summaryrefslogtreecommitdiffstats
path: root/debian/schema
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 16:35:33 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 16:35:33 +0000
commit1f641814b2bfbbf2dc3347e11a3fe901bfdf1efc (patch)
tree77094b19bf9091ceb6f6ab7d0267f70fef9c8323 /debian/schema
parentAdding upstream version 2.5.13+dfsg. (diff)
downloadopenldap-1f641814b2bfbbf2dc3347e11a3fe901bfdf1efc.tar.xz
openldap-1f641814b2bfbbf2dc3347e11a3fe901bfdf1efc.zip
Adding debian version 2.5.13+dfsg-5.debian/2.5.13+dfsg-5debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/schema')
-rw-r--r--debian/schema/README15
-rw-r--r--debian/schema/collective.schema65
-rwxr-xr-xdebian/schema/compare-schema26
-rw-r--r--debian/schema/corba.schema61
-rw-r--r--debian/schema/core.ldif603
-rw-r--r--debian/schema/core.schema622
-rw-r--r--debian/schema/cosine.schema404
-rw-r--r--debian/schema/duaconf.schema153
-rw-r--r--debian/schema/inetorgperson.schema113
-rw-r--r--debian/schema/java.schema109
-rw-r--r--debian/schema/namedobject.schema42
-rw-r--r--debian/schema/pmi.schema476
12 files changed, 2689 insertions, 0 deletions
diff --git a/debian/schema/README b/debian/schema/README
new file mode 100644
index 0000000..e601c45
--- /dev/null
+++ b/debian/schema/README
@@ -0,0 +1,15 @@
+This directory contains stripped versions of schema files that the
+OpenLDAP distribution includes in servers/slapd/schema. The original
+versions as distributed upstream contain text from the RFCs embedded as
+comments, and that text is covered by the Internet Society license which
+does not meet the Debian Free Software Guidelines. (It doesn't permit
+creation and distribution of modified versions.) Accordingly, Debian
+cannot include the original versions of these files in Debian packages.
+
+Instead, in this directory are equivalent versions of those files with all
+of the text taken from IETF RFCs or Internet-Drafts removed and only the
+functional schema definition retained.
+
+Where possible, the schema files as distributed by the OpenLDAP project
+are retained. This is only done where RFC or Internet-Draft text is
+embedded in the schema file and covered by the Internet Society license.
diff --git a/debian/schema/collective.schema b/debian/schema/collective.schema
new file mode 100644
index 0000000..c3dc1a1
--- /dev/null
+++ b/debian/schema/collective.schema
@@ -0,0 +1,65 @@
+# collective.schema -- Collective attribute schema
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/collective.schema,v 1.12.2.2 2007/08/31 23:14:06 quanah Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+
+# The version of this file as distributed by the OpenLDAP Foundation
+# contains text from an IETF RFC explaining the schema. Unfortunately,
+# that text is covered by a license that doesn't meet Debian's Free
+# Software Guidelines. This is a stripped version of the schema that
+# contains only the functional schema definition, not the text of the
+# RFC.
+#
+# For an explanation of this schema, see RFC 3671, at (among other
+# places): http://www.ietf.org/rfc/rfc3671.txt
+
+attributeType ( 2.5.4.7.1 NAME 'c-l'
+ SUP l COLLECTIVE )
+
+attributeType ( 2.5.4.8.1 NAME 'c-st'
+ SUP st COLLECTIVE )
+
+attributeType ( 2.5.4.9.1 NAME 'c-street'
+ SUP street COLLECTIVE )
+
+attributeType ( 2.5.4.10.1 NAME 'c-o'
+ SUP o COLLECTIVE )
+
+attributeType ( 2.5.4.11.1 NAME 'c-ou'
+ SUP ou COLLECTIVE )
+
+attributeType ( 2.5.4.16.1 NAME 'c-PostalAddress'
+ SUP postalAddress COLLECTIVE )
+
+attributeType ( 2.5.4.17.1 NAME 'c-PostalCode'
+ SUP postalCode COLLECTIVE )
+
+attributeType ( 2.5.4.18.1 NAME 'c-PostOfficeBox'
+ SUP postOfficeBox COLLECTIVE )
+
+attributeType ( 2.5.4.19.1 NAME 'c-PhysicalDeliveryOfficeName'
+ SUP physicalDeliveryOfficeName COLLECTIVE )
+
+attributeType ( 2.5.4.20.1 NAME 'c-TelephoneNumber'
+ SUP telephoneNumber COLLECTIVE )
+
+attributeType ( 2.5.4.21.1 NAME 'c-TelexNumber'
+ SUP telexNumber COLLECTIVE )
+
+attributeType ( 2.5.4.23.1 NAME 'c-FacsimileTelephoneNumber'
+ SUP facsimileTelephoneNumber COLLECTIVE )
+
+attributeType ( 2.5.4.25.1 NAME 'c-InternationalISDNNumber'
+ SUP internationalISDNNumber COLLECTIVE )
+
diff --git a/debian/schema/compare-schema b/debian/schema/compare-schema
new file mode 100755
index 0000000..ce6b80c
--- /dev/null
+++ b/debian/schema/compare-schema
@@ -0,0 +1,26 @@
+#!/bin/sh
+#
+# Compare the stripped versions of the schema with the unmodified versions
+# from the source as distributed upstream and find any non-comment changes
+# so that our stripped versions can be updated.
+#
+# Takes the directory containing our stripped schema and the directory
+# containing the upstream schema. Uses the first directory as a working
+# area.
+
+set -e
+
+ours="$1"
+theirs="$2"
+if [ -z "$ours" ] || [ -z "$theirs" ] ; then
+ echo 'Usage: compare-schema <debian-schema-dir> <openldap-schema-dir>' >&2
+ exit 1
+fi
+
+cd $ours
+for schema in *.schema *.ldif ; do
+ grep -v '^#' "$schema" | grep -v '^ *$' > "${schema}.debian"
+ grep -v '^#' "$theirs/$schema" | grep -v '^ *$' > "${schema}.upstream"
+ diff -u "${schema}.debian" "${schema}.upstream"
+ rm "${schema}.debian" "${schema}.upstream"
+done
diff --git a/debian/schema/corba.schema b/debian/schema/corba.schema
new file mode 100644
index 0000000..918e9df
--- /dev/null
+++ b/debian/schema/corba.schema
@@ -0,0 +1,61 @@
+# corba.schema -- Corba Object Schema
+# depends upon core.schema
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/corba.schema,v 1.4.2.3 2007/01/02 21:44:09 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/corba.schema,v 1.4.2.3 2007/01/02 21:44:09 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+
+# The version of this file as distributed by the OpenLDAP Foundation
+# contains text from an IETF RFC explaining the schema. Unfortunately,
+# that text is covered by a license that doesn't meet Debian's Free
+# Software Guidelines. This is a stripped version of the schema that
+# contains only the functional schema definition, not the text of the
+# RFC.
+#
+# For an explanation of this schema, see RFC 2714, at (among other
+# places): http://www.ietf.org/rfc/rfc2714.txt
+
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.14
+ NAME 'corbaIor'
+ DESC 'Stringified interoperable object reference of a CORBA object'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.15
+ NAME 'corbaRepositoryId'
+ DESC 'Repository ids of interfaces implemented by a CORBA object'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.10
+ NAME 'corbaContainer'
+ DESC 'Container for a CORBA object'
+ SUP top
+ STRUCTURAL
+ MUST cn )
+
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.9
+ NAME 'corbaObject'
+ DESC 'CORBA object representation'
+ SUP top
+ ABSTRACT
+ MAY ( corbaRepositoryId $ description ) )
+
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.11
+ NAME 'corbaObjectReference'
+ DESC 'CORBA interoperable object reference'
+ SUP corbaObject
+ AUXILIARY
+ MUST corbaIor )
diff --git a/debian/schema/core.ldif b/debian/schema/core.ldif
new file mode 100644
index 0000000..2cbfb87
--- /dev/null
+++ b/debian/schema/core.ldif
@@ -0,0 +1,603 @@
+# OpenLDAP Core schema
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2014 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+
+# The version of this file as distributed by the OpenLDAP Foundation
+# contains text claiming copyright by the Internet Society and including
+# the IETF RFC license, which does not meet Debian's Free Software
+# Guidelines. However, apart from short and obvious comments, the text of
+# this file is purely a functional interface specification, which is not
+# subject to that license and is not copyrightable under US law.
+#
+# The license statement is retained below so as not to remove credit, but
+# as best as we can determine, it is not applicable to the contents of
+# this file.
+
+## Portions Copyright (C) The Internet Society (1997-2003).
+## All Rights Reserved.
+##
+## This document and translations of it may be copied and furnished to
+## others, and derivative works that comment on or otherwise explain it
+## or assist in its implementation may be prepared, copied, published
+## and distributed, in whole or in part, without restriction of any
+## kind, provided that the above copyright notice and this paragraph are
+## included on all such copies and derivative works. However, this
+## document itself may not be modified in any way, such as by removing
+## the copyright notice or references to the Internet Society or other
+## Internet organizations, except as needed for the purpose of
+## developing Internet standards in which case the procedures for
+## copyrights defined in the Internet Standards process must be
+## followed, or as required to translate it into languages other than
+## English.
+##
+## The limited permissions granted above are perpetual and will not be
+## revoked by the Internet Society or its successors or assigns.
+##
+## This document and the information contained herein is provided on an
+## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
+## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+#
+#
+#
+# Includes LDAPv3 schema items from:
+# RFC 2252/2256 (LDAPv3)
+#
+# Select standard track schema items:
+# RFC 1274 (uid/dc)
+# RFC 2079 (URI)
+# RFC 2247 (dc/dcObject)
+# RFC 2587 (PKI)
+# RFC 2589 (Dynamic Directory Services)
+#
+# Select informational schema items:
+# RFC 2377 (uidObject)
+#
+#
+# Standard attribute types from RFC 2256
+#
+dn: cn=core,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: core
+#
+# system schema
+#olcAttributeTypes: ( 2.5.4.0 NAME 'objectClass'
+# DESC 'RFC2256: object classes of the entity'
+# EQUALITY objectIdentifierMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
+#
+# system schema
+#olcAttributeTypes: ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' )
+# DESC 'RFC2256: name of aliased object'
+# EQUALITY distinguishedNameMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
+#
+olcAttributeTypes: ( 2.5.4.2 NAME 'knowledgeInformation'
+ DESC 'RFC2256: knowledge information'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+#
+# system schema
+#olcAttributeTypes: ( 2.5.4.3 NAME ( 'cn' 'commonName' )
+# DESC 'RFC2256: common name(s) for which the entity is known by'
+# SUP name )
+#
+olcAttributeTypes: ( 2.5.4.4 NAME ( 'sn' 'surname' )
+ DESC 'RFC2256: last (family) name(s) for which the entity is known by'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.5 NAME 'serialNumber'
+ DESC 'RFC2256: serial number of the entity'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} )
+#
+# RFC 4519 definition ('countryName' in X.500 and RFC2256)
+olcAttributeTypes: ( 2.5.4.6 NAME ( 'c' 'countryName' )
+ DESC 'RFC4519: two-letter ISO-3166 country code'
+ SUP name
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.11
+ SINGLE-VALUE )
+#
+olcAttributeTypes: ( 2.5.4.7 NAME ( 'l' 'localityName' )
+ DESC 'RFC2256: locality which this object resides in'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' )
+ DESC 'RFC2256: state or province which this object resides in'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.9 NAME ( 'street' 'streetAddress' )
+ DESC 'RFC2256: street address of this object'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+#
+olcAttributeTypes: ( 2.5.4.10 NAME ( 'o' 'organizationName' )
+ DESC 'RFC2256: organization this object belongs to'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' )
+ DESC 'RFC2256: organizational unit this object belongs to'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.12 NAME 'title'
+ DESC 'RFC2256: title associated with the entity'
+ SUP name )
+#
+# system schema
+#olcAttributeTypes: ( 2.5.4.13 NAME 'description'
+# DESC 'RFC2256: descriptive information'
+# EQUALITY caseIgnoreMatch
+# SUBSTR caseIgnoreSubstringsMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
+#
+# Deprecated by enhancedSearchGuide
+olcAttributeTypes: ( 2.5.4.14 NAME 'searchGuide'
+ DESC 'RFC2256: search guide, deprecated by enhancedSearchGuide'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 )
+#
+olcAttributeTypes: ( 2.5.4.15 NAME 'businessCategory'
+ DESC 'RFC2256: business category'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+#
+olcAttributeTypes: ( 2.5.4.16 NAME 'postalAddress'
+ DESC 'RFC2256: postal address'
+ EQUALITY caseIgnoreListMatch
+ SUBSTR caseIgnoreListSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+#
+olcAttributeTypes: ( 2.5.4.17 NAME 'postalCode'
+ DESC 'RFC2256: postal code'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
+#
+olcAttributeTypes: ( 2.5.4.18 NAME 'postOfficeBox'
+ DESC 'RFC2256: Post Office Box'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
+#
+olcAttributeTypes: ( 2.5.4.19 NAME 'physicalDeliveryOfficeName'
+ DESC 'RFC2256: Physical Delivery Office Name'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+#
+olcAttributeTypes: ( 2.5.4.20 NAME 'telephoneNumber'
+ DESC 'RFC2256: Telephone Number'
+ EQUALITY telephoneNumberMatch
+ SUBSTR telephoneNumberSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} )
+#
+olcAttributeTypes: ( 2.5.4.21 NAME 'telexNumber'
+ DESC 'RFC2256: Telex Number'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 )
+#
+olcAttributeTypes: ( 2.5.4.22 NAME 'teletexTerminalIdentifier'
+ DESC 'RFC2256: Teletex Terminal Identifier'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 )
+#
+olcAttributeTypes: ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' )
+ DESC 'RFC2256: Facsimile (Fax) Telephone Number'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 )
+#
+olcAttributeTypes: ( 2.5.4.24 NAME 'x121Address'
+ DESC 'RFC2256: X.121 Address'
+ EQUALITY numericStringMatch
+ SUBSTR numericStringSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} )
+#
+olcAttributeTypes: ( 2.5.4.25 NAME 'internationaliSDNNumber'
+ DESC 'RFC2256: international ISDN number'
+ EQUALITY numericStringMatch
+ SUBSTR numericStringSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} )
+#
+olcAttributeTypes: ( 2.5.4.26 NAME 'registeredAddress'
+ DESC 'RFC2256: registered postal address'
+ SUP postalAddress
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+#
+olcAttributeTypes: ( 2.5.4.27 NAME 'destinationIndicator'
+ DESC 'RFC2256: destination indicator'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} )
+#
+olcAttributeTypes: ( 2.5.4.28 NAME 'preferredDeliveryMethod'
+ DESC 'RFC2256: preferred delivery method'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.14
+ SINGLE-VALUE )
+#
+olcAttributeTypes: ( 2.5.4.29 NAME 'presentationAddress'
+ DESC 'RFC2256: presentation address'
+ EQUALITY presentationAddressMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.43
+ SINGLE-VALUE )
+#
+olcAttributeTypes: ( 2.5.4.30 NAME 'supportedApplicationContext'
+ DESC 'RFC2256: supported application context'
+ EQUALITY objectIdentifierMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
+#
+olcAttributeTypes: ( 2.5.4.31 NAME 'member'
+ DESC 'RFC2256: member of a group'
+ SUP distinguishedName )
+#
+olcAttributeTypes: ( 2.5.4.32 NAME 'owner'
+ DESC 'RFC2256: owner (of the object)'
+ SUP distinguishedName )
+#
+olcAttributeTypes: ( 2.5.4.33 NAME 'roleOccupant'
+ DESC 'RFC2256: occupant of role'
+ SUP distinguishedName )
+#
+# system schema
+#olcAttributeTypes: ( 2.5.4.34 NAME 'seeAlso'
+# DESC 'RFC2256: DN of related object'
+# SUP distinguishedName )
+#
+# system schema
+#olcAttributeTypes: ( 2.5.4.35 NAME 'userPassword'
+# DESC 'RFC2256/2307: password of user'
+# EQUALITY octetStringMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
+#
+# Must be transferred using ;binary
+# with certificateExactMatch rule (per X.509)
+olcAttributeTypes: ( 2.5.4.36 NAME 'userCertificate'
+ DESC 'RFC2256: X.509 user certificate, use ;binary'
+ EQUALITY certificateExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
+#
+# Must be transferred using ;binary
+# with certificateExactMatch rule (per X.509)
+olcAttributeTypes: ( 2.5.4.37 NAME 'cACertificate'
+ DESC 'RFC2256: X.509 CA certificate, use ;binary'
+ EQUALITY certificateExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
+#
+# Must be transferred using ;binary
+olcAttributeTypes: ( 2.5.4.38 NAME 'authorityRevocationList'
+ DESC 'RFC2256: X.509 authority revocation list, use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+#
+# Must be transferred using ;binary
+olcAttributeTypes: ( 2.5.4.39 NAME 'certificateRevocationList'
+ DESC 'RFC2256: X.509 certificate revocation list, use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+#
+# Must be stored and requested in the binary form
+olcAttributeTypes: ( 2.5.4.40 NAME 'crossCertificatePair'
+ DESC 'RFC2256: X.509 cross certificate pair, use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 )
+#
+# 2.5.4.41 is defined above as it's used for subtyping
+#olcAttributeTypes: ( 2.5.4.41 NAME 'name'
+# EQUALITY caseIgnoreMatch
+# SUBSTR caseIgnoreSubstringsMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+#
+olcAttributeTypes: ( 2.5.4.42 NAME ( 'givenName' 'gn' )
+ DESC 'RFC2256: first name(s) for which the entity is known by'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.43 NAME 'initials'
+ DESC 'RFC2256: initials of some or all of names, but not the surname(s).'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.44 NAME 'generationQualifier'
+ DESC 'RFC2256: name qualifier indicating a generation'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.45 NAME 'x500UniqueIdentifier'
+ DESC 'RFC2256: X.500 unique identifier'
+ EQUALITY bitStringMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )
+#
+olcAttributeTypes: ( 2.5.4.46 NAME 'dnQualifier'
+ DESC 'RFC2256: DN qualifier'
+ EQUALITY caseIgnoreMatch
+ ORDERING caseIgnoreOrderingMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
+#
+olcAttributeTypes: ( 2.5.4.47 NAME 'enhancedSearchGuide'
+ DESC 'RFC2256: enhanced search guide'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 )
+#
+olcAttributeTypes: ( 2.5.4.48 NAME 'protocolInformation'
+ DESC 'RFC2256: protocol information'
+ EQUALITY protocolInformationMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 )
+#
+# 2.5.4.49 is defined above as it's used for subtyping
+#olcAttributeTypes: ( 2.5.4.49 NAME 'distinguishedName'
+# EQUALITY distinguishedNameMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+#
+olcAttributeTypes: ( 2.5.4.50 NAME 'uniqueMember'
+ DESC 'RFC2256: unique member of a group'
+ EQUALITY uniqueMemberMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 )
+#
+olcAttributeTypes: ( 2.5.4.51 NAME 'houseIdentifier'
+ DESC 'RFC2256: house identifier'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+#
+# Must be transferred using ;binary
+olcAttributeTypes: ( 2.5.4.52 NAME 'supportedAlgorithms'
+ DESC 'RFC2256: supported algorithms'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 )
+#
+# Must be transferred using ;binary
+olcAttributeTypes: ( 2.5.4.53 NAME 'deltaRevocationList'
+ DESC 'RFC2256: delta revocation list; use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+#
+olcAttributeTypes: ( 2.5.4.54 NAME 'dmdName'
+ DESC 'RFC2256: name of DMD'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.65 NAME 'pseudonym'
+ DESC 'X.520(4th): pseudonym for the object'
+ SUP name )
+#
+# Standard object classes from RFC2256
+#
+# system schema
+#olcObjectClasses: ( 2.5.6.1 NAME 'alias'
+# DESC 'RFC2256: an alias'
+# SUP top STRUCTURAL
+# MUST aliasedObjectName )
+#
+olcObjectClasses: ( 2.5.6.2 NAME 'country'
+ DESC 'RFC2256: a country'
+ SUP top STRUCTURAL
+ MUST c
+ MAY ( searchGuide $ description ) )
+#
+olcObjectClasses: ( 2.5.6.3 NAME 'locality'
+ DESC 'RFC2256: a locality'
+ SUP top STRUCTURAL
+ MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) )
+#
+olcObjectClasses: ( 2.5.6.4 NAME 'organization'
+ DESC 'RFC2256: an organization'
+ SUP top STRUCTURAL
+ MUST o
+ MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
+ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
+#
+olcObjectClasses: ( 2.5.6.5 NAME 'organizationalUnit'
+ DESC 'RFC2256: an organizational unit'
+ SUP top STRUCTURAL
+ MUST ou
+ MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
+ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
+#
+olcObjectClasses: ( 2.5.6.6 NAME 'person'
+ DESC 'RFC2256: a person'
+ SUP top STRUCTURAL
+ MUST ( sn $ cn )
+ MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) )
+#
+olcObjectClasses: ( 2.5.6.7 NAME 'organizationalPerson'
+ DESC 'RFC2256: an organizational person'
+ SUP person STRUCTURAL
+ MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
+ postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) )
+#
+olcObjectClasses: ( 2.5.6.8 NAME 'organizationalRole'
+ DESC 'RFC2256: an organizational role'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
+ seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $
+ postOfficeBox $ postalCode $ postalAddress $
+ physicalDeliveryOfficeName $ ou $ st $ l $ description ) )
+#
+olcObjectClasses: ( 2.5.6.9 NAME 'groupOfNames'
+ DESC 'RFC2256: a group of names (DNs)'
+ SUP top STRUCTURAL
+ MUST ( member $ cn )
+ MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
+#
+olcObjectClasses: ( 2.5.6.10 NAME 'residentialPerson'
+ DESC 'RFC2256: an residential person'
+ SUP person STRUCTURAL
+ MUST l
+ MAY ( businessCategory $ x121Address $ registeredAddress $
+ destinationIndicator $ preferredDeliveryMethod $ telexNumber $
+ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ preferredDeliveryMethod $ street $
+ postOfficeBox $ postalCode $ postalAddress $
+ physicalDeliveryOfficeName $ st $ l ) )
+#
+olcObjectClasses: ( 2.5.6.11 NAME 'applicationProcess'
+ DESC 'RFC2256: an application process'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( seeAlso $ ou $ l $ description ) )
+#
+olcObjectClasses: ( 2.5.6.12 NAME 'applicationEntity'
+ DESC 'RFC2256: an application entity'
+ SUP top STRUCTURAL
+ MUST ( presentationAddress $ cn )
+ MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $
+ description ) )
+#
+olcObjectClasses: ( 2.5.6.13 NAME 'dSA'
+ DESC 'RFC2256: a directory system agent (a server)'
+ SUP applicationEntity STRUCTURAL
+ MAY knowledgeInformation )
+#
+olcObjectClasses: ( 2.5.6.14 NAME 'device'
+ DESC 'RFC2256: a device'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) )
+#
+olcObjectClasses: ( 2.5.6.15 NAME 'strongAuthenticationUser'
+ DESC 'RFC2256: a strong authentication user'
+ SUP top AUXILIARY
+ MUST userCertificate )
+#
+olcObjectClasses: ( 2.5.6.16 NAME 'certificationAuthority'
+ DESC 'RFC2256: a certificate authority'
+ SUP top AUXILIARY
+ MUST ( authorityRevocationList $ certificateRevocationList $
+ cACertificate ) MAY crossCertificatePair )
+#
+olcObjectClasses: ( 2.5.6.17 NAME 'groupOfUniqueNames'
+ DESC 'RFC2256: a group of unique names (DN and Unique Identifier)'
+ SUP top STRUCTURAL
+ MUST ( uniqueMember $ cn )
+ MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
+#
+olcObjectClasses: ( 2.5.6.18 NAME 'userSecurityInformation'
+ DESC 'RFC2256: a user security information'
+ SUP top AUXILIARY
+ MAY ( supportedAlgorithms ) )
+#
+olcObjectClasses: ( 2.5.6.16.2 NAME 'certificationAuthority-V2'
+ SUP certificationAuthority
+ AUXILIARY MAY ( deltaRevocationList ) )
+#
+olcObjectClasses: ( 2.5.6.19 NAME 'cRLDistributionPoint'
+ SUP top STRUCTURAL
+ MUST ( cn )
+ MAY ( certificateRevocationList $ authorityRevocationList $
+ deltaRevocationList ) )
+#
+olcObjectClasses: ( 2.5.6.20 NAME 'dmd'
+ SUP top STRUCTURAL
+ MUST ( dmdName )
+ MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
+ street $ postOfficeBox $ postalCode $ postalAddress $
+ physicalDeliveryOfficeName $ st $ l $ description ) )
+#
+#
+# Object Classes from RFC 2587
+#
+olcObjectClasses: ( 2.5.6.21 NAME 'pkiUser'
+ DESC 'RFC2587: a PKI user'
+ SUP top AUXILIARY
+ MAY userCertificate )
+#
+olcObjectClasses: ( 2.5.6.22 NAME 'pkiCA'
+ DESC 'RFC2587: PKI certificate authority'
+ SUP top AUXILIARY
+ MAY ( authorityRevocationList $ certificateRevocationList $
+ cACertificate $ crossCertificatePair ) )
+#
+olcObjectClasses: ( 2.5.6.23 NAME 'deltaCRL'
+ DESC 'RFC4523: X.509 delta CRL'
+ SUP top AUXILIARY
+ MAY deltaRevocationList )
+#
+#
+# Standard Track URI label schema from RFC 2079
+# system schema
+#olcAttributeTypes: ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI'
+# DESC 'RFC2079: Uniform Resource Identifier with optional label'
+# EQUALITY caseExactMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+#
+olcObjectClasses: ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject'
+ DESC 'RFC2079: object that contains the URI attribute type'
+ MAY ( labeledURI )
+ SUP top AUXILIARY )
+#
+#
+# Derived from RFC 1274, but with new "short names"
+#
+#olcAttributeTypes: ( 0.9.2342.19200300.100.1.1
+# NAME ( 'uid' 'userid' )
+# DESC 'RFC1274: user identifier'
+# EQUALITY caseIgnoreMatch
+# SUBSTR caseIgnoreSubstringsMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+#
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.3
+ NAME ( 'mail' 'rfc822Mailbox' )
+ DESC 'RFC1274: RFC822 Mailbox'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+#
+olcObjectClasses: ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
+ DESC 'RFC1274: simple security object'
+ SUP top AUXILIARY
+ MUST userPassword )
+#
+# RFC 1274 + RFC 2247
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.25
+ NAME ( 'dc' 'domainComponent' )
+ DESC 'RFC1274/2247: domain component'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+#
+# RFC 2247
+olcObjectClasses: ( 1.3.6.1.4.1.1466.344 NAME 'dcObject'
+ DESC 'RFC2247: domain component object'
+ SUP top AUXILIARY MUST dc )
+#
+# RFC 2377
+olcObjectClasses: ( 1.3.6.1.1.3.1 NAME 'uidObject'
+ DESC 'RFC2377: uid object'
+ SUP top AUXILIARY MUST uid )
+#
+# From COSINE Pilot
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.37
+ NAME 'associatedDomain'
+ DESC 'RFC1274: domain associated with object'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+#
+# RFC 2459 -- deprecated in favor of 'mail' (in cosine.schema)
+olcAttributeTypes: ( 1.2.840.113549.1.9.1
+ NAME ( 'email' 'emailAddress' 'pkcs9email' )
+ DESC 'RFC3280: legacy attribute for email addresses in DNs'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
+#
diff --git a/debian/schema/core.schema b/debian/schema/core.schema
new file mode 100644
index 0000000..dcc04e9
--- /dev/null
+++ b/debian/schema/core.schema
@@ -0,0 +1,622 @@
+# OpenLDAP Core schema
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2014 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+
+# The version of this file as distributed by the OpenLDAP Foundation
+# contains text claiming copyright by the Internet Society and including
+# the IETF RFC license, which does not meet Debian's Free Software
+# Guidelines. However, apart from short and obvious comments, the text of
+# this file is purely a functional interface specification, which is not
+# subject to that license and is not copyrightable under US law.
+#
+# The license statement is retained below so as not to remove credit, but
+# as best as we can determine, it is not applicable to the contents of
+# this file.
+
+## Portions Copyright (C) The Internet Society (1997-2006).
+## All Rights Reserved.
+##
+## This document and translations of it may be copied and furnished to
+## others, and derivative works that comment on or otherwise explain it
+## or assist in its implementation may be prepared, copied, published
+## and distributed, in whole or in part, without restriction of any
+## kind, provided that the above copyright notice and this paragraph are
+## included on all such copies and derivative works. However, this
+## document itself may not be modified in any way, such as by removing
+## the copyright notice or references to the Internet Society or other
+## Internet organizations, except as needed for the purpose of
+## developing Internet standards in which case the procedures for
+## copyrights defined in the Internet Standards process must be
+## followed, or as required to translate it into languages other than
+## English.
+##
+## The limited permissions granted above are perpetual and will not be
+## revoked by the Internet Society or its successors or assigns.
+##
+## This document and the information contained herein is provided on an
+## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
+## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+#
+#
+# Includes LDAPv3 schema items from:
+# RFC 2252/2256 (LDAPv3)
+#
+# Select standard track schema items:
+# RFC 1274 (uid/dc)
+# RFC 2079 (URI)
+# RFC 2247 (dc/dcObject)
+# RFC 2587 (PKI)
+# RFC 2589 (Dynamic Directory Services)
+# RFC 4524 (associatedDomain)
+#
+# Select informational schema items:
+# RFC 2377 (uidObject)
+
+#
+# Standard attribute types from RFC 2256
+#
+
+# system schema
+#attributetype ( 2.5.4.0 NAME 'objectClass'
+# DESC 'RFC2256: object classes of the entity'
+# EQUALITY objectIdentifierMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
+
+# system schema
+#attributetype ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' )
+# DESC 'RFC2256: name of aliased object'
+# EQUALITY distinguishedNameMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
+
+attributetype ( 2.5.4.2 NAME 'knowledgeInformation'
+ DESC 'RFC2256: knowledge information'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+
+# system schema
+#attributetype ( 2.5.4.3 NAME ( 'cn' 'commonName' )
+# DESC 'RFC2256: common name(s) for which the entity is known by'
+# SUP name )
+
+attributetype ( 2.5.4.4 NAME ( 'sn' 'surname' )
+ DESC 'RFC2256: last (family) name(s) for which the entity is known by'
+ SUP name )
+
+attributetype ( 2.5.4.5 NAME 'serialNumber'
+ DESC 'RFC2256: serial number of the entity'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} )
+
+# RFC 4519 definition ('countryName' in X.500 and RFC2256)
+attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' )
+ DESC 'RFC4519: two-letter ISO-3166 country code'
+ SUP name
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.11
+ SINGLE-VALUE )
+
+#attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' )
+# DESC 'RFC2256: ISO-3166 country 2-letter code'
+# SUP name SINGLE-VALUE )
+
+attributetype ( 2.5.4.7 NAME ( 'l' 'localityName' )
+ DESC 'RFC2256: locality which this object resides in'
+ SUP name )
+
+attributetype ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' )
+ DESC 'RFC2256: state or province which this object resides in'
+ SUP name )
+
+attributetype ( 2.5.4.9 NAME ( 'street' 'streetAddress' )
+ DESC 'RFC2256: street address of this object'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+
+attributetype ( 2.5.4.10 NAME ( 'o' 'organizationName' )
+ DESC 'RFC2256: organization this object belongs to'
+ SUP name )
+
+attributetype ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' )
+ DESC 'RFC2256: organizational unit this object belongs to'
+ SUP name )
+
+attributetype ( 2.5.4.12 NAME 'title'
+ DESC 'RFC2256: title associated with the entity'
+ SUP name )
+
+# system schema
+#attributetype ( 2.5.4.13 NAME 'description'
+# DESC 'RFC2256: descriptive information'
+# EQUALITY caseIgnoreMatch
+# SUBSTR caseIgnoreSubstringsMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
+
+# Deprecated by enhancedSearchGuide
+attributetype ( 2.5.4.14 NAME 'searchGuide'
+ DESC 'RFC2256: search guide, deprecated by enhancedSearchGuide'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 )
+
+attributetype ( 2.5.4.15 NAME 'businessCategory'
+ DESC 'RFC2256: business category'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+
+attributetype ( 2.5.4.16 NAME 'postalAddress'
+ DESC 'RFC2256: postal address'
+ EQUALITY caseIgnoreListMatch
+ SUBSTR caseIgnoreListSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+
+attributetype ( 2.5.4.17 NAME 'postalCode'
+ DESC 'RFC2256: postal code'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
+
+attributetype ( 2.5.4.18 NAME 'postOfficeBox'
+ DESC 'RFC2256: Post Office Box'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
+
+attributetype ( 2.5.4.19 NAME 'physicalDeliveryOfficeName'
+ DESC 'RFC2256: Physical Delivery Office Name'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+
+attributetype ( 2.5.4.20 NAME 'telephoneNumber'
+ DESC 'RFC2256: Telephone Number'
+ EQUALITY telephoneNumberMatch
+ SUBSTR telephoneNumberSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} )
+
+attributetype ( 2.5.4.21 NAME 'telexNumber'
+ DESC 'RFC2256: Telex Number'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 )
+
+attributetype ( 2.5.4.22 NAME 'teletexTerminalIdentifier'
+ DESC 'RFC2256: Teletex Terminal Identifier'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 )
+
+attributetype ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' )
+ DESC 'RFC2256: Facsimile (Fax) Telephone Number'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 )
+
+attributetype ( 2.5.4.24 NAME 'x121Address'
+ DESC 'RFC2256: X.121 Address'
+ EQUALITY numericStringMatch
+ SUBSTR numericStringSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} )
+
+attributetype ( 2.5.4.25 NAME 'internationaliSDNNumber'
+ DESC 'RFC2256: international ISDN number'
+ EQUALITY numericStringMatch
+ SUBSTR numericStringSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} )
+
+attributetype ( 2.5.4.26 NAME 'registeredAddress'
+ DESC 'RFC2256: registered postal address'
+ SUP postalAddress
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+
+attributetype ( 2.5.4.27 NAME 'destinationIndicator'
+ DESC 'RFC2256: destination indicator'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} )
+
+attributetype ( 2.5.4.28 NAME 'preferredDeliveryMethod'
+ DESC 'RFC2256: preferred delivery method'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.14
+ SINGLE-VALUE )
+
+attributetype ( 2.5.4.29 NAME 'presentationAddress'
+ DESC 'RFC2256: presentation address'
+ EQUALITY presentationAddressMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.43
+ SINGLE-VALUE )
+
+attributetype ( 2.5.4.30 NAME 'supportedApplicationContext'
+ DESC 'RFC2256: supported application context'
+ EQUALITY objectIdentifierMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
+
+attributetype ( 2.5.4.31 NAME 'member'
+ DESC 'RFC2256: member of a group'
+ SUP distinguishedName )
+
+attributetype ( 2.5.4.32 NAME 'owner'
+ DESC 'RFC2256: owner (of the object)'
+ SUP distinguishedName )
+
+attributetype ( 2.5.4.33 NAME 'roleOccupant'
+ DESC 'RFC2256: occupant of role'
+ SUP distinguishedName )
+
+# system schema
+#attributetype ( 2.5.4.34 NAME 'seeAlso'
+# DESC 'RFC2256: DN of related object'
+# SUP distinguishedName )
+
+# system schema
+#attributetype ( 2.5.4.35 NAME 'userPassword'
+# DESC 'RFC2256/2307: password of user'
+# EQUALITY octetStringMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
+
+# Must be transferred using ;binary
+# with certificateExactMatch rule (per X.509)
+attributetype ( 2.5.4.36 NAME 'userCertificate'
+ DESC 'RFC2256: X.509 user certificate, use ;binary'
+ EQUALITY certificateExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
+
+# Must be transferred using ;binary
+# with certificateExactMatch rule (per X.509)
+attributetype ( 2.5.4.37 NAME 'cACertificate'
+ DESC 'RFC2256: X.509 CA certificate, use ;binary'
+ EQUALITY certificateExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
+
+# Must be transferred using ;binary
+attributetype ( 2.5.4.38 NAME 'authorityRevocationList'
+ DESC 'RFC2256: X.509 authority revocation list, use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+
+# Must be transferred using ;binary
+attributetype ( 2.5.4.39 NAME 'certificateRevocationList'
+ DESC 'RFC2256: X.509 certificate revocation list, use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+
+# Must be stored and requested in the binary form
+attributetype ( 2.5.4.40 NAME 'crossCertificatePair'
+ DESC 'RFC2256: X.509 cross certificate pair, use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 )
+
+# system schema
+#attributetype ( 2.5.4.41 NAME 'name'
+# EQUALITY caseIgnoreMatch
+# SUBSTR caseIgnoreSubstringsMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+
+attributetype ( 2.5.4.42 NAME ( 'givenName' 'gn' )
+ DESC 'RFC2256: first name(s) for which the entity is known by'
+ SUP name )
+
+attributetype ( 2.5.4.43 NAME 'initials'
+ DESC 'RFC2256: initials of some or all of names, but not the surname(s).'
+ SUP name )
+
+attributetype ( 2.5.4.44 NAME 'generationQualifier'
+ DESC 'RFC2256: name qualifier indicating a generation'
+ SUP name )
+
+attributetype ( 2.5.4.45 NAME 'x500UniqueIdentifier'
+ DESC 'RFC2256: X.500 unique identifier'
+ EQUALITY bitStringMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )
+
+attributetype ( 2.5.4.46 NAME 'dnQualifier'
+ DESC 'RFC2256: DN qualifier'
+ EQUALITY caseIgnoreMatch
+ ORDERING caseIgnoreOrderingMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
+
+attributetype ( 2.5.4.47 NAME 'enhancedSearchGuide'
+ DESC 'RFC2256: enhanced search guide'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 )
+
+attributetype ( 2.5.4.48 NAME 'protocolInformation'
+ DESC 'RFC2256: protocol information'
+ EQUALITY protocolInformationMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 )
+
+# system schema
+#attributetype ( 2.5.4.49 NAME 'distinguishedName'
+# EQUALITY distinguishedNameMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 2.5.4.50 NAME 'uniqueMember'
+ DESC 'RFC2256: unique member of a group'
+ EQUALITY uniqueMemberMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 )
+
+attributetype ( 2.5.4.51 NAME 'houseIdentifier'
+ DESC 'RFC2256: house identifier'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+
+# Must be transferred using ;binary
+attributetype ( 2.5.4.52 NAME 'supportedAlgorithms'
+ DESC 'RFC2256: supported algorithms'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 )
+
+# Must be transferred using ;binary
+attributetype ( 2.5.4.53 NAME 'deltaRevocationList'
+ DESC 'RFC2256: delta revocation list; use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+
+attributetype ( 2.5.4.54 NAME 'dmdName'
+ DESC 'RFC2256: name of DMD'
+ SUP name )
+
+attributetype ( 2.5.4.65 NAME 'pseudonym'
+ DESC 'X.520(4th): pseudonym for the object'
+ SUP name )
+
+# Standard object classes from RFC2256
+
+# system schema
+#objectclass ( 2.5.6.0 NAME 'top'
+# DESC 'RFC2256: top of the superclass chain'
+# ABSTRACT
+# MUST objectClass )
+
+# system schema
+#objectclass ( 2.5.6.1 NAME 'alias'
+# DESC 'RFC2256: an alias'
+# SUP top STRUCTURAL
+# MUST aliasedObjectName )
+
+objectclass ( 2.5.6.2 NAME 'country'
+ DESC 'RFC2256: a country'
+ SUP top STRUCTURAL
+ MUST c
+ MAY ( searchGuide $ description ) )
+
+objectclass ( 2.5.6.3 NAME 'locality'
+ DESC 'RFC2256: a locality'
+ SUP top STRUCTURAL
+ MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) )
+
+objectclass ( 2.5.6.4 NAME 'organization'
+ DESC 'RFC2256: an organization'
+ SUP top STRUCTURAL
+ MUST o
+ MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
+ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
+
+objectclass ( 2.5.6.5 NAME 'organizationalUnit'
+ DESC 'RFC2256: an organizational unit'
+ SUP top STRUCTURAL
+ MUST ou
+ MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
+ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
+
+objectclass ( 2.5.6.6 NAME 'person'
+ DESC 'RFC2256: a person'
+ SUP top STRUCTURAL
+ MUST ( sn $ cn )
+ MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) )
+
+objectclass ( 2.5.6.7 NAME 'organizationalPerson'
+ DESC 'RFC2256: an organizational person'
+ SUP person STRUCTURAL
+ MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
+ postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) )
+
+objectclass ( 2.5.6.8 NAME 'organizationalRole'
+ DESC 'RFC2256: an organizational role'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
+ seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $
+ postOfficeBox $ postalCode $ postalAddress $
+ physicalDeliveryOfficeName $ ou $ st $ l $ description ) )
+
+objectclass ( 2.5.6.9 NAME 'groupOfNames'
+ DESC 'RFC2256: a group of names (DNs)'
+ SUP top STRUCTURAL
+ MUST ( member $ cn )
+ MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
+
+objectclass ( 2.5.6.10 NAME 'residentialPerson'
+ DESC 'RFC2256: an residential person'
+ SUP person STRUCTURAL
+ MUST l
+ MAY ( businessCategory $ x121Address $ registeredAddress $
+ destinationIndicator $ preferredDeliveryMethod $ telexNumber $
+ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ preferredDeliveryMethod $ street $
+ postOfficeBox $ postalCode $ postalAddress $
+ physicalDeliveryOfficeName $ st $ l ) )
+
+objectclass ( 2.5.6.11 NAME 'applicationProcess'
+ DESC 'RFC2256: an application process'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( seeAlso $ ou $ l $ description ) )
+
+objectclass ( 2.5.6.12 NAME 'applicationEntity'
+ DESC 'RFC2256: an application entity'
+ SUP top STRUCTURAL
+ MUST ( presentationAddress $ cn )
+ MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $
+ description ) )
+
+objectclass ( 2.5.6.13 NAME 'dSA'
+ DESC 'RFC2256: a directory system agent (a server)'
+ SUP applicationEntity STRUCTURAL
+ MAY knowledgeInformation )
+
+objectclass ( 2.5.6.14 NAME 'device'
+ DESC 'RFC2256: a device'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) )
+
+objectclass ( 2.5.6.15 NAME 'strongAuthenticationUser'
+ DESC 'RFC2256: a strong authentication user'
+ SUP top AUXILIARY
+ MUST userCertificate )
+
+objectclass ( 2.5.6.16 NAME 'certificationAuthority'
+ DESC 'RFC2256: a certificate authority'
+ SUP top AUXILIARY
+ MUST ( authorityRevocationList $ certificateRevocationList $
+ cACertificate ) MAY crossCertificatePair )
+
+objectclass ( 2.5.6.17 NAME 'groupOfUniqueNames'
+ DESC 'RFC2256: a group of unique names (DN and Unique Identifier)'
+ SUP top STRUCTURAL
+ MUST ( uniqueMember $ cn )
+ MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
+
+objectclass ( 2.5.6.18 NAME 'userSecurityInformation'
+ DESC 'RFC2256: a user security information'
+ SUP top AUXILIARY
+ MAY ( supportedAlgorithms ) )
+
+objectclass ( 2.5.6.16.2 NAME 'certificationAuthority-V2'
+ SUP certificationAuthority
+ AUXILIARY MAY ( deltaRevocationList ) )
+
+objectclass ( 2.5.6.19 NAME 'cRLDistributionPoint'
+ SUP top STRUCTURAL
+ MUST ( cn )
+ MAY ( certificateRevocationList $ authorityRevocationList $
+ deltaRevocationList ) )
+
+objectclass ( 2.5.6.20 NAME 'dmd'
+ SUP top STRUCTURAL
+ MUST ( dmdName )
+ MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
+ street $ postOfficeBox $ postalCode $ postalAddress $
+ physicalDeliveryOfficeName $ st $ l $ description ) )
+
+#
+# Object Classes from RFC 2587
+#
+objectclass ( 2.5.6.21 NAME 'pkiUser'
+ DESC 'RFC2587: a PKI user'
+ SUP top AUXILIARY
+ MAY userCertificate )
+
+objectclass ( 2.5.6.22 NAME 'pkiCA'
+ DESC 'RFC2587: PKI certificate authority'
+ SUP top AUXILIARY
+ MAY ( authorityRevocationList $ certificateRevocationList $
+ cACertificate $ crossCertificatePair ) )
+
+objectclass ( 2.5.6.23 NAME 'deltaCRL'
+ DESC 'RFC4523: X.509 delta CRL'
+ SUP top AUXILIARY
+ MAY deltaRevocationList )
+
+#
+# Standard Track URI label schema from RFC 2079
+# system schema
+#attributetype ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI'
+# DESC 'RFC2079: Uniform Resource Identifier with optional label'
+# EQUALITY caseExactMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectclass ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject'
+ DESC 'RFC2079: object that contains the URI attribute type'
+ SUP top AUXILIARY
+ MAY ( labeledURI ) )
+
+#
+# Derived from RFC 1274, but with new "short names"
+#
+#attributetype ( 0.9.2342.19200300.100.1.1
+# NAME ( 'uid' 'userid' )
+# DESC 'RFC1274: user identifier'
+# EQUALITY caseIgnoreMatch
+# SUBSTR caseIgnoreSubstringsMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.3
+ NAME ( 'mail' 'rfc822Mailbox' )
+ DESC 'RFC1274: RFC822 Mailbox'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
+ DESC 'RFC1274: simple security object'
+ SUP top AUXILIARY
+ MUST userPassword )
+
+# RFC 1274 + RFC 2247
+attributetype ( 0.9.2342.19200300.100.1.25
+ NAME ( 'dc' 'domainComponent' )
+ DESC 'RFC1274/2247: domain component'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+# RFC 2247
+objectclass ( 1.3.6.1.4.1.1466.344 NAME 'dcObject'
+ DESC 'RFC2247: domain component object'
+ SUP top AUXILIARY MUST dc )
+
+# RFC 2377
+objectclass ( 1.3.6.1.1.3.1 NAME 'uidObject'
+ DESC 'RFC2377: uid object'
+ SUP top AUXILIARY MUST uid )
+
+# RFC 4524
+# The 'associatedDomain' attribute specifies DNS [RFC1034][RFC2181]
+# host names [RFC1123] that are associated with an object. That is,
+# values of this attribute should conform to the following ABNF:
+#
+# domain = root / label *( DOT label )
+# root = SPACE
+# label = LETDIG [ *61( LETDIG / HYPHEN ) LETDIG ]
+# LETDIG = %x30-39 / %x41-5A / %x61-7A ; "0" - "9" / "A"-"Z" / "a"-"z"
+# SPACE = %x20 ; space (" ")
+# HYPHEN = %x2D ; hyphen ("-")
+# DOT = %x2E ; period (".")
+attributetype ( 0.9.2342.19200300.100.1.37
+ NAME 'associatedDomain'
+ DESC 'RFC1274: domain associated with object'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+# RFC 2459 -- deprecated in favor of 'mail' (in cosine.schema)
+attributetype ( 1.2.840.113549.1.9.1
+ NAME ( 'email' 'emailAddress' 'pkcs9email' )
+ DESC 'RFC3280: legacy attribute for email addresses in DNs'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
+
diff --git a/debian/schema/cosine.schema b/debian/schema/cosine.schema
new file mode 100644
index 0000000..024d859
--- /dev/null
+++ b/debian/schema/cosine.schema
@@ -0,0 +1,404 @@
+# RFC1274: Cosine and Internet X.500 schema
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/cosine.schema,v 1.19.2.5 2007/01/02 21:44:09 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+# RFC1274: Cosine and Internet X.500 schema
+#
+# This file contains LDAPv3 schema derived from X.500 COSINE "pilot"
+# schema. As this schema was defined for X.500(89), some
+# oddities were introduced in the mapping to LDAPv3. The
+# mappings were based upon: draft-ietf-asid-ldapv3-attributes-03.txt
+# (a work in progress)
+#
+# Note: It seems that the pilot schema evolved beyond what was
+# described in RFC1274. However, this document attempts to describes
+# RFC1274 as published.
+#
+# Depends on core.schema
+
+# The version of this file as distributed by the OpenLDAP Foundation
+# contains text from an IETF RFC explaining the schema. Unfortunately,
+# that text is covered by a license that doesn't meet Debian's Free
+# Software Guidelines. This is a stripped version of the schema that
+# contains only the functional schema definition, not the text of the
+# RFC.
+#
+# For an explanation of this schema, see RFC 1274, at (among other
+# places): http://www.ietf.org/rfc/rfc1274.txt
+
+#(in core.schema)
+##attributetype ( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' )
+## EQUALITY caseIgnoreMatch
+## SUBSTR caseIgnoreSubstringsMatch
+## SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+#(in core.schema)
+##attributetype ( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822Mailbox' )
+## EQUALITY caseIgnoreIA5Match
+## SUBSTR caseIgnoreIA5SubstringsMatch
+## SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.4 NAME 'info'
+ DESC 'RFC1274: general information'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} )
+
+attributetype ( 0.9.2342.19200300.100.1.5
+ NAME ( 'drink' 'favouriteDrink' )
+ DESC 'RFC1274: favorite drink'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber'
+ DESC 'RFC1274: room number'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.7 NAME 'photo'
+ DESC 'RFC1274: photo (G3 fax)'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000} )
+
+attributetype ( 0.9.2342.19200300.100.1.8 NAME 'userClass'
+ DESC 'RFC1274: category of user'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.9 NAME 'host'
+ DESC 'RFC1274: host computer'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.10 NAME 'manager'
+ DESC 'RFC1274: DN of manager'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier'
+ DESC 'RFC1274: unique identifier of document'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle'
+ DESC 'RFC1274: title of document'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion'
+ DESC 'RFC1274: version of document'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor'
+ DESC 'RFC1274: DN of author of document'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation'
+ DESC 'RFC1274: location of document original'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.20
+ NAME ( 'homePhone' 'homeTelephoneNumber' )
+ DESC 'RFC1274: home telephone number'
+ EQUALITY telephoneNumberMatch
+ SUBSTR telephoneNumberSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
+
+attributetype ( 0.9.2342.19200300.100.1.21 NAME 'secretary'
+ DESC 'RFC1274: DN of secretary'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.39 )
+
+## Deprecated in favor of modifyTimeStamp
+#attributetype ( 0.9.2342.19200300.100.1.23 NAME 'lastModifiedTime'
+# DESC 'RFC1274: time of last modify, replaced by modifyTimestamp'
+# OBSOLETE
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.53
+# USAGE directoryOperation )
+
+## Deprecated in favor of modifiersName
+#attributetype ( 0.9.2342.19200300.100.1.24 NAME 'lastModifiedBy'
+# DESC 'RFC1274: last modifier, replaced by modifiersName'
+# OBSOLETE
+# EQUALITY distinguishedNameMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+# USAGE directoryOperation )
+
+##(in core.schema)
+##attributetype ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domainComponent' )
+## EQUALITY caseIgnoreIA5Match
+## SUBSTR caseIgnoreIA5SubstringsMatch
+## SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+## incorrect syntax?
+attributetype ( 0.9.2342.19200300.100.1.26 NAME 'aRecord'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+## missing from RFC1274
+## incorrect syntax?
+attributetype ( 0.9.2342.19200300.100.1.27 NAME 'mDRecord'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+## incorrect syntax!!
+attributetype ( 0.9.2342.19200300.100.1.28 NAME 'mXRecord'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+## incorrect syntax!!
+attributetype ( 0.9.2342.19200300.100.1.29 NAME 'nSRecord'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+## incorrect syntax!!
+attributetype ( 0.9.2342.19200300.100.1.30 NAME 'sOARecord'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+## incorrect syntax!!
+attributetype ( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+#attributetype ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain'
+# EQUALITY caseIgnoreIA5Match
+# SUBSTR caseIgnoreIA5SubstringsMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 0.9.2342.19200300.100.1.38 NAME 'associatedName'
+ DESC 'RFC1274: DN of entry associated with domain'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress'
+ DESC 'RFC1274: home postal address'
+ EQUALITY caseIgnoreListMatch
+ SUBSTR caseIgnoreListSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+
+attributetype ( 0.9.2342.19200300.100.1.40 NAME 'personalTitle'
+ DESC 'RFC1274: personal title'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.41
+ NAME ( 'mobile' 'mobileTelephoneNumber' )
+ DESC 'RFC1274: mobile telephone number'
+ EQUALITY telephoneNumberMatch
+ SUBSTR telephoneNumberSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
+
+attributetype ( 0.9.2342.19200300.100.1.42
+ NAME ( 'pager' 'pagerTelephoneNumber' )
+ DESC 'RFC1274: pager telephone number'
+ EQUALITY telephoneNumberMatch
+ SUBSTR telephoneNumberSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
+
+attributetype ( 0.9.2342.19200300.100.1.43
+ NAME ( 'co' 'friendlyCountryName' )
+ DESC 'RFC1274: friendly country name'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier'
+ DESC 'RFC1274: unique identifer'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus'
+ DESC 'RFC1274: organizational status'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox'
+ DESC 'RFC1274: Janet mailbox'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.47
+ NAME 'mailPreferenceOption'
+ DESC 'RFC1274: mail preference option'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+attributetype ( 0.9.2342.19200300.100.1.48 NAME 'buildingName'
+ DESC 'RFC1274: name of building'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.49 NAME 'dSAQuality'
+ DESC 'RFC1274: DSA Quality'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.19 SINGLE-VALUE )
+
+attributetype ( 0.9.2342.19200300.100.1.50 NAME 'singleLevelQuality'
+ DESC 'RFC1274: Single Level Quality'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE )
+
+attributetype ( 0.9.2342.19200300.100.1.51 NAME 'subtreeMinimumQuality'
+ DESC 'RFC1274: Subtree Minimum Quality'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE )
+
+attributetype ( 0.9.2342.19200300.100.1.52 NAME 'subtreeMaximumQuality'
+ DESC 'RFC1274: Subtree Maximum Quality'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE )
+
+attributetype ( 0.9.2342.19200300.100.1.53 NAME 'personalSignature'
+ DESC 'RFC1274: Personal Signature (G3 fax)'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.23 )
+
+attributetype ( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect'
+ DESC 'RFC1274: DIT Redirect'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 0.9.2342.19200300.100.1.55 NAME 'audio'
+ DESC 'RFC1274: audio (u-law)'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.4{25000} )
+
+attributetype ( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher'
+ DESC 'RFC1274: publisher of document'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+#objectclass ( 0.9.2342.19200300.100.4.3 NAME 'pilotObject'
+# DESC 'RFC1274: pilot object'
+# SUP top AUXILIARY
+# MAY ( info $ photo $ manager $ uniqueIdentifier $
+# lastModifiedTime $ lastModifiedBy $ dITRedirect $ audio )
+# )
+
+objectclass ( 0.9.2342.19200300.100.4.4
+ NAME ( 'pilotPerson' 'newPilotPerson' )
+ SUP person STRUCTURAL
+ MAY ( userid $ textEncodedORAddress $ rfc822Mailbox $
+ favouriteDrink $ roomNumber $ userClass $
+ homeTelephoneNumber $ homePostalAddress $ secretary $
+ personalTitle $ preferredDeliveryMethod $ businessCategory $
+ janetMailbox $ otherMailbox $ mobileTelephoneNumber $
+ pagerTelephoneNumber $ organizationalStatus $
+ mailPreferenceOption $ personalSignature )
+ )
+
+objectclass ( 0.9.2342.19200300.100.4.5 NAME 'account'
+ SUP top STRUCTURAL
+ MUST userid
+ MAY ( description $ seeAlso $ localityName $
+ organizationName $ organizationalUnitName $ host )
+ )
+
+objectclass ( 0.9.2342.19200300.100.4.6 NAME 'document'
+ SUP top STRUCTURAL
+ MUST documentIdentifier
+ MAY ( commonName $ description $ seeAlso $ localityName $
+ organizationName $ organizationalUnitName $
+ documentTitle $ documentVersion $ documentAuthor $
+ documentLocation $ documentPublisher )
+ )
+
+objectclass ( 0.9.2342.19200300.100.4.7 NAME 'room'
+ SUP top STRUCTURAL
+ MUST commonName
+ MAY ( roomNumber $ description $ seeAlso $ telephoneNumber )
+ )
+
+objectclass ( 0.9.2342.19200300.100.4.9 NAME 'documentSeries'
+ SUP top STRUCTURAL
+ MUST commonName
+ MAY ( description $ seeAlso $ telephonenumber $
+ localityName $ organizationName $ organizationalUnitName )
+ )
+
+objectclass ( 0.9.2342.19200300.100.4.13 NAME 'domain'
+ SUP top STRUCTURAL
+ MUST domainComponent
+ MAY ( associatedName $ organizationName $ description $
+ businessCategory $ seeAlso $ searchGuide $ userPassword $
+ localityName $ stateOrProvinceName $ streetAddress $
+ physicalDeliveryOfficeName $ postalAddress $ postalCode $
+ postOfficeBox $ streetAddress $
+ facsimileTelephoneNumber $ internationalISDNNumber $
+ telephoneNumber $ teletexTerminalIdentifier $ telexNumber $
+ preferredDeliveryMethod $ destinationIndicator $
+ registeredAddress $ x121Address )
+ )
+
+objectclass ( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart'
+ SUP domain STRUCTURAL
+ MAY ( commonName $ surname $ description $ seeAlso $ telephoneNumber $
+ physicalDeliveryOfficeName $ postalAddress $ postalCode $
+ postOfficeBox $ streetAddress $
+ facsimileTelephoneNumber $ internationalISDNNumber $
+ telephoneNumber $ teletexTerminalIdentifier $
+ telexNumber $ preferredDeliveryMethod $ destinationIndicator $
+ registeredAddress $ x121Address )
+ )
+
+objectclass ( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain'
+ SUP domain STRUCTURAL
+ MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $
+ SOARecord $ CNAMERecord )
+ )
+
+objectclass ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject'
+ DESC 'RFC1274: an object related to an domain'
+ SUP top AUXILIARY
+ MUST associatedDomain )
+
+objectclass ( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry'
+ SUP country STRUCTURAL
+ MUST friendlyCountryName )
+
+## (in core.schema)
+## objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
+## SUP top AUXILIARY
+## MUST userPassword )
+
+objectclass ( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization'
+ SUP ( organization $ organizationalUnit ) STRUCTURAL
+ MAY buildingName )
+
+objectclass ( 0.9.2342.19200300.100.4.21 NAME 'pilotDSA'
+ SUP dsa STRUCTURAL
+ MAY dSAQuality )
+
+objectclass ( 0.9.2342.19200300.100.4.22 NAME 'qualityLabelledData'
+ SUP top AUXILIARY
+ MUST dsaQuality
+ MAY ( subtreeMinimumQuality $ subtreeMaximumQuality )
+ )
diff --git a/debian/schema/duaconf.schema b/debian/schema/duaconf.schema
new file mode 100644
index 0000000..8c1683f
--- /dev/null
+++ b/debian/schema/duaconf.schema
@@ -0,0 +1,153 @@
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2014 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+# DUA schema from draft-joslin-config-schema (a work in progress)
+
+# Contents of this file are subject to change (including deletion)
+# without notice.
+#
+# Not recommended for production use!
+# Use with extreme caution!
+
+## Notes:
+## - The matching rule for attributes followReferrals and dereferenceAliases
+## has been changed to booleanMatch since their syntax is boolean
+## - There was a typo in the name of the dereferenceAliases attributeType
+## in the DUAConfigProfile objectClass definition
+## - Credit goes to the original Authors
+
+# The version of this file as distributed by the OpenLDAP Foundation
+# contains text from an IETF Internet-Draft explaining the schema.
+# Unfortunately, that text is covered by a license that doesn't meet
+# Debian's Free Software Guidelines. This is a stripped version of the
+# schema that contains only the functional schema definition, not the text
+# of the Internet-Draft.
+#
+# For an explanation of this schema, see
+# draft-joslin-config-schema-07.txt.
+
+objectidentifier DUAConfSchemaOID 1.3.6.1.4.1.11.1.3.1
+
+attributeType ( DUAConfSchemaOID:1.0 NAME 'defaultServerList'
+ DESC 'Default LDAP server host address used by a DUA'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.1 NAME 'defaultSearchBase'
+ DESC 'Default LDAP base DN used by a DUA'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.2 NAME 'preferredServerList'
+ DESC 'Preferred LDAP server host addresses to be used by a
+ DUA'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.3 NAME 'searchTimeLimit'
+ DESC 'Maximum time in seconds a DUA should allow for a
+ search to complete'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.4 NAME 'bindTimeLimit'
+ DESC 'Maximum time in seconds a DUA should allow for the
+ bind operation to complete'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.5 NAME 'followReferrals'
+ DESC 'Tells DUA if it should follow referrals
+ returned by a DSA search result'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.16 NAME 'dereferenceAliases'
+ DESC 'Tells DUA if it should dereference aliases'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.6 NAME 'authenticationMethod'
+ DESC 'A keystring which identifies the type of
+ authentication method used to contact the DSA'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.7 NAME 'profileTTL'
+ DESC 'Time to live, in seconds, before a client DUA
+ should re-read this configuration profile'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.14 NAME 'serviceSearchDescriptor'
+ DESC 'LDAP search descriptor list used by a DUA'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributeType ( DUAConfSchemaOID:1.9 NAME 'attributeMap'
+ DESC 'Attribute mappings used by a DUA'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributeType ( DUAConfSchemaOID:1.10 NAME 'credentialLevel'
+ DESC 'Identifies type of credentials a DUA should
+ use when binding to the LDAP server'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.11 NAME 'objectclassMap'
+ DESC 'Objectclass mappings used by a DUA'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributeType ( DUAConfSchemaOID:1.12 NAME 'defaultSearchScope'
+ DESC 'Default search scope used by a DUA'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.13 NAME 'serviceCredentialLevel'
+ DESC 'Identifies type of credentials a DUA
+ should use when binding to the LDAP server for a
+ specific service'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributeType ( DUAConfSchemaOID:1.15 NAME 'serviceAuthenticationMethod'
+ DESC 'Authentication method used by a service of the DUA'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectClass ( DUAConfSchemaOID:2.5 NAME 'DUAConfigProfile'
+ SUP top STRUCTURAL
+ DESC 'Abstraction of a base configuration for a DUA'
+ MUST ( cn )
+ MAY ( defaultServerList $ preferredServerList $
+ defaultSearchBase $ defaultSearchScope $
+ searchTimeLimit $ bindTimeLimit $
+ credentialLevel $ authenticationMethod $
+ followReferrals $ dereferenceAliases $
+ serviceSearchDescriptor $ serviceCredentialLevel $
+ serviceAuthenticationMethod $ objectclassMap $
+ attributeMap $ profileTTL ) )
diff --git a/debian/schema/inetorgperson.schema b/debian/schema/inetorgperson.schema
new file mode 100644
index 0000000..34c3bf8
--- /dev/null
+++ b/debian/schema/inetorgperson.schema
@@ -0,0 +1,113 @@
+# inetorgperson.schema -- InetOrgPerson (RFC2798)
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2014 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+# InetOrgPerson (RFC2798)
+#
+# Depends upon
+# Definition of an X.500 Attribute Type and an Object Class to Hold
+# Uniform Resource Identifiers (URIs) [RFC2079]
+# (core.schema)
+#
+# A Summary of the X.500(96) User Schema for use with LDAPv3 [RFC2256]
+# (core.schema)
+#
+# The COSINE and Internet X.500 Schema [RFC1274] (cosine.schema)
+
+# The version of this file as distributed by the OpenLDAP Foundation
+# contains text from an IETF RFC explaining the schema. Unfortunately,
+# that text is covered by a license that doesn't meet Debian's Free
+# Software Guidelines. This is a stripped version of the schema that
+# contains only the functional schema definition, not the text of the
+# RFC.
+#
+# For an explanation of this schema, see RFC 2798, at (among other
+# places): http://www.ietf.org/rfc/rfc2798.txt
+
+attributetype ( 2.16.840.1.113730.3.1.1
+ NAME 'carLicense'
+ DESC 'RFC2798: vehicle license or registration plate'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 2.16.840.1.113730.3.1.2
+ NAME 'departmentNumber'
+ DESC 'RFC2798: identifies a department within an organization'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 2.16.840.1.113730.3.1.241
+ NAME 'displayName'
+ DESC 'RFC2798: preferred name to be used when displaying entries'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113730.3.1.3
+ NAME 'employeeNumber'
+ DESC 'RFC2798: numerically identifies an employee within an organization'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113730.3.1.4
+ NAME 'employeeType'
+ DESC 'RFC2798: type of employment for a person'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 0.9.2342.19200300.100.1.60
+ NAME 'jpegPhoto'
+ DESC 'RFC2798: a JPEG image'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 )
+
+attributetype ( 2.16.840.1.113730.3.1.39
+ NAME 'preferredLanguage'
+ DESC 'RFC2798: preferred written or spoken language for a person'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+## OpenLDAP note: ";binary" transfer should NOT be used as syntax is binary
+attributetype ( 2.16.840.1.113730.3.1.40
+ NAME 'userSMIMECertificate'
+ DESC 'RFC2798: PKCS#7 SignedData used to support S/MIME'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
+
+## OpenLDAP note: ";binary" transfer should NOT be used as syntax is binary
+attributetype ( 2.16.840.1.113730.3.1.216
+ NAME 'userPKCS12'
+ DESC 'RFC2798: personal identity information, a PKCS #12 PFX'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
+
+objectclass ( 2.16.840.1.113730.3.2.2
+ NAME 'inetOrgPerson'
+ DESC 'RFC2798: Internet Organizational Person'
+ SUP organizationalPerson
+ STRUCTURAL
+ MAY (
+ audio $ businessCategory $ carLicense $ departmentNumber $
+ displayName $ employeeNumber $ employeeType $ givenName $
+ homePhone $ homePostalAddress $ initials $ jpegPhoto $
+ labeledURI $ mail $ manager $ mobile $ o $ pager $
+ photo $ roomNumber $ secretary $ uid $ userCertificate $
+ x500uniqueIdentifier $ preferredLanguage $
+ userSMIMECertificate $ userPKCS12 )
+ )
diff --git a/debian/schema/java.schema b/debian/schema/java.schema
new file mode 100644
index 0000000..24c1f1b
--- /dev/null
+++ b/debian/schema/java.schema
@@ -0,0 +1,109 @@
+# java.schema -- Java Object Schema
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/java.schema,v 1.5.2.3 2007/01/02 21:44:09 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+# Java Object Schema (defined in RFC 2713)
+# depends upon core.schema
+#
+
+# The version of this file as distributed by the OpenLDAP Foundation
+# contains text from an IETF RFC explaining the schema. Unfortunately,
+# that text is covered by a license that doesn't meet Debian's Free
+# Software Guidelines. This is a stripped version of the schema that
+# contains only the functional schema definition, not the text of the
+# RFC.
+#
+# For an explanation of this schema, see RFC 2713, at (among other
+# places): http://www.ietf.org/rfc/rfc2713.txt
+
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.6
+ NAME 'javaClassName'
+ DESC 'Fully qualified name of distinguished Java class or interface'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.7
+ NAME 'javaCodebase'
+ DESC 'URL(s) specifying the location of class definition'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.13
+ NAME 'javaClassNames'
+ DESC 'Fully qualified Java class or interface name'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.8
+ NAME 'javaSerializedData'
+ DESC 'Serialized form of a Java object'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.10
+ NAME 'javaFactory'
+ DESC 'Fully qualified Java class name of a JNDI object factory'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.11
+ NAME 'javaReferenceAddress'
+ DESC 'Addresses associated with a JNDI Reference'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.12
+ NAME 'javaDoc'
+ DESC 'The Java documentation for the class'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.1
+ NAME 'javaContainer'
+ DESC 'Container for a Java object'
+ SUP top
+ STRUCTURAL
+ MUST cn )
+
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.4
+ NAME 'javaObject'
+ DESC 'Java object representation'
+ SUP top
+ ABSTRACT
+ MUST javaClassName
+ MAY ( javaClassNames $ javaCodebase $
+ javaDoc $ description ) )
+
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.5
+ NAME 'javaSerializedObject'
+ DESC 'Java serialized object'
+ SUP javaObject
+ AUXILIARY
+ MUST javaSerializedData )
+
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.8
+ NAME 'javaMarshalledObject'
+ DESC 'Java marshalled object'
+ SUP javaObject
+ AUXILIARY
+ MUST javaSerializedData )
+
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.7
+ NAME 'javaNamingReference'
+ DESC 'JNDI reference'
+ SUP javaObject
+ AUXILIARY
+ MAY ( javaReferenceAddress $ javaFactory ) )
diff --git a/debian/schema/namedobject.schema b/debian/schema/namedobject.schema
new file mode 100644
index 0000000..d5b5d48
--- /dev/null
+++ b/debian/schema/namedobject.schema
@@ -0,0 +1,42 @@
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 2021 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+# The version of this file as distributed by the OpenLDAP Foundation
+# contains text from an IETF Internet-Draft explaining the schema.
+# Unfortunately, that text is covered by a license that doesn't meet
+# Debian's Free Software Guidelines. This is a stripped version of the
+# schema that contains only the functional schema definition, not the
+# text of the Internet-Draft.
+
+##
+## Definitions from draft Structural Object Classes for Named Objects
+## https://tools.ietf.org/html/draft-stroeder-namedobject
+##
+## Portions Copyright (c) 2013 IETF Trust and the persons identified
+## as the document authors. All rights reserved.
+#
+# Depends upon core.schema and cosine.schema
+
+objectclass ( 1.3.6.1.4.1.5427.1.389.6.20
+ NAME 'namedObject'
+ SUP top
+ STRUCTURAL
+ MUST ( cn )
+ MAY ( uniqueIdentifier $ description ) )
+
+objectclass ( 1.3.6.1.4.1.5427.1.389.6.21
+ NAME 'namedPolicy'
+ SUP namedObject
+ STRUCTURAL )
+
diff --git a/debian/schema/pmi.schema b/debian/schema/pmi.schema
new file mode 100644
index 0000000..6b0fe73
--- /dev/null
+++ b/debian/schema/pmi.schema
@@ -0,0 +1,476 @@
+# OpenLDAP X.509 PMI schema
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2014 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+
+# The version of this file as distributed by the OpenLDAP Foundation
+# contains text claiming copyright by the Internet Society and including
+# the IETF RFC license, which does not meet Debian's Free Software
+# Guidelines. However, apart from short and obvious comments, the text of
+# this file is purely a functional interface specification, which is not
+# subject to that license and is not copyrightable under US law.
+#
+# The license statement is retained below so as not to remove credit, but
+# as best as we can determine, it is not applicable to the contents of
+# this file.
+
+## Portions Copyright (C) The Internet Society (1997-2006).
+## All Rights Reserved.
+##
+## This document and translations of it may be copied and furnished to
+## others, and derivative works that comment on or otherwise explain it
+## or assist in its implementation may be prepared, copied, published
+## and distributed, in whole or in part, without restriction of any
+## kind, provided that the above copyright notice and this paragraph are
+## included on all such copies and derivative works. However, this
+## document itself may not be modified in any way, such as by removing
+## the copyright notice or references to the Internet Society or other
+## Internet organizations, except as needed for the purpose of
+## developing Internet standards in which case the procedures for
+## copyrights defined in the Internet Standards process must be
+## followed, or as required to translate it into languages other than
+## English.
+##
+## The limited permissions granted above are perpetual and will not be
+## revoked by the Internet Society or its successors or assigns.
+##
+## This document and the information contained herein is provided on an
+## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
+## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+#
+#
+# Includes LDAPv3 schema items from:
+# ITU X.509 (08/2005)
+#
+## X.509 (08/2005) pp. 120-121
+##
+## -- object identifier assignments --
+## -- object classes --
+## id-oc-pmiUser OBJECT IDENTIFIER ::= {id-oc 24}
+## id-oc-pmiAA OBJECT IDENTIFIER ::= {id-oc 25}
+## id-oc-pmiSOA OBJECT IDENTIFIER ::= {id-oc 26}
+## id-oc-attCertCRLDistributionPts OBJECT IDENTIFIER ::= {id-oc 27}
+## id-oc-privilegePolicy OBJECT IDENTIFIER ::= {id-oc 32}
+## id-oc-pmiDelegationPath OBJECT IDENTIFIER ::= {id-oc 33}
+## id-oc-protectedPrivilegePolicy OBJECT IDENTIFIER ::= {id-oc 34}
+## -- directory attributes --
+## id-at-attributeCertificate OBJECT IDENTIFIER ::= {id-at 58}
+## id-at-attributeCertificateRevocationList OBJECT IDENTIFIER ::= {id-at 59}
+## id-at-aACertificate OBJECT IDENTIFIER ::= {id-at 61}
+## id-at-attributeDescriptorCertificate OBJECT IDENTIFIER ::= {id-at 62}
+## id-at-attributeAuthorityRevocationList OBJECT IDENTIFIER ::= {id-at 63}
+## id-at-privPolicy OBJECT IDENTIFIER ::= {id-at 71}
+## id-at-role OBJECT IDENTIFIER ::= {id-at 72}
+## id-at-delegationPath OBJECT IDENTIFIER ::= {id-at 73}
+## id-at-protPrivPolicy OBJECT IDENTIFIER ::= {id-at 74}
+## id-at-xMLPrivilegeInfo OBJECT IDENTIFIER ::= {id-at 75}
+## id-at-xMLPprotPrivPolicy OBJECT IDENTIFIER ::= {id-at 76}
+## -- attribute certificate extensions --
+## id-ce-authorityAttributeIdentifier OBJECT IDENTIFIER ::= {id-ce 38}
+## id-ce-roleSpecCertIdentifier OBJECT IDENTIFIER ::= {id-ce 39}
+## id-ce-basicAttConstraints OBJECT IDENTIFIER ::= {id-ce 41}
+## id-ce-delegatedNameConstraints OBJECT IDENTIFIER ::= {id-ce 42}
+## id-ce-timeSpecification OBJECT IDENTIFIER ::= {id-ce 43}
+## id-ce-attributeDescriptor OBJECT IDENTIFIER ::= {id-ce 48}
+## id-ce-userNotice OBJECT IDENTIFIER ::= {id-ce 49}
+## id-ce-sOAIdentifier OBJECT IDENTIFIER ::= {id-ce 50}
+## id-ce-acceptableCertPolicies OBJECT IDENTIFIER ::= {id-ce 52}
+## id-ce-targetInformation OBJECT IDENTIFIER ::= {id-ce 55}
+## id-ce-noRevAvail OBJECT IDENTIFIER ::= {id-ce 56}
+## id-ce-acceptablePrivilegePolicies OBJECT IDENTIFIER ::= {id-ce 57}
+## id-ce-indirectIssuer OBJECT IDENTIFIER ::= {id-ce 61}
+## id-ce-noAssertion OBJECT IDENTIFIER ::= {id-ce 62}
+## id-ce-issuedOnBehalfOf OBJECT IDENTIFIER ::= {id-ce 64}
+## -- PMI matching rules --
+## id-mr-attributeCertificateMatch OBJECT IDENTIFIER ::= {id-mr 42}
+## id-mr-attributeCertificateExactMatch OBJECT IDENTIFIER ::= {id-mr 45}
+## id-mr-holderIssuerMatch OBJECT IDENTIFIER ::= {id-mr 46}
+## id-mr-authAttIdMatch OBJECT IDENTIFIER ::= {id-mr 53}
+## id-mr-roleSpecCertIdMatch OBJECT IDENTIFIER ::= {id-mr 54}
+## id-mr-basicAttConstraintsMatch OBJECT IDENTIFIER ::= {id-mr 55}
+## id-mr-delegatedNameConstraintsMatch OBJECT IDENTIFIER ::= {id-mr 56}
+## id-mr-timeSpecMatch OBJECT IDENTIFIER ::= {id-mr 57}
+## id-mr-attDescriptorMatch OBJECT IDENTIFIER ::= {id-mr 58}
+## id-mr-acceptableCertPoliciesMatch OBJECT IDENTIFIER ::= {id-mr 59}
+## id-mr-delegationPathMatch OBJECT IDENTIFIER ::= {id-mr 61}
+## id-mr-sOAIdentifierMatch OBJECT IDENTIFIER ::= {id-mr 66}
+## id-mr-indirectIssuerMatch OBJECT IDENTIFIER ::= {id-mr 67}
+##
+##
+## X.509 (08/2005) pp. 71, 86-89
+##
+## 14.4.1 Role attribute
+## role ATTRIBUTE ::= {
+## WITH SYNTAX RoleSyntax
+## ID id-at-role }
+## RoleSyntax ::= SEQUENCE {
+## roleAuthority [0] GeneralNames OPTIONAL,
+## roleName [1] GeneralName }
+##
+## 14.5 XML privilege information attribute
+## xmlPrivilegeInfo ATTRIBUTE ::= {
+## WITH SYNTAX UTF8String -- contains XML-encoded privilege information
+## ID id-at-xMLPrivilegeInfo }
+##
+## 17.1 PMI directory object classes
+##
+## 17.1.1 PMI user object class
+## pmiUser OBJECT-CLASS ::= {
+## -- a PMI user (i.e., a "holder")
+## SUBCLASS OF {top}
+## KIND auxiliary
+## MAY CONTAIN {attributeCertificateAttribute}
+## ID id-oc-pmiUser }
+##
+## 17.1.2 PMI AA object class
+## pmiAA OBJECT-CLASS ::= {
+## -- a PMI AA
+## SUBCLASS OF {top}
+## KIND auxiliary
+## MAY CONTAIN {aACertificate |
+## attributeCertificateRevocationList |
+## attributeAuthorityRevocationList}
+## ID id-oc-pmiAA }
+##
+## 17.1.3 PMI SOA object class
+## pmiSOA OBJECT-CLASS ::= { -- a PMI Source of Authority
+## SUBCLASS OF {top}
+## KIND auxiliary
+## MAY CONTAIN {attributeCertificateRevocationList |
+## attributeAuthorityRevocationList |
+## attributeDescriptorCertificate}
+## ID id-oc-pmiSOA }
+##
+## 17.1.4 Attribute certificate CRL distribution point object class
+## attCertCRLDistributionPt OBJECT-CLASS ::= {
+## SUBCLASS OF {top}
+## KIND auxiliary
+## MAY CONTAIN { attributeCertificateRevocationList |
+## attributeAuthorityRevocationList }
+## ID id-oc-attCertCRLDistributionPts }
+##
+## 17.1.5 PMI delegation path
+## pmiDelegationPath OBJECT-CLASS ::= {
+## SUBCLASS OF {top}
+## KIND auxiliary
+## MAY CONTAIN { delegationPath }
+## ID id-oc-pmiDelegationPath }
+##
+## 17.1.6 Privilege policy object class
+## privilegePolicy OBJECT-CLASS ::= {
+## SUBCLASS OF {top}
+## KIND auxiliary
+## MAY CONTAIN {privPolicy }
+## ID id-oc-privilegePolicy }
+##
+## 17.1.7 Protected privilege policy object class
+## protectedPrivilegePolicy OBJECT-CLASS ::= {
+## SUBCLASS OF {top}
+## KIND auxiliary
+## MAY CONTAIN {protPrivPolicy }
+## ID id-oc-protectedPrivilegePolicy }
+##
+## 17.2 PMI Directory attributes
+##
+## 17.2.1 Attribute certificate attribute
+## attributeCertificateAttribute ATTRIBUTE ::= {
+## WITH SYNTAX AttributeCertificate
+## EQUALITY MATCHING RULE attributeCertificateExactMatch
+## ID id-at-attributeCertificate }
+##
+## 17.2.2 AA certificate attribute
+## aACertificate ATTRIBUTE ::= {
+## WITH SYNTAX AttributeCertificate
+## EQUALITY MATCHING RULE attributeCertificateExactMatch
+## ID id-at-aACertificate }
+##
+## 17.2.3 Attribute descriptor certificate attribute
+## attributeDescriptorCertificate ATTRIBUTE ::= {
+## WITH SYNTAX AttributeCertificate
+## EQUALITY MATCHING RULE attributeCertificateExactMatch
+## ID id-at-attributeDescriptorCertificate }
+##
+## 17.2.4 Attribute certificate revocation list attribute
+## attributeCertificateRevocationList ATTRIBUTE ::= {
+## WITH SYNTAX CertificateList
+## EQUALITY MATCHING RULE certificateListExactMatch
+## ID id-at-attributeCertificateRevocationList}
+##
+## 17.2.5 AA certificate revocation list attribute
+## attributeAuthorityRevocationList ATTRIBUTE ::= {
+## WITH SYNTAX CertificateList
+## EQUALITY MATCHING RULE certificateListExactMatch
+## ID id-at-attributeAuthorityRevocationList }
+##
+## 17.2.6 Delegation path attribute
+## delegationPath ATTRIBUTE ::= {
+## WITH SYNTAX AttCertPath
+## ID id-at-delegationPath }
+## AttCertPath ::= SEQUENCE OF AttributeCertificate
+##
+## 17.2.7 Privilege policy attribute
+## privPolicy ATTRIBUTE ::= {
+## WITH SYNTAX PolicySyntax
+## ID id-at-privPolicy }
+##
+## 17.2.8 Protected privilege policy attribute
+## protPrivPolicy ATTRIBUTE ::= {
+## WITH SYNTAX AttributeCertificate
+## EQUALITY MATCHING RULE attributeCertificateExactMatch
+## ID id-at-protPrivPolicy }
+##
+## 17.2.9 XML Protected privilege policy attribute
+## xmlPrivPolicy ATTRIBUTE ::= {
+## WITH SYNTAX UTF8String -- contains XML-encoded privilege policy information
+## ID id-at-xMLPprotPrivPolicy }
+##
+
+## -- object identifier assignments --
+## -- object classes --
+objectidentifier id-oc-pmiUser 2.5.6.24
+objectidentifier id-oc-pmiAA 2.5.6.25
+objectidentifier id-oc-pmiSOA 2.5.6.26
+objectidentifier id-oc-attCertCRLDistributionPts 2.5.6.27
+objectidentifier id-oc-privilegePolicy 2.5.6.32
+objectidentifier id-oc-pmiDelegationPath 2.5.6.33
+objectidentifier id-oc-protectedPrivilegePolicy 2.5.6.34
+## -- directory attributes --
+objectidentifier id-at-attributeCertificate 2.5.4.58
+objectidentifier id-at-attributeCertificateRevocationList 2.5.4.59
+objectidentifier id-at-aACertificate 2.5.4.61
+objectidentifier id-at-attributeDescriptorCertificate 2.5.4.62
+objectidentifier id-at-attributeAuthorityRevocationList 2.5.4.63
+objectidentifier id-at-privPolicy 2.5.4.71
+objectidentifier id-at-role 2.5.4.72
+objectidentifier id-at-delegationPath 2.5.4.73
+objectidentifier id-at-protPrivPolicy 2.5.4.74
+objectidentifier id-at-xMLPrivilegeInfo 2.5.4.75
+objectidentifier id-at-xMLPprotPrivPolicy 2.5.4.76
+## -- attribute certificate extensions --
+## id-ce-authorityAttributeIdentifier OBJECT IDENTIFIER ::= {id-ce 38}
+## id-ce-roleSpecCertIdentifier OBJECT IDENTIFIER ::= {id-ce 39}
+## id-ce-basicAttConstraints OBJECT IDENTIFIER ::= {id-ce 41}
+## id-ce-delegatedNameConstraints OBJECT IDENTIFIER ::= {id-ce 42}
+## id-ce-timeSpecification OBJECT IDENTIFIER ::= {id-ce 43}
+## id-ce-attributeDescriptor OBJECT IDENTIFIER ::= {id-ce 48}
+## id-ce-userNotice OBJECT IDENTIFIER ::= {id-ce 49}
+## id-ce-sOAIdentifier OBJECT IDENTIFIER ::= {id-ce 50}
+## id-ce-acceptableCertPolicies OBJECT IDENTIFIER ::= {id-ce 52}
+## id-ce-targetInformation OBJECT IDENTIFIER ::= {id-ce 55}
+## id-ce-noRevAvail OBJECT IDENTIFIER ::= {id-ce 56}
+## id-ce-acceptablePrivilegePolicies OBJECT IDENTIFIER ::= {id-ce 57}
+## id-ce-indirectIssuer OBJECT IDENTIFIER ::= {id-ce 61}
+## id-ce-noAssertion OBJECT IDENTIFIER ::= {id-ce 62}
+## id-ce-issuedOnBehalfOf OBJECT IDENTIFIER ::= {id-ce 64}
+## -- PMI matching rules --
+objectidentifier id-mr 2.5.13
+objectidentifier id-mr-attributeCertificateMatch id-mr:42
+objectidentifier id-mr-attributeCertificateExactMatch id-mr:45
+objectidentifier id-mr-holderIssuerMatch id-mr:46
+objectidentifier id-mr-authAttIdMatch id-mr:53
+objectidentifier id-mr-roleSpecCertIdMatch id-mr:54
+objectidentifier id-mr-basicAttConstraintsMatch id-mr:55
+objectidentifier id-mr-delegatedNameConstraintsMatch id-mr:56
+objectidentifier id-mr-timeSpecMatch id-mr:57
+objectidentifier id-mr-attDescriptorMatch id-mr:58
+objectidentifier id-mr-acceptableCertPoliciesMatch id-mr:59
+objectidentifier id-mr-delegationPathMatch id-mr:61
+objectidentifier id-mr-sOAIdentifierMatch id-mr:66
+objectidentifier id-mr-indirectIssuerMatch id-mr:67
+## -- syntaxes --
+## NOTE: 1.3.6.1.4.1.4203.666.11.10 is the oid arc assigned by OpenLDAP
+## to this work in progress
+objectidentifier AttributeCertificate 1.3.6.1.4.1.4203.666.11.10.2.1
+objectidentifier CertificateList 1.3.6.1.4.1.1466.115.121.1.9
+objectidentifier AttCertPath 1.3.6.1.4.1.4203.666.11.10.2.4
+objectidentifier PolicySyntax 1.3.6.1.4.1.4203.666.11.10.2.5
+objectidentifier RoleSyntax 1.3.6.1.4.1.4203.666.11.10.2.6
+# NOTE: OIDs from <draft-ietf-pkix-ldap-schema-02.txt> (expired)
+#objectidentifier AttributeCertificate 1.2.826.0.1.3344810.7.5
+#objectidentifier AttCertPath 1.2.826.0.1.3344810.7.10
+#objectidentifier PolicySyntax 1.2.826.0.1.3344810.7.17
+#objectidentifier RoleSyntax 1.2.826.0.1.3344810.7.13
+##
+## Substitute syntaxes
+##
+## AttCertPath
+ldapsyntax ( 1.3.6.1.4.1.4203.666.11.10.2.4
+ NAME 'AttCertPath'
+ DESC 'X.509 PMI attribute certificate path: SEQUENCE OF AttributeCertificate'
+ X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' )
+##
+## PolicySyntax
+ldapsyntax ( 1.3.6.1.4.1.4203.666.11.10.2.5
+ NAME 'PolicySyntax'
+ DESC 'X.509 PMI policy syntax'
+ X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' )
+##
+## RoleSyntax
+ldapsyntax ( 1.3.6.1.4.1.4203.666.11.10.2.6
+ NAME 'RoleSyntax'
+ DESC 'X.509 PMI role syntax'
+ X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' )
+##
+## X.509 (08/2005) pp. 71, 86-89
+##
+## 14.4.1 Role attribute
+attributeType ( id-at-role
+ NAME 'role'
+ DESC 'X.509 Role attribute, use ;binary'
+ SYNTAX RoleSyntax )
+##
+## 14.5 XML privilege information attribute
+## -- contains XML-encoded privilege information
+attributeType ( id-at-xMLPrivilegeInfo
+ NAME 'xmlPrivilegeInfo'
+ DESC 'X.509 XML privilege information attribute'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+##
+## 17.2 PMI Directory attributes
+##
+## 17.2.1 Attribute certificate attribute
+attributeType ( id-at-attributeCertificate
+ NAME 'attributeCertificateAttribute'
+ DESC 'X.509 Attribute certificate attribute, use ;binary'
+ SYNTAX AttributeCertificate
+ EQUALITY attributeCertificateExactMatch )
+##
+## 17.2.2 AA certificate attribute
+attributeType ( id-at-aACertificate
+ NAME 'aACertificate'
+ DESC 'X.509 AA certificate attribute, use ;binary'
+ SYNTAX AttributeCertificate
+ EQUALITY attributeCertificateExactMatch )
+##
+## 17.2.3 Attribute descriptor certificate attribute
+attributeType ( id-at-attributeDescriptorCertificate
+ NAME 'attributeDescriptorCertificate'
+ DESC 'X.509 Attribute descriptor certificate attribute, use ;binary'
+ SYNTAX AttributeCertificate
+ EQUALITY attributeCertificateExactMatch )
+##
+## 17.2.4 Attribute certificate revocation list attribute
+attributeType ( id-at-attributeCertificateRevocationList
+ NAME 'attributeCertificateRevocationList'
+ DESC 'X.509 Attribute certificate revocation list attribute, use ;binary'
+ SYNTAX CertificateList
+ X-EQUALITY 'certificateListExactMatch, not implemented yet' )
+##
+## 17.2.5 AA certificate revocation list attribute
+attributeType ( id-at-attributeAuthorityRevocationList
+ NAME 'attributeAuthorityRevocationList'
+ DESC 'X.509 AA certificate revocation list attribute, use ;binary'
+ SYNTAX CertificateList
+ X-EQUALITY 'certificateListExactMatch, not implemented yet' )
+##
+## 17.2.6 Delegation path attribute
+attributeType ( id-at-delegationPath
+ NAME 'delegationPath'
+ DESC 'X.509 Delegation path attribute, use ;binary'
+ SYNTAX AttCertPath )
+## AttCertPath ::= SEQUENCE OF AttributeCertificate
+##
+## 17.2.7 Privilege policy attribute
+attributeType ( id-at-privPolicy
+ NAME 'privPolicy'
+ DESC 'X.509 Privilege policy attribute, use ;binary'
+ SYNTAX PolicySyntax )
+##
+## 17.2.8 Protected privilege policy attribute
+attributeType ( id-at-protPrivPolicy
+ NAME 'protPrivPolicy'
+ DESC 'X.509 Protected privilege policy attribute, use ;binary'
+ SYNTAX AttributeCertificate
+ EQUALITY attributeCertificateExactMatch )
+##
+## 17.2.9 XML Protected privilege policy attribute
+## -- contains XML-encoded privilege policy information
+attributeType ( id-at-xMLPprotPrivPolicy
+ NAME 'xmlPrivPolicy'
+ DESC 'X.509 XML Protected privilege policy attribute'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+##
+## 17.1 PMI directory object classes
+##
+## 17.1.1 PMI user object class
+## -- a PMI user (i.e., a "holder")
+objectClass ( id-oc-pmiUser
+ NAME 'pmiUser'
+ DESC 'X.509 PMI user object class'
+ SUP top
+ AUXILIARY
+ MAY ( attributeCertificateAttribute ) )
+##
+## 17.1.2 PMI AA object class
+## -- a PMI AA
+objectClass ( id-oc-pmiAA
+ NAME 'pmiAA'
+ DESC 'X.509 PMI AA object class'
+ SUP top
+ AUXILIARY
+ MAY ( aACertificate $
+ attributeCertificateRevocationList $
+ attributeAuthorityRevocationList
+ ) )
+##
+## 17.1.3 PMI SOA object class
+## -- a PMI Source of Authority
+objectClass ( id-oc-pmiSOA
+ NAME 'pmiSOA'
+ DESC 'X.509 PMI SOA object class'
+ SUP top
+ AUXILIARY
+ MAY ( attributeCertificateRevocationList $
+ attributeAuthorityRevocationList $
+ attributeDescriptorCertificate
+ ) )
+##
+## 17.1.4 Attribute certificate CRL distribution point object class
+objectClass ( id-oc-attCertCRLDistributionPts
+ NAME 'attCertCRLDistributionPt'
+ DESC 'X.509 Attribute certificate CRL distribution point object class'
+ SUP top
+ AUXILIARY
+ MAY ( attributeCertificateRevocationList $
+ attributeAuthorityRevocationList
+ ) )
+##
+## 17.1.5 PMI delegation path
+objectClass ( id-oc-pmiDelegationPath
+ NAME 'pmiDelegationPath'
+ DESC 'X.509 PMI delegation path'
+ SUP top
+ AUXILIARY
+ MAY ( delegationPath ) )
+##
+## 17.1.6 Privilege policy object class
+objectClass ( id-oc-privilegePolicy
+ NAME 'privilegePolicy'
+ DESC 'X.509 Privilege policy object class'
+ SUP top
+ AUXILIARY
+ MAY ( privPolicy ) )
+##
+## 17.1.7 Protected privilege policy object class
+objectClass ( id-oc-protectedPrivilegePolicy
+ NAME 'protectedPrivilegePolicy'
+ DESC 'X.509 Protected privilege policy object class'
+ SUP top
+ AUXILIARY
+ MAY ( protPrivPolicy ) )
+