160 lines
4.9 KiB
Plaintext
160 lines
4.9 KiB
Plaintext
# $OpenLDAP: pkg/ldap/servers/slapd/schema/ppolicy.schema,v 1.2.2.4 2007/01/02 21:44:09 kurt Exp $
|
|
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
|
|
##
|
|
## Copyright 2004-2007 The OpenLDAP Foundation.
|
|
## All rights reserved.
|
|
##
|
|
## Redistribution and use in source and binary forms, with or without
|
|
## modification, are permitted only as authorized by the OpenLDAP
|
|
## Public License.
|
|
##
|
|
## A copy of this license is available in the file LICENSE in the
|
|
## top-level directory of the distribution or, alternatively, at
|
|
## <http://www.OpenLDAP.org/license.html>.
|
|
#
|
|
## Portions Copyright (C) The Internet Society (2004).
|
|
## Please see full copyright statement below.
|
|
|
|
# Definitions from Draft behera-ldap-password-policy-07 (a work in progress)
|
|
# Password Policy for LDAP Directories
|
|
# With extensions from Hewlett-Packard:
|
|
# pwdCheckModule etc.
|
|
|
|
# Contents of this file are subject to change (including deletion)
|
|
# without notice.
|
|
#
|
|
# Not recommended for production use!
|
|
# Use with extreme caution!
|
|
|
|
# The version of this file as distributed by the OpenLDAP Foundation
|
|
# contains text from an IETF Internet-Draft explaining the schema.
|
|
# Unfortunately, that text is covered by a license that doesn't meet
|
|
# Debian's Free Software Guidelines. This is a stripped version of the
|
|
# schema that contains only the functional schema definition, not the text
|
|
# of the Internet-Draft.
|
|
#
|
|
# For an explanation of this schema, see
|
|
# draft-behera-ldap-password-policy-08.txt.
|
|
|
|
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.1
|
|
NAME 'pwdAttribute'
|
|
EQUALITY objectIdentifierMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
|
|
|
|
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.2
|
|
NAME 'pwdMinAge'
|
|
EQUALITY integerMatch
|
|
ORDERING integerOrderingMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
|
SINGLE-VALUE )
|
|
|
|
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.3
|
|
NAME 'pwdMaxAge'
|
|
EQUALITY integerMatch
|
|
ORDERING integerOrderingMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
|
SINGLE-VALUE )
|
|
|
|
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.4
|
|
NAME 'pwdInHistory'
|
|
EQUALITY integerMatch
|
|
ORDERING integerOrderingMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
|
SINGLE-VALUE )
|
|
|
|
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.5
|
|
NAME 'pwdCheckQuality'
|
|
EQUALITY integerMatch
|
|
ORDERING integerOrderingMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
|
SINGLE-VALUE )
|
|
|
|
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.6
|
|
NAME 'pwdMinLength'
|
|
EQUALITY integerMatch
|
|
ORDERING integerOrderingMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
|
SINGLE-VALUE )
|
|
|
|
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.7
|
|
NAME 'pwdExpireWarning'
|
|
EQUALITY integerMatch
|
|
ORDERING integerOrderingMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
|
SINGLE-VALUE )
|
|
|
|
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.8
|
|
NAME 'pwdGraceAuthNLimit'
|
|
EQUALITY integerMatch
|
|
ORDERING integerOrderingMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
|
SINGLE-VALUE )
|
|
|
|
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.9
|
|
NAME 'pwdLockout'
|
|
EQUALITY booleanMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
|
|
SINGLE-VALUE )
|
|
|
|
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.10
|
|
NAME 'pwdLockoutDuration'
|
|
EQUALITY integerMatch
|
|
ORDERING integerOrderingMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
|
SINGLE-VALUE )
|
|
|
|
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.11
|
|
NAME 'pwdMaxFailure'
|
|
EQUALITY integerMatch
|
|
ORDERING integerOrderingMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
|
SINGLE-VALUE )
|
|
|
|
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.12
|
|
NAME 'pwdFailureCountInterval'
|
|
EQUALITY integerMatch
|
|
ORDERING integerOrderingMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
|
SINGLE-VALUE )
|
|
|
|
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.13
|
|
NAME 'pwdMustChange'
|
|
EQUALITY booleanMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
|
|
SINGLE-VALUE )
|
|
|
|
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.14
|
|
NAME 'pwdAllowUserChange'
|
|
EQUALITY booleanMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
|
|
SINGLE-VALUE )
|
|
|
|
attributetype ( 1.3.6.1.4.1.42.2.27.8.1.15
|
|
NAME 'pwdSafeModify'
|
|
EQUALITY booleanMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
|
|
SINGLE-VALUE )
|
|
|
|
attributetype ( 1.3.6.1.4.1.4754.1.99.1
|
|
NAME 'pwdCheckModule'
|
|
EQUALITY caseExactIA5Match
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
|
|
DESC 'Loadable module that instantiates "check_password() function'
|
|
SINGLE-VALUE )
|
|
|
|
objectclass ( 1.3.6.1.4.1.4754.2.99.1
|
|
NAME 'pwdPolicyChecker'
|
|
SUP top
|
|
AUXILIARY
|
|
MAY ( pwdCheckModule ) )
|
|
|
|
objectclass ( 1.3.6.1.4.1.42.2.27.8.2.1
|
|
NAME 'pwdPolicy'
|
|
SUP top
|
|
AUXILIARY
|
|
MUST ( pwdAttribute )
|
|
MAY ( pwdMinAge $ pwdMaxAge $ pwdInHistory $ pwdCheckQuality $
|
|
pwdMinLength $ pwdExpireWarning $ pwdGraceAuthNLimit $ pwdLockout
|
|
$ pwdLockoutDuration $ pwdMaxFailure $ pwdFailureCountInterval $
|
|
pwdMustChange $ pwdAllowUserChange $ pwdSafeModify ) )
|