diff --git a/files/schema/admin-settings.schema b/files/schema/admin-settings.schema
new file mode 100644
index 0000000..978b223
--- /dev/null
+++ b/files/schema/admin-settings.schema
@@ -0,0 +1,46 @@
+# Copyright 2004-2017 Univention GmbH
+#
+# http://www.univention.de/
+#
+# All rights reserved.
+#
+# The source code of this program is made available
+# under the terms of the GNU Affero General Public License version 3
+# (GNU AGPL V3) as published by the Free Software Foundation.
+#
+# Binary versions of this program provided by Univention to you as
+# well as other copyrighted, protected or trademarked materials like
+# Logos, graphics, fonts, specific documentations and configurations,
+# cryptographic keys etc. are subject to a license agreement between
+# you and Univention and not subject to the GNU AGPL V3.
+#
+# In the case you use this program under the terms of the GNU AGPL V3,
+# the program is provided in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public
+# License with the Debian GNU/Linux or Univention distribution in file
+# /usr/share/common-licenses/AGPL-3; if not, see
+# .
+
+objectclass ( 1.3.6.1.4.1.10176.2011 NAME 'univentionAdminUserSettings'
+ SUP 'top' STRUCTURAL
+ DESC 'User settings for Univention Admin'
+ MUST ( uid )
+ MAY ( univentionAdminListDNs $ univentionAdminListWizards $ univentionAdminListWebModules $
+ univentionAdminBaseDN $ univentionAdminMayOverrideSettings $ univentionAdminShowSelf $
+ univentionAdminSelfAttributes $ univentionPolicyObject $ univentionDnsObject $
+ univentionDhcpObject $ univentionUsersObject $ univentionGroupsObject $
+ univentionComputersObject $ univentionNetworksObject $ univentionSharesObject $
+ univentionPrintersObject $ univentionAdminListAttributes $ univentionAdminListBrowseAttributes))
+
+objectclass ( 1.3.6.1.4.1.10176.2012 NAME 'univentionAdminGlobalSettings'
+ SUP 'top' STRUCTURAL
+ DESC 'Global settings for Univention Admin'
+ MUST ( cn )
+ MAY ( univentionAdminListWizards $ univentionAdminListModules ))
+
+ditcontentrule ( 1.3.6.1.4.1.10176.2011 NAME 'univentionAdminUserSettings' )
+ditcontentrule ( 1.3.6.1.4.1.10176.2012 NAME 'univentionAdminGlobalSettings' )
diff --git a/files/schema/as400.schema b/files/schema/as400.schema
new file mode 100644
index 0000000..399954c
--- /dev/null
+++ b/files/schema/as400.schema
@@ -0,0 +1,37 @@
+# Copyright 2004-2017 Univention GmbH
+#
+# http://www.univention.de/
+#
+# All rights reserved.
+#
+# The source code of this program is made available
+# under the terms of the GNU Affero General Public License version 3
+# (GNU AGPL V3) as published by the Free Software Foundation.
+#
+# Binary versions of this program provided by Univention to you as
+# well as other copyrighted, protected or trademarked materials like
+# Logos, graphics, fonts, specific documentations and configurations,
+# cryptographic keys etc. are subject to a license agreement between
+# you and Univention and not subject to the GNU AGPL V3.
+#
+# In the case you use this program under the terms of the GNU AGPL V3,
+# the program is provided in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public
+# License with the Debian GNU/Linux or Univention distribution in file
+# /usr/share/common-licenses/AGPL-3; if not, see
+# .
+
+attributetype ( 1.3.6.1.4.1.10176.2.899 NAME 'as400screen'
+ DESC 'AS400 Screen'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+objectclass ( 1.3.6.1.4.1.10176.1.899 NAME 'as400term'
+ DESC 'AS400 Terminal'
+ SUP top AUXILIARY
+ MAY ( as400screen ) )
diff --git a/files/schema/automount.schema b/files/schema/automount.schema
new file mode 100644
index 0000000..4025f92
--- /dev/null
+++ b/files/schema/automount.schema
@@ -0,0 +1,28 @@
+# Depends upon core.schema and cosine.schema
+
+# original schema
+#
+# OID Base is 1.3.6.1.4.1.2312.4
+#
+# Attribute types are under 1.3.6.1.4.1.2312.4.1
+# Object classes are under 1.3.6.1.4.1.2312.4.2
+# Syntaxes are under 1.3.6.1.4.1.2312.4.3
+
+# univention schema (modified objectClass automount
+#
+# $OID: 1.3.6.1.4.1.10176.1001.4 (Shares/autofs) $
+
+attributetype ( 1.3.6.1.1.1.1.25 NAME 'automountInformation'
+ DESC 'Information used by the autofs automounter'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+objectclass ( 1.3.6.1.4.1.10176.1001.4.1 NAME 'automount' SUP top AUXILIARY
+ DESC 'An entry in an automounter map'
+ MUST ( cn )
+ MAY ( description $ automountInformation ) )
+
+objectclass ( 1.3.6.1.4.1.2312.4.2.2 NAME 'automountMap' SUP top STRUCTURAL
+ DESC 'An group of related automount objects'
+ MUST ( ou ) )
diff --git a/files/schema/collective.schema b/files/schema/collective.schema
new file mode 100644
index 0000000..c3dc1a1
--- /dev/null
+++ b/files/schema/collective.schema
@@ -0,0 +1,65 @@
+# collective.schema -- Collective attribute schema
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/collective.schema,v 1.12.2.2 2007/08/31 23:14:06 quanah Exp $
+## This work is part of OpenLDAP Software .
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## .
+#
+
+# The version of this file as distributed by the OpenLDAP Foundation
+# contains text from an IETF RFC explaining the schema. Unfortunately,
+# that text is covered by a license that doesn't meet Debian's Free
+# Software Guidelines. This is a stripped version of the schema that
+# contains only the functional schema definition, not the text of the
+# RFC.
+#
+# For an explanation of this schema, see RFC 3671, at (among other
+# places): http://www.ietf.org/rfc/rfc3671.txt
+
+attributeType ( 2.5.4.7.1 NAME 'c-l'
+ SUP l COLLECTIVE )
+
+attributeType ( 2.5.4.8.1 NAME 'c-st'
+ SUP st COLLECTIVE )
+
+attributeType ( 2.5.4.9.1 NAME 'c-street'
+ SUP street COLLECTIVE )
+
+attributeType ( 2.5.4.10.1 NAME 'c-o'
+ SUP o COLLECTIVE )
+
+attributeType ( 2.5.4.11.1 NAME 'c-ou'
+ SUP ou COLLECTIVE )
+
+attributeType ( 2.5.4.16.1 NAME 'c-PostalAddress'
+ SUP postalAddress COLLECTIVE )
+
+attributeType ( 2.5.4.17.1 NAME 'c-PostalCode'
+ SUP postalCode COLLECTIVE )
+
+attributeType ( 2.5.4.18.1 NAME 'c-PostOfficeBox'
+ SUP postOfficeBox COLLECTIVE )
+
+attributeType ( 2.5.4.19.1 NAME 'c-PhysicalDeliveryOfficeName'
+ SUP physicalDeliveryOfficeName COLLECTIVE )
+
+attributeType ( 2.5.4.20.1 NAME 'c-TelephoneNumber'
+ SUP telephoneNumber COLLECTIVE )
+
+attributeType ( 2.5.4.21.1 NAME 'c-TelexNumber'
+ SUP telexNumber COLLECTIVE )
+
+attributeType ( 2.5.4.23.1 NAME 'c-FacsimileTelephoneNumber'
+ SUP facsimileTelephoneNumber COLLECTIVE )
+
+attributeType ( 2.5.4.25.1 NAME 'c-InternationalISDNNumber'
+ SUP internationalISDNNumber COLLECTIVE )
+
diff --git a/files/schema/corba.schema b/files/schema/corba.schema
new file mode 100644
index 0000000..918e9df
--- /dev/null
+++ b/files/schema/corba.schema
@@ -0,0 +1,61 @@
+# corba.schema -- Corba Object Schema
+# depends upon core.schema
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/corba.schema,v 1.4.2.3 2007/01/02 21:44:09 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/corba.schema,v 1.4.2.3 2007/01/02 21:44:09 kurt Exp $
+## This work is part of OpenLDAP Software .
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## .
+#
+
+# The version of this file as distributed by the OpenLDAP Foundation
+# contains text from an IETF RFC explaining the schema. Unfortunately,
+# that text is covered by a license that doesn't meet Debian's Free
+# Software Guidelines. This is a stripped version of the schema that
+# contains only the functional schema definition, not the text of the
+# RFC.
+#
+# For an explanation of this schema, see RFC 2714, at (among other
+# places): http://www.ietf.org/rfc/rfc2714.txt
+
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.14
+ NAME 'corbaIor'
+ DESC 'Stringified interoperable object reference of a CORBA object'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.15
+ NAME 'corbaRepositoryId'
+ DESC 'Repository ids of interfaces implemented by a CORBA object'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.10
+ NAME 'corbaContainer'
+ DESC 'Container for a CORBA object'
+ SUP top
+ STRUCTURAL
+ MUST cn )
+
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.9
+ NAME 'corbaObject'
+ DESC 'CORBA object representation'
+ SUP top
+ ABSTRACT
+ MAY ( corbaRepositoryId $ description ) )
+
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.11
+ NAME 'corbaObjectReference'
+ DESC 'CORBA interoperable object reference'
+ SUP corbaObject
+ AUXILIARY
+ MUST corbaIor )
diff --git a/files/schema/core.schema b/files/schema/core.schema
new file mode 100644
index 0000000..8b633fa
--- /dev/null
+++ b/files/schema/core.schema
@@ -0,0 +1,624 @@
+# OpenLDAP Core schema
+# $OpenLDAP$
+## This work is part of OpenLDAP Software .
+##
+## Copyright 1998-2014 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## .
+#
+
+# The version of this file as distributed by the OpenLDAP Foundation
+# contains text claiming copyright by the Internet Society and including
+# the IETF RFC license, which does not meet Debian's Free Software
+# Guidelines. However, apart from short and obvious comments, the text of
+# this file is purely a functional interface specification, which is not
+# subject to that license and is not copyrightable under US law.
+#
+# The license statement is retained below so as not to remove credit, but
+# as best as we can determine, it is not applicable to the contents of
+# this file.
+
+## Portions Copyright (C) The Internet Society (1997-2006).
+## All Rights Reserved.
+##
+## This document and translations of it may be copied and furnished to
+## others, and derivative works that comment on or otherwise explain it
+## or assist in its implementation may be prepared, copied, published
+## and distributed, in whole or in part, without restriction of any
+## kind, provided that the above copyright notice and this paragraph are
+## included on all such copies and derivative works. However, this
+## document itself may not be modified in any way, such as by removing
+## the copyright notice or references to the Internet Society or other
+## Internet organizations, except as needed for the purpose of
+## developing Internet standards in which case the procedures for
+## copyrights defined in the Internet Standards process must be
+## followed, or as required to translate it into languages other than
+## English.
+##
+## The limited permissions granted above are perpetual and will not be
+## revoked by the Internet Society or its successors or assigns.
+##
+## This document and the information contained herein is provided on an
+## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
+## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+#
+#
+# Includes LDAPv3 schema items from:
+# RFC 2252/2256 (LDAPv3)
+#
+# Select standard track schema items:
+# RFC 1274 (uid/dc)
+# RFC 2079 (URI)
+# RFC 2247 (dc/dcObject)
+# RFC 2587 (PKI)
+# RFC 2589 (Dynamic Directory Services)
+# RFC 4524 (associatedDomain)
+#
+# Select informational schema items:
+# RFC 2377 (uidObject)
+
+#
+# Standard attribute types from RFC 2256
+#
+
+# system schema
+#attributetype ( 2.5.4.0 NAME 'objectClass'
+# DESC 'RFC2256: object classes of the entity'
+# EQUALITY objectIdentifierMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
+
+# system schema
+#attributetype ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' )
+# DESC 'RFC2256: name of aliased object'
+# EQUALITY distinguishedNameMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
+
+attributetype ( 2.5.4.2 NAME 'knowledgeInformation'
+ DESC 'RFC2256: knowledge information'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+
+# system schema
+#attributetype ( 2.5.4.3 NAME ( 'cn' 'commonName' )
+# DESC 'RFC2256: common name(s) for which the entity is known by'
+# SUP name )
+
+attributetype ( 2.5.4.4 NAME ( 'sn' 'surname' )
+ DESC 'RFC2256: last (family) name(s) for which the entity is known by'
+ SUP name )
+
+attributetype ( 2.5.4.5 NAME 'serialNumber'
+ DESC 'RFC2256: serial number of the entity'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} )
+
+# RFC 4519 definition ('countryName' in X.500 and RFC2256)
+attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' )
+ DESC 'RFC4519: two-letter ISO-3166 country code'
+ SUP name
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.11
+ SINGLE-VALUE )
+
+#attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' )
+# DESC 'RFC2256: ISO-3166 country 2-letter code'
+# SUP name SINGLE-VALUE )
+
+attributetype ( 2.5.4.7 NAME ( 'l' 'localityName' )
+ DESC 'RFC2256: locality which this object resides in'
+ SUP name )
+
+attributetype ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' )
+ DESC 'RFC2256: state or province which this object resides in'
+ SUP name )
+
+attributetype ( 2.5.4.9 NAME ( 'street' 'streetAddress' )
+ DESC 'RFC2256: street address of this object'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+
+attributetype ( 2.5.4.10 NAME ( 'o' 'organizationName' )
+ DESC 'RFC2256: organization this object belongs to'
+ SUP name )
+
+attributetype ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' )
+ DESC 'RFC2256: organizational unit this object belongs to'
+ SUP name )
+
+attributetype ( 2.5.4.12 NAME 'title'
+ DESC 'RFC2256: title associated with the entity'
+ SUP name )
+
+# system schema
+#attributetype ( 2.5.4.13 NAME 'description'
+# DESC 'RFC2256: descriptive information'
+# EQUALITY caseIgnoreMatch
+# SUBSTR caseIgnoreSubstringsMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
+
+# Deprecated by enhancedSearchGuide
+attributetype ( 2.5.4.14 NAME 'searchGuide'
+ DESC 'RFC2256: search guide, deprecated by enhancedSearchGuide'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 )
+
+attributetype ( 2.5.4.15 NAME 'businessCategory'
+ DESC 'RFC2256: business category'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+
+attributetype ( 2.5.4.16 NAME 'postalAddress'
+ DESC 'RFC2256: postal address'
+ EQUALITY caseIgnoreListMatch
+ SUBSTR caseIgnoreListSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+
+attributetype ( 2.5.4.17 NAME 'postalCode'
+ DESC 'RFC2256: postal code'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
+
+attributetype ( 2.5.4.18 NAME 'postOfficeBox'
+ DESC 'RFC2256: Post Office Box'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
+
+attributetype ( 2.5.4.19 NAME 'physicalDeliveryOfficeName'
+ DESC 'RFC2256: Physical Delivery Office Name'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+
+attributetype ( 2.5.4.20 NAME 'telephoneNumber'
+ DESC 'RFC2256: Telephone Number'
+ EQUALITY telephoneNumberMatch
+ SUBSTR telephoneNumberSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} )
+
+attributetype ( 2.5.4.21 NAME 'telexNumber'
+ DESC 'RFC2256: Telex Number'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 )
+
+attributetype ( 2.5.4.22 NAME 'teletexTerminalIdentifier'
+ DESC 'RFC2256: Teletex Terminal Identifier'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 )
+
+attributetype ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' )
+ DESC 'RFC2256: Facsimile (Fax) Telephone Number'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} )
+
+attributetype ( 2.5.4.24 NAME 'x121Address'
+ DESC 'RFC2256: X.121 Address'
+ EQUALITY numericStringMatch
+ SUBSTR numericStringSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} )
+
+attributetype ( 2.5.4.25 NAME 'internationaliSDNNumber'
+ DESC 'RFC2256: international ISDN number'
+ EQUALITY numericStringMatch
+ SUBSTR numericStringSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} )
+
+attributetype ( 2.5.4.26 NAME 'registeredAddress'
+ DESC 'RFC2256: registered postal address'
+ SUP postalAddress
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+
+attributetype ( 2.5.4.27 NAME 'destinationIndicator'
+ DESC 'RFC2256: destination indicator'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} )
+
+attributetype ( 2.5.4.28 NAME 'preferredDeliveryMethod'
+ DESC 'RFC2256: preferred delivery method'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.14
+ SINGLE-VALUE )
+
+attributetype ( 2.5.4.29 NAME 'presentationAddress'
+ DESC 'RFC2256: presentation address'
+ EQUALITY presentationAddressMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.43
+ SINGLE-VALUE )
+
+attributetype ( 2.5.4.30 NAME 'supportedApplicationContext'
+ DESC 'RFC2256: supported application context'
+ EQUALITY objectIdentifierMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
+
+attributetype ( 2.5.4.31 NAME 'member'
+ DESC 'RFC2256: member of a group'
+ SUP distinguishedName )
+
+attributetype ( 2.5.4.32 NAME 'owner'
+ DESC 'RFC2256: owner (of the object)'
+ SUP distinguishedName )
+
+attributetype ( 2.5.4.33 NAME 'roleOccupant'
+ DESC 'RFC2256: occupant of role'
+ SUP distinguishedName )
+
+# system schema
+#attributetype ( 2.5.4.34 NAME 'seeAlso'
+# DESC 'RFC2256: DN of related object'
+# SUP distinguishedName )
+
+# system schema
+#attributetype ( 2.5.4.35 NAME 'userPassword'
+# DESC 'RFC2256/2307: password of user'
+# EQUALITY octetStringMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
+
+# Must be transferred using ;binary
+# with certificateExactMatch rule (per X.509)
+attributetype ( 2.5.4.36 NAME 'userCertificate'
+ DESC 'RFC2256: X.509 user certificate, use ;binary'
+ EQUALITY certificateExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
+
+# Must be transferred using ;binary
+# with certificateExactMatch rule (per X.509)
+attributetype ( 2.5.4.37 NAME 'cACertificate'
+ DESC 'RFC2256: X.509 CA certificate, use ;binary'
+ EQUALITY certificateExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
+
+# Must be transferred using ;binary
+attributetype ( 2.5.4.38 NAME 'authorityRevocationList'
+ DESC 'RFC2256: X.509 authority revocation list, use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+
+# Must be transferred using ;binary
+attributetype ( 2.5.4.39 NAME 'certificateRevocationList'
+ DESC 'RFC2256: X.509 certificate revocation list, use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+
+# Must be stored and requested in the binary form
+attributetype ( 2.5.4.40 NAME 'crossCertificatePair'
+ DESC 'RFC2256: X.509 cross certificate pair, use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 )
+
+# system schema
+#attributetype ( 2.5.4.41 NAME 'name'
+# EQUALITY caseIgnoreMatch
+# SUBSTR caseIgnoreSubstringsMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+
+attributetype ( 2.5.4.42 NAME ( 'givenName' 'gn' )
+ DESC 'RFC2256: first name(s) for which the entity is known by'
+ SUP name )
+
+attributetype ( 2.5.4.43 NAME 'initials'
+ DESC 'RFC2256: initials of some or all of names, but not the surname(s).'
+ SUP name )
+
+attributetype ( 2.5.4.44 NAME 'generationQualifier'
+ DESC 'RFC2256: name qualifier indicating a generation'
+ SUP name )
+
+attributetype ( 2.5.4.45 NAME 'x500UniqueIdentifier'
+ DESC 'RFC2256: X.500 unique identifier'
+ EQUALITY bitStringMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )
+
+attributetype ( 2.5.4.46 NAME 'dnQualifier'
+ DESC 'RFC2256: DN qualifier'
+ EQUALITY caseIgnoreMatch
+ ORDERING caseIgnoreOrderingMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
+
+attributetype ( 2.5.4.47 NAME 'enhancedSearchGuide'
+ DESC 'RFC2256: enhanced search guide'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 )
+
+attributetype ( 2.5.4.48 NAME 'protocolInformation'
+ DESC 'RFC2256: protocol information'
+ EQUALITY protocolInformationMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 )
+
+# system schema
+#attributetype ( 2.5.4.49 NAME 'distinguishedName'
+# EQUALITY distinguishedNameMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 2.5.4.50 NAME 'uniqueMember'
+ DESC 'RFC2256: unique member of a group'
+ EQUALITY distinguishedNameMatch
+ SUP distinguishedName )
+
+attributetype ( 2.5.4.51 NAME 'houseIdentifier'
+ DESC 'RFC2256: house identifier'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+
+# Must be transferred using ;binary
+attributetype ( 2.5.4.52 NAME 'supportedAlgorithms'
+ DESC 'RFC2256: supported algorithms'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 )
+
+# Must be transferred using ;binary
+attributetype ( 2.5.4.53 NAME 'deltaRevocationList'
+ DESC 'RFC2256: delta revocation list; use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+
+attributetype ( 2.5.4.54 NAME 'dmdName'
+ DESC 'RFC2256: name of DMD'
+ SUP name )
+
+attributetype ( 2.5.4.65 NAME 'pseudonym'
+ DESC 'X.520(4th): pseudonym for the object'
+ SUP name )
+
+# Standard object classes from RFC2256
+
+# system schema
+#objectclass ( 2.5.6.0 NAME 'top'
+# DESC 'RFC2256: top of the superclass chain'
+# ABSTRACT
+# MUST objectClass )
+
+# system schema
+#objectclass ( 2.5.6.1 NAME 'alias'
+# DESC 'RFC2256: an alias'
+# SUP top STRUCTURAL
+# MUST aliasedObjectName )
+
+objectclass ( 2.5.6.2 NAME 'country'
+ DESC 'RFC2256: a country'
+ SUP top STRUCTURAL
+ MUST c
+ MAY ( searchGuide $ description ) )
+
+objectclass ( 2.5.6.3 NAME 'locality'
+ DESC 'RFC2256: a locality'
+ SUP top STRUCTURAL
+ MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) )
+
+objectclass ( 2.5.6.4 NAME 'organization'
+ DESC 'RFC2256: an organization'
+ SUP top STRUCTURAL
+ MUST o
+ MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
+ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
+
+objectclass ( 2.5.6.5 NAME 'organizationalUnit'
+ DESC 'RFC2256: an organizational unit'
+ SUP top STRUCTURAL
+ MUST ou
+ MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
+ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
+
+objectclass ( 2.5.6.6 NAME 'person'
+ DESC 'RFC2256: a person'
+ SUP top STRUCTURAL
+ MUST ( sn $ cn )
+ MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) )
+
+objectclass ( 2.5.6.7 NAME 'organizationalPerson'
+ DESC 'RFC2256: an organizational person'
+ SUP person STRUCTURAL
+ MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
+ postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) )
+
+objectclass ( 2.5.6.8 NAME 'organizationalRole'
+ DESC 'RFC2256: an organizational role'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
+ seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $
+ postOfficeBox $ postalCode $ postalAddress $
+ physicalDeliveryOfficeName $ ou $ st $ l $ description ) )
+
+objectclass ( 2.5.6.9 NAME 'groupOfNames'
+ DESC 'RFC2256: a group of names (DNs)'
+ SUP top STRUCTURAL
+ MUST ( member $ cn )
+ MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
+
+objectclass ( 2.5.6.10 NAME 'residentialPerson'
+ DESC 'RFC2256: an residential person'
+ SUP person STRUCTURAL
+ MUST l
+ MAY ( businessCategory $ x121Address $ registeredAddress $
+ destinationIndicator $ preferredDeliveryMethod $ telexNumber $
+ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ preferredDeliveryMethod $ street $
+ postOfficeBox $ postalCode $ postalAddress $
+ physicalDeliveryOfficeName $ st $ l ) )
+
+objectclass ( 2.5.6.11 NAME 'applicationProcess'
+ DESC 'RFC2256: an application process'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( seeAlso $ ou $ l $ description ) )
+
+objectclass ( 2.5.6.12 NAME 'applicationEntity'
+ DESC 'RFC2256: an application entity'
+ SUP top STRUCTURAL
+ MUST ( presentationAddress $ cn )
+ MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $
+ description ) )
+
+objectclass ( 2.5.6.13 NAME 'dSA'
+ DESC 'RFC2256: a directory system agent (a server)'
+ SUP applicationEntity STRUCTURAL
+ MAY knowledgeInformation )
+
+objectclass ( 2.5.6.14 NAME 'device'
+ DESC 'RFC2256: a device'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) )
+
+objectclass ( 2.5.6.15 NAME 'strongAuthenticationUser'
+ DESC 'RFC2256: a strong authentication user'
+ SUP top AUXILIARY
+ MUST userCertificate )
+
+objectclass ( 2.5.6.16 NAME 'certificationAuthority'
+ DESC 'RFC2256: a certificate authority'
+ SUP top AUXILIARY
+ MUST ( authorityRevocationList $ certificateRevocationList $
+ cACertificate ) MAY crossCertificatePair )
+
+objectclass ( 2.5.6.17 NAME 'groupOfUniqueNames'
+ DESC 'RFC2256: a group of unique names (DN and Unique Identifier)'
+ SUP top STRUCTURAL
+ MUST ( uniqueMember $ cn )
+ MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
+
+objectclass ( 2.5.6.18 NAME 'userSecurityInformation'
+ DESC 'RFC2256: a user security information'
+ SUP top AUXILIARY
+ MAY ( supportedAlgorithms ) )
+
+objectclass ( 2.5.6.16.2 NAME 'certificationAuthority-V2'
+ SUP certificationAuthority
+ AUXILIARY MAY ( deltaRevocationList ) )
+
+objectclass ( 2.5.6.19 NAME 'cRLDistributionPoint'
+ SUP top STRUCTURAL
+ MUST ( cn )
+ MAY ( certificateRevocationList $ authorityRevocationList $
+ deltaRevocationList ) )
+
+objectclass ( 2.5.6.20 NAME 'dmd'
+ SUP top STRUCTURAL
+ MUST ( dmdName )
+ MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
+ street $ postOfficeBox $ postalCode $ postalAddress $
+ physicalDeliveryOfficeName $ st $ l $ description ) )
+
+#
+# Object Classes from RFC 2587
+#
+objectclass ( 2.5.6.21 NAME 'pkiUser'
+ DESC 'RFC2587: a PKI user'
+ SUP top AUXILIARY
+ MAY userCertificate )
+
+objectclass ( 2.5.6.22 NAME 'pkiCA'
+ DESC 'RFC2587: PKI certificate authority'
+ SUP top AUXILIARY
+ MAY ( authorityRevocationList $ certificateRevocationList $
+ cACertificate $ crossCertificatePair ) )
+
+objectclass ( 2.5.6.23 NAME 'deltaCRL'
+ DESC 'RFC2587: PKI user'
+ SUP top AUXILIARY
+ MAY deltaRevocationList )
+
+#
+# Standard Track URI label schema from RFC 2079
+# system schema
+#attributetype ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI'
+# DESC 'RFC2079: Uniform Resource Identifier with optional label'
+# EQUALITY caseExactMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectclass ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject'
+ DESC 'RFC2079: object that contains the URI attribute type'
+ SUP top AUXILIARY
+ MAY ( labeledURI ) )
+
+#
+# Derived from RFC 1274, but with new "short names"
+#
+#attributetype ( 0.9.2342.19200300.100.1.1
+# NAME ( 'uid' 'userid' )
+# DESC 'RFC1274: user identifier'
+# EQUALITY caseIgnoreMatch
+# SUBSTR caseIgnoreSubstringsMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.3
+ NAME ( 'mail' 'rfc822Mailbox' )
+ DESC 'RFC1274: RFC822 Mailbox'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
+ DESC 'RFC1274: simple security object'
+ SUP top AUXILIARY
+ MUST userPassword )
+
+# RFC 1274 + RFC 2247
+attributetype ( 0.9.2342.19200300.100.1.25
+ NAME ( 'dc' 'domainComponent' )
+ DESC 'RFC1274/2247: domain component'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+# RFC 2247
+objectclass ( 1.3.6.1.4.1.1466.344 NAME 'dcObject'
+ DESC 'RFC2247: domain component object'
+ SUP top AUXILIARY MUST dc )
+
+# RFC 2377
+objectclass ( 1.3.6.1.1.3.1 NAME 'uidObject'
+ DESC 'RFC2377: uid object'
+ SUP top AUXILIARY MUST uid )
+
+# RFC 4524
+# The 'associatedDomain' attribute specifies DNS [RFC1034][RFC2181]
+# host names [RFC1123] that are associated with an object. That is,
+# values of this attribute should conform to the following ABNF:
+#
+# domain = root / label *( DOT label )
+# root = SPACE
+# label = LETDIG [ *61( LETDIG / HYPHEN ) LETDIG ]
+# LETDIG = %x30-39 / %x41-5A / %x61-7A ; "0" - "9" / "A"-"Z" / "a"-"z"
+# SPACE = %x20 ; space (" ")
+# HYPHEN = %x2D ; hyphen ("-")
+# DOT = %x2E ; period (".")
+attributetype ( 0.9.2342.19200300.100.1.37
+ NAME 'associatedDomain'
+ DESC 'RFC1274: domain associated with object'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+# RFC 2459 -- deprecated in favor of 'mail' (in cosine.schema)
+attributetype ( 1.2.840.113549.1.9.1
+ NAME ( 'email' 'emailAddress' 'pkcs9email' )
+ DESC 'RFC3280: legacy attribute for email addresses in DNs'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
+
diff --git a/files/schema/cosine.schema b/files/schema/cosine.schema
new file mode 100644
index 0000000..6cf77af
--- /dev/null
+++ b/files/schema/cosine.schema
@@ -0,0 +1,405 @@
+# RFC1274: Cosine and Internet X.500 schema
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/cosine.schema,v 1.19.2.5 2007/01/02 21:44:09 kurt Exp $
+## This work is part of OpenLDAP Software .
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## .
+
+# RFC1274: Cosine and Internet X.500 schema
+#
+# This file contains LDAPv3 schema derived from X.500 COSINE "pilot"
+# schema. As this schema was defined for X.500(89), some
+# oddities were introduced in the mapping to LDAPv3. The
+# mappings were based upon: draft-ietf-asid-ldapv3-attributes-03.txt
+# (a work in progress)
+#
+# Note: It seems that the pilot schema evolved beyond what was
+# described in RFC1274. However, this document attempts to describes
+# RFC1274 as published.
+#
+# Depends on core.schema
+
+# The version of this file as distributed by the OpenLDAP Foundation
+# contains text from an IETF RFC explaining the schema. Unfortunately,
+# that text is covered by a license that doesn't meet Debian's Free
+# Software Guidelines. This is a stripped version of the schema that
+# contains only the functional schema definition, not the text of the
+# RFC.
+#
+# For an explanation of this schema, see RFC 1274, at (among other
+# places): http://www.ietf.org/rfc/rfc1274.txt
+
+#(in core.schema)
+##attributetype ( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' )
+## EQUALITY caseIgnoreMatch
+## SUBSTR caseIgnoreSubstringsMatch
+## SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+#(in core.schema)
+##attributetype ( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822Mailbox' )
+## EQUALITY caseIgnoreIA5Match
+## SUBSTR caseIgnoreIA5SubstringsMatch
+## SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.4 NAME 'info'
+ DESC 'RFC1274: general information'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} )
+
+attributetype ( 0.9.2342.19200300.100.1.5
+ NAME ( 'drink' 'favouriteDrink' )
+ DESC 'RFC1274: favorite drink'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber'
+ DESC 'RFC1274: room number'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.7 NAME 'photo'
+ DESC 'RFC1274: photo (G3 fax)'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000} )
+
+attributetype ( 0.9.2342.19200300.100.1.8 NAME 'userClass'
+ DESC 'RFC1274: category of user'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.9 NAME 'host'
+ DESC 'RFC1274: host computer'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.10 NAME 'manager'
+ DESC 'RFC1274: DN of manager'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier'
+ DESC 'RFC1274: unique identifier of document'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle'
+ DESC 'RFC1274: title of document'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion'
+ DESC 'RFC1274: version of document'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor'
+ DESC 'RFC1274: DN of author of document'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation'
+ DESC 'RFC1274: location of document original'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.20
+ NAME ( 'homePhone' 'homeTelephoneNumber' )
+ DESC 'RFC1274: home telephone number'
+ EQUALITY telephoneNumberMatch
+ SUBSTR telephoneNumberSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
+
+attributetype ( 0.9.2342.19200300.100.1.21 NAME 'secretary'
+ DESC 'RFC1274: DN of secretary'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.39 )
+
+## Deprecated in favor of modifyTimeStamp
+#attributetype ( 0.9.2342.19200300.100.1.23 NAME 'lastModifiedTime'
+# DESC 'RFC1274: time of last modify, replaced by modifyTimestamp'
+# OBSOLETE
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.53
+# USAGE directoryOperation )
+
+## Deprecated in favor of modifiersName
+#attributetype ( 0.9.2342.19200300.100.1.24 NAME 'lastModifiedBy'
+# DESC 'RFC1274: last modifier, replaced by modifiersName'
+# OBSOLETE
+# EQUALITY distinguishedNameMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+# USAGE directoryOperation )
+
+##(in core.schema)
+##attributetype ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domainComponent' )
+## EQUALITY caseIgnoreIA5Match
+## SUBSTR caseIgnoreIA5SubstringsMatch
+## SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+## incorrect syntax?
+attributetype ( 0.9.2342.19200300.100.1.26 NAME 'aRecord'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+## missing from RFC1274
+## incorrect syntax?
+attributetype ( 0.9.2342.19200300.100.1.27 NAME 'mDRecord'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+## incorrect syntax!!
+attributetype ( 0.9.2342.19200300.100.1.28 NAME 'mXRecord'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+## incorrect syntax!!
+attributetype ( 0.9.2342.19200300.100.1.29 NAME 'nSRecord'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+## incorrect syntax!!
+attributetype ( 0.9.2342.19200300.100.1.30 NAME 'sOARecord'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+## incorrect syntax!!
+attributetype ( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+#attributetype ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain'
+# EQUALITY caseIgnoreIA5Match
+# SUBSTR caseIgnoreIA5SubstringsMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 0.9.2342.19200300.100.1.38 NAME 'associatedName'
+ DESC 'RFC1274: DN of entry associated with domain'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress'
+ DESC 'RFC1274: home postal address'
+ EQUALITY caseIgnoreListMatch
+ SUBSTR caseIgnoreListSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+
+attributetype ( 0.9.2342.19200300.100.1.40 NAME 'personalTitle'
+ DESC 'RFC1274: personal title'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.41
+ NAME ( 'mobile' 'mobileTelephoneNumber' )
+ DESC 'RFC1274: mobile telephone number'
+ EQUALITY telephoneNumberMatch
+ SUBSTR telephoneNumberSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
+
+attributetype ( 0.9.2342.19200300.100.1.42
+ NAME ( 'pager' 'pagerTelephoneNumber' )
+ DESC 'RFC1274: pager telephone number'
+ EQUALITY telephoneNumberMatch
+ SUBSTR telephoneNumberSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
+
+attributetype ( 0.9.2342.19200300.100.1.43
+ NAME ( 'co' 'friendlyCountryName' )
+ DESC 'RFC1274: friendly country name'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier'
+ DESC 'RFC1274: unique identifer'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus'
+ DESC 'RFC1274: organizational status'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox'
+ DESC 'RFC1274: Janet mailbox'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.47
+ NAME 'mailPreferenceOption'
+ DESC 'RFC1274: mail preference option'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+attributetype ( 0.9.2342.19200300.100.1.48 NAME 'buildingName'
+ DESC 'RFC1274: name of building'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.49 NAME 'dSAQuality'
+ DESC 'RFC1274: DSA Quality'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.19 SINGLE-VALUE )
+
+attributetype ( 0.9.2342.19200300.100.1.50 NAME 'singleLevelQuality'
+ DESC 'RFC1274: Single Level Quality'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE )
+
+attributetype ( 0.9.2342.19200300.100.1.51 NAME 'subtreeMinimumQuality'
+ DESC 'RFC1274: Subtree Mininum Quality'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE )
+
+attributetype ( 0.9.2342.19200300.100.1.52 NAME 'subtreeMaximumQuality'
+ DESC 'RFC1274: Subtree Maximun Quality'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE )
+
+attributetype ( 0.9.2342.19200300.100.1.53 NAME 'personalSignature'
+ DESC 'RFC1274: Personal Signature (G3 fax)'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.23 )
+
+attributetype ( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect'
+ DESC 'RFC1274: DIT Redirect'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 0.9.2342.19200300.100.1.55 NAME 'audio'
+ DESC 'RFC1274: audio (u-law)'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.4{25000} )
+
+attributetype ( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher'
+ DESC 'RFC1274: publisher of document'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+#objectclass ( 0.9.2342.19200300.100.4.3 NAME 'pilotObject'
+# DESC 'RFC1274: pilot object'
+# SUP top AUXILIARY
+# MAY ( info $ photo $ manager $ uniqueIdentifier $
+# lastModifiedTime $ lastModifiedBy $ dITRedirect $ audio )
+# )
+
+objectclass ( 0.9.2342.19200300.100.4.4
+ NAME ( 'pilotPerson' 'newPilotPerson' )
+ SUP person STRUCTURAL
+ MAY ( userid $ textEncodedORAddress $ rfc822Mailbox $
+ favouriteDrink $ roomNumber $ userClass $
+ homeTelephoneNumber $ homePostalAddress $ secretary $
+ personalTitle $ preferredDeliveryMethod $ businessCategory $
+ janetMailbox $ otherMailbox $ mobileTelephoneNumber $
+ pagerTelephoneNumber $ organizationalStatus $
+ mailPreferenceOption $ personalSignature )
+ )
+
+objectclass ( 0.9.2342.19200300.100.4.5 NAME 'account'
+ SUP top STRUCTURAL
+ MUST userid
+ MAY ( description $ seeAlso $ localityName $
+ organizationName $ organizationalUnitName $ host )
+ )
+
+objectclass ( 0.9.2342.19200300.100.4.6 NAME 'document'
+ SUP top STRUCTURAL
+ MUST documentIdentifier
+ MAY ( commonName $ description $ seeAlso $ localityName $
+ organizationName $ organizationalUnitName $
+ documentTitle $ documentVersion $ documentAuthor $
+ documentLocation $ documentPublisher )
+ )
+
+objectclass ( 0.9.2342.19200300.100.4.7 NAME 'room'
+ SUP top STRUCTURAL
+ MUST commonName
+ MAY ( roomNumber $ description $ seeAlso $ telephoneNumber )
+ )
+
+objectclass ( 0.9.2342.19200300.100.4.9 NAME 'documentSeries'
+ SUP top STRUCTURAL
+ MUST commonName
+ MAY ( description $ seeAlso $ telephonenumber $
+ localityName $ organizationName $ organizationalUnitName )
+ )
+
+objectclass ( 0.9.2342.19200300.100.4.13 NAME 'domain'
+ SUP top STRUCTURAL
+ MUST domainComponent
+ MAY ( associatedName $ organizationName $ description $
+ businessCategory $ seeAlso $ searchGuide $ userPassword $
+ localityName $ stateOrProvinceName $ streetAddress $
+ physicalDeliveryOfficeName $ postalAddress $ postalCode $
+ postOfficeBox $ streetAddress $
+ facsimileTelephoneNumber $ internationalISDNNumber $
+ telephoneNumber $ teletexTerminalIdentifier $ telexNumber $
+ preferredDeliveryMethod $ destinationIndicator $
+ registeredAddress $ x121Address )
+ )
+
+objectclass ( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart'
+ SUP domain STRUCTURAL
+ MAY ( commonName $ surname $ description $ seeAlso $ telephoneNumber $
+ physicalDeliveryOfficeName $ postalAddress $ postalCode $
+ postOfficeBox $ streetAddress $
+ facsimileTelephoneNumber $ internationalISDNNumber $
+ telephoneNumber $ teletexTerminalIdentifier $
+ telexNumber $ preferredDeliveryMethod $ destinationIndicator $
+ registeredAddress $ x121Address )
+ )
+
+objectclass ( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain'
+ SUP domain STRUCTURAL
+ MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $
+ SOARecord $ CNAMERecord )
+ )
+
+objectclass ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject'
+ DESC 'RFC1274: an object related to an domain'
+ SUP top AUXILIARY
+ MUST associatedDomain )
+
+objectclass ( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry'
+ SUP country STRUCTURAL
+ MUST friendlyCountryName )
+
+## (in core.schema)
+## objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
+## SUP top AUXILIARY
+## MUST userPassword )
+
+objectclass ( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization'
+ SUP ( organization $ organizationalUnit ) STRUCTURAL
+ MAY buildingName )
+
+objectclass ( 0.9.2342.19200300.100.4.21 NAME 'pilotDSA'
+ SUP dsa STRUCTURAL
+ MAY dSAQuality )
+
+objectclass ( 0.9.2342.19200300.100.4.22 NAME 'qualityLabelledData'
+ SUP top AUXILIARY
+ MUST dsaQuality
+ MAY ( subtreeMinimumQuality $ subtreeMaximumQuality )
+ )
diff --git a/files/schema/courier.schema b/files/schema/courier.schema
new file mode 100644
index 0000000..880987f
--- /dev/null
+++ b/files/schema/courier.schema
@@ -0,0 +1,68 @@
+#$Id: courier.schema,v 1.1.2.2 2004/05/19 09:47:15 stefan Exp $
+#
+# OID prefix: 1.3.6.1.4.1.10018
+#
+# Attributes: 1.3.6.1.4.1.10018.1.1
+
+attributetype ( 1.3.6.1.4.1.10018.1.1.1 NAME 'mailbox'
+ DESC 'The absolute path to the mailbox for a mail account in a non-default location'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10018.1.1.2 NAME 'quota'
+ DESC 'A string that represents the quota on a mailbox'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10018.1.1.3 NAME 'clearPassword'
+ DESC 'A separate text that stores the mail account password in clear text'
+ EQUALITY octetStringMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128})
+
+attributetype ( 1.3.6.1.4.1.10018.1.1.4 NAME 'maildrop'
+ DESC 'RFC822 Mailbox - mail alias'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+attributetype ( 1.3.6.1.4.1.10018.1.1.5 NAME 'mailsource'
+ DESC 'Message source'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10018.1.1.6 NAME 'virtualdomain'
+ DESC 'A mail domain that is mapped to a single mail account'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10018.1.1.7 NAME 'virtualdomainuser'
+ DESC 'Mailbox that receives mail for a mail domain'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10018.1.1.8 NAME 'defaultdelivery'
+ DESC 'Default mail delivery instructions'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+#
+# Objects: 1.3.6.1.4.1.10018.1.2
+#
+
+objectclass ( 1.3.6.1.4.1.10018.1.2.1 NAME 'CourierMailAccount' SUP top AUXILIARY
+ DESC 'Mail account object as used by the Courier mail server'
+ MUST ( uidNumber $ gidNumber )
+ MAY ( mail $ homeDirectory $ mailbox $ uid $ cn $ gecos $ description $ loginShell $ quota $ userPassword $ clearPassword $ defaultdelivery) )
+
+objectclass ( 1.3.6.1.4.1.10018.1.2.2 NAME 'CourierMailAlias' SUP top AUXILIARY
+ DESC 'Mail aliasing/forwarding entry'
+ MUST ( mail $ maildrop )
+ MAY ( mailsource $ description ) )
+
+objectclass ( 1.3.6.1.4.1.10018.1.2.3 NAME 'CourierDomainAlias' SUP top AUXILIARY
+ DESC 'Domain mail aliasing/forwarding entry'
+ MUST ( virtualdomain $ virtualdomainuser )
+ MAY ( mailsource $ description ) )
diff --git a/files/schema/custom-attribute.schema b/files/schema/custom-attribute.schema
new file mode 100644
index 0000000..6149e4f
--- /dev/null
+++ b/files/schema/custom-attribute.schema
@@ -0,0 +1,552 @@
+# Copyright 2004-2017 Univention GmbH
+#
+# http://www.univention.de/
+#
+# All rights reserved.
+#
+# The source code of this program is made available
+# under the terms of the GNU Affero General Public License version 3
+# (GNU AGPL V3) as published by the Free Software Foundation.
+#
+# Binary versions of this program provided by Univention to you as
+# well as other copyrighted, protected or trademarked materials like
+# Logos, graphics, fonts, specific documentations and configurations,
+# cryptographic keys etc. are subject to a license agreement between
+# you and Univention and not subject to the GNU AGPL V3.
+#
+# In the case you use this program under the terms of the GNU AGPL V3,
+# the program is provided in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public
+# License with the Debian GNU/Linux or Univention distribution in file
+# /usr/share/common-licenses/AGPL-3; if not, see
+# .
+
+#using namespace 1.3.6.1.4.1.10176.200.*
+
+attributetype ( 1.3.6.1.4.1.10176.200.1 NAME 'univentionAdminPropertyModule'
+ DESC ' determines which ldap module(s) is(are) related to this custom attribute '
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.200.2 NAME 'univentionAdminPropertyShortDescription'
+ DESC ' short description for the attribute'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.200.3 NAME 'univentionAdminPropertyLongDescription'
+ DESC ' some text describing the attribute eg.: "this is the numerical id of the user"'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.200.4 NAME 'univentionAdminPropertySyntax'
+ DESC ' datatype of the attribute eg.: string'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.200.5 NAME 'univentionAdminPropertyMultivalue'
+ DESC ' is this attribute a multivalue'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.200.6 NAME 'univentionAdminPropertyDefault'
+ DESC ' the default value for this attribute'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.200.7 NAME 'univentionAdminPropertyLdapMapping'
+ DESC ' determines which ldap attribute(s) is(are) related to this custom attribute '
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.200.8 NAME 'univentionAdminPropertyObjectClass'
+ DESC ' objectClass an Object must have '
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.200.9 NAME 'univentionAdminPropertyDeleteValues'
+ DESC ' delete these attributes when object deleted'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+
+attributetype ( 1.3.6.1.4.1.10176.200.10 NAME 'univentionAdminPropertyDeleteObjectClass'
+ DESC ' delete the objectclass'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.200.11 NAME 'univentionAdminPropertyLayoutTabName'
+ DESC ' name of the tab this attribute is placed on'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.200.12 NAME 'univentionAdminPropertyLayoutPosition'
+ DESC ' position on the tab this attribute is placed on'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+
+objectClass ( 1.3.6.1.4.1.10176.200.20 NAME 'univentionAdminProperty'
+ DESC ' defines a custom attribute for use in univention_ admin '
+ MUST ( cn $ univentionAdminPropertyModule $ univentionAdminPropertyShortDescription $ univentionAdminPropertyLdapMapping )
+ MAY ( univentionAdminPropertyLongDescription $ univentionAdminPropertySyntax $ univentionAdminPropertyMultivalue $ univentionAdminPropertyDefault $ univentionAdminPropertyObjectClass $ univentionAdminPropertyDeleteValues $ univentionAdminPropertyDeleteObjectClass $ univentionAdminPropertyLayoutTabName $ univentionAdminPropertyLayoutPosition ))
+
+
+
+# #################################################################
+
+
+attributetype ( 1.3.6.1.4.1.10176.200.100 NAME 'univentionUDMPropertyVersion'
+ DESC ' determines which object format is used for this custom attribute '
+ EQUALITY caseExactMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.200.101 NAME 'univentionUDMPropertyModule'
+ DESC ' determines which ldap module(s) is(are) related to this custom attribute '
+ EQUALITY caseExactMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.200.102 NAME 'univentionUDMPropertyShortDescription'
+ DESC ' short description for the attribute'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.200.103 NAME 'univentionUDMPropertyLongDescription'
+ DESC ' some text describing the attribute eg.: "this is the numerical id of the user"'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.200.104 NAME 'univentionUDMPropertySyntax'
+ DESC ' datatype of the attribute eg.: string'
+ EQUALITY caseExactMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.200.105 NAME 'univentionUDMPropertyMultivalue'
+ DESC ' is this attribute a multivalue'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.200.106 NAME 'univentionUDMPropertyDefault'
+ DESC ' the default value for this attribute'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.200.107 NAME 'univentionUDMPropertyLdapMapping'
+ DESC ' determines which ldap attribute(s) is(are) related to this custom attribute '
+ EQUALITY caseExactMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.200.108 NAME 'univentionUDMPropertyObjectClass'
+ DESC ' objectClass an Object must have '
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.200.109 NAME 'univentionUDMPropertyDeleteObjectClass'
+ DESC ' delete the objectclass'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.200.110 NAME 'univentionUDMPropertyValueMayChange'
+ DESC ' defines if value is readonly or writable '
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+attributetype ( 1.3.6.1.4.1.10176.200.111 NAME 'univentionUDMPropertyLayoutTabName'
+ DESC ' name of tab the custom attribute shall be displayed on '
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.200.112 NAME 'univentionUDMPropertyLayoutOverwriteTab'
+ DESC ' existing tab will be overwritten '
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.200.113 NAME 'univentionUDMPropertyLayoutOverwritePosition'
+ DESC ' existing widget at given position will be overwritten '
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.200.114 NAME 'univentionUDMPropertyLayoutPosition'
+ DESC ' position of custom attribute on given tab '
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.200.115 NAME 'univentionUDMPropertyCLIName'
+ DESC ' short description for the attribute'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.200.116 NAME 'univentionUDMPropertyTranslationShortDescription'
+ DESC ' some translated text describing the attribute eg.: "this is the numerical id of the user"'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+attributetype ( 1.3.6.1.4.1.10176.200.117 NAME 'univentionUDMPropertyTranslationLongDescription'
+ DESC ' some translated text describing the attribute eg.: "this is the numerical id of the user"'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+attributetype ( 1.3.6.1.4.1.10176.200.118 NAME 'univentionUDMPropertyTranslationTabName'
+ DESC ' some translated text describing the tab name eg.: "general"'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+attributetype ( 1.3.6.1.4.1.10176.200.119 NAME 'univentionUDMPropertyOptions'
+ DESC ' list of options '
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+attributetype ( 1.3.6.1.4.1.10176.200.120 NAME 'univentionUDMPropertyLayoutTabAdvanced'
+ DESC ' list of options '
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.200.121 NAME 'univentionUDMPropertyValueRequired'
+ DESC ' list of options '
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.200.122 NAME 'univentionUDMPropertyHook'
+ DESC ' list of options '
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.200.123 NAME 'univentionUDMPropertyDoNotSearch'
+ DESC ' list of options '
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.200.124 NAME 'univentionUDMPropertyAddEmptyValue'
+ DESC ' add empty value to choicelist '
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.200.125 NAME 'univentionUDMPropertyLayoutFullWidth'
+ DESC ' widget will be full width '
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.200.126 NAME 'univentionUDMPropertyValueNotEditable'
+ DESC ' defines if the user can directly modify the value '
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+# new with UCS 3.0
+attributetype ( 1.3.6.1.4.1.10176.200.127 NAME 'univentionUDMPropertyLayoutGroupName'
+ DESC ' name of group the extended attribute shall be displayed in'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.200.128 NAME 'univentionUDMPropertyTranslationGroupName'
+ DESC ' some translated text describing the tab name eg.: "general"'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+attributetype ( 1.3.6.1.4.1.10176.200.129 NAME 'univentionUDMPropertyLayoutGroupPosition'
+ DESC ' position of group on given tab '
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.200.130 NAME 'univentionUDMPropertyLayoutDisable'
+ DESC ' defines if this attribute will be shown in UDM/UMC'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+
+attributetype ( 1.3.6.1.4.1.10176.200.131 NAME 'univentionUDMPropertyCopyable'
+ DESC 'defines if this attribute is copyable in UMC'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+
+objectclass ( 1.3.6.1.4.1.10176.200.199
+ NAME 'univentionUDMProperty'
+ DESC ' defines a custom attribute for use in univention directory manager '
+ MUST ( cn $
+ univentionUDMPropertyVersion $
+ univentionUDMPropertyModule $
+ univentionUDMPropertyShortDescription $
+ univentionUDMPropertyLdapMapping $
+ univentionUDMPropertyCLIName )
+ MAY ( univentionUDMPropertyLongDescription $
+ univentionUDMPropertyTranslationShortDescription $
+ univentionUDMPropertyTranslationLongDescription $
+ univentionUDMPropertyTranslationTabName $
+ univentionUDMPropertySyntax $
+ univentionUDMPropertyMultivalue $
+ univentionUDMPropertyDefault $
+ univentionUDMPropertyObjectClass $
+ univentionUDMPropertyDeleteObjectClass $
+ univentionUDMPropertyValueMayChange $
+ univentionUDMPropertyValueRequired $
+ univentionUDMPropertyValueNotEditable $
+ univentionUDMPropertyLayoutTabName $
+ univentionUDMPropertyLayoutOverwriteTab $
+ univentionUDMPropertyLayoutOverwritePosition $
+ univentionUDMPropertyLayoutFullWidth $
+ univentionUDMPropertyLayoutPosition $
+ univentionUDMPropertyOptions $
+ univentionUDMPropertyLayoutTabAdvanced $
+ univentionUDMPropertyHook $
+ univentionUDMPropertyDoNotSearch $
+ univentionUDMPropertyAddEmptyValue $
+ univentionUDMPropertyLayoutGroupName $
+ univentionUDMPropertyTranslationGroupName $
+ univentionUDMPropertyLayoutGroupPosition $
+ univentionUDMPropertyLayoutDisable $
+ univentionUDMPropertyCopyable
+ )
+ )
+
+
+# #################################################################
+
+
+attributetype ( 1.3.6.1.4.1.10176.200.200 NAME 'univentionUDMOptionShortDescription'
+ DESC ' short description for the option eg.: "Inventory"'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.200.201 NAME 'univentionUDMOptionLongDescription'
+ DESC ' some text describing the option eg.: "Options for inventorysation"'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.200.202 NAME 'univentionUDMOptionTranslationShortDescription'
+ DESC ' some translated text describing the option eg.: "Inventarisierung"'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+attributetype ( 1.3.6.1.4.1.10176.200.203 NAME 'univentionUDMOptionTranslationLongDescription'
+ DESC ' some translated text describing the option eg.: "Optionen für Inventarisierung"'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+attributetype ( 1.3.6.1.4.1.10176.200.204 NAME 'univentionUDMOptionDefault'
+ DESC 'is this option enabled by default'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.200.205 NAME 'univentionUDMOptionEditable'
+ DESC 'is this option changeable'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.200.206 NAME 'univentionUDMOptionModule'
+ DESC 'determines which ldap module(s) is(are) related to this extended option'
+ EQUALITY caseExactMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.200.207 NAME 'univentionUDMOptionObjectClass'
+ DESC 'objectClass an Object must have'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+#attributetype ( 1.3.6.1.4.1.10176.200.208 NAME 'univentionUDMOptionDisabled'
+# DESC 'this option is disabled by the license'
+# EQUALITY caseIgnoreIA5Match
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+objectclass ( 1.3.6.1.4.1.10176.200.299
+ NAME 'univentionUDMOption'
+ DESC 'defines an option for use in univention directory manager'
+ MUST ( cn $
+ univentionUDMOptionShortDescription $
+ univentionUDMOptionModule )
+ MAY ( univentionUDMPropertyOptions $
+ univentionUDMOptionLongDescription $
+ univentionUDMOptionTranslationShortDescription $
+ univentionUDMOptionTranslationLongDescription $
+ univentionUDMOptionDefault $
+ univentionUDMOptionEditable $
+ univentionUDMOptionObjectClass )
+ )
+
+
+# ####################
+
+
+attributetype ( 1.3.6.1.4.1.10176.200.1001 NAME 'univentionFreeAttribute1'
+ DESC ' unused custom attribute 1 '
+ EQUALITY caseExactMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.200.1002 NAME 'univentionFreeAttribute2'
+ DESC ' unused custom attribute 2 '
+ EQUALITY caseExactMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.200.1003 NAME 'univentionFreeAttribute3'
+ DESC ' unused custom attribute 3 '
+ EQUALITY caseExactMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.200.1004 NAME 'univentionFreeAttribute4'
+ DESC ' unused custom attribute 4 '
+ EQUALITY caseExactMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.200.1005 NAME 'univentionFreeAttribute5'
+ DESC ' unused custom attribute 5 '
+ EQUALITY caseExactMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.200.1006 NAME 'univentionFreeAttribute6'
+ DESC ' unused custom attribute 6 '
+ EQUALITY caseExactMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.200.1007 NAME 'univentionFreeAttribute7'
+ DESC ' unused custom attribute 7 '
+ EQUALITY caseExactMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.200.1008 NAME 'univentionFreeAttribute8'
+ DESC ' unused custom attribute 8 '
+ EQUALITY caseExactMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.200.1009 NAME 'univentionFreeAttribute9'
+ DESC ' unused custom attribute 9 '
+ EQUALITY caseExactMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.200.1010 NAME 'univentionFreeAttribute10'
+ DESC ' unused custom attribute 10 '
+ EQUALITY caseExactMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.200.1011 NAME 'univentionFreeAttribute11'
+ DESC ' unused custom attribute 11 '
+ EQUALITY caseExactMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.200.1012 NAME 'univentionFreeAttribute12'
+ DESC ' unused custom attribute 12 '
+ EQUALITY caseExactMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.200.1013 NAME 'univentionFreeAttribute13'
+ DESC ' unused custom attribute 13 '
+ EQUALITY caseExactMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.200.1014 NAME 'univentionFreeAttribute14'
+ DESC ' unused custom attribute 14 '
+ EQUALITY caseExactMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.200.1015 NAME 'univentionFreeAttribute15'
+ DESC ' unused custom attribute 15 '
+ EQUALITY caseExactMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.200.1016 NAME 'univentionFreeAttribute16'
+ DESC ' unused custom attribute 16 '
+ EQUALITY caseExactMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.200.1017 NAME 'univentionFreeAttribute17'
+ DESC ' unused custom attribute 17 '
+ EQUALITY caseExactMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.200.1018 NAME 'univentionFreeAttribute18'
+ DESC ' unused custom attribute 18 '
+ EQUALITY caseExactMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.200.1019 NAME 'univentionFreeAttribute19'
+ DESC ' unused custom attribute 19 '
+ EQUALITY caseExactMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.200.1020 NAME 'univentionFreeAttribute20'
+ DESC ' unused custom attribute 20 '
+ EQUALITY caseExactMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectclass ( 1.3.6.1.4.1.10176.200.1000
+ NAME 'univentionFreeAttributes'
+ DESC ' defines a custom attribute for use in univention directory manager '
+ SUP top AUXILIARY
+ MAY ( univentionFreeAttribute1 $
+ univentionFreeAttribute2 $
+ univentionFreeAttribute3 $
+ univentionFreeAttribute4 $
+ univentionFreeAttribute5 $
+ univentionFreeAttribute6 $
+ univentionFreeAttribute7 $
+ univentionFreeAttribute8 $
+ univentionFreeAttribute9 $
+ univentionFreeAttribute10 $
+ univentionFreeAttribute11 $
+ univentionFreeAttribute12 $
+ univentionFreeAttribute13 $
+ univentionFreeAttribute14 $
+ univentionFreeAttribute15 $
+ univentionFreeAttribute16 $
+ univentionFreeAttribute17 $
+ univentionFreeAttribute18 $
+ univentionFreeAttribute19 $
+ univentionFreeAttribute20
+ )
+ )
diff --git a/files/schema/dhcp.schema b/files/schema/dhcp.schema
new file mode 100644
index 0000000..c8f3b31
--- /dev/null
+++ b/files/schema/dhcp.schema
@@ -0,0 +1,490 @@
+# /dhcp.schema
+attributetype ( 2.16.840.1.113719.1.203.4.1
+ NAME 'dhcpPrimaryDN'
+ EQUALITY distinguishedNameMatch
+ DESC 'The DN of the dhcpServer which is the primary server for the configuration.'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.2
+ NAME 'dhcpSecondaryDN'
+ EQUALITY distinguishedNameMatch
+ DESC 'The DN of dhcpServer(s) which provide backup service for the configuration.'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.3
+ NAME 'dhcpStatements'
+ EQUALITY caseIgnoreIA5Match
+ DESC 'Flexible storage for specific data depending on what object this exists in. Like conditional statements, server parameters, etc. This allows the standard to evolve without needing to adjust the schema.'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.4
+ NAME 'dhcpRange'
+ EQUALITY caseIgnoreIA5Match
+ DESC 'The starting & ending IP Addresses in the range (inclusive), separated by a hyphen; if the range only contains one address, then just the address can be specified with no hyphen. Each range is defined as a separate value.'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.5
+ NAME 'dhcpPermitList'
+ EQUALITY caseIgnoreIA5Match
+ DESC 'This attribute contains the permit lists associated with a pool. Each permit list is defined as a separate value.'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.6
+ NAME 'dhcpNetMask'
+ EQUALITY integerMatch
+ DESC 'The subnet mask length for the subnet. The mask can be easily computed from this length.'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.7
+ NAME 'dhcpOption'
+ EQUALITY caseIgnoreIA5Match
+ DESC 'Encoded option values to be sent to clients. Each value represents a single option and contains (OptionTag, Length, OptionValue) encoded in the format used by DHCP.'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.8
+ NAME 'dhcpClassData'
+ EQUALITY caseIgnoreIA5Match
+ DESC 'Encoded text string or list of bytes expressed in hexadecimal, separated by colons. Clients match subclasses based on matching the class data with the results of match or spawn with statements in the class name declarations.'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.9
+ NAME 'dhcpOptionsDN'
+ EQUALITY distinguishedNameMatch
+ DESC 'The distinguished name(s) of the dhcpOption objects containing the configuration options provided by the server.'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.10
+ NAME 'dhcpHostDN'
+ EQUALITY distinguishedNameMatch
+ DESC 'the distinguished name(s) of the dhcpHost objects.'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.11
+ NAME 'dhcpPoolDN'
+ EQUALITY distinguishedNameMatch
+ DESC 'The distinguished name(s) of pools.'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.12
+ NAME 'dhcpGroupDN'
+ EQUALITY distinguishedNameMatch
+ DESC 'The distinguished name(s) of the groups.'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.13
+ NAME 'dhcpSubnetDN'
+ EQUALITY distinguishedNameMatch
+ DESC 'The distinguished name(s) of the subnets.'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.14
+ NAME 'dhcpLeaseDN'
+ EQUALITY distinguishedNameMatch
+ DESC 'The distinguished name of a client address.'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE)
+
+attributetype ( 2.16.840.1.113719.1.203.4.15
+ NAME 'dhcpLeasesDN'
+ DESC 'The distinguished name(s) client addresses.'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.16
+ NAME 'dhcpClassesDN'
+ EQUALITY distinguishedNameMatch
+ DESC 'The distinguished name(s) of a class(es) in a subclass.'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.17
+ NAME 'dhcpSubclassesDN'
+ EQUALITY distinguishedNameMatch
+ DESC 'The distinguished name(s) of subclass(es).'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.18
+ NAME 'dhcpSharedNetworkDN'
+ EQUALITY distinguishedNameMatch
+ DESC 'The distinguished name(s) of sharedNetworks.'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.19
+ NAME 'dhcpServiceDN'
+ EQUALITY distinguishedNameMatch
+ DESC 'The DN of dhcpService object(s)which contain the configuration information. Each dhcpServer object has this attribute identifying the DHCP configuration(s) that the server is associated with.'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.20
+ NAME 'dhcpVersion'
+ DESC 'The version attribute of this object.'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.21
+ NAME 'dhcpImplementation'
+ EQUALITY caseIgnoreIA5Match
+ DESC 'Description of the DHCP Server implementation e.g. DHCP Servers vendor.'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.22
+ NAME 'dhcpAddressState'
+ EQUALITY caseIgnoreIA5Match
+ DESC 'This stores information about the current binding-status of an address. For dynamic addresses managed by DHCP, the values should be restricted to the following: "FREE", "ACTIVE", "EXPIRED", "RELEASED", "RESET", "ABANDONED", "BACKUP". For other addresses, it SHOULD be one of the following: "UNKNOWN", "RESERVED" (an address that is managed by DHCP that is reserved for a specific client), "RESERVED-ACTIVE" (same as reserved, but address is currently in use), "ASSIGNED" (assigned manually or by some other mechanism), "UNASSIGNED", "NOTASSIGNABLE".'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.23
+ NAME 'dhcpExpirationTime'
+ EQUALITY generalizedTimeMatch
+ DESC 'This is the time the current lease for an address expires.'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.24
+ NAME 'dhcpStartTimeOfState'
+ EQUALITY generalizedTimeMatch
+ DESC 'This is the time of the last state change for a leased address.'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.25
+ NAME 'dhcpLastTransactionTime'
+ EQUALITY generalizedTimeMatch
+ DESC 'This is the last time a valid DHCP packet was received from the client.'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.26
+ NAME 'dhcpBootpFlag'
+ EQUALITY booleanMatch
+ DESC 'This indicates whether the address was assigned via BOOTP.'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.27
+ NAME 'dhcpDomainName'
+ EQUALITY caseIgnoreIA5Match
+ DESC 'This is the name of the domain sent to the client by the server. It is essentially the same as the value for DHCP option 15 sent to the client, and represents only the domain - not the full FQDN. To obtain the full FQDN assigned to the client you must prepend the "dhcpAssignedHostName" to this value with a ".".'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.28
+ NAME 'dhcpDnsStatus'
+ EQUALITY integerMatch
+ DESC 'This indicates the status of updating DNS resource records on behalf of the client by the DHCP server for this address. The value is a 16-bit bitmask.'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.29
+ NAME 'dhcpRequestedHostName'
+ EQUALITY caseIgnoreIA5Match
+ DESC 'This is the hostname that was requested by the client.'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.30
+ NAME 'dhcpAssignedHostName'
+ EQUALITY caseIgnoreIA5Match
+ DESC 'This is the actual hostname that was assigned to a client. It may not be the name that was requested by the client. The fully qualified domain name can be determined by appending the value of "dhcpDomainName" (with a dot separator) to this name.'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.31
+ NAME 'dhcpReservedForClient'
+ EQUALITY distinguishedNameMatch
+ DESC 'The distinguished name of a "dhcpClient" that an address is reserved for. This may not be the same as the "dhcpAssignedToClient" attribute if the address is being reassigned but the current lease has not yet expired.'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.32
+ NAME 'dhcpAssignedToClient'
+ EQUALITY distinguishedNameMatch
+ DESC 'This is the distinguished name of a "dhcpClient" that an address is currently assigned to. This attribute is only present in the class when the address is leased.'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.33
+ NAME 'dhcpRelayAgentInfo'
+ EQUALITY octetStringMatch
+ DESC 'If the client request was received via a relay agent, this contains information about the relay agent that was available from the DHCP request. This is a hex-encoded option value.'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
+
+# Bug #15211: s/IA5/Directory/
+attributetype ( 2.16.840.1.113719.1.203.4.34
+ NAME 'dhcpHWAddress'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ DESC 'The clients hardware address that requested this IP address.'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.35
+ NAME 'dhcpHashBucketAssignment'
+ EQUALITY octetStringMatch
+ DESC 'HashBucketAssignment bit map for the DHCP Server, as defined in DHC Load Balancing Algorithm [RFC 3074].'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.36
+ NAME 'dhcpDelayedServiceParameter'
+ EQUALITY integerMatch
+ DESC 'Delay in seconds corresponding to Delayed Service Parameter configuration, as defined in DHC Load Balancing Algorithm [RFC 3074]. '
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.37
+ NAME 'dhcpMaxClientLeadTime'
+ EQUALITY integerMatch
+ DESC 'Maximum Client Lead Time configuration in seconds, as defined in DHCP Failover Protocol [FAILOVR]'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.38
+ NAME 'dhcpFailOverEndpointState'
+ EQUALITY caseIgnoreIA5Match
+ DESC 'Server (Failover Endpoint) state, as defined in DHCP Failover Protocol [FAILOVR]'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.39
+ NAME 'dhcpErrorLog'
+ EQUALITY caseIgnoreIA5Match
+ DESC 'Generic error log attribute that allows logging error conditions within a dhcpService or a dhcpSubnet, like no IP addresses available for lease.'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.40
+ NAME 'dhcpLocatorDN'
+ EQUALITY distinguishedNameMatch
+ DESC 'The DN of dhcpLocator object which contain the DNs of all DHCP configuration objects. There will be a single dhcpLocator object in the tree with links to all the DHCP objects in the tree'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.41
+ NAME 'dhcpKeyAlgorithm'
+ EQUALITY caseIgnoreIA5Match
+ DESC 'Algorithm to generate TSIG Key'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.42
+ NAME 'dhcpKeySecret'
+ EQUALITY octetStringMatch
+ DESC 'Secret to generate TSIG Key' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.43
+ NAME 'dhcpDnsZoneServer'
+ EQUALITY caseIgnoreIA5Match
+ DESC 'Master server of the DNS Zone'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.44
+ NAME 'dhcpKeyDN'
+ EQUALITY distinguishedNameMatch
+ DESC 'The DNs of TSIG Key to use in secure dynamic updates. In case of locator object, this will be list of TSIG keys. In case of DHCP Service, Shared Network, Subnet and DNS Zone, it will be a single key.'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
+
+attributetype ( 2.16.840.1.113719.1.203.4.45
+ NAME 'dhcpZoneDN'
+ EQUALITY distinguishedNameMatch
+ DESC 'The DNs of DNS Zone. In case of locator object, this will be list of DNS Zones in the tree. In case of DHCP Service, Shared Network and Subnet, it will be a single DNS Zone.'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
+
+attributetype ( 2.16.840.1.113719.1.203.4.46
+ NAME 'dhcpFailOverPrimaryServer'
+ EQUALITY caseIgnoreIA5Match
+ DESC 'IP address or DNS name of the server playing primary role in DHC Load Balancing and Fail over.'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.47
+ NAME 'dhcpFailOverSecondaryServer'
+ EQUALITY caseIgnoreIA5Match
+ DESC 'IP address or DNS name of the server playing secondary role in DHC Load Balancing and Fail over.'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.48
+ NAME 'dhcpFailOverPrimaryPort'
+ EQUALITY integerMatch
+ DESC 'Port on which primary server listens for connections from its fail over peer (secondary server)'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.49
+ NAME 'dhcpFailOverSecondaryPort'
+ EQUALITY integerMatch
+ DESC 'Port on which secondary server listens for connections from its fail over peer (primary server)'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.50
+ NAME 'dhcpFailOverResponseDelay'
+ EQUALITY integerMatch
+ DESC 'Maximum response time in seconds, before Server assumes that connection to fail over peer has failed'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.51
+ NAME 'dhcpFailOverUnackedUpdates'
+ EQUALITY integerMatch
+ DESC 'Number of BNDUPD messages that server can send before it receives BNDACK from its fail over peer'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.52
+ NAME 'dhcpFailOverSplit'
+ EQUALITY integerMatch
+ DESC 'Split between the primary and secondary servers for fail over purpose'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.53
+ NAME 'dhcpFailOverLoadBalanceTime'
+ EQUALITY integerMatch
+ DESC 'Cutoff time in seconds, after which load balance is disabled'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.54
+ NAME 'dhcpFailOverPeerDN'
+ EQUALITY distinguishedNameMatch
+ DESC 'The DNs of Fail over peers. In case of locator object, this will be list of fail over peers in the tree. In case of Subnet and pool, it will be a single Fail Over Peer'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+#List of all servers in the tree
+attributetype ( 2.16.840.1.113719.1.203.4.55
+ NAME 'dhcpServerDN'
+ EQUALITY distinguishedNameMatch
+ DESC 'List of all DHCP Servers in the tree. Used by dhcpLocatorObject'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.56
+ NAME 'dhcpComments'
+ EQUALITY caseIgnoreIA5Match
+ DESC 'Generic attribute that allows coments within any DHCP object'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.57
+ NAME 'dhcpClientId'
+ EQUALITY caseIgnoreIA5Match
+ DESC 'client Identifier.'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.58
+ NAME 'dhcpRange6'
+ EQUALITY caseIgnoreIA5Match
+ DESC 'The starting & ending IP Addresses in the range (inclusive), separated by a hyphen; if the range only contains one address, then just the address can be specified with no hyphen. Each range is defined as a separate value.'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+# Classes
+
+objectclass ( 2.16.840.1.113719.1.203.6.1
+ NAME 'dhcpService'
+ DESC 'Service object that represents the actual DHCP Service configuration. This is a container object.'
+ SUP top
+ MUST (cn)
+ MAY ( dhcpPrimaryDN $ dhcpSecondaryDN $ dhcpServerDN $ dhcpSharedNetworkDN $ dhcpSubnetDN $ dhcpGroupDN $ dhcpHostDN $ dhcpClassesDN $ dhcpOptionsDN $ dhcpZoneDN $ dhcpKeyDN $ dhcpFailOverPeerDN $ dhcpStatements $dhcpComments $ dhcpOption) )
+
+objectclass ( 2.16.840.1.113719.1.203.6.2
+ NAME 'dhcpSharedNetwork'
+ DESC 'This stores configuration information for a shared network.'
+ SUP top
+ MUST cn
+ MAY ( dhcpSubnetDN $ dhcpPoolDN $ dhcpOptionsDN $ dhcpZoneDN $ dhcpStatements $dhcpComments $ dhcpOption) X-NDS_CONTAINMENT ('dhcpService' ) )
+
+objectclass ( 2.16.840.1.113719.1.203.6.3
+ NAME 'dhcpSubnet'
+ DESC 'This class defines a subnet. This is a container object.'
+ SUP top
+ MUST ( cn $ dhcpNetMask )
+ MAY ( dhcpRange $ dhcpPoolDN $ dhcpGroupDN $ dhcpHostDN $ dhcpClassesDN $ dhcpLeasesDN $ dhcpOptionsDN $ dhcpZoneDN $ dhcpKeyDN $ dhcpFailOverPeerDN $ dhcpStatements $ dhcpComments $ dhcpOption ) X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork') )
+
+objectclass ( 2.16.840.1.113719.1.203.6.4
+ NAME 'dhcpPool'
+ DESC 'This stores configuration information about a pool.'
+ SUP top
+ MUST ( cn $ dhcpRange )
+ MAY ( dhcpClassesDN $ dhcpPermitList $ dhcpLeasesDN $ dhcpOptionsDN $ dhcpZoneDN $dhcpKeyDN $ dhcpStatements $ dhcpComments $ dhcpOption $ dhcpStatements )
+ X-NDS_CONTAINMENT ('dhcpSubnet' 'dhcpSharedNetwork') )
+
+objectclass ( 2.16.840.1.113719.1.203.6.5
+ NAME 'dhcpGroup'
+ DESC 'Group object that lists host DNs and parameters. This is a container object.'
+ SUP top
+ MUST cn
+ MAY ( dhcpHostDN $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption )
+ X-NDS_CONTAINMENT ('dhcpSubnet' 'dhcpService' ) )
+
+objectclass ( 2.16.840.1.113719.1.203.6.6
+ NAME 'dhcpHost'
+ DESC 'This represents information about a particular client'
+ SUP top
+ MUST cn
+ MAY (dhcpLeaseDN $ dhcpHWAddress $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption $dhcpClientId )
+ X-NDS_CONTAINMENT ('dhcpService' 'dhcpSubnet' 'dhcpGroup') )
+
+objectclass ( 2.16.840.1.113719.1.203.6.7
+ NAME 'dhcpClass'
+ DESC 'Represents information about a collection of related clients.'
+ SUP top
+ MUST cn
+ MAY (dhcpSubClassesDN $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption)
+ X-NDS_CONTAINMENT ('dhcpService' 'dhcpSubnet' ) )
+
+objectclass ( 2.16.840.1.113719.1.203.6.8
+ NAME 'dhcpSubClass'
+ DESC 'Represents information about a collection of related classes.'
+ SUP top
+ MUST cn
+ MAY (dhcpClassData $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption) X-NDS_CONTAINMENT 'dhcpClass' )
+
+objectclass ( 2.16.840.1.113719.1.203.6.9
+ NAME 'dhcpOptions'
+ DESC 'Represents information about a collection of options defined.'
+ SUP top AUXILIARY
+ MUST cn
+ MAY ( dhcpOption $ dhcpComments )
+ X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet' 'dhcpPool' 'dhcpGroup' 'dhcpHost' 'dhcpClass' ) )
+
+objectclass ( 2.16.840.1.113719.1.203.6.10
+ NAME 'dhcpLeases'
+ DESC 'This class represents an IP Address, which may or may not have been leased.'
+ SUP top
+ MUST ( cn $ dhcpAddressState )
+ MAY ( dhcpExpirationTime $ dhcpStartTimeOfState $ dhcpLastTransactionTime $ dhcpBootpFlag $ dhcpDomainName $ dhcpDnsStatus $ dhcpRequestedHostName $ dhcpAssignedHostName $ dhcpReservedForClient $ dhcpAssignedToClient $ dhcpRelayAgentInfo $ dhcpHWAddress )
+ X-NDS_CONTAINMENT ( 'dhcpService' 'dhcpSubnet' 'dhcpPool') )
+
+objectclass ( 2.16.840.1.113719.1.203.6.11
+ NAME 'dhcpLog'
+ DESC 'This is the object that holds past information about the IP address. The cn is the time/date stamp when the address was assigned or released, the address state at the time, if the address was assigned or released.'
+ SUP top
+ MUST ( cn )
+ MAY ( dhcpAddressState $ dhcpExpirationTime $ dhcpStartTimeOfState $ dhcpLastTransactionTime $ dhcpBootpFlag $ dhcpDomainName $ dhcpDnsStatus $ dhcpRequestedHostName $ dhcpAssignedHostName $ dhcpReservedForClient $ dhcpAssignedToClient $ dhcpRelayAgentInfo $ dhcpHWAddress $ dhcpErrorLog)
+ X-NDS_CONTAINMENT ('dhcpLeases' 'dhcpPool' 'dhcpSubnet' 'dhcpSharedNetwork' 'dhcpService' ) )
+
+objectclass ( 2.16.840.1.113719.1.203.6.12
+ NAME 'dhcpServer'
+ DESC 'DHCP Server Object'
+ SUP top
+ MUST ( cn )
+ MAY (dhcpServiceDN $ dhcpLocatorDN $ dhcpVersion $ dhcpImplementation $ dhcpHashBucketAssignment $ dhcpDelayedServiceParameter $ dhcpMaxClientLeadTime $ dhcpFailOverEndpointState $ dhcpStatements $ dhcpComments $ dhcpOption)
+ X-NDS_CONTAINMENT ('organization' 'organizationalunit' 'domain') )
+
+objectclass ( 2.16.840.1.113719.1.203.6.13
+ NAME 'dhcpTSigKey'
+ DESC 'TSIG key for secure dynamic updates'
+ SUP top
+ MUST (cn $ dhcpKeyAlgorithm $ dhcpKeySecret )
+ MAY ( dhcpComments )
+ X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet') )
+
+objectclass ( 2.16.840.1.113719.1.203.6.14
+ NAME 'dhcpDnsZone'
+ DESC 'DNS Zone for updating leases'
+ SUP top
+ MUST (cn $ dhcpDnsZoneServer )
+ MAY (dhcpKeyDN $ dhcpComments)
+ X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet') )
+
+objectclass ( 2.16.840.1.113719.1.203.6.15
+ NAME 'dhcpFailOverPeer'
+ DESC 'This class defines the Fail over peer'
+ SUP top
+ MUST ( cn $ dhcpFailOverPrimaryServer $ dhcpFailOverSecondaryServer $ dhcpFailoverPrimaryPort $ dhcpFailOverSecondaryPort) MAY (dhcpFailOverResponseDelay $ dhcpFailOverUnackedUpdates $ dhcpMaxClientLeadTime $ dhcpFailOverSplit $ dhcpHashBucketAssignment $ dhcpFailOverLoadBalanceTime $ dhcpComments )
+ X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet') )
+
+objectclass ( 2.16.840.1.113719.1.203.6.16
+ NAME 'dhcpLocator'
+ DESC 'Locator object for DHCP configuration in the tree. There will be a single dhcpLocator object in the tree with links to all the DHCP objects in the tree'
+ SUP top
+ MUST ( cn )
+ MAY ( dhcpServiceDN $dhcpServerDN $ dhcpSharedNetworkDN $ dhcpSubnetDN $ dhcpPoolDN $ dhcpGroupDN $ dhcpHostDN $ dhcpClassesDN $ dhcpKeyDN $ dhcpZoneDN $ dhcpFailOverPeerDN $ dhcpOption $ dhcpComments)
+ X-NDS_CONTAINMENT ('organization' 'organizationalunit' 'domain') )
+
+objectclass ( 2.16.840.1.113719.1.203.6.17
+ NAME 'dhcpSubnet6'
+ DESC 'This class defines an IPv6 subnet. This is a container object.'
+ SUP top
+ MUST ( cn )
+ MAY ( dhcpRange6 $ dhcpPoolDN $ dhcpGroupDN $ dhcpHostDN $ dhcpClassesDN $ dhcpLeasesDN $ dhcpOptionsDN $ dhcpZoneDN $ dhcpKeyDN $ dhcpFailOverPeerDN $ dhcpStatements $ dhcpComments $ dhcpOption $ dhcpPermitList ) X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork') )
+
+objectclass ( 2.16.840.1.113719.1.203.6.18
+ NAME 'dhcpPool6'
+ DESC 'This stores configuration information about an IPv6 pool.'
+ SUP top
+ MUST ( cn $ dhcpRange6 )
+ MAY ( dhcpClassesDN $ dhcpPermitList $ dhcpLeasesDN $ dhcpOptionsDN $ dhcpZoneDN $dhcpKeyDN $ dhcpStatements $ dhcpComments $ dhcpOption )
+ X-NDS_CONTAINMENT ('dhcpSubnet' 'dhcpSharedNetwork') )
diff --git a/files/schema/directory.schema b/files/schema/directory.schema
new file mode 100644
index 0000000..41e3cec
--- /dev/null
+++ b/files/schema/directory.schema
@@ -0,0 +1,102 @@
+# Copyright 2004-2017 Univention GmbH
+#
+# http://www.univention.de/
+#
+# All rights reserved.
+#
+# The source code of this program is made available
+# under the terms of the GNU Affero General Public License version 3
+# (GNU AGPL V3) as published by the Free Software Foundation.
+#
+# Binary versions of this program provided by Univention to you as
+# well as other copyrighted, protected or trademarked materials like
+# Logos, graphics, fonts, specific documentations and configurations,
+# cryptographic keys etc. are subject to a license agreement between
+# you and Univention and not subject to the GNU AGPL V3.
+#
+# In the case you use this program under the terms of the GNU AGPL V3,
+# the program is provided in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public
+# License with the Debian GNU/Linux or Univention distribution in file
+# /usr/share/common-licenses/AGPL-3; if not, see
+# .
+
+# 1.3.6.1.4.1.10176.1000
+
+# References
+attributetype ( 1.3.6.1.4.1.10176.1200 NAME 'univentionPolicyObject'
+ DESC 'policy object'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1201 NAME 'univentionDnsObject'
+ DESC 'policy object'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1202 NAME 'univentionDhcpObject'
+ DESC 'policy object'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1203 NAME 'univentionUsersObject'
+ DESC 'policy object'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1204 NAME 'univentionGroupsObject'
+ DESC 'policy object'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1205 NAME 'univentionComputersObject'
+ DESC 'policy object'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1206 NAME 'univentionLicenseObject'
+ DESC 'license objects'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1207 NAME 'univentionNetworksObject'
+ DESC 'networks objects'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1208 NAME 'univentionSharesObject'
+ DESC 'shares objects'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1209 NAME 'univentionPrintersObject'
+ DESC 'printer objects'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1210 NAME 'univentionMailObject'
+ DESC 'mail objects'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectclass ( 1.3.6.1.4.1.10176.2010 NAME 'univentionDirectory'
+ SUP 'top' STRUCTURAL
+ DESC 'reference to policy object'
+ MUST ( cn )
+ MAY (
+ univentionPolicyObject $
+ univentionDnsObject $
+ univentionDhcpObject $
+ univentionUsersObject $
+ univentionGroupsObject $
+ univentionComputersObject $
+ univentionNetworksObject $
+ univentionSharesObject $
+ univentionPrintersObject $
+ univentionMailObject $
+ univentionLicenseObject
+ ))
diff --git a/files/schema/dnszone.schema b/files/schema/dnszone.schema
new file mode 100644
index 0000000..beae76e
--- /dev/null
+++ b/files/schema/dnszone.schema
@@ -0,0 +1,124 @@
+# A schema for storing DNS zones in LDAP
+#
+attributetype ( 1.3.6.1.4.1.2428.20.0.0 NAME 'dNSTTL'
+ DESC 'An integer denoting time to live'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.0.1 NAME 'dNSClass'
+ DESC 'The class of a resource record'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.0.2 NAME 'zoneName'
+ DESC 'The name of a zone, i.e. the name of the highest node in the zone'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.0.3 NAME 'relativeDomainName'
+ DESC 'The starting labels of a domain name'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.12 NAME 'pTRRecord'
+ DESC 'domain name pointer, RFC 1035'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.13 NAME 'hInfoRecord'
+ DESC 'host information, RFC 1035'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.14 NAME 'mInfoRecord'
+ DESC 'mailbox or mail list information, RFC 1035'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.16 NAME 'tXTRecord'
+ DESC 'text string, RFC 1035'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.24 NAME 'SigRecord'
+ DESC 'Signature, RFC 2535'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.25 NAME 'KeyRecord'
+ DESC 'Key, RFC 2535'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.28 NAME 'aAAARecord'
+ DESC 'IPv6 address, RFC 1886'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.29 NAME 'LocRecord'
+ DESC 'Location, RFC 1876'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.30 NAME 'nXTRecord'
+ DESC 'non-existant, RFC 2535'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.33 NAME 'sRVRecord'
+ DESC 'service location, RFC 2782'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.35 NAME 'nAPTRRecord'
+ DESC 'Naming Authority Pointer, RFC 2915'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.36 NAME 'kXRecord'
+ DESC 'Key Exchange Delegation, RFC 2230'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.37 NAME 'certRecord'
+ DESC 'certificate, RFC 2538'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.38 NAME 'a6Record'
+ DESC 'A6 Record Type, RFC 2874'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.39 NAME 'dNameRecord'
+ DESC 'Non-Terminal DNS Name Redirection, RFC 2672'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+objectclass ( 1.3.6.1.4.1.2428.20.3 NAME 'dNSZone'
+ SUP top STRUCTURAL
+ MUST ( zoneName $ relativeDomainName )
+ MAY ( DNSTTL $ DNSClass $
+ ARecord $ MDRecord $ MXRecord $ NSRecord $
+ SOARecord $ CNAMERecord $ PTRRecord $ HINFORecord $
+ MINFORecord $ TXTRecord $ SIGRecord $ KEYRecord $
+ AAAARecord $ LOCRecord $ NXTRecord $ SRVRecord $
+ NAPTRRecord $ KXRecord $ CERTRecord $ A6Record $
+ DNAMERecord ) )
diff --git a/files/schema/duaconf.schema b/files/schema/duaconf.schema
new file mode 100644
index 0000000..8c1683f
--- /dev/null
+++ b/files/schema/duaconf.schema
@@ -0,0 +1,153 @@
+# $OpenLDAP$
+## This work is part of OpenLDAP Software .
+##
+## Copyright 1998-2014 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## .
+
+# DUA schema from draft-joslin-config-schema (a work in progress)
+
+# Contents of this file are subject to change (including deletion)
+# without notice.
+#
+# Not recommended for production use!
+# Use with extreme caution!
+
+## Notes:
+## - The matching rule for attributes followReferrals and dereferenceAliases
+## has been changed to booleanMatch since their syntax is boolean
+## - There was a typo in the name of the dereferenceAliases attributeType
+## in the DUAConfigProfile objectClass definition
+## - Credit goes to the original Authors
+
+# The version of this file as distributed by the OpenLDAP Foundation
+# contains text from an IETF Internet-Draft explaining the schema.
+# Unfortunately, that text is covered by a license that doesn't meet
+# Debian's Free Software Guidelines. This is a stripped version of the
+# schema that contains only the functional schema definition, not the text
+# of the Internet-Draft.
+#
+# For an explanation of this schema, see
+# draft-joslin-config-schema-07.txt.
+
+objectidentifier DUAConfSchemaOID 1.3.6.1.4.1.11.1.3.1
+
+attributeType ( DUAConfSchemaOID:1.0 NAME 'defaultServerList'
+ DESC 'Default LDAP server host address used by a DUA'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.1 NAME 'defaultSearchBase'
+ DESC 'Default LDAP base DN used by a DUA'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.2 NAME 'preferredServerList'
+ DESC 'Preferred LDAP server host addresses to be used by a
+ DUA'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.3 NAME 'searchTimeLimit'
+ DESC 'Maximum time in seconds a DUA should allow for a
+ search to complete'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.4 NAME 'bindTimeLimit'
+ DESC 'Maximum time in seconds a DUA should allow for the
+ bind operation to complete'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.5 NAME 'followReferrals'
+ DESC 'Tells DUA if it should follow referrals
+ returned by a DSA search result'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.16 NAME 'dereferenceAliases'
+ DESC 'Tells DUA if it should dereference aliases'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.6 NAME 'authenticationMethod'
+ DESC 'A keystring which identifies the type of
+ authentication method used to contact the DSA'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.7 NAME 'profileTTL'
+ DESC 'Time to live, in seconds, before a client DUA
+ should re-read this configuration profile'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.14 NAME 'serviceSearchDescriptor'
+ DESC 'LDAP search descriptor list used by a DUA'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributeType ( DUAConfSchemaOID:1.9 NAME 'attributeMap'
+ DESC 'Attribute mappings used by a DUA'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributeType ( DUAConfSchemaOID:1.10 NAME 'credentialLevel'
+ DESC 'Identifies type of credentials a DUA should
+ use when binding to the LDAP server'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.11 NAME 'objectclassMap'
+ DESC 'Objectclass mappings used by a DUA'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributeType ( DUAConfSchemaOID:1.12 NAME 'defaultSearchScope'
+ DESC 'Default search scope used by a DUA'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.13 NAME 'serviceCredentialLevel'
+ DESC 'Identifies type of credentials a DUA
+ should use when binding to the LDAP server for a
+ specific service'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributeType ( DUAConfSchemaOID:1.15 NAME 'serviceAuthenticationMethod'
+ DESC 'Authentication method used by a service of the DUA'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectClass ( DUAConfSchemaOID:2.5 NAME 'DUAConfigProfile'
+ SUP top STRUCTURAL
+ DESC 'Abstraction of a base configuration for a DUA'
+ MUST ( cn )
+ MAY ( defaultServerList $ preferredServerList $
+ defaultSearchBase $ defaultSearchScope $
+ searchTimeLimit $ bindTimeLimit $
+ credentialLevel $ authenticationMethod $
+ followReferrals $ dereferenceAliases $
+ serviceSearchDescriptor $ serviceCredentialLevel $
+ serviceAuthenticationMethod $ objectclassMap $
+ attributeMap $ profileTTL ) )
diff --git a/files/schema/dyngroup.schema b/files/schema/dyngroup.schema
new file mode 100644
index 0000000..035e23f
--- /dev/null
+++ b/files/schema/dyngroup.schema
@@ -0,0 +1,91 @@
+# dyngroup.schema -- Dynamic Group schema
+# $OpenLDAP$
+## This work is part of OpenLDAP Software .
+##
+## Copyright 1998-2015 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## .
+#
+# Dynamic Group schema (experimental), as defined by Netscape. See
+# http://www.redhat.com/docs/manuals/ent-server/pdf/esadmin611.pdf
+# page 70 for details on how these groups were used.
+#
+# A description of the objectclass definition is available here:
+# http://www.redhat.com/docs/manuals/dir-server/schema/7.1/oc_dir.html#1303745
+#
+# depends upon:
+# core.schema
+#
+# These definitions are considered experimental due to the lack of
+# a formal specification (e.g., RFC).
+#
+# NOT RECOMMENDED FOR PRODUCTION USE! USE WITH CAUTION!
+#
+# The Netscape documentation describes this as an auxiliary objectclass
+# but their implementations have always defined it as a structural class.
+# The sloppiness here is because Netscape-derived servers don't actually
+# implement the X.500 data model, and they don't honor the distinction
+# between structural and auxiliary classes. This fact is noted here:
+# http://forum.java.sun.com/thread.jspa?threadID=5016864&messageID=9034636
+#
+# In accordance with other existing implementations, we define it as a
+# structural class.
+#
+# Our definition of memberURL also does not match theirs but again
+# their published definition and what works in practice do not agree.
+# In other words, the Netscape definitions are broken and interoperability
+# is not guaranteed.
+#
+# Also see the new DynGroup proposed spec at
+# http://tools.ietf.org/html/draft-haripriya-dynamicgroup-02
+
+objectIdentifier NetscapeRoot 2.16.840.1.113730
+
+objectIdentifier NetscapeLDAP NetscapeRoot:3
+objectIdentifier NetscapeLDAPattributeType NetscapeLDAP:1
+objectIdentifier NetscapeLDAPobjectClass NetscapeLDAP:2
+
+objectIdentifier OpenLDAPExp11 1.3.6.1.4.1.4203.666.11
+objectIdentifier DynGroupBase OpenLDAPExp11:8
+objectIdentifier DynGroupAttr DynGroupBase:1
+objectIdentifier DynGroupOC DynGroupBase:2
+
+attributetype ( NetscapeLDAPattributeType:198
+ NAME 'memberURL'
+ DESC 'Identifies an URL associated with each member of a group. Any type of labeled URL can be used.'
+ SUP labeledURI )
+
+attributetype ( DynGroupAttr:1
+ NAME 'dgIdentity'
+ DESC 'Identity to use when processing the memberURL'
+ SUP distinguishedName SINGLE-VALUE )
+
+attributeType ( DynGroupAttr:2
+ NAME 'dgAuthz'
+ DESC 'Optional authorization rules that determine who is allowed to assume the dgIdentity'
+ EQUALITY authzMatch
+ SYNTAX 1.3.6.1.4.1.4203.666.2.7
+ X-ORDERED 'VALUES' )
+
+objectClass ( NetscapeLDAPobjectClass:33
+ NAME 'groupOfURLs'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( memberURL $ businessCategory $ description $ o $ ou $
+ owner $ seeAlso ) )
+
+# The Haripriya dyngroup schema still needs a lot of work.
+# We're just adding support for the dgIdentity attribute for now...
+objectClass ( DynGroupOC:1
+ NAME 'dgIdentityAux'
+ SUP top AUXILIARY
+ MAY ( dgIdentity $ dgAuthz ) )
+
+
diff --git a/files/schema/hdb.schema b/files/schema/hdb.schema
new file mode 100644
index 0000000..5730390
--- /dev/null
+++ b/files/schema/hdb.schema
@@ -0,0 +1,139 @@
+# Definitions for a Kerberos V KDC schema
+#
+# $Id$
+#
+# This version is compatible with OpenLDAP 1.8
+#
+# OID Base is iso(1) org(3) dod(6) internet(1) private(4) enterprise(1) padl(5322) kdcSchema(10)
+#
+# Syntaxes are under 1.3.6.1.4.1.5322.10.0
+# Attributes types are under 1.3.6.1.4.1.5322.10.1
+# Object classes are under 1.3.6.1.4.1.5322.10.2
+
+# Syntax definitions
+
+#krb5KDCFlagsSyntax SYNTAX ::= {
+# WITH SYNTAX INTEGER
+#-- initial(0), -- require as-req
+#-- forwardable(1), -- may issue forwardable
+#-- proxiable(2), -- may issue proxiable
+#-- renewable(3), -- may issue renewable
+#-- postdate(4), -- may issue postdatable
+#-- server(5), -- may be server
+#-- client(6), -- may be client
+#-- invalid(7), -- entry is invalid
+#-- require-preauth(8), -- must use preauth
+#-- change-pw(9), -- change password service
+#-- require-hwauth(10), -- must use hwauth
+#-- ok-as-delegate(11), -- as in TicketFlags
+#-- user-to-user(12), -- may use user-to-user auth
+#-- immutable(13) -- may not be deleted
+# ID { 1.3.6.1.4.1.5322.10.0.1 }
+#}
+
+#krb5PrincipalNameSyntax SYNTAX ::= {
+# WITH SYNTAX OCTET STRING
+#-- String representations of distinguished names as per RFC1510
+# ID { 1.3.6.1.4.1.5322.10.0.2 }
+#}
+
+# Attribute type definitions
+
+attributetype ( 1.3.6.1.4.1.5322.10.1.1
+ NAME 'krb5PrincipalName'
+ DESC 'The unparsed Kerberos principal name'
+ EQUALITY caseExactIA5Match
+ SINGLE-VALUE
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.5322.10.1.2
+ NAME 'krb5KeyVersionNumber'
+ EQUALITY integerMatch
+ SINGLE-VALUE
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+attributetype ( 1.3.6.1.4.1.5322.10.1.3
+ NAME 'krb5MaxLife'
+ EQUALITY integerMatch
+ SINGLE-VALUE
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+attributetype ( 1.3.6.1.4.1.5322.10.1.4
+ NAME 'krb5MaxRenew'
+ EQUALITY integerMatch
+ SINGLE-VALUE
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+attributetype ( 1.3.6.1.4.1.5322.10.1.5
+ NAME 'krb5KDCFlags'
+ EQUALITY integerMatch
+ SINGLE-VALUE
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+attributetype ( 1.3.6.1.4.1.5322.10.1.6
+ NAME 'krb5EncryptionType'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+attributetype ( 1.3.6.1.4.1.5322.10.1.7
+ NAME 'krb5ValidStart'
+ EQUALITY generalizedTimeMatch
+ ORDERING generalizedTimeOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.5322.10.1.8
+ NAME 'krb5ValidEnd'
+ EQUALITY generalizedTimeMatch
+ ORDERING generalizedTimeOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.5322.10.1.9
+ NAME 'krb5PasswordEnd'
+ EQUALITY generalizedTimeMatch
+ ORDERING generalizedTimeOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+ SINGLE-VALUE )
+
+# this is temporary; keys will eventually
+# be child entries or compound attributes.
+attributetype ( 1.3.6.1.4.1.5322.10.1.10
+ NAME 'krb5Key'
+ DESC 'Encoded ASN1 Key as an octet string'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
+
+attributetype ( 1.3.6.1.4.1.5322.10.1.11
+ NAME 'krb5PrincipalRealm'
+ DESC 'Distinguished name of krb5Realm entry'
+ SUP distinguishedName )
+
+attributetype ( 1.3.6.1.4.1.5322.10.1.12
+ NAME 'krb5RealmName'
+ EQUALITY octetStringMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
+
+# Object class definitions
+
+objectclass ( 1.3.6.1.4.1.5322.10.2.1
+ NAME 'krb5Principal'
+ SUP top
+ AUXILIARY
+ MUST ( krb5PrincipalName )
+ MAY ( cn $ krb5PrincipalRealm ) )
+
+objectclass ( 1.3.6.1.4.1.5322.10.2.2
+ NAME 'krb5KDCEntry'
+ SUP krb5Principal
+ AUXILIARY
+ MUST ( krb5KeyVersionNumber )
+ MAY ( krb5ValidStart $ krb5ValidEnd $ krb5PasswordEnd $
+ krb5MaxLife $ krb5MaxRenew $ krb5KDCFlags $
+ krb5EncryptionType $ krb5Key ) )
+
+objectclass ( 1.3.6.1.4.1.5322.10.2.3
+ NAME 'krb5Realm'
+ SUP top
+ AUXILIARY
+ MUST ( krb5RealmName ) )
+
diff --git a/files/schema/inetorgperson.schema b/files/schema/inetorgperson.schema
new file mode 100644
index 0000000..34c3bf8
--- /dev/null
+++ b/files/schema/inetorgperson.schema
@@ -0,0 +1,113 @@
+# inetorgperson.schema -- InetOrgPerson (RFC2798)
+# $OpenLDAP$
+## This work is part of OpenLDAP Software .
+##
+## Copyright 1998-2014 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## .
+#
+# InetOrgPerson (RFC2798)
+#
+# Depends upon
+# Definition of an X.500 Attribute Type and an Object Class to Hold
+# Uniform Resource Identifiers (URIs) [RFC2079]
+# (core.schema)
+#
+# A Summary of the X.500(96) User Schema for use with LDAPv3 [RFC2256]
+# (core.schema)
+#
+# The COSINE and Internet X.500 Schema [RFC1274] (cosine.schema)
+
+# The version of this file as distributed by the OpenLDAP Foundation
+# contains text from an IETF RFC explaining the schema. Unfortunately,
+# that text is covered by a license that doesn't meet Debian's Free
+# Software Guidelines. This is a stripped version of the schema that
+# contains only the functional schema definition, not the text of the
+# RFC.
+#
+# For an explanation of this schema, see RFC 2798, at (among other
+# places): http://www.ietf.org/rfc/rfc2798.txt
+
+attributetype ( 2.16.840.1.113730.3.1.1
+ NAME 'carLicense'
+ DESC 'RFC2798: vehicle license or registration plate'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 2.16.840.1.113730.3.1.2
+ NAME 'departmentNumber'
+ DESC 'RFC2798: identifies a department within an organization'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 2.16.840.1.113730.3.1.241
+ NAME 'displayName'
+ DESC 'RFC2798: preferred name to be used when displaying entries'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113730.3.1.3
+ NAME 'employeeNumber'
+ DESC 'RFC2798: numerically identifies an employee within an organization'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113730.3.1.4
+ NAME 'employeeType'
+ DESC 'RFC2798: type of employment for a person'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 0.9.2342.19200300.100.1.60
+ NAME 'jpegPhoto'
+ DESC 'RFC2798: a JPEG image'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 )
+
+attributetype ( 2.16.840.1.113730.3.1.39
+ NAME 'preferredLanguage'
+ DESC 'RFC2798: preferred written or spoken language for a person'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+## OpenLDAP note: ";binary" transfer should NOT be used as syntax is binary
+attributetype ( 2.16.840.1.113730.3.1.40
+ NAME 'userSMIMECertificate'
+ DESC 'RFC2798: PKCS#7 SignedData used to support S/MIME'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
+
+## OpenLDAP note: ";binary" transfer should NOT be used as syntax is binary
+attributetype ( 2.16.840.1.113730.3.1.216
+ NAME 'userPKCS12'
+ DESC 'RFC2798: personal identity information, a PKCS #12 PFX'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
+
+objectclass ( 2.16.840.1.113730.3.2.2
+ NAME 'inetOrgPerson'
+ DESC 'RFC2798: Internet Organizational Person'
+ SUP organizationalPerson
+ STRUCTURAL
+ MAY (
+ audio $ businessCategory $ carLicense $ departmentNumber $
+ displayName $ employeeNumber $ employeeType $ givenName $
+ homePhone $ homePostalAddress $ initials $ jpegPhoto $
+ labeledURI $ mail $ manager $ mobile $ o $ pager $
+ photo $ roomNumber $ secretary $ uid $ userCertificate $
+ x500uniqueIdentifier $ preferredLanguage $
+ userSMIMECertificate $ userPKCS12 )
+ )
diff --git a/files/schema/java.schema b/files/schema/java.schema
new file mode 100644
index 0000000..24c1f1b
--- /dev/null
+++ b/files/schema/java.schema
@@ -0,0 +1,109 @@
+# java.schema -- Java Object Schema
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/java.schema,v 1.5.2.3 2007/01/02 21:44:09 kurt Exp $
+## This work is part of OpenLDAP Software .
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## .
+#
+# Java Object Schema (defined in RFC 2713)
+# depends upon core.schema
+#
+
+# The version of this file as distributed by the OpenLDAP Foundation
+# contains text from an IETF RFC explaining the schema. Unfortunately,
+# that text is covered by a license that doesn't meet Debian's Free
+# Software Guidelines. This is a stripped version of the schema that
+# contains only the functional schema definition, not the text of the
+# RFC.
+#
+# For an explanation of this schema, see RFC 2713, at (among other
+# places): http://www.ietf.org/rfc/rfc2713.txt
+
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.6
+ NAME 'javaClassName'
+ DESC 'Fully qualified name of distinguished Java class or interface'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.7
+ NAME 'javaCodebase'
+ DESC 'URL(s) specifying the location of class definition'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.13
+ NAME 'javaClassNames'
+ DESC 'Fully qualified Java class or interface name'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.8
+ NAME 'javaSerializedData'
+ DESC 'Serialized form of a Java object'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.10
+ NAME 'javaFactory'
+ DESC 'Fully qualified Java class name of a JNDI object factory'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.11
+ NAME 'javaReferenceAddress'
+ DESC 'Addresses associated with a JNDI Reference'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.12
+ NAME 'javaDoc'
+ DESC 'The Java documentation for the class'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.1
+ NAME 'javaContainer'
+ DESC 'Container for a Java object'
+ SUP top
+ STRUCTURAL
+ MUST cn )
+
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.4
+ NAME 'javaObject'
+ DESC 'Java object representation'
+ SUP top
+ ABSTRACT
+ MUST javaClassName
+ MAY ( javaClassNames $ javaCodebase $
+ javaDoc $ description ) )
+
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.5
+ NAME 'javaSerializedObject'
+ DESC 'Java serialized object'
+ SUP javaObject
+ AUXILIARY
+ MUST javaSerializedData )
+
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.8
+ NAME 'javaMarshalledObject'
+ DESC 'Java marshalled object'
+ SUP javaObject
+ AUXILIARY
+ MUST javaSerializedData )
+
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.7
+ NAME 'javaNamingReference'
+ DESC 'JNDI reference'
+ SUP javaObject
+ AUXILIARY
+ MAY ( javaReferenceAddress $ javaFactory ) )
diff --git a/files/schema/krb5-kdc.schema b/files/schema/krb5-kdc.schema
new file mode 100644
index 0000000..24956f5
--- /dev/null
+++ b/files/schema/krb5-kdc.schema
@@ -0,0 +1,136 @@
+# $Id: krb5-kdc.schema,v 1.1.14.1.20.2 2006/02/02 09:22:53 martin Exp $
+# Definitions for a Kerberos V KDC schema
+
+# OID Base is iso(1) org(3) dod(6) internet(1) private(4) enterprise(1) padl(5322) kdcSchema(10)
+#
+# Syntaxes are under 1.3.6.1.4.1.5322.10.0
+# Attributes types are under 1.3.6.1.4.1.5322.10.1
+# Object classes are under 1.3.6.1.4.1.5322.10.2
+
+# Syntax definitions
+
+#krb5KDCFlagsSyntax SYNTAX ::= {
+# WITH SYNTAX INTEGER
+#-- initial(0), -- require as-req
+#-- forwardable(1), -- may issue forwardable
+#-- proxiable(2), -- may issue proxiable
+#-- renewable(3), -- may issue renewable
+#-- postdate(4), -- may issue postdatable
+#-- server(5), -- may be server
+#-- client(6), -- may be client
+#-- invalid(7), -- entry is invalid
+#-- require-preauth(8), -- must use preauth
+#-- change-pw(9), -- change password service
+#-- require-hwauth(10), -- must use hwauth
+#-- ok-as-delegate(11), -- as in TicketFlags
+#-- user-to-user(12), -- may use user-to-user auth
+#-- immutable(13) -- may not be deleted
+# ID { 1.3.6.1.4.1.5322.10.0.1 }
+#}
+
+#krb5PrincipalNameSyntax SYNTAX ::= {
+# WITH SYNTAX OCTET STRING
+#-- String representations of distinguished names as per RFC1510
+# ID { 1.3.6.1.4.1.5322.10.0.2 }
+#}
+
+# Attribute type definitions
+
+attributetype ( 1.3.6.1.4.1.5322.10.1.1
+ NAME 'krb5PrincipalName'
+ DESC 'The unparsed Kerberos principal name'
+ EQUALITY octetStringMatch
+ SINGLE-VALUE
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
+
+attributetype ( 1.3.6.1.4.1.5322.10.1.2
+ NAME 'krb5KeyVersionNumber'
+ EQUALITY integerMatch
+ SINGLE-VALUE
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+attributetype ( 1.3.6.1.4.1.5322.10.1.3
+ NAME 'krb5MaxLife'
+ EQUALITY integerMatch
+ SINGLE-VALUE
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+attributetype ( 1.3.6.1.4.1.5322.10.1.4
+ NAME 'krb5MaxRenew'
+ EQUALITY integerMatch
+ SINGLE-VALUE
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+attributetype ( 1.3.6.1.4.1.5322.10.1.5
+ NAME 'krb5KDCFlags'
+ EQUALITY integerMatch
+ SINGLE-VALUE
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+attributetype ( 1.3.6.1.4.1.5322.10.1.6
+ NAME 'krb5EncryptionType'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+attributetype ( 1.3.6.1.4.1.5322.10.1.7
+ NAME 'krb5ValidStart'
+ EQUALITY generalizedTimeMatch
+ ORDERING generalizedTimeOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.5322.10.1.8
+ NAME 'krb5ValidEnd'
+ EQUALITY generalizedTimeMatch
+ ORDERING generalizedTimeOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.5322.10.1.9
+ NAME 'krb5PasswordEnd'
+ EQUALITY generalizedTimeMatch
+ ORDERING generalizedTimeOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+ SINGLE-VALUE )
+
+# this is temporary; keys will eventually
+# be child entries or compound attributes.
+attributetype ( 1.3.6.1.4.1.5322.10.1.10
+ NAME 'krb5Key'
+ DESC 'Encoded ASN1 Key as an octet string'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
+
+attributetype ( 1.3.6.1.4.1.5322.10.1.11
+ NAME 'krb5PrincipalRealm'
+ DESC 'Distinguished name of krb5Realm entry'
+ SUP distinguishedName )
+
+attributetype ( 1.3.6.1.4.1.5322.10.1.12
+ NAME 'krb5RealmName'
+ EQUALITY octetStringMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
+
+# Object class definitions
+
+objectclass ( 1.3.6.1.4.1.5322.10.2.1
+ NAME 'krb5Principal'
+ SUP top
+ AUXILIARY
+ MUST ( krb5PrincipalName )
+ MAY ( cn $ krb5PrincipalRealm ) )
+
+objectclass ( 1.3.6.1.4.1.5322.10.2.2
+ NAME 'krb5KDCEntry'
+ SUP krb5Principal
+ AUXILIARY
+ MUST ( krb5KeyVersionNumber )
+ MAY ( krb5ValidStart $ krb5ValidEnd $ krb5PasswordEnd $
+ krb5MaxLife $ krb5MaxRenew $ krb5KDCFlags $
+ krb5EncryptionType $ krb5Key ) )
+
+objectclass ( 1.3.6.1.4.1.5322.10.2.3
+ NAME 'krb5Realm'
+ SUP top
+ AUXILIARY
+ MUST ( krb5RealmName ) )
+
diff --git a/files/schema/license.schema b/files/schema/license.schema
new file mode 100644
index 0000000..ec7a1f6
--- /dev/null
+++ b/files/schema/license.schema
@@ -0,0 +1,176 @@
+# Copyright 2004-2017 Univention GmbH
+#
+# http://www.univention.de/
+#
+# All rights reserved.
+#
+# The source code of this program is made available
+# under the terms of the GNU Affero General Public License version 3
+# (GNU AGPL V3) as published by the Free Software Foundation.
+#
+# Binary versions of this program provided by Univention to you as
+# well as other copyrighted, protected or trademarked materials like
+# Logos, graphics, fonts, specific documentations and configurations,
+# cryptographic keys etc. are subject to a license agreement between
+# you and Univention and not subject to the GNU AGPL V3.
+#
+# In the case you use this program under the terms of the GNU AGPL V3,
+# the program is provided in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public
+# License with the Debian GNU/Linux or Univention distribution in file
+# /usr/share/common-licenses/AGPL-3; if not, see
+# .
+
+# 1.3.6.1.4.1.10176.1000
+
+# References
+attributetype ( 1.3.6.1.4.1.10176.1700 NAME ( 'univentionLicenseModule' )
+ DESC 'Licence Module'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.1702 NAME ( 'univentionLicenseBaseDN' )
+ DESC 'Licenceesystem identify'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.1703 NAME ( 'univentionLicenseEndDate' )
+ DESC 'License end date'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.1705 NAME ( 'univentionLicenseSignature' )
+ DESC 'Licence Signature'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.1706 NAME ( 'univentionLicenseAccounts' )
+ DESC 'Deprecated: License maximum number of users'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.1707 NAME ( 'univentionLicenseClients' )
+ DESC 'Deprecated: License maximum number of clients'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.1708 NAME ( 'univentionLicenseGroupwareAccounts' )
+ DESC 'Deprecated: License maximum number of groupware accounts'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.1709 NAME ( 'univentionLicenseuniventionDesktops' )
+ DESC 'Deprecated: License maximum number of UCS managed desktops'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.1710 NAME ( 'univentionLicenseType' )
+ DESC 'Deprecated: License type containing the products this license used for'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+
+attributetype ( 1.3.6.1.4.1.10176.1711 NAME ( 'univentionLicenseOEMProduct' )
+ DESC 'OEM License type containing the OEM products this license is used for'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+
+attributetype ( 1.3.6.1.4.1.10176.1712.1.1 NAME ( 'univentionLicensePhysicalServers' )
+ DESC 'Deprecated: License maximum number of physical UCS servers'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+
+attributetype ( 1.3.6.1.4.1.10176.1712.1.2 NAME ( 'univentionLicenseServerInstances' )
+ DESC 'Deprecated: License maximum number of UCS server instances'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+
+attributetype ( 1.3.6.1.4.1.10176.1712.1.3 NAME ( 'univentionLicenseThinClients' )
+ DESC 'Deprecated: License maximum number of thin clients'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+
+attributetype ( 1.3.6.1.4.1.10176.1712.1.4 NAME ( 'univentionLicenseVirtualDesktops' )
+ DESC 'Deprecated: License maximum number of virtual desktops'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+
+attributetype ( 1.3.6.1.4.1.10176.1712.1.6 NAME ( 'univentionLicenseProduct' )
+ DESC 'Name of the product'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+
+attributetype ( 1.3.6.1.4.1.10176.1712.1.7 NAME ( 'univentionLicenseKeyID' )
+ DESC 'KeyID of the license'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+
+attributetype ( 1.3.6.1.4.1.10176.1712.1.8 NAME ( 'univentionLicenseServers' )
+ DESC 'License maximum of servers'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+
+attributetype ( 1.3.6.1.4.1.10176.1712.1.9 NAME ( 'univentionLicenseSupport' )
+ DESC 'License maximum of servers with standard support'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+
+attributetype ( 1.3.6.1.4.1.10176.1712.1.10 NAME ( 'univentionLicensePremiumSupport' )
+ DESC 'License maximum of servers with premium support'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+
+attributetype ( 1.3.6.1.4.1.10176.1712.1.11 NAME ( 'univentionLicenseManagedClients' )
+ DESC 'License maximum of servers with premium support'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+
+attributetype ( 1.3.6.1.4.1.10176.1712.1.12 NAME ( 'univentionLicenseCorporateClients' )
+ DESC 'License maximum of UCC systems'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+
+attributetype ( 1.3.6.1.4.1.10176.1712.1.13 NAME ( 'univentionLicenseUsers' )
+ DESC 'License maximum of users'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+
+attributetype ( 1.3.6.1.4.1.10176.1712.1.14 NAME ( 'univentionLicenseVirtualDesktopUsers' )
+ DESC 'License maximum of users for DVS'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+
+attributetype ( 1.3.6.1.4.1.10176.1712.1.15 NAME ( 'univentionLicenseVirtualDesktopClients' )
+ DESC 'License maximum of clients for DVS'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+
+attributetype ( 1.3.6.1.4.1.10176.1712.1.16 NAME ( 'univentionLicenseVersion' )
+ DESC 'Version of the license format'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+
+objectclass ( 1.3.6.1.4.1.10176.1799 NAME ( 'univentionLicense' )
+ DESC 'univention Licence Object'
+ SUP 'top' STRUCTURAL
+ MUST ( cn $
+ univentionLicenseEndDate $
+ univentionLicenseBaseDN $ univentionLicenseSignature )
+ MAY (
+ univentionLicenseProduct $ univentionLicenseKeyID $
+ univentionLicenseOEMProduct $ univentionLicenseServers $
+ univentionLicenseSupport $ univentionLicensePremiumSupport $
+ univentionLicenseManagedClients $ univentionLicenseUsers $
+ univentionLicenseVirtualDesktopUsers $ univentionLicenseVirtualDesktopClients $
+ univentionLicenseCorporateClients $ univentionLicenseVersion $
+ univentionLicenseAccounts $ univentionLicenseClients $
+ univentionLicenseGroupwareAccounts $
+ univentionLicenseuniventionDesktops $ univentionLicenseType $
+ univentionLicensePhysicalServers $ univentionLicenseServerInstances $
+ univentionLicenseThinClients $ univentionLicenseVirtualDesktops $
+ univentionLicenseModule
+ ) )
+
diff --git a/files/schema/lock.schema b/files/schema/lock.schema
new file mode 100644
index 0000000..afa9650
--- /dev/null
+++ b/files/schema/lock.schema
@@ -0,0 +1,46 @@
+# Copyright 2004-2017 Univention GmbH
+#
+# http://www.univention.de/
+#
+# All rights reserved.
+#
+# The source code of this program is made available
+# under the terms of the GNU Affero General Public License version 3
+# (GNU AGPL V3) as published by the Free Software Foundation.
+#
+# Binary versions of this program provided by Univention to you as
+# well as other copyrighted, protected or trademarked materials like
+# Logos, graphics, fonts, specific documentations and configurations,
+# cryptographic keys etc. are subject to a license agreement between
+# you and Univention and not subject to the GNU AGPL V3.
+#
+# In the case you use this program under the terms of the GNU AGPL V3,
+# the program is provided in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public
+# License with the Debian GNU/Linux or Univention distribution in file
+# /usr/share/common-licenses/AGPL-3; if not, see
+# .
+
+attributetype ( 1.3.6.1.4.1.10176.92 NAME 'lockTime'
+ DESC 'time the lock was set in place in seconds since epoch'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+objectclass ( 1.3.6.1.4.1.10176.94 NAME 'lock'
+ DESC 'Locks a value or component specified by cn. lockTime is the timestamp of the lock.'
+ MUST ( cn $ lockTime ))
+
+attributetype ( 1.3.6.1.4.1.10176.96 NAME 'univentionLastUsedValue'
+ DESC 'the last used value'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+objectclass ( 1.3.6.1.4.1.10176.98 NAME 'univentionLastUsed'
+ DESC 'save the last used value'
+ SUP top AUXILIARY
+ MUST ( cn )
+ MAY ( univentionLastUsedValue ) )
diff --git a/files/schema/mail.schema b/files/schema/mail.schema
new file mode 100644
index 0000000..a1f231a
--- /dev/null
+++ b/files/schema/mail.schema
@@ -0,0 +1,204 @@
+# Copyright 2004-2017 Univention GmbH
+#
+# http://www.univention.de/
+#
+# All rights reserved.
+#
+# The source code of this program is made available
+# under the terms of the GNU Affero General Public License version 3
+# (GNU AGPL V3) as published by the Free Software Foundation.
+#
+# Binary versions of this program provided by Univention to you as
+# well as other copyrighted, protected or trademarked materials like
+# Logos, graphics, fonts, specific documentations and configurations,
+# cryptographic keys etc. are subject to a license agreement between
+# you and Univention and not subject to the GNU AGPL V3.
+#
+# In the case you use this program under the terms of the GNU AGPL V3,
+# the program is provided in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public
+# License with the Debian GNU/Linux or Univention distribution in file
+# /usr/share/common-licenses/AGPL-3; if not, see
+# .
+
+# mail.schema
+# $OID: 1.3.6.1.4.1.10176.1010
+
+attributetype ( 1.3.6.1.4.1.10176.1010.1.1 NAME 'mailPrimaryAddress'
+ SUBSTR caseIgnoreSubstringsMatch
+ DESC 'Primary mailaddresses for the user'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.1010.1.2 NAME 'mailAlternativeAddress'
+ SUBSTR caseIgnoreSubstringsMatch
+ DESC 'Secondary (alias) mailaddresses for the same user'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.1010.1.3 NAME 'mailGlobalSpamFolder'
+ DESC 'Move Spam to global spam folder instead of local spam folder'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.1010.1.10 NAME 'mailRelay'
+ SUBSTR caseIgnoreSubstringsMatch
+ DESC 'Domain Mail Relay'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+objectclass ( 1.3.6.1.4.1.10176.1010.2.10 NAME 'univentionMailDomain'
+ DESC 'Univention Mail Domain Preferences' SUP top AUXILIARY
+ MAY ( mailRelay ) )
+
+attributetype ( 1.3.6.1.4.1.10176.1010.1.41 NAME 'univentionCanonicalSenderRewriteEnabled'
+ DESC 'rewrite sender addresses?'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{10} SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.1010.1.42 NAME 'univentionCanonicalRecipientRewriteEnabled'
+ DESC 'rewrite recipient addresses?'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{10} SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.1010.1.43 NAME 'univentionInternalPrimaryMailAddress'
+ DESC 'primary mail address of user'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.1010.1.44 NAME 'univentionInternalAlternativeMailAddress'
+ DESC 'additional mail addresses'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 1.3.6.1.4.1.10176.1010.1.45 NAME 'univentionPublicPrimaryMailAddress'
+ DESC 'public mail address of user'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.1010.1.46 NAME 'univentionPublicAlternativeMailAddress'
+ DESC 'additional mail addresses'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 1.3.6.1.4.1.10176.1010.1.47 NAME 'mailForwardAddress'
+ SUBSTR caseIgnoreSubstringsMatch
+ DESC 'External mail addresses to forward the users emails to'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+
+objectclass ( 1.3.6.1.4.1.10176.1010.2.40 NAME 'univentionMailCanonicalMaps'
+ DESC 'data for rewriting mail addresses'
+ SUP top AUXILIARY
+ MAY ( univentionCanonicalSenderRewriteEnabled $ univentionCanonicalRecipientRewriteEnabled $
+ univentionInternalPrimaryMailAddress $ univentionInternalAlternativeMailAddress $
+ univentionPublicPrimaryMailAddress $ univentionPublicAlternativeMailAddress ) )
+
+
+attributetype ( 1.3.6.1.4.1.10176.1010.1.60 NAME 'univentionMailHomeServer'
+ DESC 'home server of users mailbox'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} SINGLE-VALUE )
+
+objectclass ( 1.3.6.1.4.1.10176.1010.2.60 NAME 'univentionMailRouting'
+ DESC 'data for routing mails'
+ SUP top AUXILIARY
+ MAY ( univentionMailHomeServer ) )
+
+
+
+attributetype ( 1.3.6.1.4.1.10176.1010.1.70 NAME 'univentionMailserverFQDN'
+ DESC 'list of available mailserver fqdn'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+objectclass ( 1.3.6.1.4.1.10176.1010.2.70 NAME 'univentionMailserverList'
+ DESC 'data for routing mails'
+ SUP top AUXILIARY
+ MAY ( univentionMailserverFQDN ) )
+
+attributetype ( 1.3.6.1.4.1.10176.1010.1.80 NAME 'univentionAllowedEmailUsers'
+ DESC 'Users that are allowed to send e-mails'
+ EQUALITY distinguishedNameMatch
+ SUP distinguishedName )
+
+attributetype ( 1.3.6.1.4.1.10176.1010.1.81 NAME 'univentionAllowedEmailGroups'
+ DESC 'Groups that are allowed to send e-mails'
+ EQUALITY distinguishedNameMatch
+ SUP distinguishedName )
+
+
+
+attributetype ( 1.3.6.1.4.1.10176.1010.1.90
+ NAME 'univentionMailUserNamespace'
+ DESC 'use namespace "user" instead of "shared" for shared folders'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.1010.1.91
+ NAME 'univentionMailSharedFolderDeliveryAddress'
+ DESC 'use given mailaddress for mail delivery to shared folder'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.1010.1.92
+ NAME 'univentionMailUserQuota'
+ DESC 'Mailbox hard quota limit in MB'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1010.1.93
+ NAME 'univentionMailACL'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectclass ( 1.3.6.1.4.1.10176.1010.2.90
+ NAME 'univentionMailSharedFolder'
+ DESC 'Univention shared folder'
+ SUP top STRUCTURAL
+ MUST ( cn )
+ MAY ( mailPrimaryAddress $ mailAlternativeAddress $ univentionMailUserNamespace $ univentionMailSharedFolderDeliveryAddress $ univentionMailACL $ univentionMailUserQuota $ univentionMailHomeServer ) )
+
+
+attributetype ( 1.3.6.1.4.1.10176.1010.1.100
+ NAME 'univentionMailMember'
+ DESC 'Univention Mailinglist Member'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectclass ( 1.3.6.1.4.1.10176.1010.2.100
+ NAME 'univentionMailList'
+ DESC 'Univention Mailinglist'
+ SUP top STRUCTURAL
+ MUST ( cn )
+ MAY (mailPrimaryAddress $ description $ univentionMailMember $ univentionAllowedEmailGroups $ univentionAllowedEmailUsers) )
+
+
+objectclass ( 1.3.6.1.4.1.10176.1012.2.1
+ NAME 'univentionMailDomainname'
+ DESC 'Univention Mail Domain'
+ SUP top STRUCTURAL
+ MUST ( cn ) )
+
+
+objectclass ( 1.3.6.1.4.1.10176.1010.2.1 NAME 'univentionMail'
+ DESC 'Univention Mail Preferences' SUP top AUXILIARY
+ MUST ( uid )
+ MAY ( univentionMailHomeServer $ mailPrimaryAddress $ mailAlternativeAddress $ mailGlobalSpamFolder $ univentionMailUserQuota $ mailForwardAddress ) )
diff --git a/files/schema/misc.schema b/files/schema/misc.schema
new file mode 100644
index 0000000..e636135
--- /dev/null
+++ b/files/schema/misc.schema
@@ -0,0 +1,75 @@
+# misc.schema -- assorted schema definitions
+# $OpenLDAP$
+## This work is part of OpenLDAP Software .
+##
+## Copyright 1998-2015 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## .
+#
+# Assorted definitions from several sources, including
+# ''works in progress''. Contents of this file are
+# subject to change (including deletion) without notice.
+#
+# Not recommended for production use!
+# Use with extreme caution!
+
+#-----------------------------------------------------------
+# draft-lachman-laser-ldap-mail-routing-02.txt !!!EXPIRED!!!
+# (a work in progress)
+#
+attributetype ( 2.16.840.1.113730.3.1.13
+ NAME 'mailLocalAddress'
+ DESC 'RFC822 email address of this recipient'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+attributetype ( 2.16.840.1.113730.3.1.18
+ NAME 'mailHost'
+ DESC 'FQDN of the SMTP/MTA of this recipient'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
+ SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113730.3.1.47
+ NAME 'mailRoutingAddress'
+ DESC 'RFC822 routing address of this recipient'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
+ SINGLE-VALUE )
+
+# I-D leaves this OID TBD.
+# iPlanet uses 2.16.840.1.113.730.3.2.147 but that is an
+# improperly delegated OID. A typo is likely.
+objectclass ( 2.16.840.1.113730.3.2.147
+ NAME 'inetLocalMailRecipient'
+ DESC 'Internet local mail recipient'
+ SUP top AUXILIARY
+ MAY ( mailLocalAddress $ mailHost $ mailRoutingAddress ) )
+
+#-----------------------------------------------------------
+# draft-srivastava-ldap-mail-00.txt !!!EXPIRED!!!
+# (a work in progress)
+#
+attributetype ( 1.3.6.1.4.1.42.2.27.2.1.15
+ NAME 'rfc822MailMember'
+ DESC 'rfc822 mail address of group member(s)'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+#-----------------------------------------------------------
+# !!!no I-D!!!
+# (a work in progress)
+#
+objectclass ( 1.3.6.1.4.1.42.2.27.1.2.5
+ NAME 'nisMailAlias'
+ DESC 'NIS mail alias'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY rfc822MailMember )
diff --git a/files/schema/msgpo.schema b/files/schema/msgpo.schema
new file mode 100644
index 0000000..9653eee
--- /dev/null
+++ b/files/schema/msgpo.schema
@@ -0,0 +1,95 @@
+# Copyright 2012-2017 Univention GmbH
+#
+# http://www.univention.de/
+#
+# All rights reserved.
+#
+# The source code of this program is made available
+# under the terms of the GNU Affero General Public License version 3
+# (GNU AGPL V3) as published by the Free Software Foundation.
+#
+# Binary versions of this program provided by Univention to you as
+# well as other copyrighted, protected or trademarked materials like
+# Logos, graphics, fonts, specific documentations and configurations,
+# cryptographic keys etc. are subject to a license agreement between
+# you and Univention and not subject to the GNU AGPL V3.
+#
+# In the case you use this program under the terms of the GNU AGPL V3,
+# the program is provided in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public
+# License with the Debian GNU/Linux or Univention distribution in file
+# /usr/share/common-licenses/AGPL-3; if not, see
+# .
+
+# OID: 1.3.6.1.4.1.10176.4105
+attributetype ( 1.3.6.1.4.1.10176.4105.1.1 NAME 'msGPOLink'
+ DESC 'MS Group Policy Link'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectclass ( 1.3.6.1.4.1.10176.4105.2.1 NAME 'msGPO'
+ DESC 'MS Group Policy'
+ SUP top AUXILIARY
+ MAY ( msGPOLink ) )
+
+attributetype ( 1.3.6.1.4.1.10176.4105.1.2 NAME 'msGPOFlags'
+ DESC 'MS Group Policy Container Flags'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.4105.1.3 NAME 'msGPOVersionNumber'
+ DESC 'MS Group Policy Container Version Number'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.4105.1.4 NAME 'msGPOSystemFlags'
+ DESC 'MS Group Policy Container System Flags'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.4105.1.5 NAME 'msGPOFunctionalityVersion'
+ DESC 'MS Group Policy Container Functionality Version'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.4105.1.6 NAME 'msGPOFileSysPath'
+ DESC 'MS Group Policy Container Sys Path'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.4105.1.7 NAME 'msGPOMachineExtensionNames'
+ DESC 'MS Group Policy Container Machine Extension Names'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.4105.1.8 NAME 'msGPOUserExtensionNames'
+ DESC 'MS Group Policy Container User Extension Names'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.4105.1.9 NAME 'msGPOWQLFilter'
+ DESC 'MS Group Policy Container WQL Filter'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectclass ( 1.3.6.1.4.1.10176.4105.2.2 NAME 'msGPOContainer'
+ DESC 'MS GPO Policy Container'
+ SUP top STRUCTURAL
+ Must ( cn )
+ MAY (
+ description $
+ displayName $
+ msGPOFlags $
+ msGPOVersionNumber $
+ msGPOSystemFlags $
+ msGPOFunctionalityVersion $
+ msGPOFileSysPath $
+ msGPOUserExtensionNames $
+ msGPOMachineExtensionNames $
+ msGPOWQLFilter
+ )
+ )
diff --git a/files/schema/msprintconnectionpolicy.schema b/files/schema/msprintconnectionpolicy.schema
new file mode 100644
index 0000000..19e5b4b
--- /dev/null
+++ b/files/schema/msprintconnectionpolicy.schema
@@ -0,0 +1,67 @@
+# Copyright 2013-2017 Univention GmbH
+#
+# http://www.univention.de/
+#
+# All rights reserved.
+#
+# The source code of this program is made available
+# under the terms of the GNU Affero General Public License version 3
+# (GNU AGPL V3) as published by the Free Software Foundation.
+#
+# Binary versions of this program provided by Univention to you as
+# well as other copyrighted, protected or trademarked materials like
+# Logos, graphics, fonts, specific documentations and configurations,
+# cryptographic keys etc. are subject to a license agreement between
+# you and Univention and not subject to the GNU AGPL V3.
+#
+# In the case you use this program under the terms of the GNU AGPL V3,
+# the program is provided in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public
+# License with the Debian GNU/Linux or Univention distribution in file
+# /usr/share/common-licenses/AGPL-3; if not, see
+# .
+
+# OID: 1.3.6.1.4.1.10176.4107
+
+# single, enumeration - printAttributes
+attributetype ( 1.3.6.1.4.1.10176.4107.1.1 NAME 'msPrintAttributes'
+ DESC 'msPrintAttributes'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+# single, String(Unicode) - printerName
+attributetype ( 1.3.6.1.4.1.10176.4107.1.2 NAME 'msPrinterName'
+ DESC 'msPrinterName'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+# single, String(Unicode) - serverName
+attributetype ( 1.3.6.1.4.1.10176.4107.1.3 NAME 'msPrintServerName'
+ DESC 'msPrintServerName'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+# single, String(Unicode) - uNCName
+attributetype ( 1.3.6.1.4.1.10176.4107.1.4 NAME 'msPrintUNCName'
+ DESC 'msPrintUNCName'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+# msPrint-ConnectionPolicy
+objectclass ( 1.3.6.1.4.1.10176.4107.2.1 NAME 'msPrintConnectionPolicy'
+ DESC 'msPrintConnectionPolicy'
+ SUP top STRUCTURAL
+ Must ( cn )
+ MAY (
+ description $
+ displayName $
+ msPrintAttributes $
+ msPrinterName $
+ msPrintServerName $
+ msPrintUNCName
+ )
+ )
diff --git a/files/schema/mswmi.schema b/files/schema/mswmi.schema
new file mode 100644
index 0000000..ef70cdb
--- /dev/null
+++ b/files/schema/mswmi.schema
@@ -0,0 +1,121 @@
+# Copyright 2013-2017 Univention GmbH
+#
+# http://www.univention.de/
+#
+# All rights reserved.
+#
+# The source code of this program is made available
+# under the terms of the GNU Affero General Public License version 3
+# (GNU AGPL V3) as published by the Free Software Foundation.
+#
+# Binary versions of this program provided by Univention to you as
+# well as other copyrighted, protected or trademarked materials like
+# Logos, graphics, fonts, specific documentations and configurations,
+# cryptographic keys etc. are subject to a license agreement between
+# you and Univention and not subject to the GNU AGPL V3.
+#
+# In the case you use this program under the terms of the GNU AGPL V3,
+# the program is provided in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public
+# License with the Debian GNU/Linux or Univention distribution in file
+# /usr/share/common-licenses/AGPL-3; if not, see
+# .
+
+# OID: 1.3.6.1.4.1.10176.4106
+attributetype ( 1.3.6.1.4.1.10176.4106.1.1 NAME 'msWMIName'
+ DESC 'MS WMI Name'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.4106.1.2 NAME 'msWMIID'
+ DESC 'MS WMI ID'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.4106.1.3 NAME 'msWMIAuthor'
+ DESC 'MS WMI Author'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.4106.1.4 NAME 'msWMICreationDate'
+ DESC 'MS WMI Creation Date'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.4106.1.5 NAME 'msWMIChangeDate'
+ DESC 'MS WMI Change Date'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.4106.1.6 NAME 'msWMIParm1'
+ DESC 'MS WMI Parm1'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.4106.1.7 NAME 'msWMIParm2'
+ DESC 'MS WMI Parm2'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.4106.1.8 NAME 'msWMIParm3'
+ DESC 'MS WMI Parm3'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.4106.1.9 NAME 'msWMIParm4'
+ DESC 'MS WMI Parm4'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.4106.1.10 NAME 'msWMIintFlags1'
+ DESC 'MS WMI Integer Flags 1'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+attributetype ( 1.3.6.1.4.1.10176.4106.1.11 NAME 'msWMIintFlags2'
+ DESC 'MS WMI Integer Flags 2'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+attributetype ( 1.3.6.1.4.1.10176.4106.1.12 NAME 'msWMIintFlags3'
+ DESC 'MS WMI Integer Flags 3'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+attributetype ( 1.3.6.1.4.1.10176.4106.1.13 NAME 'msWMIintFlags4'
+ DESC 'MS WMI Integer Flags 4'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+attributetype ( 1.3.6.1.4.1.10176.4106.1.14 NAME 'msWMISourceOrganization'
+ DESC 'MS WMI Source Organization'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectclass ( 1.3.6.1.4.1.10176.4106.2.1 NAME 'msWMISom'
+ DESC 'MS WMI SOM'
+ SUP top STRUCTURAL
+ Must (
+ cn $
+ msWMIName $
+ msWMIID
+ )
+ MAY (
+ msWMIAuthor $
+ msWMICreationDate $
+ msWMIChangeDate $
+ msWMIParm1 $
+ msWMIParm2 $
+ msWMIParm3 $
+ msWMIParm4 $
+ msWMIintFlags1 $
+ msWMIintFlags2 $
+ msWMIintFlags3 $
+ msWMIintFlags4 $
+ msWMISourceOrganization
+ )
+ )
diff --git a/files/schema/nagios.schema b/files/schema/nagios.schema
new file mode 100644
index 0000000..4d25891
--- /dev/null
+++ b/files/schema/nagios.schema
@@ -0,0 +1,198 @@
+# Copyright 2004-2017 Univention GmbH
+#
+# http://www.univention.de/
+#
+# All rights reserved.
+#
+# The source code of this program is made available
+# under the terms of the GNU Affero General Public License version 3
+# (GNU AGPL V3) as published by the Free Software Foundation.
+#
+# Binary versions of this program provided by Univention to you as
+# well as other copyrighted, protected or trademarked materials like
+# Logos, graphics, fonts, specific documentations and configurations,
+# cryptographic keys etc. are subject to a license agreement between
+# you and Univention and not subject to the GNU AGPL V3.
+#
+# In the case you use this program under the terms of the GNU AGPL V3,
+# the program is provided in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public
+# License with the Debian GNU/Linux or Univention distribution in file
+# /usr/share/common-licenses/AGPL-3; if not, see
+# .
+#
+# univention owns the namespace 10176.
+#
+#
+# Univention Nagios OID Prefix: 1.3.6.1.4.1.10176.1040.
+#
+# 1.3.6.1.4.1.10176.1040 nagios objekte
+# 1.3.6.1.4.1.10176.1040.1 timeperiod objekt
+# 1.3.6.1.4.1.10176.1040.2 service objekt
+# 1.3.6.1.4.1.10176.1040.3 host objekt
+# 1.3.6.1.4.1.10176.1040.1XXX common nagios attributes
+
+
+#
+# common attributes
+#
+attributetype ( 1.3.6.1.4.1.10176.1040.1001 NAME 'univentionNagiosActiveChecksEnabled'
+ DESC 'active service checks enabled?'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{10} SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.1040.1002 NAME 'univentionNagiosPassiveChecksEnabled'
+ DESC 'passive service checks enabled?'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{10} SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.1040.1003 NAME 'univentionNagiosCheckCommand'
+ DESC 'name of the nagios plugin'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.1040.1004 NAME 'univentionNagiosCheckArgs'
+ DESC 'nagios plugin arguments'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256})
+
+attributetype ( 1.3.6.1.4.1.10176.1040.1005 NAME 'univentionNagiosEventHandlerEnabled'
+ DESC 'event handler enabled?'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{10} SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.1040.1006 NAME 'univentionNagiosCheckPeriod'
+ DESC 'checks are done within the given timeperiod'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.1040.1007 NAME 'univentionNagiosMaxCheckAttempts'
+ DESC 'maximum number of check attempts'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{10} SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.1040.1008 NAME 'univentionNagiosNormalCheckInterval'
+ DESC 'time between to check under normal conditions'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{10} SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.1040.1009 NAME 'univentionNagiosRetryCheckInterval'
+ DESC 'time until next check if previous check failed'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{10} SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.1040.1010 NAME 'univentionNagiosContactGroup'
+ DESC 'notify this contact group'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 1.3.6.1.4.1.10176.1040.1011 NAME 'univentionNagiosNotificationInterval'
+ DESC 'interval length between two notifications'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{10} SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.1040.1012 NAME 'univentionNagiosNotificationPeriod'
+ DESC 'send notifications during this timeperiod'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.1040.1013 NAME 'univentionNagiosNotificationOptions'
+ DESC 'notification options'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.1040.1014 NAME 'univentionNagiosHostname'
+ DESC 'email address'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1040.1015 NAME 'univentionNagiosEmail'
+ DESC 'email address'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1040.1016 NAME 'univentionNagiosEnabled'
+ DESC 'email address'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+
+#
+# timeperiod specific attributes and timeperiod class
+#
+attributetype ( 1.3.6.1.4.1.10176.1040.1.2 NAME 'univentionNagiosTimeperiod'
+ DESC 'nagios timeperiod'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+objectclass ( 1.3.6.1.4.1.10176.1040.1.1 NAME 'univentionNagiosTimeperiodClass'
+ DESC 'Nagios Timeperiod Definition'
+ SUP top STRUCTURAL
+ MUST ( cn $ description )
+ MAY ( univentionNagiosTimeperiod ) )
+
+
+
+
+
+#
+# service specific attributes and service class
+#
+attributetype ( 1.3.6.1.4.1.10176.1040.2.2 NAME 'univentionNagiosUseNRPE'
+ DESC 'activate usage of NRPE'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+objectclass ( 1.3.6.1.4.1.10176.1040.2.1 NAME 'univentionNagiosServiceClass'
+ DESC 'Nagios Service Definition'
+ SUP top STRUCTURAL
+ MUST ( cn $
+ univentionNagiosCheckCommand $
+ univentionNagiosCheckPeriod $
+ univentionNagiosMaxCheckAttempts $ univentionNagiosNormalCheckInterval $
+ univentionNagiosRetryCheckInterval $
+ univentionNagiosNotificationInterval $ univentionNagiosNotificationPeriod $
+ univentionNagiosNotificationOptions )
+ MAY ( description $ univentionNagiosHostname $ univentionNagiosCheckArgs $ univentionNagiosUseNRPE )
+ )
+
+
+
+
+
+#
+# host specific attributes and host class
+#
+attributetype ( 1.3.6.1.4.1.10176.1040.3.2 NAME 'univentionNagiosParent'
+ DESC 'parent hosts'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectclass ( 1.3.6.1.4.1.10176.1040.3.1 NAME 'univentionNagiosHostClass'
+ DESC 'Nagios Host Extension'
+ SUP top AUXILIARY
+ MUST ( cn )
+ MAY ( univentionNagiosEmail $ univentionNagiosParent $ univentionNagiosEnabled)
+ )
diff --git a/files/schema/network.schema b/files/schema/network.schema
new file mode 100644
index 0000000..07edc0c
--- /dev/null
+++ b/files/schema/network.schema
@@ -0,0 +1,68 @@
+# Copyright 2004-2017 Univention GmbH
+#
+# http://www.univention.de/
+#
+# All rights reserved.
+#
+# The source code of this program is made available
+# under the terms of the GNU Affero General Public License version 3
+# (GNU AGPL V3) as published by the Free Software Foundation.
+#
+# Binary versions of this program provided by Univention to you as
+# well as other copyrighted, protected or trademarked materials like
+# Logos, graphics, fonts, specific documentations and configurations,
+# cryptographic keys etc. are subject to a license agreement between
+# you and Univention and not subject to the GNU AGPL V3.
+#
+# In the case you use this program under the terms of the GNU AGPL V3,
+# the program is provided in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public
+# License with the Debian GNU/Linux or Univention distribution in file
+# /usr/share/common-licenses/AGPL-3; if not, see
+# .
+
+attributetype ( 1.3.6.1.4.1.10176.500.1.1 NAME 'univentionNetwork'
+ DESC 'Network object in Univention Directory Manager'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.500.1.2 NAME 'univentionNetmask'
+ DESC 'Netmask object'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.500.1.3 NAME 'univentionIpRange'
+ DESC 'IP range for network objects'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.500.1.4 NAME 'univentionNextIp'
+ DESC 'Stores the next available IP address of a network'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.500.1.5 NAME 'univentionDnsForwardZone'
+ DESC 'DNS forward zone object'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.500.1.6 NAME 'univentionDnsReverseZone'
+ DESC 'DNS reverse zone object'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.500.1.7 NAME 'univentionDhcpEntry'
+ DESC 'DHCP host entry'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+
+objectclass ( 1.3.6.1.4.1.10176.500.2.1 NAME 'univentionNetworkClass'
+ DESC 'Univention Network'
+ SUP top STRUCTURAL
+ MUST ( cn $ univentionNetwork $ univentionNetmask )
+ MAY ( univentionIpRange $ univentionNextIp $ univentionDnsForwardZone $ univentionDnsReverseZone $ univentionDhcpEntry) )
diff --git a/files/schema/networkaccess.schema b/files/schema/networkaccess.schema
new file mode 100644
index 0000000..d010084
--- /dev/null
+++ b/files/schema/networkaccess.schema
@@ -0,0 +1,14 @@
+objectIdentifier univentionNetworkAccess 1.3.6.1.4.1.10176.4205
+objectIdentifier univentionNetworkAccessAttributeType univentionNetworkAccess:1
+objectIdentifier univentionNetworkAccessObjectClass univentionNetworkAccess:2
+
+attributetype ( univentionNetworkAccessAttributeType NAME 'univentionNetworkAccess'
+ DESC 'Allow 802.1X network access'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+objectclass ( univentionNetworkAccessObjectClass NAME 'univentionNetworkAccess'
+ DESC 'Network access rules'
+ SUP top AUXILIARY
+ MAY ( univentionNetworkAccess )
+ )
diff --git a/files/schema/nextcloud.schema b/files/schema/nextcloud.schema
new file mode 100644
index 0000000..cbcceb4
--- /dev/null
+++ b/files/schema/nextcloud.schema
@@ -0,0 +1,59 @@
+#--------------------------------------------------------------------------
+# Copyright (c) 2017 Arthur Schiwon
+#
+# Author: Arthur Schiwon
+#--------------------------------------------------------------------------
+# GNU AGPL version 3 or any later version
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+#
+#--------------------------------------------------------------------------
+# 1.3.6.1.4.1.49213 Nextcloud OID
+# 1.3.6.1.4.1.49213.1 Nextcloud LDAP Elements
+# 1.3.6.1.4.1.49213.1.1 AttributeTypes
+# 1.3.6.1.4.1.49213.1.2 ObjectClasses
+#--------------------------------------------------------------------------
+
+# Attribute Types
+#-----------------
+
+attributetype ( 1.3.6.1.4.1.49213.1.1.1 NAME 'nextcloudEnabled'
+ DESC 'whether user or group should be available in Nextcloud'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+
+attributetype ( 1.3.6.1.4.1.49213.1.1.2 NAME 'nextcloudQuota'
+ DESC 'defines how much disk space is available for the user'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+# Object Classes
+#---------------
+
+objectclass ( 1.3.6.1.4.1.49213.1.2.1 NAME 'nextcloudUser'
+ DESC 'A Nextcloud user'
+ SUP top AUXILIARY
+ MUST ( cn )
+ MAY ( nextcloudEnabled $ nextcloudQuota )
+ )
+
+objectclass ( 1.3.6.1.4.1.49213.1.2.2 NAME 'nextcloudGroup'
+ DESC 'A Nextcloud group'
+ SUP top AUXILIARY
+ MUST ( cn )
+ MAY ( nextcloudEnabled )
+ )
diff --git a/files/schema/nis.schema b/files/schema/nis.schema
new file mode 100644
index 0000000..15ccc2c
--- /dev/null
+++ b/files/schema/nis.schema
@@ -0,0 +1,239 @@
+# $OpenLDAP$
+## This work is part of OpenLDAP Software .
+##
+## Copyright 1998-2015 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## .
+
+# Definitions from RFC2307 (Experimental)
+# An Approach for Using LDAP as a Network Information Service
+
+# Depends upon core.schema and cosine.schema
+
+# Note: The definitions in RFC2307 are given in syntaxes closely related
+# to those in RFC2252, however, some liberties are taken that are not
+# supported by RFC2252. This file has been written following RFC2252
+# strictly.
+
+# OID Base is iso(1) org(3) dod(6) internet(1) directory(1) nisSchema(1).
+# i.e. nisSchema in RFC2307 is 1.3.6.1.1.1
+#
+# Syntaxes are under 1.3.6.1.1.1.0 (two new syntaxes are defined)
+# validaters for these syntaxes are incomplete, they only
+# implement printable string validation (which is good as the
+# common use of these syntaxes violates the specification).
+# Attribute types are under 1.3.6.1.1.1.1
+# Object classes are under 1.3.6.1.1.1.2
+
+# Attribute Type Definitions
+
+# builtin
+#attributetype ( 1.3.6.1.1.1.1.0 NAME 'uidNumber'
+# DESC 'An integer uniquely identifying a user in an administrative domain'
+# EQUALITY integerMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+# builtin
+#attributetype ( 1.3.6.1.1.1.1.1 NAME 'gidNumber'
+# DESC 'An integer uniquely identifying a group in an administrative domain'
+# EQUALITY integerMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.2 NAME 'gecos'
+ DESC 'The GECOS field; the common name'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory'
+ DESC 'The absolute path to the home directory'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.4 NAME 'loginShell'
+ DESC 'The path to the login shell'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.6 NAME 'shadowMin'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.7 NAME 'shadowMax'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire'
+ EQUALITY integerMatch
+ ORDERING integerOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.12 NAME 'memberUid'
+ EQUALITY caseExactMatch
+ SUBSTR caseExactSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple'
+ DESC 'Netgroup triple'
+ SYNTAX 1.3.6.1.1.1.0.0 )
+
+attributetype ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol'
+ SUP name )
+
+attributetype ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber'
+ DESC 'IP address'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
+
+attributetype ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber'
+ DESC 'IP network'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber'
+ DESC 'IP netmask'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.22 NAME 'macAddress'
+ DESC 'MAC address'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
+
+attributetype ( 1.3.6.1.1.1.1.23 NAME 'bootParameter'
+ DESC 'rpc.bootparamd parameter'
+ SYNTAX 1.3.6.1.1.1.0.1 )
+
+attributetype ( 1.3.6.1.1.1.1.24 NAME 'bootFile'
+ DESC 'Boot image name'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.1.1.1.26 NAME 'nisMapName'
+ SUP name )
+
+attributetype ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1024} SINGLE-VALUE )
+
+# Object Class Definitions
+
+objectclass ( 1.3.6.1.1.1.2.0 NAME 'posixAccount'
+ DESC 'Abstraction of an account with POSIX attributes'
+ SUP top AUXILIARY
+ MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory )
+ MAY ( userPassword $ loginShell $ gecos $ description ) )
+
+objectclass ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount'
+ DESC 'Additional attributes for shadow passwords'
+ SUP top AUXILIARY
+ MUST uid
+ MAY ( userPassword $ shadowLastChange $ shadowMin $
+ shadowMax $ shadowWarning $ shadowInactive $
+ shadowExpire $ shadowFlag $ description ) )
+
+objectclass ( 1.3.6.1.1.1.2.2 NAME 'posixGroup'
+ DESC 'Abstraction of a group of accounts'
+ SUP top STRUCTURAL
+ MUST ( cn $ gidNumber )
+ MAY ( userPassword $ memberUid $ description ) )
+
+objectclass ( 1.3.6.1.1.1.2.3 NAME 'ipService'
+ DESC 'Abstraction an Internet Protocol service'
+ SUP top STRUCTURAL
+ MUST ( cn $ ipServicePort $ ipServiceProtocol )
+ MAY ( description ) )
+
+objectclass ( 1.3.6.1.1.1.2.4 NAME 'ipProtocol'
+ DESC 'Abstraction of an IP protocol'
+ SUP top STRUCTURAL
+ MUST ( cn $ ipProtocolNumber $ description )
+ MAY description )
+
+objectclass ( 1.3.6.1.1.1.2.5 NAME 'oncRpc'
+ DESC 'Abstraction of an ONC/RPC binding'
+ SUP top STRUCTURAL
+ MUST ( cn $ oncRpcNumber $ description )
+ MAY description )
+
+objectclass ( 1.3.6.1.1.1.2.6 NAME 'ipHost'
+ DESC 'Abstraction of a host, an IP device'
+ SUP top AUXILIARY
+ MUST ( cn $ ipHostNumber )
+ MAY ( l $ description $ manager ) )
+
+objectclass ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork'
+ DESC 'Abstraction of an IP network'
+ SUP top STRUCTURAL
+ MUST ( cn $ ipNetworkNumber )
+ MAY ( ipNetmaskNumber $ l $ description $ manager ) )
+
+objectclass ( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup'
+ DESC 'Abstraction of a netgroup'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( nisNetgroupTriple $ memberNisNetgroup $ description ) )
+
+objectclass ( 1.3.6.1.1.1.2.9 NAME 'nisMap'
+ DESC 'A generic abstraction of a NIS map'
+ SUP top STRUCTURAL
+ MUST nisMapName
+ MAY description )
+
+objectclass ( 1.3.6.1.1.1.2.10 NAME 'nisObject'
+ DESC 'An entry in a NIS map'
+ SUP top STRUCTURAL
+ MUST ( cn $ nisMapEntry $ nisMapName )
+ MAY description )
+
+objectclass ( 1.3.6.1.1.1.2.11 NAME 'ieee802Device'
+ DESC 'A device with a MAC address'
+ SUP top AUXILIARY
+ MAY macAddress )
+
+objectclass ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice'
+ DESC 'A device with boot parameters'
+ SUP top AUXILIARY
+ MAY ( bootFile $ bootParameter ) )
diff --git a/files/schema/openldap.schema b/files/schema/openldap.schema
new file mode 100644
index 0000000..cd00946
--- /dev/null
+++ b/files/schema/openldap.schema
@@ -0,0 +1,54 @@
+# $OpenLDAP$
+## This work is part of OpenLDAP Software .
+##
+## Copyright 1998-2015 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## .
+
+#
+# OpenLDAP Project's directory schema items
+#
+# depends upon:
+# core.schema
+# cosine.schema
+# inetorgperson.schema
+#
+# These are provided for informational purposes only.
+
+objectIdentifier OpenLDAProot 1.3.6.1.4.1.4203
+
+objectIdentifier OpenLDAP OpenLDAProot:1
+objectIdentifier OpenLDAPattributeType OpenLDAP:3
+objectIdentifier OpenLDAPobjectClass OpenLDAP:4
+
+objectClass ( OpenLDAPobjectClass:3
+ NAME 'OpenLDAPorg'
+ DESC 'OpenLDAP Organizational Object'
+ SUP organization
+ MAY ( buildingName $ displayName $ labeledURI ) )
+
+objectClass ( OpenLDAPobjectClass:4
+ NAME 'OpenLDAPou'
+ DESC 'OpenLDAP Organizational Unit Object'
+ SUP organizationalUnit
+ MAY ( buildingName $ displayName $ labeledURI $ o ) )
+
+objectClass ( OpenLDAPobjectClass:5
+ NAME 'OpenLDAPperson'
+ DESC 'OpenLDAP Person'
+ SUP ( pilotPerson $ inetOrgPerson )
+ MUST ( uid $ cn )
+ MAY ( givenName $ labeledURI $ o ) )
+
+objectClass ( OpenLDAPobjectClass:6
+ NAME 'OpenLDAPdisplayableObject'
+ DESC 'OpenLDAP Displayable Object'
+ AUXILIARY
+ MAY displayName )
diff --git a/files/schema/openproject.schema b/files/schema/openproject.schema
new file mode 100644
index 0000000..93283f4
--- /dev/null
+++ b/files/schema/openproject.schema
@@ -0,0 +1,21 @@
+attributetype ( 1.3.6.1.4.1.10176.99998.6696237932.1.2
+ NAME 'openprojectActivated'
+ DESC 'Attribute created by the App Center integration for Extended Attributes'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 EQUALITY booleanMatch
+ SINGLE-VALUE
+ )
+
+attributetype ( 1.3.6.1.4.1.10176.99998.6696237932.1.1
+ NAME 'openproject-isadmin'
+ DESC 'Attribute created by the App Center integration for Extended Attributes'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch
+ SINGLE-VALUE
+ )
+
+objectclass ( 1.3.6.1.4.1.10176.99998.6696237932.0.1
+ NAME 'openproject-user'
+ DESC 'Attribute created by the App Center integration for Extended Attributes'
+ AUXILIARY
+ MAY ( openproject-isadmin $ openprojectActivated )
+ SUP top
+ )
\ No newline at end of file
diff --git a/files/schema/pmi.schema b/files/schema/pmi.schema
new file mode 100644
index 0000000..bc3ca0b
--- /dev/null
+++ b/files/schema/pmi.schema
@@ -0,0 +1,476 @@
+# OpenLDAP X.509 PMI schema
+# $OpenLDAP$
+## This work is part of OpenLDAP Software .
+##
+## Copyright 1998-2014 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## .
+#
+
+# The version of this file as distributed by the OpenLDAP Foundation
+# contains text claiming copyright by the Internet Society and including
+# the IETF RFC license, which does not meet Debian's Free Software
+# Guidelines. However, apart from short and obvious comments, the text of
+# this file is purely a functional interface specification, which is not
+# subject to that license and is not copyrightable under US law.
+#
+# The license statement is retained below so as not to remove credit, but
+# as best as we can determine, it is not applicable to the contents of
+# this file.
+
+## Portions Copyright (C) The Internet Society (1997-2006).
+## All Rights Reserved.
+##
+## This document and translations of it may be copied and furnished to
+## others, and derivative works that comment on or otherwise explain it
+## or assist in its implementation may be prepared, copied, published
+## and distributed, in whole or in part, without restriction of any
+## kind, provided that the above copyright notice and this paragraph are
+## included on all such copies and derivative works. However, this
+## document itself may not be modified in any way, such as by removing
+## the copyright notice or references to the Internet Society or other
+## Internet organizations, except as needed for the purpose of
+## developing Internet standards in which case the procedures for
+## copyrights defined in the Internet Standards process must be
+## followed, or as required to translate it into languages other than
+## English.
+##
+## The limited permissions granted above are perpetual and will not be
+## revoked by the Internet Society or its successors or assigns.
+##
+## This document and the information contained herein is provided on an
+## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
+## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+#
+#
+# Includes LDAPv3 schema items from:
+# ITU X.509 (08/2005)
+#
+## X.509 (08/2005) pp. 120-121
+##
+## -- object identifier assignments --
+## -- object classes --
+## id-oc-pmiUser OBJECT IDENTIFIER ::= {id-oc 24}
+## id-oc-pmiAA OBJECT IDENTIFIER ::= {id-oc 25}
+## id-oc-pmiSOA OBJECT IDENTIFIER ::= {id-oc 26}
+## id-oc-attCertCRLDistributionPts OBJECT IDENTIFIER ::= {id-oc 27}
+## id-oc-privilegePolicy OBJECT IDENTIFIER ::= {id-oc 32}
+## id-oc-pmiDelegationPath OBJECT IDENTIFIER ::= {id-oc 33}
+## id-oc-protectedPrivilegePolicy OBJECT IDENTIFIER ::= {id-oc 34}
+## -- directory attributes --
+## id-at-attributeCertificate OBJECT IDENTIFIER ::= {id-at 58}
+## id-at-attributeCertificateRevocationList OBJECT IDENTIFIER ::= {id-at 59}
+## id-at-aACertificate OBJECT IDENTIFIER ::= {id-at 61}
+## id-at-attributeDescriptorCertificate OBJECT IDENTIFIER ::= {id-at 62}
+## id-at-attributeAuthorityRevocationList OBJECT IDENTIFIER ::= {id-at 63}
+## id-at-privPolicy OBJECT IDENTIFIER ::= {id-at 71}
+## id-at-role OBJECT IDENTIFIER ::= {id-at 72}
+## id-at-delegationPath OBJECT IDENTIFIER ::= {id-at 73}
+## id-at-protPrivPolicy OBJECT IDENTIFIER ::= {id-at 74}
+## id-at-xMLPrivilegeInfo OBJECT IDENTIFIER ::= {id-at 75}
+## id-at-xMLPprotPrivPolicy OBJECT IDENTIFIER ::= {id-at 76}
+## -- attribute certificate extensions --
+## id-ce-authorityAttributeIdentifier OBJECT IDENTIFIER ::= {id-ce 38}
+## id-ce-roleSpecCertIdentifier OBJECT IDENTIFIER ::= {id-ce 39}
+## id-ce-basicAttConstraints OBJECT IDENTIFIER ::= {id-ce 41}
+## id-ce-delegatedNameConstraints OBJECT IDENTIFIER ::= {id-ce 42}
+## id-ce-timeSpecification OBJECT IDENTIFIER ::= {id-ce 43}
+## id-ce-attributeDescriptor OBJECT IDENTIFIER ::= {id-ce 48}
+## id-ce-userNotice OBJECT IDENTIFIER ::= {id-ce 49}
+## id-ce-sOAIdentifier OBJECT IDENTIFIER ::= {id-ce 50}
+## id-ce-acceptableCertPolicies OBJECT IDENTIFIER ::= {id-ce 52}
+## id-ce-targetInformation OBJECT IDENTIFIER ::= {id-ce 55}
+## id-ce-noRevAvail OBJECT IDENTIFIER ::= {id-ce 56}
+## id-ce-acceptablePrivilegePolicies OBJECT IDENTIFIER ::= {id-ce 57}
+## id-ce-indirectIssuer OBJECT IDENTIFIER ::= {id-ce 61}
+## id-ce-noAssertion OBJECT IDENTIFIER ::= {id-ce 62}
+## id-ce-issuedOnBehalfOf OBJECT IDENTIFIER ::= {id-ce 64}
+## -- PMI matching rules --
+## id-mr-attributeCertificateMatch OBJECT IDENTIFIER ::= {id-mr 42}
+## id-mr-attributeCertificateExactMatch OBJECT IDENTIFIER ::= {id-mr 45}
+## id-mr-holderIssuerMatch OBJECT IDENTIFIER ::= {id-mr 46}
+## id-mr-authAttIdMatch OBJECT IDENTIFIER ::= {id-mr 53}
+## id-mr-roleSpecCertIdMatch OBJECT IDENTIFIER ::= {id-mr 54}
+## id-mr-basicAttConstraintsMatch OBJECT IDENTIFIER ::= {id-mr 55}
+## id-mr-delegatedNameConstraintsMatch OBJECT IDENTIFIER ::= {id-mr 56}
+## id-mr-timeSpecMatch OBJECT IDENTIFIER ::= {id-mr 57}
+## id-mr-attDescriptorMatch OBJECT IDENTIFIER ::= {id-mr 58}
+## id-mr-acceptableCertPoliciesMatch OBJECT IDENTIFIER ::= {id-mr 59}
+## id-mr-delegationPathMatch OBJECT IDENTIFIER ::= {id-mr 61}
+## id-mr-sOAIdentifierMatch OBJECT IDENTIFIER ::= {id-mr 66}
+## id-mr-indirectIssuerMatch OBJECT IDENTIFIER ::= {id-mr 67}
+##
+##
+## X.509 (08/2005) pp. 71, 86-89
+##
+## 14.4.1 Role attribute
+## role ATTRIBUTE ::= {
+## WITH SYNTAX RoleSyntax
+## ID id-at-role }
+## RoleSyntax ::= SEQUENCE {
+## roleAuthority [0] GeneralNames OPTIONAL,
+## roleName [1] GeneralName }
+##
+## 14.5 XML privilege information attribute
+## xmlPrivilegeInfo ATTRIBUTE ::= {
+## WITH SYNTAX UTF8String -- contains XML-encoded privilege information
+## ID id-at-xMLPrivilegeInfo }
+##
+## 17.1 PMI directory object classes
+##
+## 17.1.1 PMI user object class
+## pmiUser OBJECT-CLASS ::= {
+## -- a PMI user (i.e., a "holder")
+## SUBCLASS OF {top}
+## KIND auxiliary
+## MAY CONTAIN {attributeCertificateAttribute}
+## ID id-oc-pmiUser }
+##
+## 17.1.2 PMI AA object class
+## pmiAA OBJECT-CLASS ::= {
+## -- a PMI AA
+## SUBCLASS OF {top}
+## KIND auxiliary
+## MAY CONTAIN {aACertificate |
+## attributeCertificateRevocationList |
+## attributeAuthorityRevocationList}
+## ID id-oc-pmiAA }
+##
+## 17.1.3 PMI SOA object class
+## pmiSOA OBJECT-CLASS ::= { -- a PMI Source of Authority
+## SUBCLASS OF {top}
+## KIND auxiliary
+## MAY CONTAIN {attributeCertificateRevocationList |
+## attributeAuthorityRevocationList |
+## attributeDescriptorCertificate}
+## ID id-oc-pmiSOA }
+##
+## 17.1.4 Attribute certificate CRL distribution point object class
+## attCertCRLDistributionPt OBJECT-CLASS ::= {
+## SUBCLASS OF {top}
+## KIND auxiliary
+## MAY CONTAIN { attributeCertificateRevocationList |
+## attributeAuthorityRevocationList }
+## ID id-oc-attCertCRLDistributionPts }
+##
+## 17.1.5 PMI delegation path
+## pmiDelegationPath OBJECT-CLASS ::= {
+## SUBCLASS OF {top}
+## KIND auxiliary
+## MAY CONTAIN { delegationPath }
+## ID id-oc-pmiDelegationPath }
+##
+## 17.1.6 Privilege policy object class
+## privilegePolicy OBJECT-CLASS ::= {
+## SUBCLASS OF {top}
+## KIND auxiliary
+## MAY CONTAIN {privPolicy }
+## ID id-oc-privilegePolicy }
+##
+## 17.1.7 Protected privilege policy object class
+## protectedPrivilegePolicy OBJECT-CLASS ::= {
+## SUBCLASS OF {top}
+## KIND auxiliary
+## MAY CONTAIN {protPrivPolicy }
+## ID id-oc-protectedPrivilegePolicy }
+##
+## 17.2 PMI Directory attributes
+##
+## 17.2.1 Attribute certificate attribute
+## attributeCertificateAttribute ATTRIBUTE ::= {
+## WITH SYNTAX AttributeCertificate
+## EQUALITY MATCHING RULE attributeCertificateExactMatch
+## ID id-at-attributeCertificate }
+##
+## 17.2.2 AA certificate attribute
+## aACertificate ATTRIBUTE ::= {
+## WITH SYNTAX AttributeCertificate
+## EQUALITY MATCHING RULE attributeCertificateExactMatch
+## ID id-at-aACertificate }
+##
+## 17.2.3 Attribute descriptor certificate attribute
+## attributeDescriptorCertificate ATTRIBUTE ::= {
+## WITH SYNTAX AttributeCertificate
+## EQUALITY MATCHING RULE attributeCertificateExactMatch
+## ID id-at-attributeDescriptorCertificate }
+##
+## 17.2.4 Attribute certificate revocation list attribute
+## attributeCertificateRevocationList ATTRIBUTE ::= {
+## WITH SYNTAX CertificateList
+## EQUALITY MATCHING RULE certificateListExactMatch
+## ID id-at-attributeCertificateRevocationList}
+##
+## 17.2.5 AA certificate revocation list attribute
+## attributeAuthorityRevocationList ATTRIBUTE ::= {
+## WITH SYNTAX CertificateList
+## EQUALITY MATCHING RULE certificateListExactMatch
+## ID id-at-attributeAuthorityRevocationList }
+##
+## 17.2.6 Delegation path attribute
+## delegationPath ATTRIBUTE ::= {
+## WITH SYNTAX AttCertPath
+## ID id-at-delegationPath }
+## AttCertPath ::= SEQUENCE OF AttributeCertificate
+##
+## 17.2.7 Privilege policy attribute
+## privPolicy ATTRIBUTE ::= {
+## WITH SYNTAX PolicySyntax
+## ID id-at-privPolicy }
+##
+## 17.2.8 Protected privilege policy attribute
+## protPrivPolicy ATTRIBUTE ::= {
+## WITH SYNTAX AttributeCertificate
+## EQUALITY MATCHING RULE attributeCertificateExactMatch
+## ID id-at-protPrivPolicy }
+##
+## 17.2.9 XML Protected privilege policy attribute
+## xmlPrivPolicy ATTRIBUTE ::= {
+## WITH SYNTAX UTF8String -- contains XML-encoded privilege policy information
+## ID id-at-xMLPprotPrivPolicy }
+##
+
+## -- object identifier assignments --
+## -- object classes --
+objectidentifier id-oc-pmiUser 2.5.6.24
+objectidentifier id-oc-pmiAA 2.5.6.25
+objectidentifier id-oc-pmiSOA 2.5.6.26
+objectidentifier id-oc-attCertCRLDistributionPts 2.5.6.27
+objectidentifier id-oc-privilegePolicy 2.5.6.32
+objectidentifier id-oc-pmiDelegationPath 2.5.6.33
+objectidentifier id-oc-protectedPrivilegePolicy 2.5.6.34
+## -- directory attributes --
+objectidentifier id-at-attributeCertificate 2.5.4.58
+objectidentifier id-at-attributeCertificateRevocationList 2.5.4.59
+objectidentifier id-at-aACertificate 2.5.4.61
+objectidentifier id-at-attributeDescriptorCertificate 2.5.4.62
+objectidentifier id-at-attributeAuthorityRevocationList 2.5.4.63
+objectidentifier id-at-privPolicy 2.5.4.71
+objectidentifier id-at-role 2.5.4.72
+objectidentifier id-at-delegationPath 2.5.4.73
+objectidentifier id-at-protPrivPolicy 2.5.4.74
+objectidentifier id-at-xMLPrivilegeInfo 2.5.4.75
+objectidentifier id-at-xMLPprotPrivPolicy 2.5.4.76
+## -- attribute certificate extensions --
+## id-ce-authorityAttributeIdentifier OBJECT IDENTIFIER ::= {id-ce 38}
+## id-ce-roleSpecCertIdentifier OBJECT IDENTIFIER ::= {id-ce 39}
+## id-ce-basicAttConstraints OBJECT IDENTIFIER ::= {id-ce 41}
+## id-ce-delegatedNameConstraints OBJECT IDENTIFIER ::= {id-ce 42}
+## id-ce-timeSpecification OBJECT IDENTIFIER ::= {id-ce 43}
+## id-ce-attributeDescriptor OBJECT IDENTIFIER ::= {id-ce 48}
+## id-ce-userNotice OBJECT IDENTIFIER ::= {id-ce 49}
+## id-ce-sOAIdentifier OBJECT IDENTIFIER ::= {id-ce 50}
+## id-ce-acceptableCertPolicies OBJECT IDENTIFIER ::= {id-ce 52}
+## id-ce-targetInformation OBJECT IDENTIFIER ::= {id-ce 55}
+## id-ce-noRevAvail OBJECT IDENTIFIER ::= {id-ce 56}
+## id-ce-acceptablePrivilegePolicies OBJECT IDENTIFIER ::= {id-ce 57}
+## id-ce-indirectIssuer OBJECT IDENTIFIER ::= {id-ce 61}
+## id-ce-noAssertion OBJECT IDENTIFIER ::= {id-ce 62}
+## id-ce-issuedOnBehalfOf OBJECT IDENTIFIER ::= {id-ce 64}
+## -- PMI matching rules --
+objectidentifier id-mr 2.5.13
+objectidentifier id-mr-attributeCertificateMatch id-mr:42
+objectidentifier id-mr-attributeCertificateExactMatch id-mr:45
+objectidentifier id-mr-holderIssuerMatch id-mr:46
+objectidentifier id-mr-authAttIdMatch id-mr:53
+objectidentifier id-mr-roleSpecCertIdMatch id-mr:54
+objectidentifier id-mr-basicAttConstraintsMatch id-mr:55
+objectidentifier id-mr-delegatedNameConstraintsMatch id-mr:56
+objectidentifier id-mr-timeSpecMatch id-mr:57
+objectidentifier id-mr-attDescriptorMatch id-mr:58
+objectidentifier id-mr-acceptableCertPoliciesMatch id-mr:59
+objectidentifier id-mr-delegationPathMatch id-mr:61
+objectidentifier id-mr-sOAIdentifierMatch id-mr:66
+objectidentifier id-mr-indirectIssuerMatch id-mr:67
+## -- syntaxes --
+## NOTE: 1.3.6.1.4.1.4203.666.11.10 is the oid arc assigned by OpenLDAP
+## to this work in progress
+objectidentifier AttributeCertificate 1.3.6.1.4.1.4203.666.11.10.2.1
+objectidentifier CertificateList 1.3.6.1.4.1.1466.115.121.1.9
+objectidentifier AttCertPath 1.3.6.1.4.1.4203.666.11.10.2.4
+objectidentifier PolicySyntax 1.3.6.1.4.1.4203.666.11.10.2.5
+objectidentifier RoleSyntax 1.3.6.1.4.1.4203.666.11.10.2.6
+# NOTE: OIDs from (expired)
+#objectidentifier AttributeCertificate 1.2.826.0.1.3344810.7.5
+#objectidentifier AttCertPath 1.2.826.0.1.3344810.7.10
+#objectidentifier PolicySyntax 1.2.826.0.1.3344810.7.17
+#objectidentifier RoleSyntax 1.2.826.0.1.3344810.7.13
+##
+## Substitute syntaxes
+##
+## AttCertPath
+ldapsyntax ( 1.3.6.1.4.1.4203.666.11.10.2.4
+ NAME 'AttCertPath'
+ DESC 'X.509 PMI attribute cartificate path: SEQUENCE OF AttributeCertificate'
+ X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' )
+##
+## PolicySyntax
+ldapsyntax ( 1.3.6.1.4.1.4203.666.11.10.2.5
+ NAME 'PolicySyntax'
+ DESC 'X.509 PMI policy syntax'
+ X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' )
+##
+## RoleSyntax
+ldapsyntax ( 1.3.6.1.4.1.4203.666.11.10.2.6
+ NAME 'RoleSyntax'
+ DESC 'X.509 PMI role syntax'
+ X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' )
+##
+## X.509 (08/2005) pp. 71, 86-89
+##
+## 14.4.1 Role attribute
+attributeType ( id-at-role
+ NAME 'role'
+ DESC 'X.509 Role attribute, use ;binary'
+ SYNTAX RoleSyntax )
+##
+## 14.5 XML privilege information attribute
+## -- contains XML-encoded privilege information
+attributeType ( id-at-xMLPrivilegeInfo
+ NAME 'xmlPrivilegeInfo'
+ DESC 'X.509 XML privilege information attribute'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+##
+## 17.2 PMI Directory attributes
+##
+## 17.2.1 Attribute certificate attribute
+attributeType ( id-at-attributeCertificate
+ NAME 'attributeCertificateAttribute'
+ DESC 'X.509 Attribute certificate attribute, use ;binary'
+ SYNTAX AttributeCertificate
+ EQUALITY attributeCertificateExactMatch )
+##
+## 17.2.2 AA certificate attribute
+attributeType ( id-at-aACertificate
+ NAME 'aACertificate'
+ DESC 'X.509 AA certificate attribute, use ;binary'
+ SYNTAX AttributeCertificate
+ EQUALITY attributeCertificateExactMatch )
+##
+## 17.2.3 Attribute descriptor certificate attribute
+attributeType ( id-at-attributeDescriptorCertificate
+ NAME 'attributeDescriptorCertificate'
+ DESC 'X.509 Attribute descriptor certificate attribute, use ;binary'
+ SYNTAX AttributeCertificate
+ EQUALITY attributeCertificateExactMatch )
+##
+## 17.2.4 Attribute certificate revocation list attribute
+attributeType ( id-at-attributeCertificateRevocationList
+ NAME 'attributeCertificateRevocationList'
+ DESC 'X.509 Attribute certificate revocation list attribute, use ;binary'
+ SYNTAX CertificateList
+ X-EQUALITY 'certificateListExactMatch, not implemented yet' )
+##
+## 17.2.5 AA certificate revocation list attribute
+attributeType ( id-at-attributeAuthorityRevocationList
+ NAME 'attributeAuthorityRevocationList'
+ DESC 'X.509 AA certificate revocation list attribute, use ;binary'
+ SYNTAX CertificateList
+ X-EQUALITY 'certificateListExactMatch, not implemented yet' )
+##
+## 17.2.6 Delegation path attribute
+attributeType ( id-at-delegationPath
+ NAME 'delegationPath'
+ DESC 'X.509 Delegation path attribute, use ;binary'
+ SYNTAX AttCertPath )
+## AttCertPath ::= SEQUENCE OF AttributeCertificate
+##
+## 17.2.7 Privilege policy attribute
+attributeType ( id-at-privPolicy
+ NAME 'privPolicy'
+ DESC 'X.509 Privilege policy attribute, use ;binary'
+ SYNTAX PolicySyntax )
+##
+## 17.2.8 Protected privilege policy attribute
+attributeType ( id-at-protPrivPolicy
+ NAME 'protPrivPolicy'
+ DESC 'X.509 Protected privilege policy attribute, use ;binary'
+ SYNTAX AttributeCertificate
+ EQUALITY attributeCertificateExactMatch )
+##
+## 17.2.9 XML Protected privilege policy attribute
+## -- contains XML-encoded privilege policy information
+attributeType ( id-at-xMLPprotPrivPolicy
+ NAME 'xmlPrivPolicy'
+ DESC 'X.509 XML Protected privilege policy attribute'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+##
+## 17.1 PMI directory object classes
+##
+## 17.1.1 PMI user object class
+## -- a PMI user (i.e., a "holder")
+objectClass ( id-oc-pmiUser
+ NAME 'pmiUser'
+ DESC 'X.509 PMI user object class'
+ SUP top
+ AUXILIARY
+ MAY ( attributeCertificateAttribute ) )
+##
+## 17.1.2 PMI AA object class
+## -- a PMI AA
+objectClass ( id-oc-pmiAA
+ NAME 'pmiAA'
+ DESC 'X.509 PMI AA object class'
+ SUP top
+ AUXILIARY
+ MAY ( aACertificate $
+ attributeCertificateRevocationList $
+ attributeAuthorityRevocationList
+ ) )
+##
+## 17.1.3 PMI SOA object class
+## -- a PMI Source of Authority
+objectClass ( id-oc-pmiSOA
+ NAME 'pmiSOA'
+ DESC 'X.509 PMI SOA object class'
+ SUP top
+ AUXILIARY
+ MAY ( attributeCertificateRevocationList $
+ attributeAuthorityRevocationList $
+ attributeDescriptorCertificate
+ ) )
+##
+## 17.1.4 Attribute certificate CRL distribution point object class
+objectClass ( id-oc-attCertCRLDistributionPts
+ NAME 'attCertCRLDistributionPt'
+ DESC 'X.509 Attribute certificate CRL distribution point object class'
+ SUP top
+ AUXILIARY
+ MAY ( attributeCertificateRevocationList $
+ attributeAuthorityRevocationList
+ ) )
+##
+## 17.1.5 PMI delegation path
+objectClass ( id-oc-pmiDelegationPath
+ NAME 'pmiDelegationPath'
+ DESC 'X.509 PMI delegation path'
+ SUP top
+ AUXILIARY
+ MAY ( delegationPath ) )
+##
+## 17.1.6 Privilege policy object class
+objectClass ( id-oc-privilegePolicy
+ NAME 'privilegePolicy'
+ DESC 'X.509 Privilege policy object class'
+ SUP top
+ AUXILIARY
+ MAY ( privPolicy ) )
+##
+## 17.1.7 Protected privilege policy object class
+objectClass ( id-oc-protectedPrivilegePolicy
+ NAME 'protectedPrivilegePolicy'
+ DESC 'X.509 Protected privilege policy object class'
+ SUP top
+ AUXILIARY
+ MAY ( protPrivPolicy ) )
+
diff --git a/files/schema/policy.schema b/files/schema/policy.schema
new file mode 100644
index 0000000..1dbfae5
--- /dev/null
+++ b/files/schema/policy.schema
@@ -0,0 +1,964 @@
+# Copyright 2004-2017 Univention GmbH
+#
+# http://www.univention.de/
+#
+# All rights reserved.
+#
+# The source code of this program is made available
+# under the terms of the GNU Affero General Public License version 3
+# (GNU AGPL V3) as published by the Free Software Foundation.
+#
+# Binary versions of this program provided by Univention to you as
+# well as other copyrighted, protected or trademarked materials like
+# Logos, graphics, fonts, specific documentations and configurations,
+# cryptographic keys etc. are subject to a license agreement between
+# you and Univention and not subject to the GNU AGPL V3.
+#
+# In the case you use this program under the terms of the GNU AGPL V3,
+# the program is provided in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public
+# License with the Debian GNU/Linux or Univention distribution in file
+# /usr/share/common-licenses/AGPL-3; if not, see
+# .
+
+# policy.schema
+# $Id: policy.schema,v 1.39.2.6.2.27.2.11 2006/12/01 07:45:41 andreas Exp $
+
+# $OID: 1.3.6.1.4.1.10176.1000 (Policies) $
+
+# $OID: 1.3.6.1.4.1.10176.1000 (References) $
+# reverted to old OIDs to make slapd accept these on sles8
+attributetype ( 1.3.6.1.4.1.10176.1000 NAME 'univentionPolicyReference'
+ DESC 'referenced policy objects'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+objectclass ( 1.3.6.1.4.1.10176.1002 NAME 'univentionPolicyReference'
+ AUXILIARY
+ DESC 'reference to policy object'
+ MAY ( univentionPolicyReference ))
+
+# $OID: 1.3.6.1.4.1.10176.1000.2 (Policy objects) $
+attributetype ( 1.3.6.1.4.1.10176.1000.2.1.1 NAME 'requiredObjectClasses'
+ DESC 'required objectClasses'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.2.1.2 NAME 'prohibitedObjectClasses'
+ DESC 'prohibited objectClasses'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.2.1.3 NAME 'fixedAttributes'
+ DESC 'fixed attributes'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.2.1.4 NAME 'emptyAttributes'
+ DESC 'empty attributes'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.2.1.5 NAME 'ldapFilter'
+ DESC 'ldap filter string'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectclass ( 1.3.6.1.4.1.10176.1000.2.2.1 NAME 'univentionPolicy'
+ SUP 'top' STRUCTURAL
+ DESC 'policy object'
+ MUST ( cn )
+ MAY ( requiredObjectClasses $ prohibitedObjectClasses $ fixedAttributes $ emptyAttributes $ ldapFilter))
+
+attributetype ( 1.3.6.1.4.1.10176.1000.2.1.10 NAME 'univentionRegistry'
+ DESC 'registry entry'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectclass ( 1.3.6.1.4.1.10176.1000.2.2.10 NAME 'univentionPolicyRegistry'
+ SUP 'univentionPolicy' STRUCTURAL
+ DESC 'registry policy object'
+ MAY ( univentionRegistry ))
+
+# $OID: 1.3.6.1.4.1.10176.1000.3 (X) $
+attributetype ( 1.3.6.1.4.1.10176.1000.3.1.1 NAME 'univentionXResolution'
+ DESC 'X resolution [client]'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.1000.3.1.2 NAME 'univentionXColorDepth'
+ DESC 'X color depth [client]'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.1000.3.1.3 NAME 'univentionXMouseProtocol'
+ DESC 'X mouse protocol [client]'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.1000.3.1.4 NAME 'univentionXMouseDevice'
+ DESC 'X mouse device [client]'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.1000.3.1.5 NAME 'univentionXKeyboardLayout'
+ DESC 'X keyboard layout [client]'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.1000.3.1.6 NAME 'univentionXKeyboardVariant'
+ DESC 'X keyboard variant [client]'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.1000.3.1.7 NAME 'univentionXHSync'
+ DESC 'X horizontal sync rate [client]'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.1000.3.1.8 NAME 'univentionXVRefresh'
+ DESC 'X vertical refresh rate [client]'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.1000.3.1.9 NAME 'univentionXModule'
+ DESC 'X module (4.x) or X server (3.x)'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.1000.3.1.10 NAME 'univentionXDisplaySize'
+ DESC 'Display Size [client]'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.1000.3.1.11 NAME 'univentionXVNCExportType'
+ DESC 'VNC Export Type'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.1000.3.1.12 NAME 'univentionXVNCExportViewonly'
+ DESC 'VNC Export Viewonly Option'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.1000.3.1.13 NAME 'univentionXVideoRam'
+ DESC 'Amount of RAM on the graphics board'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.1000.3.1.14 NAME 'univentionXAutoDetect'
+ DESC 'Defines if auto detection of the X.org configuration should be used'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.1000.3.1.15 NAME 'univentionXDisplayPrimary'
+ DESC 'The primary display in dual monitor setups'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.1000.3.1.16 NAME 'univentionXDisplaySecondary'
+ DESC 'The secondary display in dual monitor setups'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.1000.3.1.17 NAME 'univentionXDisplayPosition'
+ DESC 'The relative position of the secondary display in dual monitor setups'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.1000.3.1.18 NAME 'univentionXDisplayVirtualSize'
+ DESC 'The relative position of the secondary display in dual monitor setups'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.1000.3.1.19 NAME 'univentionXResolutionSecondary'
+ DESC 'X resolution of the secondary display in dual monitor setups'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.1000.3.1.20 NAME 'univentionXHSyncSecondary'
+ DESC 'X horizontal sync rate of secondary display'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.1000.3.1.21 NAME 'univentionXVRefreshSecondary'
+ DESC 'X vertical refresh rate of secondary display'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.1000.3.1.22 NAME 'univentionXDisplaySizeSecondary'
+ DESC 'Display Size of secondary display'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+
+objectclass ( 1.3.6.1.4.1.10176.1000.3.2.1 NAME 'univentionPolicyXConfiguration'
+ SUP 'univentionPolicy' STRUCTURAL
+ DESC 'X configuration policy object'
+ MAY ( univentionXResolution $
+ univentionXColorDepth $ univentionXMouseProtocol $
+ univentionXMouseDevice $ univentionXKeyboardLayout $
+ univentionXKeyboardVariant $ univentionXHSync $
+ univentionXVRefresh $ univentionXModule $
+ univentionXVNCExportType $ univentionXVNCExportViewonly $
+ univentionXVideoRam $ univentionXDisplaySize $ univentionXAutoDetect $
+ univentionXDisplayPrimary $ univentionXDisplaySecondary $
+ univentionXDisplayPosition $ univentionXDisplayVirtualSize $
+ univentionXResolutionSecondary $ univentionXHSyncSecondary $
+ univentionXVRefreshSecondary $ univentionXDisplaySizeSecondary ))
+
+# $OID: 1.3.6.1.4.1.10176.1000.4 (Sound) $
+attributetype ( 1.3.6.1.4.1.10176.1000.4.1.1 NAME 'univentionSoundEnabled'
+ DESC 'enable sound [client]'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.1000.4.1.2 NAME 'univentionSoundModule'
+ DESC 'sound kernel module to use [client]'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+objectclass ( 1.3.6.1.4.1.10176.1000.4.2.1 NAME 'univentionPolicySoundConfiguration'
+ SUP 'univentionPolicy' STRUCTURAL
+ DESC 'Sound configuration policy object'
+ MAY ( univentionSoundEnabled $ univentionSoundModule ))
+
+
+# 1.3.6.1.4.1.10176.1000.5 (Thin Client) $
+attributetype ( 1.3.6.1.4.1.10176.1000.5.1.1 NAME 'univentionDesktopServer'
+ DESC 'terminal server for the client'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.5.1.2 NAME 'univentionFileServer'
+ DESC 'file server for the client'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.5.1.3 NAME 'univentionWindowsTerminalServer'
+ DESC 'Windows Terminal Server for rdesktop'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.5.1.4 NAME 'univentionWindowsDomain'
+ DESC 'Windows Domain for rdesktop'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.5.1.5 NAME 'univentionAuthServer'
+ DESC 'authentication server for the client'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+
+objectclass ( 1.3.6.1.4.1.10176.1000.5.2.1 NAME 'univentionPolicyThinClient'
+ SUP 'univentionPolicy' STRUCTURAL
+ DESC 'Thin client policy object'
+ MAY ( univentionDesktopServer $ univentionFileServer $ univentionWindowsTerminalServer $ univentionWindowsDomain $ univentionAuthServer ))
+
+# 1.3.6.1.4.1.10176.1000.6 (DHCP) $
+
+# 1.3.6.1.4.1.10176.1000.6.1 (DHCP - DNS) $
+attributetype ( 1.3.6.1.4.1.10176.1000.6.1.1.1 NAME 'univentionDhcpDomainName'
+ DESC 'domain-name'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+attributetype ( 1.3.6.1.4.1.10176.1000.6.1.1.2 NAME 'univentionDhcpDomainNameServers'
+ DESC 'domain-name-servers'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+objectclass ( 1.3.6.1.4.1.10176.1000.6.1.2.1 NAME 'univentionPolicyDhcpDns'
+ SUP 'univentionPolicy' STRUCTURAL
+ DESC 'DHCP DNS configuration policy object'
+ MAY ( univentionDhcpDomainName $ univentionDhcpDomainNameServers ))
+
+# 1.3.6.1.4.1.10176.1000.6.2 (DHCP - Routers) $
+attributetype ( 1.3.6.1.4.1.10176.1000.6.2.1.1 NAME 'univentionDhcpRouters'
+ DESC 'routers'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+objectclass ( 1.3.6.1.4.1.10176.1000.6.2.2.1 NAME 'univentionPolicyDhcpRouting'
+ SUP 'univentionPolicy' STRUCTURAL
+ DESC 'DHCP Routing configuration policy object'
+ MAY ( univentionDhcpRouters ))
+
+# 1.3.6.1.4.1.10176.1000.6.3 (DHCP - Boot) $
+attributetype ( 1.3.6.1.4.1.10176.1000.6.3.1.1 NAME 'univentionDhcpBootServer'
+ DESC 'next-server'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+attributetype ( 1.3.6.1.4.1.10176.1000.6.3.1.2 NAME 'univentionDhcpBootFilename'
+ DESC 'filename'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+objectclass ( 1.3.6.1.4.1.10176.1000.6.3.2.1 NAME 'univentionPolicyDhcpBoot'
+ SUP 'univentionPolicy' STRUCTURAL
+ DESC 'DHCP boot configuration policy object'
+ MAY ( univentionDhcpBootServer $ univentionDhcpBootFilename ))
+
+# 1.3.6.1.4.1.10176.1000.6.4 (DHCP - Netbios) $
+attributetype ( 1.3.6.1.4.1.10176.1000.6.4.1.1 NAME 'univentionDhcpNetbiosNameServers'
+ DESC 'netbios-name-servers'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+attributetype ( 1.3.6.1.4.1.10176.1000.6.4.1.2 NAME 'univentionDhcpNetbiosScope'
+ DESC 'netbios-scope'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+attributetype ( 1.3.6.1.4.1.10176.1000.6.4.1.3 NAME 'univentionDhcpNetbiosNodeType'
+ DESC 'netbios-node-type'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+objectclass ( 1.3.6.1.4.1.10176.1000.6.4.2.1 NAME 'univentionPolicyDhcpNetbios'
+ SUP 'univentionPolicy' STRUCTURAL
+ DESC 'DHCP netbios configuration policy object'
+ MAY ( univentionDhcpNetbiosNameServers $ univentionDhcpNetbiosScope
+ $ univentionDhcpNetbiosNodeType ))
+
+# 1.3.6.1.4.1.10176.1000.6.5 (DHCP - Scope) $
+attributetype ( 1.3.6.1.4.1.10176.1000.6.5.1.1 NAME 'univentionDhcpUnknownClients'
+ DESC 'unknown clients'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+attributetype ( 1.3.6.1.4.1.10176.1000.6.5.1.2 NAME 'univentionDhcpBootp'
+ DESC 'bootp'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+attributetype ( 1.3.6.1.4.1.10176.1000.6.5.1.3 NAME 'univentionDhcpBooting'
+ DESC 'booting'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+attributetype ( 1.3.6.1.4.1.10176.1000.6.5.1.4 NAME 'univentionDhcpDuplicates'
+ DESC 'duplicates'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+attributetype ( 1.3.6.1.4.1.10176.1000.6.5.1.5 NAME 'univentionDhcpDeclines'
+ DESC 'declines'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+objectclass ( 1.3.6.1.4.1.10176.1000.6.5.2.1 NAME 'univentionPolicyDhcpScope'
+ SUP 'univentionPolicy' STRUCTURAL
+ DESC 'DHCP scope configuration policy object'
+ MAY ( univentionDhcpUnknownClients $ univentionDhcpBootp
+ $ univentionDhcpBooting $ univentionDhcpDuplicates
+ $ univentionDhcpDeclines ))
+
+# 1.3.6.1.4.1.10176.1000.6.6 (DHCP - Statements) $
+attributetype ( 1.3.6.1.4.1.10176.1000.6.6.1.1 NAME 'univentionDhcpAuthoritative'
+ DESC 'authoritative'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+attributetype ( 1.3.6.1.4.1.10176.1000.6.6.1.2 NAME 'univentionDhcpBootUnknownClients'
+ DESC 'bootp-unknown-clients'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+attributetype ( 1.3.6.1.4.1.10176.1000.6.6.1.3 NAME 'univentionDhcpPingCheck'
+ DESC 'ping-check'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+attributetype ( 1.3.6.1.4.1.10176.1000.6.6.1.4 NAME 'univentionDhcpGetLeaseHostnames'
+ DESC 'get-lease-hostnames'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+attributetype ( 1.3.6.1.4.1.10176.1000.6.6.1.5 NAME 'univentionDhcpServerIdentifier'
+ DESC 'server-identifier'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+attributetype ( 1.3.6.1.4.1.10176.1000.6.6.1.6 NAME 'univentionDhcpServerName'
+ DESC 'server-name'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+attributetype ( 1.3.6.1.4.1.10176.1000.6.6.1.7 NAME 'univentionDhcpVendorOptionSpace'
+ DESC 'vendor-option-space'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+objectclass ( 1.3.6.1.4.1.10176.1000.6.6.2.1 NAME 'univentionPolicyDhcpStatements'
+ SUP 'univentionPolicy' STRUCTURAL
+ DESC 'DHCP statements configuration policy object'
+ MAY ( univentionDhcpAuthoritative $ univentionDhcpBootUnknownClients
+ $ univentionDhcpPingCheck $ univentionDhcpGetLeaseHostnames
+ $ univentionDhcpServerIdentifier $ univentionDhcpServerName
+ $ univentionDhcpVendorOptionSpace ))
+
+# 1.3.6.1.4.1.10176.1000.6.7 (DHCP - Lease Time) $
+attributetype ( 1.3.6.1.4.1.10176.1000.6.7.1.1 NAME 'univentionDhcpLeaseTimeDefault'
+ DESC 'default-lease-time'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+attributetype ( 1.3.6.1.4.1.10176.1000.6.7.1.2 NAME 'univentionDhcpLeaseTimeMax'
+ DESC 'max-lease-time'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+attributetype ( 1.3.6.1.4.1.10176.1000.6.7.1.3 NAME 'univentionDhcpLeaseTimeMin'
+ DESC 'min-lease-time'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+objectclass ( 1.3.6.1.4.1.10176.1000.6.7.2.1 NAME 'univentionPolicyDhcpLeaseTime'
+ SUP 'univentionPolicy' STRUCTURAL
+ DESC 'DHCP lease time configuration policy object'
+ MAY ( univentionDhcpLeaseTimeDefault $ univentionDhcpLeaseTimeMax
+ $ univentionDhcpLeaseTimeMin))
+
+# 1.3.6.1.4.1.10176.1000.6.8 (DHCP - DNS Update) $
+attributetype ( 1.3.6.1.4.1.10176.1000.6.8.1.1 NAME 'univentionDhcpDdnsHostname'
+ DESC 'ddns-hostname'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+attributetype ( 1.3.6.1.4.1.10176.1000.6.8.1.2 NAME 'univentionDhcpDdnsDomainname'
+ DESC 'ddns-domainname'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+attributetype ( 1.3.6.1.4.1.10176.1000.6.8.1.3 NAME 'univentionDhcpDdnsRevDomainname'
+ DESC 'ddns-rev-domainname'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+attributetype ( 1.3.6.1.4.1.10176.1000.6.8.1.4 NAME 'univentionDhcpDdnsUpdates'
+ DESC 'ddns-updates'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+attributetype ( 1.3.6.1.4.1.10176.1000.6.8.1.5 NAME 'univentionDhcpDdnsUpdateStyle'
+ DESC 'ddns-updates-style'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+attributetype ( 1.3.6.1.4.1.10176.1000.6.8.1.6 NAME 'univentionDhcpDoForwardUpdates'
+ DESC 'do-forward-updates'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+attributetype ( 1.3.6.1.4.1.10176.1000.6.8.1.7 NAME 'univentionDhcpUpdateStaticLeases'
+ DESC 'update-static-leases'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+attributetype ( 1.3.6.1.4.1.10176.1000.6.8.1.8 NAME 'univentionDhcpClientUpdates'
+ DESC 'client-updates'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+objectclass ( 1.3.6.1.4.1.10176.1000.6.8.2.1 NAME 'univentionPolicyDhcpDnsUpdate'
+ SUP 'univentionPolicy' STRUCTURAL
+ DESC 'DHCP ddns update configuration policy object'
+ MAY ( univentionDhcpDdnsHostname $ univentionDhcpDdnsDomainname
+ $ univentionDhcpDdnsRevDomainname $ univentionDhcpDdnsUpdates
+ $ univentionDhcpDdnsUpdateStyle $ univentionDhcpDoForwardUpdates
+ $ univentionDhcpUpdateStaticLeases $ univentionDhcpClientUpdates))
+
+# 1.3.6.1.4.1.10176.1000.7 (Desktop Settings) $
+attributetype ( 1.3.6.1.4.1.10176.1000.7.1.1 NAME 'univentionDesktopLanguage'
+ DESC 'desktop language'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.7.1.2 NAME 'univentionDesktopBackground'
+ DESC 'desktop background image or color'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.7.1.3 NAME 'univentionDesktopIcons'
+ DESC 'Icons to be displayed on the desktop'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.7.1.4 NAME 'univentionDesktopTheme'
+ DESC 'KDE/GTK theme to apply'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.7.1.5 NAME 'univentionDesktopWindowBorders'
+ DESC 'Window borders theme to apply'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.7.1.6 NAME 'univentionDesktopIconsTheme'
+ DESC 'Icons theme to apply'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.7.1.7 NAME 'univentionDesktopProfile'
+ DESC 'KDE profile to apply'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.7.1.8 NAME 'univentionDesktopLogonScripts'
+ DESC 'Scripts to execute on logon'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.7.1.9 NAME 'univentionDesktopLogoutScripts'
+ DESC 'Scripts to execute on logout'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectclass ( 1.3.6.1.4.1.10176.1000.7.2.1 NAME 'univentionPolicyDesktop'
+ SUP 'univentionPolicy' STRUCTURAL
+ DESC 'Desktop policy object'
+ MAY ( univentionDesktopLanguage $ univentionDesktopBackground
+ $ univentionDesktopIcons $ univentionDesktopTheme
+ $ univentionDesktopWindowBorders $ univentionDesktopIconsTheme
+ $ univentionDesktopProfile $ univentionDesktopLogonScripts
+ $ univentionDesktopLogoutScripts ))
+
+# 1.3.6.1.4.1.10176.1000.8 (User Setting) $
+
+attributetype ( 1.3.6.1.4.1.10176.1000.8.1.1 NAME 'univentionHomeShare'
+ DESC 'share to mount home directory from'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+objectclass ( 1.3.6.1.4.1.10176.1000.8.2.1 NAME 'univentionPolicyUser'
+ SUP 'univentionPolicy' STRUCTURAL
+ DESC 'User policy'
+ MAY ( univentionHomeShare ))
+
+# 1.3.6.1.4.1.10176.1000.9 (Password History Setting) $
+
+attributetype ( 1.3.6.1.4.1.10176.1000.9.1.1 NAME 'univentionPWHistoryLen'
+ DESC 'Length of password history.'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.9.1.2 NAME 'univentionPWExpiryInterval'
+ DESC 'Expiry interval of password in days.'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.9.1.3 NAME 'univentionPWLength'
+ DESC 'Minimum password length.'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.9.1.4 NAME 'univentionPWQualityCheck'
+ DESC 'Enables/disables password quality checks'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
+
+objectclass ( 1.3.6.1.4.1.10176.1000.9.2.1 NAME 'univentionPolicyPWHistory'
+ SUP 'univentionPolicy' STRUCTURAL
+ DESC 'PWHistory policy'
+ MAY ( univentionPWHistoryLen $ univentionPWExpiryInterval $ univentionPWLength $ univentionPWQualityCheck))
+
+# 1.3.6.1.4.1.10176.1000.10 (Windows Installer) $
+
+attributetype ( 1.3.6.1.4.1.10176.1000.10.1.1 NAME 'univentionWindowsInstallationUnattendFile'
+ DESC 'Path of unattended.txt file. Must be present on installation server.'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+objectclass ( 1.3.6.1.4.1.10176.1000.10.2.1 NAME 'univentionPolicyWindowsInstallation'
+ SUP 'univentionPolicy' STRUCTURAL
+ DESC 'Windows Installation settings'
+ MAY ( univentionWindowsInstallationUnattendFile ))
+
+# 1.3.6.1.4.1.10176.1000.10 (Quota Setting) $
+
+attributetype ( 1.3.6.1.4.1.10176.1000.12.1.1 NAME 'univentionQuotaSoftLimitSpace'
+ DESC 'Soft-Quota for Disk-Space.'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.12.1.2 NAME 'univentionQuotaHardLimitSpace'
+ DESC 'Hard-Quota for Disk-Space.'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.12.1.3 NAME 'univentionQuotaSoftLimitInodes'
+ DESC 'Soft-Quota for # of Files.'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.12.1.4 NAME 'univentionQuotaHardLimitInodes'
+ DESC 'Hard Quota for # of Files.'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.12.1.5 NAME 'univentionQuotaReapplyEveryLogin'
+ DESC 'Reapply quota policy on every user login.'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
+
+objectclass ( 1.3.6.1.4.1.10176.1000.12.2.1 NAME 'univentionPolicyShareUserQuota'
+ SUP 'univentionPolicy' STRUCTURAL
+ DESC 'Share User Quota'
+ MAY ( univentionQuotaSoftLimitInodes $ univentionQuotaHardLimitInodes $ univentionQuotaSoftLimitSpace $ univentionQuotaHardLimitSpace $ univentionQuotaReapplyEveryLogin ))
+
+# 1.3.6.1.4.1.10176.1000.13 (Packages) $
+
+attributetype ( 1.3.6.1.4.1.10176.1000.13.1.1 NAME 'univentionClientPackages'
+ DESC 'Client Package List.'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.13.1.2 NAME 'univentionMasterPackages'
+ DESC 'Client Package List.'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.13.1.3 NAME 'univentionSlavePackages'
+ DESC 'Client Package List.'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.13.1.4 NAME 'univentionMemberPackages'
+ DESC 'Client Package List.'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.13.1.5 NAME 'univentionClientPackagesRemove'
+ DESC 'Client Package List.'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.13.1.6 NAME 'univentionMasterPackagesRemove'
+ DESC 'Client Package List.'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.13.1.7 NAME 'univentionSlavePackagesRemove'
+ DESC 'Client Package List.'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.13.1.8 NAME 'univentionMemberPackagesRemove'
+ DESC 'Client Package List.'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.13.1.9 NAME 'univentionMobileClientPackages'
+ DESC 'Mobile Client Package List.'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.13.1.10 NAME 'univentionMobileClientPackagesRemove'
+ DESC 'Mobile Client Package List.'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectclass ( 1.3.6.1.4.1.10176.1000.13.2.1 NAME 'univentionPolicyPackagesMaster'
+ SUP 'univentionPolicy' STRUCTURAL
+ DESC 'Packages List Master'
+ MAY ( univentionMasterPackages $ univentionMasterPackagesRemove ))
+
+objectclass ( 1.3.6.1.4.1.10176.1000.13.2.2 NAME 'univentionPolicyPackagesSlave'
+ SUP 'univentionPolicy' STRUCTURAL
+ DESC 'Packages List Slave'
+ MAY ( univentionSlavePackages $ univentionSlavePackagesRemove ))
+
+objectclass ( 1.3.6.1.4.1.10176.1000.13.2.3 NAME 'univentionPolicyPackagesMember'
+ SUP 'univentionPolicy' STRUCTURAL
+ DESC 'Packages List Member'
+ MAY ( univentionMemberPackages $ univentionMemberPackagesRemove ))
+
+objectclass ( 1.3.6.1.4.1.10176.1000.13.2.4 NAME 'univentionPolicyPackagesClient'
+ SUP 'univentionPolicy' STRUCTURAL
+ DESC 'Packages List Client'
+ MAY ( univentionClientPackages $ univentionClientPackagesRemove ))
+
+objectclass ( 1.3.6.1.4.1.10176.1000.13.2.5 NAME 'univentionPolicyPackagesMobileClient'
+ SUP 'univentionPolicy' STRUCTURAL
+ DESC 'Packages List MobileClient'
+ MAY ( univentionMobileClientPackages $ univentionMobileClientPackagesRemove ))
+
+# 1.3.6.1.4.1.10176.1000.14 (Update) $
+
+attributetype ( 1.3.6.1.4.1.10176.1000.14.1.1 NAME 'univentionUpdateVersion'
+ DESC 'Update to Version'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.1000.14.1.2 NAME 'univentionUpdateActivate'
+ DESC 'Activate this policy'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE)
+
+objectclass ( 1.3.6.1.4.1.10176.1000.14.2.1 NAME 'univentionPolicyUpdate'
+ SUP 'univentionPolicy' STRUCTURAL
+ DESC 'Update Policy'
+ MAY ( univentionUpdateVersion $ univentionUpdateActivate))
+
+# 1.3.6.1.4.1.10176.1000.15 (LDAP Server) $
+
+attributetype ( 1.3.6.1.4.1.10176.1000.15.1.1 NAME 'univentionLDAPServer'
+ DESC 'LDAP Server'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectclass ( 1.3.6.1.4.1.10176.1000.15.2.1 NAME 'univentionPolicyLDAPServer'
+ SUP 'univentionPolicy' STRUCTURAL
+ DESC 'Update Policy'
+ MAY ( univentionLDAPServer ))
+
+# 1.3.6.1.4.1.10176.1000.16 (Cron Installation) $
+
+attributetype ( 1.3.6.1.4.1.10176.1000.16.1.1 NAME 'univentionCron'
+ DESC 'LDAP Server'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.1000.16.1.2 NAME 'univentionCronActive'
+ DESC 'LDAP Server'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.1000.16.1.3 NAME 'univentionInstallationStartup'
+ DESC 'LDAP Server'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.1000.16.1.4 NAME 'univentionInstallationShutdown'
+ DESC 'LDAP Server'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.1000.16.1.5 NAME 'univentionInstallationReboot'
+ DESC 'LDAP Server'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+objectclass ( 1.3.6.1.4.1.10176.1000.16.2.1 NAME 'univentionPolicyInstallationTime'
+ SUP 'univentionPolicy' STRUCTURAL
+ DESC 'Update Policy'
+ MAY ( univentionCron $ univentionCronActive $ univentionInstallationStartup $ univentionInstallationShutdown $ univentionInstallationReboot ))
+
+attributetype ( 1.3.6.1.4.1.10176.1000.16.1.15NAME 'univentionRepositoryCron'
+ DESC 'LDAP Server'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+objectclass ( 1.3.6.1.4.1.10176.1000.16.3.1 NAME 'univentionPolicyRepositorySync'
+ SUP 'univentionPolicy' STRUCTURAL
+ DESC 'Repository Sync Time Policy'
+ MAY ( univentionRepositoryCron ))
+
+# 1.3.6.1.4.1.10176.1000.17 (Policy Server) $
+
+attributetype ( 1.3.6.1.4.1.10176.1000.17.1.1 NAME 'univentionRepositoryServer'
+ DESC 'Repository Server'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+objectclass ( 1.3.6.1.4.1.10176.1000.17.2.1 NAME 'univentionPolicyRepositoryServer'
+ SUP 'univentionPolicy' STRUCTURAL
+ DESC 'Repository Server Policy'
+ MAY ( univentionRepositoryServer ))
+
+# 1.3.6.1.4.1.10176.1000.18 (Client Devices) $
+attributetype ( 1.3.6.1.4.1.10176.1000.18.1.1 NAME 'univentionClientDevicesActivate'
+ DESC 'activate Client Devices'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+objectclass ( 1.3.6.1.4.1.10176.1000.18.2.1 NAME 'univentionPolicyClientDevices'
+ SUP 'univentionPolicy' STRUCTURAL
+ DESC 'using CDROM and Floppy devices on a thin client'
+ MAY ( univentionClientDevicesActivate ))
+
+# 1.3.6.1.4.1.10176.1000.19 (Print Server) $
+
+attributetype ( 1.3.6.1.4.1.10176.1000.19.1.1 NAME 'univentionPrintServer'
+ DESC 'Print Server'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectclass ( 1.3.6.1.4.1.10176.1000.19.2.1 NAME 'univentionPolicyPrintServer'
+ SUP 'univentionPolicy' STRUCTURAL
+ DESC 'Update Policy'
+ MAY ( univentionPrintServer ))
+
+# 1.3.6.1.4.1.10176.1000.20 (Auto Start) $
+
+attributetype ( 1.3.6.1.4.1.10176.1000.20.1.1 NAME 'univentionAutoStartScript'
+ DESC 'Script to be started by autostart'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectClass ( 1.3.6.1.4.1.10176.1000.20.2.1 NAME 'univentionPolicyAutoStart'
+ SUP 'univentionPolicy' STRUCTURAL
+ DESC 'Autostart Policy'
+ MAY ( univentionAutoStartScript ))
+
+# 1.3.6.1.4.1.10176.1000.21 (Print Quota) $
+
+attributetype ( 1.3.6.1.4.1.10176.1000.21.1.1 NAME 'univentionPrintQuotaGroups'
+ DESC 'Printquota for Groups'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.21.1.2 NAME 'univentionPrintQuotaUsers'
+ DESC 'Printquota for Users'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.21.1.3 NAME 'univentionPrintQuotaGroupsPerUsers'
+ DESC 'Printquota for Groups per Users'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectclass ( 1.3.6.1.4.1.10176.1000.21.2.1 NAME 'univentionPolicySharePrintQuota'
+ SUP 'univentionPolicy' STRUCTURAL
+ DESC 'Update Policy'
+ MAY ( univentionPrintQuotaGroups $ univentionPrintQuotaUsers $ univentionPrintQuotaGroupsPerUsers))
+
+# $OID: 1.3.6.1.4.1.10176.1000.22 (Mail Quota) $
+attributetype ( 1.3.6.1.4.1.10176.1000.22.1.1 NAME 'univentionMailQuotaMB'
+ DESC 'mail quota limit - in MB'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.1000.22.1.2 NAME 'univentionMailQuotaWarning'
+ DESC 'mail quota warning if limit is almost reached - percent'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE)
+
+objectclass ( 1.3.6.1.4.1.10176.1000.22.2.1 NAME 'univentionMailQuota'
+ SUP 'univentionPolicy' STRUCTURAL
+ DESC 'Mail quota configuration policy object'
+ MAY ( univentionMailQuotaMB $ univentionMailQuotaWarning ))
+
+# 1.3.6.1.4.1.10176.1000.23 (admin settings) $
+
+attributetype ( 1.3.6.1.4.1.10176.1000.23.1.1 NAME 'univentionAdminListDNs'
+ DESC 'DNs that are visible to user; if DN is container, list all childs'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.23.1.2 NAME 'univentionAdminListWizards'
+ DESC 'Wizards that are visible to user'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.23.1.3 NAME 'univentionAdminListWebModules'
+ DESC 'Wizards that are visible to user'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.23.1.4 NAME 'univentionAdminBaseDN'
+ DESC 'Show tree starting here'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.23.1.5 NAME 'univentionAdminMayOverrideSettings'
+ DESC 'User may override settings'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.23.1.6 NAME 'univentionAdminShowSelf'
+ DESC 'Show self menu item'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.23.1.7 NAME 'univentionAdminListModules'
+ DESC 'Show modules'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.23.1.8 NAME 'univentionAdminSelfAttributes'
+ DESC 'contains the attributes of a user to be shown in self menu item'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.23.1.9 NAME 'univentionAdminListAttributes'
+ DESC 'contains a list of attributes to be shown in the search results'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.23.1.10 NAME 'univentionAdminListBrowseAttributes'
+ DESC 'contains a list of attributes to be shown in the navigation'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectclass ( 1.3.6.1.4.1.10176.1000.23.2.1 NAME 'univentionPolicyAdminSettings'
+ SUP 'univentionPolicy' STRUCTURAL
+ DESC 'User settings for Univention Admin'
+ MAY ( univentionAdminListDNs $ univentionAdminListWizards $ univentionAdminListWebModules $
+ univentionAdminBaseDN $ univentionAdminMayOverrideSettings $ univentionAdminShowSelf $
+ univentionAdminSelfAttributes $ univentionPolicyObject $ univentionDnsObject $
+ univentionDhcpObject $ univentionUsersObject $ univentionGroupsObject $
+ univentionComputersObject $ univentionNetworksObject $ univentionSharesObject $
+ univentionPrintersObject $ univentionAdminListAttributes $ univentionAdminListBrowseAttributes))
+
+objectclass ( 1.3.6.1.4.1.10176.1000.23.2.2 NAME 'univentionPolicyAdminContainerSettings'
+ SUP 'univentionPolicy' STRUCTURAL
+ DESC 'Container settings for Univention Admin'
+ MAY ( univentionAdminListModules ))
+
+# 1.3.6.1.4.1.10176.1000.24 (console settings) $
+attributetype ( 1.3.6.1.4.1.10176.1000.24.1.1 NAME 'univentionConsoleAllow'
+ DESC 'List of UMC operations that will be granted'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.24.1.2 NAME 'univentionConsoleDisallow'
+ DESC 'List of UMC operations that will be prohibited'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectclass ( 1.3.6.1.4.1.10176.1000.24.2.2 NAME 'univentionPolicyConsoleAccess'
+ SUP 'univentionPolicy' STRUCTURAL
+ DESC 'Access Control List for UMC'
+ MAY ( univentionConsoleAllow $ univentionConsoleDisallow ))
+
+attributetype ( 1.3.6.1.4.1.10176.1000.25.1.1 NAME 'univentionDhcpSunAuth'
+ DESC 'Authentication server for Sun Ray thin clients'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+objectclass ( 1.3.6.1.4.1.10176.1000.6.25.2.1 NAME 'univentionPolicyDhcpSunAuth'
+ SUP 'univentionPolicy' STRUCTURAL
+ DESC 'DHCP Sun Ray authentication policy object'
+ MAY ( univentionDhcpSunAuth ))
+
+# nfs mounts
+attributetype ( 1.3.6.1.4.1.10176.1000.26.1.1 NAME 'univentionNFSMounts'
+ DESC 'NFS-Share to mount'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+objectclass ( 1.3.6.1.4.1.10176.1000.6.26.2.1 NAME 'univentionPolicyNFSMounts'
+ SUP 'univentionPolicy' STRUCTURAL
+ DESC 'NFS-Shares policy object'
+ MAY ( univentionNFSMounts ))
+
+# new UMC policy object (UCS 3.0)
+attributetype ( 1.3.6.1.4.1.10176.1000.308.1.1
+ NAME 'umcPolicyGrantedOperationSet'
+ DESC 'List of allowed UMC operantion set'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectclass ( 1.3.6.1.4.1.10176.1000.308.2.1
+ NAME 'umcPolicy'
+ DESC 'Defines a set of allowed UMC operations'
+ SUP 'univentionPolicy' STRUCTURAL
+ MAY umcPolicyGrantedOperationSet )
+
diff --git a/files/schema/portal.schema b/files/schema/portal.schema
new file mode 100644
index 0000000..d5ea23d
--- /dev/null
+++ b/files/schema/portal.schema
@@ -0,0 +1,189 @@
+# Univention Portal OID: 1.3.6.1.4.1.10176.4207
+#
+#objectIdentifier univention 1.3.6.1.4.1.10176
+#objectIdentifier univentionPortal univention:4207
+objectIdentifier univentionPortal 1.3.6.1.4.1.10176.4207
+objectIdentifier univentionPortalAttributeType univentionPortal:1
+objectIdentifier univentionPortalObjectClass univentionPortal:2
+
+objectIdentifier univentionPortalEntry 1.3.6.1.4.1.10176.4208
+objectIdentifier univentionPortalEntryAttributeType univentionPortalEntry:1
+objectIdentifier univentionPortalEntryObjectClass univentionPortalEntry:2
+
+objectIdentifier univentionPortalComputer 1.3.6.1.4.1.10176.4209
+objectIdentifier univentionPortalComputerAttributeType univentionPortalComputer:1
+objectIdentifier univentionPortalComputerObjectClass univentionPortalComputer:2
+
+#
+
+### Definition for univentionPortal
+
+attributetype ( univentionPortalAttributeType:1 NAME 'univentionPortalDisplayName'
+ DESC 'Portal display name'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( univentionPortalAttributeType:2 NAME 'univentionPortalShowMenu'
+ DESC 'Portal show menu'
+ SINGLE-VALUE
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
+
+attributetype ( univentionPortalAttributeType:3 NAME 'univentionPortalShowSearch'
+ DESC 'Portal show search'
+ SINGLE-VALUE
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
+
+attributetype ( univentionPortalAttributeType:4 NAME 'univentionPortalShowLogin'
+ DESC 'Portal show login'
+ SINGLE-VALUE
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
+
+attributetype ( univentionPortalAttributeType:5 NAME 'univentionPortalShowApps'
+ DESC 'Portal show apps'
+ SINGLE-VALUE
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
+
+attributetype ( univentionPortalAttributeType:6 NAME 'univentionPortalShowServers'
+ DESC 'Portal show servers'
+ SINGLE-VALUE
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
+
+attributetype ( univentionPortalAttributeType:7 NAME 'univentionPortalBackground'
+ DESC 'Portal background'
+ SINGLE-VALUE
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
+
+attributetype ( univentionPortalAttributeType:8 NAME 'univentionPortalCSSBackground'
+ DESC 'Portal CSS style background'
+ SINGLE-VALUE
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( univentionPortalAttributeType:9 NAME 'univentionPortalLogo'
+ DESC 'Portal logo'
+ SINGLE-VALUE
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
+
+attributetype ( univentionPortalAttributeType:10 NAME 'univentionPortalFontColor'
+ DESC 'Portal font color'
+ SINGLE-VALUE
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectclass ( univentionPortalObjectClass:1 NAME 'univentionPortal'
+ DESC 'Portal data'
+ SUP top
+ MUST ( cn )
+ MAY (
+ univentionPortalDisplayName
+ $ univentionPortalShowMenu
+ $ univentionPortalShowSearch
+ $ univentionPortalShowLogin
+ $ univentionPortalShowApps
+ $ univentionPortalShowServers
+ $ univentionPortalBackground
+ $ univentionPortalCSSBackground
+ $ univentionPortalLogo
+ $ univentionPortalFontColor
+ )
+ )
+
+### Definition for univentionPortalEntry
+
+attributetype ( univentionPortalEntryAttributeType:1 NAME 'univentionPortalEntryDisplayName'
+ DESC 'Portal entry display name'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( univentionPortalEntryAttributeType:2 NAME 'univentionPortalEntryDescription'
+ DESC 'Portal entry description'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( univentionPortalEntryAttributeType:3 NAME 'univentionPortalEntryFavorite'
+ DESC 'Portal entry favorite'
+ SINGLE-VALUE
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
+
+attributetype ( univentionPortalEntryAttributeType:4 NAME 'univentionPortalEntryLink'
+ DESC 'Portal entry link'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( univentionPortalEntryAttributeType:5 NAME 'univentionPortalEntryPortal'
+ DESC 'Portal entry portal'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( univentionPortalEntryAttributeType:6 NAME 'univentionPortalEntryActivate'
+ DESC 'Portal entry activated'
+ SINGLE-VALUE
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
+
+attributetype ( univentionPortalEntryAttributeType:7 NAME 'univentionPortalEntryAuthRestriction'
+ DESC 'Portal entry shown for authrorized users'
+ SINGLE-VALUE
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( univentionPortalEntryAttributeType:8 NAME 'univentionPortalEntryIcon'
+ DESC 'Portal entry icon'
+ SINGLE-VALUE
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
+
+attributetype ( univentionPortalEntryAttributeType:9 NAME 'univentionPortalEntryCategory'
+ DESC 'Portal entry category'
+ SINGLE-VALUE
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectclass ( univentionPortalEntryObjectClass:1 NAME 'univentionPortalEntry'
+ DESC 'Portal Entry data'
+ SUP top
+ MUST ( cn )
+ MAY (
+ univentionPortalEntryDisplayName
+ $ univentionPortalEntryDescription
+ $ univentionPortalEntryFavorite
+ $ univentionPortalEntryLink
+ $ univentionPortalEntryPortal
+ $ univentionPortalEntryActivate
+ $ univentionPortalEntryAuthRestriction
+ $ univentionPortalEntryIcon
+ $ univentionPortalEntryCategory
+ )
+ )
+
+### Extended Attribute for computers
+
+attributetype ( univentionPortalComputerAttributeType:1 NAME 'univentionComputerPortal'
+ DESC 'Portal for computer'
+ SINGLE-VALUE
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectclass ( univentionPortalComputerObjectClass:1 NAME 'univentionPortalComputer'
+ DESC 'Computer with Univention Portal'
+ SUP top
+ AUXILIARY
+ MAY (
+ univentionComputerPortal
+ )
+ )
diff --git a/files/schema/ppolicy.schema b/files/schema/ppolicy.schema
new file mode 100644
index 0000000..8720a22
--- /dev/null
+++ b/files/schema/ppolicy.schema
@@ -0,0 +1,159 @@
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/ppolicy.schema,v 1.2.2.4 2007/01/02 21:44:09 kurt Exp $
+## This work is part of OpenLDAP Software .
+##
+## Copyright 2004-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## .
+#
+## Portions Copyright (C) The Internet Society (2004).
+## Please see full copyright statement below.
+
+# Definitions from Draft behera-ldap-password-policy-07 (a work in progress)
+# Password Policy for LDAP Directories
+# With extensions from Hewlett-Packard:
+# pwdCheckModule etc.
+
+# Contents of this file are subject to change (including deletion)
+# without notice.
+#
+# Not recommended for production use!
+# Use with extreme caution!
+
+# The version of this file as distributed by the OpenLDAP Foundation
+# contains text from an IETF Internet-Draft explaining the schema.
+# Unfortunately, that text is covered by a license that doesn't meet
+# Debian's Free Software Guidelines. This is a stripped version of the
+# schema that contains only the functional schema definition, not the text
+# of the Internet-Draft.
+#
+# For an explanation of this schema, see
+# draft-behera-ldap-password-policy-08.txt.
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.1
+ NAME 'pwdAttribute'
+ EQUALITY objectIdentifierMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.2
+ NAME 'pwdMinAge'
+ EQUALITY integerMatch
+ ORDERING integerOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.3
+ NAME 'pwdMaxAge'
+ EQUALITY integerMatch
+ ORDERING integerOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.4
+ NAME 'pwdInHistory'
+ EQUALITY integerMatch
+ ORDERING integerOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.5
+ NAME 'pwdCheckQuality'
+ EQUALITY integerMatch
+ ORDERING integerOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.6
+ NAME 'pwdMinLength'
+ EQUALITY integerMatch
+ ORDERING integerOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.7
+ NAME 'pwdExpireWarning'
+ EQUALITY integerMatch
+ ORDERING integerOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.8
+ NAME 'pwdGraceAuthNLimit'
+ EQUALITY integerMatch
+ ORDERING integerOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.9
+ NAME 'pwdLockout'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.10
+ NAME 'pwdLockoutDuration'
+ EQUALITY integerMatch
+ ORDERING integerOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.11
+ NAME 'pwdMaxFailure'
+ EQUALITY integerMatch
+ ORDERING integerOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.12
+ NAME 'pwdFailureCountInterval'
+ EQUALITY integerMatch
+ ORDERING integerOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.13
+ NAME 'pwdMustChange'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.14
+ NAME 'pwdAllowUserChange'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.15
+ NAME 'pwdSafeModify'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.4754.1.99.1
+ NAME 'pwdCheckModule'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ DESC 'Loadable module that instantiates "check_password() function'
+ SINGLE-VALUE )
+
+objectclass ( 1.3.6.1.4.1.4754.2.99.1
+ NAME 'pwdPolicyChecker'
+ SUP top
+ AUXILIARY
+ MAY ( pwdCheckModule ) )
+
+objectclass ( 1.3.6.1.4.1.42.2.27.8.2.1
+ NAME 'pwdPolicy'
+ SUP top
+ AUXILIARY
+ MUST ( pwdAttribute )
+ MAY ( pwdMinAge $ pwdMaxAge $ pwdInHistory $ pwdCheckQuality $
+ pwdMinLength $ pwdExpireWarning $ pwdGraceAuthNLimit $ pwdLockout
+ $ pwdLockoutDuration $ pwdMaxFailure $ pwdFailureCountInterval $
+ pwdMustChange $ pwdAllowUserChange $ pwdSafeModify ) )
diff --git a/files/schema/printer.schema b/files/schema/printer.schema
new file mode 100644
index 0000000..4d86ae0
--- /dev/null
+++ b/files/schema/printer.schema
@@ -0,0 +1,111 @@
+# Copyright 2004-2017 Univention GmbH
+#
+# http://www.univention.de/
+#
+# All rights reserved.
+#
+# The source code of this program is made available
+# under the terms of the GNU Affero General Public License version 3
+# (GNU AGPL V3) as published by the Free Software Foundation.
+#
+# Binary versions of this program provided by Univention to you as
+# well as other copyrighted, protected or trademarked materials like
+# Logos, graphics, fonts, specific documentations and configurations,
+# cryptographic keys etc. are subject to a license agreement between
+# you and Univention and not subject to the GNU AGPL V3.
+#
+# In the case you use this program under the terms of the GNU AGPL V3,
+# the program is provided in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public
+# License with the Debian GNU/Linux or Univention distribution in file
+# /usr/share/common-licenses/AGPL-3; if not, see
+# .
+
+# printer.schema
+
+# $OID: 1.3.6.1.4.1.10176.1002 (Printers) $
+
+attributetype ( 1.3.6.1.4.1.10176.1002.1.1 NAME 'univentionPrinterSpoolHost'
+ DESC 'URI'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.1002.1.2 NAME 'univentionPrinterURI'
+ DESC 'URI'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.1002.1.3 NAME 'univentionPrinterLocation'
+ DESC 'location of the printer'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1002.1.4 NAME 'univentionPrinterModel'
+ DESC 'URI'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.1002.1.5 NAME 'univentionPrinterSambaName'
+ DESC 'Samba share name'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1002.1.8 NAME 'univentionPrinterQuotaSupport'
+ DESC 'Enable Quota'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1002.1.9 NAME 'univentionPrinterPricePerPage'
+ DESC 'Price per page'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1002.1.10 NAME 'univentionPrinterPricePerJob'
+ DESC 'Price per printjob'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1002.1.11 NAME 'univentionPrinterGroupMember'
+ DESC 'Member of Printergroup'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1002.1.12 NAME 'univentionPrinterACLUsers'
+ DESC 'Users set in access control list'
+ EQUALITY distinguishedNameMatch
+ SUP distinguishedName )
+
+attributetype ( 1.3.6.1.4.1.10176.1002.1.13 NAME 'univentionPrinterACLGroups'
+ DESC 'Groups set in access control list'
+ EQUALITY distinguishedNameMatch
+ SUP distinguishedName )
+
+attributetype ( 1.3.6.1.4.1.10176.1002.1.14 NAME 'univentionPrinterACLtype'
+ DESC 'access control list is "allowed" or "denied"'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.1002.1.15 NAME 'univentionPrinterUseClientDriver'
+ DESC 'Use client driver option in Samba'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectclass ( 1.3.6.1.4.1.10176.1002.2.1 NAME 'univentionPrinter'
+ STRUCTURAL
+ DESC 'share'
+ MUST ( cn $ univentionPrinterURI $ univentionPrinterSpoolHost )
+ MAY ( description $ univentionPrinterLocation $ univentionPrinterModel $ univentionPrinterSambaName $ univentionPrinterQuotaSupport $ univentionPrinterPricePerPage $ univentionPrinterPricePerJob $ univentionPrinterACLUsers $ univentionPrinterACLGroups $ univentionPrinterACLtype $ univentionPrinterUseClientDriver ))
+
+objectclass ( 1.3.6.1.4.1.10176.1002.2.2 NAME 'univentionPrinterGroup'
+ STRUCTURAL
+ DESC 'share'
+ MUST ( cn $ univentionPrinterSpoolHost )
+ MAY ( description $ univentionPrinterSambaName $ univentionPrinterQuotaSupport $ univentionPrinterPricePerPage $ univentionPrinterPricePerJob $ univentionPrinterGroupMember $ univentionPrinterACLUsers $ univentionPrinterACLGroups $ univentionPrinterACLtype ))
diff --git a/files/schema/rfc2307bis.schema b/files/schema/rfc2307bis.schema
new file mode 100644
index 0000000..a626b3f
--- /dev/null
+++ b/files/schema/rfc2307bis.schema
@@ -0,0 +1,310 @@
+###
+# Extracted from: http://tools.ietf.org/html/draft-howard-rfc2307bis-02
+###
+
+# Builtin
+#attributeType ( 1.3.6.1.1.1.1.0 NAME 'uidNumber'
+# DESC 'An integer uniquely identifying a user in an
+# administrative domain'
+# EQUALITY integerMatch
+# ORDERING integerOrderingMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+# SINGLE-VALUE )
+
+# Builtin
+#attributeType ( 1.3.6.1.1.1.1.1 NAME 'gidNumber'
+# DESC 'An integer uniquely identifying a group in an
+# administrative domain'
+# EQUALITY integerMatch
+# ORDERING integerOrderingMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+# SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.2 NAME 'gecos'
+ DESC 'The GECOS field; the common name'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory'
+ DESC 'The absolute path to the home directory'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.4 NAME 'loginShell'
+ DESC 'The path to the login shell'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange'
+ EQUALITY integerMatch
+ ORDERING integerOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.6 NAME 'shadowMin'
+ EQUALITY integerMatch
+ ORDERING integerOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.7 NAME 'shadowMax'
+ EQUALITY integerMatch
+ ORDERING integerOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning'
+ EQUALITY integerMatch
+ ORDERING integerOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive'
+ EQUALITY integerMatch
+ ORDERING integerOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire'
+ EQUALITY integerMatch
+ ORDERING integerOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag'
+ EQUALITY integerMatch
+ ORDERING integerOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.12 NAME 'memberUid'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributeType ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributeType ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple'
+ DESC 'Netgroup triple'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributeType ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort'
+ DESC 'Service port number'
+ EQUALITY integerMatch
+ ORDERING integerOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol'
+ DESC 'Service protocol name'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributeType ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber'
+ DESC 'IP protocol number'
+ EQUALITY integerMatch
+ ORDERING integerOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber'
+ DESC 'ONC RPC number'
+ EQUALITY integerMatch
+ ORDERING integerOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber'
+ DESC 'IPv4 addresses as a dotted decimal omitting leading
+ zeros or IPv6 addresses as defined in RFC2373'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributeType ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber'
+ DESC 'IP network omitting leading zeros, eg. 192.168'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber'
+ DESC 'IP netmask omitting leading zeros, eg. 255.255.255.0'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.22 NAME 'macAddress'
+ DESC 'MAC address in maximal, colon separated hex
+ notation, eg. 00:00:92:90:ee:e2'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributeType ( 1.3.6.1.1.1.1.23 NAME 'bootParameter'
+ DESC 'rpc.bootparamd parameter'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributeType ( 1.3.6.1.1.1.1.24 NAME 'bootFile'
+ DESC 'Boot image name'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributeType ( 1.3.6.1.1.1.1.26 NAME 'nisMapName'
+ DESC 'Name of a generic NIS map'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} )
+
+attributeType ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry'
+ DESC 'A generic NIS entry'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024}
+ SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.28 NAME 'nisPublicKey'
+ DESC 'NIS public key'
+ EQUALITY octetStringMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+ SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.29 NAME 'nisSecretKey'
+ DESC 'NIS secret key'
+ EQUALITY octetStringMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+ SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.30 NAME 'nisDomain'
+ DESC 'NIS domain'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+attributeType ( 1.3.6.1.1.1.1.31 NAME 'automountMapName'
+ DESC 'automount Map Name'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.32 NAME 'automountKey'
+ DESC 'Automount Key value'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.33 NAME 'automountInformation'
+ DESC 'Automount information'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+objectClass ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' SUP top AUXILIARY
+ DESC 'Abstraction of an account with POSIX attributes'
+ MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory )
+ MAY ( userPassword $ loginShell $ gecos $
+ description ) )
+
+objectClass ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' SUP top AUXILIARY
+ DESC 'Additional attributes for shadow passwords'
+ MUST uid
+ MAY ( userPassword $ description $
+ shadowLastChange $ shadowMin $ shadowMax $
+ shadowWarning $ shadowInactive $
+ shadowExpire $ shadowFlag ) )
+
+objectClass ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' SUP top AUXILIARY
+ DESC 'Abstraction of a group of accounts'
+ MUST gidNumber
+ MAY ( userPassword $ memberUid $
+ description ) )
+
+objectClass ( 1.3.6.1.1.1.2.3 NAME 'ipService' SUP top STRUCTURAL
+ DESC 'Abstraction an Internet Protocol service.
+ Maps an IP port and protocol (such as tcp or udp)
+ to one or more names; the distinguished value of
+ the cn attribute denotes the services canonical
+ name'
+ MUST ( cn $ ipServicePort $ ipServiceProtocol )
+ MAY description )
+
+objectClass ( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' SUP top STRUCTURAL
+ DESC 'Abstraction of an IP protocol. Maps a protocol number
+ to one or more names. The distinguished value of the cn
+ attribute denotes the protocol canonical name'
+ MUST ( cn $ ipProtocolNumber )
+ MAY description )
+
+objectClass ( 1.3.6.1.1.1.2.5 NAME 'oncRpc' SUP top STRUCTURAL
+ DESC 'Abstraction of an Open Network Computing (ONC)
+ [RFC1057] Remote Procedure Call (RPC) binding.
+ This class maps an ONC RPC number to a name.
+ The distinguished value of the cn attribute denotes
+ the RPC service canonical name'
+ MUST ( cn $ oncRpcNumber )
+ MAY description )
+
+objectClass ( 1.3.6.1.1.1.2.6 NAME 'ipHost' SUP top AUXILIARY
+ DESC 'Abstraction of a host, an IP device. The distinguished
+ value of the cn attribute denotes the hosts canonical
+ name. Device SHOULD be used as a structural class'
+ MUST ( cn $ ipHostNumber )
+ MAY ( userPassword $ l $ description $
+ manager ) )
+
+objectClass ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' SUP top STRUCTURAL
+ DESC 'Abstraction of a network. The distinguished value of
+ the cn attribute denotes the network canonical name'
+ MUST ipNetworkNumber
+ MAY ( cn $ ipNetmaskNumber $ l $ description $ manager ) )
+
+objectClass ( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' SUP top STRUCTURAL
+ DESC 'Abstraction of a netgroup. May refer to other
+ netgroups'
+ MUST cn
+ MAY ( nisNetgroupTriple $ memberNisNetgroup $ description ) )
+
+objectClass ( 1.3.6.1.1.1.2.9 NAME 'nisMap' SUP top STRUCTURAL
+ DESC 'A generic abstraction of a NIS map'
+ MUST nisMapName
+ MAY description )
+
+objectClass ( 1.3.6.1.1.1.2.10 NAME 'nisObject' SUP top STRUCTURAL
+ DESC 'An entry in a NIS map'
+ MUST ( cn $ nisMapEntry $ nisMapName ) )
+
+objectClass ( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' SUP top AUXILIARY
+ DESC 'A device with a MAC address; device SHOULD be
+ used as a structural class'
+ MAY macAddress )
+
+objectClass ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' SUP top AUXILIARY
+ DESC 'A device with boot parameters; device SHOULD be
+ used as a structural class'
+ MAY ( bootFile $ bootParameter ) )
+
+objectClass ( 1.3.6.1.1.1.2.14 NAME 'nisKeyObject' SUP top AUXILIARY
+ DESC 'An object with a public and secret key'
+ MUST ( cn $ nisPublicKey $ nisSecretKey )
+ MAY ( uidNumber $ description ) )
+
+objectClass ( 1.3.6.1.1.1.2.15 NAME 'nisDomainObject' SUP top AUXILIARY
+ DESC 'Associates a NIS domain with a naming context'
+ MUST nisDomain )
+
+objectClass ( 1.3.6.1.1.1.2.16 NAME 'automountMap' SUP top STRUCTURAL
+ MUST ( automountMapName )
+ MAY description )
+
+objectClass ( 1.3.6.1.1.1.2.17 NAME 'automount' SUP top STRUCTURAL
+ DESC 'Automount information'
+ MUST ( automountKey $ automountInformation )
+ MAY description )
+
+objectClass ( 1.3.6.1.1.1.2.18 NAME 'groupOfMembers' SUP top STRUCTURAL
+ DESC 'A group with members (DNs)'
+ MUST cn
+ MAY ( businessCategory $ seeAlso $ owner $ ou $ o $
+ description $ member ) )
diff --git a/files/schema/samba.schema b/files/schema/samba.schema
new file mode 100644
index 0000000..c98666a
--- /dev/null
+++ b/files/schema/samba.schema
@@ -0,0 +1,586 @@
+##
+## schema file for OpenLDAP 2.x
+## Schema for storing Samba user accounts and group maps in LDAP
+## OIDs are owned by the Samba Team
+##
+## Prerequisite schemas - uid (cosine.schema)
+## - displayName (inetorgperson.schema)
+## - gidNumber (nis.schema)
+##
+## 1.3.6.1.4.1.7165.2.1.x - attributetypes
+## 1.3.6.1.4.1.7165.2.2.x - objectclasses
+##
+## Printer support
+## 1.3.6.1.4.1.7165.2.3.1.x - attributetypes
+## 1.3.6.1.4.1.7165.2.3.2.x - objectclasses
+##
+## Samba4
+## 1.3.6.1.4.1.7165.4.1.x - attributetypes
+## 1.3.6.1.4.1.7165.4.2.x - objectclasses
+## 1.3.6.1.4.1.7165.4.3.x - LDB/LDAP Controls
+## 1.3.6.1.4.1.7165.4.4.x - LDB/LDAP Extended Operations
+## 1.3.6.1.4.1.7165.4.255.x - mapped OIDs due to conflicts between AD and standards-track
+##
+## ----- READ THIS WHEN ADDING A NEW ATTRIBUTE OR OBJECT CLASS ------
+##
+## Run the 'get_next_oid' bash script in this directory to find the
+## next available OID for attribute type and object classes.
+##
+## $ ./get_next_oid
+## attributetype ( 1.3.6.1.4.1.7165.2.1.XX NAME ....
+## objectclass ( 1.3.6.1.4.1.7165.2.2.XX NAME ....
+##
+## Also ensure that new entries adhere to the declaration style
+## used throughout this file
+##
+## ( 1.3.6.1.4.1.7165.2.XX.XX NAME ....
+## ^ ^ ^
+##
+## The spaces are required for the get_next_oid script (and for
+## readability).
+##
+## ------------------------------------------------------------------
+
+# objectIdentifier SambaRoot 1.3.6.1.4.1.7165
+# objectIdentifier Samba3 SambaRoot:2
+# objectIdentifier Samba3Attrib Samba3:1
+# objectIdentifier Samba3ObjectClass Samba3:2
+# objectIdentifier Samba4 SambaRoot:4
+
+########################################################################
+## HISTORICAL ##
+########################################################################
+
+##
+## Password hashes
+##
+#attributetype ( 1.3.6.1.4.1.7165.2.1.1 NAME 'lmPassword'
+# DESC 'LanManager Passwd'
+# EQUALITY caseIgnoreIA5Match
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
+
+#attributetype ( 1.3.6.1.4.1.7165.2.1.2 NAME 'ntPassword'
+# DESC 'NT Passwd'
+# EQUALITY caseIgnoreIA5Match
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
+
+##
+## Account flags in string format ([UWDX ])
+##
+#attributetype ( 1.3.6.1.4.1.7165.2.1.4 NAME 'acctFlags'
+# DESC 'Account Flags'
+# EQUALITY caseIgnoreIA5Match
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE )
+
+##
+## Password timestamps & policies
+##
+#attributetype ( 1.3.6.1.4.1.7165.2.1.3 NAME 'pwdLastSet'
+# DESC 'NT pwdLastSet'
+# EQUALITY integerMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+#attributetype ( 1.3.6.1.4.1.7165.2.1.5 NAME 'logonTime'
+# DESC 'NT logonTime'
+# EQUALITY integerMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+#attributetype ( 1.3.6.1.4.1.7165.2.1.6 NAME 'logoffTime'
+# DESC 'NT logoffTime'
+# EQUALITY integerMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+#attributetype ( 1.3.6.1.4.1.7165.2.1.7 NAME 'kickoffTime'
+# DESC 'NT kickoffTime'
+# EQUALITY integerMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+#attributetype ( 1.3.6.1.4.1.7165.2.1.8 NAME 'pwdCanChange'
+# DESC 'NT pwdCanChange'
+# EQUALITY integerMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+#attributetype ( 1.3.6.1.4.1.7165.2.1.9 NAME 'pwdMustChange'
+# DESC 'NT pwdMustChange'
+# EQUALITY integerMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+##
+## string settings
+##
+#attributetype ( 1.3.6.1.4.1.7165.2.1.10 NAME 'homeDrive'
+# DESC 'NT homeDrive'
+# EQUALITY caseIgnoreIA5Match
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE )
+
+#attributetype ( 1.3.6.1.4.1.7165.2.1.11 NAME 'scriptPath'
+# DESC 'NT scriptPath'
+# EQUALITY caseIgnoreIA5Match
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )
+
+#attributetype ( 1.3.6.1.4.1.7165.2.1.12 NAME 'profilePath'
+# DESC 'NT profilePath'
+# EQUALITY caseIgnoreIA5Match
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )
+
+#attributetype ( 1.3.6.1.4.1.7165.2.1.13 NAME 'userWorkstations'
+# DESC 'userWorkstations'
+# EQUALITY caseIgnoreIA5Match
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )
+
+#attributetype ( 1.3.6.1.4.1.7165.2.1.17 NAME 'smbHome'
+# DESC 'smbHome'
+# EQUALITY caseIgnoreIA5Match
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
+
+#attributetype ( 1.3.6.1.4.1.7165.2.1.18 NAME 'domain'
+# DESC 'Windows NT domain to which the user belongs'
+# EQUALITY caseIgnoreIA5Match
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
+
+##
+## user and group RID
+##
+#attributetype ( 1.3.6.1.4.1.7165.2.1.14 NAME 'rid'
+# DESC 'NT rid'
+# EQUALITY integerMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+#attributetype ( 1.3.6.1.4.1.7165.2.1.15 NAME 'primaryGroupID'
+# DESC 'NT Group RID'
+# EQUALITY integerMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+##
+## The smbPasswordEntry objectclass has been depreciated in favor of the
+## sambaAccount objectclass
+##
+#objectclass ( 1.3.6.1.4.1.7165.2.2.1 NAME 'smbPasswordEntry' SUP top AUXILIARY
+# DESC 'Samba smbpasswd entry'
+# MUST ( uid $ uidNumber )
+# MAY ( lmPassword $ ntPassword $ pwdLastSet $ acctFlags ))
+
+#objectclass ( 1.3.6.1.4.1.7165.2.2.2 NAME 'sambaAccount' SUP top STRUCTURAL
+# DESC 'Samba Account'
+# MUST ( uid $ rid )
+# MAY ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
+# logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $
+# displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $
+# description $ userWorkstations $ primaryGroupID $ domain ))
+
+#objectclass ( 1.3.6.1.4.1.7165.2.2.3 NAME 'sambaAccount' SUP top AUXILIARY
+# DESC 'Samba Auxiliary Account'
+# MUST ( uid $ rid )
+# MAY ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
+# logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $
+# displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $
+# description $ userWorkstations $ primaryGroupID $ domain ))
+
+########################################################################
+## END OF HISTORICAL ##
+########################################################################
+
+#######################################################################
+## Attributes used by Samba 3.0 schema ##
+#######################################################################
+
+##
+## Password hashes
+##
+attributetype ( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword'
+ DESC 'LanManager Password'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword'
+ DESC 'MD4 hash of the unicode password'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
+
+##
+## Account flags in string format ([UWDX ])
+##
+attributetype ( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags'
+ DESC 'Account Flags'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE )
+
+##
+## Password timestamps & policies
+##
+attributetype ( 1.3.6.1.4.1.7165.2.1.27 NAME 'sambaPwdLastSet'
+ DESC 'Timestamp of the last password update'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.28 NAME 'sambaPwdCanChange'
+ DESC 'Timestamp of when the user is allowed to update the password'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange'
+ DESC 'Timestamp of when the password will expire'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.30 NAME 'sambaLogonTime'
+ DESC 'Timestamp of last logon'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.31 NAME 'sambaLogoffTime'
+ DESC 'Timestamp of last logoff'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.32 NAME 'sambaKickoffTime'
+ DESC 'Timestamp of when the user will be logged off automatically'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.48 NAME 'sambaBadPasswordCount'
+ DESC 'Bad password attempt count'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.49 NAME 'sambaBadPasswordTime'
+ DESC 'Time of the last bad password attempt'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.55 NAME 'sambaLogonHours'
+ DESC 'Logon Hours'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{42} SINGLE-VALUE )
+
+##
+## string settings
+##
+attributetype ( 1.3.6.1.4.1.7165.2.1.33 NAME 'sambaHomeDrive'
+ DESC 'Driver letter of home directory mapping'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.34 NAME 'sambaLogonScript'
+ DESC 'Logon script path'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.35 NAME 'sambaProfilePath'
+ DESC 'Roaming profile path'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.36 NAME 'sambaUserWorkstations'
+ DESC 'List of user workstations the user is allowed to logon to'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.37 NAME 'sambaHomePath'
+ DESC 'Home directory UNC path'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.38 NAME 'sambaDomainName'
+ DESC 'Windows NT domain to which the user belongs'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial'
+ DESC 'Base64 encoded user parameter string'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.54 NAME 'sambaPasswordHistory'
+ DESC 'Concatenated MD5 hashes of the salted NT passwords used on this account'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} )
+
+##
+## SID, of any type
+##
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID'
+ DESC 'Security ID'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
+
+##
+## Primary group SID, compatible with ntSid
+##
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.23 NAME 'sambaPrimaryGroupSID'
+ DESC 'Primary Group Security ID'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.51 NAME 'sambaSIDList'
+ DESC 'Security ID List'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} )
+
+##
+## group mapping attributes
+##
+attributetype ( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType'
+ DESC 'NT Group Type'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+##
+## Store info on the domain
+##
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.21 NAME 'sambaNextUserRid'
+ DESC 'Next NT rid to give our for users'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.22 NAME 'sambaNextGroupRid'
+ DESC 'Next NT rid to give out for groups'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.39 NAME 'sambaNextRid'
+ DESC 'Next NT rid to give out for anything'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.40 NAME 'sambaAlgorithmicRidBase'
+ DESC 'Base at which the samba RID generation algorithm should operate'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.41 NAME 'sambaShareName'
+ DESC 'Share Name'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.42 NAME 'sambaOptionName'
+ DESC 'Option Name'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.43 NAME 'sambaBoolOption'
+ DESC 'A boolean option'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.44 NAME 'sambaIntegerOption'
+ DESC 'An integer option'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.45 NAME 'sambaStringOption'
+ DESC 'A string option'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.46 NAME 'sambaStringListOption'
+ DESC 'A string list option'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+
+##attributetype ( 1.3.6.1.4.1.7165.2.1.50 NAME 'sambaPrivName'
+## SUP name )
+
+##attributetype ( 1.3.6.1.4.1.7165.2.1.52 NAME 'sambaPrivilegeList'
+## DESC 'Privileges List'
+## EQUALITY caseIgnoreIA5Match
+## SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.53 NAME 'sambaTrustFlags'
+ DESC 'Trust Password Flags'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+# "min password length"
+attributetype ( 1.3.6.1.4.1.7165.2.1.58 NAME 'sambaMinPwdLength'
+ DESC 'Minimal password length (default: 5)'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+# "password history"
+attributetype ( 1.3.6.1.4.1.7165.2.1.59 NAME 'sambaPwdHistoryLength'
+ DESC 'Length of Password History Entries (default: 0 => off)'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+# "user must logon to change password"
+attributetype ( 1.3.6.1.4.1.7165.2.1.60 NAME 'sambaLogonToChgPwd'
+ DESC 'Force Users to logon for password change (default: 0 => off, 2 => on)'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+# "maximum password age"
+attributetype ( 1.3.6.1.4.1.7165.2.1.61 NAME 'sambaMaxPwdAge'
+ DESC 'Maximum password age, in seconds (default: -1 => never expire passwords)'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+# "minimum password age"
+attributetype ( 1.3.6.1.4.1.7165.2.1.62 NAME 'sambaMinPwdAge'
+ DESC 'Minimum password age, in seconds (default: 0 => allow immediate password change)'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+# "lockout duration"
+attributetype ( 1.3.6.1.4.1.7165.2.1.63 NAME 'sambaLockoutDuration'
+ DESC 'Lockout duration in minutes (default: 30, -1 => forever)'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+# "reset count minutes"
+attributetype ( 1.3.6.1.4.1.7165.2.1.64 NAME 'sambaLockoutObservationWindow'
+ DESC 'Reset time after lockout in minutes (default: 30)'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+# "bad lockout attempt"
+attributetype ( 1.3.6.1.4.1.7165.2.1.65 NAME 'sambaLockoutThreshold'
+ DESC 'Lockout users after bad logon attempts (default: 0 => off)'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+# "disconnect time"
+attributetype ( 1.3.6.1.4.1.7165.2.1.66 NAME 'sambaForceLogoff'
+ DESC 'Disconnect Users outside logon hours (default: -1 => off, 0 => on)'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+# "refuse machine password change"
+attributetype ( 1.3.6.1.4.1.7165.2.1.67 NAME 'sambaRefuseMachinePwdChange'
+ DESC 'Allow Machine Password changes (default: 0 => off)'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+#
+attributetype ( 1.3.6.1.4.1.7165.2.1.68 NAME 'sambaClearTextPassword'
+ DESC 'Clear text password (used for trusted domain passwords)'
+ EQUALITY octetStringMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
+
+#
+attributetype ( 1.3.6.1.4.1.7165.2.1.69 NAME 'sambaPreviousClearTextPassword'
+ DESC 'Previous clear text password (used for trusted domain passwords)'
+ EQUALITY octetStringMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.311.1.1.1 NAME 'univentionSamba4SID'
+ DESC 'This attribute contains for samba3 / samba4 migration scenarios the SID of the corresponding s4 user'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.311.1.1.2 NAME 'univentionSamba4pwdProperties'
+ DESC 'Password Properties. Part of Domain Policy. A bitfield to indicate complexity and storage restrictions.'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+
+#######################################################################
+## objectClasses used by Samba 3.0 schema ##
+#######################################################################
+
+## The X.500 data model (and therefore LDAPv3) says that each entry can
+## only have one structural objectclass. OpenLDAP 2.0 does not enforce
+## this currently but will in v2.1
+
+##
+## added new objectclass (and OID) for 3.0 to help us deal with backwards
+## compatibility with 2.2 installations (e.g. ldapsam_compat) --jerry
+##
+objectclass ( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' SUP top AUXILIARY
+ DESC 'Samba 3.0 Auxilary SAM Account'
+ MUST ( uid $ sambaSID )
+ MAY ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $
+ sambaLogonTime $ sambaLogoffTime $ sambaKickoffTime $
+ sambaPwdCanChange $ sambaPwdMustChange $ sambaAcctFlags $
+ displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScript $
+ sambaProfilePath $ description $ sambaUserWorkstations $
+ sambaPrimaryGroupSID $ sambaDomainName $ sambaMungedDial $
+ sambaBadPasswordCount $ sambaBadPasswordTime $ univentionSamba4SID $
+ sambaPasswordHistory $ sambaLogonHours))
+
+##
+## Group mapping info
+##
+objectclass ( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' SUP top AUXILIARY
+ DESC 'Samba Group Mapping'
+ MUST ( gidNumber $ sambaSID $ sambaGroupType )
+ MAY ( displayName $ description $ sambaSIDList $ univentionSamba4SID ))
+
+##
+## Trust password for trust relationships (any kind)
+##
+objectclass ( 1.3.6.1.4.1.7165.2.2.14 NAME 'sambaTrustPassword' SUP top STRUCTURAL
+ DESC 'Samba Trust Password'
+ MUST ( sambaDomainName $ sambaNTPassword $ sambaTrustFlags )
+ MAY ( sambaSID $ sambaPwdLastSet ))
+
+##
+## Trust password for trusted domains
+## (to be stored beneath the trusting sambaDomain object in the DIT)
+##
+objectclass ( 1.3.6.1.4.1.7165.2.2.15 NAME 'sambaTrustedDomainPassword' SUP top STRUCTURAL
+ DESC 'Samba Trusted Domain Password'
+ MUST ( sambaDomainName $ sambaSID $
+ sambaClearTextPassword $ sambaPwdLastSet )
+ MAY ( sambaPreviousClearTextPassword ))
+
+##
+## Whole-of-domain info
+##
+objectclass ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' SUP top STRUCTURAL
+ DESC 'Samba Domain Information'
+ MUST ( sambaDomainName $
+ sambaSID )
+ MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $
+ sambaAlgorithmicRidBase $
+ sambaMinPwdLength $ sambaPwdHistoryLength $ sambaLogonToChgPwd $
+ sambaMaxPwdAge $ sambaMinPwdAge $
+ sambaLockoutDuration $ sambaLockoutObservationWindow $ sambaLockoutThreshold $
+ sambaForceLogoff $ sambaRefuseMachinePwdChange $
+ univentionSamba4pwdProperties ))
+
+##
+## used for idmap_ldap module
+##
+objectclass ( 1.3.6.1.4.1.7165.2.2.7 NAME 'sambaUnixIdPool' SUP top AUXILIARY
+ DESC 'Pool for allocating UNIX uids/gids'
+ MUST ( uidNumber $ gidNumber ) )
+
+
+objectclass ( 1.3.6.1.4.1.7165.2.2.8 NAME 'sambaIdmapEntry' SUP top AUXILIARY
+ DESC 'Mapping from a SID to an ID'
+ MUST ( sambaSID )
+ MAY ( uidNumber $ gidNumber ) )
+
+objectclass ( 1.3.6.1.4.1.7165.2.2.9 NAME 'sambaSidEntry' SUP top STRUCTURAL
+ DESC 'Structural Class for a SID'
+ MUST ( sambaSID ) )
+
+objectclass ( 1.3.6.1.4.1.7165.2.2.10 NAME 'sambaConfig' SUP top AUXILIARY
+ DESC 'Samba Configuration Section'
+ MAY ( description ) )
+
+objectclass ( 1.3.6.1.4.1.7165.2.2.11 NAME 'sambaShare' SUP top STRUCTURAL
+ DESC 'Samba Share Section'
+ MUST ( sambaShareName )
+ MAY ( description ) )
+
+objectclass ( 1.3.6.1.4.1.7165.2.2.12 NAME 'sambaConfigOption' SUP top STRUCTURAL
+ DESC 'Samba Configuration Option'
+ MUST ( sambaOptionName )
+ MAY ( sambaBoolOption $ sambaIntegerOption $ sambaStringOption $
+ sambaStringListoption $ description ) )
+
+
+## retired during privilege rewrite
+##objectclass ( 1.3.6.1.4.1.7165.2.2.13 NAME 'sambaPrivilege' SUP top AUXILIARY
+## DESC 'Samba Privilege'
+## MUST ( sambaSID )
+## MAY ( sambaPrivilegeList ) )
diff --git a/files/schema/self-service-passwordreset.schema b/files/schema/self-service-passwordreset.schema
new file mode 100644
index 0000000..1c6ba73
--- /dev/null
+++ b/files/schema/self-service-passwordreset.schema
@@ -0,0 +1,22 @@
+#using namespace 1.3.6.1.4.1.10176.3000.*
+
+# copied from core.schema : mail / rfc822Mailbox
+attributetype ( 1.3.6.1.4.1.10176.3000.101
+ NAME 'univentionPasswordSelfServiceEmail'
+ DESC 'Email address for password recovery'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )
+
+# copied from cosine.schema : mobile / mobileTelephoneNumber
+attributetype ( 1.3.6.1.4.1.10176.3000.102
+ NAME 'univentionPasswordSelfServiceMobile'
+ DESC 'Mobile number for password recovery'
+ EQUALITY telephoneNumberMatch
+ SUBSTR telephoneNumberSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
+
+objectclass ( 1.3.6.1.4.1.10176.3000.100 NAME 'univentionPasswordSelfService'
+ DESC 'Data for the password reset service'
+ SUP top AUXILIARY
+ MAY ( univentionPasswordSelfServiceEmail $ univentionPasswordSelfServiceMobile ) )
diff --git a/files/schema/share.schema b/files/schema/share.schema
new file mode 100644
index 0000000..402d4cd
--- /dev/null
+++ b/files/schema/share.schema
@@ -0,0 +1,374 @@
+# Copyright 2004-2017 Univention GmbH
+#
+# http://www.univention.de/
+#
+# All rights reserved.
+#
+# The source code of this program is made available
+# under the terms of the GNU Affero General Public License version 3
+# (GNU AGPL V3) as published by the Free Software Foundation.
+#
+# Binary versions of this program provided by Univention to you as
+# well as other copyrighted, protected or trademarked materials like
+# Logos, graphics, fonts, specific documentations and configurations,
+# cryptographic keys etc. are subject to a license agreement between
+# you and Univention and not subject to the GNU AGPL V3.
+#
+# In the case you use this program under the terms of the GNU AGPL V3,
+# the program is provided in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public
+# License with the Debian GNU/Linux or Univention distribution in file
+# /usr/share/common-licenses/AGPL-3; if not, see
+# .
+
+# share.schema
+# $Id: share.schema,v 1.5.2.2.2.4.2.5 2006/12/01 07:45:41 andreas Exp $
+
+# $OID: 1.3.6.1.4.1.10176.1001 (Shares) $
+
+# $OID: 1.3.6.1.4.1.10176.1001.1 (Shares/General) $
+
+attributetype ( 1.3.6.1.4.1.10176.1001.1.1.1 NAME 'univentionShareHost'
+ DESC 'host the share is located on'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.1001.1.1.2 NAME 'univentionSharePath'
+ DESC 'path of share on host'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1001.1.1.3 NAME 'univentionShareWriteable'
+ DESC 'is share writeable'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.1001.1.1.4 NAME 'univentionShareReplicateFrom'
+ DESC 'replicate share from given share'
+ SUP distinguishedName )
+
+attributetype ( 1.3.6.1.4.1.10176.1001.1.1.5 NAME 'univentionShareDirectoryMode'
+ DESC 'mode of the shared directory'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.1001.1.1.6 NAME 'univentionShareUid'
+ DESC 'owner uid of the shared directory'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.1001.1.1.7 NAME 'univentionShareGid'
+ DESC 'group gid of the shared directory'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+objectclass ( 1.3.6.1.4.1.10176.1001.1.2.1 NAME 'univentionShare'
+ STRUCTURAL
+ DESC 'share'
+ MUST ( cn $ univentionShareHost $ univentionSharePath )
+ MAY ( description $ univentionShareWriteable $ univentionShareDirectoryMode $ univentionShareGid $ univentionShareUid ))
+
+objectclass ( 1.3.6.1.4.1.10176.1001.1.2.2 NAME 'univentionShareReplication'
+ AUXILIARY
+ DESC 'replicate share from other share'
+ MUST ( univentionShareReplicateFrom ))
+
+# $OID: 1.3.6.1.4.1.10176.1001.2 (Shares/Samba) $
+
+attributetype ( 1.3.6.1.4.1.10176.1001.2.1.1 NAME 'univentionShareSambaName'
+ DESC 'samba name of share'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1001.2.1.2 NAME 'univentionShareSambaCreateMode'
+ DESC 'create mode'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.1001.2.1.3 NAME 'univentionShareSambaDirectoryMode'
+ DESC 'directory mode'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.1001.2.1.4 NAME 'univentionShareSambaPublic'
+ DESC 'allow guest access'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.1001.2.1.5 NAME 'univentionShareSambaBrowseable'
+ DESC 'is share listed'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.1001.2.1.6 NAME 'univentionShareSambaForceCreateMode'
+ DESC 'force create mode'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.1001.2.1.7 NAME 'univentionShareSambaForceDirectoryMode'
+ DESC 'force directory mode'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.1001.2.1.8 NAME 'univentionShareSambaSecurityMode'
+ DESC 'security mode'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.1001.2.1.9 NAME 'univentionShareSambaDirectorySecurityMode'
+ DESC 'security mode'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.1001.2.1.10 NAME 'univentionShareSambaForceSecurityMode'
+ DESC 'force security mode'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.1001.2.1.11 NAME 'univentionShareSambaForceDirectorySecurityMode'
+ DESC 'force security mode'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.1001.2.1.12 NAME 'univentionShareSambaLocking'
+ DESC 'locking'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.1001.2.1.13 NAME 'univentionShareSambaBlockingLocks'
+ DESC 'blocking locks'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.1001.2.1.14 NAME 'univentionShareSambaStrictLocking'
+ DESC 'strict locking'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.1001.2.1.15 NAME 'univentionShareSambaOplocks'
+ DESC 'oplocks'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.1001.2.1.16 NAME 'univentionShareSambaLevel2Oplocks'
+ DESC 'level2 oplocks'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.1001.2.1.17 NAME 'univentionShareSambaFakeOplocks'
+ DESC 'fake oplocks'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.1001.2.1.18 NAME 'univentionShareSambaBlockSize'
+ DESC 'block size'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.1001.2.1.19 NAME 'univentionShareSambaCscPolicy'
+ DESC 'csc policy'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.1001.2.1.20 NAME 'univentionShareSambaValidUsers'
+ DESC 'user'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1001.2.1.21 NAME 'univentionShareSambaForceUser'
+ DESC 'force user'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1001.2.1.22 NAME 'univentionShareSambaForceGroup'
+ DESC 'force group'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1001.2.1.24 NAME 'univentionShareSambaHideFiles'
+ DESC 'hide files'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1001.2.1.25 NAME 'univentionShareSambaNtAclSupport'
+ DESC 'nt acl support'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.1001.2.1.26 NAME 'univentionShareSambaInheritAcls'
+ DESC 'inherit acls'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.1001.2.1.27 NAME 'univentionShareSambaPostexec'
+ DESC 'postexec'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.1001.2.1.28 NAME 'univentionShareSambaPreexec'
+ DESC 'preexec'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.1001.2.1.29 NAME 'univentionShareSambaWriteable'
+ DESC 'is share writable'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.1001.2.1.30 NAME 'univentionShareSambaWriteList'
+ DESC 'write list'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1001.2.1.31 NAME 'univentionShareSambaVFSObjects'
+ DESC 'vfs objects'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.1001.2.1.32 NAME 'univentionShareSambaInheritOwner'
+ DESC 'inherit owner'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.1001.2.1.33 NAME 'univentionShareSambaInheritPermissions'
+ DESC 'inherit permissions'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.1001.2.1.34 NAME 'univentionShareSambaHostsAllow'
+ DESC 'define hosts that are allowed to connect'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.1001.2.1.35 NAME 'univentionShareSambaHostsDeny'
+ DESC 'define a list of hosts that are not allowed to connect'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.1001.2.1.36 NAME 'univentionShareSambaInvalidUsers'
+ DESC 'user'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1001.2.1.37 NAME 'univentionShareSambaMSDFS'
+ DESC 'is share msfds root'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.1001.2.1.38 NAME 'univentionShareSambaDosFilemode'
+ DESC 'Owner group may modify access rights'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.1001.2.1.39 NAME 'univentionShareSambaHideUnreadable'
+ DESC 'Hide unreadable files/directories'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.1001.2.1.40 NAME 'univentionShareSambaCustomSetting'
+ DESC 'custom samba setting for samba share (key = value)'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+objectclass ( 1.3.6.1.4.1.10176.1001.2.2.1 NAME 'univentionShareSamba'
+ AUXILIARY
+ DESC 'Samba share'
+ MUST ( univentionShareSambaName )
+ MAY (
+ univentionShareSambaBrowseable $
+ univentionShareSambaPublic $
+ univentionShareSambaCreateMode $
+ univentionShareSambaDirectoryMode $
+ univentionShareSambaForceCreateMode $
+ univentionShareSambaForceDirectoryMode $
+ univentionShareSambaSecurityMode $
+ univentionShareSambaDirectorySecurityMode $
+ univentionShareSambaForceSecurityMode $
+ univentionShareSambaForceDirectorySecurityMode $
+ univentionShareSambaLocking $
+ univentionShareSambaBlockingLocks $
+ univentionShareSambaStrictLocking $
+ univentionShareSambaOplocks $
+ univentionShareSambaLevel2Oplocks $
+ univentionShareSambaFakeOplocks $
+ univentionShareSambaBlockSize $
+ univentionShareSambaCscPolicy $
+ univentionShareSambaValidUsers $
+ univentionShareSambaInvalidUsers $
+ univentionShareSambaForceUser $
+ univentionShareSambaForceGroup $
+ univentionShareSambaHideFiles $
+ univentionShareSambaNtAclSupport $
+ univentionShareSambaInheritAcls $
+ univentionShareSambaPostexec $
+ univentionShareSambaPreexec $
+ univentionShareSambaWriteable $
+ univentionShareSambaWriteList $
+ univentionShareSambaVFSObjects $
+ univentionShareSambaMSDFS $
+ univentionShareSambaInheritOwner $
+ univentionShareSambaInheritPermissions $
+ univentionShareSambaHostsAllow $
+ univentionShareSambaHostsDeny $
+ univentionShareSambaDosFilemode $
+ univentionShareSambaHideUnreadable $
+ univentionShareSambaCustomSetting ))
+
+# $OID: 1.3.6.1.4.1.10176.1001.3 (Shares/NFS) $
+
+attributetype ( 1.3.6.1.4.1.10176.1001.3.1.1 NAME 'univentionShareNFSSync'
+ DESC 'sync or async nfs share'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.1001.3.1.2 NAME 'univentionShareNFSRootSquash'
+ DESC 'enable or disable root squashing in NFS mounts'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.1001.3.1.3 NAME 'univentionShareNFSAllowed'
+ DESC 'Hosts or network that may mount this share'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.1001.3.1.4 NAME 'univentionShareNFSSubTree'
+ DESC 'enable or disable sub tree checking for shares'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.1001.3.1.5 NAME 'univentionShareNFSCustomSetting'
+ DESC 'custom nfs setting for nfs share'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+objectclass ( 1.3.6.1.4.1.10176.1001.4.1.1 NAME 'univentionShareNFS'
+ AUXILIARY
+ DESC 'NFS share'
+ MAY ( univentionShareNFSSync $ univentionShareNFSRootSquash $ univentionShareNFSAllowed $ univentionShareNFSSubTree $ univentionShareNFSCustomSetting) )
+
+attributetype ( 1.3.6.1.4.1.10176.1001.4.1.1 NAME 'univentionShareWebaccessName'
+ DESC 'Name of the Webaccess Share'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.1001.4.1.2 NAME 'univentionShareWebaccessIpaddress'
+ DESC 'IP address of the Webaccess Share'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.1001.4.1.3 NAME 'univentionShareWebaccessHordeauth'
+ DESC 'Use the horde credentials for the access'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+
+objectclass ( 1.3.6.1.4.1.10176.1001.4.2.1 NAME 'univentionShareWebaccess'
+ AUXILIARY
+ DESC 'Webaccess share'
+ MAY ( univentionShareWebaccessName $ univentionShareWebaccessIpaddress $ univentionShareWebaccessHordeauth ) )
diff --git a/files/schema/solaris.schema b/files/schema/solaris.schema
new file mode 100644
index 0000000..8bcff67
--- /dev/null
+++ b/files/schema/solaris.schema
@@ -0,0 +1,183 @@
+# solaris.schema
+# ''works in progress and incomplete''.
+# It would help if sun would publish this information!
+# If you have any comments/suggestion/correction
+# please let me know (igor@ipass.net)
+#
+# Some correction on oid and attributetype
+# were made by Marc Bourget (bourget@up2.com)
+# Up2 Technologies (div. Teleglobe Communication Corp)
+# oid number and additional attributetype were taken from:
+# Solaris and LDAP Naming Service, Deploying LDAP in the Enterprise.
+# Tom Bialanski and Michael Haines, Sun Microsystems Press,
+# A Prentice Hall Title, 2001, ISBN 0-13-030678-9
+
+# Sun nisMapEntry attributes
+attributetype ( 1.3.6.1.1.1.1.28
+ NAME 'nisPublickey'
+ DESC 'nisPublickey'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.1.1.1.29
+ NAME 'nisSecretkey'
+ DESC 'nisSecretkey'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.1.1.1.12 SUP name
+ NAME 'nisDomain' )
+
+# Sun additional attributes to RFC2307 attributes (NIS)
+attributetype ( 2.16.840.1.113730.3.1.30
+ NAME 'mgrpRFC822MailMember'
+ DESC 'mgrpRFC822MailMember'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+#attributetype ( 1.3.6.1.4.1.42.2.27.2.1.15
+# NAME 'rfc822MailMember'
+# DESC 'rfc822MailMember'
+# EQUALITY caseIgnoreIA5Match
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.1.1.12
+ NAME 'nisNetIdUser'
+ DESC 'nisNetIdUser'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.1.1.13
+ NAME 'nisNetIdGroup'
+ DESC 'nisNetIdGroup'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.1.1.14
+ NAME 'nisNetIdHost'
+ DESC 'nisNetIdHost'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+# Sun NIS publickey objectclass
+objectclass ( 1.3.6.1.1.1.2.14
+ NAME 'NisKeyObject'
+ DESC 'NisKeyObject'
+ SUP top
+ MUST ( cn $ nisPublickey $ nisSecretkey )
+ MAY ( uidNumber $ description ) )
+
+# Sun NIS domain objectclass
+objectclass ( 1.3.1.6.1.1.1.2.15
+ NAME 'nisDomainObject'
+ DESC 'nisDomainObject'
+ SUP top AUXILIARY
+ MUST ( nisDomain ) )
+
+# Sun NIS mailGroup objectclass
+objectclass ( 2.16.840.1.113730.3.2.4
+ NAME 'mailGroup'
+ DESC 'mailGroup'
+ SUP top
+ MUST ( mail )
+ MAY ( cn $ mgrpRFC822MailMember ) )
+
+# Sun NIS nisMailAlias objectclass
+#objectclass ( 1.3.6.1.4.1.42.2.27.1.2.5
+# NAME 'nisMailAlias'
+# DESC 'nisMailAlias'
+# SUP top
+# MUST ( cn )
+# MAY ( rfc822mailMember ) )
+
+# Sun NIS nisNetId objectclass
+objectclass ( 1.3.6.1.4.1.42.2.27.1.2.6
+ NAME 'nisNetId'
+ DESC 'nisNetId'
+ SUP top
+ MUST ( cn )
+ MAY ( nisNetIdUser $ nisNetIdGroup $ nisNetIdHost ) )
+
+# Below is optional unless you want to use ldap_gen_profile
+attributetype ( 1.3.6.1.4.1.42.2.27.5.1.15 SUP name
+ NAME 'SolarisLDAPServers'
+ DESC 'SolarisLDAPServers'
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.5.1.16 SUP name
+ NAME 'SolarisSearchBaseDN'
+ DESC 'SolarisSearchBaseDN'
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.5.1.17
+ NAME 'SolarisCacheTTL'
+ DESC 'SolarisCacheTTL'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.5.1.18 SUP name
+ NAME 'SolarisBindDN'
+ DESC 'SolarisBindDN'
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.5.1.19 SUP name
+ NAME 'SolarisBindPassword'
+ DESC 'SolarisBindPassword'
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.5.1.20 SUP name
+ NAME 'SolarisAuthMethod'
+ DESC 'SolarisAuthMethod'
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.5.1.21 SUP name
+ NAME 'SolarisTransportSecurity'
+ DESC 'SolarisTransportSecurity'
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.5.1.24 SUP name
+ NAME 'SolarisDataSearchDN'
+ DESC 'SolarisDataSearchDN'
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.5.1.25 SUP name
+ NAME 'SolarisSearchScope'
+ DESC 'SolarisSearchScope'
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.5.1.26
+ NAME 'SolarisSearchTimeLimit'
+ DESC 'SolarisSearchTimeLimit'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.5.1.27 SUP name
+ NAME 'SolarisPreferedServer'
+ DESC 'SolarisPreferedServer' )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.5.1.28 SUP name
+ NAME 'SolarisPreferedServerOnly'
+ DESC 'SolarisPreferedServerOnly'
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.5.1.29 SUP name
+ NAME 'SolarisSearchReferral'
+ DESC 'SolarisSearchReferral'
+ SINGLE-VALUE )
+
+objectclass ( 1.3.6.1.4.1.42.2.27.5.2.7
+ NAME 'SolarisNamingProfile'
+ DESC 'Solaris LDAP NSS Profile'
+ SUP top AUXILIARY
+ MUST ( cn $ SolarisLDAPServers )
+ MAY ( SolarisBindDN $ SolarisBindPassword $
+ SolarisSearchBaseDN $ SolarisAuthMethod $
+ SolarisTransportSecurity $ SolarisSearchReferral $
+ SolarisDataSearchDN $ SolarisSearchScope $
+ SolarisSearchTimeLimit $ SolarisCacheTTL ) )
+
+# End of solaris.schema
+
+
diff --git a/files/schema/template.schema b/files/schema/template.schema
new file mode 100644
index 0000000..b15b235
--- /dev/null
+++ b/files/schema/template.schema
@@ -0,0 +1,78 @@
+# Copyright 2004-2017 Univention GmbH
+#
+# http://www.univention.de/
+#
+# All rights reserved.
+#
+# The source code of this program is made available
+# under the terms of the GNU Affero General Public License version 3
+# (GNU AGPL V3) as published by the Free Software Foundation.
+#
+# Binary versions of this program provided by Univention to you as
+# well as other copyrighted, protected or trademarked materials like
+# Logos, graphics, fonts, specific documentations and configurations,
+# cryptographic keys etc. are subject to a license agreement between
+# you and Univention and not subject to the GNU AGPL V3.
+#
+# In the case you use this program under the terms of the GNU AGPL V3,
+# the program is provided in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public
+# License with the Debian GNU/Linux or Univention distribution in file
+# /usr/share/common-licenses/AGPL-3; if not, see
+# .
+
+attributetype ( 1.3.6.1.4.1.10176.1001.12.1.1 NAME 'userDisabledPreset'
+ DESC 'Preset Disable in univentionUserTemplate'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.1001.12.1.2 NAME 'userHomeSharePreset'
+ DESC 'Preset Homeshare in univentionUserTemplate'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.1001.12.1.3 NAME 'userPrimaryGroupPreset'
+ DESC 'Preset primaryGroup in univentionUserTemplate'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.1001.12.1.4 NAME 'userGroupsPreset'
+ DESC 'Preset groups in univentionUserTemplate'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.1001.12.1.5 NAME 'userPwdMustChangePreset'
+ DESC 'Preset Disable in univentionUserTemplate'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.1001.12.1.6 NAME 'userHomeSharePathPreset'
+ DESC 'Preset Homeshare in univentionUserTemplate'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.1001.12.1.7 NAME 'userOptionsPreset'
+ DESC 'Preset options in univentionUserTemplate'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+objectclass ( 1.3.6.1.4.1.10176.1001.12.2.1 NAME 'univentionUserTemplate'
+ DESC 'univention Template for users'
+ SUP top STRUCTURAL
+ MUST ( cn )
+ MAY ( description $ title $ o $ mail $ homeDirectory $ displayName $ gecos $ sambaHomePath $ sambaHomeDrive $ sambaLogonScript $
+ sambaProfilepath $ sambaAcctFlags $ sambaKickoffTime $ sambaPwdMustChange $ shadowMax $ shadowLastChange $ shadowExpire $
+ loginShell $ userDisabledPreset $ userHomeSharePreset $ userPrimaryGroupPreset $ userGroupsPreset $
+ userPwdMustChangePreset $ userHomeSharePathPreset $ street $ postalCode $ l $ telephoneNumber $
+ employeeType $ secretary $ mailPrimaryAddress $ mailAlternativeAddress $ mailForwardAddress $ mailGlobalSpamFolder $
+ univentionMailHomeServer $ userOptionsPreset $ sambaMungedDial $ userPassword $ seeAlso $ x121Address $ registeredAddress $
+ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ postOfficeBox $ postalAddress $ physicalDeliveryOfficeName $ ou $ st $ audio $ businessCategory $
+ carLicense $ departmentNumber $ employeeNumber $ givenName $ homePhone $ homePostalAddress $ initials $ jpegPhoto $
+ labeledURI $ mail $ manager $ mobile $ pager $ photo $ roomNumber $ uid $ userCertificate $
+ x500uniqueIdentifier $ preferredLanguage $ userSMIMECertificate $ userPKCS12 )
+ )
diff --git a/files/schema/udm-extension.schema b/files/schema/udm-extension.schema
new file mode 100644
index 0000000..cfeca31
--- /dev/null
+++ b/files/schema/udm-extension.schema
@@ -0,0 +1,118 @@
+# Univention UDM Extension OID: 1.3.6.1.4.1.10176.4203
+#
+#objectIdentifier univention 1.3.6.1.4.1.10176
+#objectIdentifier univentionUDMExtension univention:4203
+objectIdentifier univentionUDMExtension 1.3.6.1.4.1.10176.4203
+objectIdentifier univentionUDMExtensionAttributeType univentionUDMExtension:1
+objectIdentifier univentionUDMExtensionObjectClass univentionUDMExtension:2
+
+#
+
+### Definition for univentionUDMModule
+
+attributetype ( univentionUDMExtensionAttributeType:11 NAME 'univentionUDMModuleFilename'
+ DESC 'UDM module filename'
+ SINGLE-VALUE
+ EQUALITY caseExactMatch
+ SUBSTR caseExactSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( univentionUDMExtensionAttributeType:12 NAME 'univentionUDMModuleData'
+ DESC 'UDM module data'
+ SINGLE-VALUE
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
+
+attributetype ( univentionUDMExtensionAttributeType:13 NAME 'univentionUDMModuleActive'
+ DESC 'Flag indicating availability of the UDM module'
+ SINGLE-VALUE
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
+
+attributetype ( univentionUDMExtensionAttributeType:14 NAME 'univentionUMCIcon'
+ DESC 'UMC icon'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
+
+attributetype ( univentionUDMExtensionAttributeType:15 NAME 'univentionUMCRegistrationData'
+ DESC 'UMC registration data'
+ SINGLE-VALUE
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
+
+attributetype ( univentionUDMExtensionAttributeType:16 NAME 'univentionMessageCatalog'
+ DESC 'GNU message catalog for message translations'
+ SINGLE-VALUE
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
+
+objectclass ( univentionUDMExtensionObjectClass:1 NAME 'univentionUDMModule'
+ DESC 'UCS UDM module'
+ SUP 'univentionObjectMetadata' STRUCTURAL
+ MUST ( cn )
+ MAY ( univentionUDMModuleFilename
+ $ univentionUDMModuleData
+ $ univentionUDMModuleActive
+ $ univentionUMCIcon
+ $ univentionUMCRegistrationData
+ $ univentionMessageCatalog
+ )
+ )
+
+### Definition for univentionUDMHook
+
+attributetype ( univentionUDMExtensionAttributeType:21 NAME 'univentionUDMHookFilename'
+ DESC 'UDM hook filename'
+ SINGLE-VALUE
+ EQUALITY caseExactMatch
+ SUBSTR caseExactSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( univentionUDMExtensionAttributeType:22 NAME 'univentionUDMHookData'
+ DESC 'UDM hook data'
+ SINGLE-VALUE
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
+
+attributetype ( univentionUDMExtensionAttributeType:23 NAME 'univentionUDMHookActive'
+ DESC 'Flag indicating availability of the UDM hook'
+ SINGLE-VALUE
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
+
+objectclass ( univentionUDMExtensionObjectClass:2 NAME 'univentionUDMHook'
+ DESC 'UCS UDM hook'
+ SUP 'univentionObjectMetadata' STRUCTURAL
+ MUST ( cn )
+ MAY ( univentionUDMHookFilename
+ $ univentionUDMHookData
+ $ univentionUDMHookActive
+ $ univentionMessageCatalog
+ )
+ )
+
+### Analogous definition for univentionUDMSyntax
+
+attributetype ( univentionUDMExtensionAttributeType:31 NAME 'univentionUDMSyntaxFilename'
+ DESC 'UDM syntax filename'
+ SINGLE-VALUE
+ EQUALITY caseExactMatch
+ SUBSTR caseExactSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( univentionUDMExtensionAttributeType:32 NAME 'univentionUDMSyntaxData'
+ DESC 'UDM syntax data'
+ SINGLE-VALUE
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
+
+attributetype ( univentionUDMExtensionAttributeType:33 NAME 'univentionUDMSyntaxActive'
+ DESC 'Flag indicating availability of the UDM syntax'
+ SINGLE-VALUE
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
+
+objectclass ( univentionUDMExtensionObjectClass:3 NAME 'univentionUDMSyntax'
+ DESC 'UCS UDM syntax'
+ SUP 'univentionObjectMetadata' STRUCTURAL
+ MUST ( cn )
+ MAY ( univentionUDMSyntaxFilename
+ $ univentionUDMSyntaxData
+ $ univentionUDMSyntaxActive
+ $ univentionMessageCatalog
+ )
+ )
diff --git a/files/schema/univention-app.schema b/files/schema/univention-app.schema
new file mode 100644
index 0000000..97ce66f
--- /dev/null
+++ b/files/schema/univention-app.schema
@@ -0,0 +1,196 @@
+# Univention App Metadata OID: 1.3.6.1.4.1.10176.4204
+#
+#objectIdentifier univention 1.3.6.1.4.1.10176
+#objectIdentifier univentionApp univention:4204
+objectIdentifier univentionApp 1.3.6.1.4.1.10176.4204
+objectIdentifier univentionAppAttributeType univentionApp:1
+objectIdentifier univentionAppObjectClass univentionApp:2
+
+#
+
+### Definition for univentionApp
+
+attributetype ( univentionAppAttributeType:1 NAME 'univentionAppID'
+ DESC 'App ID'
+ SINGLE-VALUE
+ EQUALITY caseExactMatch
+ SUBSTR caseExactSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( univentionAppAttributeType:2 NAME 'univentionAppName'
+ DESC 'App Name'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( univentionAppAttributeType:3 NAME 'univentionAppVersion'
+ DESC 'App Version'
+ SINGLE-VALUE
+ EQUALITY caseExactMatch
+ SUBSTR caseExactSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( univentionAppAttributeType:4 NAME 'univentionAppDescription'
+ DESC 'Short description about the App'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( univentionAppAttributeType:5 NAME 'univentionAppLongDescription'
+ DESC 'Long description about the App'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( univentionAppAttributeType:6 NAME 'univentionAppScreenshot'
+ DESC 'App screenshot'
+ SINGLE-VALUE
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( univentionAppAttributeType:7 NAME 'univentionAppIcon'
+ DESC 'App icon'
+ SINGLE-VALUE
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
+
+attributetype ( univentionAppAttributeType:8 NAME 'univentionAppCategory'
+ DESC 'App category'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( univentionAppAttributeType:9 NAME 'univentionAppVendor'
+ DESC 'App vendor'
+ SINGLE-VALUE
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( univentionAppAttributeType:10 NAME 'univentionAppContact'
+ DESC 'App contact'
+ SINGLE-VALUE
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( univentionAppAttributeType:11 NAME 'univentionAppMaintainer'
+ DESC 'App maintainer'
+ SINGLE-VALUE
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( univentionAppAttributeType:12 NAME 'univentionAppWebsite'
+ DESC 'App website'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( univentionAppAttributeType:13 NAME 'univentionAppWebsiteVendor'
+ DESC 'App website vendor'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( univentionAppAttributeType:14 NAME 'univentionAppWebsiteMaintainer'
+ DESC 'App website maintainer'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( univentionAppAttributeType:15 NAME 'univentionAppWebInterface'
+ DESC 'App web interface'
+ SINGLE-VALUE
+ EQUALITY caseExactMatch
+ SUBSTR caseExactSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( univentionAppAttributeType:16 NAME 'univentionAppWebInterfaceName'
+ DESC 'App web interface name'
+ SINGLE-VALUE
+ EQUALITY caseExactMatch
+ SUBSTR caseExactSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( univentionAppAttributeType:17 NAME 'univentionAppConflictingApps'
+ DESC 'Conflicting Apps'
+ EQUALITY caseExactMatch
+ SUBSTR caseExactSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( univentionAppAttributeType:18 NAME 'univentionAppConflictingSystemPackages'
+ DESC 'Conflicting system packages'
+ EQUALITY caseExactMatch
+ SUBSTR caseExactSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( univentionAppAttributeType:19 NAME 'univentionAppDefaultPackages'
+ DESC 'Default packages of the App'
+ EQUALITY caseExactMatch
+ SUBSTR caseExactSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( univentionAppAttributeType:20 NAME 'univentionAppDefaultPackagesMaster'
+ DESC 'Default packages of the App for the master'
+ EQUALITY caseExactMatch
+ SUBSTR caseExactSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( univentionAppAttributeType:21 NAME 'univentionAppUMCModuleName'
+ DESC 'The Apps UMC module name'
+ SINGLE-VALUE
+ EQUALITY caseExactMatch
+ SUBSTR caseExactSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( univentionAppAttributeType:22 NAME 'univentionAppUMCModuleFlavor'
+ DESC 'Flavor of the Apps UMC module'
+ SINGLE-VALUE
+ EQUALITY caseExactMatch
+ SUBSTR caseExactSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( univentionAppAttributeType:23 NAME 'univentionAppServerRole'
+ DESC 'Valid server roles for the App'
+ EQUALITY caseExactMatch
+ SUBSTR caseExactSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( univentionAppAttributeType:24 NAME 'univentionAppInstalledOnServer'
+ DESC 'FQDNs of servers the App is installed on'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectclass ( univentionAppObjectClass:1 NAME 'univentionApp'
+ DESC 'UCS App Metadata'
+ SUP top
+ MUST ( univentionAppID )
+ MAY (
+ univentionAppName
+ $ univentionAppVersion
+ $ univentionAppDescription
+ $ univentionAppLongDescription
+ $ univentionAppScreenshot
+ $ univentionAppIcon
+ $ univentionAppCategory
+ $ univentionAppVendor
+ $ univentionAppContact
+ $ univentionAppMaintainer
+ $ univentionAppWebsite
+ $ univentionAppWebsiteVendor
+ $ univentionAppWebsiteMaintainer
+ $ univentionAppWebInterface
+ $ univentionAppWebInterfaceName
+ $ univentionAppConflictingApps
+ $ univentionAppConflictingSystemPackages
+ $ univentionAppDefaultPackages
+ $ univentionAppDefaultPackagesMaster
+ $ univentionAppUMCModuleName
+ $ univentionAppUMCModuleFlavor
+ $ univentionAppServerRole
+ $ univentionAppInstalledOnServer
+ )
+ )
+
+ditcontentrule ( univentionAppObjectClass:1 NAME 'univentionApp' AUX univentionObject )
diff --git a/files/schema/univention-default.schema b/files/schema/univention-default.schema
new file mode 100644
index 0000000..7fc7565
--- /dev/null
+++ b/files/schema/univention-default.schema
@@ -0,0 +1,141 @@
+# Copyright 2004-2017 Univention GmbH
+#
+# http://www.univention.de/
+#
+# All rights reserved.
+#
+# The source code of this program is made available
+# under the terms of the GNU Affero General Public License version 3
+# (GNU AGPL V3) as published by the Free Software Foundation.
+#
+# Binary versions of this program provided by Univention to you as
+# well as other copyrighted, protected or trademarked materials like
+# Logos, graphics, fonts, specific documentations and configurations,
+# cryptographic keys etc. are subject to a license agreement between
+# you and Univention and not subject to the GNU AGPL V3.
+#
+# In the case you use this program under the terms of the GNU AGPL V3,
+# the program is provided in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public
+# License with the Debian GNU/Linux or Univention distribution in file
+# /usr/share/common-licenses/AGPL-3; if not, see
+# .
+
+# univention owns the namespace 10176.
+
+attributetype ( 1.3.6.1.4.1.10176.210 NAME 'univentionDefaultGroup'
+ DESC 'The default group for users'
+ EQUALITY uniqueMemberMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.209 NAME 'univentionDefaultComputerGroup'
+ DESC 'The default group for windows computers'
+ EQUALITY uniqueMemberMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.211 NAME 'univentionDefaultDomainControllerGroup'
+ DESC 'The default group for dc slaves'
+ EQUALITY uniqueMemberMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.212 NAME 'univentionDefaultMemberserverGroup'
+ DESC 'The default group for member server'
+ EQUALITY uniqueMemberMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.213 NAME 'univentionDefaultClientGroup'
+ DESC 'The default group for clients'
+ EQUALITY uniqueMemberMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.214 NAME 'univentionDefaultDomainControllerMasterGroup'
+ DESC 'The default group for domain controller master and backup'
+ EQUALITY uniqueMemberMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.208 NAME 'univentionDefaultKdeProfiles'
+ DESC 'KDE Profile Paths'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.215 NAME 'univentionDefaultKolabHomeServer'
+ DESC 'Kolab Home Server'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.216 NAME 'univentionDefaultScalixMailnode'
+ DESC 'Scalix Mailnode'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+
+objectclass ( 1.3.6.1.4.1.10176.201 NAME 'univentionDefault'
+ DESC 'Default user entries'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( univentionDefaultGroup $ univentionDefaultComputerGroup $ univentionDefaultDomainControllerGroup $ univentionDefaultKdeProfiles $ univentionDefaultMemberserverGroup $ univentionDefaultClientGroup $ univentionDefaultDomainControllerMasterGroup $ univentionDefaultKolabHomeServer $ univentionDefaultScalixMailnode ) )
+
+attributetype ( 1.3.6.1.4.1.10176.1030.3.1.1 NAME 'univentionXResolutionChoices'
+ DESC 'X resolution [client]'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+
+attributetype ( 1.3.6.1.4.1.10176.1030.3.1.2 NAME 'univentionXColorDepthChoices'
+ DESC 'X color depth [client]'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27)
+
+attributetype ( 1.3.6.1.4.1.10176.1030.3.1.3 NAME 'univentionXMouseProtocolChoices'
+ DESC 'X mouse protocol [client]'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+attributetype ( 1.3.6.1.4.1.10176.1030.3.1.4 NAME 'univentionXMouseDeviceChoices'
+ DESC 'X mouse device [client]'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+attributetype ( 1.3.6.1.4.1.10176.1030.3.1.5 NAME 'univentionXKeyboardLayoutChoices'
+ DESC 'X keyboard layout [client]'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+attributetype ( 1.3.6.1.4.1.10176.1030.3.1.6 NAME 'univentionXKeyboardVariantChoices'
+ DESC 'X keyboard variant [client]'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+attributetype ( 1.3.6.1.4.1.10176.1030.3.1.7 NAME 'univentionXHSyncChoices'
+ DESC 'X horizontal sync rate [client]'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+
+attributetype ( 1.3.6.1.4.1.10176.1030.3.1.8 NAME 'univentionXVRefreshChoices'
+ DESC 'X vertical refresh rate [client]'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+
+attributetype ( 1.3.6.1.4.1.10176.1030.3.1.9 NAME 'univentionXModuleChoices'
+ DESC 'X module (4.x) or X server (3.x)'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+attributetype ( 1.3.6.1.4.1.10176.1030.3.1.10 NAME 'univentionXDisplaySizeChoices'
+ DESC 'Display Size [client]'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+
+
+objectclass ( 1.3.6.1.4.1.10176.1030.3.2.1 NAME 'univentionXConfigurationChoices'
+ SUP 'top' STRUCTURAL
+ DESC 'X configuration choices object'
+ MUST ( cn )
+ MAY ( univentionXResolutionChoices $
+ univentionXColorDepthChoices $ univentionXMouseProtocolChoices $
+ univentionXMouseDeviceChoices $ univentionXKeyboardLayoutChoices $
+ univentionXKeyboardVariantChoices $ univentionXHSyncChoices $
+ univentionXVRefreshChoices $ univentionXModuleChoices $
+ univentionXDisplaySizeChoices ))
diff --git a/files/schema/univention-dhcp.schema b/files/schema/univention-dhcp.schema
new file mode 100644
index 0000000..15f8e58
--- /dev/null
+++ b/files/schema/univention-dhcp.schema
@@ -0,0 +1,89 @@
+# Copyright 2004-2017 Univention GmbH
+#
+# http://www.univention.de/
+#
+# All rights reserved.
+#
+# The source code of this program is made available
+# under the terms of the GNU Affero General Public License version 3
+# (GNU AGPL V3) as published by the Free Software Foundation.
+#
+# Binary versions of this program provided by Univention to you as
+# well as other copyrighted, protected or trademarked materials like
+# Logos, graphics, fonts, specific documentations and configurations,
+# cryptographic keys etc. are subject to a license agreement between
+# you and Univention and not subject to the GNU AGPL V3.
+#
+# In the case you use this program under the terms of the GNU AGPL V3,
+# the program is provided in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public
+# License with the Debian GNU/Linux or Univention distribution in file
+# /usr/share/common-licenses/AGPL-3; if not, see
+# .
+
+attributetype ( 1.3.6.1.4.1.10176.1195
+ NAME 'univentionDhcpFixedAddress'
+ EQUALITY caseIgnoreIA5Match
+ DESC 'fixed-address'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.1196
+ NAME 'univentionDhcpFailoverPeer'
+ EQUALITY caseIgnoreIA5Match
+ DESC 'failover peer'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+# SUP dhcpService
+objectclass ( 1.3.6.1.4.1.10176.1197
+ NAME 'univentionDhcpService'
+ DESC 'Service object that represents the actual DHCP Service configuration. This is a container object.'
+ SUP top
+ MUST (cn )
+ MAY ( dhcpPrimaryDN $ dhcpSecondaryDN $ dhcpSharedNetworkDN $ dhcpSubnetDN $
+ dhcpGroupDN $ dhcpHostDN $ dhcpClassesDN $ dhcpOptionsDN $
+ dhcpStatements ) )
+
+# SUP dhcpPool
+objectclass ( 1.3.6.1.4.1.10176.1193
+ NAME 'univentionDhcpPool'
+ DESC 'This stores configuration information about a pool.'
+ SUP top
+ MUST ( cn $ dhcpRange )
+ MAY (dhcpClassesDN $ dhcpPermitList $ dhcpLeasesDN $ dhcpOptionsDN $
+ univentionDhcpFailoverPeer)
+ X-NDS_CONTAINMENT ('dhcpSubnet' 'dhcpSharedNetwork') )
+
+# SUP dhcpHost MUST ( dhcpHWAddress ) MAY ( univentionDhcpFixedAddress )
+objectclass ( 1.3.6.1.4.1.10176.1198
+ NAME 'univentionDhcpHost'
+ DESC 'This represents information about a particular client'
+ SUP top
+ MUST (cn $ dhcpHWAddress )
+ MAY (dhcpLeaseDN $ dhcpOptionsDN $ dhcpStatements $ univentionDhcpFixedAddress )
+ X-NDS_CONTAINMENT ('dhcpService' 'dhcpSubnet' 'dhcpGroup') )
+
+attributetype ( 1.3.6.1.4.1.1016.1199.1
+ NAME 'univentionDhcpBroadcastAddress'
+ EQUALITY caseIgnoreIA5Match
+ DESC 'Option Broadcast Address'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+# SUP dhcpSubnet MAY ( univentionDhcpBroadcastAddress )
+objectclass ( 1.3.6.1.4.1.1016.1199
+ NAME 'univentionDhcpSubnet'
+ DESC 'This class defines a subnet. This is a container object.'
+ SUP top
+ MUST ( cn $ dhcpNetMask )
+ MAY ( univentionDhcpBroadcastAddress $ dhcpRange $ dhcpPoolDN $ dhcpGroupDN $ dhcpHostDN $
+ dhcpClassesDN $ dhcpLeasesDN $ dhcpOptionsDN $ dhcpStatements)
+ X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork') )
+
+objectclass ( 1.3.6.1.4.1.1016.1199.2
+ NAME 'univentionDhcpSharedSubnet'
+ DESC 'This class defines a shared subnet'
+ SUP top AUXILIARY
+ )
diff --git a/files/schema/univention-directory.schema b/files/schema/univention-directory.schema
new file mode 100644
index 0000000..1a4c5fe
--- /dev/null
+++ b/files/schema/univention-directory.schema
@@ -0,0 +1,70 @@
+# Copyright 2007-2017 Univention GmbH
+#
+# http://www.univention.de/
+#
+# All rights reserved.
+#
+# The source code of this program is made available
+# under the terms of the GNU Affero General Public License version 3
+# (GNU AGPL V3) as published by the Free Software Foundation.
+#
+# Binary versions of this program provided by Univention to you as
+# well as other copyrighted, protected or trademarked materials like
+# Logos, graphics, fonts, specific documentations and configurations,
+# cryptographic keys etc. are subject to a license agreement between
+# you and Univention and not subject to the GNU AGPL V3.
+#
+# In the case you use this program under the terms of the GNU AGPL V3,
+# the program is provided in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public
+# License with the Debian GNU/Linux or Univention distribution in file
+# /usr/share/common-licenses/AGPL-3; if not, see
+# .
+
+# Univention-specific extensions for a meta directory
+# using OIDs starting with 1.3.6.1.4.1.10176.1016
+
+attributetype ( 1.3.6.1.4.1.10176.1016.1.1
+ NAME 'univentionMetaDirectoryPreviousDN'
+ DESC 'Previous DN of this synced object'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.1016.1.2
+ NAME 'univentionMetaDirectoryPreviousUsername'
+ DESC 'Previous username of this synced object'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+attributetype ( 1.3.6.1.4.1.10176.1016.1.3
+ NAME 'univentionMetaDirectoryPreviousDirectory'
+ DESC 'Previous name of the directory of this synced object'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+objectclass ( 1.3.6.1.4.1.10176.1016.2.1
+ NAME 'univentionMetaDirectory'
+ SUP 'top' AUXILIARY
+ DESC 'Meta Directory Informations'
+ MAY ( univentionMetaDirectoryPreviousDN $
+ univentionMetaDirectoryPreviousUsername $
+ univentionMetaDirectoryPreviousDirectory ) )
+
+# these attribute will be filled at the domain object,
+# so we could use at the user object a drop-down box
+attributetype ( 1.3.6.1.4.1.10176.1016.1.4
+ NAME 'univentionMetaDirectoryNames'
+ DESC 'Names of the directories'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+objectclass ( 1.3.6.1.4.1.10176.1016.2.2
+ NAME 'univentionMetaDirectoryList'
+ SUP 'top' AUXILIARY
+ DESC 'List of directory names for the meta directory informations'
+ MAY ( univentionMetaDirectoryNames ) )
+
diff --git a/files/schema/univention-ldap-acl.schema b/files/schema/univention-ldap-acl.schema
new file mode 100644
index 0000000..357b118
--- /dev/null
+++ b/files/schema/univention-ldap-acl.schema
@@ -0,0 +1,67 @@
+# Copyright 2004-2017 Univention GmbH
+#
+# http://www.univention.de/
+#
+# All rights reserved.
+#
+# The source code of this program is made available
+# under the terms of the GNU Affero General Public License version 3
+# (GNU AGPL V3) as published by the Free Software Foundation.
+#
+# Binary versions of this program provided by Univention to you as
+# well as other copyrighted, protected or trademarked materials like
+# Logos, graphics, fonts, specific documentations and configurations,
+# cryptographic keys etc. are subject to a license agreement between
+# you and Univention and not subject to the GNU AGPL V3.
+#
+# In the case you use this program under the terms of the GNU AGPL V3,
+# the program is provided in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public
+# License with the Debian GNU/Linux or Univention distribution in file
+# /usr/share/common-licenses/AGPL-3; if not, see
+# .
+
+# schema definition for "interactive" LDAP-ACLs
+
+# namespace 1.3.6.1.4.1.10176.1041
+
+attributetype ( 1.3.6.1.4.1.10176.1041.1.1 NAME 'univentionLDAPAccessNone'
+ DESC 'LDAP-DN of accounts who have write access to this object'
+ EQUALITY distinguishedNameMatch
+ SUP distinguishedName )
+
+attributetype ( 1.3.6.1.4.1.10176.1041.1.2 NAME 'univentionLDAPAccessAuth'
+ DESC 'LDAP-DN of accounts who have write access to this object'
+ EQUALITY distinguishedNameMatch
+ SUP distinguishedName )
+
+attributetype ( 1.3.6.1.4.1.10176.1041.1.3 NAME 'univentionLDAPAccessCompare'
+ DESC 'LDAP-DN of accounts who have write access to this object'
+ EQUALITY distinguishedNameMatch
+ SUP distinguishedName )
+
+attributetype ( 1.3.6.1.4.1.10176.1041.1.4 NAME 'univentionLDAPAccessSearch'
+ DESC 'LDAP-DN of accounts who have write access to this object'
+ EQUALITY distinguishedNameMatch
+ SUP distinguishedName )
+
+attributetype ( 1.3.6.1.4.1.10176.1041.1.5 NAME 'univentionLDAPAccessRead'
+ DESC 'LDAP-DN of accounts who have write access to this object'
+ EQUALITY distinguishedNameMatch
+ SUP distinguishedName )
+
+attributetype ( 1.3.6.1.4.1.10176.1041.1.6 NAME 'univentionLDAPAccessWrite'
+ DESC 'LDAP-DN of accounts who have write access to this object'
+ EQUALITY distinguishedNameMatch
+ SUP distinguishedName )
+
+objectclass ( 1.3.6.1.4.1.10176.1041.2.1 NAME 'univentionLDAPACL'
+ SUP top AUXILIARY
+ DESC 'Univention LDAP ACLs'
+ MAY ( univentionLDAPAccessNone $ univentionLDAPAccessAuth $ univentionLDAPAccessCompare $
+ univentionLDAPAccessSearch $ univentionLDAPAccessRead $ univentionLDAPAccessWrite ))
+
diff --git a/files/schema/univention-ldap-extension.schema b/files/schema/univention-ldap-extension.schema
new file mode 100644
index 0000000..152d94e
--- /dev/null
+++ b/files/schema/univention-ldap-extension.schema
@@ -0,0 +1,69 @@
+# Univention LDAP Extension OID: 1.3.6.1.4.1.10176.4202
+#
+#objectIdentifier univention 1.3.6.1.4.1.10176
+#objectIdentifier univentionLDAPExtension univention:4202
+objectIdentifier univentionLDAPExtension 1.3.6.1.4.1.10176.4202
+objectIdentifier univentionLDAPExtensionAttributeType univentionLDAPExtension:1
+objectIdentifier univentionLDAPExtensionObjectClass univentionLDAPExtension:2
+
+#
+
+### Definition for univentionLDAPExtensionSchema
+
+attributetype ( univentionLDAPExtensionAttributeType:11 NAME 'univentionLDAPSchemaFilename'
+ DESC 'LDAP schema filename'
+ SINGLE-VALUE
+ EQUALITY caseExactMatch
+ SUBSTR caseExactSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( univentionLDAPExtensionAttributeType:12 NAME 'univentionLDAPSchemaData'
+ DESC 'LDAP schema data'
+ SINGLE-VALUE
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
+
+attributetype ( univentionLDAPExtensionAttributeType:13 NAME 'univentionLDAPSchemaActive'
+ DESC 'Flag indicating availability of the LDAP schema'
+ SINGLE-VALUE
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
+
+objectclass ( univentionLDAPExtensionObjectClass:1 NAME 'univentionLDAPExtensionSchema'
+ DESC 'UCS LDAP schema extension'
+ SUP 'univentionObjectMetadata' STRUCTURAL
+ MUST ( cn )
+ MAY ( univentionLDAPSchemaFilename
+ $ univentionLDAPSchemaData
+ $ univentionLDAPSchemaActive
+ )
+ )
+
+### Analogous definition for univentionLDAPExtensionACL
+
+attributetype ( univentionLDAPExtensionAttributeType:21 NAME 'univentionLDAPACLFilename'
+ DESC 'LDAP ACL filename'
+ SINGLE-VALUE
+ EQUALITY caseExactMatch
+ SUBSTR caseExactSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( univentionLDAPExtensionAttributeType:22 NAME 'univentionLDAPACLData'
+ DESC 'LDAP ACL data'
+ SINGLE-VALUE
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
+
+attributetype ( univentionLDAPExtensionAttributeType:23 NAME 'univentionLDAPACLActive'
+ DESC 'Flag indicating availability of the LDAP ACL'
+ SINGLE-VALUE
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
+
+objectclass ( univentionLDAPExtensionObjectClass:2 NAME 'univentionLDAPExtensionACL'
+ DESC 'UCS LDAP ACL extension'
+ SUP 'univentionObjectMetadata' STRUCTURAL
+ MUST ( cn )
+ MAY ( univentionLDAPACLFilename
+ $ univentionLDAPACLData
+ $ univentionLDAPACLActive
+ )
+ )
diff --git a/files/schema/univention-object-metadata.schema b/files/schema/univention-object-metadata.schema
new file mode 100644
index 0000000..04f85bd
--- /dev/null
+++ b/files/schema/univention-object-metadata.schema
@@ -0,0 +1,57 @@
+# Univention Object Metadata OID: 1.3.6.1.4.1.10176.4201
+#
+#objectIdentifier univention 1.3.6.1.4.1.10176
+#objectIdentifier univentionObjectMetadata univention:4201
+objectIdentifier univentionObjectMetadata 1.3.6.1.4.1.10176.4201
+objectIdentifier univentionObjectMetadataAttributeType univentionObjectMetadata:1
+objectIdentifier univentionObjectMetadataObjectClass univentionObjectMetadata:2
+
+#
+
+### Definition for univentionObjectMetadata
+
+attributetype ( univentionObjectMetadataAttributeType:1 NAME 'univentionOwnedByPackage'
+ DESC 'Name of the Package that registered the object'
+ SINGLE-VALUE
+ EQUALITY caseExactMatch
+ SUBSTR caseExactSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( univentionObjectMetadataAttributeType:2 NAME 'univentionOwnedByPackageVersion'
+ DESC 'Version of the Package that registered the object'
+ SINGLE-VALUE
+ EQUALITY caseExactMatch
+ SUBSTR caseExactSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( univentionObjectMetadataAttributeType:3 NAME 'univentionUCSVersionStart'
+ DESC 'Validity starts with UCS Version'
+ SINGLE-VALUE
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( univentionObjectMetadataAttributeType:4 NAME 'univentionUCSVersionEnd'
+ DESC 'Validity ends with UCS Version'
+ SINGLE-VALUE
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( univentionObjectMetadataAttributeType:5 NAME 'univentionAppIdentifier'
+ DESC 'Identifier of the App that relies on the object'
+ EQUALITY caseExactMatch
+ SUBSTR caseExactSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectclass ( univentionObjectMetadataObjectClass:1 NAME 'univentionObjectMetadata'
+ DESC 'UCS extension object'
+ SUP 'top' STRUCTURAL
+ MUST ( cn )
+ MAY ( univentionOwnedByPackage
+ $ univentionOwnedByPackageVersion
+ $ univentionUCSVersionStart
+ $ univentionUCSVersionEnd
+ $ univentionAppIdentifier
+ )
+ )
diff --git a/files/schema/univention-objecttype.schema b/files/schema/univention-objecttype.schema
new file mode 100644
index 0000000..a37c15a
--- /dev/null
+++ b/files/schema/univention-objecttype.schema
@@ -0,0 +1,12 @@
+attributetype ( 1.3.6.1.4.1.10176.1003.1 NAME 'univentionObjectType'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.1003.2 NAME 'univentionObjectFlag'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectclass ( 1.3.6.1.4.1.10176.1003 NAME 'univentionObject'
+ AUXILIARY
+ MUST ( univentionObjectType )
+ MAY ( univentionObjectFlag) )
diff --git a/files/schema/univention-saml.schema b/files/schema/univention-saml.schema
new file mode 100644
index 0000000..17d03fc
--- /dev/null
+++ b/files/schema/univention-saml.schema
@@ -0,0 +1,114 @@
+#
+# OpenLDAP Schema file
+# for univention-saml package
+#
+
+attributetype ( 1.3.6.1.4.1.10176.4200.1.2
+ NAME 'SAMLServiceProviderIdentifier'
+ DESC 'Unique service provider identifier'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.4200.1.3
+ NAME 'AssertionConsumerService'
+ DESC 'The URL of the AssertionConsumerService endpoint for this SP'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.4200.1.4
+ NAME 'NameIDFormat'
+ DESC 'The NameIDFormat this SP should receive'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.4200.1.5
+ NAME 'simplesamlNameIDAttribute'
+ DESC 'The name of the attribute which should be used as the value of the NameID'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.4200.1.6
+ NAME 'simplesamlAttributes'
+ DESC 'Whether the SP should receive any attributes from the IdP'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.4200.1.7
+ NAME 'simplesamlLDAPattributes'
+ DESC 'A list of attributes the service provider will receive'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.4200.1.8
+ NAME 'serviceproviderdescription'
+ DESC 'A description of this service provider that can be shown to users'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.4200.1.9
+ NAME 'serviceProviderOrganizationName'
+ DESC 'The name of the organization responsible for the service provider that can be shown to users'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.4200.1.10
+ NAME 'privacypolicyURL'
+ DESC 'An absolute URL for the service providers privacy policy'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.4200.1.11
+ NAME 'attributesNameFormat'
+ DESC 'Which value will be set in the format field of attribute statements'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.4200.1.12
+ NAME 'singleLogoutService'
+ DESC 'The URL of the SingleLogoutService endpoint for this service provider'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10176.4200.1.13
+ NAME 'isServiceProviderActivated'
+ DESC 'True if this service provider is activated and its configuration is written'
+ SINGLE-VALUE
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
+
+attributetype ( 1.3.6.1.4.1.10176.4200.1.14
+ NAME 'serviceProviderMetadata'
+ DESC 'The raw XML metadata for this service provider entry'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+objectclass ( 1.3.6.1.4.1.10176.4200.1.1 NAME 'univentionSAMLServiceProvider' SUP top STRUCTURAL
+ DESC 'univention simplesamlphp service provider'
+ MAY ( NameIDFormat $ simplesamlNameIDAttribute $ simplesamlAttributes $ simplesamlLDAPattributes $ serviceproviderdescription $ serviceProviderOrganizationName $ privacypolicyURL $ attributesNameFormat $ singleLogoutService $ serviceProviderMetadata )
+ MUST ( isServiceProviderActivated $ SAMLServiceProviderIdentifier $ AssertionConsumerService )
+ )
+
+attributetype ( 1.3.6.1.4.1.10176.4200.2.2
+ NAME 'enabledServiceProviderIdentifier'
+ DESC 'A service provider the user is enabled to use'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+objectclass ( 1.3.6.1.4.1.10176.4200.2.1 NAME 'univentionSAMLEnabled' SUP top AUXILIARY
+ DESC 'The user is enabled to use SAML service providers'
+ MAY ( enabledServiceProviderIdentifier )
+ )
+
diff --git a/files/schema/univention-scalix.schema b/files/schema/univention-scalix.schema
new file mode 100644
index 0000000..9ce0d7d
--- /dev/null
+++ b/files/schema/univention-scalix.schema
@@ -0,0 +1,45 @@
+# Copyright 2005-2017 Univention GmbH
+#
+# http://www.univention.de/
+#
+# All rights reserved.
+#
+# The source code of this program is made available
+# under the terms of the GNU Affero General Public License version 3
+# (GNU AGPL V3) as published by the Free Software Foundation.
+#
+# Binary versions of this program provided by Univention to you as
+# well as other copyrighted, protected or trademarked materials like
+# Logos, graphics, fonts, specific documentations and configurations,
+# cryptographic keys etc. are subject to a license agreement between
+# you and Univention and not subject to the GNU AGPL V3.
+#
+# In the case you use this program under the terms of the GNU AGPL V3,
+# the program is provided in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public
+# License with the Debian GNU/Linux or Univention distribution in file
+# /usr/share/common-licenses/AGPL-3; if not, see
+# .
+
+# Univention-specific extensions for kolab2-schema
+# using OIDs starting with 1.3.6.1.4.1.10176.1011
+
+attributetype ( 1.3.6.1.4.1.10176.1015.1.1 NAME 'univentionScalixMailnodeHost'
+ DESC 'Scalix Mailnode Host Server'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+
+# scalix mailnode
+objectclass ( 1.3.6.1.4.1.10176.1015.2.1
+ NAME 'univentionScalixMailnode'
+ DESC 'Scalix Mailnode'
+ MUST ( cn $ univentionScalixMailnodeHost ) )
+
+objectclass ( 1.3.6.1.4.1.10176.1015.2.2
+ NAME 'univentionScalixMailboxClass'
+ DESC 'Scalix Mailbox Class'
+ MUST ( cn ) )
diff --git a/files/schema/univention-syntax.schema b/files/schema/univention-syntax.schema
new file mode 100644
index 0000000..d93b363
--- /dev/null
+++ b/files/schema/univention-syntax.schema
@@ -0,0 +1,90 @@
+# Copyright 2006-2017 Univention GmbH
+#
+# http://www.univention.de/
+#
+# All rights reserved.
+#
+# The source code of this program is made available
+# under the terms of the GNU Affero General Public License version 3
+# (GNU AGPL V3) as published by the Free Software Foundation.
+#
+# Binary versions of this program provided by Univention to you as
+# well as other copyrighted, protected or trademarked materials like
+# Logos, graphics, fonts, specific documentations and configurations,
+# cryptographic keys etc. are subject to a license agreement between
+# you and Univention and not subject to the GNU AGPL V3.
+#
+# In the case you use this program under the terms of the GNU AGPL V3,
+# the program is provided in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public
+# License with the Debian GNU/Linux or Univention distribution in file
+# /usr/share/common-licenses/AGPL-3; if not, see
+# .
+
+# Univention-specific extensions for user defined syntax definitions
+# using OIDs starting with 1.3.6.1.4.1.10176.2000.
+
+attributetype ( 1.3.6.1.4.1.10176.2000.1.1
+ NAME 'univentionSyntaxLDAPFilter'
+ DESC 'defines an LDAP filter for the relevant objects'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.2000.1.2
+ NAME 'univentionSyntaxLDAPBase'
+ DESC 'defines an LDAP base used for the search'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.2000.1.3
+ NAME 'univentionSyntaxLDAPAttribute'
+ DESC 'defines one or more LDAP attribute that represents an object'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+
+attributetype ( 1.3.6.1.4.1.10176.2000.1.4
+ NAME 'univentionSyntaxLDAPValue'
+ DESC 'defines an LDAP attribute (or the DN) that will be stored in the custom attribute'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.2000.1.5
+ NAME 'univentionSyntaxViewOnly'
+ DESC 'If true the associated attribute is not stored within the object, but just viewed'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.2000.1.10
+ NAME 'univentionSyntaxDescription'
+ DESC 'a short description of the syntax definition'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10176.2000.1.11
+ NAME 'univentionSyntaxAddEmptyValue'
+ DESC ' add empty value to choicelist '
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+objectclass ( 1.3.6.1.4.1.10176.2000.1.100
+ NAME 'univentionSyntax'
+ DESC 'A generic Syntax Definition for Attributes'
+ SUP top STRUCTURAL
+ MUST ( cn $ univentionSyntaxLDAPFilter $
+ univentionSyntaxLDAPAttribute )
+ MAY ( univentionSyntaxDescription $
+ univentionSyntaxViewOnly $
+ univentionSyntaxLDAPBase $
+ univentionSyntaxLDAPValue $
+ univentionSyntaxAddEmptyValue ) )
diff --git a/files/schema/univention-virtual-machine-manager.schema b/files/schema/univention-virtual-machine-manager.schema
new file mode 100644
index 0000000..97ba216
--- /dev/null
+++ b/files/schema/univention-virtual-machine-manager.schema
@@ -0,0 +1,273 @@
+# Virtual Machine Manager OID: 1.3.6.1.4.1.10176.4101
+#
+#objectIdentifier univention 1.3.6.1.4.1.10176
+#objectIdentifier univentionVMM univention:4101
+objectIdentifier univentionVMM 1.3.6.1.4.1.10176.4101
+objectIdentifier uvmmAttributetype univentionVMM:1
+objectIdentifier uvmmObjectClass univentionVMM:2
+objectIdentifier uvmmProfileAttributetype univentionVMM:3
+objectIdentifier uvmmProfileObjectClass univentionVMM:4
+objectIdentifier uvmmHostAttributetype univentionVMM:5
+objectIdentifier uvmmHostObjectClass univentionVMM:6
+objectIdentifier uvmmCloudConnectionAttributetype univentionVMM:7
+objectIdentifier uvmmCloudConnectionObjectClass univentionVMM:8
+objectIdentifier uvmmCloudTypeObjectClass univentionVMM:9
+
+#
+
+attributetype ( uvmmAttributetype:1 NAME 'univentionVirtualMachineGroup'
+ DESC 'Is this group an UCS Virtual Machine Group'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+objectclass ( uvmmObjectClass:1 NAME 'univentionVirtualMachineGroupOC'
+ DESC 'UCS Virtual Machine group objectclass'
+ SUP top AUXILIARY
+ MAY ( univentionVirtualMachineGroup ) )
+
+attributetype ( uvmmAttributetype:10 NAME 'univentionVirtualMachineUUID'
+ DESC 'UUID of this Virtual Machine'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( uvmmAttributetype:11 NAME 'univentionVirtualMachineOS'
+ DESC 'Operation system of this Virtual Machine'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( uvmmAttributetype:12 NAME 'univentionVirtualMachineContact'
+ DESC 'contact person for the Virtual Machine'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+attributetype ( uvmmAttributetype:13 NAME 'univentionVirtualMachineDescription'
+ DESC 'description for the Virtual Machine'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+attributetype ( uvmmAttributetype:14 NAME 'univentionVirtualMachineProfileRef'
+ DESC 'reference to the profile used to define the Virtual Machine'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+objectclass ( uvmmObjectClass:10 NAME 'univentionVirtualMachine'
+ DESC 'UCS Virtual Machine objectclass'
+ STRUCTURAL
+ MUST ( univentionVirtualMachineUUID )
+ MAY ( univentionVirtualMachineDescription
+ $ univentionVirtualMachineOS
+ $ univentionVirtualMachineContact
+ $ univentionVirtualMachineProfileRef
+ )
+ )
+
+attributetype ( uvmmProfileAttributetype:1 NAME 'univentionVirtualMachineProfileNamePrefix'
+ DESC 'Name prefix for the virtual machine'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( uvmmProfileAttributetype:2 NAME 'univentionVirtualMachineProfileArch'
+ DESC 'Architecture of the virtual machine'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( uvmmProfileAttributetype:3 NAME 'univentionVirtualMachineProfileCPUs'
+ DESC 'Number of CPUs for the virtual machine'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( uvmmProfileAttributetype:4 NAME 'univentionVirtualMachineProfileVirtTech'
+ DESC 'Virtualization Technology for the virtual machine'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( uvmmProfileAttributetype:5 NAME 'univentionVirtualMachineProfileRAM'
+ DESC 'Amount of memory for the virtual machine'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( uvmmProfileAttributetype:6 NAME 'univentionVirtualMachineProfileVNC'
+ DESC 'Activate remote access for the virtual machine'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( uvmmProfileAttributetype:7 NAME 'univentionVirtualMachineProfileInterface'
+ DESC 'Bridging interface for the virtual machine'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( uvmmProfileAttributetype:8 NAME 'univentionVirtualMachineProfileKBLayout'
+ DESC 'Keyboard layout for the virtual machine'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( uvmmProfileAttributetype:9 NAME 'univentionVirtualMachineProfileKernel'
+ DESC 'Kernel for the virtual machine'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( uvmmProfileAttributetype:10 NAME 'univentionVirtualMachineProfileKernelParameter'
+ DESC 'Kernel parameter for the virtual machine'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( uvmmProfileAttributetype:11 NAME 'univentionVirtualMachineProfileInitRAMfs'
+ DESC 'initramfs disk for the virtual machine'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( uvmmProfileAttributetype:12 NAME 'univentionVirtualMachineProfileBootDevices'
+ DESC 'order of boot devices for the virtual machine'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+
+attributetype ( uvmmProfileAttributetype:13 NAME 'univentionVirtualMachineAdvancedKernelConfig'
+ DESC 'Use pyGrub as bootloader or manually configure the kernel for para virtualized virtual machines'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+
+attributetype ( uvmmProfileAttributetype:14 NAME 'univentionVirtualMachineProfileOS'
+ DESC 'operating system of the virtual instance'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+
+attributetype ( uvmmProfileAttributetype:15 NAME 'univentionVirtualMachineProfilePVDisk'
+ DESC 'if the disks should use the PV driver'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+
+attributetype ( uvmmProfileAttributetype:16 NAME 'univentionVirtualMachineProfilePVInterface'
+ DESC 'if the interface should use the PV driver'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+
+attributetype ( uvmmProfileAttributetype:17 NAME 'univentionVirtualMachineProfileDiskspace'
+ DESC 'Amount of disk space for the virtual machine'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+
+attributetype ( uvmmProfileAttributetype:18 NAME 'univentionVirtualMachineProfilePVCDROM'
+ DESC 'if the CDROM drives should use the PV driver'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+
+attributetype ( uvmmProfileAttributetype:19 NAME 'univentionVirtualMachineProfileRTCOffset'
+ DESC 'Real Time Clock offset for the virtual machine'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( uvmmProfileAttributetype:20 NAME 'univentionVirtualMachineProfileDriverCache'
+ DESC 'Disk cache strategy for the virtual machine'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+
+objectclass ( uvmmProfileObjectClass:1 NAME 'univentionVirtualMachineProfile'
+ DESC 'UCS Virtual Machine profile objectclass'
+ STRUCTURAL
+ MUST ( cn )
+ MAY ( univentionVirtualMachineProfileNamePrefix
+ $ univentionVirtualMachineProfileArch
+ $ univentionVirtualMachineProfileCPUs
+ $ univentionVirtualMachineProfileVirtTech
+ $ univentionVirtualMachineProfileRAM
+ $ univentionVirtualMachineProfileVNC
+ $ univentionVirtualMachineProfileInterface
+ $ univentionVirtualMachineProfileKBLayout
+ $ univentionVirtualMachineProfileKernel
+ $ univentionVirtualMachineProfileKernelParameter
+ $ univentionVirtualMachineProfileInitRAMfs
+ $ univentionVirtualMachineProfileBootDevices
+ $ univentionVirtualMachineAdvancedKernelConfig
+ $ univentionVirtualMachineProfileOS
+ $ univentionVirtualMachineProfilePVDisk
+ $ univentionVirtualMachineProfilePVInterface
+ $ univentionVirtualMachineProfileDiskspace
+ $ univentionVirtualMachineProfilePVCDROM
+ $ univentionVirtualMachineProfileRTCOffset
+ $ univentionVirtualMachineProfileDriverCache
+ )
+ )
+
+attributetype ( uvmmHostAttributetype:1 NAME 'univentionVirtualMachineManageableBy'
+ DESC 'defines a list of management nodes that may access this system'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+objectclass ( uvmmHostObjectClass:1 NAME 'univentionVirtualMachineHostOC'
+ DESC 'UCS Virtual Machine host objectclass'
+ SUP top AUXILIARY
+ MAY ( univentionVirtualMachineManageableBy ) )
+
+attributetype ( uvmmCloudConnectionAttributetype:1 NAME 'univentionVirtualMachineCloudConnectionTypeRef'
+ DESC 'reference to the type of the connection'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( uvmmCloudConnectionAttributetype:2 NAME 'univentionVirtualMachineCloudConnectionParameter'
+ DESC 'Cloud Connection parameter stored as a key-value pair'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( uvmmCloudConnectionAttributetype:3 NAME 'univentionVirtualMachineCloudConnectionImageSearchPattern'
+ DESC 'Pattern for filtering Images'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( uvmmCloudConnectionAttributetype:4 NAME 'univentionVirtualMachineCloudConnectionIncludeUCSImages'
+ DESC 'Should UCS Images be shown'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( uvmmCloudConnectionAttributetype:5 NAME 'univentionVirtualMachineCloudConnectionImageList'
+ DESC 'List of Image identifiers that are selectable for new instances'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectclass ( uvmmCloudConnectionObjectClass:1 NAME 'univentionVirtualMachineCloudConnection'
+ DESC 'UCS Virtual Machine Cloud Connection objectclass'
+ STRUCTURAL
+ MUST ( cn )
+ MAY ( univentionVirtualMachineCloudConnectionTypeRef $
+ univentionVirtualMachineCloudConnectionParameter $
+ univentionVirtualMachineCloudConnectionImageSearchPattern $
+ univentionVirtualMachineCloudConnectionIncludeUCSImages $
+ univentionVirtualMachineCloudConnectionImageList
+ )
+ )
+
+objectclass ( uvmmCloudTypeObjectClass:1 NAME 'univentionVirtualMachineCloudType'
+ DESC 'UCS Virtual Machine Cloud Type objectclass'
+ STRUCTURAL
+ MUST ( cn )
+ )
+
+ditcontentrule ( uvmmCloudConnectionObjectClass:1 NAME 'univentionVirtualMachineCloudConnection' AUX ( univentionObject $ univentionVirtualMachineHostOC ) )
+ditcontentrule ( uvmmObjectClass:10 NAME 'univentionVirtualMachine' AUX univentionObject )
+ditcontentrule ( uvmmProfileObjectClass:1 NAME 'univentionVirtualMachineProfile' AUX univentionObject )
+ditcontentrule ( uvmmCloudTypeObjectClass:1 NAME 'univentionVirtualMachineCloudType' AUX univentionObject )
diff --git a/files/schema/univention.schema b/files/schema/univention.schema
new file mode 100644
index 0000000..9f01c06
--- /dev/null
+++ b/files/schema/univention.schema
@@ -0,0 +1,390 @@
+# Copyright 2004-2017 Univention GmbH
+#
+# http://www.univention.de/
+#
+# All rights reserved.
+#
+# The source code of this program is made available
+# under the terms of the GNU Affero General Public License version 3
+# (GNU AGPL V3) as published by the Free Software Foundation.
+#
+# Binary versions of this program provided by Univention to you as
+# well as other copyrighted, protected or trademarked materials like
+# Logos, graphics, fonts, specific documentations and configurations,
+# cryptographic keys etc. are subject to a license agreement between
+# you and Univention and not subject to the GNU AGPL V3.
+#
+# In the case you use this program under the terms of the GNU AGPL V3,
+# the program is provided in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public
+# License with the Debian GNU/Linux or Univention distribution in file
+# /usr/share/common-licenses/AGPL-3; if not, see
+# .
+#
+# univention namespace: 10176
+
+#attributetype ( 1.3.6.1.4.1.10176.41 NAME 'univentionDesktopServer'
+# DESC 'terminal server (i.e. application server) to use [client]'
+# EQUALITY caseIgnoreIA5Match
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+#
+#attributetype ( 1.3.6.1.4.1.10176.44 NAME 'univentionWindowsServer'
+# DESC 'Univention windows server to use [client]'
+# EQUALITY caseIgnoreIA5Match
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+#
+#attributetype ( 1.3.6.1.4.1.10176.45 NAME 'univentionWindowsDomain'
+# DESC 'windows domain of windows server [client]'
+# EQUALITY caseIgnoreIA5Match
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+#
+#attributetype ( 1.3.6.1.4.1.10176.46 NAME 'univentionFileServer'
+# DESC 'Univention file server to use [client]'
+# EQUALITY caseIgnoreIA5Match
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+#
+#attributetype ( 1.3.6.1.4.1.10176.56 NAME 'univentionLdapServer'
+# DESC 'Univention ldap server to use [client]'
+# EQUALITY caseIgnoreIA5Match
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+#
+#attributetype ( 1.3.6.1.4.1.10176.57 NAME 'univentionLdapBase'
+# DESC 'base of ldap server'
+# EQUALITY caseExactMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+#
+attributetype ( 1.3.6.1.4.1.10176.61 NAME 'univentionServerRole'
+ DESC 'server role of this machine [ldap master,ldap slave,...]'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+#attributetype ( 1.3.6.1.4.1.10176.62 NAME 'univentionKerberosRealm'
+# DESC 'Kerberos REALM'
+# EQUALITY caseExactMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+#
+#attributetype ( 1.3.6.1.4.1.10176.63 NAME 'univentionKerberosKDC'
+# DESC 'Kerberos KDC Server'
+# EQUALITY caseExactMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+#
+
+attributetype ( 1.3.6.1.4.1.10176.64 NAME 'univentionWindowsReinstall'
+ DESC 'schedule host to be reinstalled'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.65 NAME 'univentionServerReinstall'
+ DESC 'schedule host to be reinstalled'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.66 NAME 'univentionService'
+ DESC 'server services'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+
+attributetype ( 1.3.6.1.4.1.10176.1000.11.1.1 NAME 'univentionServerInstallationProfile'
+ DESC 'Path of profile file. Must be present on installation server.'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.11.1.3 NAME 'univentionServerInstallationText'
+ DESC 'Use text installation'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.11.1.6 NAME 'univentionServerInstallationOption'
+ DESC 'Set boot option for unattended installation'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.11.1.4 NAME 'univentionServerInstallationPath'
+ DESC 'Installation Path'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.11.1.2 NAME 'univentionNetworkLink'
+ DESC 'Path of network'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.11.1.5 NAME 'univentionInventoryNumber'
+ DESC 'Inventory number'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.11.1.7 NAME 'univentionOperatingSystem'
+ DESC 'Operating System'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.11.1.8 NAME 'univentionOperatingSystemVersion'
+ DESC 'Operating System version'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectclass ( 1.3.6.1.4.1.10176.70 NAME 'univentionHost'
+ SUP top AUXILIARY
+ DESC 'Univention host'
+ MUST ( cn )
+ MAY ( macAddress $ aRecord $ aAAARecord $ mXRecord $ cNAMERecord $ associatedDomain $ univentionNetworkLink $ univentionInventoryNumber $ univentionOperatingSystem $ univentionOperatingSystemVersion))
+
+objectclass ( 1.3.6.1.4.1.10176.71 NAME 'univentionClient'
+ SUP 'univentionHost' AUXILIARY
+ DESC 'Univention client'
+ MUST ( cn )
+ MAY ( univentionServerReinstall $ univentionServerInstallationProfile $ univentionServerInstallationText $ univentionServerInstallationPath $ univentionServerInstallationOption) )
+
+objectclass ( 1.3.6.1.4.1.10176.99 NAME 'univentionMacOSClient'
+ SUP 'univentionHost' AUXILIARY
+ DESC 'Univention MacOS X Client'
+ MUST ( cn ) )
+
+objectclass ( 1.3.6.1.4.1.10176.96 NAME 'univentionMobileClient'
+ SUP 'univentionHost' AUXILIARY
+ DESC 'Univention mobile client'
+ MUST ( cn )
+ MAY ( univentionServerReinstall $ univentionServerInstallationProfile $ univentionServerInstallationText $ univentionServerInstallationPath $ univentionServerInstallationOption) )
+
+objectclass ( 1.3.6.1.4.1.10176.72 NAME 'univentionThinClient'
+ SUP 'univentionHost' AUXILIARY
+ DESC 'Univention thin client'
+ MUST ( cn ) )
+
+objectclass ( 1.3.6.1.4.1.10176.73 NAME 'univentionWindows'
+ SUP 'univentionHost' AUXILIARY
+ DESC 'Univention windows host'
+ MUST ( cn )
+ MAY ( univentionServerRole $ univentionWindowsReinstall ) )
+
+objectclass ( 1.3.6.1.4.1.10176.74 NAME 'univentionMemberServer'
+ SUP 'univentionHost' AUXILIARY
+ DESC 'Univention member server'
+ MUST ( cn )
+ MAY ( univentionServerRole $ univentionService $ univentionServerReinstall $ univentionServerInstallationProfile $ univentionServerInstallationText $ univentionServerInstallationPath $ univentionServerInstallationOption) )
+
+objectclass ( 1.3.6.1.4.1.10176.75 NAME 'univentionDomainController'
+ SUP 'univentionHost' AUXILIARY
+ DESC 'Univention domain controller'
+ MUST ( cn )
+ MAY ( univentionServerRole $ univentionService $ univentionServerReinstall $ univentionServerInstallationProfile $ univentionServerInstallationText $ univentionServerInstallationPath $ univentionServerInstallationOption) )
+
+objectclass ( 1.3.6.1.4.1.10176.76 NAME 'univentionUbuntuClient'
+ SUP 'univentionHost' AUXILIARY
+ DESC 'Univention Ubuntu client'
+ MUST ( cn ) )
+
+objectclass ( 1.3.6.1.4.1.10176.77 NAME 'univentionLinuxClient'
+ SUP 'univentionHost' AUXILIARY
+ DESC 'Univention Linux client'
+ MUST ( cn ) )
+
+objectclass ( 1.3.6.1.4.1.10176.78 NAME 'univentionDomain'
+ SUP ('domain' $ 'sambaDomain') STRUCTURAL
+ DESC 'Additional univention-vars for Groups' )
+
+objectclass ( 1.3.6.1.4.1.10176.79 NAME 'univentionBase'
+ SUP 'top' AUXILIARY
+ DESC 'Additional univention-vars for Groups' )
+
+attributetype ( 1.3.6.1.4.1.10176.81 NAME 'prohibitedUsername'
+ DESC 'Illegal usernames '
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectclass ( 1.3.6.1.4.1.10176.80 NAME 'univentionProhibitedUsernames'
+ MUST ( cn )
+ MAY ( prohibitedUsername )
+ DESC 'List of prohibited usernames' )
+
+attributetype ( 1.3.6.1.4.1.10176.83 NAME 'printerModel'
+ DESC 'Printer Model '
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectclass ( 1.3.6.1.4.1.10176.82 NAME 'univentionPrinterModels'
+ MUST ( cn )
+ MAY ( printerModel )
+ DESC 'Printer Model List' )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.300.1.1 NAME 'univentionPackageDefinition'
+ DESC 'Packages '
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+objectclass ( 1.3.6.1.4.1.10176.1000.300.2.1 NAME 'univentionPackageList'
+ MUST ( cn )
+ DESC 'Package List '
+ MAY ( univentionPackageDefinition))
+
+attributetype ( 1.3.6.1.4.1.10176.1000.301.1.1 NAME 'printerURI'
+ DESC 'Printer URI '
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectclass ( 1.3.6.1.4.1.10176.1000.301.2.1 NAME 'univentionPrinterURIs'
+ MUST ( cn )
+ MAY ( printerURI )
+ DESC 'Printer URI List' )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.302.1.1 NAME 'univentionSambaPasswordHistory'
+ DESC 'Samba Password History '
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.302.1.2 NAME 'univentionSambaMinPasswordLength'
+ DESC 'Samba Password Length '
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.302.1.3 NAME 'univentionSambaMinPasswordAge'
+ DESC 'Samba Minimum Password Age '
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.302.1.4 NAME 'univentionSambaBadLockoutAttempts'
+ DESC 'Samba Bad Lockout Attempts '
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.302.1.5 NAME 'univentionSambaLogonToChangePW'
+ DESC 'Samba User must logon to change password'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.302.1.6 NAME 'univentionSambaMaxPasswordAge'
+ DESC 'Samba Maximum Password Age'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.302.1.7 NAME 'univentionSambaLockoutDuration'
+ DESC 'Samba Lockout Duration'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.302.1.8 NAME 'univentionSambaResetCountMinutes'
+ DESC 'Samba Reset Count Minutes'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.302.1.9 NAME 'univentionSambaDisconnectTime'
+ DESC 'Samba Disconnect Time'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.302.1.10 NAME 'univentionSambaRefuseMachinePWChange'
+ DESC 'Samba Refuse Machine Password Change'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+objectclass ( 1.3.6.1.4.1.10176.1000.302.2.1 NAME 'univentionSambaConfig'
+ MUST ( cn )
+ MAY ( univentionSambaPasswordHistory $
+ univentionSambaMinPasswordLength $
+ univentionSambaMinPasswordAge $
+ univentionSambaBadLockoutAttempts $
+ univentionSambaLogonToChangePW $
+ univentionSambaMaxPasswordAge $
+ univentionSambaLockoutDuration $
+ univentionSambaResetCountMinutes $
+ univentionSambaDisconnectTime $
+ univentionSambaRefuseMachinePWChange )
+ DESC 'Univention Samba LDAP Extensions' )
+
+objectclass ( 1.3.6.1.4.1.10176.1000.303.2.1 NAME 'univentionServiceObject'
+ MUST ( cn )
+ DESC 'Univention Service Object' )
+
+
+# operations for univention console
+attributetype ( 1.3.6.1.4.1.10176.1000.304.1.1 NAME 'univentionConsoleOperation'
+ DESC 'Univention Console command'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectclass ( 1.3.6.1.4.1.10176.1000.304.2.1 NAME 'univentionConsoleOperations'
+ MUST ( cn )
+ MAY ( description $ univentionConsoleOperation )
+ DESC 'Univention Console commands' )
+
+# ACLs for univention console
+attributetype ( 1.3.6.1.4.1.10176.1000.305.1.1 NAME 'univentionConsoleACLCategory'
+ DESC 'Univention Console ACL category'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.305.1.2 NAME 'univentionConsoleACLHost'
+ DESC 'Univention Console ACL host or host group'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.305.1.3 NAME 'univentionConsoleACLBase'
+ DESC 'Univention Console ldap base to find the hosts'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.305.1.4 NAME 'univentionConsoleACLCommand'
+ DESC 'Univention Console ACL command'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectclass ( 1.3.6.1.4.1.10176.1000.305.2.1 NAME 'univentionConsoleACL'
+ MUST ( cn )
+ MAY ( description $ univentionConsoleACLCategory $ univentionConsoleACLHost $ univentionConsoleACLBase $ univentionConsoleACLCommand )
+ DESC 'Univention Console commands' )
+
+objectclass ( 1.3.6.1.4.1.10176.1000.306.2.1 NAME 'univentionConsoleCategory'
+ MUST ( cn )
+ MAY ( description )
+ DESC 'Univention Console category' )
+
+attributetype ( 1.3.6.1.4.1.10176.600 NAME 'univentionSambaPrivilegeList'
+ DESC 'Samba Privileges List'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} )
+
+objectclass ( 1.3.6.1.4.1.10176.60 NAME 'univentionSambaPrivileges'
+ SUP top AUXILIARY
+ MAY ( univentionSambaPrivilegeList )
+ DESC 'Samba Privileges' )
+
+# new UMC operation object (UCS 3.0)
+attributetype ( 1.3.6.1.4.1.10176.1000.310.1.1
+ NAME 'umcOperationSetCommand'
+ DESC 'List of UMC command names and patterns'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.310.1.2
+ NAME 'umcOperationSetFlavor'
+ DESC 'Flavor of the UMC module'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.310.1.3
+ NAME 'umcOperationSetHost'
+ DESC 'List of host or host group'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.1000.310.1.4
+ NAME 'umcOperationSetBase'
+ DESC 'LDAP base used for finding hosts'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+objectclass ( 1.3.6.1.4.1.10176.1000.310.2.1
+ NAME 'umcOperationSet'
+ DESC 'Defines a set of UMC operations'
+ MUST ( cn $ description )
+ MAY ( umcOperationSetCommand $ umcOperationSetFlavor $ umcOperationSetHost $ umcOperationSetBase ) )
diff --git a/files/schema/user.schema b/files/schema/user.schema
new file mode 100644
index 0000000..db77876
--- /dev/null
+++ b/files/schema/user.schema
@@ -0,0 +1,108 @@
+# Copyright 2005-2017 Univention GmbH
+#
+# http://www.univention.de/
+#
+# All rights reserved.
+#
+# The source code of this program is made available
+# under the terms of the GNU Affero General Public License version 3
+# (GNU AGPL V3) as published by the Free Software Foundation.
+#
+# Binary versions of this program provided by Univention to you as
+# well as other copyrighted, protected or trademarked materials like
+# Logos, graphics, fonts, specific documentations and configurations,
+# cryptographic keys etc. are subject to a license agreement between
+# you and Univention and not subject to the GNU AGPL V3.
+#
+# In the case you use this program under the terms of the GNU AGPL V3,
+# the program is provided in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public
+# License with the Debian GNU/Linux or Univention distribution in file
+# /usr/share/common-licenses/AGPL-3; if not, see
+# .
+
+attributetype ( 1.3.6.1.4.1.10176.4 NAME 'quotablockhard'
+ DESC 'Softlimit for Block usage quota'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.5 NAME 'quotablocksoft'
+ DESC 'Hard limit for Block usage quota'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.6 NAME 'quotafilehard'
+ DESC 'Soft limit for Inode usage quota'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.7 NAME 'quotafilesoft'
+ DESC 'Hard limit for Inode usage quota'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.10 NAME 'groupDirectory'
+ DESC 'The absolute path to the group directory'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.11 NAME 'virtual'
+ DESC 'Is this account a vitual one'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.12 NAME 'temporary'
+ DESC 'This account has a temporary home dir'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10176.15 NAME 'univentionAssignedPrinter'
+ DESC 'assigned printer'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.99 NAME 'univentionBirthday'
+ DESC 'Birthday'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10176.100 NAME 'univentionUMCProperty'
+ DESC 'UMC property stored as key=value pair'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+
+objectclass ( 1.3.6.1.4.1.10176.8 NAME 'univentionPerson'
+ DESC 'Additional univention-vars for Person/Account'
+ SUP top AUXILIARY
+ MAY ( quotablocksoft $ quotablockhard $ quotafilesoft $ quotafilehard $
+ temporary $ virtual $ univentionBirthday $ univentionUMCProperty )
+ )
+
+attributetype ( 1.3.6.1.4.1.10176.9.1.1 NAME 'univentionGroupType'
+ DESC 'Contains a set of flags that define the type and scope of a group object'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE)
+
+objectclass ( 1.3.6.1.4.1.10176.9 NAME 'univentionGroup'
+ DESC 'Additional univention-vars for Groups'
+ SUP top AUXILIARY
+ MAY ( quotablocksoft $ quotablockhard $ quotafilesoft $ quotafilehard $ groupDirectory $ uniqueMember $ mailPrimaryAddress $ univentionAssignedPrinter $ univentionAllowedEmailUsers $ univentionAllowedEmailGroups $ mailAlternativeAddress $ univentionGrouptype)
+ )
+
+attributetype ( 1.3.6.1.4.1.10176.13 NAME 'pwhistory'
+ DESC 'most recent used passwords'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+objectclass ( 1.3.6.1.4.1.10176.14 NAME 'univentionPWHistory'
+ DESC 'PW History for an account'
+ SUP top AUXILIARY
+ MAY ( pwhistory )
+ )