diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 16:35:33 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 16:35:33 +0000 |
commit | 1f641814b2bfbbf2dc3347e11a3fe901bfdf1efc (patch) | |
tree | 77094b19bf9091ceb6f6ab7d0267f70fef9c8323 /debian/schema | |
parent | Adding upstream version 2.5.13+dfsg. (diff) | |
download | openldap-1f641814b2bfbbf2dc3347e11a3fe901bfdf1efc.tar.xz openldap-1f641814b2bfbbf2dc3347e11a3fe901bfdf1efc.zip |
Adding debian version 2.5.13+dfsg-5.debian/2.5.13+dfsg-5debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/schema')
-rw-r--r-- | debian/schema/README | 15 | ||||
-rw-r--r-- | debian/schema/collective.schema | 65 | ||||
-rwxr-xr-x | debian/schema/compare-schema | 26 | ||||
-rw-r--r-- | debian/schema/corba.schema | 61 | ||||
-rw-r--r-- | debian/schema/core.ldif | 603 | ||||
-rw-r--r-- | debian/schema/core.schema | 622 | ||||
-rw-r--r-- | debian/schema/cosine.schema | 404 | ||||
-rw-r--r-- | debian/schema/duaconf.schema | 153 | ||||
-rw-r--r-- | debian/schema/inetorgperson.schema | 113 | ||||
-rw-r--r-- | debian/schema/java.schema | 109 | ||||
-rw-r--r-- | debian/schema/namedobject.schema | 42 | ||||
-rw-r--r-- | debian/schema/pmi.schema | 476 |
12 files changed, 2689 insertions, 0 deletions
diff --git a/debian/schema/README b/debian/schema/README new file mode 100644 index 0000000..e601c45 --- /dev/null +++ b/debian/schema/README @@ -0,0 +1,15 @@ +This directory contains stripped versions of schema files that the +OpenLDAP distribution includes in servers/slapd/schema. The original +versions as distributed upstream contain text from the RFCs embedded as +comments, and that text is covered by the Internet Society license which +does not meet the Debian Free Software Guidelines. (It doesn't permit +creation and distribution of modified versions.) Accordingly, Debian +cannot include the original versions of these files in Debian packages. + +Instead, in this directory are equivalent versions of those files with all +of the text taken from IETF RFCs or Internet-Drafts removed and only the +functional schema definition retained. + +Where possible, the schema files as distributed by the OpenLDAP project +are retained. This is only done where RFC or Internet-Draft text is +embedded in the schema file and covered by the Internet Society license. diff --git a/debian/schema/collective.schema b/debian/schema/collective.schema new file mode 100644 index 0000000..c3dc1a1 --- /dev/null +++ b/debian/schema/collective.schema @@ -0,0 +1,65 @@ +# collective.schema -- Collective attribute schema +# $OpenLDAP: pkg/ldap/servers/slapd/schema/collective.schema,v 1.12.2.2 2007/08/31 23:14:06 quanah Exp $ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2007 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. +# + +# The version of this file as distributed by the OpenLDAP Foundation +# contains text from an IETF RFC explaining the schema. Unfortunately, +# that text is covered by a license that doesn't meet Debian's Free +# Software Guidelines. This is a stripped version of the schema that +# contains only the functional schema definition, not the text of the +# RFC. +# +# For an explanation of this schema, see RFC 3671, at (among other +# places): http://www.ietf.org/rfc/rfc3671.txt + +attributeType ( 2.5.4.7.1 NAME 'c-l' + SUP l COLLECTIVE ) + +attributeType ( 2.5.4.8.1 NAME 'c-st' + SUP st COLLECTIVE ) + +attributeType ( 2.5.4.9.1 NAME 'c-street' + SUP street COLLECTIVE ) + +attributeType ( 2.5.4.10.1 NAME 'c-o' + SUP o COLLECTIVE ) + +attributeType ( 2.5.4.11.1 NAME 'c-ou' + SUP ou COLLECTIVE ) + +attributeType ( 2.5.4.16.1 NAME 'c-PostalAddress' + SUP postalAddress COLLECTIVE ) + +attributeType ( 2.5.4.17.1 NAME 'c-PostalCode' + SUP postalCode COLLECTIVE ) + +attributeType ( 2.5.4.18.1 NAME 'c-PostOfficeBox' + SUP postOfficeBox COLLECTIVE ) + +attributeType ( 2.5.4.19.1 NAME 'c-PhysicalDeliveryOfficeName' + SUP physicalDeliveryOfficeName COLLECTIVE ) + +attributeType ( 2.5.4.20.1 NAME 'c-TelephoneNumber' + SUP telephoneNumber COLLECTIVE ) + +attributeType ( 2.5.4.21.1 NAME 'c-TelexNumber' + SUP telexNumber COLLECTIVE ) + +attributeType ( 2.5.4.23.1 NAME 'c-FacsimileTelephoneNumber' + SUP facsimileTelephoneNumber COLLECTIVE ) + +attributeType ( 2.5.4.25.1 NAME 'c-InternationalISDNNumber' + SUP internationalISDNNumber COLLECTIVE ) + diff --git a/debian/schema/compare-schema b/debian/schema/compare-schema new file mode 100755 index 0000000..ce6b80c --- /dev/null +++ b/debian/schema/compare-schema @@ -0,0 +1,26 @@ +#!/bin/sh +# +# Compare the stripped versions of the schema with the unmodified versions +# from the source as distributed upstream and find any non-comment changes +# so that our stripped versions can be updated. +# +# Takes the directory containing our stripped schema and the directory +# containing the upstream schema. Uses the first directory as a working +# area. + +set -e + +ours="$1" +theirs="$2" +if [ -z "$ours" ] || [ -z "$theirs" ] ; then + echo 'Usage: compare-schema <debian-schema-dir> <openldap-schema-dir>' >&2 + exit 1 +fi + +cd $ours +for schema in *.schema *.ldif ; do + grep -v '^#' "$schema" | grep -v '^ *$' > "${schema}.debian" + grep -v '^#' "$theirs/$schema" | grep -v '^ *$' > "${schema}.upstream" + diff -u "${schema}.debian" "${schema}.upstream" + rm "${schema}.debian" "${schema}.upstream" +done diff --git a/debian/schema/corba.schema b/debian/schema/corba.schema new file mode 100644 index 0000000..918e9df --- /dev/null +++ b/debian/schema/corba.schema @@ -0,0 +1,61 @@ +# corba.schema -- Corba Object Schema +# depends upon core.schema +# $OpenLDAP: pkg/ldap/servers/slapd/schema/corba.schema,v 1.4.2.3 2007/01/02 21:44:09 kurt Exp $ +# $OpenLDAP: pkg/ldap/servers/slapd/schema/corba.schema,v 1.4.2.3 2007/01/02 21:44:09 kurt Exp $ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2007 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. +# + +# The version of this file as distributed by the OpenLDAP Foundation +# contains text from an IETF RFC explaining the schema. Unfortunately, +# that text is covered by a license that doesn't meet Debian's Free +# Software Guidelines. This is a stripped version of the schema that +# contains only the functional schema definition, not the text of the +# RFC. +# +# For an explanation of this schema, see RFC 2714, at (among other +# places): http://www.ietf.org/rfc/rfc2714.txt + +attributetype ( 1.3.6.1.4.1.42.2.27.4.1.14 + NAME 'corbaIor' + DESC 'Stringified interoperable object reference of a CORBA object' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.42.2.27.4.1.15 + NAME 'corbaRepositoryId' + DESC 'Repository ids of interfaces implemented by a CORBA object' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +objectclass ( 1.3.6.1.4.1.42.2.27.4.2.10 + NAME 'corbaContainer' + DESC 'Container for a CORBA object' + SUP top + STRUCTURAL + MUST cn ) + +objectclass ( 1.3.6.1.4.1.42.2.27.4.2.9 + NAME 'corbaObject' + DESC 'CORBA object representation' + SUP top + ABSTRACT + MAY ( corbaRepositoryId $ description ) ) + +objectclass ( 1.3.6.1.4.1.42.2.27.4.2.11 + NAME 'corbaObjectReference' + DESC 'CORBA interoperable object reference' + SUP corbaObject + AUXILIARY + MUST corbaIor ) diff --git a/debian/schema/core.ldif b/debian/schema/core.ldif new file mode 100644 index 0000000..2cbfb87 --- /dev/null +++ b/debian/schema/core.ldif @@ -0,0 +1,603 @@ +# OpenLDAP Core schema +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2014 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. +# + +# The version of this file as distributed by the OpenLDAP Foundation +# contains text claiming copyright by the Internet Society and including +# the IETF RFC license, which does not meet Debian's Free Software +# Guidelines. However, apart from short and obvious comments, the text of +# this file is purely a functional interface specification, which is not +# subject to that license and is not copyrightable under US law. +# +# The license statement is retained below so as not to remove credit, but +# as best as we can determine, it is not applicable to the contents of +# this file. + +## Portions Copyright (C) The Internet Society (1997-2003). +## All Rights Reserved. +## +## This document and translations of it may be copied and furnished to +## others, and derivative works that comment on or otherwise explain it +## or assist in its implementation may be prepared, copied, published +## and distributed, in whole or in part, without restriction of any +## kind, provided that the above copyright notice and this paragraph are +## included on all such copies and derivative works. However, this +## document itself may not be modified in any way, such as by removing +## the copyright notice or references to the Internet Society or other +## Internet organizations, except as needed for the purpose of +## developing Internet standards in which case the procedures for +## copyrights defined in the Internet Standards process must be +## followed, or as required to translate it into languages other than +## English. +## +## The limited permissions granted above are perpetual and will not be +## revoked by the Internet Society or its successors or assigns. +## +## This document and the information contained herein is provided on an +## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING +## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING +## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION +## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF +## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. +# +# +# +# Includes LDAPv3 schema items from: +# RFC 2252/2256 (LDAPv3) +# +# Select standard track schema items: +# RFC 1274 (uid/dc) +# RFC 2079 (URI) +# RFC 2247 (dc/dcObject) +# RFC 2587 (PKI) +# RFC 2589 (Dynamic Directory Services) +# +# Select informational schema items: +# RFC 2377 (uidObject) +# +# +# Standard attribute types from RFC 2256 +# +dn: cn=core,cn=schema,cn=config +objectClass: olcSchemaConfig +cn: core +# +# system schema +#olcAttributeTypes: ( 2.5.4.0 NAME 'objectClass' +# DESC 'RFC2256: object classes of the entity' +# EQUALITY objectIdentifierMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) +# +# system schema +#olcAttributeTypes: ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' ) +# DESC 'RFC2256: name of aliased object' +# EQUALITY distinguishedNameMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) +# +olcAttributeTypes: ( 2.5.4.2 NAME 'knowledgeInformation' + DESC 'RFC2256: knowledge information' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) +# +# system schema +#olcAttributeTypes: ( 2.5.4.3 NAME ( 'cn' 'commonName' ) +# DESC 'RFC2256: common name(s) for which the entity is known by' +# SUP name ) +# +olcAttributeTypes: ( 2.5.4.4 NAME ( 'sn' 'surname' ) + DESC 'RFC2256: last (family) name(s) for which the entity is known by' + SUP name ) +# +olcAttributeTypes: ( 2.5.4.5 NAME 'serialNumber' + DESC 'RFC2256: serial number of the entity' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} ) +# +# RFC 4519 definition ('countryName' in X.500 and RFC2256) +olcAttributeTypes: ( 2.5.4.6 NAME ( 'c' 'countryName' ) + DESC 'RFC4519: two-letter ISO-3166 country code' + SUP name + SYNTAX 1.3.6.1.4.1.1466.115.121.1.11 + SINGLE-VALUE ) +# +olcAttributeTypes: ( 2.5.4.7 NAME ( 'l' 'localityName' ) + DESC 'RFC2256: locality which this object resides in' + SUP name ) +# +olcAttributeTypes: ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' ) + DESC 'RFC2256: state or province which this object resides in' + SUP name ) +# +olcAttributeTypes: ( 2.5.4.9 NAME ( 'street' 'streetAddress' ) + DESC 'RFC2256: street address of this object' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) +# +olcAttributeTypes: ( 2.5.4.10 NAME ( 'o' 'organizationName' ) + DESC 'RFC2256: organization this object belongs to' + SUP name ) +# +olcAttributeTypes: ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' ) + DESC 'RFC2256: organizational unit this object belongs to' + SUP name ) +# +olcAttributeTypes: ( 2.5.4.12 NAME 'title' + DESC 'RFC2256: title associated with the entity' + SUP name ) +# +# system schema +#olcAttributeTypes: ( 2.5.4.13 NAME 'description' +# DESC 'RFC2256: descriptive information' +# EQUALITY caseIgnoreMatch +# SUBSTR caseIgnoreSubstringsMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} ) +# +# Deprecated by enhancedSearchGuide +olcAttributeTypes: ( 2.5.4.14 NAME 'searchGuide' + DESC 'RFC2256: search guide, deprecated by enhancedSearchGuide' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 ) +# +olcAttributeTypes: ( 2.5.4.15 NAME 'businessCategory' + DESC 'RFC2256: business category' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) +# +olcAttributeTypes: ( 2.5.4.16 NAME 'postalAddress' + DESC 'RFC2256: postal address' + EQUALITY caseIgnoreListMatch + SUBSTR caseIgnoreListSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) +# +olcAttributeTypes: ( 2.5.4.17 NAME 'postalCode' + DESC 'RFC2256: postal code' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} ) +# +olcAttributeTypes: ( 2.5.4.18 NAME 'postOfficeBox' + DESC 'RFC2256: Post Office Box' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} ) +# +olcAttributeTypes: ( 2.5.4.19 NAME 'physicalDeliveryOfficeName' + DESC 'RFC2256: Physical Delivery Office Name' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) +# +olcAttributeTypes: ( 2.5.4.20 NAME 'telephoneNumber' + DESC 'RFC2256: Telephone Number' + EQUALITY telephoneNumberMatch + SUBSTR telephoneNumberSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} ) +# +olcAttributeTypes: ( 2.5.4.21 NAME 'telexNumber' + DESC 'RFC2256: Telex Number' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 ) +# +olcAttributeTypes: ( 2.5.4.22 NAME 'teletexTerminalIdentifier' + DESC 'RFC2256: Teletex Terminal Identifier' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 ) +# +olcAttributeTypes: ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' ) + DESC 'RFC2256: Facsimile (Fax) Telephone Number' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 ) +# +olcAttributeTypes: ( 2.5.4.24 NAME 'x121Address' + DESC 'RFC2256: X.121 Address' + EQUALITY numericStringMatch + SUBSTR numericStringSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} ) +# +olcAttributeTypes: ( 2.5.4.25 NAME 'internationaliSDNNumber' + DESC 'RFC2256: international ISDN number' + EQUALITY numericStringMatch + SUBSTR numericStringSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} ) +# +olcAttributeTypes: ( 2.5.4.26 NAME 'registeredAddress' + DESC 'RFC2256: registered postal address' + SUP postalAddress + SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) +# +olcAttributeTypes: ( 2.5.4.27 NAME 'destinationIndicator' + DESC 'RFC2256: destination indicator' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} ) +# +olcAttributeTypes: ( 2.5.4.28 NAME 'preferredDeliveryMethod' + DESC 'RFC2256: preferred delivery method' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.14 + SINGLE-VALUE ) +# +olcAttributeTypes: ( 2.5.4.29 NAME 'presentationAddress' + DESC 'RFC2256: presentation address' + EQUALITY presentationAddressMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.43 + SINGLE-VALUE ) +# +olcAttributeTypes: ( 2.5.4.30 NAME 'supportedApplicationContext' + DESC 'RFC2256: supported application context' + EQUALITY objectIdentifierMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) +# +olcAttributeTypes: ( 2.5.4.31 NAME 'member' + DESC 'RFC2256: member of a group' + SUP distinguishedName ) +# +olcAttributeTypes: ( 2.5.4.32 NAME 'owner' + DESC 'RFC2256: owner (of the object)' + SUP distinguishedName ) +# +olcAttributeTypes: ( 2.5.4.33 NAME 'roleOccupant' + DESC 'RFC2256: occupant of role' + SUP distinguishedName ) +# +# system schema +#olcAttributeTypes: ( 2.5.4.34 NAME 'seeAlso' +# DESC 'RFC2256: DN of related object' +# SUP distinguishedName ) +# +# system schema +#olcAttributeTypes: ( 2.5.4.35 NAME 'userPassword' +# DESC 'RFC2256/2307: password of user' +# EQUALITY octetStringMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} ) +# +# Must be transferred using ;binary +# with certificateExactMatch rule (per X.509) +olcAttributeTypes: ( 2.5.4.36 NAME 'userCertificate' + DESC 'RFC2256: X.509 user certificate, use ;binary' + EQUALITY certificateExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 ) +# +# Must be transferred using ;binary +# with certificateExactMatch rule (per X.509) +olcAttributeTypes: ( 2.5.4.37 NAME 'cACertificate' + DESC 'RFC2256: X.509 CA certificate, use ;binary' + EQUALITY certificateExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 ) +# +# Must be transferred using ;binary +olcAttributeTypes: ( 2.5.4.38 NAME 'authorityRevocationList' + DESC 'RFC2256: X.509 authority revocation list, use ;binary' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) +# +# Must be transferred using ;binary +olcAttributeTypes: ( 2.5.4.39 NAME 'certificateRevocationList' + DESC 'RFC2256: X.509 certificate revocation list, use ;binary' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) +# +# Must be stored and requested in the binary form +olcAttributeTypes: ( 2.5.4.40 NAME 'crossCertificatePair' + DESC 'RFC2256: X.509 cross certificate pair, use ;binary' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 ) +# +# 2.5.4.41 is defined above as it's used for subtyping +#olcAttributeTypes: ( 2.5.4.41 NAME 'name' +# EQUALITY caseIgnoreMatch +# SUBSTR caseIgnoreSubstringsMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) +# +olcAttributeTypes: ( 2.5.4.42 NAME ( 'givenName' 'gn' ) + DESC 'RFC2256: first name(s) for which the entity is known by' + SUP name ) +# +olcAttributeTypes: ( 2.5.4.43 NAME 'initials' + DESC 'RFC2256: initials of some or all of names, but not the surname(s).' + SUP name ) +# +olcAttributeTypes: ( 2.5.4.44 NAME 'generationQualifier' + DESC 'RFC2256: name qualifier indicating a generation' + SUP name ) +# +olcAttributeTypes: ( 2.5.4.45 NAME 'x500UniqueIdentifier' + DESC 'RFC2256: X.500 unique identifier' + EQUALITY bitStringMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 ) +# +olcAttributeTypes: ( 2.5.4.46 NAME 'dnQualifier' + DESC 'RFC2256: DN qualifier' + EQUALITY caseIgnoreMatch + ORDERING caseIgnoreOrderingMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 ) +# +olcAttributeTypes: ( 2.5.4.47 NAME 'enhancedSearchGuide' + DESC 'RFC2256: enhanced search guide' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 ) +# +olcAttributeTypes: ( 2.5.4.48 NAME 'protocolInformation' + DESC 'RFC2256: protocol information' + EQUALITY protocolInformationMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 ) +# +# 2.5.4.49 is defined above as it's used for subtyping +#olcAttributeTypes: ( 2.5.4.49 NAME 'distinguishedName' +# EQUALITY distinguishedNameMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +# +olcAttributeTypes: ( 2.5.4.50 NAME 'uniqueMember' + DESC 'RFC2256: unique member of a group' + EQUALITY uniqueMemberMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 ) +# +olcAttributeTypes: ( 2.5.4.51 NAME 'houseIdentifier' + DESC 'RFC2256: house identifier' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) +# +# Must be transferred using ;binary +olcAttributeTypes: ( 2.5.4.52 NAME 'supportedAlgorithms' + DESC 'RFC2256: supported algorithms' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 ) +# +# Must be transferred using ;binary +olcAttributeTypes: ( 2.5.4.53 NAME 'deltaRevocationList' + DESC 'RFC2256: delta revocation list; use ;binary' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) +# +olcAttributeTypes: ( 2.5.4.54 NAME 'dmdName' + DESC 'RFC2256: name of DMD' + SUP name ) +# +olcAttributeTypes: ( 2.5.4.65 NAME 'pseudonym' + DESC 'X.520(4th): pseudonym for the object' + SUP name ) +# +# Standard object classes from RFC2256 +# +# system schema +#olcObjectClasses: ( 2.5.6.1 NAME 'alias' +# DESC 'RFC2256: an alias' +# SUP top STRUCTURAL +# MUST aliasedObjectName ) +# +olcObjectClasses: ( 2.5.6.2 NAME 'country' + DESC 'RFC2256: a country' + SUP top STRUCTURAL + MUST c + MAY ( searchGuide $ description ) ) +# +olcObjectClasses: ( 2.5.6.3 NAME 'locality' + DESC 'RFC2256: a locality' + SUP top STRUCTURAL + MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) ) +# +olcObjectClasses: ( 2.5.6.4 NAME 'organization' + DESC 'RFC2256: an organization' + SUP top STRUCTURAL + MUST o + MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ + x121Address $ registeredAddress $ destinationIndicator $ + preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ + telephoneNumber $ internationaliSDNNumber $ + facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ + postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) ) +# +olcObjectClasses: ( 2.5.6.5 NAME 'organizationalUnit' + DESC 'RFC2256: an organizational unit' + SUP top STRUCTURAL + MUST ou + MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ + x121Address $ registeredAddress $ destinationIndicator $ + preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ + telephoneNumber $ internationaliSDNNumber $ + facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ + postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) ) +# +olcObjectClasses: ( 2.5.6.6 NAME 'person' + DESC 'RFC2256: a person' + SUP top STRUCTURAL + MUST ( sn $ cn ) + MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) ) +# +olcObjectClasses: ( 2.5.6.7 NAME 'organizationalPerson' + DESC 'RFC2256: an organizational person' + SUP person STRUCTURAL + MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $ + preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ + telephoneNumber $ internationaliSDNNumber $ + facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ + postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) ) +# +olcObjectClasses: ( 2.5.6.8 NAME 'organizationalRole' + DESC 'RFC2256: an organizational role' + SUP top STRUCTURAL + MUST cn + MAY ( x121Address $ registeredAddress $ destinationIndicator $ + preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ + telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ + seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $ + postOfficeBox $ postalCode $ postalAddress $ + physicalDeliveryOfficeName $ ou $ st $ l $ description ) ) +# +olcObjectClasses: ( 2.5.6.9 NAME 'groupOfNames' + DESC 'RFC2256: a group of names (DNs)' + SUP top STRUCTURAL + MUST ( member $ cn ) + MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) ) +# +olcObjectClasses: ( 2.5.6.10 NAME 'residentialPerson' + DESC 'RFC2256: an residential person' + SUP person STRUCTURAL + MUST l + MAY ( businessCategory $ x121Address $ registeredAddress $ + destinationIndicator $ preferredDeliveryMethod $ telexNumber $ + teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ + facsimileTelephoneNumber $ preferredDeliveryMethod $ street $ + postOfficeBox $ postalCode $ postalAddress $ + physicalDeliveryOfficeName $ st $ l ) ) +# +olcObjectClasses: ( 2.5.6.11 NAME 'applicationProcess' + DESC 'RFC2256: an application process' + SUP top STRUCTURAL + MUST cn + MAY ( seeAlso $ ou $ l $ description ) ) +# +olcObjectClasses: ( 2.5.6.12 NAME 'applicationEntity' + DESC 'RFC2256: an application entity' + SUP top STRUCTURAL + MUST ( presentationAddress $ cn ) + MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $ + description ) ) +# +olcObjectClasses: ( 2.5.6.13 NAME 'dSA' + DESC 'RFC2256: a directory system agent (a server)' + SUP applicationEntity STRUCTURAL + MAY knowledgeInformation ) +# +olcObjectClasses: ( 2.5.6.14 NAME 'device' + DESC 'RFC2256: a device' + SUP top STRUCTURAL + MUST cn + MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) ) +# +olcObjectClasses: ( 2.5.6.15 NAME 'strongAuthenticationUser' + DESC 'RFC2256: a strong authentication user' + SUP top AUXILIARY + MUST userCertificate ) +# +olcObjectClasses: ( 2.5.6.16 NAME 'certificationAuthority' + DESC 'RFC2256: a certificate authority' + SUP top AUXILIARY + MUST ( authorityRevocationList $ certificateRevocationList $ + cACertificate ) MAY crossCertificatePair ) +# +olcObjectClasses: ( 2.5.6.17 NAME 'groupOfUniqueNames' + DESC 'RFC2256: a group of unique names (DN and Unique Identifier)' + SUP top STRUCTURAL + MUST ( uniqueMember $ cn ) + MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) ) +# +olcObjectClasses: ( 2.5.6.18 NAME 'userSecurityInformation' + DESC 'RFC2256: a user security information' + SUP top AUXILIARY + MAY ( supportedAlgorithms ) ) +# +olcObjectClasses: ( 2.5.6.16.2 NAME 'certificationAuthority-V2' + SUP certificationAuthority + AUXILIARY MAY ( deltaRevocationList ) ) +# +olcObjectClasses: ( 2.5.6.19 NAME 'cRLDistributionPoint' + SUP top STRUCTURAL + MUST ( cn ) + MAY ( certificateRevocationList $ authorityRevocationList $ + deltaRevocationList ) ) +# +olcObjectClasses: ( 2.5.6.20 NAME 'dmd' + SUP top STRUCTURAL + MUST ( dmdName ) + MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ + x121Address $ registeredAddress $ destinationIndicator $ + preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ + telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ + street $ postOfficeBox $ postalCode $ postalAddress $ + physicalDeliveryOfficeName $ st $ l $ description ) ) +# +# +# Object Classes from RFC 2587 +# +olcObjectClasses: ( 2.5.6.21 NAME 'pkiUser' + DESC 'RFC2587: a PKI user' + SUP top AUXILIARY + MAY userCertificate ) +# +olcObjectClasses: ( 2.5.6.22 NAME 'pkiCA' + DESC 'RFC2587: PKI certificate authority' + SUP top AUXILIARY + MAY ( authorityRevocationList $ certificateRevocationList $ + cACertificate $ crossCertificatePair ) ) +# +olcObjectClasses: ( 2.5.6.23 NAME 'deltaCRL' + DESC 'RFC4523: X.509 delta CRL' + SUP top AUXILIARY + MAY deltaRevocationList ) +# +# +# Standard Track URI label schema from RFC 2079 +# system schema +#olcAttributeTypes: ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI' +# DESC 'RFC2079: Uniform Resource Identifier with optional label' +# EQUALITY caseExactMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +# +olcObjectClasses: ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject' + DESC 'RFC2079: object that contains the URI attribute type' + MAY ( labeledURI ) + SUP top AUXILIARY ) +# +# +# Derived from RFC 1274, but with new "short names" +# +#olcAttributeTypes: ( 0.9.2342.19200300.100.1.1 +# NAME ( 'uid' 'userid' ) +# DESC 'RFC1274: user identifier' +# EQUALITY caseIgnoreMatch +# SUBSTR caseIgnoreSubstringsMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) +# +olcAttributeTypes: ( 0.9.2342.19200300.100.1.3 + NAME ( 'mail' 'rfc822Mailbox' ) + DESC 'RFC1274: RFC822 Mailbox' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) +# +olcObjectClasses: ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject' + DESC 'RFC1274: simple security object' + SUP top AUXILIARY + MUST userPassword ) +# +# RFC 1274 + RFC 2247 +olcAttributeTypes: ( 0.9.2342.19200300.100.1.25 + NAME ( 'dc' 'domainComponent' ) + DESC 'RFC1274/2247: domain component' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +# +# RFC 2247 +olcObjectClasses: ( 1.3.6.1.4.1.1466.344 NAME 'dcObject' + DESC 'RFC2247: domain component object' + SUP top AUXILIARY MUST dc ) +# +# RFC 2377 +olcObjectClasses: ( 1.3.6.1.1.3.1 NAME 'uidObject' + DESC 'RFC2377: uid object' + SUP top AUXILIARY MUST uid ) +# +# From COSINE Pilot +olcAttributeTypes: ( 0.9.2342.19200300.100.1.37 + NAME 'associatedDomain' + DESC 'RFC1274: domain associated with object' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +# +# RFC 2459 -- deprecated in favor of 'mail' (in cosine.schema) +olcAttributeTypes: ( 1.2.840.113549.1.9.1 + NAME ( 'email' 'emailAddress' 'pkcs9email' ) + DESC 'RFC3280: legacy attribute for email addresses in DNs' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) +# diff --git a/debian/schema/core.schema b/debian/schema/core.schema new file mode 100644 index 0000000..dcc04e9 --- /dev/null +++ b/debian/schema/core.schema @@ -0,0 +1,622 @@ +# OpenLDAP Core schema +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2014 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. +# + +# The version of this file as distributed by the OpenLDAP Foundation +# contains text claiming copyright by the Internet Society and including +# the IETF RFC license, which does not meet Debian's Free Software +# Guidelines. However, apart from short and obvious comments, the text of +# this file is purely a functional interface specification, which is not +# subject to that license and is not copyrightable under US law. +# +# The license statement is retained below so as not to remove credit, but +# as best as we can determine, it is not applicable to the contents of +# this file. + +## Portions Copyright (C) The Internet Society (1997-2006). +## All Rights Reserved. +## +## This document and translations of it may be copied and furnished to +## others, and derivative works that comment on or otherwise explain it +## or assist in its implementation may be prepared, copied, published +## and distributed, in whole or in part, without restriction of any +## kind, provided that the above copyright notice and this paragraph are +## included on all such copies and derivative works. However, this +## document itself may not be modified in any way, such as by removing +## the copyright notice or references to the Internet Society or other +## Internet organizations, except as needed for the purpose of +## developing Internet standards in which case the procedures for +## copyrights defined in the Internet Standards process must be +## followed, or as required to translate it into languages other than +## English. +## +## The limited permissions granted above are perpetual and will not be +## revoked by the Internet Society or its successors or assigns. +## +## This document and the information contained herein is provided on an +## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING +## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING +## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION +## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF +## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + +# +# +# Includes LDAPv3 schema items from: +# RFC 2252/2256 (LDAPv3) +# +# Select standard track schema items: +# RFC 1274 (uid/dc) +# RFC 2079 (URI) +# RFC 2247 (dc/dcObject) +# RFC 2587 (PKI) +# RFC 2589 (Dynamic Directory Services) +# RFC 4524 (associatedDomain) +# +# Select informational schema items: +# RFC 2377 (uidObject) + +# +# Standard attribute types from RFC 2256 +# + +# system schema +#attributetype ( 2.5.4.0 NAME 'objectClass' +# DESC 'RFC2256: object classes of the entity' +# EQUALITY objectIdentifierMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) + +# system schema +#attributetype ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' ) +# DESC 'RFC2256: name of aliased object' +# EQUALITY distinguishedNameMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) + +attributetype ( 2.5.4.2 NAME 'knowledgeInformation' + DESC 'RFC2256: knowledge information' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) + +# system schema +#attributetype ( 2.5.4.3 NAME ( 'cn' 'commonName' ) +# DESC 'RFC2256: common name(s) for which the entity is known by' +# SUP name ) + +attributetype ( 2.5.4.4 NAME ( 'sn' 'surname' ) + DESC 'RFC2256: last (family) name(s) for which the entity is known by' + SUP name ) + +attributetype ( 2.5.4.5 NAME 'serialNumber' + DESC 'RFC2256: serial number of the entity' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} ) + +# RFC 4519 definition ('countryName' in X.500 and RFC2256) +attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' ) + DESC 'RFC4519: two-letter ISO-3166 country code' + SUP name + SYNTAX 1.3.6.1.4.1.1466.115.121.1.11 + SINGLE-VALUE ) + +#attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' ) +# DESC 'RFC2256: ISO-3166 country 2-letter code' +# SUP name SINGLE-VALUE ) + +attributetype ( 2.5.4.7 NAME ( 'l' 'localityName' ) + DESC 'RFC2256: locality which this object resides in' + SUP name ) + +attributetype ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' ) + DESC 'RFC2256: state or province which this object resides in' + SUP name ) + +attributetype ( 2.5.4.9 NAME ( 'street' 'streetAddress' ) + DESC 'RFC2256: street address of this object' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) + +attributetype ( 2.5.4.10 NAME ( 'o' 'organizationName' ) + DESC 'RFC2256: organization this object belongs to' + SUP name ) + +attributetype ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' ) + DESC 'RFC2256: organizational unit this object belongs to' + SUP name ) + +attributetype ( 2.5.4.12 NAME 'title' + DESC 'RFC2256: title associated with the entity' + SUP name ) + +# system schema +#attributetype ( 2.5.4.13 NAME 'description' +# DESC 'RFC2256: descriptive information' +# EQUALITY caseIgnoreMatch +# SUBSTR caseIgnoreSubstringsMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} ) + +# Deprecated by enhancedSearchGuide +attributetype ( 2.5.4.14 NAME 'searchGuide' + DESC 'RFC2256: search guide, deprecated by enhancedSearchGuide' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 ) + +attributetype ( 2.5.4.15 NAME 'businessCategory' + DESC 'RFC2256: business category' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) + +attributetype ( 2.5.4.16 NAME 'postalAddress' + DESC 'RFC2256: postal address' + EQUALITY caseIgnoreListMatch + SUBSTR caseIgnoreListSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) + +attributetype ( 2.5.4.17 NAME 'postalCode' + DESC 'RFC2256: postal code' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} ) + +attributetype ( 2.5.4.18 NAME 'postOfficeBox' + DESC 'RFC2256: Post Office Box' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} ) + +attributetype ( 2.5.4.19 NAME 'physicalDeliveryOfficeName' + DESC 'RFC2256: Physical Delivery Office Name' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) + +attributetype ( 2.5.4.20 NAME 'telephoneNumber' + DESC 'RFC2256: Telephone Number' + EQUALITY telephoneNumberMatch + SUBSTR telephoneNumberSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} ) + +attributetype ( 2.5.4.21 NAME 'telexNumber' + DESC 'RFC2256: Telex Number' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 ) + +attributetype ( 2.5.4.22 NAME 'teletexTerminalIdentifier' + DESC 'RFC2256: Teletex Terminal Identifier' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 ) + +attributetype ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' ) + DESC 'RFC2256: Facsimile (Fax) Telephone Number' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 ) + +attributetype ( 2.5.4.24 NAME 'x121Address' + DESC 'RFC2256: X.121 Address' + EQUALITY numericStringMatch + SUBSTR numericStringSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} ) + +attributetype ( 2.5.4.25 NAME 'internationaliSDNNumber' + DESC 'RFC2256: international ISDN number' + EQUALITY numericStringMatch + SUBSTR numericStringSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} ) + +attributetype ( 2.5.4.26 NAME 'registeredAddress' + DESC 'RFC2256: registered postal address' + SUP postalAddress + SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) + +attributetype ( 2.5.4.27 NAME 'destinationIndicator' + DESC 'RFC2256: destination indicator' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} ) + +attributetype ( 2.5.4.28 NAME 'preferredDeliveryMethod' + DESC 'RFC2256: preferred delivery method' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.14 + SINGLE-VALUE ) + +attributetype ( 2.5.4.29 NAME 'presentationAddress' + DESC 'RFC2256: presentation address' + EQUALITY presentationAddressMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.43 + SINGLE-VALUE ) + +attributetype ( 2.5.4.30 NAME 'supportedApplicationContext' + DESC 'RFC2256: supported application context' + EQUALITY objectIdentifierMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) + +attributetype ( 2.5.4.31 NAME 'member' + DESC 'RFC2256: member of a group' + SUP distinguishedName ) + +attributetype ( 2.5.4.32 NAME 'owner' + DESC 'RFC2256: owner (of the object)' + SUP distinguishedName ) + +attributetype ( 2.5.4.33 NAME 'roleOccupant' + DESC 'RFC2256: occupant of role' + SUP distinguishedName ) + +# system schema +#attributetype ( 2.5.4.34 NAME 'seeAlso' +# DESC 'RFC2256: DN of related object' +# SUP distinguishedName ) + +# system schema +#attributetype ( 2.5.4.35 NAME 'userPassword' +# DESC 'RFC2256/2307: password of user' +# EQUALITY octetStringMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} ) + +# Must be transferred using ;binary +# with certificateExactMatch rule (per X.509) +attributetype ( 2.5.4.36 NAME 'userCertificate' + DESC 'RFC2256: X.509 user certificate, use ;binary' + EQUALITY certificateExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 ) + +# Must be transferred using ;binary +# with certificateExactMatch rule (per X.509) +attributetype ( 2.5.4.37 NAME 'cACertificate' + DESC 'RFC2256: X.509 CA certificate, use ;binary' + EQUALITY certificateExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 ) + +# Must be transferred using ;binary +attributetype ( 2.5.4.38 NAME 'authorityRevocationList' + DESC 'RFC2256: X.509 authority revocation list, use ;binary' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) + +# Must be transferred using ;binary +attributetype ( 2.5.4.39 NAME 'certificateRevocationList' + DESC 'RFC2256: X.509 certificate revocation list, use ;binary' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) + +# Must be stored and requested in the binary form +attributetype ( 2.5.4.40 NAME 'crossCertificatePair' + DESC 'RFC2256: X.509 cross certificate pair, use ;binary' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 ) + +# system schema +#attributetype ( 2.5.4.41 NAME 'name' +# EQUALITY caseIgnoreMatch +# SUBSTR caseIgnoreSubstringsMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) + +attributetype ( 2.5.4.42 NAME ( 'givenName' 'gn' ) + DESC 'RFC2256: first name(s) for which the entity is known by' + SUP name ) + +attributetype ( 2.5.4.43 NAME 'initials' + DESC 'RFC2256: initials of some or all of names, but not the surname(s).' + SUP name ) + +attributetype ( 2.5.4.44 NAME 'generationQualifier' + DESC 'RFC2256: name qualifier indicating a generation' + SUP name ) + +attributetype ( 2.5.4.45 NAME 'x500UniqueIdentifier' + DESC 'RFC2256: X.500 unique identifier' + EQUALITY bitStringMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 ) + +attributetype ( 2.5.4.46 NAME 'dnQualifier' + DESC 'RFC2256: DN qualifier' + EQUALITY caseIgnoreMatch + ORDERING caseIgnoreOrderingMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 ) + +attributetype ( 2.5.4.47 NAME 'enhancedSearchGuide' + DESC 'RFC2256: enhanced search guide' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 ) + +attributetype ( 2.5.4.48 NAME 'protocolInformation' + DESC 'RFC2256: protocol information' + EQUALITY protocolInformationMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 ) + +# system schema +#attributetype ( 2.5.4.49 NAME 'distinguishedName' +# EQUALITY distinguishedNameMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) + +attributetype ( 2.5.4.50 NAME 'uniqueMember' + DESC 'RFC2256: unique member of a group' + EQUALITY uniqueMemberMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 ) + +attributetype ( 2.5.4.51 NAME 'houseIdentifier' + DESC 'RFC2256: house identifier' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) + +# Must be transferred using ;binary +attributetype ( 2.5.4.52 NAME 'supportedAlgorithms' + DESC 'RFC2256: supported algorithms' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 ) + +# Must be transferred using ;binary +attributetype ( 2.5.4.53 NAME 'deltaRevocationList' + DESC 'RFC2256: delta revocation list; use ;binary' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) + +attributetype ( 2.5.4.54 NAME 'dmdName' + DESC 'RFC2256: name of DMD' + SUP name ) + +attributetype ( 2.5.4.65 NAME 'pseudonym' + DESC 'X.520(4th): pseudonym for the object' + SUP name ) + +# Standard object classes from RFC2256 + +# system schema +#objectclass ( 2.5.6.0 NAME 'top' +# DESC 'RFC2256: top of the superclass chain' +# ABSTRACT +# MUST objectClass ) + +# system schema +#objectclass ( 2.5.6.1 NAME 'alias' +# DESC 'RFC2256: an alias' +# SUP top STRUCTURAL +# MUST aliasedObjectName ) + +objectclass ( 2.5.6.2 NAME 'country' + DESC 'RFC2256: a country' + SUP top STRUCTURAL + MUST c + MAY ( searchGuide $ description ) ) + +objectclass ( 2.5.6.3 NAME 'locality' + DESC 'RFC2256: a locality' + SUP top STRUCTURAL + MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) ) + +objectclass ( 2.5.6.4 NAME 'organization' + DESC 'RFC2256: an organization' + SUP top STRUCTURAL + MUST o + MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ + x121Address $ registeredAddress $ destinationIndicator $ + preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ + telephoneNumber $ internationaliSDNNumber $ + facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ + postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) ) + +objectclass ( 2.5.6.5 NAME 'organizationalUnit' + DESC 'RFC2256: an organizational unit' + SUP top STRUCTURAL + MUST ou + MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ + x121Address $ registeredAddress $ destinationIndicator $ + preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ + telephoneNumber $ internationaliSDNNumber $ + facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ + postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) ) + +objectclass ( 2.5.6.6 NAME 'person' + DESC 'RFC2256: a person' + SUP top STRUCTURAL + MUST ( sn $ cn ) + MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) ) + +objectclass ( 2.5.6.7 NAME 'organizationalPerson' + DESC 'RFC2256: an organizational person' + SUP person STRUCTURAL + MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $ + preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ + telephoneNumber $ internationaliSDNNumber $ + facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ + postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) ) + +objectclass ( 2.5.6.8 NAME 'organizationalRole' + DESC 'RFC2256: an organizational role' + SUP top STRUCTURAL + MUST cn + MAY ( x121Address $ registeredAddress $ destinationIndicator $ + preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ + telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ + seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $ + postOfficeBox $ postalCode $ postalAddress $ + physicalDeliveryOfficeName $ ou $ st $ l $ description ) ) + +objectclass ( 2.5.6.9 NAME 'groupOfNames' + DESC 'RFC2256: a group of names (DNs)' + SUP top STRUCTURAL + MUST ( member $ cn ) + MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) ) + +objectclass ( 2.5.6.10 NAME 'residentialPerson' + DESC 'RFC2256: an residential person' + SUP person STRUCTURAL + MUST l + MAY ( businessCategory $ x121Address $ registeredAddress $ + destinationIndicator $ preferredDeliveryMethod $ telexNumber $ + teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ + facsimileTelephoneNumber $ preferredDeliveryMethod $ street $ + postOfficeBox $ postalCode $ postalAddress $ + physicalDeliveryOfficeName $ st $ l ) ) + +objectclass ( 2.5.6.11 NAME 'applicationProcess' + DESC 'RFC2256: an application process' + SUP top STRUCTURAL + MUST cn + MAY ( seeAlso $ ou $ l $ description ) ) + +objectclass ( 2.5.6.12 NAME 'applicationEntity' + DESC 'RFC2256: an application entity' + SUP top STRUCTURAL + MUST ( presentationAddress $ cn ) + MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $ + description ) ) + +objectclass ( 2.5.6.13 NAME 'dSA' + DESC 'RFC2256: a directory system agent (a server)' + SUP applicationEntity STRUCTURAL + MAY knowledgeInformation ) + +objectclass ( 2.5.6.14 NAME 'device' + DESC 'RFC2256: a device' + SUP top STRUCTURAL + MUST cn + MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) ) + +objectclass ( 2.5.6.15 NAME 'strongAuthenticationUser' + DESC 'RFC2256: a strong authentication user' + SUP top AUXILIARY + MUST userCertificate ) + +objectclass ( 2.5.6.16 NAME 'certificationAuthority' + DESC 'RFC2256: a certificate authority' + SUP top AUXILIARY + MUST ( authorityRevocationList $ certificateRevocationList $ + cACertificate ) MAY crossCertificatePair ) + +objectclass ( 2.5.6.17 NAME 'groupOfUniqueNames' + DESC 'RFC2256: a group of unique names (DN and Unique Identifier)' + SUP top STRUCTURAL + MUST ( uniqueMember $ cn ) + MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) ) + +objectclass ( 2.5.6.18 NAME 'userSecurityInformation' + DESC 'RFC2256: a user security information' + SUP top AUXILIARY + MAY ( supportedAlgorithms ) ) + +objectclass ( 2.5.6.16.2 NAME 'certificationAuthority-V2' + SUP certificationAuthority + AUXILIARY MAY ( deltaRevocationList ) ) + +objectclass ( 2.5.6.19 NAME 'cRLDistributionPoint' + SUP top STRUCTURAL + MUST ( cn ) + MAY ( certificateRevocationList $ authorityRevocationList $ + deltaRevocationList ) ) + +objectclass ( 2.5.6.20 NAME 'dmd' + SUP top STRUCTURAL + MUST ( dmdName ) + MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ + x121Address $ registeredAddress $ destinationIndicator $ + preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ + telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ + street $ postOfficeBox $ postalCode $ postalAddress $ + physicalDeliveryOfficeName $ st $ l $ description ) ) + +# +# Object Classes from RFC 2587 +# +objectclass ( 2.5.6.21 NAME 'pkiUser' + DESC 'RFC2587: a PKI user' + SUP top AUXILIARY + MAY userCertificate ) + +objectclass ( 2.5.6.22 NAME 'pkiCA' + DESC 'RFC2587: PKI certificate authority' + SUP top AUXILIARY + MAY ( authorityRevocationList $ certificateRevocationList $ + cACertificate $ crossCertificatePair ) ) + +objectclass ( 2.5.6.23 NAME 'deltaCRL' + DESC 'RFC4523: X.509 delta CRL' + SUP top AUXILIARY + MAY deltaRevocationList ) + +# +# Standard Track URI label schema from RFC 2079 +# system schema +#attributetype ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI' +# DESC 'RFC2079: Uniform Resource Identifier with optional label' +# EQUALITY caseExactMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +objectclass ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject' + DESC 'RFC2079: object that contains the URI attribute type' + SUP top AUXILIARY + MAY ( labeledURI ) ) + +# +# Derived from RFC 1274, but with new "short names" +# +#attributetype ( 0.9.2342.19200300.100.1.1 +# NAME ( 'uid' 'userid' ) +# DESC 'RFC1274: user identifier' +# EQUALITY caseIgnoreMatch +# SUBSTR caseIgnoreSubstringsMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +attributetype ( 0.9.2342.19200300.100.1.3 + NAME ( 'mail' 'rfc822Mailbox' ) + DESC 'RFC1274: RFC822 Mailbox' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) + +objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject' + DESC 'RFC1274: simple security object' + SUP top AUXILIARY + MUST userPassword ) + +# RFC 1274 + RFC 2247 +attributetype ( 0.9.2342.19200300.100.1.25 + NAME ( 'dc' 'domainComponent' ) + DESC 'RFC1274/2247: domain component' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +# RFC 2247 +objectclass ( 1.3.6.1.4.1.1466.344 NAME 'dcObject' + DESC 'RFC2247: domain component object' + SUP top AUXILIARY MUST dc ) + +# RFC 2377 +objectclass ( 1.3.6.1.1.3.1 NAME 'uidObject' + DESC 'RFC2377: uid object' + SUP top AUXILIARY MUST uid ) + +# RFC 4524 +# The 'associatedDomain' attribute specifies DNS [RFC1034][RFC2181] +# host names [RFC1123] that are associated with an object. That is, +# values of this attribute should conform to the following ABNF: +# +# domain = root / label *( DOT label ) +# root = SPACE +# label = LETDIG [ *61( LETDIG / HYPHEN ) LETDIG ] +# LETDIG = %x30-39 / %x41-5A / %x61-7A ; "0" - "9" / "A"-"Z" / "a"-"z" +# SPACE = %x20 ; space (" ") +# HYPHEN = %x2D ; hyphen ("-") +# DOT = %x2E ; period (".") +attributetype ( 0.9.2342.19200300.100.1.37 + NAME 'associatedDomain' + DESC 'RFC1274: domain associated with object' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +# RFC 2459 -- deprecated in favor of 'mail' (in cosine.schema) +attributetype ( 1.2.840.113549.1.9.1 + NAME ( 'email' 'emailAddress' 'pkcs9email' ) + DESC 'RFC3280: legacy attribute for email addresses in DNs' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) + diff --git a/debian/schema/cosine.schema b/debian/schema/cosine.schema new file mode 100644 index 0000000..024d859 --- /dev/null +++ b/debian/schema/cosine.schema @@ -0,0 +1,404 @@ +# RFC1274: Cosine and Internet X.500 schema +# $OpenLDAP: pkg/ldap/servers/slapd/schema/cosine.schema,v 1.19.2.5 2007/01/02 21:44:09 kurt Exp $ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2007 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +# RFC1274: Cosine and Internet X.500 schema +# +# This file contains LDAPv3 schema derived from X.500 COSINE "pilot" +# schema. As this schema was defined for X.500(89), some +# oddities were introduced in the mapping to LDAPv3. The +# mappings were based upon: draft-ietf-asid-ldapv3-attributes-03.txt +# (a work in progress) +# +# Note: It seems that the pilot schema evolved beyond what was +# described in RFC1274. However, this document attempts to describes +# RFC1274 as published. +# +# Depends on core.schema + +# The version of this file as distributed by the OpenLDAP Foundation +# contains text from an IETF RFC explaining the schema. Unfortunately, +# that text is covered by a license that doesn't meet Debian's Free +# Software Guidelines. This is a stripped version of the schema that +# contains only the functional schema definition, not the text of the +# RFC. +# +# For an explanation of this schema, see RFC 1274, at (among other +# places): http://www.ietf.org/rfc/rfc1274.txt + +#(in core.schema) +##attributetype ( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' ) +## EQUALITY caseIgnoreMatch +## SUBSTR caseIgnoreSubstringsMatch +## SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +attributetype ( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +#(in core.schema) +##attributetype ( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822Mailbox' ) +## EQUALITY caseIgnoreIA5Match +## SUBSTR caseIgnoreIA5SubstringsMatch +## SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) + +attributetype ( 0.9.2342.19200300.100.1.4 NAME 'info' + DESC 'RFC1274: general information' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} ) + +attributetype ( 0.9.2342.19200300.100.1.5 + NAME ( 'drink' 'favouriteDrink' ) + DESC 'RFC1274: favorite drink' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +attributetype ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' + DESC 'RFC1274: room number' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +attributetype ( 0.9.2342.19200300.100.1.7 NAME 'photo' + DESC 'RFC1274: photo (G3 fax)' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000} ) + +attributetype ( 0.9.2342.19200300.100.1.8 NAME 'userClass' + DESC 'RFC1274: category of user' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +attributetype ( 0.9.2342.19200300.100.1.9 NAME 'host' + DESC 'RFC1274: host computer' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +attributetype ( 0.9.2342.19200300.100.1.10 NAME 'manager' + DESC 'RFC1274: DN of manager' + EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) + +attributetype ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier' + DESC 'RFC1274: unique identifier of document' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +attributetype ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle' + DESC 'RFC1274: title of document' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +attributetype ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion' + DESC 'RFC1274: version of document' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +attributetype ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor' + DESC 'RFC1274: DN of author of document' + EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) + +attributetype ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation' + DESC 'RFC1274: location of document original' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +attributetype ( 0.9.2342.19200300.100.1.20 + NAME ( 'homePhone' 'homeTelephoneNumber' ) + DESC 'RFC1274: home telephone number' + EQUALITY telephoneNumberMatch + SUBSTR telephoneNumberSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ) + +attributetype ( 0.9.2342.19200300.100.1.21 NAME 'secretary' + DESC 'RFC1274: DN of secretary' + EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) + +attributetype ( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.39 ) + +## Deprecated in favor of modifyTimeStamp +#attributetype ( 0.9.2342.19200300.100.1.23 NAME 'lastModifiedTime' +# DESC 'RFC1274: time of last modify, replaced by modifyTimestamp' +# OBSOLETE +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.53 +# USAGE directoryOperation ) + +## Deprecated in favor of modifiersName +#attributetype ( 0.9.2342.19200300.100.1.24 NAME 'lastModifiedBy' +# DESC 'RFC1274: last modifier, replaced by modifiersName' +# OBSOLETE +# EQUALITY distinguishedNameMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 +# USAGE directoryOperation ) + +##(in core.schema) +##attributetype ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domainComponent' ) +## EQUALITY caseIgnoreIA5Match +## SUBSTR caseIgnoreIA5SubstringsMatch +## SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +## incorrect syntax? +attributetype ( 0.9.2342.19200300.100.1.26 NAME 'aRecord' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +## missing from RFC1274 +## incorrect syntax? +attributetype ( 0.9.2342.19200300.100.1.27 NAME 'mDRecord' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +## incorrect syntax!! +attributetype ( 0.9.2342.19200300.100.1.28 NAME 'mXRecord' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +## incorrect syntax!! +attributetype ( 0.9.2342.19200300.100.1.29 NAME 'nSRecord' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +## incorrect syntax!! +attributetype ( 0.9.2342.19200300.100.1.30 NAME 'sOARecord' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +## incorrect syntax!! +attributetype ( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +#attributetype ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain' +# EQUALITY caseIgnoreIA5Match +# SUBSTR caseIgnoreIA5SubstringsMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 0.9.2342.19200300.100.1.38 NAME 'associatedName' + DESC 'RFC1274: DN of entry associated with domain' + EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) + +attributetype ( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress' + DESC 'RFC1274: home postal address' + EQUALITY caseIgnoreListMatch + SUBSTR caseIgnoreListSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) + +attributetype ( 0.9.2342.19200300.100.1.40 NAME 'personalTitle' + DESC 'RFC1274: personal title' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +attributetype ( 0.9.2342.19200300.100.1.41 + NAME ( 'mobile' 'mobileTelephoneNumber' ) + DESC 'RFC1274: mobile telephone number' + EQUALITY telephoneNumberMatch + SUBSTR telephoneNumberSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ) + +attributetype ( 0.9.2342.19200300.100.1.42 + NAME ( 'pager' 'pagerTelephoneNumber' ) + DESC 'RFC1274: pager telephone number' + EQUALITY telephoneNumberMatch + SUBSTR telephoneNumberSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ) + +attributetype ( 0.9.2342.19200300.100.1.43 + NAME ( 'co' 'friendlyCountryName' ) + DESC 'RFC1274: friendly country name' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier' + DESC 'RFC1274: unique identifer' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +attributetype ( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus' + DESC 'RFC1274: organizational status' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +attributetype ( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox' + DESC 'RFC1274: Janet mailbox' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) + +attributetype ( 0.9.2342.19200300.100.1.47 + NAME 'mailPreferenceOption' + DESC 'RFC1274: mail preference option' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) + +attributetype ( 0.9.2342.19200300.100.1.48 NAME 'buildingName' + DESC 'RFC1274: name of building' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +attributetype ( 0.9.2342.19200300.100.1.49 NAME 'dSAQuality' + DESC 'RFC1274: DSA Quality' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.19 SINGLE-VALUE ) + +attributetype ( 0.9.2342.19200300.100.1.50 NAME 'singleLevelQuality' + DESC 'RFC1274: Single Level Quality' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE ) + +attributetype ( 0.9.2342.19200300.100.1.51 NAME 'subtreeMinimumQuality' + DESC 'RFC1274: Subtree Minimum Quality' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE ) + +attributetype ( 0.9.2342.19200300.100.1.52 NAME 'subtreeMaximumQuality' + DESC 'RFC1274: Subtree Maximum Quality' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE ) + +attributetype ( 0.9.2342.19200300.100.1.53 NAME 'personalSignature' + DESC 'RFC1274: Personal Signature (G3 fax)' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.23 ) + +attributetype ( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect' + DESC 'RFC1274: DIT Redirect' + EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) + +attributetype ( 0.9.2342.19200300.100.1.55 NAME 'audio' + DESC 'RFC1274: audio (u-law)' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.4{25000} ) + +attributetype ( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher' + DESC 'RFC1274: publisher of document' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +#objectclass ( 0.9.2342.19200300.100.4.3 NAME 'pilotObject' +# DESC 'RFC1274: pilot object' +# SUP top AUXILIARY +# MAY ( info $ photo $ manager $ uniqueIdentifier $ +# lastModifiedTime $ lastModifiedBy $ dITRedirect $ audio ) +# ) + +objectclass ( 0.9.2342.19200300.100.4.4 + NAME ( 'pilotPerson' 'newPilotPerson' ) + SUP person STRUCTURAL + MAY ( userid $ textEncodedORAddress $ rfc822Mailbox $ + favouriteDrink $ roomNumber $ userClass $ + homeTelephoneNumber $ homePostalAddress $ secretary $ + personalTitle $ preferredDeliveryMethod $ businessCategory $ + janetMailbox $ otherMailbox $ mobileTelephoneNumber $ + pagerTelephoneNumber $ organizationalStatus $ + mailPreferenceOption $ personalSignature ) + ) + +objectclass ( 0.9.2342.19200300.100.4.5 NAME 'account' + SUP top STRUCTURAL + MUST userid + MAY ( description $ seeAlso $ localityName $ + organizationName $ organizationalUnitName $ host ) + ) + +objectclass ( 0.9.2342.19200300.100.4.6 NAME 'document' + SUP top STRUCTURAL + MUST documentIdentifier + MAY ( commonName $ description $ seeAlso $ localityName $ + organizationName $ organizationalUnitName $ + documentTitle $ documentVersion $ documentAuthor $ + documentLocation $ documentPublisher ) + ) + +objectclass ( 0.9.2342.19200300.100.4.7 NAME 'room' + SUP top STRUCTURAL + MUST commonName + MAY ( roomNumber $ description $ seeAlso $ telephoneNumber ) + ) + +objectclass ( 0.9.2342.19200300.100.4.9 NAME 'documentSeries' + SUP top STRUCTURAL + MUST commonName + MAY ( description $ seeAlso $ telephonenumber $ + localityName $ organizationName $ organizationalUnitName ) + ) + +objectclass ( 0.9.2342.19200300.100.4.13 NAME 'domain' + SUP top STRUCTURAL + MUST domainComponent + MAY ( associatedName $ organizationName $ description $ + businessCategory $ seeAlso $ searchGuide $ userPassword $ + localityName $ stateOrProvinceName $ streetAddress $ + physicalDeliveryOfficeName $ postalAddress $ postalCode $ + postOfficeBox $ streetAddress $ + facsimileTelephoneNumber $ internationalISDNNumber $ + telephoneNumber $ teletexTerminalIdentifier $ telexNumber $ + preferredDeliveryMethod $ destinationIndicator $ + registeredAddress $ x121Address ) + ) + +objectclass ( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart' + SUP domain STRUCTURAL + MAY ( commonName $ surname $ description $ seeAlso $ telephoneNumber $ + physicalDeliveryOfficeName $ postalAddress $ postalCode $ + postOfficeBox $ streetAddress $ + facsimileTelephoneNumber $ internationalISDNNumber $ + telephoneNumber $ teletexTerminalIdentifier $ + telexNumber $ preferredDeliveryMethod $ destinationIndicator $ + registeredAddress $ x121Address ) + ) + +objectclass ( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain' + SUP domain STRUCTURAL + MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $ + SOARecord $ CNAMERecord ) + ) + +objectclass ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject' + DESC 'RFC1274: an object related to an domain' + SUP top AUXILIARY + MUST associatedDomain ) + +objectclass ( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry' + SUP country STRUCTURAL + MUST friendlyCountryName ) + +## (in core.schema) +## objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject' +## SUP top AUXILIARY +## MUST userPassword ) + +objectclass ( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization' + SUP ( organization $ organizationalUnit ) STRUCTURAL + MAY buildingName ) + +objectclass ( 0.9.2342.19200300.100.4.21 NAME 'pilotDSA' + SUP dsa STRUCTURAL + MAY dSAQuality ) + +objectclass ( 0.9.2342.19200300.100.4.22 NAME 'qualityLabelledData' + SUP top AUXILIARY + MUST dsaQuality + MAY ( subtreeMinimumQuality $ subtreeMaximumQuality ) + ) diff --git a/debian/schema/duaconf.schema b/debian/schema/duaconf.schema new file mode 100644 index 0000000..8c1683f --- /dev/null +++ b/debian/schema/duaconf.schema @@ -0,0 +1,153 @@ +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2014 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +# DUA schema from draft-joslin-config-schema (a work in progress) + +# Contents of this file are subject to change (including deletion) +# without notice. +# +# Not recommended for production use! +# Use with extreme caution! + +## Notes: +## - The matching rule for attributes followReferrals and dereferenceAliases +## has been changed to booleanMatch since their syntax is boolean +## - There was a typo in the name of the dereferenceAliases attributeType +## in the DUAConfigProfile objectClass definition +## - Credit goes to the original Authors + +# The version of this file as distributed by the OpenLDAP Foundation +# contains text from an IETF Internet-Draft explaining the schema. +# Unfortunately, that text is covered by a license that doesn't meet +# Debian's Free Software Guidelines. This is a stripped version of the +# schema that contains only the functional schema definition, not the text +# of the Internet-Draft. +# +# For an explanation of this schema, see +# draft-joslin-config-schema-07.txt. + +objectidentifier DUAConfSchemaOID 1.3.6.1.4.1.11.1.3.1 + +attributeType ( DUAConfSchemaOID:1.0 NAME 'defaultServerList' + DESC 'Default LDAP server host address used by a DUA' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +attributeType ( DUAConfSchemaOID:1.1 NAME 'defaultSearchBase' + DESC 'Default LDAP base DN used by a DUA' + EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 + SINGLE-VALUE ) + +attributeType ( DUAConfSchemaOID:1.2 NAME 'preferredServerList' + DESC 'Preferred LDAP server host addresses to be used by a + DUA' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +attributeType ( DUAConfSchemaOID:1.3 NAME 'searchTimeLimit' + DESC 'Maximum time in seconds a DUA should allow for a + search to complete' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributeType ( DUAConfSchemaOID:1.4 NAME 'bindTimeLimit' + DESC 'Maximum time in seconds a DUA should allow for the + bind operation to complete' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributeType ( DUAConfSchemaOID:1.5 NAME 'followReferrals' + DESC 'Tells DUA if it should follow referrals + returned by a DSA search result' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributeType ( DUAConfSchemaOID:1.16 NAME 'dereferenceAliases' + DESC 'Tells DUA if it should dereference aliases' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributeType ( DUAConfSchemaOID:1.6 NAME 'authenticationMethod' + DESC 'A keystring which identifies the type of + authentication method used to contact the DSA' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +attributeType ( DUAConfSchemaOID:1.7 NAME 'profileTTL' + DESC 'Time to live, in seconds, before a client DUA + should re-read this configuration profile' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributeType ( DUAConfSchemaOID:1.14 NAME 'serviceSearchDescriptor' + DESC 'LDAP search descriptor list used by a DUA' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributeType ( DUAConfSchemaOID:1.9 NAME 'attributeMap' + DESC 'Attribute mappings used by a DUA' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributeType ( DUAConfSchemaOID:1.10 NAME 'credentialLevel' + DESC 'Identifies type of credentials a DUA should + use when binding to the LDAP server' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE ) + +attributeType ( DUAConfSchemaOID:1.11 NAME 'objectclassMap' + DESC 'Objectclass mappings used by a DUA' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributeType ( DUAConfSchemaOID:1.12 NAME 'defaultSearchScope' + DESC 'Default search scope used by a DUA' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE ) + +attributeType ( DUAConfSchemaOID:1.13 NAME 'serviceCredentialLevel' + DESC 'Identifies type of credentials a DUA + should use when binding to the LDAP server for a + specific service' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributeType ( DUAConfSchemaOID:1.15 NAME 'serviceAuthenticationMethod' + DESC 'Authentication method used by a service of the DUA' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +objectClass ( DUAConfSchemaOID:2.5 NAME 'DUAConfigProfile' + SUP top STRUCTURAL + DESC 'Abstraction of a base configuration for a DUA' + MUST ( cn ) + MAY ( defaultServerList $ preferredServerList $ + defaultSearchBase $ defaultSearchScope $ + searchTimeLimit $ bindTimeLimit $ + credentialLevel $ authenticationMethod $ + followReferrals $ dereferenceAliases $ + serviceSearchDescriptor $ serviceCredentialLevel $ + serviceAuthenticationMethod $ objectclassMap $ + attributeMap $ profileTTL ) ) diff --git a/debian/schema/inetorgperson.schema b/debian/schema/inetorgperson.schema new file mode 100644 index 0000000..34c3bf8 --- /dev/null +++ b/debian/schema/inetorgperson.schema @@ -0,0 +1,113 @@ +# inetorgperson.schema -- InetOrgPerson (RFC2798) +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2014 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. +# +# InetOrgPerson (RFC2798) +# +# Depends upon +# Definition of an X.500 Attribute Type and an Object Class to Hold +# Uniform Resource Identifiers (URIs) [RFC2079] +# (core.schema) +# +# A Summary of the X.500(96) User Schema for use with LDAPv3 [RFC2256] +# (core.schema) +# +# The COSINE and Internet X.500 Schema [RFC1274] (cosine.schema) + +# The version of this file as distributed by the OpenLDAP Foundation +# contains text from an IETF RFC explaining the schema. Unfortunately, +# that text is covered by a license that doesn't meet Debian's Free +# Software Guidelines. This is a stripped version of the schema that +# contains only the functional schema definition, not the text of the +# RFC. +# +# For an explanation of this schema, see RFC 2798, at (among other +# places): http://www.ietf.org/rfc/rfc2798.txt + +attributetype ( 2.16.840.1.113730.3.1.1 + NAME 'carLicense' + DESC 'RFC2798: vehicle license or registration plate' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 2.16.840.1.113730.3.1.2 + NAME 'departmentNumber' + DESC 'RFC2798: identifies a department within an organization' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 2.16.840.1.113730.3.1.241 + NAME 'displayName' + DESC 'RFC2798: preferred name to be used when displaying entries' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +attributetype ( 2.16.840.1.113730.3.1.3 + NAME 'employeeNumber' + DESC 'RFC2798: numerically identifies an employee within an organization' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +attributetype ( 2.16.840.1.113730.3.1.4 + NAME 'employeeType' + DESC 'RFC2798: type of employment for a person' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 0.9.2342.19200300.100.1.60 + NAME 'jpegPhoto' + DESC 'RFC2798: a JPEG image' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 ) + +attributetype ( 2.16.840.1.113730.3.1.39 + NAME 'preferredLanguage' + DESC 'RFC2798: preferred written or spoken language for a person' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +## OpenLDAP note: ";binary" transfer should NOT be used as syntax is binary +attributetype ( 2.16.840.1.113730.3.1.40 + NAME 'userSMIMECertificate' + DESC 'RFC2798: PKCS#7 SignedData used to support S/MIME' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ) + +## OpenLDAP note: ";binary" transfer should NOT be used as syntax is binary +attributetype ( 2.16.840.1.113730.3.1.216 + NAME 'userPKCS12' + DESC 'RFC2798: personal identity information, a PKCS #12 PFX' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ) + +objectclass ( 2.16.840.1.113730.3.2.2 + NAME 'inetOrgPerson' + DESC 'RFC2798: Internet Organizational Person' + SUP organizationalPerson + STRUCTURAL + MAY ( + audio $ businessCategory $ carLicense $ departmentNumber $ + displayName $ employeeNumber $ employeeType $ givenName $ + homePhone $ homePostalAddress $ initials $ jpegPhoto $ + labeledURI $ mail $ manager $ mobile $ o $ pager $ + photo $ roomNumber $ secretary $ uid $ userCertificate $ + x500uniqueIdentifier $ preferredLanguage $ + userSMIMECertificate $ userPKCS12 ) + ) diff --git a/debian/schema/java.schema b/debian/schema/java.schema new file mode 100644 index 0000000..24c1f1b --- /dev/null +++ b/debian/schema/java.schema @@ -0,0 +1,109 @@ +# java.schema -- Java Object Schema +# $OpenLDAP: pkg/ldap/servers/slapd/schema/java.schema,v 1.5.2.3 2007/01/02 21:44:09 kurt Exp $ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2007 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. +# +# Java Object Schema (defined in RFC 2713) +# depends upon core.schema +# + +# The version of this file as distributed by the OpenLDAP Foundation +# contains text from an IETF RFC explaining the schema. Unfortunately, +# that text is covered by a license that doesn't meet Debian's Free +# Software Guidelines. This is a stripped version of the schema that +# contains only the functional schema definition, not the text of the +# RFC. +# +# For an explanation of this schema, see RFC 2713, at (among other +# places): http://www.ietf.org/rfc/rfc2713.txt + +attributetype ( 1.3.6.1.4.1.42.2.27.4.1.6 + NAME 'javaClassName' + DESC 'Fully qualified name of distinguished Java class or interface' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.42.2.27.4.1.7 + NAME 'javaCodebase' + DESC 'URL(s) specifying the location of class definition' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.42.2.27.4.1.13 + NAME 'javaClassNames' + DESC 'Fully qualified Java class or interface name' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.42.2.27.4.1.8 + NAME 'javaSerializedData' + DESC 'Serialized form of a Java object' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.42.2.27.4.1.10 + NAME 'javaFactory' + DESC 'Fully qualified Java class name of a JNDI object factory' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.42.2.27.4.1.11 + NAME 'javaReferenceAddress' + DESC 'Addresses associated with a JNDI Reference' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.42.2.27.4.1.12 + NAME 'javaDoc' + DESC 'The Java documentation for the class' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +objectclass ( 1.3.6.1.4.1.42.2.27.4.2.1 + NAME 'javaContainer' + DESC 'Container for a Java object' + SUP top + STRUCTURAL + MUST cn ) + +objectclass ( 1.3.6.1.4.1.42.2.27.4.2.4 + NAME 'javaObject' + DESC 'Java object representation' + SUP top + ABSTRACT + MUST javaClassName + MAY ( javaClassNames $ javaCodebase $ + javaDoc $ description ) ) + +objectclass ( 1.3.6.1.4.1.42.2.27.4.2.5 + NAME 'javaSerializedObject' + DESC 'Java serialized object' + SUP javaObject + AUXILIARY + MUST javaSerializedData ) + +objectclass ( 1.3.6.1.4.1.42.2.27.4.2.8 + NAME 'javaMarshalledObject' + DESC 'Java marshalled object' + SUP javaObject + AUXILIARY + MUST javaSerializedData ) + +objectclass ( 1.3.6.1.4.1.42.2.27.4.2.7 + NAME 'javaNamingReference' + DESC 'JNDI reference' + SUP javaObject + AUXILIARY + MAY ( javaReferenceAddress $ javaFactory ) ) diff --git a/debian/schema/namedobject.schema b/debian/schema/namedobject.schema new file mode 100644 index 0000000..d5b5d48 --- /dev/null +++ b/debian/schema/namedobject.schema @@ -0,0 +1,42 @@ +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 2021 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +# The version of this file as distributed by the OpenLDAP Foundation +# contains text from an IETF Internet-Draft explaining the schema. +# Unfortunately, that text is covered by a license that doesn't meet +# Debian's Free Software Guidelines. This is a stripped version of the +# schema that contains only the functional schema definition, not the +# text of the Internet-Draft. + +## +## Definitions from draft Structural Object Classes for Named Objects +## https://tools.ietf.org/html/draft-stroeder-namedobject +## +## Portions Copyright (c) 2013 IETF Trust and the persons identified +## as the document authors. All rights reserved. +# +# Depends upon core.schema and cosine.schema + +objectclass ( 1.3.6.1.4.1.5427.1.389.6.20 + NAME 'namedObject' + SUP top + STRUCTURAL + MUST ( cn ) + MAY ( uniqueIdentifier $ description ) ) + +objectclass ( 1.3.6.1.4.1.5427.1.389.6.21 + NAME 'namedPolicy' + SUP namedObject + STRUCTURAL ) + diff --git a/debian/schema/pmi.schema b/debian/schema/pmi.schema new file mode 100644 index 0000000..6b0fe73 --- /dev/null +++ b/debian/schema/pmi.schema @@ -0,0 +1,476 @@ +# OpenLDAP X.509 PMI schema +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2014 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. +# + +# The version of this file as distributed by the OpenLDAP Foundation +# contains text claiming copyright by the Internet Society and including +# the IETF RFC license, which does not meet Debian's Free Software +# Guidelines. However, apart from short and obvious comments, the text of +# this file is purely a functional interface specification, which is not +# subject to that license and is not copyrightable under US law. +# +# The license statement is retained below so as not to remove credit, but +# as best as we can determine, it is not applicable to the contents of +# this file. + +## Portions Copyright (C) The Internet Society (1997-2006). +## All Rights Reserved. +## +## This document and translations of it may be copied and furnished to +## others, and derivative works that comment on or otherwise explain it +## or assist in its implementation may be prepared, copied, published +## and distributed, in whole or in part, without restriction of any +## kind, provided that the above copyright notice and this paragraph are +## included on all such copies and derivative works. However, this +## document itself may not be modified in any way, such as by removing +## the copyright notice or references to the Internet Society or other +## Internet organizations, except as needed for the purpose of +## developing Internet standards in which case the procedures for +## copyrights defined in the Internet Standards process must be +## followed, or as required to translate it into languages other than +## English. +## +## The limited permissions granted above are perpetual and will not be +## revoked by the Internet Society or its successors or assigns. +## +## This document and the information contained herein is provided on an +## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING +## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING +## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION +## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF +## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + +# +# +# Includes LDAPv3 schema items from: +# ITU X.509 (08/2005) +# +## X.509 (08/2005) pp. 120-121 +## +## -- object identifier assignments -- +## -- object classes -- +## id-oc-pmiUser OBJECT IDENTIFIER ::= {id-oc 24} +## id-oc-pmiAA OBJECT IDENTIFIER ::= {id-oc 25} +## id-oc-pmiSOA OBJECT IDENTIFIER ::= {id-oc 26} +## id-oc-attCertCRLDistributionPts OBJECT IDENTIFIER ::= {id-oc 27} +## id-oc-privilegePolicy OBJECT IDENTIFIER ::= {id-oc 32} +## id-oc-pmiDelegationPath OBJECT IDENTIFIER ::= {id-oc 33} +## id-oc-protectedPrivilegePolicy OBJECT IDENTIFIER ::= {id-oc 34} +## -- directory attributes -- +## id-at-attributeCertificate OBJECT IDENTIFIER ::= {id-at 58} +## id-at-attributeCertificateRevocationList OBJECT IDENTIFIER ::= {id-at 59} +## id-at-aACertificate OBJECT IDENTIFIER ::= {id-at 61} +## id-at-attributeDescriptorCertificate OBJECT IDENTIFIER ::= {id-at 62} +## id-at-attributeAuthorityRevocationList OBJECT IDENTIFIER ::= {id-at 63} +## id-at-privPolicy OBJECT IDENTIFIER ::= {id-at 71} +## id-at-role OBJECT IDENTIFIER ::= {id-at 72} +## id-at-delegationPath OBJECT IDENTIFIER ::= {id-at 73} +## id-at-protPrivPolicy OBJECT IDENTIFIER ::= {id-at 74} +## id-at-xMLPrivilegeInfo OBJECT IDENTIFIER ::= {id-at 75} +## id-at-xMLPprotPrivPolicy OBJECT IDENTIFIER ::= {id-at 76} +## -- attribute certificate extensions -- +## id-ce-authorityAttributeIdentifier OBJECT IDENTIFIER ::= {id-ce 38} +## id-ce-roleSpecCertIdentifier OBJECT IDENTIFIER ::= {id-ce 39} +## id-ce-basicAttConstraints OBJECT IDENTIFIER ::= {id-ce 41} +## id-ce-delegatedNameConstraints OBJECT IDENTIFIER ::= {id-ce 42} +## id-ce-timeSpecification OBJECT IDENTIFIER ::= {id-ce 43} +## id-ce-attributeDescriptor OBJECT IDENTIFIER ::= {id-ce 48} +## id-ce-userNotice OBJECT IDENTIFIER ::= {id-ce 49} +## id-ce-sOAIdentifier OBJECT IDENTIFIER ::= {id-ce 50} +## id-ce-acceptableCertPolicies OBJECT IDENTIFIER ::= {id-ce 52} +## id-ce-targetInformation OBJECT IDENTIFIER ::= {id-ce 55} +## id-ce-noRevAvail OBJECT IDENTIFIER ::= {id-ce 56} +## id-ce-acceptablePrivilegePolicies OBJECT IDENTIFIER ::= {id-ce 57} +## id-ce-indirectIssuer OBJECT IDENTIFIER ::= {id-ce 61} +## id-ce-noAssertion OBJECT IDENTIFIER ::= {id-ce 62} +## id-ce-issuedOnBehalfOf OBJECT IDENTIFIER ::= {id-ce 64} +## -- PMI matching rules -- +## id-mr-attributeCertificateMatch OBJECT IDENTIFIER ::= {id-mr 42} +## id-mr-attributeCertificateExactMatch OBJECT IDENTIFIER ::= {id-mr 45} +## id-mr-holderIssuerMatch OBJECT IDENTIFIER ::= {id-mr 46} +## id-mr-authAttIdMatch OBJECT IDENTIFIER ::= {id-mr 53} +## id-mr-roleSpecCertIdMatch OBJECT IDENTIFIER ::= {id-mr 54} +## id-mr-basicAttConstraintsMatch OBJECT IDENTIFIER ::= {id-mr 55} +## id-mr-delegatedNameConstraintsMatch OBJECT IDENTIFIER ::= {id-mr 56} +## id-mr-timeSpecMatch OBJECT IDENTIFIER ::= {id-mr 57} +## id-mr-attDescriptorMatch OBJECT IDENTIFIER ::= {id-mr 58} +## id-mr-acceptableCertPoliciesMatch OBJECT IDENTIFIER ::= {id-mr 59} +## id-mr-delegationPathMatch OBJECT IDENTIFIER ::= {id-mr 61} +## id-mr-sOAIdentifierMatch OBJECT IDENTIFIER ::= {id-mr 66} +## id-mr-indirectIssuerMatch OBJECT IDENTIFIER ::= {id-mr 67} +## +## +## X.509 (08/2005) pp. 71, 86-89 +## +## 14.4.1 Role attribute +## role ATTRIBUTE ::= { +## WITH SYNTAX RoleSyntax +## ID id-at-role } +## RoleSyntax ::= SEQUENCE { +## roleAuthority [0] GeneralNames OPTIONAL, +## roleName [1] GeneralName } +## +## 14.5 XML privilege information attribute +## xmlPrivilegeInfo ATTRIBUTE ::= { +## WITH SYNTAX UTF8String -- contains XML-encoded privilege information +## ID id-at-xMLPrivilegeInfo } +## +## 17.1 PMI directory object classes +## +## 17.1.1 PMI user object class +## pmiUser OBJECT-CLASS ::= { +## -- a PMI user (i.e., a "holder") +## SUBCLASS OF {top} +## KIND auxiliary +## MAY CONTAIN {attributeCertificateAttribute} +## ID id-oc-pmiUser } +## +## 17.1.2 PMI AA object class +## pmiAA OBJECT-CLASS ::= { +## -- a PMI AA +## SUBCLASS OF {top} +## KIND auxiliary +## MAY CONTAIN {aACertificate | +## attributeCertificateRevocationList | +## attributeAuthorityRevocationList} +## ID id-oc-pmiAA } +## +## 17.1.3 PMI SOA object class +## pmiSOA OBJECT-CLASS ::= { -- a PMI Source of Authority +## SUBCLASS OF {top} +## KIND auxiliary +## MAY CONTAIN {attributeCertificateRevocationList | +## attributeAuthorityRevocationList | +## attributeDescriptorCertificate} +## ID id-oc-pmiSOA } +## +## 17.1.4 Attribute certificate CRL distribution point object class +## attCertCRLDistributionPt OBJECT-CLASS ::= { +## SUBCLASS OF {top} +## KIND auxiliary +## MAY CONTAIN { attributeCertificateRevocationList | +## attributeAuthorityRevocationList } +## ID id-oc-attCertCRLDistributionPts } +## +## 17.1.5 PMI delegation path +## pmiDelegationPath OBJECT-CLASS ::= { +## SUBCLASS OF {top} +## KIND auxiliary +## MAY CONTAIN { delegationPath } +## ID id-oc-pmiDelegationPath } +## +## 17.1.6 Privilege policy object class +## privilegePolicy OBJECT-CLASS ::= { +## SUBCLASS OF {top} +## KIND auxiliary +## MAY CONTAIN {privPolicy } +## ID id-oc-privilegePolicy } +## +## 17.1.7 Protected privilege policy object class +## protectedPrivilegePolicy OBJECT-CLASS ::= { +## SUBCLASS OF {top} +## KIND auxiliary +## MAY CONTAIN {protPrivPolicy } +## ID id-oc-protectedPrivilegePolicy } +## +## 17.2 PMI Directory attributes +## +## 17.2.1 Attribute certificate attribute +## attributeCertificateAttribute ATTRIBUTE ::= { +## WITH SYNTAX AttributeCertificate +## EQUALITY MATCHING RULE attributeCertificateExactMatch +## ID id-at-attributeCertificate } +## +## 17.2.2 AA certificate attribute +## aACertificate ATTRIBUTE ::= { +## WITH SYNTAX AttributeCertificate +## EQUALITY MATCHING RULE attributeCertificateExactMatch +## ID id-at-aACertificate } +## +## 17.2.3 Attribute descriptor certificate attribute +## attributeDescriptorCertificate ATTRIBUTE ::= { +## WITH SYNTAX AttributeCertificate +## EQUALITY MATCHING RULE attributeCertificateExactMatch +## ID id-at-attributeDescriptorCertificate } +## +## 17.2.4 Attribute certificate revocation list attribute +## attributeCertificateRevocationList ATTRIBUTE ::= { +## WITH SYNTAX CertificateList +## EQUALITY MATCHING RULE certificateListExactMatch +## ID id-at-attributeCertificateRevocationList} +## +## 17.2.5 AA certificate revocation list attribute +## attributeAuthorityRevocationList ATTRIBUTE ::= { +## WITH SYNTAX CertificateList +## EQUALITY MATCHING RULE certificateListExactMatch +## ID id-at-attributeAuthorityRevocationList } +## +## 17.2.6 Delegation path attribute +## delegationPath ATTRIBUTE ::= { +## WITH SYNTAX AttCertPath +## ID id-at-delegationPath } +## AttCertPath ::= SEQUENCE OF AttributeCertificate +## +## 17.2.7 Privilege policy attribute +## privPolicy ATTRIBUTE ::= { +## WITH SYNTAX PolicySyntax +## ID id-at-privPolicy } +## +## 17.2.8 Protected privilege policy attribute +## protPrivPolicy ATTRIBUTE ::= { +## WITH SYNTAX AttributeCertificate +## EQUALITY MATCHING RULE attributeCertificateExactMatch +## ID id-at-protPrivPolicy } +## +## 17.2.9 XML Protected privilege policy attribute +## xmlPrivPolicy ATTRIBUTE ::= { +## WITH SYNTAX UTF8String -- contains XML-encoded privilege policy information +## ID id-at-xMLPprotPrivPolicy } +## + +## -- object identifier assignments -- +## -- object classes -- +objectidentifier id-oc-pmiUser 2.5.6.24 +objectidentifier id-oc-pmiAA 2.5.6.25 +objectidentifier id-oc-pmiSOA 2.5.6.26 +objectidentifier id-oc-attCertCRLDistributionPts 2.5.6.27 +objectidentifier id-oc-privilegePolicy 2.5.6.32 +objectidentifier id-oc-pmiDelegationPath 2.5.6.33 +objectidentifier id-oc-protectedPrivilegePolicy 2.5.6.34 +## -- directory attributes -- +objectidentifier id-at-attributeCertificate 2.5.4.58 +objectidentifier id-at-attributeCertificateRevocationList 2.5.4.59 +objectidentifier id-at-aACertificate 2.5.4.61 +objectidentifier id-at-attributeDescriptorCertificate 2.5.4.62 +objectidentifier id-at-attributeAuthorityRevocationList 2.5.4.63 +objectidentifier id-at-privPolicy 2.5.4.71 +objectidentifier id-at-role 2.5.4.72 +objectidentifier id-at-delegationPath 2.5.4.73 +objectidentifier id-at-protPrivPolicy 2.5.4.74 +objectidentifier id-at-xMLPrivilegeInfo 2.5.4.75 +objectidentifier id-at-xMLPprotPrivPolicy 2.5.4.76 +## -- attribute certificate extensions -- +## id-ce-authorityAttributeIdentifier OBJECT IDENTIFIER ::= {id-ce 38} +## id-ce-roleSpecCertIdentifier OBJECT IDENTIFIER ::= {id-ce 39} +## id-ce-basicAttConstraints OBJECT IDENTIFIER ::= {id-ce 41} +## id-ce-delegatedNameConstraints OBJECT IDENTIFIER ::= {id-ce 42} +## id-ce-timeSpecification OBJECT IDENTIFIER ::= {id-ce 43} +## id-ce-attributeDescriptor OBJECT IDENTIFIER ::= {id-ce 48} +## id-ce-userNotice OBJECT IDENTIFIER ::= {id-ce 49} +## id-ce-sOAIdentifier OBJECT IDENTIFIER ::= {id-ce 50} +## id-ce-acceptableCertPolicies OBJECT IDENTIFIER ::= {id-ce 52} +## id-ce-targetInformation OBJECT IDENTIFIER ::= {id-ce 55} +## id-ce-noRevAvail OBJECT IDENTIFIER ::= {id-ce 56} +## id-ce-acceptablePrivilegePolicies OBJECT IDENTIFIER ::= {id-ce 57} +## id-ce-indirectIssuer OBJECT IDENTIFIER ::= {id-ce 61} +## id-ce-noAssertion OBJECT IDENTIFIER ::= {id-ce 62} +## id-ce-issuedOnBehalfOf OBJECT IDENTIFIER ::= {id-ce 64} +## -- PMI matching rules -- +objectidentifier id-mr 2.5.13 +objectidentifier id-mr-attributeCertificateMatch id-mr:42 +objectidentifier id-mr-attributeCertificateExactMatch id-mr:45 +objectidentifier id-mr-holderIssuerMatch id-mr:46 +objectidentifier id-mr-authAttIdMatch id-mr:53 +objectidentifier id-mr-roleSpecCertIdMatch id-mr:54 +objectidentifier id-mr-basicAttConstraintsMatch id-mr:55 +objectidentifier id-mr-delegatedNameConstraintsMatch id-mr:56 +objectidentifier id-mr-timeSpecMatch id-mr:57 +objectidentifier id-mr-attDescriptorMatch id-mr:58 +objectidentifier id-mr-acceptableCertPoliciesMatch id-mr:59 +objectidentifier id-mr-delegationPathMatch id-mr:61 +objectidentifier id-mr-sOAIdentifierMatch id-mr:66 +objectidentifier id-mr-indirectIssuerMatch id-mr:67 +## -- syntaxes -- +## NOTE: 1.3.6.1.4.1.4203.666.11.10 is the oid arc assigned by OpenLDAP +## to this work in progress +objectidentifier AttributeCertificate 1.3.6.1.4.1.4203.666.11.10.2.1 +objectidentifier CertificateList 1.3.6.1.4.1.1466.115.121.1.9 +objectidentifier AttCertPath 1.3.6.1.4.1.4203.666.11.10.2.4 +objectidentifier PolicySyntax 1.3.6.1.4.1.4203.666.11.10.2.5 +objectidentifier RoleSyntax 1.3.6.1.4.1.4203.666.11.10.2.6 +# NOTE: OIDs from <draft-ietf-pkix-ldap-schema-02.txt> (expired) +#objectidentifier AttributeCertificate 1.2.826.0.1.3344810.7.5 +#objectidentifier AttCertPath 1.2.826.0.1.3344810.7.10 +#objectidentifier PolicySyntax 1.2.826.0.1.3344810.7.17 +#objectidentifier RoleSyntax 1.2.826.0.1.3344810.7.13 +## +## Substitute syntaxes +## +## AttCertPath +ldapsyntax ( 1.3.6.1.4.1.4203.666.11.10.2.4 + NAME 'AttCertPath' + DESC 'X.509 PMI attribute certificate path: SEQUENCE OF AttributeCertificate' + X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' ) +## +## PolicySyntax +ldapsyntax ( 1.3.6.1.4.1.4203.666.11.10.2.5 + NAME 'PolicySyntax' + DESC 'X.509 PMI policy syntax' + X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' ) +## +## RoleSyntax +ldapsyntax ( 1.3.6.1.4.1.4203.666.11.10.2.6 + NAME 'RoleSyntax' + DESC 'X.509 PMI role syntax' + X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' ) +## +## X.509 (08/2005) pp. 71, 86-89 +## +## 14.4.1 Role attribute +attributeType ( id-at-role + NAME 'role' + DESC 'X.509 Role attribute, use ;binary' + SYNTAX RoleSyntax ) +## +## 14.5 XML privilege information attribute +## -- contains XML-encoded privilege information +attributeType ( id-at-xMLPrivilegeInfo + NAME 'xmlPrivilegeInfo' + DESC 'X.509 XML privilege information attribute' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +## +## 17.2 PMI Directory attributes +## +## 17.2.1 Attribute certificate attribute +attributeType ( id-at-attributeCertificate + NAME 'attributeCertificateAttribute' + DESC 'X.509 Attribute certificate attribute, use ;binary' + SYNTAX AttributeCertificate + EQUALITY attributeCertificateExactMatch ) +## +## 17.2.2 AA certificate attribute +attributeType ( id-at-aACertificate + NAME 'aACertificate' + DESC 'X.509 AA certificate attribute, use ;binary' + SYNTAX AttributeCertificate + EQUALITY attributeCertificateExactMatch ) +## +## 17.2.3 Attribute descriptor certificate attribute +attributeType ( id-at-attributeDescriptorCertificate + NAME 'attributeDescriptorCertificate' + DESC 'X.509 Attribute descriptor certificate attribute, use ;binary' + SYNTAX AttributeCertificate + EQUALITY attributeCertificateExactMatch ) +## +## 17.2.4 Attribute certificate revocation list attribute +attributeType ( id-at-attributeCertificateRevocationList + NAME 'attributeCertificateRevocationList' + DESC 'X.509 Attribute certificate revocation list attribute, use ;binary' + SYNTAX CertificateList + X-EQUALITY 'certificateListExactMatch, not implemented yet' ) +## +## 17.2.5 AA certificate revocation list attribute +attributeType ( id-at-attributeAuthorityRevocationList + NAME 'attributeAuthorityRevocationList' + DESC 'X.509 AA certificate revocation list attribute, use ;binary' + SYNTAX CertificateList + X-EQUALITY 'certificateListExactMatch, not implemented yet' ) +## +## 17.2.6 Delegation path attribute +attributeType ( id-at-delegationPath + NAME 'delegationPath' + DESC 'X.509 Delegation path attribute, use ;binary' + SYNTAX AttCertPath ) +## AttCertPath ::= SEQUENCE OF AttributeCertificate +## +## 17.2.7 Privilege policy attribute +attributeType ( id-at-privPolicy + NAME 'privPolicy' + DESC 'X.509 Privilege policy attribute, use ;binary' + SYNTAX PolicySyntax ) +## +## 17.2.8 Protected privilege policy attribute +attributeType ( id-at-protPrivPolicy + NAME 'protPrivPolicy' + DESC 'X.509 Protected privilege policy attribute, use ;binary' + SYNTAX AttributeCertificate + EQUALITY attributeCertificateExactMatch ) +## +## 17.2.9 XML Protected privilege policy attribute +## -- contains XML-encoded privilege policy information +attributeType ( id-at-xMLPprotPrivPolicy + NAME 'xmlPrivPolicy' + DESC 'X.509 XML Protected privilege policy attribute' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +## +## 17.1 PMI directory object classes +## +## 17.1.1 PMI user object class +## -- a PMI user (i.e., a "holder") +objectClass ( id-oc-pmiUser + NAME 'pmiUser' + DESC 'X.509 PMI user object class' + SUP top + AUXILIARY + MAY ( attributeCertificateAttribute ) ) +## +## 17.1.2 PMI AA object class +## -- a PMI AA +objectClass ( id-oc-pmiAA + NAME 'pmiAA' + DESC 'X.509 PMI AA object class' + SUP top + AUXILIARY + MAY ( aACertificate $ + attributeCertificateRevocationList $ + attributeAuthorityRevocationList + ) ) +## +## 17.1.3 PMI SOA object class +## -- a PMI Source of Authority +objectClass ( id-oc-pmiSOA + NAME 'pmiSOA' + DESC 'X.509 PMI SOA object class' + SUP top + AUXILIARY + MAY ( attributeCertificateRevocationList $ + attributeAuthorityRevocationList $ + attributeDescriptorCertificate + ) ) +## +## 17.1.4 Attribute certificate CRL distribution point object class +objectClass ( id-oc-attCertCRLDistributionPts + NAME 'attCertCRLDistributionPt' + DESC 'X.509 Attribute certificate CRL distribution point object class' + SUP top + AUXILIARY + MAY ( attributeCertificateRevocationList $ + attributeAuthorityRevocationList + ) ) +## +## 17.1.5 PMI delegation path +objectClass ( id-oc-pmiDelegationPath + NAME 'pmiDelegationPath' + DESC 'X.509 PMI delegation path' + SUP top + AUXILIARY + MAY ( delegationPath ) ) +## +## 17.1.6 Privilege policy object class +objectClass ( id-oc-privilegePolicy + NAME 'privilegePolicy' + DESC 'X.509 Privilege policy object class' + SUP top + AUXILIARY + MAY ( privPolicy ) ) +## +## 17.1.7 Protected privilege policy object class +objectClass ( id-oc-protectedPrivilegePolicy + NAME 'protectedPrivilegePolicy' + DESC 'X.509 Protected privilege policy object class' + SUP top + AUXILIARY + MAY ( protPrivPolicy ) ) + |