrimaryDN $ dhcpSecondaryDN $ dhcpServerDN $ dhcpSharedNetworkDN $ dhcpSubnetDN $ dhcpGroupDN $ dhcpHostDN $ dhcpClassesDN $ dhcpOptionsDN $ dhcpZoneDN $ dhcpKeyDN $ dhcpFailOverPeerDN $ dhcpStatements $dhcpComments $ dhcpOption) )
objectclass ( 2.16.840.1.113719.1.203.6.2
NAME 'dhcpSharedNetwork'
DESC 'This stores configuration information for a shared network.'
SUP top
MUST cn
MAY ( dhcpSubnetDN $ dhcpPoolDN $ dhcpOptionsDN $ dhcpZoneDN $ dhcpStatements $dhcpComments $ dhcpOption) X-NDS_CONTAINMENT ('dhcpService' ) )
objectclass ( 2.16.840.1.113719.1.203.6.3
NAME 'dhcpSubnet'
DESC 'This class defines a subnet. This is a container object.'
SUP top
MUST ( cn $ dhcpNetMask )
MAY ( dhcpRange $ dhcpPoolDN $ dhcpGroupDN $ dhcpHostDN $ dhcpClassesDN $ dhcpLeasesDN $ dhcpOptionsDN $ dhcpZoneDN $ dhcpKeyDN $ dhcpFailOverPeerDN $ dhcpStatements $ dhcpComments $ dhcpOption ) X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork') )
objectclass ( 2.16.840.1.113719.1.203.6.4
NAME 'dhcpPool'
DESC 'This stores configuration information about a pool.'
SUP top
MUST ( cn $ dhcpRange )
MAY ( dhcpClassesDN $ dhcpPermitList $ dhcpLeasesDN $ dhcpOptionsDN $ dhcpZoneDN $dhcpKeyDN $ dhcpStatements $ dhcpComments $ dhcpOption $ dhcpStatements )
X-NDS_CONTAINMENT ('dhcpSubnet' 'dhcpSharedNetwork') )
objectclass ( 2.16.840.1.113719.1.203.6.5
NAME 'dhcpGroup'
DESC 'Group object that lists host DNs and parameters. This is a container object.'
SUP top
MUST cn
MAY ( dhcpHostDN $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption )
X-NDS_CONTAINMENT ('dhcpSubnet' 'dhcpService' ) )
objectclass ( 2.16.840.1.113719.1.203.6.6
NAME 'dhcpHost'
DESC 'This represents information about a particular client'
SUP top
MUST cn
MAY (dhcpLeaseDN $ dhcpHWAddress $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption $dhcpClientId )
X-NDS_CONTAINMENT ('dhcpService' 'dhcpSubnet' 'dhcpGroup') )
objectclass ( 2.16.840.1.113719.1.203.6.7
NAME 'dhcpClass'
DESC 'Represents information about a collection of related clients.'
SUP top
MUST cn
MAY (dhcpSubClassesDN $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption)
X-NDS_CONTAINMENT ('dhcpService' 'dhcpSubnet' ) )
objectclass ( 2.16.840.1.113719.1.203.6.8
NAME 'dhcpSubClass'
DESC 'Represents information about a collection of related classes.'
SUP top
MUST cn
MAY (dhcpClassData $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption) X-NDS_CONTAINMENT 'dhcpClass' )
objectclass ( 2.16.840.1.113719.1.203.6.9
NAME 'dhcpOptions'
DESC 'Represents information about a collection of options defined.'
SUP top AUXILIARY
MUST cn
MAY ( dhcpOption $ dhcpComments )
X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet' 'dhcpPool' 'dhcpGroup' 'dhcpHost' 'dhcpClass' ) )
objectclass ( 2.16.840.1.113719.1.203.6.10
NAME 'dhcpLeases'
DESC 'This class represents an IP Address, which may or may not have been leased.'
SUP top
MUST ( cn $ dhcpAddressState )
MAY ( dhcpExpirationTime $ dhcpStartTimeOfState $ dhcpLastTransactionTime $ dhcpBootpFlag $ dhcpDomainName $ dhcpDnsStatus $ dhcpRequestedHostName $ dhcpAssignedHostName $ dhcpReservedForClient $ dhcpAssignedToClient $ dhcpRelayAgentInfo $ dhcpHWAddress )
X-NDS_CONTAINMENT ( 'dhcpService' 'dhcpSubnet' 'dhcpPool') )
objectclass ( 2.16.840.1.113719.1.203.6.11
NAME 'dhcpLog'
DESC 'This is the object that holds past information about the IP address. The cn is the time/date stamp when the address was assigned or released, the address state at the time, if the address was assigned or released.'
SUP top
MUST ( cn )
MAY ( dhcpAddressState $ dhcpExpirationTime $ dhcpStartTimeOfState $ dhcpLastTransactionTime $ dhcpBootpFlag $ dhcpDomainName $ dhcpDnsStatus $ dhcpRequestedHostName $ dhcpAssignedHostName $ dhcpReservedForClient $ dhcpAssignedToClient $ dhcpRelayAgentInfo $ dhcpHWAddress $ dhcpErrorLog)
X-NDS_CONTAINMENT ('dhcpLeases' 'dhcpPool' 'dhcpSubnet' 'dhcpSharedNetwork' 'dhcpService' ) )
objectclass ( 2.16.840.1.113719.1.203.6.12
NAME 'dhcpServer'
DESC 'DHCP Server Object'
SUP top
MUST ( cn )
MAY (dhcpServiceDN $ dhcpLocatorDN $ dhcpVersion $ dhcpImplementation $ dhcpHashBucketAssignment $ dhcpDelayedServiceParameter $ dhcpMaxClientLeadTime $ dhcpFailOverEndpointState $ dhcpStatements $ dhcpComments $ dhcpOption)
X-NDS_CONTAINMENT ('organization' 'organizationalunit' 'domain') )
objectclass ( 2.16.840.1.113719.1.203.6.13
NAME 'dhcpTSigKey'
DESC 'TSIG key for secure dynamic updates'
SUP top
MUST (cn $ dhcpKeyAlgorithm $ dhcpKeySecret )
MAY ( dhcpComments )
X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet') )
objectclass ( 2.16.840.1.113719.1.203.6.14
NAME 'dhcpDnsZone'
DESC 'DNS Zone for updating leases'
SUP top
MUST (cn $ dhcpDnsZoneServer )
MAY (dhcpKeyDN $ dhcpComments)
X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet') )
objectclass ( 2.16.840.1.113719.1.203.6.15
NAME 'dhcpFailOverPeer'
DESC 'This class defines the Fail over peer'
SUP top
MUST ( cn $ dhcpFailOverPrimaryServer $ dhcpFailOverSecondaryServer $ dhcpFailoverPrimaryPort $ dhcpFailOverSecondaryPort) MAY (dhcpFailOverResponseDelay $ dhcpFailOverUnackedUpdates $ dhcpMaxClientLeadTime $ dhcpFailOverSplit $ dhcpHashBucketAssignment $ dhcpFailOverLoadBalanceTime $ dhcpComments )
X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet') )
objectclass ( 2.16.840.1.113719.1.203.6.16
NAME 'dhcpLocator'
DESC 'Locator object for DHCP configuration in the tree. There will be a single dhcpLocator object in the tree with links to all the DHCP objects in the tree'
SUP top
MUST ( cn )
MAY ( dhcpServiceDN $dhcpServerDN $ dhcpSharedNetworkDN $ dhcpSubnetDN $ dhcpPoolDN $ dhcpGroupDN $ dhcpHostDN $ dhcpClassesDN $ dhcpKeyDN $ dhcpZoneDN $ dhcpFailOverPeerDN $ dhcpOption $ dhcpComments)
X-NDS_CONTAINMENT ('organization' 'organizationalunit' 'domain') )
objectclass ( 2.16.840.1.113719.1.203.6.17
NAME 'dhcpSubnet6'
DESC 'This class defines an IPv6 subnet. This is a container object.'
SUP top
MUST ( cn )
MAY ( dhcpRange6 $ dhcpPoolDN $ dhcpGroupDN $ dhcpHostDN $ dhcpClassesDN $ dhcpLeasesDN $ dhcpOptionsDN $ dhcpZoneDN $ dhcpKeyDN $ dhcpFailOverPeerDN $ dhcpStatements $ dhcpComments $ dhcpOption $ dhcpPermitList ) X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork') )
objectclass ( 2.16.840.1.113719.1.203.6.18
NAME 'dhcpPool6'
DESC 'This stores configuration information about an IPv6 pool.'
SUP top
MUST ( cn $ dhcpRange6 )
MAY ( dhcpClassesDN $ dhcpPermitList $ dhcpLeasesDN $ dhcpOptionsDN $ dhcpZoneDN $dhcpKeyDN $ dhcpStatements $ dhcpComments $ dhcpOption )
X-NDS_CONTAINMENT ('dhcpSubnet' 'dhcpSharedNetwork') )

102
files/schema/directory.schema Normal file
View File

@ -0,0 +1,102 @@
# Copyright 2004-2017 Univention GmbH
#
# http://www.univention.de/
#
# All rights reserved.
#
# The source code of this program is made available
# under the terms of the GNU Affero General Public License version 3
# (GNU AGPL V3) as published by the Free Software Foundation.
#
# Binary versions of this program provided by Univention to you as
# well as other copyrighted, protected or trademarked materials like
# Logos, graphics, fonts, specific documentations and configurations,
# cryptographic keys etc. are subject to a license agreement between
# you and Univention and not subject to the GNU AGPL V3.
#
# In the case you use this program under the terms of the GNU AGPL V3,
# the program is provided in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public
# License with the Debian GNU/Linux or Univention distribution in file
# /usr/share/common-licenses/AGPL-3; if not, see
# <http://www.gnu.org/licenses/>.
# 1.3.6.1.4.1.10176.1000
# References
attributetype ( 1.3.6.1.4.1.10176.1200 NAME 'univentionPolicyObject'
DESC 'policy object'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1201 NAME 'univentionDnsObject'
DESC 'policy object'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1202 NAME 'univentionDhcpObject'
DESC 'policy object'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1203 NAME 'univentionUsersObject'
DESC 'policy object'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1204 NAME 'univentionGroupsObject'
DESC 'policy object'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1205 NAME 'univentionComputersObject'
DESC 'policy object'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1206 NAME 'univentionLicenseObject'
DESC 'license objects'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1207 NAME 'univentionNetworksObject'
DESC 'networks objects'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1208 NAME 'univentionSharesObject'
DESC 'shares objects'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1209 NAME 'univentionPrintersObject'
DESC 'printer objects'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1210 NAME 'univentionMailObject'
DESC 'mail objects'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
objectclass ( 1.3.6.1.4.1.10176.2010 NAME 'univentionDirectory'
SUP 'top' STRUCTURAL
DESC 'reference to policy object'
MUST ( cn )
MAY (
univentionPolicyObject $
univentionDnsObject $
univentionDhcpObject $
univentionUsersObject $
univentionGroupsObject $
univentionComputersObject $
univentionNetworksObject $
univentionSharesObject $
univentionPrintersObject $
univentionMailObject $
univentionLicenseObject
))

124
files/schema/dnszone.schema Normal file
View File

@ -0,0 +1,124 @@
# A schema for storing DNS zones in LDAP
#
attributetype ( 1.3.6.1.4.1.2428.20.0.0 NAME 'dNSTTL'
DESC 'An integer denoting time to live'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
attributetype ( 1.3.6.1.4.1.2428.20.0.1 NAME 'dNSClass'
DESC 'The class of a resource record'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.2428.20.0.2 NAME 'zoneName'
DESC 'The name of a zone, i.e. the name of the highest node in the zone'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.2428.20.0.3 NAME 'relativeDomainName'
DESC 'The starting labels of a domain name'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.2428.20.1.12 NAME 'pTRRecord'
DESC 'domain name pointer, RFC 1035'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.2428.20.1.13 NAME 'hInfoRecord'
DESC 'host information, RFC 1035'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.2428.20.1.14 NAME 'mInfoRecord'
DESC 'mailbox or mail list information, RFC 1035'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.2428.20.1.16 NAME 'tXTRecord'
DESC 'text string, RFC 1035'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.2428.20.1.24 NAME 'SigRecord'
DESC 'Signature, RFC 2535'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.2428.20.1.25 NAME 'KeyRecord'
DESC 'Key, RFC 2535'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.2428.20.1.28 NAME 'aAAARecord'
DESC 'IPv6 address, RFC 1886'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.2428.20.1.29 NAME 'LocRecord'
DESC 'Location, RFC 1876'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.2428.20.1.30 NAME 'nXTRecord'
DESC 'non-existant, RFC 2535'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.2428.20.1.33 NAME 'sRVRecord'
DESC 'service location, RFC 2782'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.2428.20.1.35 NAME 'nAPTRRecord'
DESC 'Naming Authority Pointer, RFC 2915'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.2428.20.1.36 NAME 'kXRecord'
DESC 'Key Exchange Delegation, RFC 2230'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.2428.20.1.37 NAME 'certRecord'
DESC 'certificate, RFC 2538'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.2428.20.1.38 NAME 'a6Record'
DESC 'A6 Record Type, RFC 2874'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.2428.20.1.39 NAME 'dNameRecord'
DESC 'Non-Terminal DNS Name Redirection, RFC 2672'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
objectclass ( 1.3.6.1.4.1.2428.20.3 NAME 'dNSZone'
SUP top STRUCTURAL
MUST ( zoneName $ relativeDomainName )
MAY ( DNSTTL $ DNSClass $
ARecord $ MDRecord $ MXRecord $ NSRecord $
SOARecord $ CNAMERecord $ PTRRecord $ HINFORecord $
MINFORecord $ TXTRecord $ SIGRecord $ KEYRecord $
AAAARecord $ LOCRecord $ NXTRecord $ SRVRecord $
NAPTRRecord $ KXRecord $ CERTRecord $ A6Record $
DNAMERecord ) )

153
files/schema/duaconf.schema Normal file
View File

@ -0,0 +1,153 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2014 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
# DUA schema from draft-joslin-config-schema (a work in progress)
# Contents of this file are subject to change (including deletion)
# without notice.
#
# Not recommended for production use!
# Use with extreme caution!
## Notes:
## - The matching rule for attributes followReferrals and dereferenceAliases
## has been changed to booleanMatch since their syntax is boolean
## - There was a typo in the name of the dereferenceAliases attributeType
## in the DUAConfigProfile objectClass definition
## - Credit goes to the original Authors
# The version of this file as distributed by the OpenLDAP Foundation
# contains text from an IETF Internet-Draft explaining the schema.
# Unfortunately, that text is covered by a license that doesn't meet
# Debian's Free Software Guidelines. This is a stripped version of the
# schema that contains only the functional schema definition, not the text
# of the Internet-Draft.
#
# For an explanation of this schema, see
# draft-joslin-config-schema-07.txt.
objectidentifier DUAConfSchemaOID 1.3.6.1.4.1.11.1.3.1
attributeType ( DUAConfSchemaOID:1.0 NAME 'defaultServerList'
DESC 'Default LDAP server host address used by a DUA'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
attributeType ( DUAConfSchemaOID:1.1 NAME 'defaultSearchBase'
DESC 'Default LDAP base DN used by a DUA'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
SINGLE-VALUE )
attributeType ( DUAConfSchemaOID:1.2 NAME 'preferredServerList'
DESC 'Preferred LDAP server host addresses to be used by a
DUA'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
attributeType ( DUAConfSchemaOID:1.3 NAME 'searchTimeLimit'
DESC 'Maximum time in seconds a DUA should allow for a
search to complete'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributeType ( DUAConfSchemaOID:1.4 NAME 'bindTimeLimit'
DESC 'Maximum time in seconds a DUA should allow for the
bind operation to complete'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributeType ( DUAConfSchemaOID:1.5 NAME 'followReferrals'
DESC 'Tells DUA if it should follow referrals
returned by a DSA search result'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE )
attributeType ( DUAConfSchemaOID:1.16 NAME 'dereferenceAliases'
DESC 'Tells DUA if it should dereference aliases'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE )
attributeType ( DUAConfSchemaOID:1.6 NAME 'authenticationMethod'
DESC 'A keystring which identifies the type of
authentication method used to contact the DSA'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
attributeType ( DUAConfSchemaOID:1.7 NAME 'profileTTL'
DESC 'Time to live, in seconds, before a client DUA
should re-read this configuration profile'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributeType ( DUAConfSchemaOID:1.14 NAME 'serviceSearchDescriptor'
DESC 'LDAP search descriptor list used by a DUA'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributeType ( DUAConfSchemaOID:1.9 NAME 'attributeMap'
DESC 'Attribute mappings used by a DUA'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributeType ( DUAConfSchemaOID:1.10 NAME 'credentialLevel'
DESC 'Identifies type of credentials a DUA should
use when binding to the LDAP server'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
attributeType ( DUAConfSchemaOID:1.11 NAME 'objectclassMap'
DESC 'Objectclass mappings used by a DUA'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributeType ( DUAConfSchemaOID:1.12 NAME 'defaultSearchScope'
DESC 'Default search scope used by a DUA'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
attributeType ( DUAConfSchemaOID:1.13 NAME 'serviceCredentialLevel'
DESC 'Identifies type of credentials a DUA
should use when binding to the LDAP server for a
specific service'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributeType ( DUAConfSchemaOID:1.15 NAME 'serviceAuthenticationMethod'
DESC 'Authentication method used by a service of the DUA'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
objectClass ( DUAConfSchemaOID:2.5 NAME 'DUAConfigProfile'
SUP top STRUCTURAL
DESC 'Abstraction of a base configuration for a DUA'
MUST ( cn )
MAY ( defaultServerList $ preferredServerList $
defaultSearchBase $ defaultSearchScope $
searchTimeLimit $ bindTimeLimit $
credentialLevel $ authenticationMethod $
followReferrals $ dereferenceAliases $
serviceSearchDescriptor $ serviceCredentialLevel $
serviceAuthenticationMethod $ objectclassMap $
attributeMap $ profileTTL ) )

91
files/schema/dyngroup.schema Normal file
View File

@ -0,0 +1,91 @@
# dyngroup.schema -- Dynamic Group schema
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2015 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
#
# Dynamic Group schema (experimental), as defined by Netscape. See
# http://www.redhat.com/docs/manuals/ent-server/pdf/esadmin611.pdf
# page 70 for details on how these groups were used.
#
# A description of the objectclass definition is available here:
# http://www.redhat.com/docs/manuals/dir-server/schema/7.1/oc_dir.html#1303745
#
# depends upon:
# core.schema
#
# These definitions are considered experimental due to the lack of
# a formal specification (e.g., RFC).
#
# NOT RECOMMENDED FOR PRODUCTION USE! USE WITH CAUTION!
#
# The Netscape documentation describes this as an auxiliary objectclass
# but their implementations have always defined it as a structural class.
# The sloppiness here is because Netscape-derived servers don't actually
# implement the X.500 data model, and they don't honor the distinction
# between structural and auxiliary classes. This fact is noted here:
# http://forum.java.sun.com/thread.jspa?threadID=5016864&messageID=9034636
#
# In accordance with other existing implementations, we define it as a
# structural class.
#
# Our definition of memberURL also does not match theirs but again
# their published definition and what works in practice do not agree.
# In other words, the Netscape definitions are broken and interoperability
# is not guaranteed.
#
# Also see the new DynGroup proposed spec at
# http://tools.ietf.org/html/draft-haripriya-dynamicgroup-02
objectIdentifier NetscapeRoot 2.16.840.1.113730
objectIdentifier NetscapeLDAP NetscapeRoot:3
objectIdentifier NetscapeLDAPattributeType NetscapeLDAP:1
objectIdentifier NetscapeLDAPobjectClass NetscapeLDAP:2
objectIdentifier OpenLDAPExp11 1.3.6.1.4.1.4203.666.11
objectIdentifier DynGroupBase OpenLDAPExp11:8
objectIdentifier DynGroupAttr DynGroupBase:1
objectIdentifier DynGroupOC DynGroupBase:2
attributetype ( NetscapeLDAPattributeType:198
NAME 'memberURL'
DESC 'Identifies an URL associated with each member of a group. Any type of labeled URL can be used.'
SUP labeledURI )
attributetype ( DynGroupAttr:1
NAME 'dgIdentity'
DESC 'Identity to use when processing the memberURL'
SUP distinguishedName SINGLE-VALUE )
attributeType ( DynGroupAttr:2
NAME 'dgAuthz'
DESC 'Optional authorization rules that determine who is allowed to assume the dgIdentity'
EQUALITY authzMatch
SYNTAX 1.3.6.1.4.1.4203.666.2.7
X-ORDERED 'VALUES' )
objectClass ( NetscapeLDAPobjectClass:33
NAME 'groupOfURLs'
SUP top STRUCTURAL
MUST cn
MAY ( memberURL $ businessCategory $ description $ o $ ou $
owner $ seeAlso ) )
# The Haripriya dyngroup schema still needs a lot of work.
# We're just adding support for the dgIdentity attribute for now...
objectClass ( DynGroupOC:1
NAME 'dgIdentityAux'
SUP top AUXILIARY
MAY ( dgIdentity $ dgAuthz ) )

139
files/schema/hdb.schema Normal file
View File

@ -0,0 +1,139 @@
# Definitions for a Kerberos V KDC schema
#
# $Id$
#
# This version is compatible with OpenLDAP 1.8
#
# OID Base is iso(1) org(3) dod(6) internet(1) private(4) enterprise(1) padl(5322) kdcSchema(10)
#
# Syntaxes are under 1.3.6.1.4.1.5322.10.0
# Attributes types are under 1.3.6.1.4.1.5322.10.1
# Object classes are under 1.3.6.1.4.1.5322.10.2
# Syntax definitions
#krb5KDCFlagsSyntax SYNTAX ::= {
# WITH SYNTAX INTEGER
#-- initial(0), -- require as-req
#-- forwardable(1), -- may issue forwardable
#-- proxiable(2), -- may issue proxiable
#-- renewable(3), -- may issue renewable
#-- postdate(4), -- may issue postdatable
#-- server(5), -- may be server
#-- client(6), -- may be client
#-- invalid(7), -- entry is invalid
#-- require-preauth(8), -- must use preauth
#-- change-pw(9), -- change password service
#-- require-hwauth(10), -- must use hwauth
#-- ok-as-delegate(11), -- as in TicketFlags
#-- user-to-user(12), -- may use user-to-user auth
#-- immutable(13) -- may not be deleted
# ID { 1.3.6.1.4.1.5322.10.0.1 }
#}
#krb5PrincipalNameSyntax SYNTAX ::= {
# WITH SYNTAX OCTET STRING
#-- String representations of distinguished names as per RFC1510
# ID { 1.3.6.1.4.1.5322.10.0.2 }
#}
# Attribute type definitions
attributetype ( 1.3.6.1.4.1.5322.10.1.1
NAME 'krb5PrincipalName'
DESC 'The unparsed Kerberos principal name'
EQUALITY caseExactIA5Match
SINGLE-VALUE
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.5322.10.1.2
NAME 'krb5KeyVersionNumber'
EQUALITY integerMatch
SINGLE-VALUE
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
attributetype ( 1.3.6.1.4.1.5322.10.1.3
NAME 'krb5MaxLife'
EQUALITY integerMatch
SINGLE-VALUE
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
attributetype ( 1.3.6.1.4.1.5322.10.1.4
NAME 'krb5MaxRenew'
EQUALITY integerMatch
SINGLE-VALUE
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
attributetype ( 1.3.6.1.4.1.5322.10.1.5
NAME 'krb5KDCFlags'
EQUALITY integerMatch
SINGLE-VALUE
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
attributetype ( 1.3.6.1.4.1.5322.10.1.6
NAME 'krb5EncryptionType'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
attributetype ( 1.3.6.1.4.1.5322.10.1.7
NAME 'krb5ValidStart'
EQUALITY generalizedTimeMatch
ORDERING generalizedTimeOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.5322.10.1.8
NAME 'krb5ValidEnd'
EQUALITY generalizedTimeMatch
ORDERING generalizedTimeOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.5322.10.1.9
NAME 'krb5PasswordEnd'
EQUALITY generalizedTimeMatch
ORDERING generalizedTimeOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
SINGLE-VALUE )
# this is temporary; keys will eventually
# be child entries or compound attributes.
attributetype ( 1.3.6.1.4.1.5322.10.1.10
NAME 'krb5Key'
DESC 'Encoded ASN1 Key as an octet string'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
attributetype ( 1.3.6.1.4.1.5322.10.1.11
NAME 'krb5PrincipalRealm'
DESC 'Distinguished name of krb5Realm entry'
SUP distinguishedName )
attributetype ( 1.3.6.1.4.1.5322.10.1.12
NAME 'krb5RealmName'
EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
# Object class definitions
objectclass ( 1.3.6.1.4.1.5322.10.2.1
NAME 'krb5Principal'
SUP top
AUXILIARY
MUST ( krb5PrincipalName )
MAY ( cn $ krb5PrincipalRealm ) )
objectclass ( 1.3.6.1.4.1.5322.10.2.2
NAME 'krb5KDCEntry'
SUP krb5Principal
AUXILIARY
MUST ( krb5KeyVersionNumber )
MAY ( krb5ValidStart $ krb5ValidEnd $ krb5PasswordEnd $
krb5MaxLife $ krb5MaxRenew $ krb5KDCFlags $
krb5EncryptionType $ krb5Key ) )
objectclass ( 1.3.6.1.4.1.5322.10.2.3
NAME 'krb5Realm'
SUP top
AUXILIARY
MUST ( krb5RealmName ) )

113
files/schema/inetorgperson.schema Normal file
View File

@ -0,0 +1,113 @@
# inetorgperson.schema -- InetOrgPerson (RFC2798)
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2014 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
#
# InetOrgPerson (RFC2798)
#
# Depends upon
# Definition of an X.500 Attribute Type and an Object Class to Hold
# Uniform Resource Identifiers (URIs) [RFC2079]
# (core.schema)
#
# A Summary of the X.500(96) User Schema for use with LDAPv3 [RFC2256]
# (core.schema)
#
# The COSINE and Internet X.500 Schema [RFC1274] (cosine.schema)
# The version of this file as distributed by the OpenLDAP Foundation
# contains text from an IETF RFC explaining the schema. Unfortunately,
# that text is covered by a license that doesn't meet Debian's Free
# Software Guidelines. This is a stripped version of the schema that
# contains only the functional schema definition, not the text of the
# RFC.
#
# For an explanation of this schema, see RFC 2798, at (among other
# places): http://www.ietf.org/rfc/rfc2798.txt
attributetype ( 2.16.840.1.113730.3.1.1
NAME 'carLicense'
DESC 'RFC2798: vehicle license or registration plate'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 2.16.840.1.113730.3.1.2
NAME 'departmentNumber'
DESC 'RFC2798: identifies a department within an organization'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 2.16.840.1.113730.3.1.241
NAME 'displayName'
DESC 'RFC2798: preferred name to be used when displaying entries'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
attributetype ( 2.16.840.1.113730.3.1.3
NAME 'employeeNumber'
DESC 'RFC2798: numerically identifies an employee within an organization'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
attributetype ( 2.16.840.1.113730.3.1.4
NAME 'employeeType'
DESC 'RFC2798: type of employment for a person'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 0.9.2342.19200300.100.1.60
NAME 'jpegPhoto'
DESC 'RFC2798: a JPEG image'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 )
attributetype ( 2.16.840.1.113730.3.1.39
NAME 'preferredLanguage'
DESC 'RFC2798: preferred written or spoken language for a person'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
## OpenLDAP note: ";binary" transfer should NOT be used as syntax is binary
attributetype ( 2.16.840.1.113730.3.1.40
NAME 'userSMIMECertificate'
DESC 'RFC2798: PKCS#7 SignedData used to support S/MIME'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
## OpenLDAP note: ";binary" transfer should NOT be used as syntax is binary
attributetype ( 2.16.840.1.113730.3.1.216
NAME 'userPKCS12'
DESC 'RFC2798: personal identity information, a PKCS #12 PFX'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
objectclass ( 2.16.840.1.113730.3.2.2
NAME 'inetOrgPerson'
DESC 'RFC2798: Internet Organizational Person'
SUP organizationalPerson
STRUCTURAL
MAY (
audio $ businessCategory $ carLicense $ departmentNumber $
displayName $ employeeNumber $ employeeType $ givenName $
homePhone $ homePostalAddress $ initials $ jpegPhoto $
labeledURI $ mail $ manager $ mobile $ o $ pager $
photo $ roomNumber $ secretary $ uid $ userCertificate $
x500uniqueIdentifier $ preferredLanguage $
userSMIMECertificate $ userPKCS12 )
)

109
files/schema/java.schema Normal file
View File

@ -0,0 +1,109 @@
# java.schema -- Java Object Schema
# $OpenLDAP: pkg/ldap/servers/slapd/schema/java.schema,v 1.5.2.3 2007/01/02 21:44:09 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
#
# Java Object Schema (defined in RFC 2713)
# depends upon core.schema
#
# The version of this file as distributed by the OpenLDAP Foundation
# contains text from an IETF RFC explaining the schema. Unfortunately,
# that text is covered by a license that doesn't meet Debian's Free
# Software Guidelines. This is a stripped version of the schema that
# contains only the functional schema definition, not the text of the
# RFC.
#
# For an explanation of this schema, see RFC 2713, at (among other
# places): http://www.ietf.org/rfc/rfc2713.txt
attributetype ( 1.3.6.1.4.1.42.2.27.4.1.6
NAME 'javaClassName'
DESC 'Fully qualified name of distinguished Java class or interface'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.42.2.27.4.1.7
NAME 'javaCodebase'
DESC 'URL(s) specifying the location of class definition'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.42.2.27.4.1.13
NAME 'javaClassNames'
DESC 'Fully qualified Java class or interface name'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.42.2.27.4.1.8
NAME 'javaSerializedData'
DESC 'Serialized form of a Java object'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.42.2.27.4.1.10
NAME 'javaFactory'
DESC 'Fully qualified Java class name of a JNDI object factory'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.42.2.27.4.1.11
NAME 'javaReferenceAddress'
DESC 'Addresses associated with a JNDI Reference'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.42.2.27.4.1.12
NAME 'javaDoc'
DESC 'The Java documentation for the class'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
objectclass ( 1.3.6.1.4.1.42.2.27.4.2.1
NAME 'javaContainer'
DESC 'Container for a Java object'
SUP top
STRUCTURAL
MUST cn )
objectclass ( 1.3.6.1.4.1.42.2.27.4.2.4
NAME 'javaObject'
DESC 'Java object representation'
SUP top
ABSTRACT
MUST javaClassName
MAY ( javaClassNames $ javaCodebase $
javaDoc $ description ) )
objectclass ( 1.3.6.1.4.1.42.2.27.4.2.5
NAME 'javaSerializedObject'
DESC 'Java serialized object'
SUP javaObject
AUXILIARY
MUST javaSerializedData )
objectclass ( 1.3.6.1.4.1.42.2.27.4.2.8
NAME 'javaMarshalledObject'
DESC 'Java marshalled object'
SUP javaObject
AUXILIARY
MUST javaSerializedData )
objectclass ( 1.3.6.1.4.1.42.2.27.4.2.7
NAME 'javaNamingReference'
DESC 'JNDI reference'
SUP javaObject
AUXILIARY
MAY ( javaReferenceAddress $ javaFactory ) )

136
files/schema/krb5-kdc.schema Normal file
View File

@ -0,0 +1,136 @@
# $Id: krb5-kdc.schema,v 1.1.14.1.20.2 2006/02/02 09:22:53 martin Exp $
# Definitions for a Kerberos V KDC schema
# OID Base is iso(1) org(3) dod(6) internet(1) private(4) enterprise(1) padl(5322) kdcSchema(10)
#
# Syntaxes are under 1.3.6.1.4.1.5322.10.0
# Attributes types are under 1.3.6.1.4.1.5322.10.1
# Object classes are under 1.3.6.1.4.1.5322.10.2
# Syntax definitions
#krb5KDCFlagsSyntax SYNTAX ::= {
# WITH SYNTAX INTEGER
#-- initial(0), -- require as-req
#-- forwardable(1), -- may issue forwardable
#-- proxiable(2), -- may issue proxiable
#-- renewable(3), -- may issue renewable
#-- postdate(4), -- may issue postdatable
#-- server(5), -- may be server
#-- client(6), -- may be client
#-- invalid(7), -- entry is invalid
#-- require-preauth(8), -- must use preauth
#-- change-pw(9), -- change password service
#-- require-hwauth(10), -- must use hwauth
#-- ok-as-delegate(11), -- as in TicketFlags
#-- user-to-user(12), -- may use user-to-user auth
#-- immutable(13) -- may not be deleted
# ID { 1.3.6.1.4.1.5322.10.0.1 }
#}
#krb5PrincipalNameSyntax SYNTAX ::= {
# WITH SYNTAX OCTET STRING
#-- String representations of distinguished names as per RFC1510
# ID { 1.3.6.1.4.1.5322.10.0.2 }
#}
# Attribute type definitions
attributetype ( 1.3.6.1.4.1.5322.10.1.1
NAME 'krb5PrincipalName'
DESC 'The unparsed Kerberos principal name'
EQUALITY octetStringMatch
SINGLE-VALUE
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
attributetype ( 1.3.6.1.4.1.5322.10.1.2
NAME 'krb5KeyVersionNumber'
EQUALITY integerMatch
SINGLE-VALUE
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
attributetype ( 1.3.6.1.4.1.5322.10.1.3
NAME 'krb5MaxLife'
EQUALITY integerMatch
SINGLE-VALUE
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
attributetype ( 1.3.6.1.4.1.5322.10.1.4
NAME 'krb5MaxRenew'
EQUALITY integerMatch
SINGLE-VALUE
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
attributetype ( 1.3.6.1.4.1.5322.10.1.5
NAME 'krb5KDCFlags'
EQUALITY integerMatch
SINGLE-VALUE
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
attributetype ( 1.3.6.1.4.1.5322.10.1.6
NAME 'krb5EncryptionType'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
attributetype ( 1.3.6.1.4.1.5322.10.1.7
NAME 'krb5ValidStart'
EQUALITY generalizedTimeMatch
ORDERING generalizedTimeOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.5322.10.1.8
NAME 'krb5ValidEnd'
EQUALITY generalizedTimeMatch
ORDERING generalizedTimeOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.5322.10.1.9
NAME 'krb5PasswordEnd'
EQUALITY generalizedTimeMatch
ORDERING generalizedTimeOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
SINGLE-VALUE )
# this is temporary; keys will eventually
# be child entries or compound attributes.
attributetype ( 1.3.6.1.4.1.5322.10.1.10
NAME 'krb5Key'
DESC 'Encoded ASN1 Key as an octet string'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
attributetype ( 1.3.6.1.4.1.5322.10.1.11
NAME 'krb5PrincipalRealm'
DESC 'Distinguished name of krb5Realm entry'
SUP distinguishedName )
attributetype ( 1.3.6.1.4.1.5322.10.1.12
NAME 'krb5RealmName'
EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
# Object class definitions
objectclass ( 1.3.6.1.4.1.5322.10.2.1
NAME 'krb5Principal'
SUP top
AUXILIARY
MUST ( krb5PrincipalName )
MAY ( cn $ krb5PrincipalRealm ) )
objectclass ( 1.3.6.1.4.1.5322.10.2.2
NAME 'krb5KDCEntry'
SUP krb5Principal
AUXILIARY
MUST ( krb5KeyVersionNumber )
MAY ( krb5ValidStart $ krb5ValidEnd $ krb5PasswordEnd $
krb5MaxLife $ krb5MaxRenew $ krb5KDCFlags $
krb5EncryptionType $ krb5Key ) )
objectclass ( 1.3.6.1.4.1.5322.10.2.3
NAME 'krb5Realm'
SUP top
AUXILIARY
MUST ( krb5RealmName ) )

176
files/schema/license.schema Normal file
View File

@ -0,0 +1,176 @@
# Copyright 2004-2017 Univention GmbH
#
# http://www.univention.de/
#
# All rights reserved.
#
# The source code of this program is made available
# under the terms of the GNU Affero General Public License version 3
# (GNU AGPL V3) as published by the Free Software Foundation.
#
# Binary versions of this program provided by Univention to you as
# well as other copyrighted, protected or trademarked materials like
# Logos, graphics, fonts, specific documentations and configurations,
# cryptographic keys etc. are subject to a license agreement between
# you and Univention and not subject to the GNU AGPL V3.
#
# In the case you use this program under the terms of the GNU AGPL V3,
# the program is provided in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public
# License with the Debian GNU/Linux or Univention distribution in file
# /usr/share/common-licenses/AGPL-3; if not, see
# <http://www.gnu.org/licenses/>.
# 1.3.6.1.4.1.10176.1000
# References
attributetype ( 1.3.6.1.4.1.10176.1700 NAME ( 'univentionLicenseModule' )
DESC 'Licence Module'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.1702 NAME ( 'univentionLicenseBaseDN' )
DESC 'Licenceesystem identify'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.1703 NAME ( 'univentionLicenseEndDate' )
DESC 'License end date'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.1705 NAME ( 'univentionLicenseSignature' )
DESC 'Licence Signature'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.1706 NAME ( 'univentionLicenseAccounts' )
DESC 'Deprecated: License maximum number of users'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.1707 NAME ( 'univentionLicenseClients' )
DESC 'Deprecated: License maximum number of clients'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.1708 NAME ( 'univentionLicenseGroupwareAccounts' )
DESC 'Deprecated: License maximum number of groupware accounts'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.1709 NAME ( 'univentionLicenseuniventionDesktops' )
DESC 'Deprecated: License maximum number of UCS managed desktops'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.1710 NAME ( 'univentionLicenseType' )
DESC 'Deprecated: License type containing the products this license used for'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
attributetype ( 1.3.6.1.4.1.10176.1711 NAME ( 'univentionLicenseOEMProduct' )
DESC 'OEM License type containing the OEM products this license is used for'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
attributetype ( 1.3.6.1.4.1.10176.1712.1.1 NAME ( 'univentionLicensePhysicalServers' )
DESC 'Deprecated: License maximum number of physical UCS servers'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
attributetype ( 1.3.6.1.4.1.10176.1712.1.2 NAME ( 'univentionLicenseServerInstances' )
DESC 'Deprecated: License maximum number of UCS server instances'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
attributetype ( 1.3.6.1.4.1.10176.1712.1.3 NAME ( 'univentionLicenseThinClients' )
DESC 'Deprecated: License maximum number of thin clients'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
attributetype ( 1.3.6.1.4.1.10176.1712.1.4 NAME ( 'univentionLicenseVirtualDesktops' )
DESC 'Deprecated: License maximum number of virtual desktops'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
attributetype ( 1.3.6.1.4.1.10176.1712.1.6 NAME ( 'univentionLicenseProduct' )
DESC 'Name of the product'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
attributetype ( 1.3.6.1.4.1.10176.1712.1.7 NAME ( 'univentionLicenseKeyID' )
DESC 'KeyID of the license'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
attributetype ( 1.3.6.1.4.1.10176.1712.1.8 NAME ( 'univentionLicenseServers' )
DESC 'License maximum of servers'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
attributetype ( 1.3.6.1.4.1.10176.1712.1.9 NAME ( 'univentionLicenseSupport' )
DESC 'License maximum of servers with standard support'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
attributetype ( 1.3.6.1.4.1.10176.1712.1.10 NAME ( 'univentionLicensePremiumSupport' )
DESC 'License maximum of servers with premium support'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
attributetype ( 1.3.6.1.4.1.10176.1712.1.11 NAME ( 'univentionLicenseManagedClients' )
DESC 'License maximum of servers with premium support'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
attributetype ( 1.3.6.1.4.1.10176.1712.1.12 NAME ( 'univentionLicenseCorporateClients' )
DESC 'License maximum of UCC systems'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
attributetype ( 1.3.6.1.4.1.10176.1712.1.13 NAME ( 'univentionLicenseUsers' )
DESC 'License maximum of users'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
attributetype ( 1.3.6.1.4.1.10176.1712.1.14 NAME ( 'univentionLicenseVirtualDesktopUsers' )
DESC 'License maximum of users for DVS'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
attributetype ( 1.3.6.1.4.1.10176.1712.1.15 NAME ( 'univentionLicenseVirtualDesktopClients' )
DESC 'License maximum of clients for DVS'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
attributetype ( 1.3.6.1.4.1.10176.1712.1.16 NAME ( 'univentionLicenseVersion' )
DESC 'Version of the license format'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
objectclass ( 1.3.6.1.4.1.10176.1799 NAME ( 'univentionLicense' )
DESC 'univention Licence Object'
SUP 'top' STRUCTURAL
MUST ( cn $
univentionLicenseEndDate $
univentionLicenseBaseDN $ univentionLicenseSignature )
MAY (
univentionLicenseProduct $ univentionLicenseKeyID $
univentionLicenseOEMProduct $ univentionLicenseServers $
univentionLicenseSupport $ univentionLicensePremiumSupport $
univentionLicenseManagedClients $ univentionLicenseUsers $
univentionLicenseVirtualDesktopUsers $ univentionLicenseVirtualDesktopClients $
univentionLicenseCorporateClients $ univentionLicenseVersion $
univentionLicenseAccounts $ univentionLicenseClients $
univentionLicenseGroupwareAccounts $
univentionLicenseuniventionDesktops $ univentionLicenseType $
univentionLicensePhysicalServers $ univentionLicenseServerInstances $
univentionLicenseThinClients $ univentionLicenseVirtualDesktops $
univentionLicenseModule
) )

46
files/schema/lock.schema Normal file
View File

@ -0,0 +1,46 @@
# Copyright 2004-2017 Univention GmbH
#
# http://www.univention.de/
#
# All rights reserved.
#
# The source code of this program is made available
# under the terms of the GNU Affero General Public License version 3
# (GNU AGPL V3) as published by the Free Software Foundation.
#
# Binary versions of this program provided by Univention to you as
# well as other copyrighted, protected or trademarked materials like
# Logos, graphics, fonts, specific documentations and configurations,
# cryptographic keys etc. are subject to a license agreement between
# you and Univention and not subject to the GNU AGPL V3.
#
# In the case you use this program under the terms of the GNU AGPL V3,
# the program is provided in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public
# License with the Debian GNU/Linux or Univention distribution in file
# /usr/share/common-licenses/AGPL-3; if not, see
# <http://www.gnu.org/licenses/>.
attributetype ( 1.3.6.1.4.1.10176.92 NAME 'lockTime'
DESC 'time the lock was set in place in seconds since epoch'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
objectclass ( 1.3.6.1.4.1.10176.94 NAME 'lock'
DESC 'Locks a value or component specified by cn. lockTime is the timestamp of the lock.'
MUST ( cn $ lockTime ))
attributetype ( 1.3.6.1.4.1.10176.96 NAME 'univentionLastUsedValue'
DESC 'the last used value'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
objectclass ( 1.3.6.1.4.1.10176.98 NAME 'univentionLastUsed'
DESC 'save the last used value'
SUP top AUXILIARY
MUST ( cn )
MAY ( univentionLastUsedValue ) )

204
files/schema/mail.schema Normal file
View File

@ -0,0 +1,204 @@
# Copyright 2004-2017 Univention GmbH
#
# http://www.univention.de/
#
# All rights reserved.
#
# The source code of this program is made available
# under the terms of the GNU Affero General Public License version 3
# (GNU AGPL V3) as published by the Free Software Foundation.
#
# Binary versions of this program provided by Univention to you as
# well as other copyrighted, protected or trademarked materials like
# Logos, graphics, fonts, specific documentations and configurations,
# cryptographic keys etc. are subject to a license agreement between
# you and Univention and not subject to the GNU AGPL V3.
#
# In the case you use this program under the terms of the GNU AGPL V3,
# the program is provided in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public
# License with the Debian GNU/Linux or Univention distribution in file
# /usr/share/common-licenses/AGPL-3; if not, see
# <http://www.gnu.org/licenses/>.
# mail.schema
# $OID: 1.3.6.1.4.1.10176.1010
attributetype ( 1.3.6.1.4.1.10176.1010.1.1 NAME 'mailPrimaryAddress'
SUBSTR caseIgnoreSubstringsMatch
DESC 'Primary mailaddresses for the user'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.1010.1.2 NAME 'mailAlternativeAddress'
SUBSTR caseIgnoreSubstringsMatch
DESC 'Secondary (alias) mailaddresses for the same user'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.1010.1.3 NAME 'mailGlobalSpamFolder'
DESC 'Move Spam to global spam folder instead of local spam folder'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.1010.1.10 NAME 'mailRelay'
SUBSTR caseIgnoreSubstringsMatch
DESC 'Domain Mail Relay'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
objectclass ( 1.3.6.1.4.1.10176.1010.2.10 NAME 'univentionMailDomain'
DESC 'Univention Mail Domain Preferences' SUP top AUXILIARY
MAY ( mailRelay ) )
attributetype ( 1.3.6.1.4.1.10176.1010.1.41 NAME 'univentionCanonicalSenderRewriteEnabled'
DESC 'rewrite sender addresses?'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{10} SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.1010.1.42 NAME 'univentionCanonicalRecipientRewriteEnabled'
DESC 'rewrite recipient addresses?'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{10} SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.1010.1.43 NAME 'univentionInternalPrimaryMailAddress'
DESC 'primary mail address of user'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.1010.1.44 NAME 'univentionInternalAlternativeMailAddress'
DESC 'additional mail addresses'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 1.3.6.1.4.1.10176.1010.1.45 NAME 'univentionPublicPrimaryMailAddress'
DESC 'public mail address of user'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.1010.1.46 NAME 'univentionPublicAlternativeMailAddress'
DESC 'additional mail addresses'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 1.3.6.1.4.1.10176.1010.1.47 NAME 'mailForwardAddress'
SUBSTR caseIgnoreSubstringsMatch
DESC 'External mail addresses to forward the users emails to'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
objectclass ( 1.3.6.1.4.1.10176.1010.2.40 NAME 'univentionMailCanonicalMaps'
DESC 'data for rewriting mail addresses'
SUP top AUXILIARY
MAY ( univentionCanonicalSenderRewriteEnabled $ univentionCanonicalRecipientRewriteEnabled $
univentionInternalPrimaryMailAddress $ univentionInternalAlternativeMailAddress $
univentionPublicPrimaryMailAddress $ univentionPublicAlternativeMailAddress ) )
attributetype ( 1.3.6.1.4.1.10176.1010.1.60 NAME 'univentionMailHomeServer'
DESC 'home server of users mailbox'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} SINGLE-VALUE )
objectclass ( 1.3.6.1.4.1.10176.1010.2.60 NAME 'univentionMailRouting'
DESC 'data for routing mails'
SUP top AUXILIARY
MAY ( univentionMailHomeServer ) )
attributetype ( 1.3.6.1.4.1.10176.1010.1.70 NAME 'univentionMailserverFQDN'
DESC 'list of available mailserver fqdn'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
objectclass ( 1.3.6.1.4.1.10176.1010.2.70 NAME 'univentionMailserverList'
DESC 'data for routing mails'
SUP top AUXILIARY
MAY ( univentionMailserverFQDN ) )
attributetype ( 1.3.6.1.4.1.10176.1010.1.80 NAME 'univentionAllowedEmailUsers'
DESC 'Users that are allowed to send e-mails'
EQUALITY distinguishedNameMatch
SUP distinguishedName )
attributetype ( 1.3.6.1.4.1.10176.1010.1.81 NAME 'univentionAllowedEmailGroups'
DESC 'Groups that are allowed to send e-mails'
EQUALITY distinguishedNameMatch
SUP distinguishedName )
attributetype ( 1.3.6.1.4.1.10176.1010.1.90
NAME 'univentionMailUserNamespace'
DESC 'use namespace "user" instead of "shared" for shared folders'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.1010.1.91
NAME 'univentionMailSharedFolderDeliveryAddress'
DESC 'use given mailaddress for mail delivery to shared folder'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.1010.1.92
NAME 'univentionMailUserQuota'
DESC 'Mailbox hard quota limit in MB'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1010.1.93
NAME 'univentionMailACL'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
objectclass ( 1.3.6.1.4.1.10176.1010.2.90
NAME 'univentionMailSharedFolder'
DESC 'Univention shared folder'
SUP top STRUCTURAL
MUST ( cn )
MAY ( mailPrimaryAddress $ mailAlternativeAddress $ univentionMailUserNamespace $ univentionMailSharedFolderDeliveryAddress $ univentionMailACL $ univentionMailUserQuota $ univentionMailHomeServer ) )
attributetype ( 1.3.6.1.4.1.10176.1010.1.100
NAME 'univentionMailMember'
DESC 'Univention Mailinglist Member'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
objectclass ( 1.3.6.1.4.1.10176.1010.2.100
NAME 'univentionMailList'
DESC 'Univention Mailinglist'
SUP top STRUCTURAL
MUST ( cn )
MAY (mailPrimaryAddress $ description $ univentionMailMember $ univentionAllowedEmailGroups $ univentionAllowedEmailUsers) )
objectclass ( 1.3.6.1.4.1.10176.1012.2.1
NAME 'univentionMailDomainname'
DESC 'Univention Mail Domain'
SUP top STRUCTURAL
MUST ( cn ) )
objectclass ( 1.3.6.1.4.1.10176.1010.2.1 NAME 'univentionMail'
DESC 'Univention Mail Preferences' SUP top AUXILIARY
MUST ( uid )
MAY ( univentionMailHomeServer $ mailPrimaryAddress $ mailAlternativeAddress $ mailGlobalSpamFolder $ univentionMailUserQuota $ mailForwardAddress ) )

75
files/schema/misc.schema Normal file
View File

@ -0,0 +1,75 @@
# misc.schema -- assorted schema definitions
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2015 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
#
# Assorted definitions from several sources, including
# ''works in progress''. Contents of this file are
# subject to change (including deletion) without notice.
#
# Not recommended for production use!
# Use with extreme caution!
#-----------------------------------------------------------
# draft-lachman-laser-ldap-mail-routing-02.txt !!!EXPIRED!!!
# (a work in progress)
#
attributetype ( 2.16.840.1.113730.3.1.13
NAME 'mailLocalAddress'
DESC 'RFC822 email address of this recipient'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
attributetype ( 2.16.840.1.113730.3.1.18
NAME 'mailHost'
DESC 'FQDN of the SMTP/MTA of this recipient'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
SINGLE-VALUE )
attributetype ( 2.16.840.1.113730.3.1.47
NAME 'mailRoutingAddress'
DESC 'RFC822 routing address of this recipient'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
SINGLE-VALUE )
# I-D leaves this OID TBD.
# iPlanet uses 2.16.840.1.113.730.3.2.147 but that is an
# improperly delegated OID. A typo is likely.
objectclass ( 2.16.840.1.113730.3.2.147
NAME 'inetLocalMailRecipient'
DESC 'Internet local mail recipient'
SUP top AUXILIARY
MAY ( mailLocalAddress $ mailHost $ mailRoutingAddress ) )
#-----------------------------------------------------------
# draft-srivastava-ldap-mail-00.txt !!!EXPIRED!!!
# (a work in progress)
#
attributetype ( 1.3.6.1.4.1.42.2.27.2.1.15
NAME 'rfc822MailMember'
DESC 'rfc822 mail address of group member(s)'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
#-----------------------------------------------------------
# !!!no I-D!!!
# (a work in progress)
#
objectclass ( 1.3.6.1.4.1.42.2.27.1.2.5
NAME 'nisMailAlias'
DESC 'NIS mail alias'
SUP top STRUCTURAL
MUST cn
MAY rfc822MailMember )

95
files/schema/msgpo.schema Normal file
View File

@ -0,0 +1,95 @@
# Copyright 2012-2017 Univention GmbH
#
# http://www.univention.de/
#
# All rights reserved.
#
# The source code of this program is made available
# under the terms of the GNU Affero General Public License version 3
# (GNU AGPL V3) as published by the Free Software Foundation.
#
# Binary versions of this program provided by Univention to you as
# well as other copyrighted, protected or trademarked materials like
# Logos, graphics, fonts, specific documentations and configurations,
# cryptographic keys etc. are subject to a license agreement between
# you and Univention and not subject to the GNU AGPL V3.
#
# In the case you use this program under the terms of the GNU AGPL V3,
# the program is provided in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public
# License with the Debian GNU/Linux or Univention distribution in file
# /usr/share/common-licenses/AGPL-3; if not, see
# <http://www.gnu.org/licenses/>.
# OID: 1.3.6.1.4.1.10176.4105
attributetype ( 1.3.6.1.4.1.10176.4105.1.1 NAME 'msGPOLink'
DESC 'MS Group Policy Link'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
objectclass ( 1.3.6.1.4.1.10176.4105.2.1 NAME 'msGPO'
DESC 'MS Group Policy'
SUP top AUXILIARY
MAY ( msGPOLink ) )
attributetype ( 1.3.6.1.4.1.10176.4105.1.2 NAME 'msGPOFlags'
DESC 'MS Group Policy Container Flags'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.4105.1.3 NAME 'msGPOVersionNumber'
DESC 'MS Group Policy Container Version Number'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.4105.1.4 NAME 'msGPOSystemFlags'
DESC 'MS Group Policy Container System Flags'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.4105.1.5 NAME 'msGPOFunctionalityVersion'
DESC 'MS Group Policy Container Functionality Version'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.4105.1.6 NAME 'msGPOFileSysPath'
DESC 'MS Group Policy Container Sys Path'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.4105.1.7 NAME 'msGPOMachineExtensionNames'
DESC 'MS Group Policy Container Machine Extension Names'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.4105.1.8 NAME 'msGPOUserExtensionNames'
DESC 'MS Group Policy Container User Extension Names'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.4105.1.9 NAME 'msGPOWQLFilter'
DESC 'MS Group Policy Container WQL Filter'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
objectclass ( 1.3.6.1.4.1.10176.4105.2.2 NAME 'msGPOContainer'
DESC 'MS GPO Policy Container'
SUP top STRUCTURAL
Must ( cn )
MAY (
description $
displayName $
msGPOFlags $
msGPOVersionNumber $
msGPOSystemFlags $
msGPOFunctionalityVersion $
msGPOFileSysPath $
msGPOUserExtensionNames $
msGPOMachineExtensionNames $
msGPOWQLFilter
)
)

67
files/schema/msprintconnectionpolicy.schema Normal file
View File

@ -0,0 +1,67 @@
# Copyright 2013-2017 Univention GmbH
#
# http://www.univention.de/
#
# All rights reserved.
#
# The source code of this program is made available
# under the terms of the GNU Affero General Public License version 3
# (GNU AGPL V3) as published by the Free Software Foundation.
#
# Binary versions of this program provided by Univention to you as
# well as other copyrighted, protected or trademarked materials like
# Logos, graphics, fonts, specific documentations and configurations,
# cryptographic keys etc. are subject to a license agreement between
# you and Univention and not subject to the GNU AGPL V3.
#
# In the case you use this program under the terms of the GNU AGPL V3,
# the program is provided in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public
# License with the Debian GNU/Linux or Univention distribution in file
# /usr/share/common-licenses/AGPL-3; if not, see
# <http://www.gnu.org/licenses/>.
# OID: 1.3.6.1.4.1.10176.4107
# single, enumeration - printAttributes
attributetype ( 1.3.6.1.4.1.10176.4107.1.1 NAME 'msPrintAttributes'
DESC 'msPrintAttributes'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
# single, String(Unicode) - printerName
attributetype ( 1.3.6.1.4.1.10176.4107.1.2 NAME 'msPrinterName'
DESC 'msPrinterName'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
# single, String(Unicode) - serverName
attributetype ( 1.3.6.1.4.1.10176.4107.1.3 NAME 'msPrintServerName'
DESC 'msPrintServerName'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
# single, String(Unicode) - uNCName
attributetype ( 1.3.6.1.4.1.10176.4107.1.4 NAME 'msPrintUNCName'
DESC 'msPrintUNCName'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
# msPrint-ConnectionPolicy
objectclass ( 1.3.6.1.4.1.10176.4107.2.1 NAME 'msPrintConnectionPolicy'
DESC 'msPrintConnectionPolicy'
SUP top STRUCTURAL
Must ( cn )
MAY (
description $
displayName $
msPrintAttributes $
msPrinterName $
msPrintServerName $
msPrintUNCName
)
)

121
files/schema/mswmi.schema Normal file
View File

@ -0,0 +1,121 @@
# Copyright 2013-2017 Univention GmbH
#
# http://www.univention.de/
#
# All rights reserved.
#
# The source code of this program is made available
# under the terms of the GNU Affero General Public License version 3
# (GNU AGPL V3) as published by the Free Software Foundation.
#
# Binary versions of this program provided by Univention to you as
# well as other copyrighted, protected or trademarked materials like
# Logos, graphics, fonts, specific documentations and configurations,
# cryptographic keys etc. are subject to a license agreement between
# you and Univention and not subject to the GNU AGPL V3.
#
# In the case you use this program under the terms of the GNU AGPL V3,
# the program is provided in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public
# License with the Debian GNU/Linux or Univention distribution in file
# /usr/share/common-licenses/AGPL-3; if not, see
# <http://www.gnu.org/licenses/>.
# OID: 1.3.6.1.4.1.10176.4106
attributetype ( 1.3.6.1.4.1.10176.4106.1.1 NAME 'msWMIName'
DESC 'MS WMI Name'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.4106.1.2 NAME 'msWMIID'
DESC 'MS WMI ID'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.4106.1.3 NAME 'msWMIAuthor'
DESC 'MS WMI Author'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.4106.1.4 NAME 'msWMICreationDate'
DESC 'MS WMI Creation Date'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.4106.1.5 NAME 'msWMIChangeDate'
DESC 'MS WMI Change Date'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.4106.1.6 NAME 'msWMIParm1'
DESC 'MS WMI Parm1'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.4106.1.7 NAME 'msWMIParm2'
DESC 'MS WMI Parm2'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.4106.1.8 NAME 'msWMIParm3'
DESC 'MS WMI Parm3'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.4106.1.9 NAME 'msWMIParm4'
DESC 'MS WMI Parm4'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.4106.1.10 NAME 'msWMIintFlags1'
DESC 'MS WMI Integer Flags 1'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
attributetype ( 1.3.6.1.4.1.10176.4106.1.11 NAME 'msWMIintFlags2'
DESC 'MS WMI Integer Flags 2'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
attributetype ( 1.3.6.1.4.1.10176.4106.1.12 NAME 'msWMIintFlags3'
DESC 'MS WMI Integer Flags 3'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
attributetype ( 1.3.6.1.4.1.10176.4106.1.13 NAME 'msWMIintFlags4'
DESC 'MS WMI Integer Flags 4'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
attributetype ( 1.3.6.1.4.1.10176.4106.1.14 NAME 'msWMISourceOrganization'
DESC 'MS WMI Source Organization'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
objectclass ( 1.3.6.1.4.1.10176.4106.2.1 NAME 'msWMISom'
DESC 'MS WMI SOM'
SUP top STRUCTURAL
Must (
cn $
msWMIName $
msWMIID
)
MAY (
msWMIAuthor $
msWMICreationDate $
msWMIChangeDate $
msWMIParm1 $
msWMIParm2 $
msWMIParm3 $
msWMIParm4 $
msWMIintFlags1 $
msWMIintFlags2 $
msWMIintFlags3 $
msWMIintFlags4 $
msWMISourceOrganization
)
)

198
files/schema/nagios.schema Normal file
View File

@ -0,0 +1,198 @@
# Copyright 2004-2017 Univention GmbH
#
# http://www.univention.de/
#
# All rights reserved.
#
# The source code of this program is made available
# under the terms of the GNU Affero General Public License version 3
# (GNU AGPL V3) as published by the Free Software Foundation.
#
# Binary versions of this program provided by Univention to you as
# well as other copyrighted, protected or trademarked materials like
# Logos, graphics, fonts, specific documentations and configurations,
# cryptographic keys etc. are subject to a license agreement between
# you and Univention and not subject to the GNU AGPL V3.
#
# In the case you use this program under the terms of the GNU AGPL V3,
# the program is provided in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public
# License with the Debian GNU/Linux or Univention distribution in file
# /usr/share/common-licenses/AGPL-3; if not, see
# <http://www.gnu.org/licenses/>.
#
# univention owns the namespace 10176.
#
#
# Univention Nagios OID Prefix: 1.3.6.1.4.1.10176.1040.
#
# 1.3.6.1.4.1.10176.1040 nagios objekte
# 1.3.6.1.4.1.10176.1040.1 timeperiod objekt
# 1.3.6.1.4.1.10176.1040.2 service objekt
# 1.3.6.1.4.1.10176.1040.3 host objekt
# 1.3.6.1.4.1.10176.1040.1XXX common nagios attributes
#
# common attributes
#
attributetype ( 1.3.6.1.4.1.10176.1040.1001 NAME 'univentionNagiosActiveChecksEnabled'
DESC 'active service checks enabled?'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{10} SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.1040.1002 NAME 'univentionNagiosPassiveChecksEnabled'
DESC 'passive service checks enabled?'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{10} SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.1040.1003 NAME 'univentionNagiosCheckCommand'
DESC 'name of the nagios plugin'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.1040.1004 NAME 'univentionNagiosCheckArgs'
DESC 'nagios plugin arguments'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256})
attributetype ( 1.3.6.1.4.1.10176.1040.1005 NAME 'univentionNagiosEventHandlerEnabled'
DESC 'event handler enabled?'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{10} SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.1040.1006 NAME 'univentionNagiosCheckPeriod'
DESC 'checks are done within the given timeperiod'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.1040.1007 NAME 'univentionNagiosMaxCheckAttempts'
DESC 'maximum number of check attempts'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{10} SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.1040.1008 NAME 'univentionNagiosNormalCheckInterval'
DESC 'time between to check under normal conditions'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{10} SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.1040.1009 NAME 'univentionNagiosRetryCheckInterval'
DESC 'time until next check if previous check failed'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{10} SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.1040.1010 NAME 'univentionNagiosContactGroup'
DESC 'notify this contact group'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 1.3.6.1.4.1.10176.1040.1011 NAME 'univentionNagiosNotificationInterval'
DESC 'interval length between two notifications'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{10} SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.1040.1012 NAME 'univentionNagiosNotificationPeriod'
DESC 'send notifications during this timeperiod'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.1040.1013 NAME 'univentionNagiosNotificationOptions'
DESC 'notification options'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.1040.1014 NAME 'univentionNagiosHostname'
DESC 'email address'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1040.1015 NAME 'univentionNagiosEmail'
DESC 'email address'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1040.1016 NAME 'univentionNagiosEnabled'
DESC 'email address'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
#
# timeperiod specific attributes and timeperiod class
#
attributetype ( 1.3.6.1.4.1.10176.1040.1.2 NAME 'univentionNagiosTimeperiod'
DESC 'nagios timeperiod'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
objectclass ( 1.3.6.1.4.1.10176.1040.1.1 NAME 'univentionNagiosTimeperiodClass'
DESC 'Nagios Timeperiod Definition'
SUP top STRUCTURAL
MUST ( cn $ description )
MAY ( univentionNagiosTimeperiod ) )
#
# service specific attributes and service class
#
attributetype ( 1.3.6.1.4.1.10176.1040.2.2 NAME 'univentionNagiosUseNRPE'
DESC 'activate usage of NRPE'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
objectclass ( 1.3.6.1.4.1.10176.1040.2.1 NAME 'univentionNagiosServiceClass'
DESC 'Nagios Service Definition'
SUP top STRUCTURAL
MUST ( cn $
univentionNagiosCheckCommand $
univentionNagiosCheckPeriod $
univentionNagiosMaxCheckAttempts $ univentionNagiosNormalCheckInterval $
univentionNagiosRetryCheckInterval $
univentionNagiosNotificationInterval $ univentionNagiosNotificationPeriod $
univentionNagiosNotificationOptions )
MAY ( description $ univentionNagiosHostname $ univentionNagiosCheckArgs $ univentionNagiosUseNRPE )
)
#
# host specific attributes and host class
#
attributetype ( 1.3.6.1.4.1.10176.1040.3.2 NAME 'univentionNagiosParent'
DESC 'parent hosts'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
objectclass ( 1.3.6.1.4.1.10176.1040.3.1 NAME 'univentionNagiosHostClass'
DESC 'Nagios Host Extension'
SUP top AUXILIARY
MUST ( cn )
MAY ( univentionNagiosEmail $ univentionNagiosParent $ univentionNagiosEnabled)
)

68
files/schema/network.schema Normal file
View File

@ -0,0 +1,68 @@
# Copyright 2004-2017 Univention GmbH
#
# http://www.univention.de/
#
# All rights reserved.
#
# The source code of this program is made available
# under the terms of the GNU Affero General Public License version 3
# (GNU AGPL V3) as published by the Free Software Foundation.
#
# Binary versions of this program provided by Univention to you as
# well as other copyrighted, protected or trademarked materials like
# Logos, graphics, fonts, specific documentations and configurations,
# cryptographic keys etc. are subject to a license agreement between
# you and Univention and not subject to the GNU AGPL V3.
#
# In the case you use this program under the terms of the GNU AGPL V3,
# the program is provided in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public
# License with the Debian GNU/Linux or Univention distribution in file
# /usr/share/common-licenses/AGPL-3; if not, see
# <http://www.gnu.org/licenses/>.
attributetype ( 1.3.6.1.4.1.10176.500.1.1 NAME 'univentionNetwork'
DESC 'Network object in Univention Directory Manager'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.500.1.2 NAME 'univentionNetmask'
DESC 'Netmask object'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.500.1.3 NAME 'univentionIpRange'
DESC 'IP range for network objects'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.500.1.4 NAME 'univentionNextIp'
DESC 'Stores the next available IP address of a network'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.500.1.5 NAME 'univentionDnsForwardZone'
DESC 'DNS forward zone object'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.500.1.6 NAME 'univentionDnsReverseZone'
DESC 'DNS reverse zone object'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.500.1.7 NAME 'univentionDhcpEntry'
DESC 'DHCP host entry'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
objectclass ( 1.3.6.1.4.1.10176.500.2.1 NAME 'univentionNetworkClass'
DESC 'Univention Network'
SUP top STRUCTURAL
MUST ( cn $ univentionNetwork $ univentionNetmask )
MAY ( univentionIpRange $ univentionNextIp $ univentionDnsForwardZone $ univentionDnsReverseZone $ univentionDhcpEntry) )

14
files/schema/networkaccess.schema Normal file
View File

@ -0,0 +1,14 @@
objectIdentifier univentionNetworkAccess 1.3.6.1.4.1.10176.4205
objectIdentifier univentionNetworkAccessAttributeType univentionNetworkAccess:1
objectIdentifier univentionNetworkAccessObjectClass univentionNetworkAccess:2
attributetype ( univentionNetworkAccessAttributeType NAME 'univentionNetworkAccess'
DESC 'Allow 802.1X network access'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
objectclass ( univentionNetworkAccessObjectClass NAME 'univentionNetworkAccess'
DESC 'Network access rules'
SUP top AUXILIARY
MAY ( univentionNetworkAccess )
)

59
files/schema/nextcloud.schema Normal file
View File

@ -0,0 +1,59 @@
#--------------------------------------------------------------------------
# Copyright (c) 2017 Arthur Schiwon <blizzz@arthur-schiwon.de>
#
# Author: Arthur Schiwon <blizzz@arthur-schiwon.de>
#--------------------------------------------------------------------------
# GNU AGPL version 3 or any later version
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
#--------------------------------------------------------------------------
# 1.3.6.1.4.1.49213 Nextcloud OID
# 1.3.6.1.4.1.49213.1 Nextcloud LDAP Elements
# 1.3.6.1.4.1.49213.1.1 AttributeTypes
# 1.3.6.1.4.1.49213.1.2 ObjectClasses
#--------------------------------------------------------------------------
# Attribute Types
#-----------------
attributetype ( 1.3.6.1.4.1.49213.1.1.1 NAME 'nextcloudEnabled'
DESC 'whether user or group should be available in Nextcloud'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.49213.1.1.2 NAME 'nextcloudQuota'
DESC 'defines how much disk space is available for the user'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
# Object Classes
#---------------
objectclass ( 1.3.6.1.4.1.49213.1.2.1 NAME 'nextcloudUser'
DESC 'A Nextcloud user'
SUP top AUXILIARY
MUST ( cn )
MAY ( nextcloudEnabled $ nextcloudQuota )
)
objectclass ( 1.3.6.1.4.1.49213.1.2.2 NAME 'nextcloudGroup'
DESC 'A Nextcloud group'
SUP top AUXILIARY
MUST ( cn )
MAY ( nextcloudEnabled )
)

239
files/schema/nis.schema Normal file
View File

@ -0,0 +1,239 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2015 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
# Definitions from RFC2307 (Experimental)
# An Approach for Using LDAP as a Network Information Service
# Depends upon core.schema and cosine.schema
# Note: The definitions in RFC2307 are given in syntaxes closely related
# to those in RFC2252, however, some liberties are taken that are not
# supported by RFC2252. This file has been written following RFC2252
# strictly.
# OID Base is iso(1) org(3) dod(6) internet(1) directory(1) nisSchema(1).
# i.e. nisSchema in RFC2307 is 1.3.6.1.1.1
#
# Syntaxes are under 1.3.6.1.1.1.0 (two new syntaxes are defined)
# validaters for these syntaxes are incomplete, they only
# implement printable string validation (which is good as the
# common use of these syntaxes violates the specification).
# Attribute types are under 1.3.6.1.1.1.1
# Object classes are under 1.3.6.1.1.1.2
# Attribute Type Definitions
# builtin
#attributetype ( 1.3.6.1.1.1.1.0 NAME 'uidNumber'
# DESC 'An integer uniquely identifying a user in an administrative domain'
# EQUALITY integerMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
# builtin
#attributetype ( 1.3.6.1.1.1.1.1 NAME 'gidNumber'
# DESC 'An integer uniquely identifying a group in an administrative domain'
# EQUALITY integerMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.2 NAME 'gecos'
DESC 'The GECOS field; the common name'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory'
DESC 'The absolute path to the home directory'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.4 NAME 'loginShell'
DESC 'The path to the login shell'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.6 NAME 'shadowMin'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.7 NAME 'shadowMax'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire'
EQUALITY integerMatch
ORDERING integerOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.12 NAME 'memberUid'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple'
DESC 'Netgroup triple'
SYNTAX 1.3.6.1.1.1.0.0 )
attributetype ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol'
SUP name )
attributetype ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber'
DESC 'IP address'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
attributetype ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber'
DESC 'IP network'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber'
DESC 'IP netmask'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.22 NAME 'macAddress'
DESC 'MAC address'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
attributetype ( 1.3.6.1.1.1.1.23 NAME 'bootParameter'
DESC 'rpc.bootparamd parameter'
SYNTAX 1.3.6.1.1.1.0.1 )
attributetype ( 1.3.6.1.1.1.1.24 NAME 'bootFile'
DESC 'Boot image name'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.1.1.1.26 NAME 'nisMapName'
SUP name )
attributetype ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1024} SINGLE-VALUE )
# Object Class Definitions
objectclass ( 1.3.6.1.1.1.2.0 NAME 'posixAccount'
DESC 'Abstraction of an account with POSIX attributes'
SUP top AUXILIARY
MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory )
MAY ( userPassword $ loginShell $ gecos $ description ) )
objectclass ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount'
DESC 'Additional attributes for shadow passwords'
SUP top AUXILIARY
MUST uid
MAY ( userPassword $ shadowLastChange $ shadowMin $
shadowMax $ shadowWarning $ shadowInactive $
shadowExpire $ shadowFlag $ description ) )
objectclass ( 1.3.6.1.1.1.2.2 NAME 'posixGroup'
DESC 'Abstraction of a group of accounts'
SUP top STRUCTURAL
MUST ( cn $ gidNumber )
MAY ( userPassword $ memberUid $ description ) )
objectclass ( 1.3.6.1.1.1.2.3 NAME 'ipService'
DESC 'Abstraction an Internet Protocol service'
SUP top STRUCTURAL
MUST ( cn $ ipServicePort $ ipServiceProtocol )
MAY ( description ) )
objectclass ( 1.3.6.1.1.1.2.4 NAME 'ipProtocol'
DESC 'Abstraction of an IP protocol'
SUP top STRUCTURAL
MUST ( cn $ ipProtocolNumber $ description )
MAY description )
objectclass ( 1.3.6.1.1.1.2.5 NAME 'oncRpc'
DESC 'Abstraction of an ONC/RPC binding'
SUP top STRUCTURAL
MUST ( cn $ oncRpcNumber $ description )
MAY description )
objectclass ( 1.3.6.1.1.1.2.6 NAME 'ipHost'
DESC 'Abstraction of a host, an IP device'
SUP top AUXILIARY
MUST ( cn $ ipHostNumber )
MAY ( l $ description $ manager ) )
objectclass ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork'
DESC 'Abstraction of an IP network'
SUP top STRUCTURAL
MUST ( cn $ ipNetworkNumber )
MAY ( ipNetmaskNumber $ l $ description $ manager ) )
objectclass ( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup'
DESC 'Abstraction of a netgroup'
SUP top STRUCTURAL
MUST cn
MAY ( nisNetgroupTriple $ memberNisNetgroup $ description ) )
objectclass ( 1.3.6.1.1.1.2.9 NAME 'nisMap'
DESC 'A generic abstraction of a NIS map'
SUP top STRUCTURAL
MUST nisMapName
MAY description )
objectclass ( 1.3.6.1.1.1.2.10 NAME 'nisObject'
DESC 'An entry in a NIS map'
SUP top STRUCTURAL
MUST ( cn $ nisMapEntry $ nisMapName )
MAY description )
objectclass ( 1.3.6.1.1.1.2.11 NAME 'ieee802Device'
DESC 'A device with a MAC address'
SUP top AUXILIARY
MAY macAddress )
objectclass ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice'
DESC 'A device with boot parameters'
SUP top AUXILIARY
MAY ( bootFile $ bootParameter ) )

54
files/schema/openldap.schema Normal file
View File

@ -0,0 +1,54 @@
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2015 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
#
# OpenLDAP Project's directory schema items
#
# depends upon:
# core.schema
# cosine.schema
# inetorgperson.schema
#
# These are provided for informational purposes only.
objectIdentifier OpenLDAProot 1.3.6.1.4.1.4203
objectIdentifier OpenLDAP OpenLDAProot:1
objectIdentifier OpenLDAPattributeType OpenLDAP:3
objectIdentifier OpenLDAPobjectClass OpenLDAP:4
objectClass ( OpenLDAPobjectClass:3
NAME 'OpenLDAPorg'
DESC 'OpenLDAP Organizational Object'
SUP organization
MAY ( buildingName $ displayName $ labeledURI ) )
objectClass ( OpenLDAPobjectClass:4
NAME 'OpenLDAPou'
DESC 'OpenLDAP Organizational Unit Object'
SUP organizationalUnit
MAY ( buildingName $ displayName $ labeledURI $ o ) )
objectClass ( OpenLDAPobjectClass:5
NAME 'OpenLDAPperson'
DESC 'OpenLDAP Person'
SUP ( pilotPerson $ inetOrgPerson )
MUST ( uid $ cn )
MAY ( givenName $ labeledURI $ o ) )
objectClass ( OpenLDAPobjectClass:6
NAME 'OpenLDAPdisplayableObject'
DESC 'OpenLDAP Displayable Object'
AUXILIARY
MAY displayName )

21
files/schema/openproject.schema Normal file
View File

@ -0,0 +1,21 @@
attributetype ( 1.3.6.1.4.1.10176.99998.6696237932.1.2
NAME 'openprojectActivated'
DESC 'Attribute created by the App Center integration for Extended Attributes'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 EQUALITY booleanMatch
SINGLE-VALUE
)
attributetype ( 1.3.6.1.4.1.10176.99998.6696237932.1.1
NAME 'openproject-isadmin'
DESC 'Attribute created by the App Center integration for Extended Attributes'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch
SINGLE-VALUE
)
objectclass ( 1.3.6.1.4.1.10176.99998.6696237932.0.1
NAME 'openproject-user'
DESC 'Attribute created by the App Center integration for Extended Attributes'
AUXILIARY
MAY ( openproject-isadmin $ openprojectActivated )
SUP top
)

476
files/schema/pmi.schema Normal file
View File

@ -0,0 +1,476 @@
# OpenLDAP X.509 PMI schema
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2014 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
#
# The version of this file as distributed by the OpenLDAP Foundation
# contains text claiming copyright by the Internet Society and including
# the IETF RFC license, which does not meet Debian's Free Software
# Guidelines. However, apart from short and obvious comments, the text of
# this file is purely a functional interface specification, which is not
# subject to that license and is not copyrightable under US law.
#
# The license statement is retained below so as not to remove credit, but
# as best as we can determine, it is not applicable to the contents of
# this file.
## Portions Copyright (C) The Internet Society (1997-2006).
## All Rights Reserved.
##
## This document and translations of it may be copied and furnished to
## others, and derivative works that comment on or otherwise explain it
## or assist in its implementation may be prepared, copied, published
## and distributed, in whole or in part, without restriction of any
## kind, provided that the above copyright notice and this paragraph are
## included on all such copies and derivative works. However, this
## document itself may not be modified in any way, such as by removing
## the copyright notice or references to the Internet Society or other
## Internet organizations, except as needed for the purpose of
## developing Internet standards in which case the procedures for
## copyrights defined in the Internet Standards process must be
## followed, or as required to translate it into languages other than
## English.
##
## The limited permissions granted above are perpetual and will not be
## revoked by the Internet Society or its successors or assigns.
##
## This document and the information contained herein is provided on an
## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
#
#
# Includes LDAPv3 schema items from:
# ITU X.509 (08/2005)
#
## X.509 (08/2005) pp. 120-121
##
## -- object identifier assignments --
## -- object classes --
## id-oc-pmiUser OBJECT IDENTIFIER ::= {id-oc 24}
## id-oc-pmiAA OBJECT IDENTIFIER ::= {id-oc 25}
## id-oc-pmiSOA OBJECT IDENTIFIER ::= {id-oc 26}
## id-oc-attCertCRLDistributionPts OBJECT IDENTIFIER ::= {id-oc 27}
## id-oc-privilegePolicy OBJECT IDENTIFIER ::= {id-oc 32}
## id-oc-pmiDelegationPath OBJECT IDENTIFIER ::= {id-oc 33}
## id-oc-protectedPrivilegePolicy OBJECT IDENTIFIER ::= {id-oc 34}
## -- directory attributes --
## id-at-attributeCertificate OBJECT IDENTIFIER ::= {id-at 58}
## id-at-attributeCertificateRevocationList OBJECT IDENTIFIER ::= {id-at 59}
## id-at-aACertificate OBJECT IDENTIFIER ::= {id-at 61}
## id-at-attributeDescriptorCertificate OBJECT IDENTIFIER ::= {id-at 62}
## id-at-attributeAuthorityRevocationList OBJECT IDENTIFIER ::= {id-at 63}
## id-at-privPolicy OBJECT IDENTIFIER ::= {id-at 71}
## id-at-role OBJECT IDENTIFIER ::= {id-at 72}
## id-at-delegationPath OBJECT IDENTIFIER ::= {id-at 73}
## id-at-protPrivPolicy OBJECT IDENTIFIER ::= {id-at 74}
## id-at-xMLPrivilegeInfo OBJECT IDENTIFIER ::= {id-at 75}
## id-at-xMLPprotPrivPolicy OBJECT IDENTIFIER ::= {id-at 76}
## -- attribute certificate extensions --
## id-ce-authorityAttributeIdentifier OBJECT IDENTIFIER ::= {id-ce 38}
## id-ce-roleSpecCertIdentifier OBJECT IDENTIFIER ::= {id-ce 39}
## id-ce-basicAttConstraints OBJECT IDENTIFIER ::= {id-ce 41}
## id-ce-delegatedNameConstraints OBJECT IDENTIFIER ::= {id-ce 42}
## id-ce-timeSpecification OBJECT IDENTIFIER ::= {id-ce 43}
## id-ce-attributeDescriptor OBJECT IDENTIFIER ::= {id-ce 48}
## id-ce-userNotice OBJECT IDENTIFIER ::= {id-ce 49}
## id-ce-sOAIdentifier OBJECT IDENTIFIER ::= {id-ce 50}
## id-ce-acceptableCertPolicies OBJECT IDENTIFIER ::= {id-ce 52}
## id-ce-targetInformation OBJECT IDENTIFIER ::= {id-ce 55}
## id-ce-noRevAvail OBJECT IDENTIFIER ::= {id-ce 56}
## id-ce-acceptablePrivilegePolicies OBJECT IDENTIFIER ::= {id-ce 57}
## id-ce-indirectIssuer OBJECT IDENTIFIER ::= {id-ce 61}
## id-ce-noAssertion OBJECT IDENTIFIER ::= {id-ce 62}
## id-ce-issuedOnBehalfOf OBJECT IDENTIFIER ::= {id-ce 64}
## -- PMI matching rules --
## id-mr-attributeCertificateMatch OBJECT IDENTIFIER ::= {id-mr 42}
## id-mr-attributeCertificateExactMatch OBJECT IDENTIFIER ::= {id-mr 45}
## id-mr-holderIssuerMatch OBJECT IDENTIFIER ::= {id-mr 46}
## id-mr-authAttIdMatch OBJECT IDENTIFIER ::= {id-mr 53}
## id-mr-roleSpecCertIdMatch OBJECT IDENTIFIER ::= {id-mr 54}
## id-mr-basicAttConstraintsMatch OBJECT IDENTIFIER ::= {id-mr 55}
## id-mr-delegatedNameConstraintsMatch OBJECT IDENTIFIER ::= {id-mr 56}
## id-mr-timeSpecMatch OBJECT IDENTIFIER ::= {id-mr 57}
## id-mr-attDescriptorMatch OBJECT IDENTIFIER ::= {id-mr 58}
## id-mr-acceptableCertPoliciesMatch OBJECT IDENTIFIER ::= {id-mr 59}
## id-mr-delegationPathMatch OBJECT IDENTIFIER ::= {id-mr 61}
## id-mr-sOAIdentifierMatch OBJECT IDENTIFIER ::= {id-mr 66}
## id-mr-indirectIssuerMatch OBJECT IDENTIFIER ::= {id-mr 67}
##
##
## X.509 (08/2005) pp. 71, 86-89
##
## 14.4.1 Role attribute
## role ATTRIBUTE ::= {
## WITH SYNTAX RoleSyntax
## ID id-at-role }
## RoleSyntax ::= SEQUENCE {
## roleAuthority [0] GeneralNames OPTIONAL,
## roleName [1] GeneralName }
##
## 14.5 XML privilege information attribute
## xmlPrivilegeInfo ATTRIBUTE ::= {
## WITH SYNTAX UTF8String -- contains XML-encoded privilege information
## ID id-at-xMLPrivilegeInfo }
##
## 17.1 PMI directory object classes
##
## 17.1.1 PMI user object class
## pmiUser OBJECT-CLASS ::= {
## -- a PMI user (i.e., a "holder")
## SUBCLASS OF {top}
## KIND auxiliary
## MAY CONTAIN {attributeCertificateAttribute}
## ID id-oc-pmiUser }
##
## 17.1.2 PMI AA object class
## pmiAA OBJECT-CLASS ::= {
## -- a PMI AA
## SUBCLASS OF {top}
## KIND auxiliary
## MAY CONTAIN {aACertificate |
## attributeCertificateRevocationList |
## attributeAuthorityRevocationList}
## ID id-oc-pmiAA }
##
## 17.1.3 PMI SOA object class
## pmiSOA OBJECT-CLASS ::= { -- a PMI Source of Authority
## SUBCLASS OF {top}
## KIND auxiliary
## MAY CONTAIN {attributeCertificateRevocationList |
## attributeAuthorityRevocationList |
## attributeDescriptorCertificate}
## ID id-oc-pmiSOA }
##
## 17.1.4 Attribute certificate CRL distribution point object class
## attCertCRLDistributionPt OBJECT-CLASS ::= {
## SUBCLASS OF {top}
## KIND auxiliary
## MAY CONTAIN { attributeCertificateRevocationList |
## attributeAuthorityRevocationList }
## ID id-oc-attCertCRLDistributionPts }
##
## 17.1.5 PMI delegation path
## pmiDelegationPath OBJECT-CLASS ::= {
## SUBCLASS OF {top}
## KIND auxiliary
## MAY CONTAIN { delegationPath }
## ID id-oc-pmiDelegationPath }
##
## 17.1.6 Privilege policy object class
## privilegePolicy OBJECT-CLASS ::= {
## SUBCLASS OF {top}
## KIND auxiliary
## MAY CONTAIN {privPolicy }
## ID id-oc-privilegePolicy }
##
## 17.1.7 Protected privilege policy object class
## protectedPrivilegePolicy OBJECT-CLASS ::= {
## SUBCLASS OF {top}
## KIND auxiliary
## MAY CONTAIN {protPrivPolicy }
## ID id-oc-protectedPrivilegePolicy }
##
## 17.2 PMI Directory attributes
##
## 17.2.1 Attribute certificate attribute
## attributeCertificateAttribute ATTRIBUTE ::= {
## WITH SYNTAX AttributeCertificate
## EQUALITY MATCHING RULE attributeCertificateExactMatch
## ID id-at-attributeCertificate }
##
## 17.2.2 AA certificate attribute
## aACertificate ATTRIBUTE ::= {
## WITH SYNTAX AttributeCertificate
## EQUALITY MATCHING RULE attributeCertificateExactMatch
## ID id-at-aACertificate }
##
## 17.2.3 Attribute descriptor certificate attribute
## attributeDescriptorCertificate ATTRIBUTE ::= {
## WITH SYNTAX AttributeCertificate
## EQUALITY MATCHING RULE attributeCertificateExactMatch
## ID id-at-attributeDescriptorCertificate }
##
## 17.2.4 Attribute certificate revocation list attribute
## attributeCertificateRevocationList ATTRIBUTE ::= {
## WITH SYNTAX CertificateList
## EQUALITY MATCHING RULE certificateListExactMatch
## ID id-at-attributeCertificateRevocationList}
##
## 17.2.5 AA certificate revocation list attribute
## attributeAuthorityRevocationList ATTRIBUTE ::= {
## WITH SYNTAX CertificateList
## EQUALITY MATCHING RULE certificateListExactMatch
## ID id-at-attributeAuthorityRevocationList }
##
## 17.2.6 Delegation path attribute
## delegationPath ATTRIBUTE ::= {
## WITH SYNTAX AttCertPath
## ID id-at-delegationPath }
## AttCertPath ::= SEQUENCE OF AttributeCertificate
##
## 17.2.7 Privilege policy attribute
## privPolicy ATTRIBUTE ::= {
## WITH SYNTAX PolicySyntax
## ID id-at-privPolicy }
##
## 17.2.8 Protected privilege policy attribute
## protPrivPolicy ATTRIBUTE ::= {
## WITH SYNTAX AttributeCertificate
## EQUALITY MATCHING RULE attributeCertificateExactMatch
## ID id-at-protPrivPolicy }
##
## 17.2.9 XML Protected privilege policy attribute
## xmlPrivPolicy ATTRIBUTE ::= {
## WITH SYNTAX UTF8String -- contains XML-encoded privilege policy information
## ID id-at-xMLPprotPrivPolicy }
##
## -- object identifier assignments --
## -- object classes --
objectidentifier id-oc-pmiUser 2.5.6.24
objectidentifier id-oc-pmiAA 2.5.6.25
objectidentifier id-oc-pmiSOA 2.5.6.26
objectidentifier id-oc-attCertCRLDistributionPts 2.5.6.27
objectidentifier id-oc-privilegePolicy 2.5.6.32
objectidentifier id-oc-pmiDelegationPath 2.5.6.33
objectidentifier id-oc-protectedPrivilegePolicy 2.5.6.34
## -- directory attributes --
objectidentifier id-at-attributeCertificate 2.5.4.58
objectidentifier id-at-attributeCertificateRevocationList 2.5.4.59
objectidentifier id-at-aACertificate 2.5.4.61
objectidentifier id-at-attributeDescriptorCertificate 2.5.4.62
objectidentifier id-at-attributeAuthorityRevocationList 2.5.4.63
objectidentifier id-at-privPolicy 2.5.4.71
objectidentifier id-at-role 2.5.4.72
objectidentifier id-at-delegationPath 2.5.4.73
objectidentifier id-at-protPrivPolicy 2.5.4.74
objectidentifier id-at-xMLPrivilegeInfo 2.5.4.75
objectidentifier id-at-xMLPprotPrivPolicy 2.5.4.76
## -- attribute certificate extensions --
## id-ce-authorityAttributeIdentifier OBJECT IDENTIFIER ::= {id-ce 38}
## id-ce-roleSpecCertIdentifier OBJECT IDENTIFIER ::= {id-ce 39}
## id-ce-basicAttConstraints OBJECT IDENTIFIER ::= {id-ce 41}
## id-ce-delegatedNameConstraints OBJECT IDENTIFIER ::= {id-ce 42}
## id-ce-timeSpecification OBJECT IDENTIFIER ::= {id-ce 43}
## id-ce-attributeDescriptor OBJECT IDENTIFIER ::= {id-ce 48}
## id-ce-userNotice OBJECT IDENTIFIER ::= {id-ce 49}
## id-ce-sOAIdentifier OBJECT IDENTIFIER ::= {id-ce 50}
## id-ce-acceptableCertPolicies OBJECT IDENTIFIER ::= {id-ce 52}
## id-ce-targetInformation OBJECT IDENTIFIER ::= {id-ce 55}
## id-ce-noRevAvail OBJECT IDENTIFIER ::= {id-ce 56}
## id-ce-acceptablePrivilegePolicies OBJECT IDENTIFIER ::= {id-ce 57}
## id-ce-indirectIssuer OBJECT IDENTIFIER ::= {id-ce 61}
## id-ce-noAssertion OBJECT IDENTIFIER ::= {id-ce 62}
## id-ce-issuedOnBehalfOf OBJECT IDENTIFIER ::= {id-ce 64}
## -- PMI matching rules --
objectidentifier id-mr 2.5.13
objectidentifier id-mr-attributeCertificateMatch id-mr:42
objectidentifier id-mr-attributeCertificateExactMatch id-mr:45
objectidentifier id-mr-holderIssuerMatch id-mr:46
objectidentifier id-mr-authAttIdMatch id-mr:53
objectidentifier id-mr-roleSpecCertIdMatch id-mr:54
objectidentifier id-mr-basicAttConstraintsMatch id-mr:55
objectidentifier id-mr-delegatedNameConstraintsMatch id-mr:56
objectidentifier id-mr-timeSpecMatch id-mr:57
objectidentifier id-mr-attDescriptorMatch id-mr:58
objectidentifier id-mr-acceptableCertPoliciesMatch id-mr:59
objectidentifier id-mr-delegationPathMatch id-mr:61
objectidentifier id-mr-sOAIdentifierMatch id-mr:66
objectidentifier id-mr-indirectIssuerMatch id-mr:67
## -- syntaxes --
## NOTE: 1.3.6.1.4.1.4203.666.11.10 is the oid arc assigned by OpenLDAP
## to this work in progress
objectidentifier AttributeCertificate 1.3.6.1.4.1.4203.666.11.10.2.1
objectidentifier CertificateList 1.3.6.1.4.1.1466.115.121.1.9
objectidentifier AttCertPath 1.3.6.1.4.1.4203.666.11.10.2.4
objectidentifier PolicySyntax 1.3.6.1.4.1.4203.666.11.10.2.5
objectidentifier RoleSyntax 1.3.6.1.4.1.4203.666.11.10.2.6
# NOTE: OIDs from <draft-ietf-pkix-ldap-schema-02.txt> (expired)
#objectidentifier AttributeCertificate 1.2.826.0.1.3344810.7.5
#objectidentifier AttCertPath 1.2.826.0.1.3344810.7.10
#objectidentifier PolicySyntax 1.2.826.0.1.3344810.7.17
#objectidentifier RoleSyntax 1.2.826.0.1.3344810.7.13
##
## Substitute syntaxes
##
## AttCertPath
ldapsyntax ( 1.3.6.1.4.1.4203.666.11.10.2.4
NAME 'AttCertPath'
DESC 'X.509 PMI attribute cartificate path: SEQUENCE OF AttributeCertificate'
X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' )
##
## PolicySyntax
ldapsyntax ( 1.3.6.1.4.1.4203.666.11.10.2.5
NAME 'PolicySyntax'
DESC 'X.509 PMI policy syntax'
X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' )
##
## RoleSyntax
ldapsyntax ( 1.3.6.1.4.1.4203.666.11.10.2.6
NAME 'RoleSyntax'
DESC 'X.509 PMI role syntax'
X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' )
##
## X.509 (08/2005) pp. 71, 86-89
##
## 14.4.1 Role attribute
attributeType ( id-at-role
NAME 'role'
DESC 'X.509 Role attribute, use ;binary'
SYNTAX RoleSyntax )
##
## 14.5 XML privilege information attribute
## -- contains XML-encoded privilege information
attributeType ( id-at-xMLPrivilegeInfo
NAME 'xmlPrivilegeInfo'
DESC 'X.509 XML privilege information attribute'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
##
## 17.2 PMI Directory attributes
##
## 17.2.1 Attribute certificate attribute
attributeType ( id-at-attributeCertificate
NAME 'attributeCertificateAttribute'
DESC 'X.509 Attribute certificate attribute, use ;binary'
SYNTAX AttributeCertificate
EQUALITY attributeCertificateExactMatch )
##
## 17.2.2 AA certificate attribute
attributeType ( id-at-aACertificate
NAME 'aACertificate'
DESC 'X.509 AA certificate attribute, use ;binary'
SYNTAX AttributeCertificate
EQUALITY attributeCertificateExactMatch )
##
## 17.2.3 Attribute descriptor certificate attribute
attributeType ( id-at-attributeDescriptorCertificate
NAME 'attributeDescriptorCertificate'
DESC 'X.509 Attribute descriptor certificate attribute, use ;binary'
SYNTAX AttributeCertificate
EQUALITY attributeCertificateExactMatch )
##
## 17.2.4 Attribute certificate revocation list attribute
attributeType ( id-at-attributeCertificateRevocationList
NAME 'attributeCertificateRevocationList'
DESC 'X.509 Attribute certificate revocation list attribute, use ;binary'
SYNTAX CertificateList
X-EQUALITY 'certificateListExactMatch, not implemented yet' )
##
## 17.2.5 AA certificate revocation list attribute
attributeType ( id-at-attributeAuthorityRevocationList
NAME 'attributeAuthorityRevocationList'
DESC 'X.509 AA certificate revocation list attribute, use ;binary'
SYNTAX CertificateList
X-EQUALITY 'certificateListExactMatch, not implemented yet' )
##
## 17.2.6 Delegation path attribute
attributeType ( id-at-delegationPath
NAME 'delegationPath'
DESC 'X.509 Delegation path attribute, use ;binary'
SYNTAX AttCertPath )
## AttCertPath ::= SEQUENCE OF AttributeCertificate
##
## 17.2.7 Privilege policy attribute
attributeType ( id-at-privPolicy
NAME 'privPolicy'
DESC 'X.509 Privilege policy attribute, use ;binary'
SYNTAX PolicySyntax )
##
## 17.2.8 Protected privilege policy attribute
attributeType ( id-at-protPrivPolicy
NAME 'protPrivPolicy'
DESC 'X.509 Protected privilege policy attribute, use ;binary'
SYNTAX AttributeCertificate
EQUALITY attributeCertificateExactMatch )
##
## 17.2.9 XML Protected privilege policy attribute
## -- contains XML-encoded privilege policy information
attributeType ( id-at-xMLPprotPrivPolicy
NAME 'xmlPrivPolicy'
DESC 'X.509 XML Protected privilege policy attribute'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
##
## 17.1 PMI directory object classes
##
## 17.1.1 PMI user object class
## -- a PMI user (i.e., a "holder")
objectClass ( id-oc-pmiUser
NAME 'pmiUser'
DESC 'X.509 PMI user object class'
SUP top
AUXILIARY
MAY ( attributeCertificateAttribute ) )
##
## 17.1.2 PMI AA object class
## -- a PMI AA
objectClass ( id-oc-pmiAA
NAME 'pmiAA'
DESC 'X.509 PMI AA object class'
SUP top
AUXILIARY
MAY ( aACertificate $
attributeCertificateRevocationList $
attributeAuthorityRevocationList
) )
##
## 17.1.3 PMI SOA object class
## -- a PMI Source of Authority
objectClass ( id-oc-pmiSOA
NAME 'pmiSOA'
DESC 'X.509 PMI SOA object class'
SUP top
AUXILIARY
MAY ( attributeCertificateRevocationList $
attributeAuthorityRevocationList $
attributeDescriptorCertificate
) )
##
## 17.1.4 Attribute certificate CRL distribution point object class
objectClass ( id-oc-attCertCRLDistributionPts
NAME 'attCertCRLDistributionPt'
DESC 'X.509 Attribute certificate CRL distribution point object class'
SUP top
AUXILIARY
MAY ( attributeCertificateRevocationList $
attributeAuthorityRevocationList
) )
##
## 17.1.5 PMI delegation path
objectClass ( id-oc-pmiDelegationPath
NAME 'pmiDelegationPath'
DESC 'X.509 PMI delegation path'
SUP top
AUXILIARY
MAY ( delegationPath ) )
##
## 17.1.6 Privilege policy object class
objectClass ( id-oc-privilegePolicy
NAME 'privilegePolicy'
DESC 'X.509 Privilege policy object class'
SUP top
AUXILIARY
MAY ( privPolicy ) )
##
## 17.1.7 Protected privilege policy object class
objectClass ( id-oc-protectedPrivilegePolicy
NAME 'protectedPrivilegePolicy'
DESC 'X.509 Protected privilege policy object class'
SUP top
AUXILIARY
MAY ( protPrivPolicy ) )

964
files/schema/policy.schema Normal file
View File

@ -0,0 +1,964 @@
# Copyright 2004-2017 Univention GmbH
#
# http://www.univention.de/
#
# All rights reserved.
#
# The source code of this program is made available
# under the terms of the GNU Affero General Public License version 3
# (GNU AGPL V3) as published by the Free Software Foundation.
#
# Binary versions of this program provided by Univention to you as
# well as other copyrighted, protected or trademarked materials like
# Logos, graphics, fonts, specific documentations and configurations,
# cryptographic keys etc. are subject to a license agreement between
# you and Univention and not subject to the GNU AGPL V3.
#
# In the case you use this program under the terms of the GNU AGPL V3,
# the program is provided in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public
# License with the Debian GNU/Linux or Univention distribution in file
# /usr/share/common-licenses/AGPL-3; if not, see
# <http://www.gnu.org/licenses/>.
# policy.schema
# $Id: policy.schema,v 1.39.2.6.2.27.2.11 2006/12/01 07:45:41 andreas Exp $
# $OID: 1.3.6.1.4.1.10176.1000 (Policies) $
# $OID: 1.3.6.1.4.1.10176.1000 (References) $
# reverted to old OIDs to make slapd accept these on sles8
attributetype ( 1.3.6.1.4.1.10176.1000 NAME 'univentionPolicyReference'
DESC 'referenced policy objects'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
objectclass ( 1.3.6.1.4.1.10176.1002 NAME 'univentionPolicyReference'
AUXILIARY
DESC 'reference to policy object'
MAY ( univentionPolicyReference ))
# $OID: 1.3.6.1.4.1.10176.1000.2 (Policy objects) $
attributetype ( 1.3.6.1.4.1.10176.1000.2.1.1 NAME 'requiredObjectClasses'
DESC 'required objectClasses'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.1000.2.1.2 NAME 'prohibitedObjectClasses'
DESC 'prohibited objectClasses'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.1000.2.1.3 NAME 'fixedAttributes'
DESC 'fixed attributes'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.1000.2.1.4 NAME 'emptyAttributes'
DESC 'empty attributes'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.1000.2.1.5 NAME 'ldapFilter'
DESC 'ldap filter string'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
objectclass ( 1.3.6.1.4.1.10176.1000.2.2.1 NAME 'univentionPolicy'
SUP 'top' STRUCTURAL
DESC 'policy object'
MUST ( cn )
MAY ( requiredObjectClasses $ prohibitedObjectClasses $ fixedAttributes $ emptyAttributes $ ldapFilter))
attributetype ( 1.3.6.1.4.1.10176.1000.2.1.10 NAME 'univentionRegistry'
DESC 'registry entry'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
objectclass ( 1.3.6.1.4.1.10176.1000.2.2.10 NAME 'univentionPolicyRegistry'
SUP 'univentionPolicy' STRUCTURAL
DESC 'registry policy object'
MAY ( univentionRegistry ))
# $OID: 1.3.6.1.4.1.10176.1000.3 (X) $
attributetype ( 1.3.6.1.4.1.10176.1000.3.1.1 NAME 'univentionXResolution'
DESC 'X resolution [client]'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.1000.3.1.2 NAME 'univentionXColorDepth'
DESC 'X color depth [client]'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.1000.3.1.3 NAME 'univentionXMouseProtocol'
DESC 'X mouse protocol [client]'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.1000.3.1.4 NAME 'univentionXMouseDevice'
DESC 'X mouse device [client]'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.1000.3.1.5 NAME 'univentionXKeyboardLayout'
DESC 'X keyboard layout [client]'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.1000.3.1.6 NAME 'univentionXKeyboardVariant'
DESC 'X keyboard variant [client]'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.1000.3.1.7 NAME 'univentionXHSync'
DESC 'X horizontal sync rate [client]'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.1000.3.1.8 NAME 'univentionXVRefresh'
DESC 'X vertical refresh rate [client]'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.1000.3.1.9 NAME 'univentionXModule'
DESC 'X module (4.x) or X server (3.x)'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.1000.3.1.10 NAME 'univentionXDisplaySize'
DESC 'Display Size [client]'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.1000.3.1.11 NAME 'univentionXVNCExportType'
DESC 'VNC Export Type'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.1000.3.1.12 NAME 'univentionXVNCExportViewonly'
DESC 'VNC Export Viewonly Option'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.1000.3.1.13 NAME 'univentionXVideoRam'
DESC 'Amount of RAM on the graphics board'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.1000.3.1.14 NAME 'univentionXAutoDetect'
DESC 'Defines if auto detection of the X.org configuration should be used'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.1000.3.1.15 NAME 'univentionXDisplayPrimary'
DESC 'The primary display in dual monitor setups'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.1000.3.1.16 NAME 'univentionXDisplaySecondary'
DESC 'The secondary display in dual monitor setups'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.1000.3.1.17 NAME 'univentionXDisplayPosition'
DESC 'The relative position of the secondary display in dual monitor setups'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.1000.3.1.18 NAME 'univentionXDisplayVirtualSize'
DESC 'The relative position of the secondary display in dual monitor setups'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.1000.3.1.19 NAME 'univentionXResolutionSecondary'
DESC 'X resolution of the secondary display in dual monitor setups'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.1000.3.1.20 NAME 'univentionXHSyncSecondary'
DESC 'X horizontal sync rate of secondary display'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.1000.3.1.21 NAME 'univentionXVRefreshSecondary'
DESC 'X vertical refresh rate of secondary display'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.1000.3.1.22 NAME 'univentionXDisplaySizeSecondary'
DESC 'Display Size of secondary display'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
objectclass ( 1.3.6.1.4.1.10176.1000.3.2.1 NAME 'univentionPolicyXConfiguration'
SUP 'univentionPolicy' STRUCTURAL
DESC 'X configuration policy object'
MAY ( univentionXResolution $
univentionXColorDepth $ univentionXMouseProtocol $
univentionXMouseDevice $ univentionXKeyboardLayout $
univentionXKeyboardVariant $ univentionXHSync $
univentionXVRefresh $ univentionXModule $
univentionXVNCExportType $ univentionXVNCExportViewonly $
univentionXVideoRam $ univentionXDisplaySize $ univentionXAutoDetect $
univentionXDisplayPrimary $ univentionXDisplaySecondary $
univentionXDisplayPosition $ univentionXDisplayVirtualSize $
univentionXResolutionSecondary $ univentionXHSyncSecondary $
univentionXVRefreshSecondary $ univentionXDisplaySizeSecondary ))
# $OID: 1.3.6.1.4.1.10176.1000.4 (Sound) $
attributetype ( 1.3.6.1.4.1.10176.1000.4.1.1 NAME 'univentionSoundEnabled'
DESC 'enable sound [client]'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.1000.4.1.2 NAME 'univentionSoundModule'
DESC 'sound kernel module to use [client]'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
objectclass ( 1.3.6.1.4.1.10176.1000.4.2.1 NAME 'univentionPolicySoundConfiguration'
SUP 'univentionPolicy' STRUCTURAL
DESC 'Sound configuration policy object'
MAY ( univentionSoundEnabled $ univentionSoundModule ))
# 1.3.6.1.4.1.10176.1000.5 (Thin Client) $
attributetype ( 1.3.6.1.4.1.10176.1000.5.1.1 NAME 'univentionDesktopServer'
DESC 'terminal server for the client'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1000.5.1.2 NAME 'univentionFileServer'
DESC 'file server for the client'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1000.5.1.3 NAME 'univentionWindowsTerminalServer'
DESC 'Windows Terminal Server for rdesktop'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1000.5.1.4 NAME 'univentionWindowsDomain'
DESC 'Windows Domain for rdesktop'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1000.5.1.5 NAME 'univentionAuthServer'
DESC 'authentication server for the client'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
objectclass ( 1.3.6.1.4.1.10176.1000.5.2.1 NAME 'univentionPolicyThinClient'
SUP 'univentionPolicy' STRUCTURAL
DESC 'Thin client policy object'
MAY ( univentionDesktopServer $ univentionFileServer $ univentionWindowsTerminalServer $ univentionWindowsDomain $ univentionAuthServer ))
# 1.3.6.1.4.1.10176.1000.6 (DHCP) $
# 1.3.6.1.4.1.10176.1000.6.1 (DHCP - DNS) $
attributetype ( 1.3.6.1.4.1.10176.1000.6.1.1.1 NAME 'univentionDhcpDomainName'
DESC 'domain-name'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
attributetype ( 1.3.6.1.4.1.10176.1000.6.1.1.2 NAME 'univentionDhcpDomainNameServers'
DESC 'domain-name-servers'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
objectclass ( 1.3.6.1.4.1.10176.1000.6.1.2.1 NAME 'univentionPolicyDhcpDns'
SUP 'univentionPolicy' STRUCTURAL
DESC 'DHCP DNS configuration policy object'
MAY ( univentionDhcpDomainName $ univentionDhcpDomainNameServers ))
# 1.3.6.1.4.1.10176.1000.6.2 (DHCP - Routers) $
attributetype ( 1.3.6.1.4.1.10176.1000.6.2.1.1 NAME 'univentionDhcpRouters'
DESC 'routers'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
objectclass ( 1.3.6.1.4.1.10176.1000.6.2.2.1 NAME 'univentionPolicyDhcpRouting'
SUP 'univentionPolicy' STRUCTURAL
DESC 'DHCP Routing configuration policy object'
MAY ( univentionDhcpRouters ))
# 1.3.6.1.4.1.10176.1000.6.3 (DHCP - Boot) $
attributetype ( 1.3.6.1.4.1.10176.1000.6.3.1.1 NAME 'univentionDhcpBootServer'
DESC 'next-server'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
attributetype ( 1.3.6.1.4.1.10176.1000.6.3.1.2 NAME 'univentionDhcpBootFilename'
DESC 'filename'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
objectclass ( 1.3.6.1.4.1.10176.1000.6.3.2.1 NAME 'univentionPolicyDhcpBoot'
SUP 'univentionPolicy' STRUCTURAL
DESC 'DHCP boot configuration policy object'
MAY ( univentionDhcpBootServer $ univentionDhcpBootFilename ))
# 1.3.6.1.4.1.10176.1000.6.4 (DHCP - Netbios) $
attributetype ( 1.3.6.1.4.1.10176.1000.6.4.1.1 NAME 'univentionDhcpNetbiosNameServers'
DESC 'netbios-name-servers'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
attributetype ( 1.3.6.1.4.1.10176.1000.6.4.1.2 NAME 'univentionDhcpNetbiosScope'
DESC 'netbios-scope'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
attributetype ( 1.3.6.1.4.1.10176.1000.6.4.1.3 NAME 'univentionDhcpNetbiosNodeType'
DESC 'netbios-node-type'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
objectclass ( 1.3.6.1.4.1.10176.1000.6.4.2.1 NAME 'univentionPolicyDhcpNetbios'
SUP 'univentionPolicy' STRUCTURAL
DESC 'DHCP netbios configuration policy object'
MAY ( univentionDhcpNetbiosNameServers $ univentionDhcpNetbiosScope
$ univentionDhcpNetbiosNodeType ))
# 1.3.6.1.4.1.10176.1000.6.5 (DHCP - Scope) $
attributetype ( 1.3.6.1.4.1.10176.1000.6.5.1.1 NAME 'univentionDhcpUnknownClients'
DESC 'unknown clients'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
attributetype ( 1.3.6.1.4.1.10176.1000.6.5.1.2 NAME 'univentionDhcpBootp'
DESC 'bootp'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
attributetype ( 1.3.6.1.4.1.10176.1000.6.5.1.3 NAME 'univentionDhcpBooting'
DESC 'booting'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
attributetype ( 1.3.6.1.4.1.10176.1000.6.5.1.4 NAME 'univentionDhcpDuplicates'
DESC 'duplicates'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
attributetype ( 1.3.6.1.4.1.10176.1000.6.5.1.5 NAME 'univentionDhcpDeclines'
DESC 'declines'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
objectclass ( 1.3.6.1.4.1.10176.1000.6.5.2.1 NAME 'univentionPolicyDhcpScope'
SUP 'univentionPolicy' STRUCTURAL
DESC 'DHCP scope configuration policy object'
MAY ( univentionDhcpUnknownClients $ univentionDhcpBootp
$ univentionDhcpBooting $ univentionDhcpDuplicates
$ univentionDhcpDeclines ))
# 1.3.6.1.4.1.10176.1000.6.6 (DHCP - Statements) $
attributetype ( 1.3.6.1.4.1.10176.1000.6.6.1.1 NAME 'univentionDhcpAuthoritative'
DESC 'authoritative'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
attributetype ( 1.3.6.1.4.1.10176.1000.6.6.1.2 NAME 'univentionDhcpBootUnknownClients'
DESC 'bootp-unknown-clients'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
attributetype ( 1.3.6.1.4.1.10176.1000.6.6.1.3 NAME 'univentionDhcpPingCheck'
DESC 'ping-check'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
attributetype ( 1.3.6.1.4.1.10176.1000.6.6.1.4 NAME 'univentionDhcpGetLeaseHostnames'
DESC 'get-lease-hostnames'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
attributetype ( 1.3.6.1.4.1.10176.1000.6.6.1.5 NAME 'univentionDhcpServerIdentifier'
DESC 'server-identifier'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
attributetype ( 1.3.6.1.4.1.10176.1000.6.6.1.6 NAME 'univentionDhcpServerName'
DESC 'server-name'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
attributetype ( 1.3.6.1.4.1.10176.1000.6.6.1.7 NAME 'univentionDhcpVendorOptionSpace'
DESC 'vendor-option-space'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
objectclass ( 1.3.6.1.4.1.10176.1000.6.6.2.1 NAME 'univentionPolicyDhcpStatements'
SUP 'univentionPolicy' STRUCTURAL
DESC 'DHCP statements configuration policy object'
MAY ( univentionDhcpAuthoritative $ univentionDhcpBootUnknownClients
$ univentionDhcpPingCheck $ univentionDhcpGetLeaseHostnames
$ univentionDhcpServerIdentifier $ univentionDhcpServerName
$ univentionDhcpVendorOptionSpace ))
# 1.3.6.1.4.1.10176.1000.6.7 (DHCP - Lease Time) $
attributetype ( 1.3.6.1.4.1.10176.1000.6.7.1.1 NAME 'univentionDhcpLeaseTimeDefault'
DESC 'default-lease-time'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
attributetype ( 1.3.6.1.4.1.10176.1000.6.7.1.2 NAME 'univentionDhcpLeaseTimeMax'
DESC 'max-lease-time'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
attributetype ( 1.3.6.1.4.1.10176.1000.6.7.1.3 NAME 'univentionDhcpLeaseTimeMin'
DESC 'min-lease-time'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
objectclass ( 1.3.6.1.4.1.10176.1000.6.7.2.1 NAME 'univentionPolicyDhcpLeaseTime'
SUP 'univentionPolicy' STRUCTURAL
DESC 'DHCP lease time configuration policy object'
MAY ( univentionDhcpLeaseTimeDefault $ univentionDhcpLeaseTimeMax
$ univentionDhcpLeaseTimeMin))
# 1.3.6.1.4.1.10176.1000.6.8 (DHCP - DNS Update) $
attributetype ( 1.3.6.1.4.1.10176.1000.6.8.1.1 NAME 'univentionDhcpDdnsHostname'
DESC 'ddns-hostname'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
attributetype ( 1.3.6.1.4.1.10176.1000.6.8.1.2 NAME 'univentionDhcpDdnsDomainname'
DESC 'ddns-domainname'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
attributetype ( 1.3.6.1.4.1.10176.1000.6.8.1.3 NAME 'univentionDhcpDdnsRevDomainname'
DESC 'ddns-rev-domainname'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
attributetype ( 1.3.6.1.4.1.10176.1000.6.8.1.4 NAME 'univentionDhcpDdnsUpdates'
DESC 'ddns-updates'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
attributetype ( 1.3.6.1.4.1.10176.1000.6.8.1.5 NAME 'univentionDhcpDdnsUpdateStyle'
DESC 'ddns-updates-style'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
attributetype ( 1.3.6.1.4.1.10176.1000.6.8.1.6 NAME 'univentionDhcpDoForwardUpdates'
DESC 'do-forward-updates'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
attributetype ( 1.3.6.1.4.1.10176.1000.6.8.1.7 NAME 'univentionDhcpUpdateStaticLeases'
DESC 'update-static-leases'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
attributetype ( 1.3.6.1.4.1.10176.1000.6.8.1.8 NAME 'univentionDhcpClientUpdates'
DESC 'client-updates'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
objectclass ( 1.3.6.1.4.1.10176.1000.6.8.2.1 NAME 'univentionPolicyDhcpDnsUpdate'
SUP 'univentionPolicy' STRUCTURAL
DESC 'DHCP ddns update configuration policy object'
MAY ( univentionDhcpDdnsHostname $ univentionDhcpDdnsDomainname
$ univentionDhcpDdnsRevDomainname $ univentionDhcpDdnsUpdates
$ univentionDhcpDdnsUpdateStyle $ univentionDhcpDoForwardUpdates
$ univentionDhcpUpdateStaticLeases $ univentionDhcpClientUpdates))
# 1.3.6.1.4.1.10176.1000.7 (Desktop Settings) $
attributetype ( 1.3.6.1.4.1.10176.1000.7.1.1 NAME 'univentionDesktopLanguage'
DESC 'desktop language'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.1000.7.1.2 NAME 'univentionDesktopBackground'
DESC 'desktop background image or color'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.1000.7.1.3 NAME 'univentionDesktopIcons'
DESC 'Icons to be displayed on the desktop'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1000.7.1.4 NAME 'univentionDesktopTheme'
DESC 'KDE/GTK theme to apply'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.1000.7.1.5 NAME 'univentionDesktopWindowBorders'
DESC 'Window borders theme to apply'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.1000.7.1.6 NAME 'univentionDesktopIconsTheme'
DESC 'Icons theme to apply'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.1000.7.1.7 NAME 'univentionDesktopProfile'
DESC 'KDE profile to apply'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1000.7.1.8 NAME 'univentionDesktopLogonScripts'
DESC 'Scripts to execute on logon'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1000.7.1.9 NAME 'univentionDesktopLogoutScripts'
DESC 'Scripts to execute on logout'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
objectclass ( 1.3.6.1.4.1.10176.1000.7.2.1 NAME 'univentionPolicyDesktop'
SUP 'univentionPolicy' STRUCTURAL
DESC 'Desktop policy object'
MAY ( univentionDesktopLanguage $ univentionDesktopBackground
$ univentionDesktopIcons $ univentionDesktopTheme
$ univentionDesktopWindowBorders $ univentionDesktopIconsTheme
$ univentionDesktopProfile $ univentionDesktopLogonScripts
$ univentionDesktopLogoutScripts ))
# 1.3.6.1.4.1.10176.1000.8 (User Setting) $
attributetype ( 1.3.6.1.4.1.10176.1000.8.1.1 NAME 'univentionHomeShare'
DESC 'share to mount home directory from'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
objectclass ( 1.3.6.1.4.1.10176.1000.8.2.1 NAME 'univentionPolicyUser'
SUP 'univentionPolicy' STRUCTURAL
DESC 'User policy'
MAY ( univentionHomeShare ))
# 1.3.6.1.4.1.10176.1000.9 (Password History Setting) $
attributetype ( 1.3.6.1.4.1.10176.1000.9.1.1 NAME 'univentionPWHistoryLen'
DESC 'Length of password history.'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.1000.9.1.2 NAME 'univentionPWExpiryInterval'
DESC 'Expiry interval of password in days.'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.1000.9.1.3 NAME 'univentionPWLength'
DESC 'Minimum password length.'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.1000.9.1.4 NAME 'univentionPWQualityCheck'
DESC 'Enables/disables password quality checks'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
objectclass ( 1.3.6.1.4.1.10176.1000.9.2.1 NAME 'univentionPolicyPWHistory'
SUP 'univentionPolicy' STRUCTURAL
DESC 'PWHistory policy'
MAY ( univentionPWHistoryLen $ univentionPWExpiryInterval $ univentionPWLength $ univentionPWQualityCheck))
# 1.3.6.1.4.1.10176.1000.10 (Windows Installer) $
attributetype ( 1.3.6.1.4.1.10176.1000.10.1.1 NAME 'univentionWindowsInstallationUnattendFile'
DESC 'Path of unattended.txt file. Must be present on installation server.'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
objectclass ( 1.3.6.1.4.1.10176.1000.10.2.1 NAME 'univentionPolicyWindowsInstallation'
SUP 'univentionPolicy' STRUCTURAL
DESC 'Windows Installation settings'
MAY ( univentionWindowsInstallationUnattendFile ))
# 1.3.6.1.4.1.10176.1000.10 (Quota Setting) $
attributetype ( 1.3.6.1.4.1.10176.1000.12.1.1 NAME 'univentionQuotaSoftLimitSpace'
DESC 'Soft-Quota for Disk-Space.'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.1000.12.1.2 NAME 'univentionQuotaHardLimitSpace'
DESC 'Hard-Quota for Disk-Space.'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.1000.12.1.3 NAME 'univentionQuotaSoftLimitInodes'
DESC 'Soft-Quota for # of Files.'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.1000.12.1.4 NAME 'univentionQuotaHardLimitInodes'
DESC 'Hard Quota for # of Files.'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.1000.12.1.5 NAME 'univentionQuotaReapplyEveryLogin'
DESC 'Reapply quota policy on every user login.'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
objectclass ( 1.3.6.1.4.1.10176.1000.12.2.1 NAME 'univentionPolicyShareUserQuota'
SUP 'univentionPolicy' STRUCTURAL
DESC 'Share User Quota'
MAY ( univentionQuotaSoftLimitInodes $ univentionQuotaHardLimitInodes $ univentionQuotaSoftLimitSpace $ univentionQuotaHardLimitSpace $ univentionQuotaReapplyEveryLogin ))
# 1.3.6.1.4.1.10176.1000.13 (Packages) $
attributetype ( 1.3.6.1.4.1.10176.1000.13.1.1 NAME 'univentionClientPackages'
DESC 'Client Package List.'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1000.13.1.2 NAME 'univentionMasterPackages'
DESC 'Client Package List.'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1000.13.1.3 NAME 'univentionSlavePackages'
DESC 'Client Package List.'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1000.13.1.4 NAME 'univentionMemberPackages'
DESC 'Client Package List.'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1000.13.1.5 NAME 'univentionClientPackagesRemove'
DESC 'Client Package List.'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1000.13.1.6 NAME 'univentionMasterPackagesRemove'
DESC 'Client Package List.'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1000.13.1.7 NAME 'univentionSlavePackagesRemove'
DESC 'Client Package List.'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1000.13.1.8 NAME 'univentionMemberPackagesRemove'
DESC 'Client Package List.'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1000.13.1.9 NAME 'univentionMobileClientPackages'
DESC 'Mobile Client Package List.'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1000.13.1.10 NAME 'univentionMobileClientPackagesRemove'
DESC 'Mobile Client Package List.'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
objectclass ( 1.3.6.1.4.1.10176.1000.13.2.1 NAME 'univentionPolicyPackagesMaster'
SUP 'univentionPolicy' STRUCTURAL
DESC 'Packages List Master'
MAY ( univentionMasterPackages $ univentionMasterPackagesRemove ))
objectclass ( 1.3.6.1.4.1.10176.1000.13.2.2 NAME 'univentionPolicyPackagesSlave'
SUP 'univentionPolicy' STRUCTURAL
DESC 'Packages List Slave'
MAY ( univentionSlavePackages $ univentionSlavePackagesRemove ))
objectclass ( 1.3.6.1.4.1.10176.1000.13.2.3 NAME 'univentionPolicyPackagesMember'
SUP 'univentionPolicy' STRUCTURAL
DESC 'Packages List Member'
MAY ( univentionMemberPackages $ univentionMemberPackagesRemove ))
objectclass ( 1.3.6.1.4.1.10176.1000.13.2.4 NAME 'univentionPolicyPackagesClient'
SUP 'univentionPolicy' STRUCTURAL
DESC 'Packages List Client'
MAY ( univentionClientPackages $ univentionClientPackagesRemove ))
objectclass ( 1.3.6.1.4.1.10176.1000.13.2.5 NAME 'univentionPolicyPackagesMobileClient'
SUP 'univentionPolicy' STRUCTURAL
DESC 'Packages List MobileClient'
MAY ( univentionMobileClientPackages $ univentionMobileClientPackagesRemove ))
# 1.3.6.1.4.1.10176.1000.14 (Update) $
attributetype ( 1.3.6.1.4.1.10176.1000.14.1.1 NAME 'univentionUpdateVersion'
DESC 'Update to Version'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.1000.14.1.2 NAME 'univentionUpdateActivate'
DESC 'Activate this policy'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE)
objectclass ( 1.3.6.1.4.1.10176.1000.14.2.1 NAME 'univentionPolicyUpdate'
SUP 'univentionPolicy' STRUCTURAL
DESC 'Update Policy'
MAY ( univentionUpdateVersion $ univentionUpdateActivate))
# 1.3.6.1.4.1.10176.1000.15 (LDAP Server) $
attributetype ( 1.3.6.1.4.1.10176.1000.15.1.1 NAME 'univentionLDAPServer'
DESC 'LDAP Server'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
objectclass ( 1.3.6.1.4.1.10176.1000.15.2.1 NAME 'univentionPolicyLDAPServer'
SUP 'univentionPolicy' STRUCTURAL
DESC 'Update Policy'
MAY ( univentionLDAPServer ))
# 1.3.6.1.4.1.10176.1000.16 (Cron Installation) $
attributetype ( 1.3.6.1.4.1.10176.1000.16.1.1 NAME 'univentionCron'
DESC 'LDAP Server'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.1000.16.1.2 NAME 'univentionCronActive'
DESC 'LDAP Server'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.1000.16.1.3 NAME 'univentionInstallationStartup'
DESC 'LDAP Server'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.1000.16.1.4 NAME 'univentionInstallationShutdown'
DESC 'LDAP Server'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.1000.16.1.5 NAME 'univentionInstallationReboot'
DESC 'LDAP Server'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
objectclass ( 1.3.6.1.4.1.10176.1000.16.2.1 NAME 'univentionPolicyInstallationTime'
SUP 'univentionPolicy' STRUCTURAL
DESC 'Update Policy'
MAY ( univentionCron $ univentionCronActive $ univentionInstallationStartup $ univentionInstallationShutdown $ univentionInstallationReboot ))
attributetype ( 1.3.6.1.4.1.10176.1000.16.1.15NAME 'univentionRepositoryCron'
DESC 'LDAP Server'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
objectclass ( 1.3.6.1.4.1.10176.1000.16.3.1 NAME 'univentionPolicyRepositorySync'
SUP 'univentionPolicy' STRUCTURAL
DESC 'Repository Sync Time Policy'
MAY ( univentionRepositoryCron ))
# 1.3.6.1.4.1.10176.1000.17 (Policy Server) $
attributetype ( 1.3.6.1.4.1.10176.1000.17.1.1 NAME 'univentionRepositoryServer'
DESC 'Repository Server'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
objectclass ( 1.3.6.1.4.1.10176.1000.17.2.1 NAME 'univentionPolicyRepositoryServer'
SUP 'univentionPolicy' STRUCTURAL
DESC 'Repository Server Policy'
MAY ( univentionRepositoryServer ))
# 1.3.6.1.4.1.10176.1000.18 (Client Devices) $
attributetype ( 1.3.6.1.4.1.10176.1000.18.1.1 NAME 'univentionClientDevicesActivate'
DESC 'activate Client Devices'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
objectclass ( 1.3.6.1.4.1.10176.1000.18.2.1 NAME 'univentionPolicyClientDevices'
SUP 'univentionPolicy' STRUCTURAL
DESC 'using CDROM and Floppy devices on a thin client'
MAY ( univentionClientDevicesActivate ))
# 1.3.6.1.4.1.10176.1000.19 (Print Server) $
attributetype ( 1.3.6.1.4.1.10176.1000.19.1.1 NAME 'univentionPrintServer'
DESC 'Print Server'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
objectclass ( 1.3.6.1.4.1.10176.1000.19.2.1 NAME 'univentionPolicyPrintServer'
SUP 'univentionPolicy' STRUCTURAL
DESC 'Update Policy'
MAY ( univentionPrintServer ))
# 1.3.6.1.4.1.10176.1000.20 (Auto Start) $
attributetype ( 1.3.6.1.4.1.10176.1000.20.1.1 NAME 'univentionAutoStartScript'
DESC 'Script to be started by autostart'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
objectClass ( 1.3.6.1.4.1.10176.1000.20.2.1 NAME 'univentionPolicyAutoStart'
SUP 'univentionPolicy' STRUCTURAL
DESC 'Autostart Policy'
MAY ( univentionAutoStartScript ))
# 1.3.6.1.4.1.10176.1000.21 (Print Quota) $
attributetype ( 1.3.6.1.4.1.10176.1000.21.1.1 NAME 'univentionPrintQuotaGroups'
DESC 'Printquota for Groups'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1000.21.1.2 NAME 'univentionPrintQuotaUsers'
DESC 'Printquota for Users'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1000.21.1.3 NAME 'univentionPrintQuotaGroupsPerUsers'
DESC 'Printquota for Groups per Users'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
objectclass ( 1.3.6.1.4.1.10176.1000.21.2.1 NAME 'univentionPolicySharePrintQuota'
SUP 'univentionPolicy' STRUCTURAL
DESC 'Update Policy'
MAY ( univentionPrintQuotaGroups $ univentionPrintQuotaUsers $ univentionPrintQuotaGroupsPerUsers))
# $OID: 1.3.6.1.4.1.10176.1000.22 (Mail Quota) $
attributetype ( 1.3.6.1.4.1.10176.1000.22.1.1 NAME 'univentionMailQuotaMB'
DESC 'mail quota limit - in MB'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.1000.22.1.2 NAME 'univentionMailQuotaWarning'
DESC 'mail quota warning if limit is almost reached - percent'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE)
objectclass ( 1.3.6.1.4.1.10176.1000.22.2.1 NAME 'univentionMailQuota'
SUP 'univentionPolicy' STRUCTURAL
DESC 'Mail quota configuration policy object'
MAY ( univentionMailQuotaMB $ univentionMailQuotaWarning ))
# 1.3.6.1.4.1.10176.1000.23 (admin settings) $
attributetype ( 1.3.6.1.4.1.10176.1000.23.1.1 NAME 'univentionAdminListDNs'
DESC 'DNs that are visible to user; if DN is container, list all childs'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1000.23.1.2 NAME 'univentionAdminListWizards'
DESC 'Wizards that are visible to user'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1000.23.1.3 NAME 'univentionAdminListWebModules'
DESC 'Wizards that are visible to user'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1000.23.1.4 NAME 'univentionAdminBaseDN'
DESC 'Show tree starting here'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1000.23.1.5 NAME 'univentionAdminMayOverrideSettings'
DESC 'User may override settings'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1000.23.1.6 NAME 'univentionAdminShowSelf'
DESC 'Show self menu item'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1000.23.1.7 NAME 'univentionAdminListModules'
DESC 'Show modules'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1000.23.1.8 NAME 'univentionAdminSelfAttributes'
DESC 'contains the attributes of a user to be shown in self menu item'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1000.23.1.9 NAME 'univentionAdminListAttributes'
DESC 'contains a list of attributes to be shown in the search results'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1000.23.1.10 NAME 'univentionAdminListBrowseAttributes'
DESC 'contains a list of attributes to be shown in the navigation'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
objectclass ( 1.3.6.1.4.1.10176.1000.23.2.1 NAME 'univentionPolicyAdminSettings'
SUP 'univentionPolicy' STRUCTURAL
DESC 'User settings for Univention Admin'
MAY ( univentionAdminListDNs $ univentionAdminListWizards $ univentionAdminListWebModules $
univentionAdminBaseDN $ univentionAdminMayOverrideSettings $ univentionAdminShowSelf $
univentionAdminSelfAttributes $ univentionPolicyObject $ univentionDnsObject $
univentionDhcpObject $ univentionUsersObject $ univentionGroupsObject $
univentionComputersObject $ univentionNetworksObject $ univentionSharesObject $
univentionPrintersObject $ univentionAdminListAttributes $ univentionAdminListBrowseAttributes))
objectclass ( 1.3.6.1.4.1.10176.1000.23.2.2 NAME 'univentionPolicyAdminContainerSettings'
SUP 'univentionPolicy' STRUCTURAL
DESC 'Container settings for Univention Admin'
MAY ( univentionAdminListModules ))
# 1.3.6.1.4.1.10176.1000.24 (console settings) $
attributetype ( 1.3.6.1.4.1.10176.1000.24.1.1 NAME 'univentionConsoleAllow'
DESC 'List of UMC operations that will be granted'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1000.24.1.2 NAME 'univentionConsoleDisallow'
DESC 'List of UMC operations that will be prohibited'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
objectclass ( 1.3.6.1.4.1.10176.1000.24.2.2 NAME 'univentionPolicyConsoleAccess'
SUP 'univentionPolicy' STRUCTURAL
DESC 'Access Control List for UMC'
MAY ( univentionConsoleAllow $ univentionConsoleDisallow ))
attributetype ( 1.3.6.1.4.1.10176.1000.25.1.1 NAME 'univentionDhcpSunAuth'
DESC 'Authentication server for Sun Ray thin clients'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
objectclass ( 1.3.6.1.4.1.10176.1000.6.25.2.1 NAME 'univentionPolicyDhcpSunAuth'
SUP 'univentionPolicy' STRUCTURAL
DESC 'DHCP Sun Ray authentication policy object'
MAY ( univentionDhcpSunAuth ))
# nfs mounts
attributetype ( 1.3.6.1.4.1.10176.1000.26.1.1 NAME 'univentionNFSMounts'
DESC 'NFS-Share to mount'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
objectclass ( 1.3.6.1.4.1.10176.1000.6.26.2.1 NAME 'univentionPolicyNFSMounts'
SUP 'univentionPolicy' STRUCTURAL
DESC 'NFS-Shares policy object'
MAY ( univentionNFSMounts ))
# new UMC policy object (UCS 3.0)
attributetype ( 1.3.6.1.4.1.10176.1000.308.1.1
NAME 'umcPolicyGrantedOperationSet'
DESC 'List of allowed UMC operantion set'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
objectclass ( 1.3.6.1.4.1.10176.1000.308.2.1
NAME 'umcPolicy'
DESC 'Defines a set of allowed UMC operations'
SUP 'univentionPolicy' STRUCTURAL
MAY umcPolicyGrantedOperationSet )

189
files/schema/portal.schema Normal file
View File

@ -0,0 +1,189 @@
# Univention Portal OID: 1.3.6.1.4.1.10176.4207
# <https://hutten.knut.univention.de/mediawiki/index.php/Univention-OIDs>
#objectIdentifier univention 1.3.6.1.4.1.10176
#objectIdentifier univentionPortal univention:4207
objectIdentifier univentionPortal 1.3.6.1.4.1.10176.4207
objectIdentifier univentionPortalAttributeType univentionPortal:1
objectIdentifier univentionPortalObjectClass univentionPortal:2
objectIdentifier univentionPortalEntry 1.3.6.1.4.1.10176.4208
objectIdentifier univentionPortalEntryAttributeType univentionPortalEntry:1
objectIdentifier univentionPortalEntryObjectClass univentionPortalEntry:2
objectIdentifier univentionPortalComputer 1.3.6.1.4.1.10176.4209
objectIdentifier univentionPortalComputerAttributeType univentionPortalComputer:1
objectIdentifier univentionPortalComputerObjectClass univentionPortalComputer:2
# <http://www.openldap.org/doc/admin24/schema.html>
### Definition for univentionPortal
attributetype ( univentionPortalAttributeType:1 NAME 'univentionPortalDisplayName'
DESC 'Portal display name'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( univentionPortalAttributeType:2 NAME 'univentionPortalShowMenu'
DESC 'Portal show menu'
SINGLE-VALUE
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
attributetype ( univentionPortalAttributeType:3 NAME 'univentionPortalShowSearch'
DESC 'Portal show search'
SINGLE-VALUE
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
attributetype ( univentionPortalAttributeType:4 NAME 'univentionPortalShowLogin'
DESC 'Portal show login'
SINGLE-VALUE
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
attributetype ( univentionPortalAttributeType:5 NAME 'univentionPortalShowApps'
DESC 'Portal show apps'
SINGLE-VALUE
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
attributetype ( univentionPortalAttributeType:6 NAME 'univentionPortalShowServers'
DESC 'Portal show servers'
SINGLE-VALUE
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
attributetype ( univentionPortalAttributeType:7 NAME 'univentionPortalBackground'
DESC 'Portal background'
SINGLE-VALUE
SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
attributetype ( univentionPortalAttributeType:8 NAME 'univentionPortalCSSBackground'
DESC 'Portal CSS style background'
SINGLE-VALUE
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( univentionPortalAttributeType:9 NAME 'univentionPortalLogo'
DESC 'Portal logo'
SINGLE-VALUE
SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
attributetype ( univentionPortalAttributeType:10 NAME 'univentionPortalFontColor'
DESC 'Portal font color'
SINGLE-VALUE
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
objectclass ( univentionPortalObjectClass:1 NAME 'univentionPortal'
DESC 'Portal data'
SUP top
MUST ( cn )
MAY (
univentionPortalDisplayName
$ univentionPortalShowMenu
$ univentionPortalShowSearch
$ univentionPortalShowLogin
$ univentionPortalShowApps
$ univentionPortalShowServers
$ univentionPortalBackground
$ univentionPortalCSSBackground
$ univentionPortalLogo
$ univentionPortalFontColor
)
)
### Definition for univentionPortalEntry
attributetype ( univentionPortalEntryAttributeType:1 NAME 'univentionPortalEntryDisplayName'
DESC 'Portal entry display name'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( univentionPortalEntryAttributeType:2 NAME 'univentionPortalEntryDescription'
DESC 'Portal entry description'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( univentionPortalEntryAttributeType:3 NAME 'univentionPortalEntryFavorite'
DESC 'Portal entry favorite'
SINGLE-VALUE
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
attributetype ( univentionPortalEntryAttributeType:4 NAME 'univentionPortalEntryLink'
DESC 'Portal entry link'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( univentionPortalEntryAttributeType:5 NAME 'univentionPortalEntryPortal'
DESC 'Portal entry portal'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( univentionPortalEntryAttributeType:6 NAME 'univentionPortalEntryActivate'
DESC 'Portal entry activated'
SINGLE-VALUE
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
attributetype ( univentionPortalEntryAttributeType:7 NAME 'univentionPortalEntryAuthRestriction'
DESC 'Portal entry shown for authrorized users'
SINGLE-VALUE
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( univentionPortalEntryAttributeType:8 NAME 'univentionPortalEntryIcon'
DESC 'Portal entry icon'
SINGLE-VALUE
SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
attributetype ( univentionPortalEntryAttributeType:9 NAME 'univentionPortalEntryCategory'
DESC 'Portal entry category'
SINGLE-VALUE
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
objectclass ( univentionPortalEntryObjectClass:1 NAME 'univentionPortalEntry'
DESC 'Portal Entry data'
SUP top
MUST ( cn )
MAY (
univentionPortalEntryDisplayName
$ univentionPortalEntryDescription
$ univentionPortalEntryFavorite
$ univentionPortalEntryLink
$ univentionPortalEntryPortal
$ univentionPortalEntryActivate
$ univentionPortalEntryAuthRestriction
$ univentionPortalEntryIcon
$ univentionPortalEntryCategory
)
)
### Extended Attribute for computers
attributetype ( univentionPortalComputerAttributeType:1 NAME 'univentionComputerPortal'
DESC 'Portal for computer'
SINGLE-VALUE
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
objectclass ( univentionPortalComputerObjectClass:1 NAME 'univentionPortalComputer'
DESC 'Computer with Univention Portal'
SUP top
AUXILIARY
MAY (
univentionComputerPortal
)
)

159
files/schema/ppolicy.schema Normal file
View File

@ -0,0 +1,159 @@
# $OpenLDAP: pkg/ldap/servers/slapd/schema/ppolicy.schema,v 1.2.2.4 2007/01/02 21:44:09 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 2004-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
#
## Portions Copyright (C) The Internet Society (2004).
## Please see full copyright statement below.
# Definitions from Draft behera-ldap-password-policy-07 (a work in progress)
# Password Policy for LDAP Directories
# With extensions from Hewlett-Packard:
# pwdCheckModule etc.
# Contents of this file are subject to change (including deletion)
# without notice.
#
# Not recommended for production use!
# Use with extreme caution!
# The version of this file as distributed by the OpenLDAP Foundation
# contains text from an IETF Internet-Draft explaining the schema.
# Unfortunately, that text is covered by a license that doesn't meet
# Debian's Free Software Guidelines. This is a stripped version of the
# schema that contains only the functional schema definition, not the text
# of the Internet-Draft.
#
# For an explanation of this schema, see
# draft-behera-ldap-password-policy-08.txt.
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.1
NAME 'pwdAttribute'
EQUALITY objectIdentifierMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.2
NAME 'pwdMinAge'
EQUALITY integerMatch
ORDERING integerOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.3
NAME 'pwdMaxAge'
EQUALITY integerMatch
ORDERING integerOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.4
NAME 'pwdInHistory'
EQUALITY integerMatch
ORDERING integerOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.5
NAME 'pwdCheckQuality'
EQUALITY integerMatch
ORDERING integerOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.6
NAME 'pwdMinLength'
EQUALITY integerMatch
ORDERING integerOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.7
NAME 'pwdExpireWarning'
EQUALITY integerMatch
ORDERING integerOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.8
NAME 'pwdGraceAuthNLimit'
EQUALITY integerMatch
ORDERING integerOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.9
NAME 'pwdLockout'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.10
NAME 'pwdLockoutDuration'
EQUALITY integerMatch
ORDERING integerOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.11
NAME 'pwdMaxFailure'
EQUALITY integerMatch
ORDERING integerOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.12
NAME 'pwdFailureCountInterval'
EQUALITY integerMatch
ORDERING integerOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.13
NAME 'pwdMustChange'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.14
NAME 'pwdAllowUserChange'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.15
NAME 'pwdSafeModify'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.4754.1.99.1
NAME 'pwdCheckModule'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
DESC 'Loadable module that instantiates "check_password() function'
SINGLE-VALUE )
objectclass ( 1.3.6.1.4.1.4754.2.99.1
NAME 'pwdPolicyChecker'
SUP top
AUXILIARY
MAY ( pwdCheckModule ) )
objectclass ( 1.3.6.1.4.1.42.2.27.8.2.1
NAME 'pwdPolicy'
SUP top
AUXILIARY
MUST ( pwdAttribute )
MAY ( pwdMinAge $ pwdMaxAge $ pwdInHistory $ pwdCheckQuality $
pwdMinLength $ pwdExpireWarning $ pwdGraceAuthNLimit $ pwdLockout
$ pwdLockoutDuration $ pwdMaxFailure $ pwdFailureCountInterval $
pwdMustChange $ pwdAllowUserChange $ pwdSafeModify ) )

111
files/schema/printer.schema Normal file
View File

@ -0,0 +1,111 @@
# Copyright 2004-2017 Univention GmbH
#
# http://www.univention.de/
#
# All rights reserved.
#
# The source code of this program is made available
# under the terms of the GNU Affero General Public License version 3
# (GNU AGPL V3) as published by the Free Software Foundation.
#
# Binary versions of this program provided by Univention to you as
# well as other copyrighted, protected or trademarked materials like
# Logos, graphics, fonts, specific documentations and configurations,
# cryptographic keys etc. are subject to a license agreement between
# you and Univention and not subject to the GNU AGPL V3.
#
# In the case you use this program under the terms of the GNU AGPL V3,
# the program is provided in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public
# License with the Debian GNU/Linux or Univention distribution in file
# /usr/share/common-licenses/AGPL-3; if not, see
# <http://www.gnu.org/licenses/>.
# printer.schema
# $OID: 1.3.6.1.4.1.10176.1002 (Printers) $
attributetype ( 1.3.6.1.4.1.10176.1002.1.1 NAME 'univentionPrinterSpoolHost'
DESC 'URI'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.1002.1.2 NAME 'univentionPrinterURI'
DESC 'URI'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.1002.1.3 NAME 'univentionPrinterLocation'
DESC 'location of the printer'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1002.1.4 NAME 'univentionPrinterModel'
DESC 'URI'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.1002.1.5 NAME 'univentionPrinterSambaName'
DESC 'Samba share name'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1002.1.8 NAME 'univentionPrinterQuotaSupport'
DESC 'Enable Quota'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1002.1.9 NAME 'univentionPrinterPricePerPage'
DESC 'Price per page'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1002.1.10 NAME 'univentionPrinterPricePerJob'
DESC 'Price per printjob'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1002.1.11 NAME 'univentionPrinterGroupMember'
DESC 'Member of Printergroup'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1002.1.12 NAME 'univentionPrinterACLUsers'
DESC 'Users set in access control list'
EQUALITY distinguishedNameMatch
SUP distinguishedName )
attributetype ( 1.3.6.1.4.1.10176.1002.1.13 NAME 'univentionPrinterACLGroups'
DESC 'Groups set in access control list'
EQUALITY distinguishedNameMatch
SUP distinguishedName )
attributetype ( 1.3.6.1.4.1.10176.1002.1.14 NAME 'univentionPrinterACLtype'
DESC 'access control list is "allowed" or "denied"'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.1002.1.15 NAME 'univentionPrinterUseClientDriver'
DESC 'Use client driver option in Samba'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
objectclass ( 1.3.6.1.4.1.10176.1002.2.1 NAME 'univentionPrinter'
STRUCTURAL
DESC 'share'
MUST ( cn $ univentionPrinterURI $ univentionPrinterSpoolHost )
MAY ( description $ univentionPrinterLocation $ univentionPrinterModel $ univentionPrinterSambaName $ univentionPrinterQuotaSupport $ univentionPrinterPricePerPage $ univentionPrinterPricePerJob $ univentionPrinterACLUsers $ univentionPrinterACLGroups $ univentionPrinterACLtype $ univentionPrinterUseClientDriver ))
objectclass ( 1.3.6.1.4.1.10176.1002.2.2 NAME 'univentionPrinterGroup'
STRUCTURAL
DESC 'share'
MUST ( cn $ univentionPrinterSpoolHost )
MAY ( description $ univentionPrinterSambaName $ univentionPrinterQuotaSupport $ univentionPrinterPricePerPage $ univentionPrinterPricePerJob $ univentionPrinterGroupMember $ univentionPrinterACLUsers $ univentionPrinterACLGroups $ univentionPrinterACLtype ))

310
files/schema/rfc2307bis.schema Normal file
View File

@ -0,0 +1,310 @@
###
# Extracted from: http://tools.ietf.org/html/draft-howard-rfc2307bis-02
###
# Builtin
#attributeType ( 1.3.6.1.1.1.1.0 NAME 'uidNumber'
# DESC 'An integer uniquely identifying a user in an
# administrative domain'
# EQUALITY integerMatch
# ORDERING integerOrderingMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
# SINGLE-VALUE )
# Builtin
#attributeType ( 1.3.6.1.1.1.1.1 NAME 'gidNumber'
# DESC 'An integer uniquely identifying a group in an
# administrative domain'
# EQUALITY integerMatch
# ORDERING integerOrderingMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
# SINGLE-VALUE )
attributeType ( 1.3.6.1.1.1.1.2 NAME 'gecos'
DESC 'The GECOS field; the common name'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
attributeType ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory'
DESC 'The absolute path to the home directory'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
attributeType ( 1.3.6.1.1.1.1.4 NAME 'loginShell'
DESC 'The path to the login shell'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
attributeType ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange'
EQUALITY integerMatch
ORDERING integerOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributeType ( 1.3.6.1.1.1.1.6 NAME 'shadowMin'
EQUALITY integerMatch
ORDERING integerOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributeType ( 1.3.6.1.1.1.1.7 NAME 'shadowMax'
EQUALITY integerMatch
ORDERING integerOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributeType ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning'
EQUALITY integerMatch
ORDERING integerOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributeType ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive'
EQUALITY integerMatch
ORDERING integerOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributeType ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire'
EQUALITY integerMatch
ORDERING integerOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributeType ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag'
EQUALITY integerMatch
ORDERING integerOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributeType ( 1.3.6.1.1.1.1.12 NAME 'memberUid'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributeType ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributeType ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple'
DESC 'Netgroup triple'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributeType ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort'
DESC 'Service port number'
EQUALITY integerMatch
ORDERING integerOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributeType ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol'
DESC 'Service protocol name'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributeType ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber'
DESC 'IP protocol number'
EQUALITY integerMatch
ORDERING integerOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributeType ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber'
DESC 'ONC RPC number'
EQUALITY integerMatch
ORDERING integerOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributeType ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber'
DESC 'IPv4 addresses as a dotted decimal omitting leading
zeros or IPv6 addresses as defined in RFC2373'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributeType ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber'
DESC 'IP network omitting leading zeros, eg. 192.168'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
attributeType ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber'
DESC 'IP netmask omitting leading zeros, eg. 255.255.255.0'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
attributeType ( 1.3.6.1.1.1.1.22 NAME 'macAddress'
DESC 'MAC address in maximal, colon separated hex
notation, eg. 00:00:92:90:ee:e2'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributeType ( 1.3.6.1.1.1.1.23 NAME 'bootParameter'
DESC 'rpc.bootparamd parameter'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributeType ( 1.3.6.1.1.1.1.24 NAME 'bootFile'
DESC 'Boot image name'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributeType ( 1.3.6.1.1.1.1.26 NAME 'nisMapName'
DESC 'Name of a generic NIS map'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} )
attributeType ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry'
DESC 'A generic NIS entry'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024}
SINGLE-VALUE )
attributeType ( 1.3.6.1.1.1.1.28 NAME 'nisPublicKey'
DESC 'NIS public key'
EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
SINGLE-VALUE )
attributeType ( 1.3.6.1.1.1.1.29 NAME 'nisSecretKey'
DESC 'NIS secret key'
EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
SINGLE-VALUE )
attributeType ( 1.3.6.1.1.1.1.30 NAME 'nisDomain'
DESC 'NIS domain'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
attributeType ( 1.3.6.1.1.1.1.31 NAME 'automountMapName'
DESC 'automount Map Name'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
attributeType ( 1.3.6.1.1.1.1.32 NAME 'automountKey'
DESC 'Automount Key value'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
attributeType ( 1.3.6.1.1.1.1.33 NAME 'automountInformation'
DESC 'Automount information'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
objectClass ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' SUP top AUXILIARY
DESC 'Abstraction of an account with POSIX attributes'
MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory )
MAY ( userPassword $ loginShell $ gecos $
description ) )
objectClass ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' SUP top AUXILIARY
DESC 'Additional attributes for shadow passwords'
MUST uid
MAY ( userPassword $ description $
shadowLastChange $ shadowMin $ shadowMax $
shadowWarning $ shadowInactive $
shadowExpire $ shadowFlag ) )
objectClass ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' SUP top AUXILIARY
DESC 'Abstraction of a group of accounts'
MUST gidNumber
MAY ( userPassword $ memberUid $
description ) )
objectClass ( 1.3.6.1.1.1.2.3 NAME 'ipService' SUP top STRUCTURAL
DESC 'Abstraction an Internet Protocol service.
Maps an IP port and protocol (such as tcp or udp)
to one or more names; the distinguished value of
the cn attribute denotes the services canonical
name'
MUST ( cn $ ipServicePort $ ipServiceProtocol )
MAY description )
objectClass ( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' SUP top STRUCTURAL
DESC 'Abstraction of an IP protocol. Maps a protocol number
to one or more names. The distinguished value of the cn
attribute denotes the protocol canonical name'
MUST ( cn $ ipProtocolNumber )
MAY description )
objectClass ( 1.3.6.1.1.1.2.5 NAME 'oncRpc' SUP top STRUCTURAL
DESC 'Abstraction of an Open Network Computing (ONC)
[RFC1057] Remote Procedure Call (RPC) binding.
This class maps an ONC RPC number to a name.
The distinguished value of the cn attribute denotes
the RPC service canonical name'
MUST ( cn $ oncRpcNumber )
MAY description )
objectClass ( 1.3.6.1.1.1.2.6 NAME 'ipHost' SUP top AUXILIARY
DESC 'Abstraction of a host, an IP device. The distinguished
value of the cn attribute denotes the hosts canonical
name. Device SHOULD be used as a structural class'
MUST ( cn $ ipHostNumber )
MAY ( userPassword $ l $ description $
manager ) )
objectClass ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' SUP top STRUCTURAL
DESC 'Abstraction of a network. The distinguished value of
the cn attribute denotes the network canonical name'
MUST ipNetworkNumber
MAY ( cn $ ipNetmaskNumber $ l $ description $ manager ) )
objectClass ( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' SUP top STRUCTURAL
DESC 'Abstraction of a netgroup. May refer to other
netgroups'
MUST cn
MAY ( nisNetgroupTriple $ memberNisNetgroup $ description ) )
objectClass ( 1.3.6.1.1.1.2.9 NAME 'nisMap' SUP top STRUCTURAL
DESC 'A generic abstraction of a NIS map'
MUST nisMapName
MAY description )
objectClass ( 1.3.6.1.1.1.2.10 NAME 'nisObject' SUP top STRUCTURAL
DESC 'An entry in a NIS map'
MUST ( cn $ nisMapEntry $ nisMapName ) )
objectClass ( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' SUP top AUXILIARY
DESC 'A device with a MAC address; device SHOULD be
used as a structural class'
MAY macAddress )
objectClass ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' SUP top AUXILIARY
DESC 'A device with boot parameters; device SHOULD be
used as a structural class'
MAY ( bootFile $ bootParameter ) )
objectClass ( 1.3.6.1.1.1.2.14 NAME 'nisKeyObject' SUP top AUXILIARY
DESC 'An object with a public and secret key'
MUST ( cn $ nisPublicKey $ nisSecretKey )
MAY ( uidNumber $ description ) )
objectClass ( 1.3.6.1.1.1.2.15 NAME 'nisDomainObject' SUP top AUXILIARY
DESC 'Associates a NIS domain with a naming context'
MUST nisDomain )
objectClass ( 1.3.6.1.1.1.2.16 NAME 'automountMap' SUP top STRUCTURAL
MUST ( automountMapName )
MAY description )
objectClass ( 1.3.6.1.1.1.2.17 NAME 'automount' SUP top STRUCTURAL
DESC 'Automount information'
MUST ( automountKey $ automountInformation )
MAY description )
objectClass ( 1.3.6.1.1.1.2.18 NAME 'groupOfMembers' SUP top STRUCTURAL
DESC 'A group with members (DNs)'
MUST cn
MAY ( businessCategory $ seeAlso $ owner $ ou $ o $
description $ member ) )

586
files/schema/samba.schema Normal file
View File

@ -0,0 +1,586 @@
##
## schema file for OpenLDAP 2.x
## Schema for storing Samba user accounts and group maps in LDAP
## OIDs are owned by the Samba Team
##
## Prerequisite schemas - uid (cosine.schema)
## - displayName (inetorgperson.schema)
## - gidNumber (nis.schema)
##
## 1.3.6.1.4.1.7165.2.1.x - attributetypes
## 1.3.6.1.4.1.7165.2.2.x - objectclasses
##
## Printer support
## 1.3.6.1.4.1.7165.2.3.1.x - attributetypes
## 1.3.6.1.4.1.7165.2.3.2.x - objectclasses
##
## Samba4
## 1.3.6.1.4.1.7165.4.1.x - attributetypes
## 1.3.6.1.4.1.7165.4.2.x - objectclasses
## 1.3.6.1.4.1.7165.4.3.x - LDB/LDAP Controls
## 1.3.6.1.4.1.7165.4.4.x - LDB/LDAP Extended Operations
## 1.3.6.1.4.1.7165.4.255.x - mapped OIDs due to conflicts between AD and standards-track
##
## ----- READ THIS WHEN ADDING A NEW ATTRIBUTE OR OBJECT CLASS ------
##
## Run the 'get_next_oid' bash script in this directory to find the
## next available OID for attribute type and object classes.
##
## $ ./get_next_oid
## attributetype ( 1.3.6.1.4.1.7165.2.1.XX NAME ....
## objectclass ( 1.3.6.1.4.1.7165.2.2.XX NAME ....
##
## Also ensure that new entries adhere to the declaration style
## used throughout this file
##
## <attributetype|objectclass> ( 1.3.6.1.4.1.7165.2.XX.XX NAME ....
## ^ ^ ^
##
## The spaces are required for the get_next_oid script (and for
## readability).
##
## ------------------------------------------------------------------
# objectIdentifier SambaRoot 1.3.6.1.4.1.7165
# objectIdentifier Samba3 SambaRoot:2
# objectIdentifier Samba3Attrib Samba3:1
# objectIdentifier Samba3ObjectClass Samba3:2
# objectIdentifier Samba4 SambaRoot:4
########################################################################
## HISTORICAL ##
########################################################################
##
## Password hashes
##
#attributetype ( 1.3.6.1.4.1.7165.2.1.1 NAME 'lmPassword'
# DESC 'LanManager Passwd'
# EQUALITY caseIgnoreIA5Match
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
#attributetype ( 1.3.6.1.4.1.7165.2.1.2 NAME 'ntPassword'
# DESC 'NT Passwd'
# EQUALITY caseIgnoreIA5Match
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
##
## Account flags in string format ([UWDX ])
##
#attributetype ( 1.3.6.1.4.1.7165.2.1.4 NAME 'acctFlags'
# DESC 'Account Flags'
# EQUALITY caseIgnoreIA5Match
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE )
##
## Password timestamps & policies
##
#attributetype ( 1.3.6.1.4.1.7165.2.1.3 NAME 'pwdLastSet'
# DESC 'NT pwdLastSet'
# EQUALITY integerMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
#attributetype ( 1.3.6.1.4.1.7165.2.1.5 NAME 'logonTime'
# DESC 'NT logonTime'
# EQUALITY integerMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
#attributetype ( 1.3.6.1.4.1.7165.2.1.6 NAME 'logoffTime'
# DESC 'NT logoffTime'
# EQUALITY integerMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
#attributetype ( 1.3.6.1.4.1.7165.2.1.7 NAME 'kickoffTime'
# DESC 'NT kickoffTime'
# EQUALITY integerMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
#attributetype ( 1.3.6.1.4.1.7165.2.1.8 NAME 'pwdCanChange'
# DESC 'NT pwdCanChange'
# EQUALITY integerMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
#attributetype ( 1.3.6.1.4.1.7165.2.1.9 NAME 'pwdMustChange'
# DESC 'NT pwdMustChange'
# EQUALITY integerMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
##
## string settings
##
#attributetype ( 1.3.6.1.4.1.7165.2.1.10 NAME 'homeDrive'
# DESC 'NT homeDrive'
# EQUALITY caseIgnoreIA5Match
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE )
#attributetype ( 1.3.6.1.4.1.7165.2.1.11 NAME 'scriptPath'
# DESC 'NT scriptPath'
# EQUALITY caseIgnoreIA5Match
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )
#attributetype ( 1.3.6.1.4.1.7165.2.1.12 NAME 'profilePath'
# DESC 'NT profilePath'
# EQUALITY caseIgnoreIA5Match
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )
#attributetype ( 1.3.6.1.4.1.7165.2.1.13 NAME 'userWorkstations'
# DESC 'userWorkstations'
# EQUALITY caseIgnoreIA5Match
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )
#attributetype ( 1.3.6.1.4.1.7165.2.1.17 NAME 'smbHome'
# DESC 'smbHome'
# EQUALITY caseIgnoreIA5Match
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
#attributetype ( 1.3.6.1.4.1.7165.2.1.18 NAME 'domain'
# DESC 'Windows NT domain to which the user belongs'
# EQUALITY caseIgnoreIA5Match
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
##
## user and group RID
##
#attributetype ( 1.3.6.1.4.1.7165.2.1.14 NAME 'rid'
# DESC 'NT rid'
# EQUALITY integerMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
#attributetype ( 1.3.6.1.4.1.7165.2.1.15 NAME 'primaryGroupID'
# DESC 'NT Group RID'
# EQUALITY integerMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
##
## The smbPasswordEntry objectclass has been depreciated in favor of the
## sambaAccount objectclass
##
#objectclass ( 1.3.6.1.4.1.7165.2.2.1 NAME 'smbPasswordEntry' SUP top AUXILIARY
# DESC 'Samba smbpasswd entry'
# MUST ( uid $ uidNumber )
# MAY ( lmPassword $ ntPassword $ pwdLastSet $ acctFlags ))
#objectclass ( 1.3.6.1.4.1.7165.2.2.2 NAME 'sambaAccount' SUP top STRUCTURAL
# DESC 'Samba Account'
# MUST ( uid $ rid )
# MAY ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
# logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $
# displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $
# description $ userWorkstations $ primaryGroupID $ domain ))
#objectclass ( 1.3.6.1.4.1.7165.2.2.3 NAME 'sambaAccount' SUP top AUXILIARY
# DESC 'Samba Auxiliary Account'
# MUST ( uid $ rid )
# MAY ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
# logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $
# displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $
# description $ userWorkstations $ primaryGroupID $ domain ))
########################################################################
## END OF HISTORICAL ##
########################################################################
#######################################################################
## Attributes used by Samba 3.0 schema ##
#######################################################################
##
## Password hashes
##
attributetype ( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword'
DESC 'LanManager Password'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword'
DESC 'MD4 hash of the unicode password'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
##
## Account flags in string format ([UWDX ])
##
attributetype ( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags'
DESC 'Account Flags'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE )
##
## Password timestamps & policies
##
attributetype ( 1.3.6.1.4.1.7165.2.1.27 NAME 'sambaPwdLastSet'
DESC 'Timestamp of the last password update'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.7165.2.1.28 NAME 'sambaPwdCanChange'
DESC 'Timestamp of when the user is allowed to update the password'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange'
DESC 'Timestamp of when the password will expire'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.7165.2.1.30 NAME 'sambaLogonTime'
DESC 'Timestamp of last logon'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.7165.2.1.31 NAME 'sambaLogoffTime'
DESC 'Timestamp of last logoff'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.7165.2.1.32 NAME 'sambaKickoffTime'
DESC 'Timestamp of when the user will be logged off automatically'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.7165.2.1.48 NAME 'sambaBadPasswordCount'
DESC 'Bad password attempt count'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.7165.2.1.49 NAME 'sambaBadPasswordTime'
DESC 'Time of the last bad password attempt'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.7165.2.1.55 NAME 'sambaLogonHours'
DESC 'Logon Hours'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{42} SINGLE-VALUE )
##
## string settings
##
attributetype ( 1.3.6.1.4.1.7165.2.1.33 NAME 'sambaHomeDrive'
DESC 'Driver letter of home directory mapping'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.7165.2.1.34 NAME 'sambaLogonScript'
DESC 'Logon script path'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.7165.2.1.35 NAME 'sambaProfilePath'
DESC 'Roaming profile path'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.7165.2.1.36 NAME 'sambaUserWorkstations'
DESC 'List of user workstations the user is allowed to logon to'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.7165.2.1.37 NAME 'sambaHomePath'
DESC 'Home directory UNC path'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
attributetype ( 1.3.6.1.4.1.7165.2.1.38 NAME 'sambaDomainName'
DESC 'Windows NT domain to which the user belongs'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
attributetype ( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial'
DESC 'Base64 encoded user parameter string'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} )
attributetype ( 1.3.6.1.4.1.7165.2.1.54 NAME 'sambaPasswordHistory'
DESC 'Concatenated MD5 hashes of the salted NT passwords used on this account'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} )
##
## SID, of any type
##
attributetype ( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID'
DESC 'Security ID'
EQUALITY caseIgnoreIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
##
## Primary group SID, compatible with ntSid
##
attributetype ( 1.3.6.1.4.1.7165.2.1.23 NAME 'sambaPrimaryGroupSID'
DESC 'Primary Group Security ID'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.7165.2.1.51 NAME 'sambaSIDList'
DESC 'Security ID List'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} )
##
## group mapping attributes
##
attributetype ( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType'
DESC 'NT Group Type'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
##
## Store info on the domain
##
attributetype ( 1.3.6.1.4.1.7165.2.1.21 NAME 'sambaNextUserRid'
DESC 'Next NT rid to give our for users'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.7165.2.1.22 NAME 'sambaNextGroupRid'
DESC 'Next NT rid to give out for groups'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.7165.2.1.39 NAME 'sambaNextRid'
DESC 'Next NT rid to give out for anything'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.7165.2.1.40 NAME 'sambaAlgorithmicRidBase'
DESC 'Base at which the samba RID generation algorithm should operate'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.7165.2.1.41 NAME 'sambaShareName'
DESC 'Share Name'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.7165.2.1.42 NAME 'sambaOptionName'
DESC 'Option Name'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 1.3.6.1.4.1.7165.2.1.43 NAME 'sambaBoolOption'
DESC 'A boolean option'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.7165.2.1.44 NAME 'sambaIntegerOption'
DESC 'An integer option'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.7165.2.1.45 NAME 'sambaStringOption'
DESC 'A string option'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.7165.2.1.46 NAME 'sambaStringListOption'
DESC 'A string list option'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
##attributetype ( 1.3.6.1.4.1.7165.2.1.50 NAME 'sambaPrivName'
## SUP name )
##attributetype ( 1.3.6.1.4.1.7165.2.1.52 NAME 'sambaPrivilegeList'
## DESC 'Privileges List'
## EQUALITY caseIgnoreIA5Match
## SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} )
attributetype ( 1.3.6.1.4.1.7165.2.1.53 NAME 'sambaTrustFlags'
DESC 'Trust Password Flags'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
# "min password length"
attributetype ( 1.3.6.1.4.1.7165.2.1.58 NAME 'sambaMinPwdLength'
DESC 'Minimal password length (default: 5)'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
# "password history"
attributetype ( 1.3.6.1.4.1.7165.2.1.59 NAME 'sambaPwdHistoryLength'
DESC 'Length of Password History Entries (default: 0 => off)'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
# "user must logon to change password"
attributetype ( 1.3.6.1.4.1.7165.2.1.60 NAME 'sambaLogonToChgPwd'
DESC 'Force Users to logon for password change (default: 0 => off, 2 => on)'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
# "maximum password age"
attributetype ( 1.3.6.1.4.1.7165.2.1.61 NAME 'sambaMaxPwdAge'
DESC 'Maximum password age, in seconds (default: -1 => never expire passwords)'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
# "minimum password age"
attributetype ( 1.3.6.1.4.1.7165.2.1.62 NAME 'sambaMinPwdAge'
DESC 'Minimum password age, in seconds (default: 0 => allow immediate password change)'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
# "lockout duration"
attributetype ( 1.3.6.1.4.1.7165.2.1.63 NAME 'sambaLockoutDuration'
DESC 'Lockout duration in minutes (default: 30, -1 => forever)'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
# "reset count minutes"
attributetype ( 1.3.6.1.4.1.7165.2.1.64 NAME 'sambaLockoutObservationWindow'
DESC 'Reset time after lockout in minutes (default: 30)'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
# "bad lockout attempt"
attributetype ( 1.3.6.1.4.1.7165.2.1.65 NAME 'sambaLockoutThreshold'
DESC 'Lockout users after bad logon attempts (default: 0 => off)'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
# "disconnect time"
attributetype ( 1.3.6.1.4.1.7165.2.1.66 NAME 'sambaForceLogoff'
DESC 'Disconnect Users outside logon hours (default: -1 => off, 0 => on)'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
# "refuse machine password change"
attributetype ( 1.3.6.1.4.1.7165.2.1.67 NAME 'sambaRefuseMachinePwdChange'
DESC 'Allow Machine Password changes (default: 0 => off)'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
#
attributetype ( 1.3.6.1.4.1.7165.2.1.68 NAME 'sambaClearTextPassword'
DESC 'Clear text password (used for trusted domain passwords)'
EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
#
attributetype ( 1.3.6.1.4.1.7165.2.1.69 NAME 'sambaPreviousClearTextPassword'
DESC 'Previous clear text password (used for trusted domain passwords)'
EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
attributetype ( 1.3.6.1.4.1.10176.1000.311.1.1.1 NAME 'univentionSamba4SID'
DESC 'This attribute contains for samba3 / samba4 migration scenarios the SID of the corresponding s4 user'
EQUALITY caseIgnoreIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.1000.311.1.1.2 NAME 'univentionSamba4pwdProperties'
DESC 'Password Properties. Part of Domain Policy. A bitfield to indicate complexity and storage restrictions.'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
#######################################################################
## objectClasses used by Samba 3.0 schema ##
#######################################################################
## The X.500 data model (and therefore LDAPv3) says that each entry can
## only have one structural objectclass. OpenLDAP 2.0 does not enforce
## this currently but will in v2.1
##
## added new objectclass (and OID) for 3.0 to help us deal with backwards
## compatibility with 2.2 installations (e.g. ldapsam_compat) --jerry
##
objectclass ( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' SUP top AUXILIARY
DESC 'Samba 3.0 Auxilary SAM Account'
MUST ( uid $ sambaSID )
MAY ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $
sambaLogonTime $ sambaLogoffTime $ sambaKickoffTime $
sambaPwdCanChange $ sambaPwdMustChange $ sambaAcctFlags $
displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScript $
sambaProfilePath $ description $ sambaUserWorkstations $
sambaPrimaryGroupSID $ sambaDomainName $ sambaMungedDial $
sambaBadPasswordCount $ sambaBadPasswordTime $ univentionSamba4SID $
sambaPasswordHistory $ sambaLogonHours))
##
## Group mapping info
##
objectclass ( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' SUP top AUXILIARY
DESC 'Samba Group Mapping'
MUST ( gidNumber $ sambaSID $ sambaGroupType )
MAY ( displayName $ description $ sambaSIDList $ univentionSamba4SID ))
##
## Trust password for trust relationships (any kind)
##
objectclass ( 1.3.6.1.4.1.7165.2.2.14 NAME 'sambaTrustPassword' SUP top STRUCTURAL
DESC 'Samba Trust Password'
MUST ( sambaDomainName $ sambaNTPassword $ sambaTrustFlags )
MAY ( sambaSID $ sambaPwdLastSet ))
##
## Trust password for trusted domains
## (to be stored beneath the trusting sambaDomain object in the DIT)
##
objectclass ( 1.3.6.1.4.1.7165.2.2.15 NAME 'sambaTrustedDomainPassword' SUP top STRUCTURAL
DESC 'Samba Trusted Domain Password'
MUST ( sambaDomainName $ sambaSID $
sambaClearTextPassword $ sambaPwdLastSet )
MAY ( sambaPreviousClearTextPassword ))
##
## Whole-of-domain info
##
objectclass ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' SUP top STRUCTURAL
DESC 'Samba Domain Information'
MUST ( sambaDomainName $
sambaSID )
MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $
sambaAlgorithmicRidBase $
sambaMinPwdLength $ sambaPwdHistoryLength $ sambaLogonToChgPwd $
sambaMaxPwdAge $ sambaMinPwdAge $
sambaLockoutDuration $ sambaLockoutObservationWindow $ sambaLockoutThreshold $
sambaForceLogoff $ sambaRefuseMachinePwdChange $
univentionSamba4pwdProperties ))
##
## used for idmap_ldap module
##
objectclass ( 1.3.6.1.4.1.7165.2.2.7 NAME 'sambaUnixIdPool' SUP top AUXILIARY
DESC 'Pool for allocating UNIX uids/gids'
MUST ( uidNumber $ gidNumber ) )
objectclass ( 1.3.6.1.4.1.7165.2.2.8 NAME 'sambaIdmapEntry' SUP top AUXILIARY
DESC 'Mapping from a SID to an ID'
MUST ( sambaSID )
MAY ( uidNumber $ gidNumber ) )
objectclass ( 1.3.6.1.4.1.7165.2.2.9 NAME 'sambaSidEntry' SUP top STRUCTURAL
DESC 'Structural Class for a SID'
MUST ( sambaSID ) )
objectclass ( 1.3.6.1.4.1.7165.2.2.10 NAME 'sambaConfig' SUP top AUXILIARY
DESC 'Samba Configuration Section'
MAY ( description ) )
objectclass ( 1.3.6.1.4.1.7165.2.2.11 NAME 'sambaShare' SUP top STRUCTURAL
DESC 'Samba Share Section'
MUST ( sambaShareName )
MAY ( description ) )
objectclass ( 1.3.6.1.4.1.7165.2.2.12 NAME 'sambaConfigOption' SUP top STRUCTURAL
DESC 'Samba Configuration Option'
MUST ( sambaOptionName )
MAY ( sambaBoolOption $ sambaIntegerOption $ sambaStringOption $
sambaStringListoption $ description ) )
## retired during privilege rewrite
##objectclass ( 1.3.6.1.4.1.7165.2.2.13 NAME 'sambaPrivilege' SUP top AUXILIARY
## DESC 'Samba Privilege'
## MUST ( sambaSID )
## MAY ( sambaPrivilegeList ) )

22
files/schema/self-service-passwordreset.schema Normal file
View File

@ -0,0 +1,22 @@
#using namespace 1.3.6.1.4.1.10176.3000.*
# copied from core.schema : mail / rfc822Mailbox
attributetype ( 1.3.6.1.4.1.10176.3000.101
NAME 'univentionPasswordSelfServiceEmail'
DESC 'Email address for password recovery'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )
# copied from cosine.schema : mobile / mobileTelephoneNumber
attributetype ( 1.3.6.1.4.1.10176.3000.102
NAME 'univentionPasswordSelfServiceMobile'
DESC 'Mobile number for password recovery'
EQUALITY telephoneNumberMatch
SUBSTR telephoneNumberSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
objectclass ( 1.3.6.1.4.1.10176.3000.100 NAME 'univentionPasswordSelfService'
DESC 'Data for the password reset service'
SUP top AUXILIARY
MAY ( univentionPasswordSelfServiceEmail $ univentionPasswordSelfServiceMobile ) )

374
files/schema/share.schema Normal file
View File

@ -0,0 +1,374 @@
# Copyright 2004-2017 Univention GmbH
#
# http://www.univention.de/
#
# All rights reserved.
#
# The source code of this program is made available
# under the terms of the GNU Affero General Public License version 3
# (GNU AGPL V3) as published by the Free Software Foundation.
#
# Binary versions of this program provided by Univention to you as
# well as other copyrighted, protected or trademarked materials like
# Logos, graphics, fonts, specific documentations and configurations,
# cryptographic keys etc. are subject to a license agreement between
# you and Univention and not subject to the GNU AGPL V3.
#
# In the case you use this program under the terms of the GNU AGPL V3,
# the program is provided in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public
# License with the Debian GNU/Linux or Univention distribution in file
# /usr/share/common-licenses/AGPL-3; if not, see
# <http://www.gnu.org/licenses/>.
# share.schema
# $Id: share.schema,v 1.5.2.2.2.4.2.5 2006/12/01 07:45:41 andreas Exp $
# $OID: 1.3.6.1.4.1.10176.1001 (Shares) $
# $OID: 1.3.6.1.4.1.10176.1001.1 (Shares/General) $
attributetype ( 1.3.6.1.4.1.10176.1001.1.1.1 NAME 'univentionShareHost'
DESC 'host the share is located on'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.1001.1.1.2 NAME 'univentionSharePath'
DESC 'path of share on host'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1001.1.1.3 NAME 'univentionShareWriteable'
DESC 'is share writeable'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.1001.1.1.4 NAME 'univentionShareReplicateFrom'
DESC 'replicate share from given share'
SUP distinguishedName )
attributetype ( 1.3.6.1.4.1.10176.1001.1.1.5 NAME 'univentionShareDirectoryMode'
DESC 'mode of the shared directory'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.1001.1.1.6 NAME 'univentionShareUid'
DESC 'owner uid of the shared directory'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.1001.1.1.7 NAME 'univentionShareGid'
DESC 'group gid of the shared directory'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
objectclass ( 1.3.6.1.4.1.10176.1001.1.2.1 NAME 'univentionShare'
STRUCTURAL
DESC 'share'
MUST ( cn $ univentionShareHost $ univentionSharePath )
MAY ( description $ univentionShareWriteable $ univentionShareDirectoryMode $ univentionShareGid $ univentionShareUid ))
objectclass ( 1.3.6.1.4.1.10176.1001.1.2.2 NAME 'univentionShareReplication'
AUXILIARY
DESC 'replicate share from other share'
MUST ( univentionShareReplicateFrom ))
# $OID: 1.3.6.1.4.1.10176.1001.2 (Shares/Samba) $
attributetype ( 1.3.6.1.4.1.10176.1001.2.1.1 NAME 'univentionShareSambaName'
DESC 'samba name of share'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1001.2.1.2 NAME 'univentionShareSambaCreateMode'
DESC 'create mode'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.1001.2.1.3 NAME 'univentionShareSambaDirectoryMode'
DESC 'directory mode'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.1001.2.1.4 NAME 'univentionShareSambaPublic'
DESC 'allow guest access'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.1001.2.1.5 NAME 'univentionShareSambaBrowseable'
DESC 'is share listed'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.1001.2.1.6 NAME 'univentionShareSambaForceCreateMode'
DESC 'force create mode'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.1001.2.1.7 NAME 'univentionShareSambaForceDirectoryMode'
DESC 'force directory mode'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.1001.2.1.8 NAME 'univentionShareSambaSecurityMode'
DESC 'security mode'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.1001.2.1.9 NAME 'univentionShareSambaDirectorySecurityMode'
DESC 'security mode'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.1001.2.1.10 NAME 'univentionShareSambaForceSecurityMode'
DESC 'force security mode'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.1001.2.1.11 NAME 'univentionShareSambaForceDirectorySecurityMode'
DESC 'force security mode'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.1001.2.1.12 NAME 'univentionShareSambaLocking'
DESC 'locking'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.1001.2.1.13 NAME 'univentionShareSambaBlockingLocks'
DESC 'blocking locks'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.1001.2.1.14 NAME 'univentionShareSambaStrictLocking'
DESC 'strict locking'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.1001.2.1.15 NAME 'univentionShareSambaOplocks'
DESC 'oplocks'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.1001.2.1.16 NAME 'univentionShareSambaLevel2Oplocks'
DESC 'level2 oplocks'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.1001.2.1.17 NAME 'univentionShareSambaFakeOplocks'
DESC 'fake oplocks'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.1001.2.1.18 NAME 'univentionShareSambaBlockSize'
DESC 'block size'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.1001.2.1.19 NAME 'univentionShareSambaCscPolicy'
DESC 'csc policy'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.1001.2.1.20 NAME 'univentionShareSambaValidUsers'
DESC 'user'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1001.2.1.21 NAME 'univentionShareSambaForceUser'
DESC 'force user'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1001.2.1.22 NAME 'univentionShareSambaForceGroup'
DESC 'force group'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1001.2.1.24 NAME 'univentionShareSambaHideFiles'
DESC 'hide files'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1001.2.1.25 NAME 'univentionShareSambaNtAclSupport'
DESC 'nt acl support'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.1001.2.1.26 NAME 'univentionShareSambaInheritAcls'
DESC 'inherit acls'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.1001.2.1.27 NAME 'univentionShareSambaPostexec'
DESC 'postexec'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.1001.2.1.28 NAME 'univentionShareSambaPreexec'
DESC 'preexec'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.1001.2.1.29 NAME 'univentionShareSambaWriteable'
DESC 'is share writable'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.1001.2.1.30 NAME 'univentionShareSambaWriteList'
DESC 'write list'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1001.2.1.31 NAME 'univentionShareSambaVFSObjects'
DESC 'vfs objects'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.1001.2.1.32 NAME 'univentionShareSambaInheritOwner'
DESC 'inherit owner'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.1001.2.1.33 NAME 'univentionShareSambaInheritPermissions'
DESC 'inherit permissions'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.1001.2.1.34 NAME 'univentionShareSambaHostsAllow'
DESC 'define hosts that are allowed to connect'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.1001.2.1.35 NAME 'univentionShareSambaHostsDeny'
DESC 'define a list of hosts that are not allowed to connect'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.1001.2.1.36 NAME 'univentionShareSambaInvalidUsers'
DESC 'user'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1001.2.1.37 NAME 'univentionShareSambaMSDFS'
DESC 'is share msfds root'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.1001.2.1.38 NAME 'univentionShareSambaDosFilemode'
DESC 'Owner group may modify access rights'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.1001.2.1.39 NAME 'univentionShareSambaHideUnreadable'
DESC 'Hide unreadable files/directories'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.1001.2.1.40 NAME 'univentionShareSambaCustomSetting'
DESC 'custom samba setting for samba share (key = value)'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
objectclass ( 1.3.6.1.4.1.10176.1001.2.2.1 NAME 'univentionShareSamba'
AUXILIARY
DESC 'Samba share'
MUST ( univentionShareSambaName )
MAY (
univentionShareSambaBrowseable $
univentionShareSambaPublic $
univentionShareSambaCreateMode $
univentionShareSambaDirectoryMode $
univentionShareSambaForceCreateMode $
univentionShareSambaForceDirectoryMode $
univentionShareSambaSecurityMode $
univentionShareSambaDirectorySecurityMode $
univentionShareSambaForceSecurityMode $
univentionShareSambaForceDirectorySecurityMode $
univentionShareSambaLocking $
univentionShareSambaBlockingLocks $
univentionShareSambaStrictLocking $
univentionShareSambaOplocks $
univentionShareSambaLevel2Oplocks $
univentionShareSambaFakeOplocks $
univentionShareSambaBlockSize $
univentionShareSambaCscPolicy $
univentionShareSambaValidUsers $
univentionShareSambaInvalidUsers $
univentionShareSambaForceUser $
univentionShareSambaForceGroup $
univentionShareSambaHideFiles $
univentionShareSambaNtAclSupport $
univentionShareSambaInheritAcls $
univentionShareSambaPostexec $
univentionShareSambaPreexec $
univentionShareSambaWriteable $
univentionShareSambaWriteList $
univentionShareSambaVFSObjects $
univentionShareSambaMSDFS $
univentionShareSambaInheritOwner $
univentionShareSambaInheritPermissions $
univentionShareSambaHostsAllow $
univentionShareSambaHostsDeny $
univentionShareSambaDosFilemode $
univentionShareSambaHideUnreadable $
univentionShareSambaCustomSetting ))
# $OID: 1.3.6.1.4.1.10176.1001.3 (Shares/NFS) $
attributetype ( 1.3.6.1.4.1.10176.1001.3.1.1 NAME 'univentionShareNFSSync'
DESC 'sync or async nfs share'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.1001.3.1.2 NAME 'univentionShareNFSRootSquash'
DESC 'enable or disable root squashing in NFS mounts'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.1001.3.1.3 NAME 'univentionShareNFSAllowed'
DESC 'Hosts or network that may mount this share'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.1001.3.1.4 NAME 'univentionShareNFSSubTree'
DESC 'enable or disable sub tree checking for shares'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.1001.3.1.5 NAME 'univentionShareNFSCustomSetting'
DESC 'custom nfs setting for nfs share'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
objectclass ( 1.3.6.1.4.1.10176.1001.4.1.1 NAME 'univentionShareNFS'
AUXILIARY
DESC 'NFS share'
MAY ( univentionShareNFSSync $ univentionShareNFSRootSquash $ univentionShareNFSAllowed $ univentionShareNFSSubTree $ univentionShareNFSCustomSetting) )
attributetype ( 1.3.6.1.4.1.10176.1001.4.1.1 NAME 'univentionShareWebaccessName'
DESC 'Name of the Webaccess Share'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.1001.4.1.2 NAME 'univentionShareWebaccessIpaddress'
DESC 'IP address of the Webaccess Share'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.1001.4.1.3 NAME 'univentionShareWebaccessHordeauth'
DESC 'Use the horde credentials for the access'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
objectclass ( 1.3.6.1.4.1.10176.1001.4.2.1 NAME 'univentionShareWebaccess'
AUXILIARY
DESC 'Webaccess share'
MAY ( univentionShareWebaccessName $ univentionShareWebaccessIpaddress $ univentionShareWebaccessHordeauth ) )

183
files/schema/solaris.schema Normal file
View File

@ -0,0 +1,183 @@
# solaris.schema
# ''works in progress and incomplete''.
# It would help if sun would publish this information!
# If you have any comments/suggestion/correction
# please let me know (igor@ipass.net)
#
# Some correction on oid and attributetype
# were made by Marc Bourget (bourget@up2.com)
# Up2 Technologies (div. Teleglobe Communication Corp)
# oid number and additional attributetype were taken from:
# Solaris and LDAP Naming Service, Deploying LDAP in the Enterprise.
# Tom Bialanski and Michael Haines, Sun Microsystems Press,
# A Prentice Hall Title, 2001, ISBN 0-13-030678-9
# Sun nisMapEntry attributes
attributetype ( 1.3.6.1.1.1.1.28
NAME 'nisPublickey'
DESC 'nisPublickey'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.1.1.1.29
NAME 'nisSecretkey'
DESC 'nisSecretkey'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.1.1.1.12 SUP name
NAME 'nisDomain' )
# Sun additional attributes to RFC2307 attributes (NIS)
attributetype ( 2.16.840.1.113730.3.1.30
NAME 'mgrpRFC822MailMember'
DESC 'mgrpRFC822MailMember'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
#attributetype ( 1.3.6.1.4.1.42.2.27.2.1.15
# NAME 'rfc822MailMember'
# DESC 'rfc822MailMember'
# EQUALITY caseIgnoreIA5Match
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.42.2.27.1.1.12
NAME 'nisNetIdUser'
DESC 'nisNetIdUser'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.42.2.27.1.1.13
NAME 'nisNetIdGroup'
DESC 'nisNetIdGroup'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.42.2.27.1.1.14
NAME 'nisNetIdHost'
DESC 'nisNetIdHost'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
# Sun NIS publickey objectclass
objectclass ( 1.3.6.1.1.1.2.14
NAME 'NisKeyObject'
DESC 'NisKeyObject'
SUP top
MUST ( cn $ nisPublickey $ nisSecretkey )
MAY ( uidNumber $ description ) )
# Sun NIS domain objectclass
objectclass ( 1.3.1.6.1.1.1.2.15
NAME 'nisDomainObject'
DESC 'nisDomainObject'
SUP top AUXILIARY
MUST ( nisDomain ) )
# Sun NIS mailGroup objectclass
objectclass ( 2.16.840.1.113730.3.2.4
NAME 'mailGroup'
DESC 'mailGroup'
SUP top
MUST ( mail )
MAY ( cn $ mgrpRFC822MailMember ) )
# Sun NIS nisMailAlias objectclass
#objectclass ( 1.3.6.1.4.1.42.2.27.1.2.5
# NAME 'nisMailAlias'
# DESC 'nisMailAlias'
# SUP top
# MUST ( cn )
# MAY ( rfc822mailMember ) )
# Sun NIS nisNetId objectclass
objectclass ( 1.3.6.1.4.1.42.2.27.1.2.6
NAME 'nisNetId'
DESC 'nisNetId'
SUP top
MUST ( cn )
MAY ( nisNetIdUser $ nisNetIdGroup $ nisNetIdHost ) )
# Below is optional unless you want to use ldap_gen_profile
attributetype ( 1.3.6.1.4.1.42.2.27.5.1.15 SUP name
NAME 'SolarisLDAPServers'
DESC 'SolarisLDAPServers'
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.42.2.27.5.1.16 SUP name
NAME 'SolarisSearchBaseDN'
DESC 'SolarisSearchBaseDN'
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.42.2.27.5.1.17
NAME 'SolarisCacheTTL'
DESC 'SolarisCacheTTL'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.42.2.27.5.1.18 SUP name
NAME 'SolarisBindDN'
DESC 'SolarisBindDN'
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.42.2.27.5.1.19 SUP name
NAME 'SolarisBindPassword'
DESC 'SolarisBindPassword'
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.42.2.27.5.1.20 SUP name
NAME 'SolarisAuthMethod'
DESC 'SolarisAuthMethod'
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.42.2.27.5.1.21 SUP name
NAME 'SolarisTransportSecurity'
DESC 'SolarisTransportSecurity'
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.42.2.27.5.1.24 SUP name
NAME 'SolarisDataSearchDN'
DESC 'SolarisDataSearchDN'
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.42.2.27.5.1.25 SUP name
NAME 'SolarisSearchScope'
DESC 'SolarisSearchScope'
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.42.2.27.5.1.26
NAME 'SolarisSearchTimeLimit'
DESC 'SolarisSearchTimeLimit'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.42.2.27.5.1.27 SUP name
NAME 'SolarisPreferedServer'
DESC 'SolarisPreferedServer' )
attributetype ( 1.3.6.1.4.1.42.2.27.5.1.28 SUP name
NAME 'SolarisPreferedServerOnly'
DESC 'SolarisPreferedServerOnly'
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.42.2.27.5.1.29 SUP name
NAME 'SolarisSearchReferral'
DESC 'SolarisSearchReferral'
SINGLE-VALUE )
objectclass ( 1.3.6.1.4.1.42.2.27.5.2.7
NAME 'SolarisNamingProfile'
DESC 'Solaris LDAP NSS Profile'
SUP top AUXILIARY
MUST ( cn $ SolarisLDAPServers )
MAY ( SolarisBindDN $ SolarisBindPassword $
SolarisSearchBaseDN $ SolarisAuthMethod $
SolarisTransportSecurity $ SolarisSearchReferral $
SolarisDataSearchDN $ SolarisSearchScope $
SolarisSearchTimeLimit $ SolarisCacheTTL ) )
# End of solaris.schema

78
files/schema/template.schema Normal file
View File

@ -0,0 +1,78 @@
# Copyright 2004-2017 Univention GmbH
#
# http://www.univention.de/
#
# All rights reserved.
#
# The source code of this program is made available
# under the terms of the GNU Affero General Public License version 3
# (GNU AGPL V3) as published by the Free Software Foundation.
#
# Binary versions of this program provided by Univention to you as
# well as other copyrighted, protected or trademarked materials like
# Logos, graphics, fonts, specific documentations and configurations,
# cryptographic keys etc. are subject to a license agreement between
# you and Univention and not subject to the GNU AGPL V3.
#
# In the case you use this program under the terms of the GNU AGPL V3,
# the program is provided in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public
# License with the Debian GNU/Linux or Univention distribution in file
# /usr/share/common-licenses/AGPL-3; if not, see
# <http://www.gnu.org/licenses/>.
attributetype ( 1.3.6.1.4.1.10176.1001.12.1.1 NAME 'userDisabledPreset'
DESC 'Preset Disable in univentionUserTemplate'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.1001.12.1.2 NAME 'userHomeSharePreset'
DESC 'Preset Homeshare in univentionUserTemplate'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.1001.12.1.3 NAME 'userPrimaryGroupPreset'
DESC 'Preset primaryGroup in univentionUserTemplate'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.1001.12.1.4 NAME 'userGroupsPreset'
DESC 'Preset groups in univentionUserTemplate'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.1001.12.1.5 NAME 'userPwdMustChangePreset'
DESC 'Preset Disable in univentionUserTemplate'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.1001.12.1.6 NAME 'userHomeSharePathPreset'
DESC 'Preset Homeshare in univentionUserTemplate'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.1001.12.1.7 NAME 'userOptionsPreset'
DESC 'Preset options in univentionUserTemplate'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
objectclass ( 1.3.6.1.4.1.10176.1001.12.2.1 NAME 'univentionUserTemplate'
DESC 'univention Template for users'
SUP top STRUCTURAL
MUST ( cn )
MAY ( description $ title $ o $ mail $ homeDirectory $ displayName $ gecos $ sambaHomePath $ sambaHomeDrive $ sambaLogonScript $
sambaProfilepath $ sambaAcctFlags $ sambaKickoffTime $ sambaPwdMustChange $ shadowMax $ shadowLastChange $ shadowExpire $
loginShell $ userDisabledPreset $ userHomeSharePreset $ userPrimaryGroupPreset $ userGroupsPreset $
userPwdMustChangePreset $ userHomeSharePathPreset $ street $ postalCode $ l $ telephoneNumber $
employeeType $ secretary $ mailPrimaryAddress $ mailAlternativeAddress $ mailForwardAddress $ mailGlobalSpamFolder $
univentionMailHomeServer $ userOptionsPreset $ sambaMungedDial $ userPassword $ seeAlso $ x121Address $ registeredAddress $
destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ internationaliSDNNumber $
facsimileTelephoneNumber $ postOfficeBox $ postalAddress $ physicalDeliveryOfficeName $ ou $ st $ audio $ businessCategory $
carLicense $ departmentNumber $ employeeNumber $ givenName $ homePhone $ homePostalAddress $ initials $ jpegPhoto $
labeledURI $ mail $ manager $ mobile $ pager $ photo $ roomNumber $ uid $ userCertificate $
x500uniqueIdentifier $ preferredLanguage $ userSMIMECertificate $ userPKCS12 )
)

118
files/schema/udm-extension.schema Normal file
View File

@ -0,0 +1,118 @@
# Univention UDM Extension OID: 1.3.6.1.4.1.10176.4203
# <https://hutten.knut.univention.de/mediawiki/index.php/Univention-OIDs>
#objectIdentifier univention 1.3.6.1.4.1.10176
#objectIdentifier univentionUDMExtension univention:4203
objectIdentifier univentionUDMExtension 1.3.6.1.4.1.10176.4203
objectIdentifier univentionUDMExtensionAttributeType univentionUDMExtension:1
objectIdentifier univentionUDMExtensionObjectClass univentionUDMExtension:2
# <http://www.openldap.org/doc/admin24/schema.html>
### Definition for univentionUDMModule
attributetype ( univentionUDMExtensionAttributeType:11 NAME 'univentionUDMModuleFilename'
DESC 'UDM module filename'
SINGLE-VALUE
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( univentionUDMExtensionAttributeType:12 NAME 'univentionUDMModuleData'
DESC 'UDM module data'
SINGLE-VALUE
SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
attributetype ( univentionUDMExtensionAttributeType:13 NAME 'univentionUDMModuleActive'
DESC 'Flag indicating availability of the UDM module'
SINGLE-VALUE
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
attributetype ( univentionUDMExtensionAttributeType:14 NAME 'univentionUMCIcon'
DESC 'UMC icon'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
attributetype ( univentionUDMExtensionAttributeType:15 NAME 'univentionUMCRegistrationData'
DESC 'UMC registration data'
SINGLE-VALUE
SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
attributetype ( univentionUDMExtensionAttributeType:16 NAME 'univentionMessageCatalog'
DESC 'GNU message catalog for message translations'
SINGLE-VALUE
SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
objectclass ( univentionUDMExtensionObjectClass:1 NAME 'univentionUDMModule'
DESC 'UCS UDM module'
SUP 'univentionObjectMetadata' STRUCTURAL
MUST ( cn )
MAY ( univentionUDMModuleFilename
$ univentionUDMModuleData
$ univentionUDMModuleActive
$ univentionUMCIcon
$ univentionUMCRegistrationData
$ univentionMessageCatalog
)
)
### Definition for univentionUDMHook
attributetype ( univentionUDMExtensionAttributeType:21 NAME 'univentionUDMHookFilename'
DESC 'UDM hook filename'
SINGLE-VALUE
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( univentionUDMExtensionAttributeType:22 NAME 'univentionUDMHookData'
DESC 'UDM hook data'
SINGLE-VALUE
SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
attributetype ( univentionUDMExtensionAttributeType:23 NAME 'univentionUDMHookActive'
DESC 'Flag indicating availability of the UDM hook'
SINGLE-VALUE
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
objectclass ( univentionUDMExtensionObjectClass:2 NAME 'univentionUDMHook'
DESC 'UCS UDM hook'
SUP 'univentionObjectMetadata' STRUCTURAL
MUST ( cn )
MAY ( univentionUDMHookFilename
$ univentionUDMHookData
$ univentionUDMHookActive
$ univentionMessageCatalog
)
)
### Analogous definition for univentionUDMSyntax
attributetype ( univentionUDMExtensionAttributeType:31 NAME 'univentionUDMSyntaxFilename'
DESC 'UDM syntax filename'
SINGLE-VALUE
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( univentionUDMExtensionAttributeType:32 NAME 'univentionUDMSyntaxData'
DESC 'UDM syntax data'
SINGLE-VALUE
SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
attributetype ( univentionUDMExtensionAttributeType:33 NAME 'univentionUDMSyntaxActive'
DESC 'Flag indicating availability of the UDM syntax'
SINGLE-VALUE
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
objectclass ( univentionUDMExtensionObjectClass:3 NAME 'univentionUDMSyntax'
DESC 'UCS UDM syntax'
SUP 'univentionObjectMetadata' STRUCTURAL
MUST ( cn )
MAY ( univentionUDMSyntaxFilename
$ univentionUDMSyntaxData
$ univentionUDMSyntaxActive
$ univentionMessageCatalog
)
)

196
files/schema/univention-app.schema Normal file
View File

@ -0,0 +1,196 @@
# Univention App Metadata OID: 1.3.6.1.4.1.10176.4204
# <https://hutten.knut.univention.de/mediawiki/index.php/Univention-OIDs>
#objectIdentifier univention 1.3.6.1.4.1.10176
#objectIdentifier univentionApp univention:4204
objectIdentifier univentionApp 1.3.6.1.4.1.10176.4204
objectIdentifier univentionAppAttributeType univentionApp:1
objectIdentifier univentionAppObjectClass univentionApp:2
# <http://www.openldap.org/doc/admin24/schema.html>
### Definition for univentionApp
attributetype ( univentionAppAttributeType:1 NAME 'univentionAppID'
DESC 'App ID'
SINGLE-VALUE
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( univentionAppAttributeType:2 NAME 'univentionAppName'
DESC 'App Name'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( univentionAppAttributeType:3 NAME 'univentionAppVersion'
DESC 'App Version'
SINGLE-VALUE
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( univentionAppAttributeType:4 NAME 'univentionAppDescription'
DESC 'Short description about the App'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( univentionAppAttributeType:5 NAME 'univentionAppLongDescription'
DESC 'Long description about the App'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( univentionAppAttributeType:6 NAME 'univentionAppScreenshot'
DESC 'App screenshot'
SINGLE-VALUE
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( univentionAppAttributeType:7 NAME 'univentionAppIcon'
DESC 'App icon'
SINGLE-VALUE
SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
attributetype ( univentionAppAttributeType:8 NAME 'univentionAppCategory'
DESC 'App category'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( univentionAppAttributeType:9 NAME 'univentionAppVendor'
DESC 'App vendor'
SINGLE-VALUE
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( univentionAppAttributeType:10 NAME 'univentionAppContact'
DESC 'App contact'
SINGLE-VALUE
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( univentionAppAttributeType:11 NAME 'univentionAppMaintainer'
DESC 'App maintainer'
SINGLE-VALUE
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( univentionAppAttributeType:12 NAME 'univentionAppWebsite'
DESC 'App website'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( univentionAppAttributeType:13 NAME 'univentionAppWebsiteVendor'
DESC 'App website vendor'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( univentionAppAttributeType:14 NAME 'univentionAppWebsiteMaintainer'
DESC 'App website maintainer'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( univentionAppAttributeType:15 NAME 'univentionAppWebInterface'
DESC 'App web interface'
SINGLE-VALUE
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( univentionAppAttributeType:16 NAME 'univentionAppWebInterfaceName'
DESC 'App web interface name'
SINGLE-VALUE
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( univentionAppAttributeType:17 NAME 'univentionAppConflictingApps'
DESC 'Conflicting Apps'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( univentionAppAttributeType:18 NAME 'univentionAppConflictingSystemPackages'
DESC 'Conflicting system packages'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( univentionAppAttributeType:19 NAME 'univentionAppDefaultPackages'
DESC 'Default packages of the App'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( univentionAppAttributeType:20 NAME 'univentionAppDefaultPackagesMaster'
DESC 'Default packages of the App for the master'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( univentionAppAttributeType:21 NAME 'univentionAppUMCModuleName'
DESC 'The Apps UMC module name'
SINGLE-VALUE
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( univentionAppAttributeType:22 NAME 'univentionAppUMCModuleFlavor'
DESC 'Flavor of the Apps UMC module'
SINGLE-VALUE
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( univentionAppAttributeType:23 NAME 'univentionAppServerRole'
DESC 'Valid server roles for the App'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( univentionAppAttributeType:24 NAME 'univentionAppInstalledOnServer'
DESC 'FQDNs of servers the App is installed on'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
objectclass ( univentionAppObjectClass:1 NAME 'univentionApp'
DESC 'UCS App Metadata'
SUP top
MUST ( univentionAppID )
MAY (
univentionAppName
$ univentionAppVersion
$ univentionAppDescription
$ univentionAppLongDescription
$ univentionAppScreenshot
$ univentionAppIcon
$ univentionAppCategory
$ univentionAppVendor
$ univentionAppContact
$ univentionAppMaintainer
$ univentionAppWebsite
$ univentionAppWebsiteVendor
$ univentionAppWebsiteMaintainer
$ univentionAppWebInterface
$ univentionAppWebInterfaceName
$ univentionAppConflictingApps
$ univentionAppConflictingSystemPackages
$ univentionAppDefaultPackages
$ univentionAppDefaultPackagesMaster
$ univentionAppUMCModuleName
$ univentionAppUMCModuleFlavor
$ univentionAppServerRole
$ univentionAppInstalledOnServer
)
)
ditcontentrule ( univentionAppObjectClass:1 NAME 'univentionApp' AUX univentionObject )

141
files/schema/univention-default.schema Normal file
View File

@ -0,0 +1,141 @@
# Copyright 2004-2017 Univention GmbH
#
# http://www.univention.de/
#
# All rights reserved.
#
# The source code of this program is made available
# under the terms of the GNU Affero General Public License version 3
# (GNU AGPL V3) as published by the Free Software Foundation.
#
# Binary versions of this program provided by Univention to you as
# well as other copyrighted, protected or trademarked materials like
# Logos, graphics, fonts, specific documentations and configurations,
# cryptographic keys etc. are subject to a license agreement between
# you and Univention and not subject to the GNU AGPL V3.
#
# In the case you use this program under the terms of the GNU AGPL V3,
# the program is provided in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public
# License with the Debian GNU/Linux or Univention distribution in file
# /usr/share/common-licenses/AGPL-3; if not, see
# <http://www.gnu.org/licenses/>.
# univention owns the namespace 10176.
attributetype ( 1.3.6.1.4.1.10176.210 NAME 'univentionDefaultGroup'
DESC 'The default group for users'
EQUALITY uniqueMemberMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.209 NAME 'univentionDefaultComputerGroup'
DESC 'The default group for windows computers'
EQUALITY uniqueMemberMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.211 NAME 'univentionDefaultDomainControllerGroup'
DESC 'The default group for dc slaves'
EQUALITY uniqueMemberMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.212 NAME 'univentionDefaultMemberserverGroup'
DESC 'The default group for member server'
EQUALITY uniqueMemberMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.213 NAME 'univentionDefaultClientGroup'
DESC 'The default group for clients'
EQUALITY uniqueMemberMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.214 NAME 'univentionDefaultDomainControllerMasterGroup'
DESC 'The default group for domain controller master and backup'
EQUALITY uniqueMemberMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.208 NAME 'univentionDefaultKdeProfiles'
DESC 'KDE Profile Paths'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.215 NAME 'univentionDefaultKolabHomeServer'
DESC 'Kolab Home Server'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.216 NAME 'univentionDefaultScalixMailnode'
DESC 'Scalix Mailnode'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
objectclass ( 1.3.6.1.4.1.10176.201 NAME 'univentionDefault'
DESC 'Default user entries'
SUP top STRUCTURAL
MUST cn
MAY ( univentionDefaultGroup $ univentionDefaultComputerGroup $ univentionDefaultDomainControllerGroup $ univentionDefaultKdeProfiles $ univentionDefaultMemberserverGroup $ univentionDefaultClientGroup $ univentionDefaultDomainControllerMasterGroup $ univentionDefaultKolabHomeServer $ univentionDefaultScalixMailnode ) )
attributetype ( 1.3.6.1.4.1.10176.1030.3.1.1 NAME 'univentionXResolutionChoices'
DESC 'X resolution [client]'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
attributetype ( 1.3.6.1.4.1.10176.1030.3.1.2 NAME 'univentionXColorDepthChoices'
DESC 'X color depth [client]'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27)
attributetype ( 1.3.6.1.4.1.10176.1030.3.1.3 NAME 'univentionXMouseProtocolChoices'
DESC 'X mouse protocol [client]'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
attributetype ( 1.3.6.1.4.1.10176.1030.3.1.4 NAME 'univentionXMouseDeviceChoices'
DESC 'X mouse device [client]'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
attributetype ( 1.3.6.1.4.1.10176.1030.3.1.5 NAME 'univentionXKeyboardLayoutChoices'
DESC 'X keyboard layout [client]'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
attributetype ( 1.3.6.1.4.1.10176.1030.3.1.6 NAME 'univentionXKeyboardVariantChoices'
DESC 'X keyboard variant [client]'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
attributetype ( 1.3.6.1.4.1.10176.1030.3.1.7 NAME 'univentionXHSyncChoices'
DESC 'X horizontal sync rate [client]'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
attributetype ( 1.3.6.1.4.1.10176.1030.3.1.8 NAME 'univentionXVRefreshChoices'
DESC 'X vertical refresh rate [client]'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
attributetype ( 1.3.6.1.4.1.10176.1030.3.1.9 NAME 'univentionXModuleChoices'
DESC 'X module (4.x) or X server (3.x)'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
attributetype ( 1.3.6.1.4.1.10176.1030.3.1.10 NAME 'univentionXDisplaySizeChoices'
DESC 'Display Size [client]'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
objectclass ( 1.3.6.1.4.1.10176.1030.3.2.1 NAME 'univentionXConfigurationChoices'
SUP 'top' STRUCTURAL
DESC 'X configuration choices object'
MUST ( cn )
MAY ( univentionXResolutionChoices $
univentionXColorDepthChoices $ univentionXMouseProtocolChoices $
univentionXMouseDeviceChoices $ univentionXKeyboardLayoutChoices $
univentionXKeyboardVariantChoices $ univentionXHSyncChoices $
univentionXVRefreshChoices $ univentionXModuleChoices $
univentionXDisplaySizeChoices ))

89
files/schema/univention-dhcp.schema Normal file
View File

@ -0,0 +1,89 @@
# Copyright 2004-2017 Univention GmbH
#
# http://www.univention.de/
#
# All rights reserved.
#
# The source code of this program is made available
# under the terms of the GNU Affero General Public License version 3
# (GNU AGPL V3) as published by the Free Software Foundation.
#
# Binary versions of this program provided by Univention to you as
# well as other copyrighted, protected or trademarked materials like
# Logos, graphics, fonts, specific documentations and configurations,
# cryptographic keys etc. are subject to a license agreement between
# you and Univention and not subject to the GNU AGPL V3.
#
# In the case you use this program under the terms of the GNU AGPL V3,
# the program is provided in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public
# License with the Debian GNU/Linux or Univention distribution in file
# /usr/share/common-licenses/AGPL-3; if not, see
# <http://www.gnu.org/licenses/>.
attributetype ( 1.3.6.1.4.1.10176.1195
NAME 'univentionDhcpFixedAddress'
EQUALITY caseIgnoreIA5Match
DESC 'fixed-address'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.1196
NAME 'univentionDhcpFailoverPeer'
EQUALITY caseIgnoreIA5Match
DESC 'failover peer'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
# SUP dhcpService
objectclass ( 1.3.6.1.4.1.10176.1197
NAME 'univentionDhcpService'
DESC 'Service object that represents the actual DHCP Service configuration. This is a container object.'
SUP top
MUST (cn )
MAY ( dhcpPrimaryDN $ dhcpSecondaryDN $ dhcpSharedNetworkDN $ dhcpSubnetDN $
dhcpGroupDN $ dhcpHostDN $ dhcpClassesDN $ dhcpOptionsDN $
dhcpStatements ) )
# SUP dhcpPool
objectclass ( 1.3.6.1.4.1.10176.1193
NAME 'univentionDhcpPool'
DESC 'This stores configuration information about a pool.'
SUP top
MUST ( cn $ dhcpRange )
MAY (dhcpClassesDN $ dhcpPermitList $ dhcpLeasesDN $ dhcpOptionsDN $
univentionDhcpFailoverPeer)
X-NDS_CONTAINMENT ('dhcpSubnet' 'dhcpSharedNetwork') )
# SUP dhcpHost MUST ( dhcpHWAddress ) MAY ( univentionDhcpFixedAddress )
objectclass ( 1.3.6.1.4.1.10176.1198
NAME 'univentionDhcpHost'
DESC 'This represents information about a particular client'
SUP top
MUST (cn $ dhcpHWAddress )
MAY (dhcpLeaseDN $ dhcpOptionsDN $ dhcpStatements $ univentionDhcpFixedAddress )
X-NDS_CONTAINMENT ('dhcpService' 'dhcpSubnet' 'dhcpGroup') )
attributetype ( 1.3.6.1.4.1.1016.1199.1
NAME 'univentionDhcpBroadcastAddress'
EQUALITY caseIgnoreIA5Match
DESC 'Option Broadcast Address'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
# SUP dhcpSubnet MAY ( univentionDhcpBroadcastAddress )
objectclass ( 1.3.6.1.4.1.1016.1199
NAME 'univentionDhcpSubnet'
DESC 'This class defines a subnet. This is a container object.'
SUP top
MUST ( cn $ dhcpNetMask )
MAY ( univentionDhcpBroadcastAddress $ dhcpRange $ dhcpPoolDN $ dhcpGroupDN $ dhcpHostDN $
dhcpClassesDN $ dhcpLeasesDN $ dhcpOptionsDN $ dhcpStatements)
X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork') )
objectclass ( 1.3.6.1.4.1.1016.1199.2
NAME 'univentionDhcpSharedSubnet'
DESC 'This class defines a shared subnet'
SUP top AUXILIARY
)

70
files/schema/univention-directory.schema Normal file
View File

@ -0,0 +1,70 @@
# Copyright 2007-2017 Univention GmbH
#
# http://www.univention.de/
#
# All rights reserved.
#
# The source code of this program is made available
# under the terms of the GNU Affero General Public License version 3
# (GNU AGPL V3) as published by the Free Software Foundation.
#
# Binary versions of this program provided by Univention to you as
# well as other copyrighted, protected or trademarked materials like
# Logos, graphics, fonts, specific documentations and configurations,
# cryptographic keys etc. are subject to a license agreement between
# you and Univention and not subject to the GNU AGPL V3.
#
# In the case you use this program under the terms of the GNU AGPL V3,
# the program is provided in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public
# License with the Debian GNU/Linux or Univention distribution in file
# /usr/share/common-licenses/AGPL-3; if not, see
# <http://www.gnu.org/licenses/>.
# Univention-specific extensions for a meta directory
# using OIDs starting with 1.3.6.1.4.1.10176.1016
attributetype ( 1.3.6.1.4.1.10176.1016.1.1
NAME 'univentionMetaDirectoryPreviousDN'
DESC 'Previous DN of this synced object'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.1016.1.2
NAME 'univentionMetaDirectoryPreviousUsername'
DESC 'Previous username of this synced object'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
attributetype ( 1.3.6.1.4.1.10176.1016.1.3
NAME 'univentionMetaDirectoryPreviousDirectory'
DESC 'Previous name of the directory of this synced object'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
objectclass ( 1.3.6.1.4.1.10176.1016.2.1
NAME 'univentionMetaDirectory'
SUP 'top' AUXILIARY
DESC 'Meta Directory Informations'
MAY ( univentionMetaDirectoryPreviousDN $
univentionMetaDirectoryPreviousUsername $
univentionMetaDirectoryPreviousDirectory ) )
# these attribute will be filled at the domain object,
# so we could use at the user object a drop-down box
attributetype ( 1.3.6.1.4.1.10176.1016.1.4
NAME 'univentionMetaDirectoryNames'
DESC 'Names of the directories'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
objectclass ( 1.3.6.1.4.1.10176.1016.2.2
NAME 'univentionMetaDirectoryList'
SUP 'top' AUXILIARY
DESC 'List of directory names for the meta directory informations'
MAY ( univentionMetaDirectoryNames ) )

67
files/schema/univention-ldap-acl.schema Normal file
View File

@ -0,0 +1,67 @@
# Copyright 2004-2017 Univention GmbH
#
# http://www.univention.de/
#
# All rights reserved.
#
# The source code of this program is made available
# under the terms of the GNU Affero General Public License version 3
# (GNU AGPL V3) as published by the Free Software Foundation.
#
# Binary versions of this program provided by Univention to you as
# well as other copyrighted, protected or trademarked materials like
# Logos, graphics, fonts, specific documentations and configurations,
# cryptographic keys etc. are subject to a license agreement between
# you and Univention and not subject to the GNU AGPL V3.
#
# In the case you use this program under the terms of the GNU AGPL V3,
# the program is provided in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public
# License with the Debian GNU/Linux or Univention distribution in file
# /usr/share/common-licenses/AGPL-3; if not, see
# <http://www.gnu.org/licenses/>.
# schema definition for "interactive" LDAP-ACLs
# namespace 1.3.6.1.4.1.10176.1041
attributetype ( 1.3.6.1.4.1.10176.1041.1.1 NAME 'univentionLDAPAccessNone'
DESC 'LDAP-DN of accounts who have write access to this object'
EQUALITY distinguishedNameMatch
SUP distinguishedName )
attributetype ( 1.3.6.1.4.1.10176.1041.1.2 NAME 'univentionLDAPAccessAuth'
DESC 'LDAP-DN of accounts who have write access to this object'
EQUALITY distinguishedNameMatch
SUP distinguishedName )
attributetype ( 1.3.6.1.4.1.10176.1041.1.3 NAME 'univentionLDAPAccessCompare'
DESC 'LDAP-DN of accounts who have write access to this object'
EQUALITY distinguishedNameMatch
SUP distinguishedName )
attributetype ( 1.3.6.1.4.1.10176.1041.1.4 NAME 'univentionLDAPAccessSearch'
DESC 'LDAP-DN of accounts who have write access to this object'
EQUALITY distinguishedNameMatch
SUP distinguishedName )
attributetype ( 1.3.6.1.4.1.10176.1041.1.5 NAME 'univentionLDAPAccessRead'
DESC 'LDAP-DN of accounts who have write access to this object'
EQUALITY distinguishedNameMatch
SUP distinguishedName )
attributetype ( 1.3.6.1.4.1.10176.1041.1.6 NAME 'univentionLDAPAccessWrite'
DESC 'LDAP-DN of accounts who have write access to this object'
EQUALITY distinguishedNameMatch
SUP distinguishedName )
objectclass ( 1.3.6.1.4.1.10176.1041.2.1 NAME 'univentionLDAPACL'
SUP top AUXILIARY
DESC 'Univention LDAP ACLs'
MAY ( univentionLDAPAccessNone $ univentionLDAPAccessAuth $ univentionLDAPAccessCompare $
univentionLDAPAccessSearch $ univentionLDAPAccessRead $ univentionLDAPAccessWrite ))

69
files/schema/univention-ldap-extension.schema Normal file
View File

@ -0,0 +1,69 @@
# Univention LDAP Extension OID: 1.3.6.1.4.1.10176.4202
# <https://hutten.knut.univention.de/mediawiki/index.php/Univention-OIDs>
#objectIdentifier univention 1.3.6.1.4.1.10176
#objectIdentifier univentionLDAPExtension univention:4202
objectIdentifier univentionLDAPExtension 1.3.6.1.4.1.10176.4202
objectIdentifier univentionLDAPExtensionAttributeType univentionLDAPExtension:1
objectIdentifier univentionLDAPExtensionObjectClass univentionLDAPExtension:2
# <http://www.openldap.org/doc/admin24/schema.html>
### Definition for univentionLDAPExtensionSchema
attributetype ( univentionLDAPExtensionAttributeType:11 NAME 'univentionLDAPSchemaFilename'
DESC 'LDAP schema filename'
SINGLE-VALUE
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( univentionLDAPExtensionAttributeType:12 NAME 'univentionLDAPSchemaData'
DESC 'LDAP schema data'
SINGLE-VALUE
SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
attributetype ( univentionLDAPExtensionAttributeType:13 NAME 'univentionLDAPSchemaActive'
DESC 'Flag indicating availability of the LDAP schema'
SINGLE-VALUE
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
objectclass ( univentionLDAPExtensionObjectClass:1 NAME 'univentionLDAPExtensionSchema'
DESC 'UCS LDAP schema extension'
SUP 'univentionObjectMetadata' STRUCTURAL
MUST ( cn )
MAY ( univentionLDAPSchemaFilename
$ univentionLDAPSchemaData
$ univentionLDAPSchemaActive
)
)
### Analogous definition for univentionLDAPExtensionACL
attributetype ( univentionLDAPExtensionAttributeType:21 NAME 'univentionLDAPACLFilename'
DESC 'LDAP ACL filename'
SINGLE-VALUE
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( univentionLDAPExtensionAttributeType:22 NAME 'univentionLDAPACLData'
DESC 'LDAP ACL data'
SINGLE-VALUE
SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
attributetype ( univentionLDAPExtensionAttributeType:23 NAME 'univentionLDAPACLActive'
DESC 'Flag indicating availability of the LDAP ACL'
SINGLE-VALUE
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
objectclass ( univentionLDAPExtensionObjectClass:2 NAME 'univentionLDAPExtensionACL'
DESC 'UCS LDAP ACL extension'
SUP 'univentionObjectMetadata' STRUCTURAL
MUST ( cn )
MAY ( univentionLDAPACLFilename
$ univentionLDAPACLData
$ univentionLDAPACLActive
)
)

57
files/schema/univention-object-metadata.schema Normal file
View File

@ -0,0 +1,57 @@
# Univention Object Metadata OID: 1.3.6.1.4.1.10176.4201
# <https://hutten.knut.univention.de/mediawiki/index.php/Univention-OIDs>
#objectIdentifier univention 1.3.6.1.4.1.10176
#objectIdentifier univentionObjectMetadata univention:4201
objectIdentifier univentionObjectMetadata 1.3.6.1.4.1.10176.4201
objectIdentifier univentionObjectMetadataAttributeType univentionObjectMetadata:1
objectIdentifier univentionObjectMetadataObjectClass univentionObjectMetadata:2
# <http://www.openldap.org/doc/admin24/schema.html>
### Definition for univentionObjectMetadata
attributetype ( univentionObjectMetadataAttributeType:1 NAME 'univentionOwnedByPackage'
DESC 'Name of the Package that registered the object'
SINGLE-VALUE
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( univentionObjectMetadataAttributeType:2 NAME 'univentionOwnedByPackageVersion'
DESC 'Version of the Package that registered the object'
SINGLE-VALUE
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( univentionObjectMetadataAttributeType:3 NAME 'univentionUCSVersionStart'
DESC 'Validity starts with UCS Version'
SINGLE-VALUE
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( univentionObjectMetadataAttributeType:4 NAME 'univentionUCSVersionEnd'
DESC 'Validity ends with UCS Version'
SINGLE-VALUE
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( univentionObjectMetadataAttributeType:5 NAME 'univentionAppIdentifier'
DESC 'Identifier of the App that relies on the object'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
objectclass ( univentionObjectMetadataObjectClass:1 NAME 'univentionObjectMetadata'
DESC 'UCS extension object'
SUP 'top' STRUCTURAL
MUST ( cn )
MAY ( univentionOwnedByPackage
$ univentionOwnedByPackageVersion
$ univentionUCSVersionStart
$ univentionUCSVersionEnd
$ univentionAppIdentifier
)
)

12
files/schema/univention-objecttype.schema Normal file
View File

@ -0,0 +1,12 @@
attributetype ( 1.3.6.1.4.1.10176.1003.1 NAME 'univentionObjectType'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.1003.2 NAME 'univentionObjectFlag'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
objectclass ( 1.3.6.1.4.1.10176.1003 NAME 'univentionObject'
AUXILIARY
MUST ( univentionObjectType )
MAY ( univentionObjectFlag) )

114
files/schema/univention-saml.schema Normal file
View File

@ -0,0 +1,114 @@
#
# OpenLDAP Schema file
# for univention-saml package
#
attributetype ( 1.3.6.1.4.1.10176.4200.1.2
NAME 'SAMLServiceProviderIdentifier'
DESC 'Unique service provider identifier'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.4200.1.3
NAME 'AssertionConsumerService'
DESC 'The URL of the AssertionConsumerService endpoint for this SP'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.4200.1.4
NAME 'NameIDFormat'
DESC 'The NameIDFormat this SP should receive'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.4200.1.5
NAME 'simplesamlNameIDAttribute'
DESC 'The name of the attribute which should be used as the value of the NameID'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.4200.1.6
NAME 'simplesamlAttributes'
DESC 'Whether the SP should receive any attributes from the IdP'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.4200.1.7
NAME 'simplesamlLDAPattributes'
DESC 'A list of attributes the service provider will receive'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.4200.1.8
NAME 'serviceproviderdescription'
DESC 'A description of this service provider that can be shown to users'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.4200.1.9
NAME 'serviceProviderOrganizationName'
DESC 'The name of the organization responsible for the service provider that can be shown to users'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.4200.1.10
NAME 'privacypolicyURL'
DESC 'An absolute URL for the service providers privacy policy'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.4200.1.11
NAME 'attributesNameFormat'
DESC 'Which value will be set in the format field of attribute statements'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.4200.1.12
NAME 'singleLogoutService'
DESC 'The URL of the SingleLogoutService endpoint for this service provider'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.10176.4200.1.13
NAME 'isServiceProviderActivated'
DESC 'True if this service provider is activated and its configuration is written'
SINGLE-VALUE
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
attributetype ( 1.3.6.1.4.1.10176.4200.1.14
NAME 'serviceProviderMetadata'
DESC 'The raw XML metadata for this service provider entry'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
objectclass ( 1.3.6.1.4.1.10176.4200.1.1 NAME 'univentionSAMLServiceProvider' SUP top STRUCTURAL
DESC 'univention simplesamlphp service provider'
MAY ( NameIDFormat $ simplesamlNameIDAttribute $ simplesamlAttributes $ simplesamlLDAPattributes $ serviceproviderdescription $ serviceProviderOrganizationName $ privacypolicyURL $ attributesNameFormat $ singleLogoutService $ serviceProviderMetadata )
MUST ( isServiceProviderActivated $ SAMLServiceProviderIdentifier $ AssertionConsumerService )
)
attributetype ( 1.3.6.1.4.1.10176.4200.2.2
NAME 'enabledServiceProviderIdentifier'
DESC 'A service provider the user is enabled to use'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
objectclass ( 1.3.6.1.4.1.10176.4200.2.1 NAME 'univentionSAMLEnabled' SUP top AUXILIARY
DESC 'The user is enabled to use SAML service providers'
MAY ( enabledServiceProviderIdentifier )
)

45
files/schema/univention-scalix.schema Normal file
View File

@ -0,0 +1,45 @@
# Copyright 2005-2017 Univention GmbH
#
# http://www.univention.de/
#
# All rights reserved.
#
# The source code of this program is made available
# under the terms of the GNU Affero General Public License version 3
# (GNU AGPL V3) as published by the Free Software Foundation.
#
# Binary versions of this program provided by Univention to you as
# well as other copyrighted, protected or trademarked materials like
# Logos, graphics, fonts, specific documentations and configurations,
# cryptographic keys etc. are subject to a license agreement between
# you and Univention and not subject to the GNU AGPL V3.
#
# In the case you use this program under the terms of the GNU AGPL V3,
# the program is provided in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public
# License with the Debian GNU/Linux or Univention distribution in file
# /usr/share/common-licenses/AGPL-3; if not, see
# <http://www.gnu.org/licenses/>.
# Univention-specific extensions for kolab2-schema
# using OIDs starting with 1.3.6.1.4.1.10176.1011
attributetype ( 1.3.6.1.4.1.10176.1015.1.1 NAME 'univentionScalixMailnodeHost'
DESC 'Scalix Mailnode Host Server'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
# scalix mailnode
objectclass ( 1.3.6.1.4.1.10176.1015.2.1
NAME 'univentionScalixMailnode'
DESC 'Scalix Mailnode'
MUST ( cn $ univentionScalixMailnodeHost ) )
objectclass ( 1.3.6.1.4.1.10176.1015.2.2
NAME 'univentionScalixMailboxClass'
DESC 'Scalix Mailbox Class'
MUST ( cn ) )

90
files/schema/univention-syntax.schema Normal file
View File

@ -0,0 +1,90 @@
# Copyright 2006-2017 Univention GmbH
#
# http://www.univention.de/
#
# All rights reserved.
#
# The source code of this program is made available
# under the terms of the GNU Affero General Public License version 3
# (GNU AGPL V3) as published by the Free Software Foundation.
#
# Binary versions of this program provided by Univention to you as
# well as other copyrighted, protected or trademarked materials like
# Logos, graphics, fonts, specific documentations and configurations,
# cryptographic keys etc. are subject to a license agreement between
# you and Univention and not subject to the GNU AGPL V3.
#
# In the case you use this program under the terms of the GNU AGPL V3,
# the program is provided in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public
# License with the Debian GNU/Linux or Univention distribution in file
# /usr/share/common-licenses/AGPL-3; if not, see
# <http://www.gnu.org/licenses/>.
# Univention-specific extensions for user defined syntax definitions
# using OIDs starting with 1.3.6.1.4.1.10176.2000.
attributetype ( 1.3.6.1.4.1.10176.2000.1.1
NAME 'univentionSyntaxLDAPFilter'
DESC 'defines an LDAP filter for the relevant objects'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.2000.1.2
NAME 'univentionSyntaxLDAPBase'
DESC 'defines an LDAP base used for the search'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.2000.1.3
NAME 'univentionSyntaxLDAPAttribute'
DESC 'defines one or more LDAP attribute that represents an object'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
attributetype ( 1.3.6.1.4.1.10176.2000.1.4
NAME 'univentionSyntaxLDAPValue'
DESC 'defines an LDAP attribute (or the DN) that will be stored in the custom attribute'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.2000.1.5
NAME 'univentionSyntaxViewOnly'
DESC 'If true the associated attribute is not stored within the object, but just viewed'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.2000.1.10
NAME 'univentionSyntaxDescription'
DESC 'a short description of the syntax definition'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10176.2000.1.11
NAME 'univentionSyntaxAddEmptyValue'
DESC ' add empty value to choicelist '
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
objectclass ( 1.3.6.1.4.1.10176.2000.1.100
NAME 'univentionSyntax'
DESC 'A generic Syntax Definition for Attributes'
SUP top STRUCTURAL
MUST ( cn $ univentionSyntaxLDAPFilter $
univentionSyntaxLDAPAttribute )
MAY ( univentionSyntaxDescription $
univentionSyntaxViewOnly $
univentionSyntaxLDAPBase $
univentionSyntaxLDAPValue $
univentionSyntaxAddEmptyValue ) )

273
files/schema/univention-virtual-machine-manager.schema Normal file
View File

@ -0,0 +1,273 @@
# Virtual Machine Manager OID: 1.3.6.1.4.1.10176.4101
# <https://hutten.knut.univention.de/mediawiki/index.php/Univention-OIDs>
#objectIdentifier univention 1.3.6.1.4.1.10176
#objectIdentifier univentionVMM univention:4101
objectIdentifier univentionVMM 1.3.6.1.4.1.10176.4101
objectIdentifier uvmmAttributetype univentionVMM:1
objectIdentifier uvmmObjectClass univentionVMM:2
objectIdentifier uvmmProfileAttributetype univentionVMM:3
objectIdentifier uvmmProfileObjectClass univentionVMM:4
objectIdentifier uvmmHostAttributetype univentionVMM:5
objectIdentifier uvmmHostObjectClass univentionVMM:6
objectIdentifier uvmmCloudConnectionAttributetype univentionVMM:7
objectIdentifier uvmmCloudConnectionObjectClass univentionVMM:8
objectIdentifier uvmmCloudTypeObjectClass univentionVMM:9
# <http://www.openldap.org/doc/admin24/schema.html>
attributetype ( uvmmAttributetype:1 NAME 'univentionVirtualMachineGroup'
DESC 'Is this group an UCS Virtual Machine Group'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
objectclass ( uvmmObjectClass:1 NAME 'univentionVirtualMachineGroupOC'
DESC 'UCS Virtual Machine group objectclass'
SUP top AUXILIARY
MAY ( univentionVirtualMachineGroup ) )
attributetype ( uvmmAttributetype:10 NAME 'univentionVirtualMachineUUID'
DESC 'UUID of this Virtual Machine'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( uvmmAttributetype:11 NAME 'univentionVirtualMachineOS'
DESC 'Operation system of this Virtual Machine'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( uvmmAttributetype:12 NAME 'univentionVirtualMachineContact'
DESC 'contact person for the Virtual Machine'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
attributetype ( uvmmAttributetype:13 NAME 'univentionVirtualMachineDescription'
DESC 'description for the Virtual Machine'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
attributetype ( uvmmAttributetype:14 NAME 'univentionVirtualMachineProfileRef'
DESC 'reference to the profile used to define the Virtual Machine'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
objectclass ( uvmmObjectClass:10 NAME 'univentionVirtualMachine'
DESC 'UCS Virtual Machine objectclass'
STRUCTURAL
MUST ( univentionVirtualMachineUUID )
MAY ( univentionVirtualMachineDescription
$ univentionVirtualMachineOS
$ univentionVirtualMachineContact
$ univentionVirtualMachineProfileRef
)
)
attributetype ( uvmmProfileAttributetype:1 NAME 'univentionVirtualMachineProfileNamePrefix'
DESC 'Name prefix for the virtual machine'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( uvmmProfileAttributetype:2 NAME 'univentionVirtualMachineProfileArch'
DESC 'Architecture of the virtual machine'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( uvmmProfileAttributetype:3 NAME 'univentionVirtualMachineProfileCPUs'
DESC 'Number of CPUs for the virtual machine'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( uvmmProfileAttributetype:4 NAME 'univentionVirtualMachineProfileVirtTech'
DESC 'Virtualization Technology for the virtual machine'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( uvmmProfileAttributetype:5 NAME 'univentionVirtualMachineProfileRAM'
DESC 'Amount of memory for the virtual machine'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( uvmmProfileAttributetype:6 NAME 'univentionVirtualMachineProfileVNC'
DESC 'Activate remote access for the virtual machine'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( uvmmProfileAttributetype:7 NAME 'univentionVirtualMachineProfileInterface'
DESC 'Bridging interface for the virtual machine'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( uvmmProfileAttributetype:8 NAME 'univentionVirtualMachineProfileKBLayout'
DESC 'Keyboard layout for the virtual machine'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( uvmmProfileAttributetype:9 NAME 'univentionVirtualMachineProfileKernel'
DESC 'Kernel for the virtual machine'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( uvmmProfileAttributetype:10 NAME 'univentionVirtualMachineProfileKernelParameter'
DESC 'Kernel parameter for the virtual machine'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( uvmmProfileAttributetype:11 NAME 'univentionVirtualMachineProfileInitRAMfs'
DESC 'initramfs disk for the virtual machine'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( uvmmProfileAttributetype:12 NAME 'univentionVirtualMachineProfileBootDevices'
DESC 'order of boot devices for the virtual machine'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
attributetype ( uvmmProfileAttributetype:13 NAME 'univentionVirtualMachineAdvancedKernelConfig'
DESC 'Use pyGrub as bootloader or manually configure the kernel for para virtualized virtual machines'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
attributetype ( uvmmProfileAttributetype:14 NAME 'univentionVirtualMachineProfileOS'
DESC 'operating system of the virtual instance'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
attributetype ( uvmmProfileAttributetype:15 NAME 'univentionVirtualMachineProfilePVDisk'
DESC 'if the disks should use the PV driver'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
attributetype ( uvmmProfileAttributetype:16 NAME 'univentionVirtualMachineProfilePVInterface'
DESC 'if the interface should use the PV driver'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
attributetype ( uvmmProfileAttributetype:17 NAME 'univentionVirtualMachineProfileDiskspace'
DESC 'Amount of disk space for the virtual machine'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
attributetype ( uvmmProfileAttributetype:18 NAME 'univentionVirtualMachineProfilePVCDROM'
DESC 'if the CDROM drives should use the PV driver'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
attributetype ( uvmmProfileAttributetype:19 NAME 'univentionVirtualMachineProfileRTCOffset'
DESC 'Real Time Clock offset for the virtual machine'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( uvmmProfileAttributetype:20 NAME 'univentionVirtualMachineProfileDriverCache'
DESC 'Disk cache strategy for the virtual machine'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
objectclass ( uvmmProfileObjectClass:1 NAME 'univentionVirtualMachineProfile'
DESC 'UCS Virtual Machine profile objectclass'
STRUCTURAL
MUST ( cn )
MAY ( univentionVirtualMachineProfileNamePrefix
$ univentionVirtualMachineProfileArch
$ univentionVirtualMachineProfileCPUs
$ univentionVirtualMachineProfileVirtTech
$ univentionVirtualMachineProfileRAM
$ univentionVirtualMachineProfileVNC
$ univentionVirtualMachineProfileInterface
$ univentionVirtualMachineProfileKBLayout
$ univentionVirtualMachineProfileKernel
$ univentionVirtualMachineProfileKernelParameter
$ univentionVirtualMachineProfileInitRAMfs
$ univentionVirtualMachineProfileBootDevices
$ univentionVirtualMachineAdvancedKernelConfig
$ univentionVirtualMachineProfileOS
$ univentionVirtualMachineProfilePVDisk
$ univentionVirtualMachineProfilePVInterface
$ univentionVirtualMachineProfileDiskspace
$ univentionVirtualMachineProfilePVCDROM
$ univentionVirtualMachineProfileRTCOffset
$ univentionVirtualMachineProfileDriverCache
)
)
attributetype ( uvmmHostAttributetype:1 NAME 'univentionVirtualMachineManageableBy'
DESC 'defines a list of management nodes that may access this system'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
objectclass ( uvmmHostObjectClass:1 NAME 'univentionVirtualMachineHostOC'
DESC 'UCS Virtual Machine host objectclass'
SUP top AUXILIARY
MAY ( univentionVirtualMachineManageableBy ) )
attributetype ( uvmmCloudConnectionAttributetype:1 NAME 'univentionVirtualMachineCloudConnectionTypeRef'
DESC 'reference to the type of the connection'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( uvmmCloudConnectionAttributetype:2 NAME 'univentionVirtualMachineCloudConnectionParameter'
DESC 'Cloud Connection parameter stored as a key-value pair'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( uvmmCloudConnectionAttributetype:3 NAME 'univentionVirtualMachineCloudConnectionImageSearchPattern'
DESC 'Pattern for filtering Images'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( uvmmCloudConnectionAttributetype:4 NAME 'univentionVirtualMachineCloudConnectionIncludeUCSImages'
DESC 'Should UCS Images be shown'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( uvmmCloudConnectionAttributetype:5 NAME 'univentionVirtualMachineCloudConnectionImageList'
DESC 'List of Image identifiers that are selectable for new instances'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
objectclass ( uvmmCloudConnectionObjectClass:1 NAME 'univentionVirtualMachineCloudConnection'
DESC 'UCS Virtual Machine Cloud Connection objectclass'
STRUCTURAL
MUST ( cn )
MAY ( univentionVirtualMachineCloudConnectionTypeRef $
univentionVirtualMachineCloudConnectionParameter $
univentionVirtualMachineCloudConnectionImageSearchPattern $
univentionVirtualMachineCloudConnectionIncludeUCSImages $
univentionVirtualMachineCloudConnectionImageList
)
)
objectclass ( uvmmCloudTypeObjectClass:1 NAME 'univentionVirtualMachineCloudType'
DESC 'UCS Virtual Machine Cloud Type objectclass'
STRUCTURAL
MUST ( cn )
)
ditcontentrule ( uvmmCloudConnectionObjectClass:1 NAME 'univentionVirtualMachineCloudConnection' AUX ( univentionObject $ univentionVirtualMachineHostOC ) )
ditcontentrule ( uvmmObjectClass:10 NAME 'univentionVirtualMachine' AUX univentionObject )
ditcontentrule ( uvmmProfileObjectClass:1 NAME 'univentionVirtualMachineProfile' AUX univentionObject )
ditcontentrule ( uvmmCloudTypeObjectClass:1 NAME 'univentionVirtualMachineCloudType' AUX univentionObject )

390
files/schema/univention.schema Normal file
View File

@ -0,0 +1,390 @@
# Copyright 2004-2017 Univention GmbH
#
# http://www.univention.de/
#
# All rights reserved.
#
# The source code of this program is made available
# under the terms of the GNU Affero General Public License version 3
# (GNU AGPL V3) as published by the Free Software Foundation.
#
# Binary versions of this program provided by Univention to you as
# well as other copyrighted, protected or trademarked materials like
# Logos, graphics, fonts, specific documentations and configurations,
# cryptographic keys etc. are subject to a license agreement between
# you and Univention and not subject to the GNU AGPL V3.
#
# In the case you use this program under the terms of the GNU AGPL V3,
# the program is provided in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public
# License with the Debian GNU/Linux or Univention distribution in file
# /usr/share/common-licenses/AGPL-3; if not, see
# <http://www.gnu.org/licenses/>.
#
# univention namespace: 10176
#attributetype ( 1.3.6.1.4.1.10176.41 NAME 'univentionDesktopServer'
# DESC 'terminal server (i.e. application server) to use [client]'
# EQUALITY caseIgnoreIA5Match
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
#
#attributetype ( 1.3.6.1.4.1.10176.44 NAME 'univentionWindowsServer'
# DESC 'Univention windows server to use [client]'
# EQUALITY caseIgnoreIA5Match
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
#
#attributetype ( 1.3.6.1.4.1.10176.45 NAME 'univentionWindowsDomain'
# DESC 'windows domain of windows server [client]'
# EQUALITY caseIgnoreIA5Match
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
#
#attributetype ( 1.3.6.1.4.1.10176.46 NAME 'univentionFileServer'
# DESC 'Univention file server to use [client]'
# EQUALITY caseIgnoreIA5Match
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
#
#attributetype ( 1.3.6.1.4.1.10176.56 NAME 'univentionLdapServer'
# DESC 'Univention ldap server to use [client]'
# EQUALITY caseIgnoreIA5Match
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
#
#attributetype ( 1.3.6.1.4.1.10176.57 NAME 'univentionLdapBase'
# DESC 'base of ldap server'
# EQUALITY caseExactMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
#
attributetype ( 1.3.6.1.4.1.10176.61 NAME 'univentionServerRole'
DESC 'server role of this machine [ldap master,ldap slave,...]'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
#attributetype ( 1.3.6.1.4.1.10176.62 NAME 'univentionKerberosRealm'
# DESC 'Kerberos REALM'
# EQUALITY caseExactMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
#
#attributetype ( 1.3.6.1.4.1.10176.63 NAME 'univentionKerberosKDC'
# DESC 'Kerberos KDC Server'
# EQUALITY caseExactMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
#
attributetype ( 1.3.6.1.4.1.10176.64 NAME 'univentionWindowsReinstall'
DESC 'schedule host to be reinstalled'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.65 NAME 'univentionServerReinstall'
DESC 'schedule host to be reinstalled'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.66 NAME 'univentionService'
DESC 'server services'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1000.11.1.1 NAME 'univentionServerInstallationProfile'
DESC 'Path of profile file. Must be present on installation server.'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.1000.11.1.3 NAME 'univentionServerInstallationText'
DESC 'Use text installation'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.1000.11.1.6 NAME 'univentionServerInstallationOption'
DESC 'Set boot option for unattended installation'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.1000.11.1.4 NAME 'univentionServerInstallationPath'
DESC 'Installation Path'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.1000.11.1.2 NAME 'univentionNetworkLink'
DESC 'Path of network'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.1000.11.1.5 NAME 'univentionInventoryNumber'
DESC 'Inventory number'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1000.11.1.7 NAME 'univentionOperatingSystem'
DESC 'Operating System'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1000.11.1.8 NAME 'univentionOperatingSystemVersion'
DESC 'Operating System version'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
objectclass ( 1.3.6.1.4.1.10176.70 NAME 'univentionHost'
SUP top AUXILIARY
DESC 'Univention host'
MUST ( cn )
MAY ( macAddress $ aRecord $ aAAARecord $ mXRecord $ cNAMERecord $ associatedDomain $ univentionNetworkLink $ univentionInventoryNumber $ univentionOperatingSystem $ univentionOperatingSystemVersion))
objectclass ( 1.3.6.1.4.1.10176.71 NAME 'univentionClient'
SUP 'univentionHost' AUXILIARY
DESC 'Univention client'
MUST ( cn )
MAY ( univentionServerReinstall $ univentionServerInstallationProfile $ univentionServerInstallationText $ univentionServerInstallationPath $ univentionServerInstallationOption) )
objectclass ( 1.3.6.1.4.1.10176.99 NAME 'univentionMacOSClient'
SUP 'univentionHost' AUXILIARY
DESC 'Univention MacOS X Client'
MUST ( cn ) )
objectclass ( 1.3.6.1.4.1.10176.96 NAME 'univentionMobileClient'
SUP 'univentionHost' AUXILIARY
DESC 'Univention mobile client'
MUST ( cn )
MAY ( univentionServerReinstall $ univentionServerInstallationProfile $ univentionServerInstallationText $ univentionServerInstallationPath $ univentionServerInstallationOption) )
objectclass ( 1.3.6.1.4.1.10176.72 NAME 'univentionThinClient'
SUP 'univentionHost' AUXILIARY
DESC 'Univention thin client'
MUST ( cn ) )
objectclass ( 1.3.6.1.4.1.10176.73 NAME 'univentionWindows'
SUP 'univentionHost' AUXILIARY
DESC 'Univention windows host'
MUST ( cn )
MAY ( univentionServerRole $ univentionWindowsReinstall ) )
objectclass ( 1.3.6.1.4.1.10176.74 NAME 'univentionMemberServer'
SUP 'univentionHost' AUXILIARY
DESC 'Univention member server'
MUST ( cn )
MAY ( univentionServerRole $ univentionService $ univentionServerReinstall $ univentionServerInstallationProfile $ univentionServerInstallationText $ univentionServerInstallationPath $ univentionServerInstallationOption) )
objectclass ( 1.3.6.1.4.1.10176.75 NAME 'univentionDomainController'
SUP 'univentionHost' AUXILIARY
DESC 'Univention domain controller'
MUST ( cn )
MAY ( univentionServerRole $ univentionService $ univentionServerReinstall $ univentionServerInstallationProfile $ univentionServerInstallationText $ univentionServerInstallationPath $ univentionServerInstallationOption) )
objectclass ( 1.3.6.1.4.1.10176.76 NAME 'univentionUbuntuClient'
SUP 'univentionHost' AUXILIARY
DESC 'Univention Ubuntu client'
MUST ( cn ) )
objectclass ( 1.3.6.1.4.1.10176.77 NAME 'univentionLinuxClient'
SUP 'univentionHost' AUXILIARY
DESC 'Univention Linux client'
MUST ( cn ) )
objectclass ( 1.3.6.1.4.1.10176.78 NAME 'univentionDomain'
SUP ('domain' $ 'sambaDomain') STRUCTURAL
DESC 'Additional univention-vars for Groups' )
objectclass ( 1.3.6.1.4.1.10176.79 NAME 'univentionBase'
SUP 'top' AUXILIARY
DESC 'Additional univention-vars for Groups' )
attributetype ( 1.3.6.1.4.1.10176.81 NAME 'prohibitedUsername'
DESC 'Illegal usernames '
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
objectclass ( 1.3.6.1.4.1.10176.80 NAME 'univentionProhibitedUsernames'
MUST ( cn )
MAY ( prohibitedUsername )
DESC 'List of prohibited usernames' )
attributetype ( 1.3.6.1.4.1.10176.83 NAME 'printerModel'
DESC 'Printer Model '
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
objectclass ( 1.3.6.1.4.1.10176.82 NAME 'univentionPrinterModels'
MUST ( cn )
MAY ( printerModel )
DESC 'Printer Model List' )
attributetype ( 1.3.6.1.4.1.10176.1000.300.1.1 NAME 'univentionPackageDefinition'
DESC 'Packages '
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
objectclass ( 1.3.6.1.4.1.10176.1000.300.2.1 NAME 'univentionPackageList'
MUST ( cn )
DESC 'Package List '
MAY ( univentionPackageDefinition))
attributetype ( 1.3.6.1.4.1.10176.1000.301.1.1 NAME 'printerURI'
DESC 'Printer URI '
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
objectclass ( 1.3.6.1.4.1.10176.1000.301.2.1 NAME 'univentionPrinterURIs'
MUST ( cn )
MAY ( printerURI )
DESC 'Printer URI List' )
attributetype ( 1.3.6.1.4.1.10176.1000.302.1.1 NAME 'univentionSambaPasswordHistory'
DESC 'Samba Password History '
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.1000.302.1.2 NAME 'univentionSambaMinPasswordLength'
DESC 'Samba Password Length '
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.1000.302.1.3 NAME 'univentionSambaMinPasswordAge'
DESC 'Samba Minimum Password Age '
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.1000.302.1.4 NAME 'univentionSambaBadLockoutAttempts'
DESC 'Samba Bad Lockout Attempts '
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.1000.302.1.5 NAME 'univentionSambaLogonToChangePW'
DESC 'Samba User must logon to change password'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.1000.302.1.6 NAME 'univentionSambaMaxPasswordAge'
DESC 'Samba Maximum Password Age'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.1000.302.1.7 NAME 'univentionSambaLockoutDuration'
DESC 'Samba Lockout Duration'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.1000.302.1.8 NAME 'univentionSambaResetCountMinutes'
DESC 'Samba Reset Count Minutes'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.1000.302.1.9 NAME 'univentionSambaDisconnectTime'
DESC 'Samba Disconnect Time'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.1000.302.1.10 NAME 'univentionSambaRefuseMachinePWChange'
DESC 'Samba Refuse Machine Password Change'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
objectclass ( 1.3.6.1.4.1.10176.1000.302.2.1 NAME 'univentionSambaConfig'
MUST ( cn )
MAY ( univentionSambaPasswordHistory $
univentionSambaMinPasswordLength $
univentionSambaMinPasswordAge $
univentionSambaBadLockoutAttempts $
univentionSambaLogonToChangePW $
univentionSambaMaxPasswordAge $
univentionSambaLockoutDuration $
univentionSambaResetCountMinutes $
univentionSambaDisconnectTime $
univentionSambaRefuseMachinePWChange )
DESC 'Univention Samba LDAP Extensions' )
objectclass ( 1.3.6.1.4.1.10176.1000.303.2.1 NAME 'univentionServiceObject'
MUST ( cn )
DESC 'Univention Service Object' )
# operations for univention console
attributetype ( 1.3.6.1.4.1.10176.1000.304.1.1 NAME 'univentionConsoleOperation'
DESC 'Univention Console command'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
objectclass ( 1.3.6.1.4.1.10176.1000.304.2.1 NAME 'univentionConsoleOperations'
MUST ( cn )
MAY ( description $ univentionConsoleOperation )
DESC 'Univention Console commands' )
# ACLs for univention console
attributetype ( 1.3.6.1.4.1.10176.1000.305.1.1 NAME 'univentionConsoleACLCategory'
DESC 'Univention Console ACL category'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.1000.305.1.2 NAME 'univentionConsoleACLHost'
DESC 'Univention Console ACL host or host group'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1000.305.1.3 NAME 'univentionConsoleACLBase'
DESC 'Univention Console ldap base to find the hosts'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.1000.305.1.4 NAME 'univentionConsoleACLCommand'
DESC 'Univention Console ACL command'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
objectclass ( 1.3.6.1.4.1.10176.1000.305.2.1 NAME 'univentionConsoleACL'
MUST ( cn )
MAY ( description $ univentionConsoleACLCategory $ univentionConsoleACLHost $ univentionConsoleACLBase $ univentionConsoleACLCommand )
DESC 'Univention Console commands' )
objectclass ( 1.3.6.1.4.1.10176.1000.306.2.1 NAME 'univentionConsoleCategory'
MUST ( cn )
MAY ( description )
DESC 'Univention Console category' )
attributetype ( 1.3.6.1.4.1.10176.600 NAME 'univentionSambaPrivilegeList'
DESC 'Samba Privileges List'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} )
objectclass ( 1.3.6.1.4.1.10176.60 NAME 'univentionSambaPrivileges'
SUP top AUXILIARY
MAY ( univentionSambaPrivilegeList )
DESC 'Samba Privileges' )
# new UMC operation object (UCS 3.0)
attributetype ( 1.3.6.1.4.1.10176.1000.310.1.1
NAME 'umcOperationSetCommand'
DESC 'List of UMC command names and patterns'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1000.310.1.2
NAME 'umcOperationSetFlavor'
DESC 'Flavor of the UMC module'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.1000.310.1.3
NAME 'umcOperationSetHost'
DESC 'List of host or host group'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.1000.310.1.4
NAME 'umcOperationSetBase'
DESC 'LDAP base used for finding hosts'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
objectclass ( 1.3.6.1.4.1.10176.1000.310.2.1
NAME 'umcOperationSet'
DESC 'Defines a set of UMC operations'
MUST ( cn $ description )
MAY ( umcOperationSetCommand $ umcOperationSetFlavor $ umcOperationSetHost $ umcOperationSetBase ) )

108
files/schema/user.schema Normal file
View File

@ -0,0 +1,108 @@
# Copyright 2005-2017 Univention GmbH
#
# http://www.univention.de/
#
# All rights reserved.
#
# The source code of this program is made available
# under the terms of the GNU Affero General Public License version 3
# (GNU AGPL V3) as published by the Free Software Foundation.
#
# Binary versions of this program provided by Univention to you as
# well as other copyrighted, protected or trademarked materials like
# Logos, graphics, fonts, specific documentations and configurations,
# cryptographic keys etc. are subject to a license agreement between
# you and Univention and not subject to the GNU AGPL V3.
#
# In the case you use this program under the terms of the GNU AGPL V3,
# the program is provided in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public
# License with the Debian GNU/Linux or Univention distribution in file
# /usr/share/common-licenses/AGPL-3; if not, see
# <http://www.gnu.org/licenses/>.
attributetype ( 1.3.6.1.4.1.10176.4 NAME 'quotablockhard'
DESC 'Softlimit for Block usage quota'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.5 NAME 'quotablocksoft'
DESC 'Hard limit for Block usage quota'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.6 NAME 'quotafilehard'
DESC 'Soft limit for Inode usage quota'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.7 NAME 'quotafilesoft'
DESC 'Hard limit for Inode usage quota'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.10 NAME 'groupDirectory'
DESC 'The absolute path to the group directory'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.11 NAME 'virtual'
DESC 'Is this account a vitual one'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.12 NAME 'temporary'
DESC 'This account has a temporary home dir'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10176.15 NAME 'univentionAssignedPrinter'
DESC 'assigned printer'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.99 NAME 'univentionBirthday'
DESC 'Birthday'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.10176.100 NAME 'univentionUMCProperty'
DESC 'UMC property stored as key=value pair'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
objectclass ( 1.3.6.1.4.1.10176.8 NAME 'univentionPerson'
DESC 'Additional univention-vars for Person/Account'
SUP top AUXILIARY
MAY ( quotablocksoft $ quotablockhard $ quotafilesoft $ quotafilehard $
temporary $ virtual $ univentionBirthday $ univentionUMCProperty )
)
attributetype ( 1.3.6.1.4.1.10176.9.1.1 NAME 'univentionGroupType'
DESC 'Contains a set of flags that define the type and scope of a group object'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE)
objectclass ( 1.3.6.1.4.1.10176.9 NAME 'univentionGroup'
DESC 'Additional univention-vars for Groups'
SUP top AUXILIARY
MAY ( quotablocksoft $ quotablockhard $ quotafilesoft $ quotafilehard $ groupDirectory $ uniqueMember $ mailPrimaryAddress $ univentionAssignedPrinter $ univentionAllowedEmailUsers $ univentionAllowedEmailGroups $ mailAlternativeAddress $ univentionGrouptype)
)
attributetype ( 1.3.6.1.4.1.10176.13 NAME 'pwhistory'
DESC 'most recent used passwords'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
objectclass ( 1.3.6.1.4.1.10176.14 NAME 'univentionPWHistory'
DESC 'PW History for an account'
SUP top AUXILIARY
MAY ( pwhistory )
)