Commit 7395f05e authored by Eric Chiang's avatar Eric Chiang Committed by GitHub

Merge pull request #900 from ericchiang/ldap-tests

connector/ldap: add LDAP integration tests
parents 943253fe b8ba59d7
language: go
sudo: required
go:
- 1.7.5
- 1.8
......@@ -8,11 +10,14 @@ services:
- postgresql
env:
- DEX_POSTGRES_DATABASE=postgres DEX_POSTGRES_USER=postgres DEX_POSTGRES_HOST="localhost"
- DEX_POSTGRES_DATABASE=postgres DEX_POSTGRES_USER=postgres DEX_POSTGRES_HOST="localhost" DEX_LDAP_TESTS=1 DEBIAN_FRONTEND=noninteractive
install:
- go get -u github.com/golang/lint/golint
- sudo -E apt-get install -y --force-yes slapd time ldap-utils
- sudo /etc/init.d/slapd stop
script:
- make testall
......
......@@ -154,6 +154,10 @@ func (c *Config) OpenConnector(logger logrus.FieldLogger) (interface {
connector.PasswordConnector
connector.RefreshConnector
}, error) {
return c.openConnector(logger)
}
func (c *Config) openConnector(logger logrus.FieldLogger) (*ldapConnector, error) {
requiredFields := []struct {
name string
......
package ldap
import (
"bytes"
"context"
"io/ioutil"
"net/url"
"os"
"os/exec"
"path/filepath"
"sync"
"testing"
"text/template"
"time"
"github.com/Sirupsen/logrus"
"github.com/kylelemons/godebug/pretty"
"github.com/coreos/dex/connector"
)
const envVar = "DEX_LDAP_TESTS"
// subtest is a login test against a given schema.
type subtest struct {
// Name of the sub-test.
name string
// Password credentials, and if the connector should request
// groups as well.
username string
password string
groups bool
// Expected result of the login.
wantErr bool
wantBadPW bool
want connector.Identity
}
func TestQuery(t *testing.T) {
schema := `
dn: dc=example,dc=org
objectClass: dcObject
objectClass: organization
o: Example Company
dc: example
dn: ou=People,dc=example,dc=org
objectClass: organizationalUnit
ou: People
dn: cn=jane,ou=People,dc=example,dc=org
objectClass: person
objectClass: iNetOrgPerson
sn: doe
cn: jane
mail: janedoe@example.com
userpassword: foo
dn: cn=john,ou=People,dc=example,dc=org
objectClass: person
objectClass: iNetOrgPerson
sn: doe
cn: john
mail: johndoe@example.com
userpassword: bar
`
c := &Config{}
c.UserSearch.BaseDN = "ou=People,dc=example,dc=org"
c.UserSearch.NameAttr = "cn"
c.UserSearch.EmailAttr = "mail"
c.UserSearch.IDAttr = "DN"
c.UserSearch.Username = "cn"
tests := []subtest{
{
name: "validpassword",
username: "jane",
password: "foo",
want: connector.Identity{
UserID: "cn=jane,ou=People,dc=example,dc=org",
Username: "jane",
Email: "janedoe@example.com",
EmailVerified: true,
},
},
{
name: "validpassword2",
username: "john",
password: "bar",
want: connector.Identity{
UserID: "cn=john,ou=People,dc=example,dc=org",
Username: "john",
Email: "johndoe@example.com",
EmailVerified: true,
},
},
{
name: "invalidpassword",
username: "jane",
password: "badpassword",
wantBadPW: true,
},
{
name: "invaliduser",
username: "idontexist",
password: "foo",
wantBadPW: true, // Want invalid password, not a query error.
},
}
runTests(t, schema, c, tests)
}
func TestGroupQuery(t *testing.T) {
schema := `
dn: dc=example,dc=org
objectClass: dcObject
objectClass: organization
o: Example Company
dc: example
dn: ou=People,dc=example,dc=org
objectClass: organizationalUnit
ou: People
dn: cn=jane,ou=People,dc=example,dc=org
objectClass: person
objectClass: iNetOrgPerson
sn: doe
cn: jane
mail: janedoe@example.com
userpassword: foo
dn: cn=john,ou=People,dc=example,dc=org
objectClass: person
objectClass: iNetOrgPerson
sn: doe
cn: john
mail: johndoe@example.com
userpassword: bar
# Group definitions.
dn: ou=Groups,dc=example,dc=org
objectClass: organizationalUnit
ou: Groups
dn: cn=admins,ou=Groups,dc=example,dc=org
objectClass: groupOfNames
cn: admins
member: cn=john,ou=People,dc=example,dc=org
member: cn=jane,ou=People,dc=example,dc=org
dn: cn=developers,ou=Groups,dc=example,dc=org
objectClass: groupOfNames
cn: developers
member: cn=jane,ou=People,dc=example,dc=org
`
c := &Config{}
c.UserSearch.BaseDN = "ou=People,dc=example,dc=org"
c.UserSearch.NameAttr = "cn"
c.UserSearch.EmailAttr = "mail"
c.UserSearch.IDAttr = "DN"
c.UserSearch.Username = "cn"
c.GroupSearch.BaseDN = "ou=Groups,dc=example,dc=org"
c.GroupSearch.UserAttr = "DN"
c.GroupSearch.GroupAttr = "member"
c.GroupSearch.NameAttr = "cn"
tests := []subtest{
{
name: "validpassword",
username: "jane",
password: "foo",
groups: true,
want: connector.Identity{
UserID: "cn=jane,ou=People,dc=example,dc=org",
Username: "jane",
Email: "janedoe@example.com",
EmailVerified: true,
Groups: []string{"admins", "developers"},
},
},
{
name: "validpassword2",
username: "john",
password: "bar",
groups: true,
want: connector.Identity{
UserID: "cn=john,ou=People,dc=example,dc=org",
Username: "john",
Email: "johndoe@example.com",
EmailVerified: true,
Groups: []string{"admins"},
},
},
}
runTests(t, schema, c, tests)
}
// runTests runs a set of tests against an LDAP schema. It does this by
// setting up an OpenLDAP server and injecting the provided scheme.
//
// The tests require the slapd and ldapadd binaries available in the host
// machine's PATH.
//
// The DEX_LDAP_TESTS must be set to "1"
func runTests(t *testing.T, schema string, config *Config, tests []subtest) {
if os.Getenv(envVar) != "1" {
t.Skipf("%s not set. Skipping test (run 'export %s=1' to run tests)", envVar, envVar)
}
for _, cmd := range []string{"slapd", "ldapadd"} {
if _, err := exec.LookPath(cmd); err != nil {
t.Errorf("%s not available", cmd)
}
}
tempDir, err := ioutil.TempDir("", "")
if err != nil {
t.Fatal(err)
}
defer os.RemoveAll(tempDir)
configBytes := new(bytes.Buffer)
if err := slapdConfigTmpl.Execute(configBytes, tmplData{tempDir, includes(t)}); err != nil {
t.Fatal(err)
}
configPath := filepath.Join(tempDir, "ldap.conf")
if err := ioutil.WriteFile(configPath, configBytes.Bytes(), 0644); err != nil {
t.Fatal(err)
}
schemaPath := filepath.Join(tempDir, "schema.ldap")
if err := ioutil.WriteFile(schemaPath, []byte(schema), 0644); err != nil {
t.Fatal(err)
}
socketPath := url.QueryEscape(filepath.Join(tempDir, "ldap.unix"))
slapdOut := new(bytes.Buffer)
cmd := exec.Command(
"slapd",
"-d", "any",
"-h", "ldap://localhost:10363/ ldaps://localhost:10636/ ldapi://"+socketPath,
"-f", configPath,
)
cmd.Stdout = slapdOut
cmd.Stderr = slapdOut
if err := cmd.Start(); err != nil {
t.Fatal(err)
}
var (
// Wait group finishes once slapd has exited.
//
// Use a wait group because multiple goroutines can't listen on
// cmd.Wait(). It triggers the race detector.
wg = new(sync.WaitGroup)
// Ensure only one condition can set the slapdFailed boolean.
once = new(sync.Once)
slapdFailed bool
)
wg.Add(1)
go func() { cmd.Wait(); wg.Done() }()
defer func() {
if slapdFailed {
// If slapd exited before it was killed, print its logs.
t.Logf("%s\n", slapdOut)
}
}()
go func() {
wg.Wait()
once.Do(func() { slapdFailed = true })
}()
defer func() {
once.Do(func() { slapdFailed = false })
cmd.Process.Kill()
wg.Wait()
}()
// Wait for slapd to come up.
time.Sleep(100 * time.Millisecond)
ldapadd := exec.Command(
"ldapadd", "-x",
"-D", "cn=admin,dc=example,dc=org",
"-w", "admin",
"-f", schemaPath,
"-H", "ldap://localhost:10363/",
)
if out, err := ldapadd.CombinedOutput(); err != nil {
t.Errorf("ldapadd: %s", out)
return
}
// Shallow copy.
c := *config
// We need to configure host parameters but don't want to overwrite user or
// group search configuration.
c.Host = "localhost:10363"
c.InsecureNoSSL = true
c.BindDN = "cn=admin,dc=example,dc=org"
c.BindPW = "admin"
l := &logrus.Logger{Out: ioutil.Discard, Formatter: &logrus.TextFormatter{}}
conn, err := c.openConnector(l)
if err != nil {
t.Errorf("open connector: %v", err)
}
for _, test := range tests {
if test.name == "" {
t.Fatal("go a subtest with no name")
}
// Run the subtest.
t.Run(test.name, func(t *testing.T) {
s := connector.Scopes{OfflineAccess: true, Groups: test.groups}
ident, validPW, err := conn.Login(context.Background(), s, test.username, test.password)
if err != nil {
if !test.wantErr {
t.Fatalf("query failed: %v", err)
}
return
}
if test.wantErr {
t.Fatalf("wanted query to fail")
}
if !validPW {
if !test.wantBadPW {
t.Fatalf("invalid password: %v", err)
}
return
}
if test.wantBadPW {
t.Fatalf("wanted invalid password")
}
got := ident
got.ConnectorData = nil
if diff := pretty.Compare(test.want, got); diff != "" {
t.Error(diff)
return
}
// Verify that refresh tokens work.
ident, err = conn.Refresh(context.Background(), s, ident)
if err != nil {
t.Errorf("refresh failed: %v", err)
}
got = ident
got.ConnectorData = nil
if diff := pretty.Compare(test.want, got); diff != "" {
t.Errorf("after refresh: %s", diff)
}
})
}
}
// Standard OpenLDAP schema files to include.
//
// These are copied from the /etc/openldap/schema directory.
var includeFiles = []string{
"core.schema",
"cosine.schema",
"inetorgperson.schema",
"misc.schema",
"nis.schema",
"openldap.schema",
}
// tmplData is the struct used to execute the SLAPD config template.
type tmplData struct {
// Directory for database to be writen to.
TempDir string
// List of schema files to include.
Includes []string
}
// Config template copied from:
// http://www.zytrax.com/books/ldap/ch5/index.html#step1-slapd
var slapdConfigTmpl = template.Must(template.New("").Parse(`
{{ range $i, $include := .Includes }}
include {{ $include }}
{{ end }}
# MODULELOAD definitions
# not required (comment out) before version 2.3
moduleload back_bdb.la
database bdb
suffix "dc=example,dc=org"
# root or superuser
rootdn "cn=admin,dc=example,dc=org"
rootpw admin
# The database directory MUST exist prior to running slapd AND
# change path as necessary
directory {{ .TempDir }}
# Indices to maintain for this directory
# unique id so equality match only
index uid eq
# allows general searching on commonname, givenname and email
index cn,gn,mail eq,sub
# allows multiple variants on surname searching
index sn eq,sub
# sub above includes subintial,subany,subfinal
# optimise department searches
index ou eq
# if searches will include objectClass uncomment following
# index objectClass eq
# shows use of default index parameter
index default eq,sub
# indices missing - uses default eq,sub
index telephonenumber
# other database parameters
# read more in slapd.conf reference section
cachesize 10000
checkpoint 128 15
`))
func includes(t *testing.T) (paths []string) {
wd, err := os.Getwd()
if err != nil {
t.Fatalf("getting working directory: %v", err)
}
for _, f := range includeFiles {
p := filepath.Join(wd, "testdata", f)
if _, err := os.Stat(p); err != nil {
t.Fatalf("failed to find schema file: %s %v", p, err)
}
paths = append(paths, p)
}
return
}
# OpenLDAP Core schema
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2016 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
#
## Portions Copyright (C) The Internet Society (1997-2006).
## All Rights Reserved.
##
## This document and translations of it may be copied and furnished to
## others, and derivative works that comment on or otherwise explain it
## or assist in its implementation may be prepared, copied, published
## and distributed, in whole or in part, without restriction of any
## kind, provided that the above copyright notice and this paragraph are
## included on all such copies and derivative works. However, this
## document itself may not be modified in any way, such as by removing
## the copyright notice or references to the Internet Society or other
## Internet organizations, except as needed for the purpose of
## developing Internet standards in which case the procedures for
## copyrights defined in the Internet Standards process must be
## followed, or as required to translate it into languages other than
## English.
##
## The limited permissions granted above are perpetual and will not be
## revoked by the Internet Society or its successors or assigns.
##
## This document and the information contained herein is provided on an
## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
#
#
# Includes LDAPv3 schema items from:
# RFC 2252/2256 (LDAPv3)
#
# Select standard track schema items:
# RFC 1274 (uid/dc)
# RFC 2079 (URI)
# RFC 2247 (dc/dcObject)
# RFC 2587 (PKI)
# RFC 2589 (Dynamic Directory Services)
# RFC 4524 (associatedDomain)
#
# Select informational schema items:
# RFC 2377 (uidObject)
#
# Standard attribute types from RFC 2256
#
# system schema
#attributetype ( 2.5.4.0 NAME 'objectClass'
# DESC 'RFC2256: object classes of the entity'
# EQUALITY objectIdentifierMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
# system schema
#attributetype ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' )
# DESC 'RFC2256: name of aliased object'
# EQUALITY distinguishedNameMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
attributetype ( 2.5.4.2 NAME 'knowledgeInformation'
DESC 'RFC2256: knowledge information'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
# system schema
#attributetype ( 2.5.4.3 NAME ( 'cn' 'commonName' )
# DESC 'RFC2256: common name(s) for which the entity is known by'
# SUP name )
attributetype ( 2.5.4.4 NAME ( 'sn' 'surname' )
DESC 'RFC2256: last (family) name(s) for which the entity is known by'
SUP name )
attributetype ( 2.5.4.5 NAME 'serialNumber'
DESC 'RFC2256: serial number of the entity'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} )
# RFC 4519 definition ('countryName' in X.500 and RFC2256)
attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' )
DESC 'RFC4519: two-letter ISO-3166 country code'
SUP name
SYNTAX 1.3.6.1.4.1.1466.115.121.1.11
SINGLE-VALUE )
#attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' )
# DESC 'RFC2256: ISO-3166 country 2-letter code'
# SUP name SINGLE-VALUE )
attributetype ( 2.5.4.7 NAME ( 'l' 'localityName' )
DESC 'RFC2256: locality which this object resides in'
SUP name )
attributetype ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' )
DESC 'RFC2256: state or province which this object resides in'
SUP name )
attributetype ( 2.5.4.9 NAME ( 'street' 'streetAddress' )
DESC 'RFC2256: street address of this object'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
attributetype ( 2.5.4.10 NAME ( 'o' 'organizationName' )
DESC 'RFC2256: organization this object belongs to'
SUP name )
attributetype ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' )
DESC 'RFC2256: organizational unit this object belongs to'
SUP name )
attributetype ( 2.5.4.12 NAME 'title'
DESC 'RFC2256: title associated with the entity'
SUP name )
# system schema
#attributetype ( 2.5.4.13 NAME 'description'
# DESC 'RFC2256: descriptive information'
# EQUALITY caseIgnoreMatch
# SUBSTR caseIgnoreSubstringsMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
# Deprecated by enhancedSearchGuide
attributetype ( 2.5.4.14 NAME 'searchGuide'
DESC 'RFC2256: search guide, deprecated by enhancedSearchGuide'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 )
attributetype ( 2.5.4.15 NAME 'businessCategory'
DESC 'RFC2256: business category'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
attributetype ( 2.5.4.16 NAME 'postalAddress'
DESC 'RFC2256: postal address'
EQUALITY caseIgnoreListMatch
SUBSTR caseIgnoreListSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
attributetype ( 2.5.4.17 NAME 'postalCode'
DESC 'RFC2256: postal code'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
attributetype ( 2.5.4.18 NAME 'postOfficeBox'
DESC 'RFC2256: Post Office Box'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
attributetype ( 2.5.4.19 NAME 'physicalDeliveryOfficeName'
DESC 'RFC2256: Physical Delivery Office Name'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
attributetype ( 2.5.4.20 NAME 'telephoneNumber'
DESC 'RFC2256: Telephone Number'
EQUALITY telephoneNumberMatch
SUBSTR telephoneNumberSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} )
attributetype ( 2.5.4.21 NAME 'telexNumber'
DESC 'RFC2256: Telex Number'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 )
attributetype ( 2.5.4.22 NAME 'teletexTerminalIdentifier'
DESC 'RFC2256: Teletex Terminal Identifier'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 )
attributetype ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' )
DESC 'RFC2256: Facsimile (Fax) Telephone Number'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 )
attributetype ( 2.5.4.24 NAME 'x121Address'
DESC 'RFC2256: X.121 Address'
EQUALITY numericStringMatch
SUBSTR numericStringSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} )
attributetype ( 2.5.4.25 NAME 'internationaliSDNNumber'
DESC 'RFC2256: international ISDN number'
EQUALITY numericStringMatch
SUBSTR numericStringSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} )
attributetype ( 2.5.4.26 NAME 'registeredAddress'
DESC 'RFC2256: registered postal address'
SUP postalAddress
SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
attributetype ( 2.5.4.27 NAME 'destinationIndicator'
DESC 'RFC2256: destination indicator'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} )
attributetype ( 2.5.4.28 NAME 'preferredDeliveryMethod'
DESC 'RFC2256: preferred delivery method'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.14
SINGLE-VALUE )
attributetype ( 2.5.4.29 NAME 'presentationAddress'
DESC 'RFC2256: presentation address'
EQUALITY presentationAddressMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.43
SINGLE-VALUE )
attributetype ( 2.5.4.30 NAME 'supportedApplicationContext'
DESC 'RFC2256: supported application context'
EQUALITY objectIdentifierMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
attributetype ( 2.5.4.31 NAME 'member'
DESC 'RFC2256: member of a group'
SUP distinguishedName )
attributetype ( 2.5.4.32 NAME 'owner'
DESC 'RFC2256: owner (of the object)'
SUP distinguishedName )
attributetype ( 2.5.4.33 NAME 'roleOccupant'
DESC 'RFC2256: occupant of role'
SUP distinguishedName )
# system schema
#attributetype ( 2.5.4.34 NAME 'seeAlso'
# DESC 'RFC2256: DN of related object'
# SUP distinguishedName )
# system schema
#attributetype ( 2.5.4.35 NAME 'userPassword'
# DESC 'RFC2256/2307: password of user'
# EQUALITY octetStringMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
# Must be transferred using ;binary
# with certificateExactMatch rule (per X.509)
attributetype ( 2.5.4.36 NAME 'userCertificate'
DESC 'RFC2256: X.509 user certificate, use ;binary'
EQUALITY certificateExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
# Must be transferred using ;binary
# with certificateExactMatch rule (per X.509)
attributetype ( 2.5.4.37 NAME 'cACertificate'
DESC 'RFC2256: X.509 CA certificate, use ;binary'
EQUALITY certificateExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
# Must be transferred using ;binary
attributetype ( 2.5.4.38 NAME 'authorityRevocationList'
DESC 'RFC2256: X.509 authority revocation list, use ;binary'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
# Must be transferred using ;binary
attributetype ( 2.5.4.39 NAME 'certificateRevocationList'
DESC 'RFC2256: X.509 certificate revocation list, use ;binary'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
# Must be stored and requested in the binary form
attributetype ( 2.5.4.40 NAME 'crossCertificatePair'
DESC 'RFC2256: X.509 cross certificate pair, use ;binary'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 )
# system schema
#attributetype ( 2.5.4.41 NAME 'name'
# EQUALITY caseIgnoreMatch
# SUBSTR caseIgnoreSubstringsMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
attributetype ( 2.5.4.42 NAME ( 'givenName' 'gn' )
DESC 'RFC2256: first name(s) for which the entity is known by'
SUP name )
attributetype ( 2.5.4.43 NAME 'initials'
DESC 'RFC2256: initials of some or all of names, but not the surname(s).'
SUP name )
attributetype ( 2.5.4.44 NAME 'generationQualifier'
DESC 'RFC2256: name qualifier indicating a generation'
SUP name )
attributetype ( 2.5.4.45 NAME 'x500UniqueIdentifier'
DESC 'RFC2256: X.500 unique identifier'
EQUALITY bitStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )
attributetype ( 2.5.4.46 NAME 'dnQualifier'
DESC 'RFC2256: DN qualifier'
EQUALITY caseIgnoreMatch
ORDERING caseIgnoreOrderingMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
attributetype ( 2.5.4.47 NAME 'enhancedSearchGuide'
DESC 'RFC2256: enhanced search guide'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 )
attributetype ( 2.5.4.48 NAME 'protocolInformation'
DESC 'RFC2256: protocol information'
EQUALITY protocolInformationMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 )
# system schema
#attributetype ( 2.5.4.49 NAME 'distinguishedName'
# EQUALITY distinguishedNameMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 2.5.4.50 NAME 'uniqueMember'
DESC 'RFC2256: unique member of a group'
EQUALITY uniqueMemberMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 )
attributetype ( 2.5.4.51 NAME 'houseIdentifier'
DESC 'RFC2256: house identifier'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
# Must be transferred using ;binary
attributetype ( 2.5.4.52 NAME 'supportedAlgorithms'
DESC 'RFC2256: supported algorithms'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 )
# Must be transferred using ;binary
attributetype ( 2.5.4.53 NAME 'deltaRevocationList'
DESC 'RFC2256: delta revocation list; use ;binary'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
attributetype ( 2.5.4.54 NAME 'dmdName'
DESC 'RFC2256: name of DMD'
SUP name )
attributetype ( 2.5.4.65 NAME 'pseudonym'
DESC 'X.520(4th): pseudonym for the object'
SUP name )
# Standard object classes from RFC2256
# system schema
#objectclass ( 2.5.6.0 NAME 'top'
# DESC 'RFC2256: top of the superclass chain'
# ABSTRACT
# MUST objectClass )
# system schema
#objectclass ( 2.5.6.1 NAME 'alias'
# DESC 'RFC2256: an alias'
# SUP top STRUCTURAL
# MUST aliasedObjectName )
objectclass ( 2.5.6.2 NAME 'country'
DESC 'RFC2256: a country'
SUP top STRUCTURAL
MUST c
MAY ( searchGuide $ description ) )
objectclass ( 2.5.6.3 NAME 'locality'
DESC 'RFC2256: a locality'
SUP top STRUCTURAL
MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) )
objectclass ( 2.5.6.4 NAME 'organization'
DESC 'RFC2256: an organization'
SUP top STRUCTURAL
MUST o
MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $
facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
objectclass ( 2.5.6.5 NAME 'organizationalUnit'
DESC 'RFC2256: an organizational unit'
SUP top STRUCTURAL
MUST ou
MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $
facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
objectclass ( 2.5.6.6 NAME 'person'
DESC 'RFC2256: a person'
SUP top STRUCTURAL
MUST ( sn $ cn )
MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) )
objectclass ( 2.5.6.7 NAME 'organizationalPerson'
DESC 'RFC2256: an organizational person'
SUP person STRUCTURAL
MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $
facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) )
objectclass ( 2.5.6.8 NAME 'organizationalRole'
DESC 'RFC2256: an organizational role'
SUP top STRUCTURAL
MUST cn
MAY ( x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $
postOfficeBox $ postalCode $ postalAddress $
physicalDeliveryOfficeName $ ou $ st $ l $ description ) )
objectclass ( 2.5.6.9 NAME 'groupOfNames'
DESC 'RFC2256: a group of names (DNs)'
SUP top STRUCTURAL
MUST ( member $ cn )
MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
objectclass ( 2.5.6.10 NAME 'residentialPerson'
DESC 'RFC2256: an residential person'
SUP person STRUCTURAL
MUST l
MAY ( businessCategory $ x121Address $ registeredAddress $
destinationIndicator $ preferredDeliveryMethod $ telexNumber $
teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $
facsimileTelephoneNumber $ preferredDeliveryMethod $ street $
postOfficeBox $ postalCode $ postalAddress $
physicalDeliveryOfficeName $ st $ l ) )
objectclass ( 2.5.6.11 NAME 'applicationProcess'
DESC 'RFC2256: an application process'
SUP top STRUCTURAL
MUST cn
MAY ( seeAlso $ ou $ l $ description ) )
objectclass ( 2.5.6.12 NAME 'applicationEntity'
DESC 'RFC2256: an application entity'
SUP top STRUCTURAL
MUST ( presentationAddress $ cn )
MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $
description ) )
objectclass ( 2.5.6.13 NAME 'dSA'
DESC 'RFC2256: a directory system agent (a server)'
SUP applicationEntity STRUCTURAL
MAY knowledgeInformation )
objectclass ( 2.5.6.14 NAME 'device'
DESC 'RFC2256: a device'
SUP top STRUCTURAL
MUST cn
MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) )
objectclass ( 2.5.6.15 NAME 'strongAuthenticationUser'
DESC 'RFC2256: a strong authentication user'
SUP top AUXILIARY
MUST userCertificate )
objectclass ( 2.5.6.16 NAME 'certificationAuthority'
DESC 'RFC2256: a certificate authority'
SUP top AUXILIARY
MUST ( authorityRevocationList $ certificateRevocationList $
cACertificate ) MAY crossCertificatePair )
objectclass ( 2.5.6.17 NAME 'groupOfUniqueNames'
DESC 'RFC2256: a group of unique names (DN and Unique Identifier)'
SUP top STRUCTURAL
MUST ( uniqueMember $ cn )
MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
objectclass ( 2.5.6.18 NAME 'userSecurityInformation'
DESC 'RFC2256: a user security information'
SUP top AUXILIARY
MAY ( supportedAlgorithms ) )
objectclass ( 2.5.6.16.2 NAME 'certificationAuthority-V2'
SUP certificationAuthority
AUXILIARY MAY ( deltaRevocationList ) )
objectclass ( 2.5.6.19 NAME 'cRLDistributionPoint'
SUP top STRUCTURAL
MUST ( cn )
MAY ( certificateRevocationList $ authorityRevocationList $
deltaRevocationList ) )
objectclass ( 2.5.6.20 NAME 'dmd'
SUP top STRUCTURAL
MUST ( dmdName )
MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
street $ postOfficeBox $ postalCode $ postalAddress $
physicalDeliveryOfficeName $ st $ l $ description ) )
#
# Object Classes from RFC 2587
#
objectclass ( 2.5.6.21 NAME 'pkiUser'
DESC 'RFC2587: a PKI user'
SUP top AUXILIARY
MAY userCertificate )
objectclass ( 2.5.6.22 NAME 'pkiCA'
DESC 'RFC2587: PKI certificate authority'
SUP top AUXILIARY
MAY ( authorityRevocationList $ certificateRevocationList $
cACertificate $ crossCertificatePair ) )
objectclass ( 2.5.6.23 NAME 'deltaCRL'
DESC 'RFC2587: PKI user'
SUP top AUXILIARY
MAY deltaRevocationList )
#
# Standard Track URI label schema from RFC 2079
# system schema
#attributetype ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI'
# DESC 'RFC2079: Uniform Resource Identifier with optional label'
# EQUALITY caseExactMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
objectclass ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject'
DESC 'RFC2079: object that contains the URI attribute type'
SUP top AUXILIARY
MAY ( labeledURI ) )
#
# Derived from RFC 1274, but with new "short names"
#
#attributetype ( 0.9.2342.19200300.100.1.1
# NAME ( 'uid' 'userid' )
# DESC 'RFC1274: user identifier'
# EQUALITY caseIgnoreMatch
# SUBSTR caseIgnoreSubstringsMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 0.9.2342.19200300.100.1.3
NAME ( 'mail' 'rfc822Mailbox' )
DESC 'RFC1274: RFC822 Mailbox'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
DESC 'RFC1274: simple security object'
SUP top AUXILIARY
MUST userPassword )
# RFC 1274 + RFC 2247
attributetype ( 0.9.2342.19200300.100.1.25
NAME ( 'dc' 'domainComponent' )
DESC 'RFC1274/2247: domain component'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
# RFC 2247
objectclass ( 1.3.6.1.4.1.1466.344 NAME 'dcObject'
DESC 'RFC2247: domain component object'
SUP top AUXILIARY MUST dc )
# RFC 2377
objectclass ( 1.3.6.1.1.3.1 NAME 'uidObject'
DESC 'RFC2377: uid object'
SUP top AUXILIARY MUST uid )
# RFC 4524
# The 'associatedDomain' attribute specifies DNS [RFC1034][RFC2181]
# host names [RFC1123] that are associated with an object. That is,
# values of this attribute should conform to the following ABNF:
#
# domain = root / label *( DOT label )
# root = SPACE
# label = LETDIG [ *61( LETDIG / HYPHEN ) LETDIG ]
# LETDIG = %x30-39 / %x41-5A / %x61-7A ; "0" - "9" / "A"-"Z" / "a"-"z"
# SPACE = %x20 ; space (" ")
# HYPHEN = %x2D ; hyphen ("-")
# DOT = %x2E ; period (".")
attributetype ( 0.9.2342.19200300.100.1.37
NAME 'associatedDomain'
DESC 'RFC1274: domain associated with object'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
# RFC 2459 -- deprecated in favor of 'mail' (in cosine.schema)
attributetype ( 1.2.840.113549.1.9.1
NAME ( 'email' 'emailAddress' 'pkcs9email' )
DESC 'RFC3280: legacy attribute for email addresses in DNs'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
# RFC1274: Cosine and Internet X.500 schema
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2016 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
#
# RFC1274: Cosine and Internet X.500 schema
#
# This file contains LDAPv3 schema derived from X.500 COSINE "pilot"
# schema. As this schema was defined for X.500(89), some
# oddities were introduced in the mapping to LDAPv3. The
# mappings were based upon: draft-ietf-asid-ldapv3-attributes-03.txt
# (a work in progress)
#
# Note: It seems that the pilot schema evolved beyond what was
# described in RFC1274. However, this document attempts to describes
# RFC1274 as published.
#
# Depends on core.schema
# Network Working Group P. Barker
# Request for Comments: 1274 S. Kille
# University College London
# November 1991
#
# The COSINE and Internet X.500 Schema
#
# [trimmed]
#
# Abstract
#
# This document suggests an X.500 Directory Schema, or Naming
# Architecture, for use in the COSINE and Internet X.500 pilots. The
# schema is independent of any specific implementation. As well as
# indicating support for the standard object classes and attributes, a
# large number of generally useful object classes and attributes are
# also defined. An appendix to this document includes a machine
# processable version of the schema.
#
# [trimmed]
# 7. Object Identifiers
#
# Some additional object identifiers are defined for this schema.
# These are also reproduced in Appendix C.
#
# data OBJECT IDENTIFIER ::= {ccitt 9}
# pss OBJECT IDENTIFIER ::= {data 2342}
# ucl OBJECT IDENTIFIER ::= {pss 19200300}
# pilot OBJECT IDENTIFIER ::= {ucl 100}
#
# pilotAttributeType OBJECT IDENTIFIER ::= {pilot 1}
# pilotAttributeSyntax OBJECT IDENTIFIER ::= {pilot 3}
# pilotObjectClass OBJECT IDENTIFIER ::= {pilot 4}
# pilotGroups OBJECT IDENTIFIER ::= {pilot 10}
#
# iA5StringSyntax OBJECT IDENTIFIER ::= {pilotAttributeSyntax 4}
# caseIgnoreIA5StringSyntax OBJECT IDENTIFIER ::=
# {pilotAttributeSyntax 5}
#
# 8. Object Classes
# [relocated after 9]
#
# 9. Attribute Types
#
# 9.1. X.500 standard attribute types
#
# A number of generally useful attribute types are defined in X.520,
# and these are supported. Refer to that document for descriptions of
# the suggested usage of these attribute types. The ASN.1 for these
# attribute types is reproduced for completeness in Appendix C.
#
# 9.2. X.400 standard attribute types
#
# The standard X.400 attribute types are supported. See X.402 for full
# details. The ASN.1 for these attribute types is reproduced in
# Appendix C.
#
# 9.3. COSINE/Internet attribute types
#
# This section describes all the attribute types defined for use in the
# COSINE and Internet pilots. Descriptions are given as to the
# suggested usage of these attribute types. The ASN.1 for these
# attribute types is reproduced in Appendix C.
#
# 9.3.1. Userid
#
# The Userid attribute type specifies a computer system login name.
#
# userid ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-user-identifier))
# ::= {pilotAttributeType 1}
#
#(in core.schema)
##attributetype ( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' )
## EQUALITY caseIgnoreMatch
## SUBSTR caseIgnoreSubstringsMatch
## SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
# 9.3.2. Text Encoded O/R Address
#
# The Text Encoded O/R Address attribute type specifies a text encoding
# of an X.400 O/R address, as specified in RFC 987. The use of this
# attribute is deprecated as the attribute is intended for interim use
# only. This attribute will be the first candidate for the attribute
# expiry mechanisms!
#
# textEncodedORAddress ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-text-encoded-or-address))
# ::= {pilotAttributeType 2}
#
attributetype ( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
# 9.3.3. RFC 822 Mailbox
#
# The RFC822 Mailbox attribute type specifies an electronic mailbox
# attribute following the syntax specified in RFC 822. Note that this
# attribute should not be used for greybook or other non-Internet order
# mailboxes.
#
# rfc822Mailbox ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreIA5StringSyntax
# (SIZE (1 .. ub-rfc822-mailbox))
# ::= {pilotAttributeType 3}
#
#(in core.schema)
##attributetype ( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822Mailbox' )
## EQUALITY caseIgnoreIA5Match
## SUBSTR caseIgnoreIA5SubstringsMatch
## SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
# 9.3.4. Information
#
# The Information attribute type specifies any general information
# pertinent to an object. It is recommended that specific usage of
# this attribute type is avoided, and that specific requirements are
# met by other (possibly additional) attribute types.
#
# info ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-information))
# ::= {pilotAttributeType 4}
#
attributetype ( 0.9.2342.19200300.100.1.4 NAME 'info'
DESC 'RFC1274: general information'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} )
# 9.3.5. Favourite Drink
#
# The Favourite Drink attribute type specifies the favourite drink of
# an object (or person).
#
# favouriteDrink ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-favourite-drink))
# ::= {pilotAttributeType 5}
#
attributetype ( 0.9.2342.19200300.100.1.5
NAME ( 'drink' 'favouriteDrink' )
DESC 'RFC1274: favorite drink'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
# 9.3.6. Room Number
#
# The Room Number attribute type specifies the room number of an
# object. Note that the commonName attribute should be used for naming
# room objects.
#
# roomNumber ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-room-number))
# ::= {pilotAttributeType 6}
#
attributetype ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber'
DESC 'RFC1274: room number'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
# 9.3.7. Photo
#
# The Photo attribute type specifies a "photograph" for an object.
# This should be encoded in G3 fax as explained in recommendation T.4,
# with an ASN.1 wrapper to make it compatible with an X.400 BodyPart as
# defined in X.420.
#
# IMPORT G3FacsimileBodyPart FROM { mhs-motis ipms modules
# information-objects }
#
# photo ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# CHOICE {
# g3-facsimile [3] G3FacsimileBodyPart
# }
# (SIZE (1 .. ub-photo))
# ::= {pilotAttributeType 7}
#
attributetype ( 0.9.2342.19200300.100.1.7 NAME 'photo'
DESC 'RFC1274: photo (G3 fax)'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000} )
# 9.3.8. User Class
#
# The User Class attribute type specifies a category of computer user.
# The semantics placed on this attribute are for local interpretation.
# Examples of current usage od this attribute in academia are
# undergraduate student, researcher, lecturer, etc. Note that the
# organizationalStatus attribute may now often be preferred as it makes
# no distinction between computer users and others.
#
# userClass ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-user-class))
# ::= {pilotAttributeType 8}
#
attributetype ( 0.9.2342.19200300.100.1.8 NAME 'userClass'
DESC 'RFC1274: category of user'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
# 9.3.9. Host
#
# The Host attribute type specifies a host computer.
#
# host ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-host))
# ::= {pilotAttributeType 9}
#
attributetype ( 0.9.2342.19200300.100.1.9 NAME 'host'
DESC 'RFC1274: host computer'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
# 9.3.10. Manager
#
# The Manager attribute type specifies the manager of an object
# represented by an entry.
#
# manager ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# distinguishedNameSyntax
# ::= {pilotAttributeType 10}
#
attributetype ( 0.9.2342.19200300.100.1.10 NAME 'manager'
DESC 'RFC1274: DN of manager'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
# 9.3.11. Document Identifier
#
# The Document Identifier attribute type specifies a unique identifier
# for a document.
#
# documentIdentifier ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-document-identifier))
# ::= {pilotAttributeType 11}
#
attributetype ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier'
DESC 'RFC1274: unique identifier of document'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
# 9.3.12. Document Title
#
# The Document Title attribute type specifies the title of a document.
#
# documentTitle ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-document-title))
# ::= {pilotAttributeType 12}
#
attributetype ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle'
DESC 'RFC1274: title of document'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
# 9.3.13. Document Version
#
# The Document Version attribute type specifies the version number of a
# document.
#
# documentVersion ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-document-version))
# ::= {pilotAttributeType 13}
#
attributetype ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion'
DESC 'RFC1274: version of document'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
# 9.3.14. Document Author
#
# The Document Author attribute type specifies the distinguished name
# of the author of a document.
#
# documentAuthor ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# distinguishedNameSyntax
# ::= {pilotAttributeType 14}
#
attributetype ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor'
DESC 'RFC1274: DN of author of document'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
# 9.3.15. Document Location
#
# The Document Location attribute type specifies the location of the
# document original.
#
# documentLocation ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-document-location))
# ::= {pilotAttributeType 15}
#
attributetype ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation'
DESC 'RFC1274: location of document original'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
# 9.3.16. Home Telephone Number
#
# The Home Telephone Number attribute type specifies a home telephone
# number associated with a person. Attribute values should follow the
# agreed format for international telephone numbers: i.e., "+44 71 123
# 4567".
#
# homeTelephoneNumber ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# telephoneNumberSyntax
# ::= {pilotAttributeType 20}
#
attributetype ( 0.9.2342.19200300.100.1.20
NAME ( 'homePhone' 'homeTelephoneNumber' )
DESC 'RFC1274: home telephone number'
EQUALITY telephoneNumberMatch
SUBSTR telephoneNumberSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
# 9.3.17. Secretary
#
# The Secretary attribute type specifies the secretary of a person.
# The attribute value for Secretary is a distinguished name.
#
# secretary ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# distinguishedNameSyntax
# ::= {pilotAttributeType 21}
#
attributetype ( 0.9.2342.19200300.100.1.21 NAME 'secretary'
DESC 'RFC1274: DN of secretary'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
# 9.3.18. Other Mailbox
#
# The Other Mailbox attribute type specifies values for electronic
# mailbox types other than X.400 and rfc822.
#
# otherMailbox ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# SEQUENCE {
# mailboxType PrintableString, -- e.g. Telemail
# mailbox IA5String -- e.g. X378:Joe
# }
# ::= {pilotAttributeType 22}
#
attributetype ( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.39 )
# 9.3.19. Last Modified Time
#
# The Last Modified Time attribute type specifies the last time, in UTC
# time, that an entry was modified. Ideally, this attribute should be
# maintained by the DSA.
#
# lastModifiedTime ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# uTCTimeSyntax
# ::= {pilotAttributeType 23}
#
## Deprecated in favor of modifyTimeStamp
#attributetype ( 0.9.2342.19200300.100.1.23 NAME 'lastModifiedTime'
# DESC 'RFC1274: time of last modify, replaced by modifyTimestamp'
# OBSOLETE
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.53
# USAGE directoryOperation )
# 9.3.20. Last Modified By
#
# The Last Modified By attribute specifies the distinguished name of
# the last user to modify the associated entry. Ideally, this
# attribute should be maintained by the DSA.
#
# lastModifiedBy ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# distinguishedNameSyntax
# ::= {pilotAttributeType 24}
#
## Deprecated in favor of modifiersName
#attributetype ( 0.9.2342.19200300.100.1.24 NAME 'lastModifiedBy'
# DESC 'RFC1274: last modifier, replaced by modifiersName'
# OBSOLETE
# EQUALITY distinguishedNameMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
# USAGE directoryOperation )
# 9.3.21. Domain Component
#
# The Domain Component attribute type specifies a DNS/NRS domain. For
# example, "uk" or "ac".
#
# domainComponent ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreIA5StringSyntax
# SINGLE VALUE
# ::= {pilotAttributeType 25}
#
##(in core.schema)
##attributetype ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domainComponent' )
## EQUALITY caseIgnoreIA5Match
## SUBSTR caseIgnoreIA5SubstringsMatch
## SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
# 9.3.22. DNS ARecord
#
# The A Record attribute type specifies a type A (Address) DNS resource
# record [6] [7].
#
# aRecord ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# DNSRecordSyntax
# ::= {pilotAttributeType 26}
#
## incorrect syntax?
attributetype ( 0.9.2342.19200300.100.1.26 NAME 'aRecord'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
## missing from RFC1274
## incorrect syntax?
attributetype ( 0.9.2342.19200300.100.1.27 NAME 'mDRecord'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
# 9.3.23. MX Record
#
# The MX Record attribute type specifies a type MX (Mail Exchange) DNS
# resource record [6] [7].
#
# mXRecord ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# DNSRecordSyntax
# ::= {pilotAttributeType 28}
#
## incorrect syntax!!
attributetype ( 0.9.2342.19200300.100.1.28 NAME 'mXRecord'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
# 9.3.24. NS Record
#
# The NS Record attribute type specifies an NS (Name Server) DNS
# resource record [6] [7].
#
# nSRecord ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# DNSRecordSyntax
# ::= {pilotAttributeType 29}
#
## incorrect syntax!!
attributetype ( 0.9.2342.19200300.100.1.29 NAME 'nSRecord'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
# 9.3.25. SOA Record
#
# The SOA Record attribute type specifies a type SOA (Start of
# Authority) DNS resorce record [6] [7].
#
# sOARecord ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# DNSRecordSyntax
# ::= {pilotAttributeType 30}
#
## incorrect syntax!!
attributetype ( 0.9.2342.19200300.100.1.30 NAME 'sOARecord'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
# 9.3.26. CNAME Record
#
# The CNAME Record attribute type specifies a type CNAME (Canonical
# Name) DNS resource record [6] [7].
#
# cNAMERecord ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# iA5StringSyntax
# ::= {pilotAttributeType 31}
#
## incorrect syntax!!
attributetype ( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
# 9.3.27. Associated Domain
#
# The Associated Domain attribute type specifies a DNS or NRS domain
# which is associated with an object in the DIT. For example, the entry
# in the DIT with a distinguished name "C=GB, O=University College
# London" would have an associated domain of "UCL.AC.UK. Note that all
# domains should be represented in rfc822 order. See [3] for more
# details of usage of this attribute.
#
# associatedDomain ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreIA5StringSyntax
# ::= {pilotAttributeType 37}
#
#attributetype ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain'
# EQUALITY caseIgnoreIA5Match
# SUBSTR caseIgnoreIA5SubstringsMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
# 9.3.28. Associated Name
#
# The Associated Name attribute type specifies an entry in the
# organisational DIT associated with a DNS/NRS domain. See [3] for
# more details of usage of this attribute.
#
# associatedName ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# distinguishedNameSyntax
# ::= {pilotAttributeType 38}
#
attributetype ( 0.9.2342.19200300.100.1.38 NAME 'associatedName'
DESC 'RFC1274: DN of entry associated with domain'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
# 9.3.29. Home postal address
#
# The Home postal address attribute type specifies a home postal
# address for an object. This should be limited to up to 6 lines of 30
# characters each.
#
# homePostalAddress ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# postalAddress
# MATCHES FOR EQUALITY
# ::= {pilotAttributeType 39}
#
attributetype ( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress'
DESC 'RFC1274: home postal address'
EQUALITY caseIgnoreListMatch
SUBSTR caseIgnoreListSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
# 9.3.30. Personal Title
#
# The Personal Title attribute type specifies a personal title for a
# person. Examples of personal titles are "Ms", "Dr", "Prof" and "Rev".
#
# personalTitle ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-personal-title))
# ::= {pilotAttributeType 40}
#
attributetype ( 0.9.2342.19200300.100.1.40 NAME 'personalTitle'
DESC 'RFC1274: personal title'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
# 9.3.31. Mobile Telephone Number
#
# The Mobile Telephone Number attribute type specifies a mobile
# telephone number associated with a person. Attribute values should
# follow the agreed format for international telephone numbers: i.e.,
# "+44 71 123 4567".
#
# mobileTelephoneNumber ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# telephoneNumberSyntax
# ::= {pilotAttributeType 41}
#
attributetype ( 0.9.2342.19200300.100.1.41
NAME ( 'mobile' 'mobileTelephoneNumber' )
DESC 'RFC1274: mobile telephone number'
EQUALITY telephoneNumberMatch
SUBSTR telephoneNumberSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
# 9.3.32. Pager Telephone Number
#
# The Pager Telephone Number attribute type specifies a pager telephone
# number for an object. Attribute values should follow the agreed
# format for international telephone numbers: i.e., "+44 71 123 4567".
#
# pagerTelephoneNumber ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# telephoneNumberSyntax
# ::= {pilotAttributeType 42}
#
attributetype ( 0.9.2342.19200300.100.1.42
NAME ( 'pager' 'pagerTelephoneNumber' )
DESC 'RFC1274: pager telephone number'
EQUALITY telephoneNumberMatch
SUBSTR telephoneNumberSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
# 9.3.33. Friendly Country Name
#
# The Friendly Country Name attribute type specifies names of countries
# in human readable format. The standard attribute country name must
# be one of the two-letter codes defined in ISO 3166.
#
# friendlyCountryName ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# ::= {pilotAttributeType 43}
#
attributetype ( 0.9.2342.19200300.100.1.43
NAME ( 'co' 'friendlyCountryName' )
DESC 'RFC1274: friendly country name'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
# 9.3.34. Unique Identifier
#
# The Unique Identifier attribute type specifies a "unique identifier"
# for an object represented in the Directory. The domain within which
# the identifier is unique, and the exact semantics of the identifier,
# are for local definition. For a person, this might be an
# institution-wide payroll number. For an organisational unit, it
# might be a department code.
#
# uniqueIdentifier ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-unique-identifier))
# ::= {pilotAttributeType 44}
#
attributetype ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier'
DESC 'RFC1274: unique identifer'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
# 9.3.35. Organisational Status
#
# The Organisational Status attribute type specifies a category by
# which a person is often referred to in an organisation. Examples of
# usage in academia might include undergraduate student, researcher,
# lecturer, etc.
#
# A Directory administrator should probably consider carefully the
# distinctions between this and the title and userClass attributes.
#
# organizationalStatus ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-organizational-status))
# ::= {pilotAttributeType 45}
#
attributetype ( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus'
DESC 'RFC1274: organizational status'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
# 9.3.36. Janet Mailbox
#
# The Janet Mailbox attribute type specifies an electronic mailbox
# attribute following the syntax specified in the Grey Book of the
# Coloured Book series. This attribute is intended for the convenience
# of U.K users unfamiliar with rfc822 and little-endian mail addresses.
# Entries using this attribute MUST also include an rfc822Mailbox
# attribute.
#
# janetMailbox ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreIA5StringSyntax
# (SIZE (1 .. ub-janet-mailbox))
# ::= {pilotAttributeType 46}
#
attributetype ( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox'
DESC 'RFC1274: Janet mailbox'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
# 9.3.37. Mail Preference Option
#
# An attribute to allow users to indicate a preference for inclusion of
# their names on mailing lists (electronic or physical). The absence
# of such an attribute should be interpreted as if the attribute was
# present with value "no-list-inclusion". This attribute should be
# interpreted by anyone using the directory to derive mailing lists,
# and its value respected.
#
# mailPreferenceOption ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX ENUMERATED {
# no-list-inclusion(0),
# any-list-inclusion(1), -- may be added to any lists
# professional-list-inclusion(2)
# -- may be added to lists
# -- which the list provider
# -- views as related to the
# -- users professional inter-
# -- ests, perhaps evaluated
# -- from the business of the
# -- organisation or keywords
# -- in the entry.
# }
# ::= {pilotAttributeType 47}
#
attributetype ( 0.9.2342.19200300.100.1.47
NAME 'mailPreferenceOption'
DESC 'RFC1274: mail preference option'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
# 9.3.38. Building Name
#
# The Building Name attribute type specifies the name of the building
# where an organisation or organisational unit is based.
#
# buildingName ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-building-name))
# ::= {pilotAttributeType 48}
#
attributetype ( 0.9.2342.19200300.100.1.48 NAME 'buildingName'
DESC 'RFC1274: name of building'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
# 9.3.39. DSA Quality
#
# The DSA Quality attribute type specifies the purported quality of a
# DSA. It allows a DSA manager to indicate the expected level of
# availability of the DSA. See [8] for details of the syntax.
#
# dSAQuality ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX DSAQualitySyntax
# SINGLE VALUE
# ::= {pilotAttributeType 49}
#
attributetype ( 0.9.2342.19200300.100.1.49 NAME 'dSAQuality'
DESC 'RFC1274: DSA Quality'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.19 SINGLE-VALUE )
# 9.3.40. Single Level Quality
#
# The Single Level Quality attribute type specifies the purported data
# quality at the level immediately below in the DIT. See [8] for
# details of the syntax.
#
# singleLevelQuality ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX DataQualitySyntax
# SINGLE VALUE
# ::= {pilotAttributeType 50}
#
attributetype ( 0.9.2342.19200300.100.1.50 NAME 'singleLevelQuality'
DESC 'RFC1274: Single Level Quality'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE )
# 9.3.41. Subtree Minimum Quality
#
# The Subtree Minimum Quality attribute type specifies the purported
# minimum data quality for a DIT subtree. See [8] for more discussion
# and details of the syntax.
#
# subtreeMinimumQuality ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX DataQualitySyntax
# SINGLE VALUE
# -- Defaults to singleLevelQuality
# ::= {pilotAttributeType 51}
#
attributetype ( 0.9.2342.19200300.100.1.51 NAME 'subtreeMinimumQuality'
DESC 'RFC1274: Subtree Mininum Quality'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE )
# 9.3.42. Subtree Maximum Quality
#
# The Subtree Maximum Quality attribute type specifies the purported
# maximum data quality for a DIT subtree. See [8] for more discussion
# and details of the syntax.
#
# subtreeMaximumQuality ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX DataQualitySyntax
# SINGLE VALUE
# -- Defaults to singleLevelQuality
# ::= {pilotAttributeType 52}
#
attributetype ( 0.9.2342.19200300.100.1.52 NAME 'subtreeMaximumQuality'
DESC 'RFC1274: Subtree Maximun Quality'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE )
# 9.3.43. Personal Signature
#
# The Personal Signature attribute type allows for a representation of
# a person's signature. This should be encoded in G3 fax as explained
# in recommendation T.4, with an ASN.1 wrapper to make it compatible
# with an X.400 BodyPart as defined in X.420.
#
# IMPORT G3FacsimileBodyPart FROM { mhs-motis ipms modules
# information-objects }
#
# personalSignature ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# CHOICE {
# g3-facsimile [3] G3FacsimileBodyPart
# }
# (SIZE (1 .. ub-personal-signature))
# ::= {pilotAttributeType 53}
#
attributetype ( 0.9.2342.19200300.100.1.53 NAME 'personalSignature'
DESC 'RFC1274: Personal Signature (G3 fax)'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.23 )
# 9.3.44. DIT Redirect
#
# The DIT Redirect attribute type is used to indicate that the object
# described by one entry now has a newer entry in the DIT. The entry
# containing the redirection attribute should be expired after a
# suitable grace period. This attribute may be used when an individual
# changes his/her place of work, and thus acquires a new organisational
# DN.
#
# dITRedirect ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# distinguishedNameSyntax
# ::= {pilotAttributeType 54}
#
attributetype ( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect'
DESC 'RFC1274: DIT Redirect'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
# 9.3.45. Audio
#
# The Audio attribute type allows the storing of sounds in the
# Directory. The attribute uses a u-law encoded sound file as used by
# the "play" utility on a Sun 4. This is an interim format.
#
# audio ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# Audio
# (SIZE (1 .. ub-audio))
# ::= {pilotAttributeType 55}
#
attributetype ( 0.9.2342.19200300.100.1.55 NAME 'audio'
DESC 'RFC1274: audio (u-law)'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.4{25000} )
# 9.3.46. Publisher of Document
#
#
# The Publisher of Document attribute is the person and/or organization
# that published a document.
#
# documentPublisher ATTRIBUTE
# WITH ATTRIBUTE SYNTAX caseIgnoreStringSyntax
# ::= {pilotAttributeType 56}
#
attributetype ( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher'
DESC 'RFC1274: publisher of document'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
# 9.4. Generally useful syntaxes
#
# caseIgnoreIA5StringSyntax ATTRIBUTE-SYNTAX
# IA5String
# MATCHES FOR EQUALITY SUBSTRINGS
#
# iA5StringSyntax ATTRIBUTE-SYNTAX
# IA5String
# MATCHES FOR EQUALITY SUBSTRINGS
#
#
# -- Syntaxes to support the DNS attributes
#
# DNSRecordSyntax ATTRIBUTE-SYNTAX
# IA5String
# MATCHES FOR EQUALITY
#
#
# NRSInformationSyntax ATTRIBUTE-SYNTAX
# NRSInformation
# MATCHES FOR EQUALITY
#
#
# NRSInformation ::= SET {
# [0] Context,
# [1] Address-space-id,
# routes [2] SEQUENCE OF SEQUENCE {
# Route-cost,
# Addressing-info }
# }
#
#
# 9.5. Upper bounds on length of attribute values
#
#
# ub-document-identifier INTEGER ::= 256
#
# ub-document-location INTEGER ::= 256
#
# ub-document-title INTEGER ::= 256
#
# ub-document-version INTEGER ::= 256
#
# ub-favourite-drink INTEGER ::= 256
#
# ub-host INTEGER ::= 256
#
# ub-information INTEGER ::= 2048
#
# ub-unique-identifier INTEGER ::= 256
#
# ub-personal-title INTEGER ::= 256
#
# ub-photo INTEGER ::= 250000
#
# ub-rfc822-mailbox INTEGER ::= 256
#
# ub-room-number INTEGER ::= 256
#
# ub-text-or-address INTEGER ::= 256
#
# ub-user-class INTEGER ::= 256
#
# ub-user-identifier INTEGER ::= 256
#
# ub-organizational-status INTEGER ::= 256
#
# ub-janet-mailbox INTEGER ::= 256
#
# ub-building-name INTEGER ::= 256
#
# ub-personal-signature ::= 50000
#
# ub-audio INTEGER ::= 250000
#
# [back to 8]
# 8. Object Classes
#
# 8.1. X.500 standard object classes
#
# A number of generally useful object classes are defined in X.521, and
# these are supported. Refer to that document for descriptions of the
# suggested usage of these object classes. The ASN.1 for these object
# classes is reproduced for completeness in Appendix C.
#
# 8.2. X.400 standard object classes
#
# A number of object classes defined in X.400 are supported. Refer to
# X.402 for descriptions of the usage of these object classes. The
# ASN.1 for these object classes is reproduced for completeness in
# Appendix C.
#
# 8.3. COSINE/Internet object classes
#
# This section attempts to fuse together the object classes designed
# for use in the COSINE and Internet pilot activities. Descriptions
# are given of the suggested usage of these object classes. The ASN.1
# for these object classes is also reproduced in Appendix C.
#
# 8.3.1. Pilot Object
#
# The PilotObject object class is used as a sub-class to allow some
# common, useful attributes to be assigned to entries of all other
# object classes.
#
# pilotObject OBJECT-CLASS
# SUBCLASS OF top
# MAY CONTAIN {
# info,
# photo,
# manager,
# uniqueIdentifier,
# lastModifiedTime,
# lastModifiedBy,
# dITRedirect,
# audio}
# ::= {pilotObjectClass 3}
#
#objectclass ( 0.9.2342.19200300.100.4.3 NAME 'pilotObject'
# DESC 'RFC1274: pilot object'
# SUP top AUXILIARY
# MAY ( info $ photo $ manager $ uniqueIdentifier $
# lastModifiedTime $ lastModifiedBy $ dITRedirect $ audio )
# )
# 8.3.2. Pilot Person
#
# The PilotPerson object class is used as a sub-class of person, to
# allow the use of a number of additional attributes to be assigned to
# entries of object class person.
#
# pilotPerson OBJECT-CLASS
# SUBCLASS OF person
# MAY CONTAIN {
# userid,
# textEncodedORAddress,
# rfc822Mailbox,
# favouriteDrink,
# roomNumber,
# userClass,
# homeTelephoneNumber,
# homePostalAddress,
# secretary,
# personalTitle,
# preferredDeliveryMethod,
# businessCategory,
# janetMailbox,
# otherMailbox,
# mobileTelephoneNumber,
# pagerTelephoneNumber,
# organizationalStatus,
# mailPreferenceOption,
# personalSignature}
# ::= {pilotObjectClass 4}
#
objectclass ( 0.9.2342.19200300.100.4.4
NAME ( 'pilotPerson' 'newPilotPerson' )
SUP person STRUCTURAL
MAY ( userid $ textEncodedORAddress $ rfc822Mailbox $
favouriteDrink $ roomNumber $ userClass $
homeTelephoneNumber $ homePostalAddress $ secretary $
personalTitle $ preferredDeliveryMethod $ businessCategory $
janetMailbox $ otherMailbox $ mobileTelephoneNumber $
pagerTelephoneNumber $ organizationalStatus $
mailPreferenceOption $ personalSignature )
)
# 8.3.3. Account
#
# The Account object class is used to define entries representing
# computer accounts. The userid attribute should be used for naming
# entries of this object class.
#
# account OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# userid}
# MAY CONTAIN {
# description,
# seeAlso,
# localityName,
# organizationName,
# organizationalUnitName,
# host}
# ::= {pilotObjectClass 5}
#
objectclass ( 0.9.2342.19200300.100.4.5 NAME 'account'
SUP top STRUCTURAL
MUST userid
MAY ( description $ seeAlso $ localityName $
organizationName $ organizationalUnitName $ host )
)
# 8.3.4. Document
#
# The Document object class is used to define entries which represent
# documents.
#
# document OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# documentIdentifier}
# MAY CONTAIN {
# commonName,
# description,
# seeAlso,
# localityName,
# organizationName,
# organizationalUnitName,
# documentTitle,
# documentVersion,
# documentAuthor,
# documentLocation,
# documentPublisher}
# ::= {pilotObjectClass 6}
#
objectclass ( 0.9.2342.19200300.100.4.6 NAME 'document'
SUP top STRUCTURAL
MUST documentIdentifier
MAY ( commonName $ description $ seeAlso $ localityName $
organizationName $ organizationalUnitName $
documentTitle $ documentVersion $ documentAuthor $
documentLocation $ documentPublisher )
)
# 8.3.5. Room
#
# The Room object class is used to define entries representing rooms.
# The commonName attribute should be used for naming pentries of this
# object class.
#
# room OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# commonName}
# MAY CONTAIN {
# roomNumber,
# description,
# seeAlso,
# telephoneNumber}
# ::= {pilotObjectClass 7}
#
objectclass ( 0.9.2342.19200300.100.4.7 NAME 'room'
SUP top STRUCTURAL
MUST commonName
MAY ( roomNumber $ description $ seeAlso $ telephoneNumber )
)
# 8.3.6. Document Series
#
# The Document Series object class is used to define an entry which
# represents a series of documents (e.g., The Request For Comments
# papers).
#
# documentSeries OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# commonName}
# MAY CONTAIN {
# description,
# seeAlso,
# telephoneNumber,
# localityName,
# organizationName,
# organizationalUnitName}
# ::= {pilotObjectClass 9}
#
objectclass ( 0.9.2342.19200300.100.4.9 NAME 'documentSeries'
SUP top STRUCTURAL
MUST commonName
MAY ( description $ seeAlso $ telephonenumber $
localityName $ organizationName $ organizationalUnitName )
)
# 8.3.7. Domain
#
# The Domain object class is used to define entries which represent DNS
# or NRS domains. The domainComponent attribute should be used for
# naming entries of this object class. The usage of this object class
# is described in more detail in [3].
#
# domain OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# domainComponent}
# MAY CONTAIN {
# associatedName,
# organizationName,
# organizationalAttributeSet}
# ::= {pilotObjectClass 13}
#
objectclass ( 0.9.2342.19200300.100.4.13 NAME 'domain'
SUP top STRUCTURAL
MUST domainComponent
MAY ( associatedName $ organizationName $ description $
businessCategory $ seeAlso $ searchGuide $ userPassword $
localityName $ stateOrProvinceName $ streetAddress $
physicalDeliveryOfficeName $ postalAddress $ postalCode $
postOfficeBox $ streetAddress $
facsimileTelephoneNumber $ internationalISDNNumber $
telephoneNumber $ teletexTerminalIdentifier $ telexNumber $
preferredDeliveryMethod $ destinationIndicator $
registeredAddress $ x121Address )
)
# 8.3.8. RFC822 Local Part
#
# The RFC822 Local Part object class is used to define entries which
# represent the local part of RFC822 mail addresses. This treats this
# part of an RFC822 address as a domain. The usage of this object
# class is described in more detail in [3].
#
# rFC822localPart OBJECT-CLASS
# SUBCLASS OF domain
# MAY CONTAIN {
# commonName,
# surname,
# description,
# seeAlso,
# telephoneNumber,
# postalAttributeSet,
# telecommunicationAttributeSet}
# ::= {pilotObjectClass 14}
#
objectclass ( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart'
SUP domain STRUCTURAL
MAY ( commonName $ surname $ description $ seeAlso $ telephoneNumber $
physicalDeliveryOfficeName $ postalAddress $ postalCode $
postOfficeBox $ streetAddress $
facsimileTelephoneNumber $ internationalISDNNumber $
telephoneNumber $ teletexTerminalIdentifier $
telexNumber $ preferredDeliveryMethod $ destinationIndicator $
registeredAddress $ x121Address )
)
# 8.3.9. DNS Domain
#
# The DNS Domain (Domain NameServer) object class is used to define
# entries for DNS domains. The usage of this object class is described
# in more detail in [3].
#
# dNSDomain OBJECT-CLASS
# SUBCLASS OF domain
# MAY CONTAIN {
# ARecord,
# MDRecord,
# MXRecord,
# NSRecord,
# SOARecord,
# CNAMERecord}
# ::= {pilotObjectClass 15}
#
objectclass ( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain'
SUP domain STRUCTURAL
MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $
SOARecord $ CNAMERecord )
)
# 8.3.10. Domain Related Object
#
# The Domain Related Object object class is used to define entries
# which represent DNS/NRS domains which are "equivalent" to an X.500
# domain: e.g., an organisation or organisational unit. The usage of
# this object class is described in more detail in [3].
#
# domainRelatedObject OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# associatedDomain}
# ::= {pilotObjectClass 17}
#
objectclass ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject'
DESC 'RFC1274: an object related to an domain'
SUP top AUXILIARY
MUST associatedDomain )
# 8.3.11. Friendly Country
#
# The Friendly Country object class is used to define country entries
# in the DIT. The object class is used to allow friendlier naming of
# countries than that allowed by the object class country. The naming
# attribute of object class country, countryName, has to be a 2 letter
# string defined in ISO 3166.
#
# friendlyCountry OBJECT-CLASS
# SUBCLASS OF country
# MUST CONTAIN {
# friendlyCountryName}
# ::= {pilotObjectClass 18}
#
objectclass ( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry'
SUP country STRUCTURAL
MUST friendlyCountryName )
# 8.3.12. Simple Security Object
#
# The Simple Security Object object class is used to allow an entry to
# have a userPassword attribute when an entry's principal object
# classes do not allow userPassword as an attribute type.
#
# simpleSecurityObject OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# userPassword }
# ::= {pilotObjectClass 19}
#
## (in core.schema)
## objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
## SUP top AUXILIARY
## MUST userPassword )
# 8.3.13. Pilot Organization
#
# The PilotOrganization object class is used as a sub-class of
# organization and organizationalUnit to allow a number of additional
# attributes to be assigned to entries of object classes organization
# and organizationalUnit.
#
# pilotOrganization OBJECT-CLASS
# SUBCLASS OF organization, organizationalUnit
# MAY CONTAIN {
# buildingName}
# ::= {pilotObjectClass 20}
#
objectclass ( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization'
SUP ( organization $ organizationalUnit ) STRUCTURAL
MAY buildingName )
# 8.3.14. Pilot DSA
#
# The PilotDSA object class is used as a sub-class of the dsa object
# class to allow additional attributes to be assigned to entries for
# DSAs.
#
# pilotDSA OBJECT-CLASS
# SUBCLASS OF dsa
# MUST CONTAIN {
# dSAQuality}
# ::= {pilotObjectClass 21}
#
objectclass ( 0.9.2342.19200300.100.4.21 NAME 'pilotDSA'
SUP dsa STRUCTURAL
MAY dSAQuality )
# 8.3.15. Quality Labelled Data
#
# The Quality Labelled Data object class is used to allow the
# assignment of the data quality attributes to subtrees in the DIT.
#
# See [8] for more details.
#
# qualityLabelledData OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# dSAQuality}
# MAY CONTAIN {
# subtreeMinimumQuality,
# subtreeMaximumQuality}
# ::= {pilotObjectClass 22}
objectclass ( 0.9.2342.19200300.100.4.22 NAME 'qualityLabelledData'
SUP top AUXILIARY
MUST dsaQuality
MAY ( subtreeMinimumQuality $ subtreeMaximumQuality )
)
# References
#
# [1] CCITT/ISO, "X.500, The Directory - overview of concepts,
# models and services, CCITT /ISO IS 9594.
#
# [2] Kille, S., "The THORN and RARE X.500 Naming Architecture, in
# University College London, Department of Computer Science
# Research Note 89/48, May 1989.
#
# [3] Kille, S., "X.500 and Domains", RFC 1279, University College
# London, November 1991.
#
# [4] Rose, M., "PSI/NYSERNet White Pages Pilot Project: Status
# Report", Technical Report 90-09-10-1, published by NYSERNet
# Inc, 1990.
#
# [5] Craigie, J., "UK Academic Community Directory Service Pilot
# Project, pp. 305-310 in Computer Networks and ISDN Systems
# 17 (1989), published by North Holland.
#
# [6] Mockapetris, P., "Domain Names - Concepts and Facilities",
# RFC 1034, USC/Information Sciences Institute, November 1987.
#
# [7] Mockapetris, P., "Domain Names - Implementation and
# Specification, RFC 1035, USC/Information Sciences Institute,
# November 1987.
#
# [8] Kille, S., "Handling QOS (Quality of service) in the
# Directory," publication in process, March 1991.
#
#
# APPENDIX C - Summary of all Object Classes and Attribute Types
#
# -- Some Important Object Identifiers
#
# data OBJECT IDENTIFIER ::= {ccitt 9}
# pss OBJECT IDENTIFIER ::= {data 2342}
# ucl OBJECT IDENTIFIER ::= {pss 19200300}
# pilot OBJECT IDENTIFIER ::= {ucl 100}
#
# pilotAttributeType OBJECT IDENTIFIER ::= {pilot 1}
# pilotAttributeSyntax OBJECT IDENTIFIER ::= {pilot 3}
# pilotObjectClass OBJECT IDENTIFIER ::= {pilot 4}
# pilotGroups OBJECT IDENTIFIER ::= {pilot 10}
#
# iA5StringSyntax OBJECT IDENTIFIER ::= {pilotAttributeSyntax 4}
# caseIgnoreIA5StringSyntax OBJECT IDENTIFIER ::=
# {pilotAttributeSyntax 5}
#
# -- Standard Object Classes
#
# top OBJECT-CLASS
# MUST CONTAIN {
# objectClass}
# ::= {objectClass 0}
#
#
# alias OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# aliasedObjectName}
# ::= {objectClass 1}
#
#
# country OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# countryName}
# MAY CONTAIN {
# description,
# searchGuide}
# ::= {objectClass 2}
#
#
# locality OBJECT-CLASS
# SUBCLASS OF top
# MAY CONTAIN {
# description,
# localityName,
# stateOrProvinceName,
# searchGuide,
# seeAlso,
# streetAddress}
# ::= {objectClass 3}
#
#
# organization OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# organizationName}
# MAY CONTAIN {
# organizationalAttributeSet}
# ::= {objectClass 4}
#
#
# organizationalUnit OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# organizationalUnitName}
# MAY CONTAIN {
# organizationalAttributeSet}
# ::= {objectClass 5}
#
#
# person OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# commonName,
# surname}
# MAY CONTAIN {
# description,
# seeAlso,
# telephoneNumber,
# userPassword}
# ::= {objectClass 6}
#
#
# organizationalPerson OBJECT-CLASS
# SUBCLASS OF person
# MAY CONTAIN {
# localeAttributeSet,
# organizationalUnitName,
# postalAttributeSet,
# telecommunicationAttributeSet,
# title}
# ::= {objectClass 7}
#
#
# organizationalRole OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# commonName}
# MAY CONTAIN {
# description,
# localeAttributeSet,
# organizationalUnitName,
# postalAttributeSet,
# preferredDeliveryMethod,
# roleOccupant,
# seeAlso,
# telecommunicationAttributeSet}
# ::= {objectClass 8}
#
#
# groupOfNames OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# commonName,
# member}
# MAY CONTAIN {
# description,
# organizationName,
# organizationalUnitName,
# owner,
# seeAlso,
# businessCategory}
# ::= {objectClass 9}
#
#
# residentialPerson OBJECT-CLASS
# SUBCLASS OF person
# MUST CONTAIN {
# localityName}
# MAY CONTAIN {
# localeAttributeSet,
# postalAttributeSet,
# preferredDeliveryMethod,
# telecommunicationAttributeSet,
# businessCategory}
# ::= {objectClass 10}
#
#
# applicationProcess OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# commonName}
# MAY CONTAIN {
# description,
# localityName,
# organizationalUnitName,
# seeAlso}
# ::= {objectClass 11}
#
#
# applicationEntity OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# commonName,
# presentationAddress}
# MAY CONTAIN {
# description,
# localityName,
# organizationName,
# organizationalUnitName,
# seeAlso,
# supportedApplicationContext}
# ::= {objectClass 12}
#
#
# dSA OBJECT-CLASS
# SUBCLASS OF applicationEntity
# MAY CONTAIN {
# knowledgeInformation}
# ::= {objectClass 13}
#
#
# device OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# commonName}
# MAY CONTAIN {
# description,
# localityName,
# organizationName,
# organizationalUnitName,
# owner,
# seeAlso,
# serialNumber}
# ::= {objectClass 14}
#
#
# strongAuthenticationUser OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# userCertificate}
# ::= {objectClass 15}
#
#
# certificationAuthority OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# cACertificate,
# certificateRevocationList,
# authorityRevocationList}
# MAY CONTAIN {
# crossCertificatePair}
# ::= {objectClass 16}
#
# -- Standard MHS Object Classes
#
# mhsDistributionList OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# commonName,
# mhsDLSubmitPermissions,
# mhsORAddresses}
# MAY CONTAIN {
# description,
# organizationName,
# organizationalUnitName,
# owner,
# seeAlso,
# mhsDeliverableContentTypes,
# mhsdeliverableEits,
# mhsDLMembers,
# mhsPreferredDeliveryMethods}
# ::= {mhsObjectClass 0}
#
#
# mhsMessageStore OBJECT-CLASS
# SUBCLASS OF applicationEntity
# MAY CONTAIN {
# description,
# owner,
# mhsSupportedOptionalAttributes,
# mhsSupportedAutomaticActions,
# mhsSupportedContentTypes}
# ::= {mhsObjectClass 1}
#
#
# mhsMessageTransferAgent OBJECT-CLASS
# SUBCLASS OF applicationEntity
# MAY CONTAIN {
# description,
# owner,
# mhsDeliverableContentLength}
# ::= {mhsObjectClass 2}
#
#
# mhsOrganizationalUser OBJECT-CLASS
# SUBCLASS OF organizationalPerson
# MUST CONTAIN {
# mhsORAddresses}
# MAY CONTAIN {
# mhsDeliverableContentLength,
# mhsDeliverableContentTypes,
# mhsDeliverableEits,
# mhsMessageStoreName,
# mhsPreferredDeliveryMethods }
# ::= {mhsObjectClass 3}
#
#
# mhsResidentialUser OBJECT-CLASS
# SUBCLASS OF residentialPerson
# MUST CONTAIN {
# mhsORAddresses}
# MAY CONTAIN {
# mhsDeliverableContentLength,
# mhsDeliverableContentTypes,
# mhsDeliverableEits,
# mhsMessageStoreName,
# mhsPreferredDeliveryMethods }
# ::= {mhsObjectClass 4}
#
#
# mhsUserAgent OBJECT-CLASS
# SUBCLASS OF applicationEntity
# MAY CONTAIN {
# mhsDeliverableContentLength,
# mhsDeliverableContentTypes,
# mhsDeliverableEits,
# mhsORAddresses,
# owner}
# ::= {mhsObjectClass 5}
#
#
#
#
# -- Pilot Object Classes
#
# pilotObject OBJECT-CLASS
# SUBCLASS OF top
# MAY CONTAIN {
# info,
# photo,
# manager,
# uniqueIdentifier,
# lastModifiedTime,
# lastModifiedBy,
# dITRedirect,
# audio}
# ::= {pilotObjectClass 3}
# pilotPerson OBJECT-CLASS
# SUBCLASS OF person
# MAY CONTAIN {
# userid,
# textEncodedORAddress,
# rfc822Mailbox,
# favouriteDrink,
# roomNumber,
# userClass,
# homeTelephoneNumber,
# homePostalAddress,
# secretary,
# personalTitle,
# preferredDeliveryMethod,
# businessCategory,
# janetMailbox,
# otherMailbox,
# mobileTelephoneNumber,
# pagerTelephoneNumber,
# organizationalStatus,
# mailPreferenceOption,
# personalSignature}
# ::= {pilotObjectClass 4}
#
#
# account OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# userid}
# MAY CONTAIN {
# description,
# seeAlso,
# localityName,
# organizationName,
# organizationalUnitName,
# host}
# ::= {pilotObjectClass 5}
#
#
# document OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# documentIdentifier}
# MAY CONTAIN {
# commonName,
# description,
# seeAlso,
# localityName,
# organizationName,
# organizationalUnitName,
# documentTitle,
# documentVersion,
# documentAuthor,
# documentLocation,
# documentPublisher}
# ::= {pilotObjectClass 6}
#
#
# room OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# commonName}
# MAY CONTAIN {
# roomNumber,
# description,
# seeAlso,
# telephoneNumber}
# ::= {pilotObjectClass 7}
#
#
# documentSeries OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# commonName}
# MAY CONTAIN {
# description,
# seeAlso,
# telephoneNumber,
# localityName,
# organizationName,
# organizationalUnitName}
# ::= {pilotObjectClass 9}
#
#
# domain OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# domainComponent}
# MAY CONTAIN {
# associatedName,
# organizationName,
# organizationalAttributeSet}
# ::= {pilotObjectClass 13}
#
#
# rFC822localPart OBJECT-CLASS
# SUBCLASS OF domain
# MAY CONTAIN {
# commonName,
# surname,
# description,
# seeAlso,
# telephoneNumber,
# postalAttributeSet,
# telecommunicationAttributeSet}
# ::= {pilotObjectClass 14}
#
#
# dNSDomain OBJECT-CLASS
# SUBCLASS OF domain
# MAY CONTAIN {
# ARecord,
# MDRecord,
# MXRecord,
# NSRecord,
# SOARecord,
# CNAMERecord}
# ::= {pilotObjectClass 15}
#
#
# domainRelatedObject OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# associatedDomain}
# ::= {pilotObjectClass 17}
#
#
# friendlyCountry OBJECT-CLASS
# SUBCLASS OF country
# MUST CONTAIN {
# friendlyCountryName}
# ::= {pilotObjectClass 18}
#
#
# simpleSecurityObject OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# userPassword }
# ::= {pilotObjectClass 19}
#
#
# pilotOrganization OBJECT-CLASS
# SUBCLASS OF organization, organizationalUnit
# MAY CONTAIN {
# buildingName}
# ::= {pilotObjectClass 20}
#
#
# pilotDSA OBJECT-CLASS
# SUBCLASS OF dsa
# MUST CONTAIN {
# dSAQuality}
# ::= {pilotObjectClass 21}
#
#
# qualityLabelledData OBJECT-CLASS
# SUBCLASS OF top
# MUST CONTAIN {
# dSAQuality}
# MAY CONTAIN {
# subtreeMinimumQuality,
# subtreeMaximumQuality}
# ::= {pilotObjectClass 22}
#
#
#
#
# -- Standard Attribute Types
#
# objectClass ObjectClass
# ::= {attributeType 0}
#
#
# aliasedObjectName AliasedObjectName
# ::= {attributeType 1}
#
#
# knowledgeInformation ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX caseIgnoreString
# ::= {attributeType 2}
#
#
# commonName ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
# (SIZE (1..ub-common-name))
# ::= {attributeType 3}
#
#
# surname ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
# (SIZE (1..ub-surname))
# ::= {attributeType 4}
#
#
# serialNumber ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX printableStringSyntax
# (SIZE (1..ub-serial-number))
# ::= {attributeType 5}
#
#
# countryName ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX PrintableString
# (SIZE (1..ub-country-code))
# SINGLE VALUE
# ::= {attributeType 6}
#
#
# localityName ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
# (SIZE (1..ub-locality-name))
# ::= {attributeType 7}
#
#
# stateOrProvinceName ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
# (SIZE (1..ub-state-name))
# ::= {attributeType 8}
#
#
# streetAddress ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
# (SIZE (1..ub-street-address))
# ::= {attributeType 9}
#
#
# organizationName ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
# (SIZE (1..ub-organization-name))
# ::= {attributeType 10}
#
#
# organizationalUnitName ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
# (SIZE (1..ub-organizational-unit-name))
# ::= {attributeType 11}
#
#
# title ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
# (SIZE (1..ub-title))
# ::= {attributeType 12}
#
#
# description ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
# (SIZE (1..ub-description))
# ::= {attributeType 13}
#
#
# searchGuide ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX Guide
# ::= {attributeType 14}
#
#
# businessCategory ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
# (SIZE (1..ub-business-category))
# ::= {attributeType 15}
#
#
# postalAddress ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX PostalAddress
# MATCHES FOR EQUALITY
# ::= {attributeType 16}
#
#
# postalCode ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
# (SIZE (1..ub-postal-code))
# ::= {attributeType 17}
#
#
# postOfficeBox ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
# (SIZE (1..ub-post-office-box))
# ::= {attributeType 18}
#
#
# physicalDeliveryOfficeName ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax
# (SIZE (1..ub-physical-office-name))
# ::= {attributeType 19}
#
#
# telephoneNumber ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX telephoneNumberSyntax
# (SIZE (1..ub-telephone-number))
# ::= {attributeType 20}
#
#
# telexNumber ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX TelexNumber
# (SIZE (1..ub-telex))
# ::= {attributeType 21}
#
#
# teletexTerminalIdentifier ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX TeletexTerminalIdentifier
# (SIZE (1..ub-teletex-terminal-id))
# ::= {attributeType 22}
#
#
# facsimileTelephoneNumber ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX FacsimileTelephoneNumber
# ::= {attributeType 23}
#
#
# x121Address ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX NumericString
# (SIZE (1..ub-x121-address))
# ::= {attributeType 24}
#
#
# internationaliSDNNumber ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX NumericString
# (SIZE (1..ub-isdn-address))
# ::= {attributeType 25}
#
#
# registeredAddress ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX PostalAddress
# ::= {attributeType 26}
#
#
# destinationIndicator ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX PrintableString
# (SIZE (1..ub-destination-indicator))
# MATCHES FOR EQUALITY SUBSTRINGS
# ::= {attributeType 27}
#
#
# preferredDeliveryMethod ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX deliveryMethod
# ::= {attributeType 28}
#
#
# presentationAddress ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX PresentationAddress
# MATCHES FOR EQUALITY
# ::= {attributeType 29}
#
#
# supportedApplicationContext ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX objectIdentifierSyntax
# ::= {attributeType 30}
#
#
# member ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax
# ::= {attributeType 31}
#
#
# owner ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax
# ::= {attributeType 32}
#
#
# roleOccupant ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax
# ::= {attributeType 33}
#
#
# seeAlso ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax
# ::= {attributeType 34}
#
#
# userPassword ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX Userpassword
# ::= {attributeType 35}
#
#
# userCertificate ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX UserCertificate
# ::= {attributeType 36}
#
#
# cACertificate ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX cACertificate
# ::= {attributeType 37}
#
#
# authorityRevocationList ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX AuthorityRevocationList
# ::= {attributeType 38}
#
#
# certificateRevocationList ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX CertificateRevocationList
# ::= {attributeType 39}
#
#
# crossCertificatePair ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX CrossCertificatePair
# ::= {attributeType 40}
#
#
#
#
# -- Standard MHS Attribute Types
#
# mhsDeliverableContentLength ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX integer
# ::= {mhsAttributeType 0}
#
#
# mhsDeliverableContentTypes ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX oID
# ::= {mhsAttributeType 1}
#
#
# mhsDeliverableEits ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX oID
# ::= {mhsAttributeType 2}
#
#
# mhsDLMembers ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX oRName
# ::= {mhsAttributeType 3}
#
#
# mhsDLSubmitPermissions ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX dLSubmitPermission
# ::= {mhsAttributeType 4}
#
#
# mhsMessageStoreName ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX dN
# ::= {mhsAttributeType 5}
#
#
# mhsORAddresses ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX oRAddress
# ::= {mhsAttributeType 6}
#
#
# mhsPreferredDeliveryMethods ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX deliveryMethod
# ::= {mhsAttributeType 7}
#
#
# mhsSupportedAutomaticActions ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX oID
# ::= {mhsAttributeType 8}
#
#
# mhsSupportedContentTypes ATTRIBUTE
#
# WITH ATTRIBUTE-SYNTAX oID
# ::= {mhsAttributeType 9}
#
#
# mhsSupportedOptionalAttributes ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX oID
# ::= {mhsAttributeType 10}
#
#
#
#
# -- Pilot Attribute Types
#
# userid ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-user-identifier))
# ::= {pilotAttributeType 1}
#
#
# textEncodedORAddress ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-text-encoded-or-address))
# ::= {pilotAttributeType 2}
#
#
# rfc822Mailbox ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreIA5StringSyntax
# (SIZE (1 .. ub-rfc822-mailbox))
# ::= {pilotAttributeType 3}
#
#
# info ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-information))
# ::= {pilotAttributeType 4}
#
#
# favouriteDrink ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-favourite-drink))
# ::= {pilotAttributeType 5}
#
#
# roomNumber ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-room-number))
# ::= {pilotAttributeType 6}
#
#
# photo ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# CHOICE {
# g3-facsimile [3] G3FacsimileBodyPart
# }
# (SIZE (1 .. ub-photo))
# ::= {pilotAttributeType 7}
#
#
# userClass ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-user-class))
# ::= {pilotAttributeType 8}
#
#
# host ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-host))
# ::= {pilotAttributeType 9}
#
#
# manager ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# distinguishedNameSyntax
# ::= {pilotAttributeType 10}
#
#
# documentIdentifier ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-document-identifier))
# ::= {pilotAttributeType 11}
#
#
# documentTitle ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-document-title))
# ::= {pilotAttributeType 12}
#
#
# documentVersion ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-document-version))
# ::= {pilotAttributeType 13}
#
#
# documentAuthor ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# distinguishedNameSyntax
# ::= {pilotAttributeType 14}
#
#
# documentLocation ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-document-location))
# ::= {pilotAttributeType 15}
#
#
# homeTelephoneNumber ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# telephoneNumberSyntax
# ::= {pilotAttributeType 20}
#
#
# secretary ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# distinguishedNameSyntax
# ::= {pilotAttributeType 21}
#
#
# otherMailbox ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# SEQUENCE {
# mailboxType PrintableString, -- e.g. Telemail
# mailbox IA5String -- e.g. X378:Joe
# }
# ::= {pilotAttributeType 22}
#
#
# lastModifiedTime ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# uTCTimeSyntax
# ::= {pilotAttributeType 23}
#
#
# lastModifiedBy ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# distinguishedNameSyntax
# ::= {pilotAttributeType 24}
#
#
# domainComponent ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreIA5StringSyntax
# SINGLE VALUE
# ::= {pilotAttributeType 25}
#
#
# aRecord ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# DNSRecordSyntax
# ::= {pilotAttributeType 26}
#
#
# mXRecord ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# DNSRecordSyntax
# ::= {pilotAttributeType 28}
#
#
# nSRecord ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# DNSRecordSyntax
# ::= {pilotAttributeType 29}
#
# sOARecord ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# DNSRecordSyntax
# ::= {pilotAttributeType 30}
#
#
# cNAMERecord ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# iA5StringSyntax
# ::= {pilotAttributeType 31}
#
#
# associatedDomain ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreIA5StringSyntax
# ::= {pilotAttributeType 37}
#
#
# associatedName ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# distinguishedNameSyntax
# ::= {pilotAttributeType 38}
#
#
# homePostalAddress ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# postalAddress
# MATCHES FOR EQUALITY
# ::= {pilotAttributeType 39}
#
#
# personalTitle ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-personal-title))
# ::= {pilotAttributeType 40}
#
#
# mobileTelephoneNumber ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# telephoneNumberSyntax
# ::= {pilotAttributeType 41}
#
#
# pagerTelephoneNumber ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# telephoneNumberSyntax
# ::= {pilotAttributeType 42}
#
#
# friendlyCountryName ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# ::= {pilotAttributeType 43}
#
#
# uniqueIdentifier ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-unique-identifier))
# ::= {pilotAttributeType 44}
#
#
# organizationalStatus ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-organizational-status))
# ::= {pilotAttributeType 45}
#
#
# janetMailbox ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreIA5StringSyntax
# (SIZE (1 .. ub-janet-mailbox))
# ::= {pilotAttributeType 46}
#
#
# mailPreferenceOption ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX ENUMERATED {
# no-list-inclusion(0),
# any-list-inclusion(1), -- may be added to any lists
# professional-list-inclusion(2)
# -- may be added to lists
# -- which the list provider
# -- views as related to the
# -- users professional inter-
# -- ests, perhaps evaluated
# -- from the business of the
# -- organisation or keywords
# -- in the entry.
# }
# ::= {pilotAttributeType 47}
#
#
# buildingName ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# caseIgnoreStringSyntax
# (SIZE (1 .. ub-building-name))
# ::= {pilotAttributeType 48}
#
#
# dSAQuality ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX DSAQualitySyntax
# SINGLE VALUE
# ::= {pilotAttributeType 49}
#
#
# singleLevelQuality ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX DataQualitySyntax
# SINGLE VALUE
#
#
# subtreeMinimumQuality ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX DataQualitySyntax
# SINGLE VALUE
# -- Defaults to singleLevelQuality
# ::= {pilotAttributeType 51}
#
#
# subtreeMaximumQuality ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX DataQualitySyntax
# SINGLE VALUE
# -- Defaults to singleLevelQuality
# ::= {pilotAttributeType 52}
#
#
# personalSignature ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# CHOICE {
# g3-facsimile [3] G3FacsimileBodyPart
# }
# (SIZE (1 .. ub-personal-signature))
# ::= {pilotAttributeType 53}
#
#
# dITRedirect ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# distinguishedNameSyntax
# ::= {pilotAttributeType 54}
#
#
# audio ATTRIBUTE
# WITH ATTRIBUTE-SYNTAX
# Audio
# (SIZE (1 .. ub-audio))
# ::= {pilotAttributeType 55}
#
# documentPublisher ATTRIBUTE
# WITH ATTRIBUTE SYNTAX caseIgnoreStringSyntax
# ::= {pilotAttributeType 56}
#
#
#
# -- Generally useful syntaxes
#
#
# caseIgnoreIA5StringSyntax ATTRIBUTE-SYNTAX
# IA5String
# MATCHES FOR EQUALITY SUBSTRINGS
#
#
# iA5StringSyntax ATTRIBUTE-SYNTAX
# IA5String
# MATCHES FOR EQUALITY SUBSTRINGS
#
#
# -- Syntaxes to support the DNS attributes
#
# DNSRecordSyntax ATTRIBUTE-SYNTAX
# IA5String
# MATCHES FOR EQUALITY
#
#
# NRSInformationSyntax ATTRIBUTE-SYNTAX
# NRSInformation
# MATCHES FOR EQUALITY
#
#
# NRSInformation ::= SET {
# [0] Context,
# [1] Address-space-id,
# routes [2] SEQUENCE OF SEQUENCE {
# Route-cost,
# Addressing-info }
# }
#
#
# -- Upper bounds on length of attribute values
#
#
# ub-document-identifier INTEGER ::= 256
#
# ub-document-location INTEGER ::= 256
#
# ub-document-title INTEGER ::= 256
#
# ub-document-version INTEGER ::= 256
#
# ub-favourite-drink INTEGER ::= 256
#
# ub-host INTEGER ::= 256
#
# ub-information INTEGER ::= 2048
#
# ub-unique-identifier INTEGER ::= 256
#
# ub-personal-title INTEGER ::= 256
#
# ub-photo INTEGER ::= 250000
#
# ub-rfc822-mailbox INTEGER ::= 256
#
# ub-room-number INTEGER ::= 256
#
# ub-text-or-address INTEGER ::= 256
#
# ub-user-class INTEGER ::= 256
#
# ub-user-identifier INTEGER ::= 256
#
# ub-organizational-status INTEGER ::= 256
#
# ub-janet-mailbox INTEGER ::= 256
#
# ub-building-name INTEGER ::= 256
#
# ub-personal-signature ::= 50000
#
# ub-audio INTEGER ::= 250000
#
# [remainder of memo trimmed]
# inetorgperson.schema -- InetOrgPerson (RFC2798)
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2016 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
#
# InetOrgPerson (RFC2798)
#
# Depends upon
# Definition of an X.500 Attribute Type and an Object Class to Hold
# Uniform Resource Identifiers (URIs) [RFC2079]
# (core.schema)
#
# A Summary of the X.500(96) User Schema for use with LDAPv3 [RFC2256]
# (core.schema)
#
# The COSINE and Internet X.500 Schema [RFC1274] (cosine.schema)
# carLicense
# This multivalued field is used to record the values of the license or
# registration plate associated with an individual.
attributetype ( 2.16.840.1.113730.3.1.1
NAME 'carLicense'
DESC 'RFC2798: vehicle license or registration plate'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
# departmentNumber
# Code for department to which a person belongs. This can also be
# strictly numeric (e.g., 1234) or alphanumeric (e.g., ABC/123).
attributetype ( 2.16.840.1.113730.3.1.2
NAME 'departmentNumber'
DESC 'RFC2798: identifies a department within an organization'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
# displayName
# When displaying an entry, especially within a one-line summary list, it
# is useful to be able to identify a name to be used. Since other attri-
# bute types such as 'cn' are multivalued, an additional attribute type is
# needed. Display name is defined for this purpose.
attributetype ( 2.16.840.1.113730.3.1.241
NAME 'displayName'
DESC 'RFC2798: preferred name to be used when displaying entries'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
# employeeNumber
# Numeric or alphanumeric identifier assigned to a person, typically based
# on order of hire or association with an organization. Single valued.
attributetype ( 2.16.840.1.113730.3.1.3
NAME 'employeeNumber'
DESC 'RFC2798: numerically identifies an employee within an organization'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
# employeeType
# Used to identify the employer to employee relationship. Typical values
# used will be "Contractor", "Employee", "Intern", "Temp", "External", and
# "Unknown" but any value may be used.
attributetype ( 2.16.840.1.113730.3.1.4
NAME 'employeeType'
DESC 'RFC2798: type of employment for a person'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
# jpegPhoto
# Used to store one or more images of a person using the JPEG File
# Interchange Format [JFIF].
# Note that the jpegPhoto attribute type was defined for use in the
# Internet X.500 pilots but no referencable definition for it could be
# located.
attributetype ( 0.9.2342.19200300.100.1.60
NAME 'jpegPhoto'
DESC 'RFC2798: a JPEG image'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 )
# preferredLanguage
# Used to indicate an individual's preferred written or spoken
# language. This is useful for international correspondence or human-
# computer interaction. Values for this attribute type MUST conform to
# the definition of the Accept-Language header field defined in
# [RFC2068] with one exception: the sequence "Accept-Language" ":"
# should be omitted. This is a single valued attribute type.
attributetype ( 2.16.840.1.113730.3.1.39
NAME 'preferredLanguage'
DESC 'RFC2798: preferred written or spoken language for a person'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
# userSMIMECertificate
# A PKCS#7 [RFC2315] SignedData, where the content that is signed is
# ignored by consumers of userSMIMECertificate values. It is
# recommended that values have a `contentType' of data with an absent
# `content' field. Values of this attribute contain a person's entire
# certificate chain and an smimeCapabilities field [RFC2633] that at a
# minimum describes their SMIME algorithm capabilities. Values for
# this attribute are to be stored and requested in binary form, as
# 'userSMIMECertificate;binary'. If available, this attribute is
# preferred over the userCertificate attribute for S/MIME applications.
## OpenLDAP note: ";binary" transfer should NOT be used as syntax is binary
attributetype ( 2.16.840.1.113730.3.1.40
NAME 'userSMIMECertificate'
DESC 'RFC2798: PKCS#7 SignedData used to support S/MIME'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
# userPKCS12
# PKCS #12 [PKCS12] provides a format for exchange of personal identity
# information. When such information is stored in a directory service,
# the userPKCS12 attribute should be used. This attribute is to be stored
# and requested in binary form, as 'userPKCS12;binary'. The attribute
# values are PFX PDUs stored as binary data.
## OpenLDAP note: ";binary" transfer should NOT be used as syntax is binary
attributetype ( 2.16.840.1.113730.3.1.216
NAME 'userPKCS12'
DESC 'RFC2798: personal identity information, a PKCS #12 PFX'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
# inetOrgPerson
# The inetOrgPerson represents people who are associated with an
# organization in some way. It is a structural class and is derived
# from the organizationalPerson which is defined in X.521 [X521].
objectclass ( 2.16.840.1.113730.3.2.2
NAME 'inetOrgPerson'
DESC 'RFC2798: Internet Organizational Person'
SUP organizationalPerson
STRUCTURAL
MAY (
audio $ businessCategory $ carLicense $ departmentNumber $
displayName $ employeeNumber $ employeeType $ givenName $
homePhone $ homePostalAddress $ initials $ jpegPhoto $
labeledURI $ mail $ manager $ mobile $ o $ pager $
photo $ roomNumber $ secretary $ uid $ userCertificate $
x500uniqueIdentifier $ preferredLanguage $
userSMIMECertificate $ userPKCS12 )
)
# misc.schema -- assorted schema definitions
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2016 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
#
# Assorted definitions from several sources, including
# ''works in progress''. Contents of this file are
# subject to change (including deletion) without notice.
#
# Not recommended for production use!
# Use with extreme caution!
#-----------------------------------------------------------
# draft-lachman-laser-ldap-mail-routing-02.txt !!!EXPIRED!!!
# (a work in progress)
#
attributetype ( 2.16.840.1.113730.3.1.13
NAME 'mailLocalAddress'
DESC 'RFC822 email address of this recipient'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
attributetype ( 2.16.840.1.113730.3.1.18
NAME 'mailHost'
DESC 'FQDN of the SMTP/MTA of this recipient'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
SINGLE-VALUE )
attributetype ( 2.16.840.1.113730.3.1.47
NAME 'mailRoutingAddress'
DESC 'RFC822 routing address of this recipient'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
SINGLE-VALUE )
# I-D leaves this OID TBD.
# iPlanet uses 2.16.840.1.113.730.3.2.147 but that is an
# improperly delegated OID. A typo is likely.
objectclass ( 2.16.840.1.113730.3.2.147
NAME 'inetLocalMailRecipient'
DESC 'Internet local mail recipient'
SUP top AUXILIARY
MAY ( mailLocalAddress $ mailHost $ mailRoutingAddress ) )
#-----------------------------------------------------------
# draft-srivastava-ldap-mail-00.txt !!!EXPIRED!!!
# (a work in progress)
#
attributetype ( 1.3.6.1.4.1.42.2.27.2.1.15
NAME 'rfc822MailMember'
DESC 'rfc822 mail address of group member(s)'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
#-----------------------------------------------------------
# !!!no I-D!!!
# (a work in progress)
#
objectclass ( 1.3.6.1.4.1.42.2.27.1.2.5
NAME 'nisMailAlias'
DESC 'NIS mail alias'
SUP top STRUCTURAL
MUST cn
MAY rfc822MailMember )
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2016 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
# Definitions from RFC2307 (Experimental)
# An Approach for Using LDAP as a Network Information Service
# Depends upon core.schema and cosine.schema
# Note: The definitions in RFC2307 are given in syntaxes closely related
# to those in RFC2252, however, some liberties are taken that are not
# supported by RFC2252. This file has been written following RFC2252
# strictly.
# OID Base is iso(1) org(3) dod(6) internet(1) directory(1) nisSchema(1).
# i.e. nisSchema in RFC2307 is 1.3.6.1.1.1
#
# Syntaxes are under 1.3.6.1.1.1.0 (two new syntaxes are defined)
# validaters for these syntaxes are incomplete, they only
# implement printable string validation (which is good as the
# common use of these syntaxes violates the specification).
# Attribute types are under 1.3.6.1.1.1.1
# Object classes are under 1.3.6.1.1.1.2
# Attribute Type Definitions
# builtin
#attributetype ( 1.3.6.1.1.1.1.0 NAME 'uidNumber'
# DESC 'An integer uniquely identifying a user in an administrative domain'
# EQUALITY integerMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
# builtin
#attributetype ( 1.3.6.1.1.1.1.1 NAME 'gidNumber'
# DESC 'An integer uniquely identifying a group in an administrative domain'
# EQUALITY integerMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.2 NAME 'gecos'
DESC 'The GECOS field; the common name'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory'
DESC 'The absolute path to the home directory'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.4 NAME 'loginShell'
DESC 'The path to the login shell'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.6 NAME 'shadowMin'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.7 NAME 'shadowMax'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.12 NAME 'memberUid'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple'
DESC 'Netgroup triple'
SYNTAX 1.3.6.1.1.1.0.0 )
attributetype ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol'
SUP name )
attributetype ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber'
DESC 'IP address'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
attributetype ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber'
DESC 'IP network'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber'
DESC 'IP netmask'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.22 NAME 'macAddress'
DESC 'MAC address'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
attributetype ( 1.3.6.1.1.1.1.23 NAME 'bootParameter'
DESC 'rpc.bootparamd parameter'
SYNTAX 1.3.6.1.1.1.0.1 )
attributetype ( 1.3.6.1.1.1.1.24 NAME 'bootFile'
DESC 'Boot image name'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.1.1.1.26 NAME 'nisMapName'
SUP name )
attributetype ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1024} SINGLE-VALUE )
# Object Class Definitions
objectclass ( 1.3.6.1.1.1.2.0 NAME 'posixAccount'
DESC 'Abstraction of an account with POSIX attributes'
SUP top AUXILIARY
MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory )
MAY ( userPassword $ loginShell $ gecos $ description ) )
objectclass ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount'
DESC 'Additional attributes for shadow passwords'
SUP top AUXILIARY
MUST uid
MAY ( userPassword $ shadowLastChange $ shadowMin $
shadowMax $ shadowWarning $ shadowInactive $
shadowExpire $ shadowFlag $ description ) )
objectclass ( 1.3.6.1.1.1.2.2 NAME 'posixGroup'
DESC 'Abstraction of a group of accounts'
SUP top STRUCTURAL
MUST ( cn $ gidNumber )
MAY ( userPassword $ memberUid $ description ) )
objectclass ( 1.3.6.1.1.1.2.3 NAME 'ipService'
DESC 'Abstraction an Internet Protocol service'
SUP top STRUCTURAL
MUST ( cn $ ipServicePort $ ipServiceProtocol )
MAY ( description ) )
objectclass ( 1.3.6.1.1.1.2.4 NAME 'ipProtocol'
DESC 'Abstraction of an IP protocol'
SUP top STRUCTURAL
MUST ( cn $ ipProtocolNumber $ description )
MAY description )
objectclass ( 1.3.6.1.1.1.2.5 NAME 'oncRpc'
DESC 'Abstraction of an ONC/RPC binding'
SUP top STRUCTURAL
MUST ( cn $ oncRpcNumber $ description )
MAY description )
objectclass ( 1.3.6.1.1.1.2.6 NAME 'ipHost'
DESC 'Abstraction of a host, an IP device'
SUP top AUXILIARY
MUST ( cn $ ipHostNumber )
MAY ( l $ description $ manager ) )
objectclass ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork'
DESC 'Abstraction of an IP network'
SUP top STRUCTURAL
MUST ( cn $ ipNetworkNumber )
MAY ( ipNetmaskNumber $ l $ description $ manager ) )
objectclass ( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup'
DESC 'Abstraction of a netgroup'
SUP top STRUCTURAL
MUST cn
MAY ( nisNetgroupTriple $ memberNisNetgroup $ description ) )
objectclass ( 1.3.6.1.1.1.2.9 NAME 'nisMap'
DESC 'A generic abstraction of a NIS map'
SUP top STRUCTURAL
MUST nisMapName
MAY description )
objectclass ( 1.3.6.1.1.1.2.10 NAME 'nisObject'
DESC 'An entry in a NIS map'
SUP top STRUCTURAL
MUST ( cn $ nisMapEntry $ nisMapName )
MAY description )
objectclass ( 1.3.6.1.1.1.2.11 NAME 'ieee802Device'
DESC 'A device with a MAC address'
SUP top AUXILIARY
MAY macAddress )
objectclass ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice'
DESC 'A device with boot parameters'
SUP top AUXILIARY
MAY ( bootFile $ bootParameter ) )
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2016 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
#
# OpenLDAP Project's directory schema items
#
# depends upon:
# core.schema
# cosine.schema
# inetorgperson.schema
#
# These are provided for informational purposes only.
objectIdentifier OpenLDAProot 1.3.6.1.4.1.4203
objectIdentifier OpenLDAP OpenLDAProot:1
objectIdentifier OpenLDAPattributeType OpenLDAP:3
objectIdentifier OpenLDAPobjectClass OpenLDAP:4
objectClass ( OpenLDAPobjectClass:3
NAME 'OpenLDAPorg'
DESC 'OpenLDAP Organizational Object'
SUP organization
MAY ( buildingName $ displayName $ labeledURI ) )
objectClass ( OpenLDAPobjectClass:4
NAME 'OpenLDAPou'
DESC 'OpenLDAP Organizational Unit Object'
SUP organizationalUnit
MAY ( buildingName $ displayName $ labeledURI $ o ) )
objectClass ( OpenLDAPobjectClass:5
NAME 'OpenLDAPperson'
DESC 'OpenLDAP Person'
SUP ( pilotPerson $ inetOrgPerson )
MUST ( uid $ cn )
MAY ( givenName $ labeledURI $ o ) )
objectClass ( OpenLDAPobjectClass:6
NAME 'OpenLDAPdisplayableObject'
DESC 'OpenLDAP Displayable Object'
AUXILIARY
MAY displayName )
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment