# Copyright 2004-2017 Univention GmbH
#
# http://www.univention.de/
#
# All rights reserved.
#
# The source code of this program is made available
# under the terms of the GNU Affero General Public License version 3
# (GNU AGPL V3) as published by the Free Software Foundation.
#
# Binary versions of this program provided by Univention to you as
# well as other copyrighted, protected or trademarked materials like
# Logos, graphics, fonts, specific documentations and configurations,
# cryptographic keys etc. are subject to a license agreement between
# you and Univention and not subject to the GNU AGPL V3.
#
# In the case you use this program under the terms of the GNU AGPL V3,
# the program is provided in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public
# License with the Debian GNU/Linux or Univention distribution in file
# /usr/share/common-licenses/AGPL-3; if not, see
# <http://www.gnu.org/licenses/>.

# schema definition for "interactive" LDAP-ACLs

# namespace 1.3.6.1.4.1.10176.1041

attributetype ( 1.3.6.1.4.1.10176.1041.1.1 NAME 'univentionLDAPAccessNone'
	DESC 'LDAP-DN of accounts who have write access to this object'
	EQUALITY distinguishedNameMatch
	SUP distinguishedName )

attributetype ( 1.3.6.1.4.1.10176.1041.1.2 NAME 'univentionLDAPAccessAuth'
	DESC 'LDAP-DN of accounts who have write access to this object'
	EQUALITY distinguishedNameMatch
	SUP distinguishedName )

attributetype ( 1.3.6.1.4.1.10176.1041.1.3 NAME 'univentionLDAPAccessCompare'
	DESC 'LDAP-DN of accounts who have write access to this object'
	EQUALITY distinguishedNameMatch
	SUP distinguishedName )

attributetype ( 1.3.6.1.4.1.10176.1041.1.4 NAME 'univentionLDAPAccessSearch'
	DESC 'LDAP-DN of accounts who have write access to this object'
	EQUALITY distinguishedNameMatch
	SUP distinguishedName )

attributetype ( 1.3.6.1.4.1.10176.1041.1.5 NAME 'univentionLDAPAccessRead'
	DESC 'LDAP-DN of accounts who have write access to this object'
	EQUALITY distinguishedNameMatch
	SUP distinguishedName )

attributetype ( 1.3.6.1.4.1.10176.1041.1.6 NAME 'univentionLDAPAccessWrite'
	DESC 'LDAP-DN of accounts who have write access to this object'
	EQUALITY distinguishedNameMatch
	SUP distinguishedName )

objectclass ( 1.3.6.1.4.1.10176.1041.2.1 NAME 'univentionLDAPACL'
	SUP top AUXILIARY
	DESC 'Univention LDAP ACLs'
	MAY ( univentionLDAPAccessNone $ univentionLDAPAccessAuth $ univentionLDAPAccessCompare $ 
              univentionLDAPAccessSearch $ univentionLDAPAccessRead $ univentionLDAPAccessWrite ))