connector/ldap/testdata: add LDAP schema files

connector/ldap/testdata/core.schema

+# OpenLDAP Core schema
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2016 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+## Portions Copyright (C) The Internet Society (1997-2006).
+## All Rights Reserved.
+##
+## This document and translations of it may be copied and furnished to
+## others, and derivative works that comment on or otherwise explain it
+## or assist in its implementation may be prepared, copied, published
+## and distributed, in whole or in part, without restriction of any
+## kind, provided that the above copyright notice and this paragraph are
+## included on all such copies and derivative works.  However, this
+## document itself may not be modified in any way, such as by removing
+## the copyright notice or references to the Internet Society or other
+## Internet organizations, except as needed for the purpose of
+## developing Internet standards in which case the procedures for
+## copyrights defined in the Internet Standards process must be         
+## followed, or as required to translate it into languages other than
+## English.
+##                                                                      
+## The limited permissions granted above are perpetual and will not be  
+## revoked by the Internet Society or its successors or assigns.        
+## 
+## This document and the information contained herein is provided on an 
+## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
+## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+#
+#
+# Includes LDAPv3 schema items from:
+#	RFC 2252/2256 (LDAPv3)
+#
+# Select standard track schema items:
+#	RFC 1274 (uid/dc)
+#	RFC 2079 (URI)
+#	RFC 2247 (dc/dcObject)
+#	RFC 2587 (PKI)
+#	RFC 2589 (Dynamic Directory Services)
+#	RFC 4524 (associatedDomain)
+#
+# Select informational schema items:
+#	RFC 2377 (uidObject)
+
+#
+# Standard attribute types from RFC 2256
+#
+
+# system schema
+#attributetype ( 2.5.4.0 NAME 'objectClass'
+#	DESC 'RFC2256: object classes of the entity'
+#	EQUALITY objectIdentifierMatch
+#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
+
+# system schema
+#attributetype ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' )
+#	DESC 'RFC2256: name of aliased object'
+#	EQUALITY distinguishedNameMatch
+#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
+
+attributetype ( 2.5.4.2 NAME 'knowledgeInformation'
+	DESC 'RFC2256: knowledge information'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+
+# system schema
+#attributetype ( 2.5.4.3 NAME ( 'cn' 'commonName' )
+#	DESC 'RFC2256: common name(s) for which the entity is known by'
+#	SUP name )
+
+attributetype ( 2.5.4.4 NAME ( 'sn' 'surname' )
+	DESC 'RFC2256: last (family) name(s) for which the entity is known by'
+	SUP name )
+
+attributetype ( 2.5.4.5 NAME 'serialNumber'
+	DESC 'RFC2256: serial number of the entity'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} )
+
+# RFC 4519 definition ('countryName' in X.500 and RFC2256)
+attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' )
+	DESC 'RFC4519: two-letter ISO-3166 country code'
+	SUP name
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.11
+	SINGLE-VALUE )
+
+#attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' )
+#	DESC 'RFC2256: ISO-3166 country 2-letter code'
+#	SUP name SINGLE-VALUE )
+
+attributetype ( 2.5.4.7 NAME ( 'l' 'localityName' )
+	DESC 'RFC2256: locality which this object resides in'
+	SUP name )
+
+attributetype ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' )
+	DESC 'RFC2256: state or province which this object resides in'
+	SUP name )
+
+attributetype ( 2.5.4.9 NAME ( 'street' 'streetAddress' )
+	DESC 'RFC2256: street address of this object'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+
+attributetype ( 2.5.4.10 NAME ( 'o' 'organizationName' )
+	DESC 'RFC2256: organization this object belongs to'
+	SUP name )
+
+attributetype ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' )
+	DESC 'RFC2256: organizational unit this object belongs to'
+	SUP name )
+
+attributetype ( 2.5.4.12 NAME 'title'
+	DESC 'RFC2256: title associated with the entity'
+	SUP name )
+
+# system schema
+#attributetype ( 2.5.4.13 NAME 'description'
+#	DESC 'RFC2256: descriptive information'
+#	EQUALITY caseIgnoreMatch
+#	SUBSTR caseIgnoreSubstringsMatch
+#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
+
+# Deprecated by enhancedSearchGuide
+attributetype ( 2.5.4.14 NAME 'searchGuide'
+	DESC 'RFC2256: search guide, deprecated by enhancedSearchGuide'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 )
+
+attributetype ( 2.5.4.15 NAME 'businessCategory'
+	DESC 'RFC2256: business category'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+
+attributetype ( 2.5.4.16 NAME 'postalAddress'
+	DESC 'RFC2256: postal address'
+	EQUALITY caseIgnoreListMatch
+	SUBSTR caseIgnoreListSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+
+attributetype ( 2.5.4.17 NAME 'postalCode'
+	DESC 'RFC2256: postal code'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
+
+attributetype ( 2.5.4.18 NAME 'postOfficeBox'
+	DESC 'RFC2256: Post Office Box'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
+
+attributetype ( 2.5.4.19 NAME 'physicalDeliveryOfficeName'
+	DESC 'RFC2256: Physical Delivery Office Name'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+
+attributetype ( 2.5.4.20 NAME 'telephoneNumber'
+	DESC 'RFC2256: Telephone Number'
+	EQUALITY telephoneNumberMatch
+	SUBSTR telephoneNumberSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} )
+
+attributetype ( 2.5.4.21 NAME 'telexNumber'
+	DESC 'RFC2256: Telex Number'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 )
+
+attributetype ( 2.5.4.22 NAME 'teletexTerminalIdentifier'
+	DESC 'RFC2256: Teletex Terminal Identifier'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 )
+
+attributetype ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' )
+	DESC 'RFC2256: Facsimile (Fax) Telephone Number'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 )
+
+attributetype ( 2.5.4.24 NAME 'x121Address'
+	DESC 'RFC2256: X.121 Address'
+	EQUALITY numericStringMatch
+	SUBSTR numericStringSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} )
+
+attributetype ( 2.5.4.25 NAME 'internationaliSDNNumber'
+	DESC 'RFC2256: international ISDN number'
+	EQUALITY numericStringMatch
+	SUBSTR numericStringSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} )
+
+attributetype ( 2.5.4.26 NAME 'registeredAddress'
+	DESC 'RFC2256: registered postal address'
+	SUP postalAddress
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+
+attributetype ( 2.5.4.27 NAME 'destinationIndicator'
+	DESC 'RFC2256: destination indicator'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} )
+
+attributetype ( 2.5.4.28 NAME 'preferredDeliveryMethod'
+	DESC 'RFC2256: preferred delivery method'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.14
+	SINGLE-VALUE )
+
+attributetype ( 2.5.4.29 NAME 'presentationAddress'
+	DESC 'RFC2256: presentation address'
+	EQUALITY presentationAddressMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.43
+	SINGLE-VALUE )
+
+attributetype ( 2.5.4.30 NAME 'supportedApplicationContext'
+	DESC 'RFC2256: supported application context'
+	EQUALITY objectIdentifierMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
+
+attributetype ( 2.5.4.31 NAME 'member'
+	DESC 'RFC2256: member of a group'
+	SUP distinguishedName )
+
+attributetype ( 2.5.4.32 NAME 'owner'
+	DESC 'RFC2256: owner (of the object)'
+	SUP distinguishedName )
+
+attributetype ( 2.5.4.33 NAME 'roleOccupant'
+	DESC 'RFC2256: occupant of role'
+	SUP distinguishedName )
+
+# system schema
+#attributetype ( 2.5.4.34 NAME 'seeAlso'
+#	DESC 'RFC2256: DN of related object'
+#	SUP distinguishedName )
+
+# system schema
+#attributetype ( 2.5.4.35 NAME 'userPassword'
+#	DESC 'RFC2256/2307: password of user'
+#	EQUALITY octetStringMatch
+#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
+
+# Must be transferred using ;binary
+# with certificateExactMatch rule (per X.509)
+attributetype ( 2.5.4.36 NAME 'userCertificate'
+	DESC 'RFC2256: X.509 user certificate, use ;binary'
+	EQUALITY certificateExactMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
+
+# Must be transferred using ;binary
+# with certificateExactMatch rule (per X.509)
+attributetype ( 2.5.4.37 NAME 'cACertificate'
+	DESC 'RFC2256: X.509 CA certificate, use ;binary'
+	EQUALITY certificateExactMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
+
+# Must be transferred using ;binary
+attributetype ( 2.5.4.38 NAME 'authorityRevocationList'
+	DESC 'RFC2256: X.509 authority revocation list, use ;binary'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+
+# Must be transferred using ;binary
+attributetype ( 2.5.4.39 NAME 'certificateRevocationList'
+	DESC 'RFC2256: X.509 certificate revocation list, use ;binary'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+
+# Must be stored and requested in the binary form
+attributetype ( 2.5.4.40 NAME 'crossCertificatePair'
+	DESC 'RFC2256: X.509 cross certificate pair, use ;binary'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 )
+
+# system schema
+#attributetype ( 2.5.4.41 NAME 'name'
+#	EQUALITY caseIgnoreMatch
+#	SUBSTR caseIgnoreSubstringsMatch
+#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+
+attributetype ( 2.5.4.42 NAME ( 'givenName' 'gn' )
+	DESC 'RFC2256: first name(s) for which the entity is known by'
+	SUP name )
+
+attributetype ( 2.5.4.43 NAME 'initials'
+	DESC 'RFC2256: initials of some or all of names, but not the surname(s).'
+	SUP name )
+
+attributetype ( 2.5.4.44 NAME 'generationQualifier'
+	DESC 'RFC2256: name qualifier indicating a generation'
+	SUP name )
+
+attributetype ( 2.5.4.45 NAME 'x500UniqueIdentifier'
+	DESC 'RFC2256: X.500 unique identifier'
+	EQUALITY bitStringMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )
+
+attributetype ( 2.5.4.46 NAME 'dnQualifier'
+	DESC 'RFC2256: DN qualifier'
+	EQUALITY caseIgnoreMatch
+	ORDERING caseIgnoreOrderingMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
+
+attributetype ( 2.5.4.47 NAME 'enhancedSearchGuide'
+	DESC 'RFC2256: enhanced search guide'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 )
+
+attributetype ( 2.5.4.48 NAME 'protocolInformation'
+	DESC 'RFC2256: protocol information'
+	EQUALITY protocolInformationMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 )
+
+# system schema
+#attributetype ( 2.5.4.49 NAME 'distinguishedName'
+#	EQUALITY distinguishedNameMatch
+#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 2.5.4.50 NAME 'uniqueMember'
+	DESC 'RFC2256: unique member of a group'
+	EQUALITY uniqueMemberMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 )
+
+attributetype ( 2.5.4.51 NAME 'houseIdentifier'
+	DESC 'RFC2256: house identifier'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+
+# Must be transferred using ;binary
+attributetype ( 2.5.4.52 NAME 'supportedAlgorithms'
+	DESC 'RFC2256: supported algorithms'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 )
+
+# Must be transferred using ;binary
+attributetype ( 2.5.4.53 NAME 'deltaRevocationList'
+	DESC 'RFC2256: delta revocation list; use ;binary'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+
+attributetype ( 2.5.4.54 NAME 'dmdName'
+	DESC 'RFC2256: name of DMD'
+	SUP name )
+
+attributetype ( 2.5.4.65 NAME 'pseudonym'
+	DESC 'X.520(4th): pseudonym for the object'
+	SUP name )
+
+# Standard object classes from RFC2256
+
+# system schema
+#objectclass ( 2.5.6.0 NAME 'top'
+#	DESC 'RFC2256: top of the superclass chain'
+#	ABSTRACT
+#	MUST objectClass )
+
+# system schema
+#objectclass ( 2.5.6.1 NAME 'alias'
+#	DESC 'RFC2256: an alias'
+#	SUP top STRUCTURAL
+#	MUST aliasedObjectName )
+
+objectclass ( 2.5.6.2 NAME 'country'
+	DESC 'RFC2256: a country'
+	SUP top STRUCTURAL
+	MUST c
+	MAY ( searchGuide $ description ) )
+
+objectclass ( 2.5.6.3 NAME 'locality'
+	DESC 'RFC2256: a locality'
+	SUP top STRUCTURAL
+	MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) )
+
+objectclass ( 2.5.6.4 NAME 'organization'
+	DESC 'RFC2256: an organization'
+	SUP top STRUCTURAL
+	MUST o
+	MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+		x121Address $ registeredAddress $ destinationIndicator $
+		preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+		telephoneNumber $ internationaliSDNNumber $ 
+		facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
+		postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
+
+objectclass ( 2.5.6.5 NAME 'organizationalUnit'
+	DESC 'RFC2256: an organizational unit'
+	SUP top STRUCTURAL
+	MUST ou
+	MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+		x121Address $ registeredAddress $ destinationIndicator $
+		preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+		telephoneNumber $ internationaliSDNNumber $
+		facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
+		postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
+
+objectclass ( 2.5.6.6 NAME 'person'
+	DESC 'RFC2256: a person'
+	SUP top STRUCTURAL
+	MUST ( sn $ cn )
+	MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) )
+
+objectclass ( 2.5.6.7 NAME 'organizationalPerson'
+	DESC 'RFC2256: an organizational person'
+	SUP person STRUCTURAL
+	MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $
+		preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+		telephoneNumber $ internationaliSDNNumber $ 
+		facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
+		postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) )
+
+objectclass ( 2.5.6.8 NAME 'organizationalRole'
+	DESC 'RFC2256: an organizational role'
+	SUP top STRUCTURAL
+	MUST cn
+	MAY ( x121Address $ registeredAddress $ destinationIndicator $
+		preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+		telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
+		seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $
+		postOfficeBox $ postalCode $ postalAddress $
+		physicalDeliveryOfficeName $ ou $ st $ l $ description ) )
+
+objectclass ( 2.5.6.9 NAME 'groupOfNames'
+	DESC 'RFC2256: a group of names (DNs)'
+	SUP top STRUCTURAL
+	MUST ( member $ cn )
+	MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
+
+objectclass ( 2.5.6.10 NAME 'residentialPerson'
+	DESC 'RFC2256: an residential person'
+	SUP person STRUCTURAL
+	MUST l
+	MAY ( businessCategory $ x121Address $ registeredAddress $
+		destinationIndicator $ preferredDeliveryMethod $ telexNumber $
+		teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $
+		facsimileTelephoneNumber $ preferredDeliveryMethod $ street $
+		postOfficeBox $ postalCode $ postalAddress $
+		physicalDeliveryOfficeName $ st $ l ) )
+
+objectclass ( 2.5.6.11 NAME 'applicationProcess'
+	DESC 'RFC2256: an application process'
+	SUP top STRUCTURAL
+	MUST cn
+	MAY ( seeAlso $ ou $ l $ description ) )
+
+objectclass ( 2.5.6.12 NAME 'applicationEntity'
+	DESC 'RFC2256: an application entity'
+	SUP top STRUCTURAL
+	MUST ( presentationAddress $ cn )
+	MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $
+	description ) )
+
+objectclass ( 2.5.6.13 NAME 'dSA'
+	DESC 'RFC2256: a directory system agent (a server)'
+	SUP applicationEntity STRUCTURAL
+	MAY knowledgeInformation )
+
+objectclass ( 2.5.6.14 NAME 'device'
+	DESC 'RFC2256: a device'
+	SUP top STRUCTURAL
+	MUST cn
+	MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) )
+
+objectclass ( 2.5.6.15 NAME 'strongAuthenticationUser'
+	DESC 'RFC2256: a strong authentication user'
+	SUP top AUXILIARY
+	MUST userCertificate )
+
+objectclass ( 2.5.6.16 NAME 'certificationAuthority'
+	DESC 'RFC2256: a certificate authority'
+	SUP top AUXILIARY
+	MUST ( authorityRevocationList $ certificateRevocationList $
+		cACertificate ) MAY crossCertificatePair )
+
+objectclass ( 2.5.6.17 NAME 'groupOfUniqueNames'
+	DESC 'RFC2256: a group of unique names (DN and Unique Identifier)'
+	SUP top STRUCTURAL
+	MUST ( uniqueMember $ cn )
+	MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
+
+objectclass ( 2.5.6.18 NAME 'userSecurityInformation'
+	DESC 'RFC2256: a user security information'
+	SUP top AUXILIARY
+	MAY ( supportedAlgorithms ) )
+
+objectclass ( 2.5.6.16.2 NAME 'certificationAuthority-V2'
+	SUP certificationAuthority
+	AUXILIARY MAY ( deltaRevocationList ) )
+
+objectclass ( 2.5.6.19 NAME 'cRLDistributionPoint'
+	SUP top STRUCTURAL
+	MUST ( cn )
+	MAY ( certificateRevocationList $ authorityRevocationList $
+		deltaRevocationList ) )
+
+objectclass ( 2.5.6.20 NAME 'dmd'
+	SUP top STRUCTURAL
+	MUST ( dmdName )
+	MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+		x121Address $ registeredAddress $ destinationIndicator $
+		preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+		telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
+		street $ postOfficeBox $ postalCode $ postalAddress $
+		physicalDeliveryOfficeName $ st $ l $ description ) )
+
+#
+# Object Classes from RFC 2587
+#
+objectclass ( 2.5.6.21 NAME 'pkiUser'
+	DESC 'RFC2587: a PKI user'
+	SUP top AUXILIARY
+	MAY userCertificate )
+
+objectclass ( 2.5.6.22 NAME 'pkiCA'
+	DESC 'RFC2587: PKI certificate authority'
+	SUP top AUXILIARY
+	MAY ( authorityRevocationList $ certificateRevocationList $
+		cACertificate $ crossCertificatePair ) )
+
+objectclass ( 2.5.6.23 NAME 'deltaCRL'
+	DESC 'RFC2587: PKI user'
+	SUP top AUXILIARY
+	MAY deltaRevocationList )
+
+#
+# Standard Track URI label schema from RFC 2079
+# system schema
+#attributetype ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI'
+#	DESC 'RFC2079: Uniform Resource Identifier with optional label'
+#	EQUALITY caseExactMatch
+#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectclass ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject'
+	DESC 'RFC2079: object that contains the URI attribute type'
+	SUP top AUXILIARY
+	MAY ( labeledURI ) )
+
+#
+# Derived from RFC 1274, but with new "short names"
+#
+#attributetype ( 0.9.2342.19200300.100.1.1
+#	NAME ( 'uid' 'userid' )
+#	DESC 'RFC1274: user identifier'
+#	EQUALITY caseIgnoreMatch
+#	SUBSTR caseIgnoreSubstringsMatch
+#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.3
+	NAME ( 'mail' 'rfc822Mailbox' )
+	DESC 'RFC1274: RFC822 Mailbox'
+    EQUALITY caseIgnoreIA5Match
+    SUBSTR caseIgnoreIA5SubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
+	DESC 'RFC1274: simple security object'
+	SUP top AUXILIARY
+	MUST userPassword )
+
+# RFC 1274 + RFC 2247
+attributetype ( 0.9.2342.19200300.100.1.25
+	NAME ( 'dc' 'domainComponent' )
+	DESC 'RFC1274/2247: domain component'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+# RFC 2247
+objectclass ( 1.3.6.1.4.1.1466.344 NAME 'dcObject'
+	DESC 'RFC2247: domain component object'
+	SUP top AUXILIARY MUST dc )
+
+# RFC 2377
+objectclass ( 1.3.6.1.1.3.1 NAME 'uidObject'
+	DESC 'RFC2377: uid object'
+	SUP top AUXILIARY MUST uid )
+
+# RFC 4524
+#   The 'associatedDomain' attribute specifies DNS [RFC1034][RFC2181]
+#   host names [RFC1123] that are associated with an object.   That is,
+#   values of this attribute should conform to the following ABNF:
+#
+#    domain = root / label *( DOT label )
+#    root   = SPACE
+#    label  = LETDIG [ *61( LETDIG / HYPHEN ) LETDIG ]
+#    LETDIG = %x30-39 / %x41-5A / %x61-7A ; "0" - "9" / "A"-"Z" / "a"-"z"
+#    SPACE  = %x20                        ; space (" ")
+#    HYPHEN = %x2D                        ; hyphen ("-")
+#    DOT    = %x2E                        ; period (".")
+attributetype ( 0.9.2342.19200300.100.1.37
+	NAME 'associatedDomain'
+	DESC 'RFC1274: domain associated with object'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+# RFC 2459 -- deprecated in favor of 'mail' (in cosine.schema)
+attributetype ( 1.2.840.113549.1.9.1
+	NAME ( 'email' 'emailAddress' 'pkcs9email' )
+	DESC 'RFC3280: legacy attribute for email addresses in DNs'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
+

connector/ldap/testdata/cosine.schema

+# RFC1274: Cosine and Internet X.500 schema
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2016 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+# RFC1274: Cosine and Internet X.500 schema
+#
+# This file contains LDAPv3 schema derived from X.500 COSINE "pilot"
+# schema.  As this schema was defined for X.500(89), some
+# oddities were introduced in the mapping to LDAPv3.  The
+# mappings were based upon: draft-ietf-asid-ldapv3-attributes-03.txt
+# (a work in progress)
+#
+# Note: It seems that the pilot schema evolved beyond what was
+# described in RFC1274.  However, this document attempts to describes
+# RFC1274 as published.
+#
+# Depends on core.schema
+
+
+# Network Working Group                                          P. Barker
+# Request for Comments: 1274                                      S. Kille
+#                                              University College London
+#                                                          November 1991
+#
+#                 The COSINE and Internet X.500 Schema
+#
+# [trimmed]
+#
+# Abstract
+#
+#  This document suggests an X.500 Directory Schema, or Naming
+#  Architecture, for use in the COSINE and Internet X.500 pilots.  The
+#  schema is independent of any specific implementation.  As well as
+#  indicating support for the standard object classes and attributes, a
+#  large number of generally useful object classes and attributes are
+#  also defined.  An appendix to this document includes a machine
+#  processable version of the schema.
+#
+# [trimmed]
+
+# 7.  Object Identifiers
+#
+#  Some additional object identifiers are defined for this schema.
+#  These are also reproduced in Appendix C.
+#
+#    data OBJECT IDENTIFIER ::= {ccitt 9}
+#    pss OBJECT IDENTIFIER ::= {data 2342}
+#    ucl OBJECT IDENTIFIER ::= {pss 19200300}
+#    pilot OBJECT IDENTIFIER ::= {ucl 100}
+#
+#    pilotAttributeType OBJECT IDENTIFIER ::= {pilot 1}
+#    pilotAttributeSyntax OBJECT IDENTIFIER ::= {pilot 3}
+#    pilotObjectClass OBJECT IDENTIFIER ::= {pilot 4}
+#    pilotGroups OBJECT IDENTIFIER ::= {pilot 10}
+#
+#    iA5StringSyntax OBJECT IDENTIFIER ::= {pilotAttributeSyntax 4}
+#    caseIgnoreIA5StringSyntax OBJECT IDENTIFIER ::=
+#                                          {pilotAttributeSyntax 5}
+#
+# 8.  Object Classes
+# [relocated after 9]
+
+#
+# 9.  Attribute Types
+#
+# 9.1.  X.500 standard attribute types
+#
+#  A number of generally useful attribute types are defined in X.520,
+#  and these are supported.  Refer to that document for descriptions of
+#  the suggested usage of these attribute types.  The ASN.1 for these
+#  attribute types is reproduced for completeness in Appendix C.
+#
+# 9.2.  X.400 standard attribute types
+#
+#  The standard X.400 attribute types are supported.  See X.402 for full
+#  details.  The ASN.1 for these attribute types is reproduced in
+#  Appendix C.
+#
+# 9.3.  COSINE/Internet attribute types
+#
+#  This section describes all the attribute types defined for use in the
+#  COSINE and Internet pilots.  Descriptions are given as to the
+#  suggested usage of these attribute types.  The ASN.1 for these
+#  attribute types is reproduced in Appendix C.
+#
+# 9.3.1.  Userid
+#
+#  The Userid attribute type specifies a computer system login name.
+#
+#    userid ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            caseIgnoreStringSyntax
+#            (SIZE (1 .. ub-user-identifier))
+#    ::= {pilotAttributeType 1}
+#
+#(in core.schema)
+##attributetype ( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' )
+##	EQUALITY caseIgnoreMatch
+##	SUBSTR caseIgnoreSubstringsMatch
+##	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+# 9.3.2.  Text Encoded O/R Address
+#
+#  The Text Encoded O/R Address attribute type specifies a text encoding
+#  of an X.400 O/R address, as specified in RFC 987.  The use of this
+#  attribute is deprecated as the attribute is intended for interim use
+#  only.  This attribute will be the first candidate for the attribute
+#  expiry mechanisms!
+#
+#    textEncodedORAddress ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            caseIgnoreStringSyntax
+#        (SIZE (1 .. ub-text-encoded-or-address))
+#    ::= {pilotAttributeType 2}
+#
+attributetype ( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+# 9.3.3.  RFC 822 Mailbox
+#
+#  The RFC822 Mailbox attribute type specifies an electronic mailbox
+#  attribute following the syntax specified in RFC 822.  Note that this
+#  attribute should not be used for greybook or other non-Internet order
+#  mailboxes.
+#
+#    rfc822Mailbox ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            caseIgnoreIA5StringSyntax
+#            (SIZE (1 .. ub-rfc822-mailbox))
+#    ::= {pilotAttributeType 3}
+#
+#(in core.schema)
+##attributetype ( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822Mailbox' )
+##	EQUALITY caseIgnoreIA5Match
+##	SUBSTR caseIgnoreIA5SubstringsMatch
+##	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+# 9.3.4.  Information
+#
+#  The Information attribute type specifies any general information
+#  pertinent to an object.  It is recommended that specific usage of
+#  this attribute type is avoided, and that specific requirements are
+#  met by other (possibly additional) attribute types.
+#
+#    info ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            caseIgnoreStringSyntax
+#            (SIZE (1 .. ub-information))
+#    ::= {pilotAttributeType 4}
+#
+attributetype ( 0.9.2342.19200300.100.1.4 NAME 'info'
+	DESC 'RFC1274: general information'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} )
+
+
+# 9.3.5.  Favourite Drink
+#
+#  The Favourite Drink attribute type specifies the favourite drink of
+#  an object (or person).
+#
+#    favouriteDrink ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            caseIgnoreStringSyntax
+#            (SIZE (1 .. ub-favourite-drink))
+#    ::= {pilotAttributeType 5}
+#
+attributetype ( 0.9.2342.19200300.100.1.5
+	NAME ( 'drink' 'favouriteDrink' )
+	DESC 'RFC1274: favorite drink'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+# 9.3.6.  Room Number
+#
+#  The Room Number attribute type specifies the room number of an
+#  object.  Note that the commonName attribute should be used for naming
+#  room objects.
+#
+#    roomNumber ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            caseIgnoreStringSyntax
+#            (SIZE (1 .. ub-room-number))
+#    ::= {pilotAttributeType 6}
+#
+attributetype ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber'
+	DESC 'RFC1274: room number'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+# 9.3.7.  Photo
+#
+#  The Photo attribute type specifies a "photograph" for an object.
+#  This should be encoded in G3 fax as explained in recommendation T.4,
+#  with an ASN.1 wrapper to make it compatible with an X.400 BodyPart as
+#  defined in X.420.
+#
+#    IMPORT  G3FacsimileBodyPart  FROM  {   mhs-motis   ipms   modules
+#    information-objects }
+#
+#    photo ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            CHOICE {
+#                g3-facsimile [3] G3FacsimileBodyPart
+#                }
+#        (SIZE (1 .. ub-photo))
+#    ::= {pilotAttributeType 7}
+#
+attributetype ( 0.9.2342.19200300.100.1.7 NAME 'photo'
+	DESC 'RFC1274: photo (G3 fax)'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000} )
+
+# 9.3.8.  User Class
+#
+#  The User Class attribute type specifies a category of computer user.
+#  The semantics placed on this attribute are for local interpretation.
+#  Examples of current usage od this attribute in academia are
+#  undergraduate student, researcher, lecturer, etc.  Note that the
+#  organizationalStatus attribute may now often be preferred as it makes
+#  no distinction between computer users and others.
+#
+#    userClass ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            caseIgnoreStringSyntax
+#            (SIZE (1 .. ub-user-class))
+#    ::= {pilotAttributeType 8}
+#
+attributetype ( 0.9.2342.19200300.100.1.8 NAME 'userClass'
+	DESC 'RFC1274: category of user'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+# 9.3.9.  Host
+#
+#  The Host attribute type specifies a host computer.
+#
+#    host ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            caseIgnoreStringSyntax
+#            (SIZE (1 .. ub-host))
+#    ::= {pilotAttributeType 9}
+#
+attributetype ( 0.9.2342.19200300.100.1.9 NAME 'host'
+	DESC 'RFC1274: host computer'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+# 9.3.10.  Manager
+#
+#  The Manager attribute type specifies the manager of an object
+#  represented by an entry.
+#
+#    manager ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            distinguishedNameSyntax
+#    ::= {pilotAttributeType 10}
+#
+attributetype ( 0.9.2342.19200300.100.1.10 NAME 'manager'
+	DESC 'RFC1274: DN of manager'
+	EQUALITY distinguishedNameMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+# 9.3.11.  Document Identifier
+#
+#  The Document Identifier attribute type specifies a unique identifier
+#  for a document.
+#
+#    documentIdentifier ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            caseIgnoreStringSyntax
+#            (SIZE (1 .. ub-document-identifier))
+#    ::= {pilotAttributeType 11}
+#
+attributetype ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier'
+	DESC 'RFC1274: unique identifier of document'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+# 9.3.12.  Document Title
+#
+#  The Document Title attribute type specifies the title of a document.
+#
+#    documentTitle ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            caseIgnoreStringSyntax
+#        (SIZE (1 .. ub-document-title))
+#    ::= {pilotAttributeType 12}
+#
+attributetype ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle'
+	DESC 'RFC1274: title of document'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+# 9.3.13.  Document Version
+#
+#  The Document Version attribute type specifies the version number of a
+#  document.
+#
+#    documentVersion ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            caseIgnoreStringSyntax
+#            (SIZE (1 .. ub-document-version))
+#    ::= {pilotAttributeType 13}
+#
+attributetype ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion'
+	DESC 'RFC1274: version of document'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+# 9.3.14.  Document Author
+#
+#  The Document Author attribute type specifies the distinguished name
+#  of the author of a document.
+#
+#    documentAuthor ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            distinguishedNameSyntax
+#    ::= {pilotAttributeType 14}
+#
+attributetype ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor'
+	DESC 'RFC1274: DN of author of document'
+	EQUALITY distinguishedNameMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+# 9.3.15.  Document Location
+#
+#  The Document Location attribute type specifies the location of the
+#  document original.
+#
+#    documentLocation ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            caseIgnoreStringSyntax
+#            (SIZE (1 .. ub-document-location))
+#    ::= {pilotAttributeType 15}
+#
+attributetype ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation'
+	DESC 'RFC1274: location of document original'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+# 9.3.16.  Home Telephone Number
+#
+#  The Home Telephone Number attribute type specifies a home telephone
+#  number associated with a person.  Attribute values should follow the
+#  agreed format for international telephone numbers: i.e., "+44 71 123
+#  4567".
+#
+#    homeTelephoneNumber ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            telephoneNumberSyntax
+#    ::= {pilotAttributeType 20}
+#
+attributetype ( 0.9.2342.19200300.100.1.20
+	NAME ( 'homePhone' 'homeTelephoneNumber' )
+	DESC 'RFC1274: home telephone number'
+	EQUALITY telephoneNumberMatch
+	SUBSTR telephoneNumberSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
+
+# 9.3.17.  Secretary
+#
+#  The Secretary attribute type specifies the secretary of a person.
+#  The attribute value for Secretary is a distinguished name.
+#
+#    secretary ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            distinguishedNameSyntax
+#    ::= {pilotAttributeType 21}
+#
+attributetype ( 0.9.2342.19200300.100.1.21 NAME 'secretary'
+	DESC 'RFC1274: DN of secretary'
+	EQUALITY distinguishedNameMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+# 9.3.18.  Other Mailbox
+#
+#  The Other Mailbox attribute type specifies values for electronic
+#  mailbox types other than X.400 and rfc822.
+#
+#    otherMailbox ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            SEQUENCE {
+#                    mailboxType PrintableString, -- e.g. Telemail
+#                    mailbox IA5String  -- e.g. X378:Joe
+#            }
+#    ::= {pilotAttributeType 22}
+#
+attributetype ( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.39 )
+
+# 9.3.19.  Last Modified Time
+#
+#  The Last Modified Time attribute type specifies the last time, in UTC
+#  time, that an entry was modified.  Ideally, this attribute should be
+#  maintained by the DSA.
+#
+#    lastModifiedTime ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            uTCTimeSyntax
+#    ::= {pilotAttributeType 23}
+#
+## Deprecated in favor of modifyTimeStamp
+#attributetype ( 0.9.2342.19200300.100.1.23 NAME 'lastModifiedTime'
+#	DESC 'RFC1274: time of last modify, replaced by modifyTimestamp'
+#	OBSOLETE
+#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.53
+#	USAGE directoryOperation )
+
+# 9.3.20.  Last Modified By
+#
+#  The Last Modified By attribute specifies the distinguished name of
+#  the last user to modify the associated entry.  Ideally, this
+#  attribute should be maintained by the DSA.
+#
+#    lastModifiedBy ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            distinguishedNameSyntax
+#    ::= {pilotAttributeType 24}
+#
+## Deprecated in favor of modifiersName
+#attributetype ( 0.9.2342.19200300.100.1.24 NAME 'lastModifiedBy'
+#	DESC 'RFC1274: last modifier, replaced by modifiersName'
+#	OBSOLETE
+#	EQUALITY distinguishedNameMatch
+#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+#	USAGE directoryOperation )
+
+# 9.3.21.  Domain Component
+#
+#  The Domain Component attribute type specifies a DNS/NRS domain.  For
+#  example, "uk" or "ac".
+#
+#    domainComponent ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            caseIgnoreIA5StringSyntax
+#            SINGLE VALUE
+#    ::= {pilotAttributeType 25}
+#
+##(in core.schema)
+##attributetype ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domainComponent' )
+##	EQUALITY caseIgnoreIA5Match
+##	SUBSTR caseIgnoreIA5SubstringsMatch
+##	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+# 9.3.22.  DNS ARecord
+#
+#  The A Record attribute type specifies a type A (Address) DNS resource
+#  record [6] [7].
+#
+#    aRecord ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            DNSRecordSyntax
+#    ::= {pilotAttributeType 26}
+#
+## incorrect syntax?
+attributetype ( 0.9.2342.19200300.100.1.26 NAME 'aRecord'
+	EQUALITY caseIgnoreIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+## missing from RFC1274
+## incorrect syntax?
+attributetype ( 0.9.2342.19200300.100.1.27 NAME 'mDRecord'
+	EQUALITY caseIgnoreIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+# 9.3.23.  MX Record
+#
+#  The MX Record attribute type specifies a type MX (Mail Exchange) DNS
+#  resource record [6] [7].
+#
+#    mXRecord ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            DNSRecordSyntax
+#    ::= {pilotAttributeType 28}
+#
+## incorrect syntax!!
+attributetype ( 0.9.2342.19200300.100.1.28 NAME 'mXRecord'
+	EQUALITY caseIgnoreIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+# 9.3.24.  NS Record
+#
+#  The NS Record attribute type specifies an NS (Name Server) DNS
+#  resource record [6] [7].
+#
+#    nSRecord ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            DNSRecordSyntax
+#    ::= {pilotAttributeType 29}
+#
+## incorrect syntax!!
+attributetype ( 0.9.2342.19200300.100.1.29 NAME 'nSRecord'
+	EQUALITY caseIgnoreIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+# 9.3.25.  SOA Record
+#
+#  The SOA Record attribute type specifies a type SOA (Start of
+#  Authority) DNS resorce record [6] [7].
+#
+#    sOARecord ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            DNSRecordSyntax
+#    ::= {pilotAttributeType 30}
+#
+## incorrect syntax!!
+attributetype ( 0.9.2342.19200300.100.1.30 NAME 'sOARecord'
+	EQUALITY caseIgnoreIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+# 9.3.26.  CNAME Record
+#
+#  The CNAME Record attribute type specifies a type CNAME (Canonical
+#  Name) DNS resource record [6] [7].
+#
+#    cNAMERecord ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            iA5StringSyntax
+#    ::= {pilotAttributeType 31}
+#
+## incorrect syntax!!
+attributetype ( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord'
+	EQUALITY caseIgnoreIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+# 9.3.27.  Associated Domain
+#
+#  The Associated Domain attribute type specifies a DNS or NRS domain
+#  which is associated with an object in the DIT. For example, the entry
+#  in the DIT with a distinguished name "C=GB, O=University College
+#  London" would have an associated domain of "UCL.AC.UK.  Note that all
+#  domains should be represented in rfc822 order.  See [3] for more
+#  details of usage of this attribute.
+#
+#    associatedDomain ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            caseIgnoreIA5StringSyntax
+#    ::= {pilotAttributeType 37}
+#
+#attributetype ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain'
+#	EQUALITY caseIgnoreIA5Match
+#	SUBSTR caseIgnoreIA5SubstringsMatch
+#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+# 9.3.28.  Associated Name
+#
+#  The Associated Name attribute type specifies an entry in the
+#  organisational DIT associated with a DNS/NRS domain.  See [3] for
+#  more details of usage of this attribute.
+#
+#    associatedName ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            distinguishedNameSyntax
+#    ::= {pilotAttributeType 38}
+#
+attributetype ( 0.9.2342.19200300.100.1.38 NAME 'associatedName'
+	DESC 'RFC1274: DN of entry associated with domain'
+	EQUALITY distinguishedNameMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+# 9.3.29.  Home postal address
+#
+#  The Home postal address attribute type specifies a home postal
+#  address for an object.  This should be limited to up to 6 lines of 30
+#  characters each.
+#
+#    homePostalAddress ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            postalAddress
+#            MATCHES FOR EQUALITY
+#    ::= {pilotAttributeType 39}
+#
+attributetype ( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress'
+	DESC 'RFC1274: home postal address'
+	EQUALITY caseIgnoreListMatch
+	SUBSTR caseIgnoreListSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+
+# 9.3.30.  Personal Title
+#
+#  The Personal Title attribute type specifies a personal title for a
+#  person. Examples of personal titles are "Ms", "Dr", "Prof" and "Rev".
+#
+#    personalTitle ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            caseIgnoreStringSyntax
+#            (SIZE (1 .. ub-personal-title))
+#    ::= {pilotAttributeType 40}
+#
+attributetype ( 0.9.2342.19200300.100.1.40 NAME 'personalTitle'
+	DESC 'RFC1274: personal title'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+# 9.3.31.  Mobile Telephone Number
+#
+#  The Mobile Telephone Number attribute type specifies a mobile
+#  telephone number associated with a person.  Attribute values should
+#  follow the agreed format for international telephone numbers: i.e.,
+#  "+44 71 123 4567".
+#
+#    mobileTelephoneNumber ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            telephoneNumberSyntax
+#    ::= {pilotAttributeType 41}
+#
+attributetype ( 0.9.2342.19200300.100.1.41
+	NAME ( 'mobile' 'mobileTelephoneNumber' )
+	DESC 'RFC1274: mobile telephone number'
+	EQUALITY telephoneNumberMatch
+	SUBSTR telephoneNumberSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
+
+# 9.3.32.  Pager Telephone Number
+#
+#  The Pager Telephone Number attribute type specifies a pager telephone
+#  number for an object. Attribute values should follow the agreed
+#  format for international telephone numbers: i.e., "+44 71 123 4567".
+#
+#    pagerTelephoneNumber ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            telephoneNumberSyntax
+#    ::= {pilotAttributeType 42}
+#
+attributetype ( 0.9.2342.19200300.100.1.42
+	NAME ( 'pager' 'pagerTelephoneNumber' )
+	DESC 'RFC1274: pager telephone number'
+	EQUALITY telephoneNumberMatch
+	SUBSTR telephoneNumberSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
+
+# 9.3.33.  Friendly Country Name
+#
+#  The Friendly Country Name attribute type specifies names of countries
+#  in human readable format.  The standard attribute country name must
+#  be one of the two-letter codes defined in ISO 3166.
+#
+#    friendlyCountryName ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            caseIgnoreStringSyntax
+#    ::= {pilotAttributeType 43}
+#
+attributetype ( 0.9.2342.19200300.100.1.43
+	NAME ( 'co' 'friendlyCountryName' )
+	DESC 'RFC1274: friendly country name'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+# 9.3.34.  Unique Identifier
+#
+#  The Unique Identifier attribute type specifies a "unique identifier"
+#  for an object represented in the Directory.  The domain within which
+#  the identifier is unique, and the exact semantics of the identifier,
+#  are for local definition.  For a person, this might be an
+#  institution-wide payroll number.  For an organisational unit, it
+#  might be a department code.
+#
+#    uniqueIdentifier ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            caseIgnoreStringSyntax
+#            (SIZE (1 .. ub-unique-identifier))
+#    ::= {pilotAttributeType 44}
+#
+attributetype ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier'
+	DESC 'RFC1274: unique identifer'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+# 9.3.35.  Organisational Status
+#
+#  The Organisational Status attribute type specifies a category by
+#  which a person is often referred to in an organisation.  Examples of
+#  usage in academia might include undergraduate student, researcher,
+#  lecturer, etc.
+#
+#  A Directory administrator should probably consider carefully the
+#  distinctions between this and the title and userClass attributes.
+#
+#    organizationalStatus ATTRIBUTE
+#            WITH ATTRIBUTE-SYNTAX
+#            caseIgnoreStringSyntax
+#            (SIZE (1 .. ub-organizational-status))
+#    ::= {pilotAttributeType 45}
+#
+attributetype ( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus'
+	DESC 'RFC1274: organizational status'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+# 9.3.36.  Janet Mailbox
+#
+#  The Janet Mailbox attribute type specifies an electronic mailbox
+#  attribute following the syntax specified in the Grey Book of the
+#  Coloured Book series.  This attribute is intended for the convenience
+#  of U.K users unfamiliar with rfc822 and little-endian mail addresses.
+#  Entries using this attribute MUST also include an rfc822Mailbox
+#  attribute.
+#
+#    janetMailbox ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            caseIgnoreIA5StringSyntax
+#            (SIZE (1 .. ub-janet-mailbox))
+#    ::= {pilotAttributeType 46}
+#
+attributetype ( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox'
+	DESC 'RFC1274: Janet mailbox'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+# 9.3.37.  Mail Preference Option
+#
+#  An attribute to allow users to indicate a preference for inclusion of
+#  their names on mailing lists (electronic or physical).  The absence
+#  of such an attribute should be interpreted as if the attribute was
+#  present with value "no-list-inclusion".  This attribute should be
+#  interpreted by anyone using the directory to derive mailing lists,
+#  and its value respected.
+#
+#    mailPreferenceOption ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX ENUMERATED {
+#                no-list-inclusion(0),
+#                any-list-inclusion(1),  -- may be added to any lists
+#                professional-list-inclusion(2)
+#                                        -- may be added to lists
+#                                        -- which the list provider
+#                                        -- views as related to the
+#                                        -- users professional inter-
+#                                        -- ests, perhaps evaluated
+#                                        -- from the business of the
+#                                        -- organisation or keywords
+#                                        -- in the entry.
+#                }
+#    ::= {pilotAttributeType 47}
+#
+attributetype ( 0.9.2342.19200300.100.1.47
+	NAME 'mailPreferenceOption'
+	DESC 'RFC1274: mail preference option'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+# 9.3.38.  Building Name
+#
+#  The Building Name attribute type specifies the name of the building
+#  where an organisation or organisational unit is based.
+#
+#    buildingName ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            caseIgnoreStringSyntax
+#            (SIZE (1 .. ub-building-name))
+#    ::= {pilotAttributeType 48}
+#
+attributetype ( 0.9.2342.19200300.100.1.48 NAME 'buildingName'
+	DESC 'RFC1274: name of building'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+# 9.3.39.  DSA Quality
+#
+#  The DSA Quality attribute type specifies the purported quality of a
+#  DSA.  It allows a DSA manager to indicate the expected level of
+#  availability of the DSA. See [8] for details of the syntax.
+#
+#    dSAQuality ATTRIBUTE
+#            WITH ATTRIBUTE-SYNTAX DSAQualitySyntax
+#            SINGLE VALUE
+#    ::= {pilotAttributeType 49}
+#
+attributetype ( 0.9.2342.19200300.100.1.49 NAME 'dSAQuality'
+	DESC 'RFC1274: DSA Quality'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.19 SINGLE-VALUE )
+
+# 9.3.40.  Single Level Quality
+#
+#  The Single Level Quality attribute type specifies the purported data
+#  quality at the level immediately below in the DIT.  See [8] for
+#  details of the syntax.
+#
+#    singleLevelQuality ATTRIBUTE
+#            WITH ATTRIBUTE-SYNTAX DataQualitySyntax
+#            SINGLE VALUE
+#    ::= {pilotAttributeType 50}
+#
+attributetype ( 0.9.2342.19200300.100.1.50 NAME 'singleLevelQuality'
+	DESC 'RFC1274: Single Level Quality'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE )
+
+# 9.3.41.  Subtree Minimum Quality
+#
+#  The Subtree Minimum Quality attribute type specifies the purported
+#  minimum data quality for a DIT subtree.  See [8] for more discussion
+#  and details of the syntax.
+#
+#    subtreeMinimumQuality ATTRIBUTE
+#            WITH ATTRIBUTE-SYNTAX DataQualitySyntax
+#            SINGLE VALUE
+#               -- Defaults to singleLevelQuality
+#    ::= {pilotAttributeType 51}
+#
+attributetype ( 0.9.2342.19200300.100.1.51 NAME 'subtreeMinimumQuality'
+	DESC 'RFC1274: Subtree Mininum Quality'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE )
+
+# 9.3.42.  Subtree Maximum Quality
+#
+#  The Subtree Maximum Quality attribute type specifies the purported
+#  maximum data quality for a DIT subtree.  See [8] for more discussion
+#  and details of the syntax.
+#
+#    subtreeMaximumQuality ATTRIBUTE
+#            WITH ATTRIBUTE-SYNTAX DataQualitySyntax
+#            SINGLE VALUE
+#               -- Defaults to singleLevelQuality
+#    ::= {pilotAttributeType 52}
+#
+attributetype ( 0.9.2342.19200300.100.1.52 NAME 'subtreeMaximumQuality'
+	DESC 'RFC1274: Subtree Maximun Quality'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE )
+
+# 9.3.43.  Personal Signature
+#
+#  The Personal Signature attribute type allows for a representation of
+#  a person's signature.  This should be encoded in G3 fax as explained
+#  in recommendation T.4, with an ASN.1 wrapper to make it compatible
+#  with an X.400 BodyPart as defined in X.420.
+#
+#    IMPORT  G3FacsimileBodyPart  FROM  {   mhs-motis   ipms   modules
+#    information-objects }
+#
+#    personalSignature ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            CHOICE {
+#                g3-facsimile [3] G3FacsimileBodyPart
+#                }
+#        (SIZE (1 .. ub-personal-signature))
+#    ::= {pilotAttributeType 53}
+#
+attributetype ( 0.9.2342.19200300.100.1.53 NAME 'personalSignature'
+	DESC 'RFC1274: Personal Signature (G3 fax)'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.23 )
+
+# 9.3.44.  DIT Redirect
+#
+#  The DIT Redirect attribute type is used to indicate that the object
+#  described by one entry now has a newer entry in the DIT.  The entry
+#  containing the redirection attribute should be expired after a
+#  suitable grace period.  This attribute may be used when an individual
+#  changes his/her place of work, and thus acquires a new organisational
+#  DN.
+#
+#    dITRedirect ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            distinguishedNameSyntax
+#    ::= {pilotAttributeType 54}
+#
+attributetype ( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect'
+	DESC 'RFC1274: DIT Redirect'
+	EQUALITY distinguishedNameMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+# 9.3.45.  Audio
+#
+#  The Audio attribute type allows the storing of sounds in the
+#  Directory.  The attribute uses a u-law encoded sound file as used by
+#  the "play" utility on a Sun 4.  This is an interim format.
+#
+#    audio ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            Audio
+#        (SIZE (1 .. ub-audio))
+#    ::= {pilotAttributeType 55}
+#
+attributetype ( 0.9.2342.19200300.100.1.55 NAME 'audio'
+	DESC 'RFC1274: audio (u-law)'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.4{25000} )
+
+# 9.3.46.  Publisher of Document
+#
+#
+#  The Publisher of Document attribute is the person and/or organization
+#  that published a document.
+#
+#    documentPublisher ATTRIBUTE
+#            WITH ATTRIBUTE SYNTAX caseIgnoreStringSyntax
+#    ::= {pilotAttributeType 56}
+#
+attributetype ( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher'
+	DESC 'RFC1274: publisher of document'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+# 9.4.  Generally useful syntaxes
+#
+#    caseIgnoreIA5StringSyntax ATTRIBUTE-SYNTAX
+#            IA5String
+#            MATCHES FOR EQUALITY SUBSTRINGS
+#
+#    iA5StringSyntax ATTRIBUTE-SYNTAX
+#        IA5String
+#        MATCHES FOR EQUALITY SUBSTRINGS
+#
+#
+#    -- Syntaxes to support the DNS attributes
+#
+#    DNSRecordSyntax ATTRIBUTE-SYNTAX
+#            IA5String
+#            MATCHES FOR EQUALITY
+#
+#
+#    NRSInformationSyntax ATTRIBUTE-SYNTAX
+#            NRSInformation
+#            MATCHES FOR EQUALITY
+#
+#
+#    NRSInformation ::=  SET {
+#                    [0] Context,
+#                    [1] Address-space-id,
+#                    routes [2] SEQUENCE OF SEQUENCE {
+#                    Route-cost,
+#                    Addressing-info }
+#            }
+#
+#
+# 9.5.  Upper bounds on length of attribute values
+#
+#
+#    ub-document-identifier INTEGER ::= 256
+#
+#    ub-document-location INTEGER ::= 256
+#
+#    ub-document-title INTEGER ::= 256
+#
+#    ub-document-version INTEGER ::= 256
+#
+#    ub-favourite-drink INTEGER ::= 256
+#
+#    ub-host INTEGER ::= 256
+#
+#    ub-information INTEGER ::= 2048
+#
+#    ub-unique-identifier INTEGER ::= 256
+#
+#    ub-personal-title INTEGER ::= 256
+#
+#    ub-photo INTEGER ::= 250000
+#
+#    ub-rfc822-mailbox INTEGER ::= 256
+#
+#    ub-room-number INTEGER ::= 256
+#
+#    ub-text-or-address INTEGER ::= 256
+#
+#    ub-user-class INTEGER ::= 256
+#
+#    ub-user-identifier INTEGER ::= 256
+#
+#    ub-organizational-status INTEGER ::= 256
+#
+#    ub-janet-mailbox INTEGER ::= 256
+#
+#    ub-building-name INTEGER ::= 256
+#
+#    ub-personal-signature ::= 50000
+#
+#    ub-audio INTEGER ::= 250000
+#
+
+# [back to 8]
+# 8.  Object Classes
+#
+# 8.1.  X.500 standard object classes
+#
+#  A number of generally useful object classes are defined in X.521, and
+#  these are supported.  Refer to that document for descriptions of the
+#  suggested usage of these object classes.  The ASN.1 for these object
+#  classes is reproduced for completeness in Appendix C.
+#
+# 8.2.  X.400 standard object classes
+#
+#  A number of object classes defined in X.400 are supported.  Refer to
+#  X.402 for descriptions of the usage of these object classes.  The
+#  ASN.1 for these object classes is reproduced for completeness in
+#  Appendix C.
+#
+# 8.3.  COSINE/Internet object classes
+#
+#  This section attempts to fuse together the object classes designed
+#  for use in the COSINE and Internet pilot activities.  Descriptions
+#  are given of the suggested usage of these object classes.  The ASN.1
+#  for these object classes is also reproduced in Appendix C.
+#
+# 8.3.1.  Pilot Object
+#
+#  The PilotObject object class is used as a sub-class to allow some
+#  common, useful attributes to be assigned to entries of all other
+#  object classes.
+#
+#    pilotObject OBJECT-CLASS
+#        SUBCLASS OF top
+#        MAY CONTAIN {
+#            info,
+#            photo,
+#            manager,
+#            uniqueIdentifier,
+#            lastModifiedTime,
+#            lastModifiedBy,
+#            dITRedirect,
+#            audio}
+#    ::= {pilotObjectClass 3}
+#
+#objectclass ( 0.9.2342.19200300.100.4.3 NAME 'pilotObject'
+#	DESC 'RFC1274: pilot object'
+#	SUP top AUXILIARY
+#	MAY ( info $ photo $ manager $ uniqueIdentifier $
+#		lastModifiedTime $ lastModifiedBy $ dITRedirect $ audio )
+#	)
+
+# 8.3.2.  Pilot Person
+#
+#  The PilotPerson object class is used as a sub-class of person, to
+#  allow the use of a number of additional attributes to be assigned to
+#  entries of object class person.
+#
+#    pilotPerson OBJECT-CLASS
+#        SUBCLASS OF person
+#        MAY CONTAIN {
+#                    userid,
+#                    textEncodedORAddress,
+#                    rfc822Mailbox,
+#                    favouriteDrink,
+#                    roomNumber,
+#                    userClass,
+#                    homeTelephoneNumber,
+#                    homePostalAddress,
+#                    secretary,
+#                    personalTitle,
+#                    preferredDeliveryMethod,
+#                    businessCategory,
+#                    janetMailbox,
+#                    otherMailbox,
+#                    mobileTelephoneNumber,
+#                    pagerTelephoneNumber,
+#                    organizationalStatus,
+#                    mailPreferenceOption,
+#                    personalSignature}
+#    ::= {pilotObjectClass 4}
+#
+objectclass ( 0.9.2342.19200300.100.4.4
+	NAME ( 'pilotPerson' 'newPilotPerson' )
+	SUP person STRUCTURAL
+	MAY ( userid $ textEncodedORAddress $ rfc822Mailbox $
+		favouriteDrink $ roomNumber $ userClass $
+		homeTelephoneNumber $ homePostalAddress $ secretary $
+		personalTitle $ preferredDeliveryMethod $ businessCategory $
+		janetMailbox $ otherMailbox $ mobileTelephoneNumber $
+		pagerTelephoneNumber $ organizationalStatus $
+		mailPreferenceOption $ personalSignature )
+	)
+
+# 8.3.3.  Account
+#
+#  The Account object class is used to define entries representing
+#  computer accounts.  The userid attribute should be used for naming
+#  entries of this object class.
+#
+#    account OBJECT-CLASS
+#        SUBCLASS OF top
+#        MUST CONTAIN {
+#            userid}
+#        MAY CONTAIN {
+#            description,
+#            seeAlso,
+#            localityName,
+#            organizationName,
+#            organizationalUnitName,
+#            host}
+#    ::= {pilotObjectClass 5}
+#
+objectclass ( 0.9.2342.19200300.100.4.5 NAME 'account'
+	SUP top STRUCTURAL
+	MUST userid
+	MAY ( description $ seeAlso $ localityName $
+		organizationName $ organizationalUnitName $ host )
+	)
+
+# 8.3.4.  Document
+#
+#  The Document object class is used to define entries which represent
+#  documents.
+#
+#    document OBJECT-CLASS
+#        SUBCLASS OF top
+#        MUST CONTAIN {
+#            documentIdentifier}
+#        MAY CONTAIN {
+#            commonName,
+#            description,
+#            seeAlso,
+#            localityName,
+#            organizationName,
+#            organizationalUnitName,
+#            documentTitle,
+#            documentVersion,
+#            documentAuthor,
+#            documentLocation,
+#            documentPublisher}
+#    ::= {pilotObjectClass 6}
+#
+objectclass ( 0.9.2342.19200300.100.4.6 NAME 'document'
+	SUP top STRUCTURAL
+	MUST documentIdentifier
+	MAY ( commonName $ description $ seeAlso $ localityName $
+		organizationName $ organizationalUnitName $
+		documentTitle $ documentVersion $ documentAuthor $
+		documentLocation $ documentPublisher )
+	)
+
+# 8.3.5.  Room
+#
+#  The Room object class is used to define entries representing rooms.
+#  The commonName attribute should be used for naming pentries of this
+#  object class.
+#
+#    room OBJECT-CLASS
+#        SUBCLASS OF top
+#        MUST CONTAIN {
+#            commonName}
+#        MAY CONTAIN {
+#            roomNumber,
+#            description,
+#            seeAlso,
+#            telephoneNumber}
+#    ::= {pilotObjectClass 7}
+#
+objectclass ( 0.9.2342.19200300.100.4.7 NAME 'room'
+	SUP top STRUCTURAL
+	MUST commonName
+	MAY ( roomNumber $ description $ seeAlso $ telephoneNumber )
+	)
+
+# 8.3.6.  Document Series
+#
+#  The Document Series object class is used to define an entry which
+#  represents a series of documents (e.g., The Request For Comments
+#  papers).
+#
+#    documentSeries OBJECT-CLASS
+#        SUBCLASS OF top
+#        MUST CONTAIN {
+#            commonName}
+#        MAY CONTAIN {
+#            description,
+#            seeAlso,
+#            telephoneNumber,
+#            localityName,
+#            organizationName,
+#            organizationalUnitName}
+#    ::= {pilotObjectClass 9}
+#
+objectclass ( 0.9.2342.19200300.100.4.9 NAME 'documentSeries'
+	SUP top STRUCTURAL
+	MUST commonName
+	MAY ( description $ seeAlso $ telephonenumber $
+		localityName $ organizationName $ organizationalUnitName )
+	)
+
+# 8.3.7.  Domain
+#
+#  The Domain object class is used to define entries which represent DNS
+#  or NRS domains.  The domainComponent attribute should be used for
+#  naming entries of this object class.  The usage of this object class
+#  is described in more detail in [3].
+#
+#    domain OBJECT-CLASS
+#        SUBCLASS OF top
+#        MUST CONTAIN {
+#            domainComponent}
+#        MAY CONTAIN {
+#            associatedName,
+#            organizationName,
+#            organizationalAttributeSet}
+#    ::= {pilotObjectClass 13}
+#
+objectclass ( 0.9.2342.19200300.100.4.13 NAME 'domain'
+	SUP top STRUCTURAL
+	MUST domainComponent
+	MAY ( associatedName $ organizationName $ description $
+		businessCategory $ seeAlso $ searchGuide $ userPassword $
+		localityName $ stateOrProvinceName $ streetAddress $
+		physicalDeliveryOfficeName $ postalAddress $ postalCode $
+		postOfficeBox $ streetAddress $
+		facsimileTelephoneNumber $ internationalISDNNumber $
+		telephoneNumber $ teletexTerminalIdentifier $ telexNumber $
+		preferredDeliveryMethod $ destinationIndicator $
+		registeredAddress $ x121Address )
+	)
+
+# 8.3.8.  RFC822 Local Part
+#
+#  The RFC822 Local Part object class is used to define entries which
+#  represent the local part of RFC822 mail addresses.  This treats this
+#  part of an RFC822 address as a domain.  The usage of this object
+#  class is described in more detail in [3].
+#
+#    rFC822localPart OBJECT-CLASS
+#        SUBCLASS OF domain
+#        MAY CONTAIN {
+#            commonName,
+#            surname,
+#            description,
+#            seeAlso,
+#            telephoneNumber,
+#            postalAttributeSet,
+#            telecommunicationAttributeSet}
+#    ::= {pilotObjectClass 14}
+#
+objectclass ( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart'
+	SUP domain STRUCTURAL
+	MAY ( commonName $ surname $ description $ seeAlso $ telephoneNumber $
+		physicalDeliveryOfficeName $ postalAddress $ postalCode $
+		postOfficeBox $ streetAddress $
+		facsimileTelephoneNumber $ internationalISDNNumber $
+		telephoneNumber $ teletexTerminalIdentifier $
+		telexNumber $ preferredDeliveryMethod $ destinationIndicator $
+		registeredAddress $ x121Address )
+	)
+
+# 8.3.9.  DNS Domain
+#
+#  The DNS Domain (Domain NameServer) object class is used to define
+#  entries for DNS domains.  The usage of this object class is described
+#  in more detail in [3].
+#
+#    dNSDomain OBJECT-CLASS
+#        SUBCLASS OF domain
+#        MAY CONTAIN {
+#            ARecord,
+#            MDRecord,
+#            MXRecord,
+#            NSRecord,
+#            SOARecord,
+#            CNAMERecord}
+#    ::= {pilotObjectClass 15}
+#
+objectclass ( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain'
+	SUP domain STRUCTURAL
+	MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $
+		SOARecord $ CNAMERecord )
+	)
+
+# 8.3.10.  Domain Related Object
+#
+#  The Domain Related Object object class is used to define entries
+#  which represent DNS/NRS domains which are "equivalent" to an X.500
+#  domain: e.g., an organisation or organisational unit.  The usage of
+#  this object class is described in more detail in [3].
+#
+#    domainRelatedObject OBJECT-CLASS
+#        SUBCLASS OF top
+#        MUST CONTAIN {
+#            associatedDomain}
+#    ::= {pilotObjectClass 17}
+#
+objectclass ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject'
+	DESC 'RFC1274: an object related to an domain'
+	SUP top AUXILIARY
+	MUST associatedDomain )
+
+# 8.3.11.  Friendly Country
+#
+#  The Friendly Country object class is used to define country entries
+#  in the DIT.  The object class is used to allow friendlier naming of
+#  countries than that allowed by the object class country.  The naming
+#  attribute of object class country, countryName, has to be a 2 letter
+#  string defined in ISO 3166.
+#
+#    friendlyCountry OBJECT-CLASS
+#        SUBCLASS OF country
+#        MUST CONTAIN {
+#            friendlyCountryName}
+#    ::= {pilotObjectClass 18}
+#
+objectclass ( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry'
+	SUP country STRUCTURAL
+	MUST friendlyCountryName )
+
+# 8.3.12.  Simple Security Object
+#
+#  The Simple Security Object object class is used to allow an entry to
+#  have a userPassword attribute when an entry's principal object
+#  classes do not allow userPassword as an attribute type.
+#
+#    simpleSecurityObject OBJECT-CLASS
+#        SUBCLASS OF top
+#        MUST CONTAIN {
+#            userPassword }
+#    ::= {pilotObjectClass 19}
+#
+## (in core.schema)
+## objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
+##	SUP top AUXILIARY
+##	MUST userPassword )
+
+# 8.3.13.  Pilot Organization
+#
+#  The PilotOrganization object class is used as a sub-class of
+#  organization and organizationalUnit to allow a number of additional
+#  attributes to be assigned to entries of object classes organization
+#  and organizationalUnit.
+#
+#    pilotOrganization OBJECT-CLASS
+#        SUBCLASS OF organization, organizationalUnit
+#        MAY CONTAIN {
+#                    buildingName}
+#    ::= {pilotObjectClass 20}
+#
+objectclass ( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization'
+	SUP ( organization $ organizationalUnit ) STRUCTURAL
+	MAY buildingName )
+
+# 8.3.14.  Pilot DSA
+#
+#  The PilotDSA object class is used as a sub-class of the dsa object
+#  class to allow additional attributes to be assigned to entries for
+#  DSAs.
+#
+#    pilotDSA OBJECT-CLASS
+#        SUBCLASS OF dsa
+#        MUST CONTAIN {
+#            dSAQuality}
+#    ::= {pilotObjectClass 21}
+#
+objectclass ( 0.9.2342.19200300.100.4.21 NAME 'pilotDSA'
+	SUP dsa STRUCTURAL
+	MAY dSAQuality )
+
+# 8.3.15.  Quality Labelled Data
+#
+#  The Quality Labelled Data object class is used to allow the
+#  assignment of the data quality attributes to subtrees in the DIT.
+#
+#  See [8] for more details.
+#
+#    qualityLabelledData OBJECT-CLASS
+#        SUBCLASS OF top
+#        MUST CONTAIN {
+#            dSAQuality}
+#        MAY CONTAIN {
+#            subtreeMinimumQuality,
+#            subtreeMaximumQuality}
+#    ::= {pilotObjectClass 22}
+objectclass ( 0.9.2342.19200300.100.4.22 NAME 'qualityLabelledData'
+	SUP top AUXILIARY
+	MUST dsaQuality
+	MAY ( subtreeMinimumQuality $ subtreeMaximumQuality )
+	)
+
+
+# References
+#
+#    [1]  CCITT/ISO, "X.500, The Directory - overview of concepts,
+#         models and services, CCITT /ISO IS 9594.
+#
+#    [2]  Kille, S., "The THORN and RARE X.500 Naming Architecture, in
+#         University College London, Department of Computer Science
+#         Research Note 89/48, May 1989.
+#
+#    [3]  Kille, S., "X.500 and Domains", RFC 1279, University College
+#         London, November 1991.
+#
+#    [4]  Rose, M., "PSI/NYSERNet White Pages Pilot Project: Status
+#         Report", Technical Report 90-09-10-1, published by NYSERNet
+#         Inc, 1990.
+#
+#    [5]  Craigie, J., "UK Academic Community Directory Service Pilot
+#         Project, pp. 305-310 in Computer Networks and ISDN Systems
+#         17 (1989), published by North Holland.
+#
+#    [6]  Mockapetris, P., "Domain Names - Concepts and Facilities",
+#         RFC 1034, USC/Information Sciences Institute, November 1987.
+#
+#    [7]  Mockapetris, P., "Domain Names - Implementation and
+#         Specification, RFC 1035, USC/Information Sciences Institute,
+#         November 1987.
+#
+#    [8]  Kille, S., "Handling QOS (Quality of service) in the
+#         Directory," publication in process, March 1991.
+#
+#
+# APPENDIX C - Summary of all Object Classes and Attribute Types
+#
+#    -- Some Important Object Identifiers
+#
+#    data OBJECT IDENTIFIER ::= {ccitt 9}
+#    pss OBJECT IDENTIFIER ::= {data 2342}
+#    ucl OBJECT IDENTIFIER ::= {pss 19200300}
+#    pilot OBJECT IDENTIFIER ::= {ucl 100}
+#
+#    pilotAttributeType OBJECT IDENTIFIER ::= {pilot 1}
+#    pilotAttributeSyntax OBJECT IDENTIFIER ::= {pilot 3}
+#    pilotObjectClass OBJECT IDENTIFIER ::= {pilot 4}
+#    pilotGroups OBJECT IDENTIFIER ::= {pilot 10}
+#
+#    iA5StringSyntax OBJECT IDENTIFIER ::= {pilotAttributeSyntax 4}
+#    caseIgnoreIA5StringSyntax OBJECT IDENTIFIER ::=
+#                                          {pilotAttributeSyntax 5}
+#
+#    -- Standard Object Classes
+#
+#    top OBJECT-CLASS
+#        MUST CONTAIN {
+#            objectClass}
+#    ::= {objectClass 0}
+#
+#
+#    alias OBJECT-CLASS
+#        SUBCLASS OF top
+#        MUST CONTAIN {
+#            aliasedObjectName}
+#    ::= {objectClass 1}
+#
+#
+#    country OBJECT-CLASS
+#        SUBCLASS OF top
+#        MUST CONTAIN {
+#            countryName}
+#        MAY CONTAIN {
+#            description,
+#            searchGuide}
+#    ::= {objectClass 2}
+#
+#
+#    locality OBJECT-CLASS
+#        SUBCLASS OF top
+#        MAY CONTAIN {
+#            description,
+#            localityName,
+#            stateOrProvinceName,
+#            searchGuide,
+#            seeAlso,
+#            streetAddress}
+#    ::= {objectClass 3}
+#
+#
+#    organization OBJECT-CLASS
+#        SUBCLASS OF top
+#        MUST CONTAIN {
+#            organizationName}
+#        MAY CONTAIN {
+#            organizationalAttributeSet}
+#    ::= {objectClass 4}
+#
+#
+#    organizationalUnit OBJECT-CLASS
+#        SUBCLASS OF top
+#        MUST CONTAIN {
+#            organizationalUnitName}
+#        MAY CONTAIN {
+#            organizationalAttributeSet}
+#    ::= {objectClass 5}
+#
+#
+#    person OBJECT-CLASS
+#        SUBCLASS OF top
+#        MUST CONTAIN {
+#            commonName,
+#            surname}
+#        MAY CONTAIN {
+#            description,
+#            seeAlso,
+#            telephoneNumber,
+#            userPassword}
+#    ::= {objectClass 6}
+#
+#
+#    organizationalPerson OBJECT-CLASS
+#        SUBCLASS OF person
+#        MAY CONTAIN {
+#            localeAttributeSet,
+#            organizationalUnitName,
+#            postalAttributeSet,
+#            telecommunicationAttributeSet,
+#            title}
+#    ::= {objectClass 7}
+#
+#
+#    organizationalRole OBJECT-CLASS
+#        SUBCLASS OF top
+#        MUST CONTAIN {
+#            commonName}
+#        MAY CONTAIN {
+#            description,
+#            localeAttributeSet,
+#            organizationalUnitName,
+#            postalAttributeSet,
+#            preferredDeliveryMethod,
+#            roleOccupant,
+#            seeAlso,
+#            telecommunicationAttributeSet}
+#    ::= {objectClass 8}
+#
+#
+#    groupOfNames OBJECT-CLASS
+#        SUBCLASS OF top
+#        MUST CONTAIN {
+#            commonName,
+#            member}
+#        MAY CONTAIN {
+#            description,
+#            organizationName,
+#            organizationalUnitName,
+#            owner,
+#            seeAlso,
+#            businessCategory}
+#    ::= {objectClass 9}
+#
+#
+#    residentialPerson OBJECT-CLASS
+#        SUBCLASS OF person
+#        MUST CONTAIN {
+#            localityName}
+#        MAY CONTAIN {
+#            localeAttributeSet,
+#            postalAttributeSet,
+#            preferredDeliveryMethod,
+#            telecommunicationAttributeSet,
+#            businessCategory}
+#    ::= {objectClass 10}
+#
+#
+#    applicationProcess OBJECT-CLASS
+#        SUBCLASS OF top
+#        MUST CONTAIN {
+#            commonName}
+#        MAY CONTAIN {
+#            description,
+#            localityName,
+#            organizationalUnitName,
+#            seeAlso}
+#    ::= {objectClass 11}
+#
+#
+#    applicationEntity OBJECT-CLASS
+#        SUBCLASS OF top
+#        MUST CONTAIN {
+#            commonName,
+#            presentationAddress}
+#        MAY CONTAIN {
+#            description,
+#            localityName,
+#            organizationName,
+#            organizationalUnitName,
+#            seeAlso,
+#            supportedApplicationContext}
+#    ::= {objectClass 12}
+#
+#
+#    dSA OBJECT-CLASS
+#        SUBCLASS OF applicationEntity
+#        MAY CONTAIN {
+#            knowledgeInformation}
+#    ::= {objectClass 13}
+#
+#
+#    device OBJECT-CLASS
+#        SUBCLASS OF top
+#        MUST CONTAIN {
+#            commonName}
+#        MAY CONTAIN {
+#            description,
+#            localityName,
+#            organizationName,
+#            organizationalUnitName,
+#            owner,
+#            seeAlso,
+#            serialNumber}
+#    ::= {objectClass 14}
+#
+#
+#    strongAuthenticationUser OBJECT-CLASS
+#        SUBCLASS OF top
+#        MUST CONTAIN {
+#            userCertificate}
+#    ::= {objectClass 15}
+#
+#
+#    certificationAuthority OBJECT-CLASS
+#        SUBCLASS OF top
+#        MUST CONTAIN {
+#            cACertificate,
+#            certificateRevocationList,
+#            authorityRevocationList}
+#        MAY CONTAIN {
+#            crossCertificatePair}
+#    ::= {objectClass 16}
+#
+#    -- Standard MHS Object Classes
+#
+#    mhsDistributionList OBJECT-CLASS
+#        SUBCLASS OF top
+#        MUST CONTAIN {
+#            commonName,
+#            mhsDLSubmitPermissions,
+#            mhsORAddresses}
+#        MAY CONTAIN {
+#            description,
+#            organizationName,
+#            organizationalUnitName,
+#            owner,
+#            seeAlso,
+#            mhsDeliverableContentTypes,
+#            mhsdeliverableEits,
+#            mhsDLMembers,
+#            mhsPreferredDeliveryMethods}
+#    ::= {mhsObjectClass 0}
+#
+#
+#    mhsMessageStore OBJECT-CLASS
+#        SUBCLASS OF applicationEntity
+#        MAY CONTAIN {
+#            description,
+#            owner,
+#            mhsSupportedOptionalAttributes,
+#            mhsSupportedAutomaticActions,
+#            mhsSupportedContentTypes}
+#    ::= {mhsObjectClass 1}
+#
+#
+#    mhsMessageTransferAgent OBJECT-CLASS
+#        SUBCLASS OF applicationEntity
+#        MAY CONTAIN {
+#            description,
+#            owner,
+#            mhsDeliverableContentLength}
+#    ::= {mhsObjectClass 2}
+#
+#
+#    mhsOrganizationalUser OBJECT-CLASS
+#        SUBCLASS OF organizationalPerson
+#        MUST CONTAIN {
+#            mhsORAddresses}
+#        MAY CONTAIN {
+#            mhsDeliverableContentLength,
+#            mhsDeliverableContentTypes,
+#            mhsDeliverableEits,
+#            mhsMessageStoreName,
+#            mhsPreferredDeliveryMethods }
+#    ::= {mhsObjectClass 3}
+#
+#
+#    mhsResidentialUser OBJECT-CLASS
+#        SUBCLASS OF residentialPerson
+#        MUST CONTAIN {
+#            mhsORAddresses}
+#        MAY CONTAIN {
+#            mhsDeliverableContentLength,
+#            mhsDeliverableContentTypes,
+#            mhsDeliverableEits,
+#            mhsMessageStoreName,
+#            mhsPreferredDeliveryMethods }
+#    ::= {mhsObjectClass 4}
+#
+#
+#    mhsUserAgent OBJECT-CLASS
+#        SUBCLASS OF applicationEntity
+#        MAY CONTAIN {
+#            mhsDeliverableContentLength,
+#            mhsDeliverableContentTypes,
+#            mhsDeliverableEits,
+#            mhsORAddresses,
+#            owner}
+#    ::= {mhsObjectClass 5}
+#
+#
+#
+#
+#    -- Pilot Object Classes
+#
+#    pilotObject OBJECT-CLASS
+#        SUBCLASS OF top
+#        MAY CONTAIN {
+#            info,
+#            photo,
+#            manager,
+#            uniqueIdentifier,
+#            lastModifiedTime,
+#            lastModifiedBy,
+#            dITRedirect,
+#            audio}
+#    ::= {pilotObjectClass 3}
+#    pilotPerson OBJECT-CLASS
+#        SUBCLASS OF person
+#        MAY CONTAIN {
+#                    userid,
+#                    textEncodedORAddress,
+#                    rfc822Mailbox,
+#                    favouriteDrink,
+#                    roomNumber,
+#                    userClass,
+#                    homeTelephoneNumber,
+#                    homePostalAddress,
+#                    secretary,
+#                    personalTitle,
+#                    preferredDeliveryMethod,
+#                    businessCategory,
+#                    janetMailbox,
+#                    otherMailbox,
+#                    mobileTelephoneNumber,
+#                    pagerTelephoneNumber,
+#                    organizationalStatus,
+#                    mailPreferenceOption,
+#                    personalSignature}
+#    ::= {pilotObjectClass 4}
+#
+#
+#    account OBJECT-CLASS
+#        SUBCLASS OF top
+#        MUST CONTAIN {
+#            userid}
+#        MAY CONTAIN {
+#            description,
+#            seeAlso,
+#            localityName,
+#            organizationName,
+#            organizationalUnitName,
+#            host}
+#    ::= {pilotObjectClass 5}
+#
+#
+#    document OBJECT-CLASS
+#        SUBCLASS OF top
+#        MUST CONTAIN {
+#            documentIdentifier}
+#        MAY CONTAIN {
+#            commonName,
+#            description,
+#            seeAlso,
+#            localityName,
+#            organizationName,
+#            organizationalUnitName,
+#            documentTitle,
+#            documentVersion,
+#            documentAuthor,
+#            documentLocation,
+#            documentPublisher}
+#    ::= {pilotObjectClass 6}
+#
+#
+#    room OBJECT-CLASS
+#        SUBCLASS OF top
+#        MUST CONTAIN {
+#            commonName}
+#        MAY CONTAIN {
+#            roomNumber,
+#            description,
+#            seeAlso,
+#            telephoneNumber}
+#    ::= {pilotObjectClass 7}
+#
+#
+#    documentSeries OBJECT-CLASS
+#        SUBCLASS OF top
+#        MUST CONTAIN {
+#            commonName}
+#        MAY CONTAIN {
+#            description,
+#            seeAlso,
+#            telephoneNumber,
+#            localityName,
+#            organizationName,
+#            organizationalUnitName}
+#    ::= {pilotObjectClass 9}
+#
+#
+#    domain OBJECT-CLASS
+#        SUBCLASS OF top
+#        MUST CONTAIN {
+#            domainComponent}
+#        MAY CONTAIN {
+#            associatedName,
+#            organizationName,
+#            organizationalAttributeSet}
+#    ::= {pilotObjectClass 13}
+#
+#
+#    rFC822localPart OBJECT-CLASS
+#        SUBCLASS OF domain
+#        MAY CONTAIN {
+#            commonName,
+#            surname,
+#            description,
+#            seeAlso,
+#            telephoneNumber,
+#            postalAttributeSet,
+#            telecommunicationAttributeSet}
+#    ::= {pilotObjectClass 14}
+#
+#
+#    dNSDomain OBJECT-CLASS
+#        SUBCLASS OF domain
+#        MAY CONTAIN {
+#            ARecord,
+#            MDRecord,
+#            MXRecord,
+#            NSRecord,
+#            SOARecord,
+#            CNAMERecord}
+#    ::= {pilotObjectClass 15}
+#
+#
+#    domainRelatedObject OBJECT-CLASS
+#        SUBCLASS OF top
+#        MUST CONTAIN {
+#            associatedDomain}
+#    ::= {pilotObjectClass 17}
+#
+#
+#    friendlyCountry OBJECT-CLASS
+#        SUBCLASS OF country
+#        MUST CONTAIN {
+#            friendlyCountryName}
+#    ::= {pilotObjectClass 18}
+#
+#
+#    simpleSecurityObject OBJECT-CLASS
+#        SUBCLASS OF top
+#        MUST CONTAIN {
+#            userPassword }
+#    ::= {pilotObjectClass 19}
+#
+#
+#    pilotOrganization OBJECT-CLASS
+#        SUBCLASS OF organization, organizationalUnit
+#        MAY CONTAIN {
+#                    buildingName}
+#    ::= {pilotObjectClass 20}
+#
+#
+#    pilotDSA OBJECT-CLASS
+#        SUBCLASS OF dsa
+#        MUST CONTAIN {
+#            dSAQuality}
+#    ::= {pilotObjectClass 21}
+#
+#
+#    qualityLabelledData OBJECT-CLASS
+#        SUBCLASS OF top
+#        MUST CONTAIN {
+#            dSAQuality}
+#        MAY CONTAIN {
+#            subtreeMinimumQuality,
+#            subtreeMaximumQuality}
+#    ::= {pilotObjectClass 22}
+#
+#
+#
+#
+#    -- Standard Attribute Types
+#
+#    objectClass ObjectClass
+#        ::= {attributeType 0}
+#
+#
+#    aliasedObjectName AliasedObjectName
+#        ::= {attributeType 1}
+#
+#
+#    knowledgeInformation ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX caseIgnoreString
+#        ::= {attributeType 2}
+#
+#
+#    commonName ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
+#        (SIZE (1..ub-common-name))
+#        ::= {attributeType 3}
+#
+#
+#    surname ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
+#        (SIZE (1..ub-surname))
+#        ::= {attributeType 4}
+#
+#
+#    serialNumber ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX printableStringSyntax
+#        (SIZE (1..ub-serial-number))
+#        ::= {attributeType 5}
+#
+#
+#    countryName ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX PrintableString
+#        (SIZE (1..ub-country-code))
+#        SINGLE VALUE
+#        ::= {attributeType 6}
+#
+#
+#    localityName ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
+#        (SIZE (1..ub-locality-name))
+#        ::= {attributeType 7}
+#
+#
+#    stateOrProvinceName ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
+#        (SIZE (1..ub-state-name))
+#        ::= {attributeType 8}
+#
+#
+#    streetAddress ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
+#        (SIZE (1..ub-street-address))
+#        ::= {attributeType 9}
+#
+#
+#    organizationName ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
+#        (SIZE (1..ub-organization-name))
+#        ::= {attributeType 10}
+#
+#
+#    organizationalUnitName ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
+#        (SIZE (1..ub-organizational-unit-name))
+#        ::= {attributeType 11}
+#
+#
+#    title ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
+#        (SIZE (1..ub-title))
+#        ::= {attributeType 12}
+#
+#
+#    description ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
+#        (SIZE (1..ub-description))
+#        ::= {attributeType 13}
+#
+#
+#    searchGuide ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX Guide
+#        ::= {attributeType 14}
+#
+#
+#    businessCategory ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
+#        (SIZE (1..ub-business-category))
+#        ::= {attributeType 15}
+#
+#
+#    postalAddress ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX PostalAddress
+#        MATCHES FOR EQUALITY
+#        ::= {attributeType 16}
+#
+#
+#    postalCode ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
+#        (SIZE (1..ub-postal-code))
+#        ::= {attributeType 17}
+#
+#
+#    postOfficeBox ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
+#        (SIZE (1..ub-post-office-box))
+#        ::= {attributeType 18}
+#
+#
+#    physicalDeliveryOfficeName ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
+#        (SIZE (1..ub-physical-office-name))
+#        ::= {attributeType 19}
+#
+#
+#    telephoneNumber ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX telephoneNumberSyntax
+#        (SIZE (1..ub-telephone-number))
+#        ::= {attributeType 20}
+#
+#
+#    telexNumber ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX TelexNumber
+#        (SIZE (1..ub-telex))
+#        ::= {attributeType 21}
+#
+#
+#    teletexTerminalIdentifier ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX TeletexTerminalIdentifier
+#        (SIZE (1..ub-teletex-terminal-id))
+#        ::= {attributeType 22}
+#
+#
+#    facsimileTelephoneNumber ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX FacsimileTelephoneNumber
+#        ::= {attributeType 23}
+#
+#
+#    x121Address ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX NumericString
+#        (SIZE (1..ub-x121-address))
+#        ::= {attributeType 24}
+#
+#
+#    internationaliSDNNumber ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX NumericString
+#        (SIZE (1..ub-isdn-address))
+#        ::= {attributeType 25}
+#
+#
+#    registeredAddress ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX PostalAddress
+#        ::= {attributeType 26}
+#
+#
+#    destinationIndicator ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX PrintableString
+#        (SIZE (1..ub-destination-indicator))
+#        MATCHES FOR EQUALITY SUBSTRINGS
+#        ::= {attributeType 27}
+#
+#
+#    preferredDeliveryMethod ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX deliveryMethod
+#        ::= {attributeType 28}
+#
+#
+#    presentationAddress ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX PresentationAddress
+#        MATCHES FOR EQUALITY
+#        ::= {attributeType 29}
+#
+#
+#    supportedApplicationContext ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX objectIdentifierSyntax
+#        ::= {attributeType 30}
+#
+#
+#    member ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax
+#        ::= {attributeType 31}
+#
+#
+#    owner ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax
+#        ::= {attributeType 32}
+#
+#
+#    roleOccupant ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax
+#        ::= {attributeType 33}
+#
+#
+#    seeAlso ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax
+#        ::= {attributeType 34}
+#
+#
+#    userPassword ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX Userpassword
+#        ::= {attributeType 35}
+#
+#
+#    userCertificate ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX UserCertificate
+#        ::= {attributeType 36}
+#
+#
+#    cACertificate ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX cACertificate
+#        ::= {attributeType 37}
+#
+#
+#    authorityRevocationList ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX AuthorityRevocationList
+#        ::= {attributeType 38}
+#
+#
+#    certificateRevocationList ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX CertificateRevocationList
+#        ::= {attributeType 39}
+#
+#
+#    crossCertificatePair ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX CrossCertificatePair
+#        ::= {attributeType 40}
+#
+#
+#
+#
+#    -- Standard MHS Attribute Types
+#
+#    mhsDeliverableContentLength ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX integer
+#        ::= {mhsAttributeType 0}
+#
+#
+#    mhsDeliverableContentTypes ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX oID
+#        ::= {mhsAttributeType 1}
+#
+#
+#    mhsDeliverableEits ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX oID
+#        ::= {mhsAttributeType 2}
+#
+#
+#    mhsDLMembers ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX oRName
+#        ::= {mhsAttributeType 3}
+#
+#
+#    mhsDLSubmitPermissions ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX dLSubmitPermission
+#        ::= {mhsAttributeType 4}
+#
+#
+#    mhsMessageStoreName ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX dN
+#        ::= {mhsAttributeType 5}
+#
+#
+#    mhsORAddresses ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX oRAddress
+#        ::= {mhsAttributeType 6}
+#
+#
+#    mhsPreferredDeliveryMethods ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX deliveryMethod
+#        ::= {mhsAttributeType 7}
+#
+#
+#    mhsSupportedAutomaticActions ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX oID
+#        ::= {mhsAttributeType 8}
+#
+#
+#    mhsSupportedContentTypes ATTRIBUTE
+#
+#        WITH ATTRIBUTE-SYNTAX oID
+#        ::= {mhsAttributeType 9}
+#
+#
+#    mhsSupportedOptionalAttributes ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX oID
+#        ::= {mhsAttributeType 10}
+#
+#
+#
+#
+#    -- Pilot Attribute Types
+#
+#    userid ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            caseIgnoreStringSyntax
+#            (SIZE (1 .. ub-user-identifier))
+#    ::= {pilotAttributeType 1}
+#
+#
+#    textEncodedORAddress ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            caseIgnoreStringSyntax
+#        (SIZE (1 .. ub-text-encoded-or-address))
+#    ::= {pilotAttributeType 2}
+#
+#
+#    rfc822Mailbox ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            caseIgnoreIA5StringSyntax
+#            (SIZE (1 .. ub-rfc822-mailbox))
+#    ::= {pilotAttributeType 3}
+#
+#
+#    info ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            caseIgnoreStringSyntax
+#            (SIZE (1 .. ub-information))
+#    ::= {pilotAttributeType 4}
+#
+#
+#    favouriteDrink ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            caseIgnoreStringSyntax
+#            (SIZE (1 .. ub-favourite-drink))
+#    ::= {pilotAttributeType 5}
+#
+#
+#    roomNumber ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            caseIgnoreStringSyntax
+#            (SIZE (1 .. ub-room-number))
+#    ::= {pilotAttributeType 6}
+#
+#
+#    photo ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            CHOICE {
+#                g3-facsimile [3] G3FacsimileBodyPart
+#                }
+#        (SIZE (1 .. ub-photo))
+#    ::= {pilotAttributeType 7}
+#
+#
+#    userClass ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            caseIgnoreStringSyntax
+#            (SIZE (1 .. ub-user-class))
+#    ::= {pilotAttributeType 8}
+#
+#
+#    host ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            caseIgnoreStringSyntax
+#            (SIZE (1 .. ub-host))
+#    ::= {pilotAttributeType 9}
+#
+#
+#    manager ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            distinguishedNameSyntax
+#    ::= {pilotAttributeType 10}
+#
+#
+#    documentIdentifier ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            caseIgnoreStringSyntax
+#            (SIZE (1 .. ub-document-identifier))
+#    ::= {pilotAttributeType 11}
+#
+#
+#    documentTitle ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            caseIgnoreStringSyntax
+#        (SIZE (1 .. ub-document-title))
+#    ::= {pilotAttributeType 12}
+#
+#
+#    documentVersion ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            caseIgnoreStringSyntax
+#            (SIZE (1 .. ub-document-version))
+#    ::= {pilotAttributeType 13}
+#
+#
+#    documentAuthor ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            distinguishedNameSyntax
+#    ::= {pilotAttributeType 14}
+#
+#
+#    documentLocation ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            caseIgnoreStringSyntax
+#            (SIZE (1 .. ub-document-location))
+#    ::= {pilotAttributeType 15}
+#
+#
+#    homeTelephoneNumber ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            telephoneNumberSyntax
+#    ::= {pilotAttributeType 20}
+#
+#
+#    secretary ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            distinguishedNameSyntax
+#    ::= {pilotAttributeType 21}
+#
+#
+#    otherMailbox ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            SEQUENCE {
+#                    mailboxType PrintableString, -- e.g. Telemail
+#                    mailbox IA5String  -- e.g. X378:Joe
+#            }
+#    ::= {pilotAttributeType 22}
+#
+#
+#    lastModifiedTime ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            uTCTimeSyntax
+#    ::= {pilotAttributeType 23}
+#
+#
+#    lastModifiedBy ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            distinguishedNameSyntax
+#    ::= {pilotAttributeType 24}
+#
+#
+#    domainComponent ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            caseIgnoreIA5StringSyntax
+#            SINGLE VALUE
+#    ::= {pilotAttributeType 25}
+#
+#
+#    aRecord ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            DNSRecordSyntax
+#    ::= {pilotAttributeType 26}
+#
+#
+#    mXRecord ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            DNSRecordSyntax
+#    ::= {pilotAttributeType 28}
+#
+#
+#    nSRecord ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            DNSRecordSyntax
+#    ::= {pilotAttributeType 29}
+#
+#    sOARecord ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            DNSRecordSyntax
+#    ::= {pilotAttributeType 30}
+#
+#
+#    cNAMERecord ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            iA5StringSyntax
+#    ::= {pilotAttributeType 31}
+#
+#
+#    associatedDomain ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            caseIgnoreIA5StringSyntax
+#    ::= {pilotAttributeType 37}
+#
+#
+#    associatedName ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            distinguishedNameSyntax
+#    ::= {pilotAttributeType 38}
+#
+#
+#    homePostalAddress ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            postalAddress
+#            MATCHES FOR EQUALITY
+#    ::= {pilotAttributeType 39}
+#
+#
+#    personalTitle ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            caseIgnoreStringSyntax
+#            (SIZE (1 .. ub-personal-title))
+#    ::= {pilotAttributeType 40}
+#
+#
+#    mobileTelephoneNumber ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            telephoneNumberSyntax
+#    ::= {pilotAttributeType 41}
+#
+#
+#    pagerTelephoneNumber ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            telephoneNumberSyntax
+#    ::= {pilotAttributeType 42}
+#
+#
+#    friendlyCountryName ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            caseIgnoreStringSyntax
+#    ::= {pilotAttributeType 43}
+#
+#
+#    uniqueIdentifier ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            caseIgnoreStringSyntax
+#            (SIZE (1 .. ub-unique-identifier))
+#    ::= {pilotAttributeType 44}
+#
+#
+#    organizationalStatus ATTRIBUTE
+#            WITH ATTRIBUTE-SYNTAX
+#            caseIgnoreStringSyntax
+#            (SIZE (1 .. ub-organizational-status))
+#    ::= {pilotAttributeType 45}
+#
+#
+#    janetMailbox ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            caseIgnoreIA5StringSyntax
+#            (SIZE (1 .. ub-janet-mailbox))
+#    ::= {pilotAttributeType 46}
+#
+#
+#    mailPreferenceOption ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX ENUMERATED {
+#                no-list-inclusion(0),
+#                any-list-inclusion(1),  -- may be added to any lists
+#                professional-list-inclusion(2)
+#                                        -- may be added to lists
+#                                        -- which the list provider
+#                                        -- views as related to the
+#                                        -- users professional inter-
+#                                        -- ests, perhaps evaluated
+#                                        -- from the business of the
+#                                        -- organisation or keywords
+#                                        -- in the entry.
+#                }
+#    ::= {pilotAttributeType 47}
+#
+#
+#    buildingName ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            caseIgnoreStringSyntax
+#            (SIZE (1 .. ub-building-name))
+#    ::= {pilotAttributeType 48}
+#
+#
+#    dSAQuality ATTRIBUTE
+#            WITH ATTRIBUTE-SYNTAX DSAQualitySyntax
+#            SINGLE VALUE
+#    ::= {pilotAttributeType 49}
+#
+#
+#    singleLevelQuality ATTRIBUTE
+#            WITH ATTRIBUTE-SYNTAX DataQualitySyntax
+#            SINGLE VALUE
+#
+#
+#    subtreeMinimumQuality ATTRIBUTE
+#            WITH ATTRIBUTE-SYNTAX DataQualitySyntax
+#            SINGLE VALUE
+#               -- Defaults to singleLevelQuality
+#    ::= {pilotAttributeType 51}
+#
+#
+#    subtreeMaximumQuality ATTRIBUTE
+#            WITH ATTRIBUTE-SYNTAX DataQualitySyntax
+#            SINGLE VALUE
+#               -- Defaults to singleLevelQuality
+#    ::= {pilotAttributeType 52}
+#
+#
+#    personalSignature ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            CHOICE {
+#                g3-facsimile [3] G3FacsimileBodyPart
+#                }
+#        (SIZE (1 .. ub-personal-signature))
+#    ::= {pilotAttributeType 53}
+#
+#
+#    dITRedirect ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            distinguishedNameSyntax
+#    ::= {pilotAttributeType 54}
+#
+#
+#    audio ATTRIBUTE
+#        WITH ATTRIBUTE-SYNTAX
+#            Audio
+#        (SIZE (1 .. ub-audio))
+#    ::= {pilotAttributeType 55}
+#
+#    documentPublisher ATTRIBUTE
+#            WITH ATTRIBUTE SYNTAX caseIgnoreStringSyntax
+#    ::= {pilotAttributeType 56}
+#
+#
+#
+#    -- Generally useful syntaxes
+#
+#
+#    caseIgnoreIA5StringSyntax ATTRIBUTE-SYNTAX
+#            IA5String
+#            MATCHES FOR EQUALITY SUBSTRINGS
+#
+#
+#    iA5StringSyntax ATTRIBUTE-SYNTAX
+#        IA5String
+#        MATCHES FOR EQUALITY SUBSTRINGS
+#
+#
+#    -- Syntaxes to support the DNS attributes
+#
+#    DNSRecordSyntax ATTRIBUTE-SYNTAX
+#            IA5String
+#            MATCHES FOR EQUALITY
+#
+#
+#    NRSInformationSyntax ATTRIBUTE-SYNTAX
+#            NRSInformation
+#            MATCHES FOR EQUALITY
+#
+#
+#    NRSInformation ::=  SET {
+#                    [0] Context,
+#                    [1] Address-space-id,
+#                    routes [2] SEQUENCE OF SEQUENCE {
+#                    Route-cost,
+#                    Addressing-info }
+#            }
+#
+#
+#    -- Upper bounds on length of attribute values
+#
+#
+#    ub-document-identifier INTEGER ::= 256
+#
+#    ub-document-location INTEGER ::= 256
+#
+#    ub-document-title INTEGER ::= 256
+#
+#    ub-document-version INTEGER ::= 256
+#
+#    ub-favourite-drink INTEGER ::= 256
+#
+#    ub-host INTEGER ::= 256
+#
+#    ub-information INTEGER ::= 2048
+#
+#    ub-unique-identifier INTEGER ::= 256
+#
+#    ub-personal-title INTEGER ::= 256
+#
+#    ub-photo INTEGER ::= 250000
+#
+#    ub-rfc822-mailbox INTEGER ::= 256
+#
+#    ub-room-number INTEGER ::= 256
+#
+#    ub-text-or-address INTEGER ::= 256
+#
+#    ub-user-class INTEGER ::= 256
+#
+#    ub-user-identifier INTEGER ::= 256
+#
+#    ub-organizational-status INTEGER ::= 256
+#
+#    ub-janet-mailbox INTEGER ::= 256
+#
+#    ub-building-name INTEGER ::= 256
+#
+#    ub-personal-signature ::= 50000
+#
+#    ub-audio INTEGER ::= 250000
+#
+# [remainder of memo trimmed]
+

connector/ldap/testdata/inetorgperson.schema

+# inetorgperson.schema -- InetOrgPerson (RFC2798)
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2016 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+# InetOrgPerson (RFC2798)
+#
+# Depends upon
+#   Definition of an X.500 Attribute Type and an Object Class to Hold
+#   Uniform Resource Identifiers (URIs) [RFC2079]
+#	(core.schema)
+#
+#   A Summary of the X.500(96) User Schema for use with LDAPv3 [RFC2256]
+#	(core.schema)
+#
+#   The COSINE and Internet X.500 Schema [RFC1274] (cosine.schema)
+
+# carLicense
+# This multivalued field is used to record the values of the license or
+# registration plate associated with an individual.
+attributetype ( 2.16.840.1.113730.3.1.1
+	NAME 'carLicense'
+	DESC 'RFC2798: vehicle license or registration plate'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+# departmentNumber
+# Code for department to which a person belongs.  This can also be
+# strictly numeric (e.g., 1234) or alphanumeric (e.g., ABC/123).
+attributetype ( 2.16.840.1.113730.3.1.2
+	NAME 'departmentNumber'
+	DESC 'RFC2798: identifies a department within an organization'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+# displayName
+# When displaying an entry, especially within a one-line summary list, it
+# is useful to be able to identify a name to be used.  Since other attri-
+# bute types such as 'cn' are multivalued, an additional attribute type is
+# needed.  Display name is defined for this purpose.
+attributetype ( 2.16.840.1.113730.3.1.241
+	NAME 'displayName'
+	DESC 'RFC2798: preferred name to be used when displaying entries'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE )
+
+# employeeNumber
+# Numeric or alphanumeric identifier assigned to a person, typically based
+# on order of hire or association with an organization.  Single valued.
+attributetype ( 2.16.840.1.113730.3.1.3
+	NAME 'employeeNumber'
+	DESC 'RFC2798: numerically identifies an employee within an organization'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE )
+
+# employeeType
+# Used to identify the employer to employee relationship.  Typical values
+# used will be "Contractor", "Employee", "Intern", "Temp", "External", and
+# "Unknown" but any value may be used.
+attributetype ( 2.16.840.1.113730.3.1.4
+	NAME 'employeeType'
+	DESC 'RFC2798: type of employment for a person'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+# jpegPhoto
+# Used to store one or more images of a person using the JPEG File
+# Interchange Format [JFIF].
+# Note that the jpegPhoto attribute type was defined for use in the
+# Internet X.500 pilots but no referencable definition for it could be
+# located.
+attributetype ( 0.9.2342.19200300.100.1.60
+	NAME 'jpegPhoto'
+	DESC 'RFC2798: a JPEG image'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 )
+
+# preferredLanguage
+# Used to indicate an individual's preferred written or spoken
+# language.  This is useful for international correspondence or human-
+# computer interaction.  Values for this attribute type MUST conform to
+# the definition of the Accept-Language header field defined in
+# [RFC2068] with one exception:  the sequence "Accept-Language" ":"
+# should be omitted.  This is a single valued attribute type.
+attributetype ( 2.16.840.1.113730.3.1.39
+	NAME 'preferredLanguage'
+	DESC 'RFC2798: preferred written or spoken language for a person'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE )
+
+# userSMIMECertificate
+# A PKCS#7 [RFC2315] SignedData, where the content that is signed is
+# ignored by consumers of userSMIMECertificate values.  It is
+# recommended that values have a `contentType' of data with an absent
+# `content' field.  Values of this attribute contain a person's entire
+# certificate chain and an smimeCapabilities field [RFC2633] that at a
+# minimum describes their SMIME algorithm capabilities.  Values for
+# this attribute are to be stored and requested in binary form, as
+# 'userSMIMECertificate;binary'.  If available, this attribute is
+# preferred over the userCertificate attribute for S/MIME applications.
+## OpenLDAP note: ";binary" transfer should NOT be used as syntax is binary
+attributetype ( 2.16.840.1.113730.3.1.40
+	NAME 'userSMIMECertificate'
+	DESC 'RFC2798: PKCS#7 SignedData used to support S/MIME'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
+
+# userPKCS12
+# PKCS #12 [PKCS12] provides a format for exchange of personal identity
+# information.  When such information is stored in a directory service,
+# the userPKCS12 attribute should be used. This attribute is to be stored
+# and requested in binary form, as 'userPKCS12;binary'.  The attribute
+# values are PFX PDUs stored as binary data.
+## OpenLDAP note: ";binary" transfer should NOT be used as syntax is binary
+attributetype ( 2.16.840.1.113730.3.1.216
+	NAME 'userPKCS12'
+	DESC 'RFC2798: personal identity information, a PKCS #12 PFX'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
+
+
+# inetOrgPerson
+# The inetOrgPerson represents people who are associated with an
+# organization in some way.  It is a structural class and is derived
+# from the organizationalPerson which is defined in X.521 [X521].
+objectclass	( 2.16.840.1.113730.3.2.2
+    NAME 'inetOrgPerson'
+	DESC 'RFC2798: Internet Organizational Person'
+    SUP organizationalPerson
+    STRUCTURAL
+	MAY (
+		audio $ businessCategory $ carLicense $ departmentNumber $
+		displayName $ employeeNumber $ employeeType $ givenName $
+		homePhone $ homePostalAddress $ initials $ jpegPhoto $
+		labeledURI $ mail $ manager $ mobile $ o $ pager $
+		photo $ roomNumber $ secretary $ uid $ userCertificate $
+		x500uniqueIdentifier $ preferredLanguage $
+		userSMIMECertificate $ userPKCS12 )
+	)

connector/ldap/testdata/misc.schema

+# misc.schema -- assorted schema definitions
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2016 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+# Assorted definitions from several sources, including
+# ''works in progress''.  Contents of this file are
+# subject to change (including deletion) without notice.
+#
+# Not recommended for production use!
+# Use with extreme caution!
+
+#-----------------------------------------------------------
+# draft-lachman-laser-ldap-mail-routing-02.txt !!!EXPIRED!!!
+#	(a work in progress)
+#
+attributetype ( 2.16.840.1.113730.3.1.13
+	NAME 'mailLocalAddress'
+	DESC 'RFC822 email address of this recipient'
+	EQUALITY caseIgnoreIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+attributetype ( 2.16.840.1.113730.3.1.18
+	NAME 'mailHost'
+	DESC 'FQDN of the SMTP/MTA of this recipient'
+	EQUALITY caseIgnoreIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
+	SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113730.3.1.47
+	NAME 'mailRoutingAddress'
+	DESC 'RFC822 routing address of this recipient'
+	EQUALITY caseIgnoreIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
+	SINGLE-VALUE )
+
+# I-D leaves this OID TBD.
+# iPlanet uses 2.16.840.1.113.730.3.2.147 but that is an
+# improperly delegated OID.  A typo is likely.
+objectclass ( 2.16.840.1.113730.3.2.147
+	NAME 'inetLocalMailRecipient'
+	DESC 'Internet local mail recipient'
+	SUP top AUXILIARY
+	MAY	( mailLocalAddress $ mailHost $ mailRoutingAddress ) )
+
+#-----------------------------------------------------------
+# draft-srivastava-ldap-mail-00.txt !!!EXPIRED!!!
+#	(a work in progress)
+#
+attributetype ( 1.3.6.1.4.1.42.2.27.2.1.15
+	NAME 'rfc822MailMember'
+	DESC 'rfc822 mail address of group member(s)'
+	EQUALITY caseIgnoreIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+#-----------------------------------------------------------
+# !!!no I-D!!!
+#	(a work in progress)
+#
+objectclass ( 1.3.6.1.4.1.42.2.27.1.2.5
+	NAME 'nisMailAlias'
+	DESC 'NIS mail alias'
+	SUP top STRUCTURAL
+	MUST cn
+	MAY rfc822MailMember )

connector/ldap/testdata/nis.schema

+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2016 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+# Definitions from RFC2307 (Experimental)
+#	An Approach for Using LDAP as a Network Information Service
+
+# Depends upon core.schema and cosine.schema
+
+# Note: The definitions in RFC2307 are given in syntaxes closely related
+# to those in RFC2252, however, some liberties are taken that are not
+# supported by RFC2252.  This file has been written following RFC2252
+# strictly.
+
+# OID Base is iso(1) org(3) dod(6) internet(1) directory(1) nisSchema(1).
+# i.e. nisSchema in RFC2307 is 1.3.6.1.1.1
+#
+# Syntaxes are under 1.3.6.1.1.1.0 (two new syntaxes are defined)
+#	validaters for these syntaxes are incomplete, they only
+#	implement printable string validation (which is good as the
+#	common use of these syntaxes violates the specification).
+# Attribute types are under 1.3.6.1.1.1.1
+# Object classes are under 1.3.6.1.1.1.2
+
+# Attribute Type Definitions
+
+# builtin
+#attributetype ( 1.3.6.1.1.1.1.0 NAME 'uidNumber'
+#	DESC 'An integer uniquely identifying a user in an administrative domain'
+#	EQUALITY integerMatch
+#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+# builtin
+#attributetype ( 1.3.6.1.1.1.1.1 NAME 'gidNumber'
+#	DESC 'An integer uniquely identifying a group in an administrative domain'
+#	EQUALITY integerMatch
+#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.2 NAME 'gecos'
+	DESC 'The GECOS field; the common name'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory'
+	DESC 'The absolute path to the home directory'
+	EQUALITY caseExactIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.4 NAME 'loginShell'
+	DESC 'The path to the login shell'
+	EQUALITY caseExactIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.6 NAME 'shadowMin'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.7 NAME 'shadowMax'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.12 NAME 'memberUid'
+	EQUALITY caseExactIA5Match
+	SUBSTR caseExactIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup'
+	EQUALITY caseExactIA5Match
+	SUBSTR caseExactIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple'
+	DESC 'Netgroup triple'
+	SYNTAX 1.3.6.1.1.1.0.0 )
+
+attributetype ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol'
+	SUP name )
+
+attributetype ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber'
+	DESC 'IP address'
+	EQUALITY caseIgnoreIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
+
+attributetype ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber'
+	DESC 'IP network'
+	EQUALITY caseIgnoreIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber'
+	DESC 'IP netmask'
+	EQUALITY caseIgnoreIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.22 NAME 'macAddress'
+	DESC 'MAC address'
+	EQUALITY caseIgnoreIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
+
+attributetype ( 1.3.6.1.1.1.1.23 NAME 'bootParameter'
+	DESC 'rpc.bootparamd parameter'
+	SYNTAX 1.3.6.1.1.1.0.1 )
+
+attributetype ( 1.3.6.1.1.1.1.24 NAME 'bootFile'
+	DESC 'Boot image name'
+	EQUALITY caseExactIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.1.1.1.26 NAME 'nisMapName'
+	SUP name )
+
+attributetype ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry'
+	EQUALITY caseExactIA5Match
+	SUBSTR caseExactIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1024} SINGLE-VALUE )
+
+# Object Class Definitions
+
+objectclass ( 1.3.6.1.1.1.2.0 NAME 'posixAccount'
+	DESC 'Abstraction of an account with POSIX attributes'
+	SUP top AUXILIARY
+	MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory )
+	MAY ( userPassword $ loginShell $ gecos $ description ) )
+
+objectclass ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount'
+	DESC 'Additional attributes for shadow passwords'
+	SUP top AUXILIARY
+	MUST uid
+	MAY ( userPassword $ shadowLastChange $ shadowMin $
+	      shadowMax $ shadowWarning $ shadowInactive $
+	      shadowExpire $ shadowFlag $ description ) )
+
+objectclass ( 1.3.6.1.1.1.2.2 NAME 'posixGroup'
+	DESC 'Abstraction of a group of accounts'
+	SUP top STRUCTURAL
+	MUST ( cn $ gidNumber )
+	MAY ( userPassword $ memberUid $ description ) )
+
+objectclass ( 1.3.6.1.1.1.2.3 NAME 'ipService'
+	DESC 'Abstraction an Internet Protocol service'
+	SUP top STRUCTURAL
+	MUST ( cn $ ipServicePort $ ipServiceProtocol )
+	MAY ( description ) )
+
+objectclass ( 1.3.6.1.1.1.2.4 NAME 'ipProtocol'
+	DESC 'Abstraction of an IP protocol'
+	SUP top STRUCTURAL
+	MUST ( cn $ ipProtocolNumber $ description )
+	MAY description )
+
+objectclass ( 1.3.6.1.1.1.2.5 NAME 'oncRpc'
+	DESC 'Abstraction of an ONC/RPC binding'
+	SUP top STRUCTURAL
+	MUST ( cn $ oncRpcNumber $ description )
+	MAY description )
+
+objectclass ( 1.3.6.1.1.1.2.6 NAME 'ipHost'
+	DESC 'Abstraction of a host, an IP device'
+	SUP top AUXILIARY
+	MUST ( cn $ ipHostNumber )
+	MAY ( l $ description $ manager ) )
+
+objectclass ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork'
+	DESC 'Abstraction of an IP network'
+	SUP top STRUCTURAL
+	MUST ( cn $ ipNetworkNumber )
+	MAY ( ipNetmaskNumber $ l $ description $ manager ) )
+
+objectclass ( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup'
+	DESC 'Abstraction of a netgroup'
+	SUP top STRUCTURAL
+	MUST cn
+	MAY ( nisNetgroupTriple $ memberNisNetgroup $ description ) )
+
+objectclass ( 1.3.6.1.1.1.2.9 NAME 'nisMap'
+	DESC 'A generic abstraction of a NIS map'
+	SUP top STRUCTURAL
+	MUST nisMapName
+	MAY description )
+
+objectclass ( 1.3.6.1.1.1.2.10 NAME 'nisObject'
+	DESC 'An entry in a NIS map'
+	SUP top STRUCTURAL
+	MUST ( cn $ nisMapEntry $ nisMapName )
+	MAY description )
+
+objectclass ( 1.3.6.1.1.1.2.11 NAME 'ieee802Device'
+	DESC 'A device with a MAC address'
+	SUP top AUXILIARY
+	MAY macAddress )
+
+objectclass ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice'
+	DESC 'A device with boot parameters'
+	SUP top AUXILIARY
+	MAY ( bootFile $ bootParameter ) )

connector/ldap/testdata/openldap.schema

+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2016 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+#
+# OpenLDAP Project's directory schema items
+#
+# depends upon:
+#	core.schema
+#	cosine.schema
+#	inetorgperson.schema
+#
+# These are provided for informational purposes only.
+
+objectIdentifier OpenLDAProot 1.3.6.1.4.1.4203
+
+objectIdentifier OpenLDAP OpenLDAProot:1
+objectIdentifier OpenLDAPattributeType OpenLDAP:3
+objectIdentifier OpenLDAPobjectClass OpenLDAP:4
+
+objectClass ( OpenLDAPobjectClass:3
+	NAME 'OpenLDAPorg'
+	DESC 'OpenLDAP Organizational Object'
+	SUP organization
+	MAY ( buildingName $ displayName $ labeledURI ) )
+
+objectClass ( OpenLDAPobjectClass:4
+	NAME 'OpenLDAPou'
+	DESC 'OpenLDAP Organizational Unit Object'
+	SUP organizationalUnit
+	MAY ( buildingName $ displayName $ labeledURI $ o ) )
+
+objectClass ( OpenLDAPobjectClass:5
+	NAME 'OpenLDAPperson'
+	DESC 'OpenLDAP Person'
+	SUP ( pilotPerson $ inetOrgPerson )
+	MUST ( uid $ cn )
+	MAY ( givenName $ labeledURI $ o ) )
+
+objectClass ( OpenLDAPobjectClass:6
+	NAME 'OpenLDAPdisplayableObject'
+	DESC 'OpenLDAP Displayable Object'
+	AUXILIARY
+	MAY displayName )