├── .gitignore ├── .vim-template:.py ├── .travis.yml ├── setup.py ├── indicium └── ldap │ ├── __init__.py │ ├── testdata │ ├── inetorgperson.schema │ ├── nis.schema │ ├── core.schema │ └── cosine.schema │ └── test.py └── README.rst /.gitignore: -------------------------------------------------------------------------------- 1 | /doc/_build/ 2 | __pycache__/ 3 | /.coverage 4 | *.egg-info/ 5 | *.py[cod] 6 | .*.sw[op] 7 | -------------------------------------------------------------------------------- /.vim-template:.py: -------------------------------------------------------------------------------- 1 | #! /usr/bin/env python 2 | # -*- coding: utf-8 -*- 3 | # vim:fenc=utf-8 4 | # 5 | # Copyright © %YEAR% Igalia S.L. 6 | # 7 | # Distributed under terms of the GPLv3 or, at your option, 8 | # under the terms of the Apache 2.0 license. 9 | 10 | """ 11 | %HERE% 12 | """ 13 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | sudo: false 2 | addons: 3 | apt: 4 | packages: 5 | - slapd 6 | language: python 7 | python: 8 | - "3.4" 9 | - "3.5" 10 | install: 11 | - pip install coverage coveralls 12 | script: 13 | - coverage run --source indicium --omit='indicium/ldap/test.py' setup.py test 14 | - coverage report -m 15 | after_success: coveralls 16 | -------------------------------------------------------------------------------- /setup.py: -------------------------------------------------------------------------------- 1 | #! /usr/bin/env python 2 | # -*- coding: utf-8 -*- 3 | # vim:fenc=utf-8 4 | # 5 | # Copyright © 2016 Igalia S.L. 6 | # 7 | # Distributed under terms of the GPLv3 or, at your option, 8 | # under the terms of the Apache 2.0 license. 9 | 10 | from setuptools import setup 11 | 12 | if __name__ == "__main__": 13 | setup( 14 | name="indicium-ldap", 15 | version="0.1.0a0", 16 | description="Generic key-value interface to a LDAP directory", 17 | author="Adrián Pérez de Castro", 18 | author_email="aperez@igalia.com", 19 | url="https://github.com/aperezdc/indicium-ldap", 20 | license=["GPLv3", "Apache-2.0"], 21 | packages=["indicium.ldap"], 22 | install_requires=[ 23 | "ldap3>=1.0.3", 24 | "indicium>=0.1.0a2", 25 | ], 26 | classifiers=[ 27 | "Development Status :: 3 - Alpha", 28 | "Intended Audience :: Developers", 29 | "Natural Language :: English", 30 | "Programming Language :: Python :: 3.4", 31 | "Programming Language :: Python :: 3.5", 32 | "Programming Language :: Python", 33 | "Operating System :: OS Independent", 34 | "License :: OSI Approved :: GNU General Public License v3 (GPLv3)", 35 | "License :: OSI Approved :: Apache Software License", 36 | ], 37 | test_suite="indicium.ldap.test", 38 | ) 39 | -------------------------------------------------------------------------------- /indicium/ldap/__init__.py: -------------------------------------------------------------------------------- 1 | #! /usr/bin/env python 2 | # -*- coding: utf-8 -*- 3 | # vim:fenc=utf-8 4 | # 5 | # Copyright © 2016 Igalia S.L. 6 | # 7 | # Distributed under terms of the GPLv3 or, at your option, 8 | # under the terms of the Apache 2.0 license. 9 | 10 | from .. import base 11 | import ldap3 12 | 13 | 14 | def _key_to_dn(key): 15 | from ..key import split 16 | return ",".join(reversed(split(key))) 17 | 18 | 19 | class LDAPStore(base.Store): 20 | __slots__ = ("_conn",) 21 | 22 | def __init__(self, uri=None, connection=None, *arg, **kw): 23 | self._conn = None 24 | if connection is None: 25 | kw["raise_exceptions"] = False 26 | connection = ldap3.Connection(uri, *arg, **kw) 27 | self._conn = connection 28 | 29 | def __del__(self): 30 | if self._conn: 31 | self._conn.unbind() 32 | self._conn = None 33 | 34 | @property 35 | def connection(self): 36 | return self._conn 37 | 38 | def get(self, key): 39 | if self._conn.search(_key_to_dn(key), "(objectClass=*)", 40 | search_scope=ldap3.BASE, attributes=ldap3.ALL_ATTRIBUTES): 41 | # TODO: Handle responses with more than a single result 42 | return self._conn.response[0]["attributes"] 43 | return None 44 | 45 | def put(self, key, value): 46 | dn = _key_to_dn(key) 47 | if self._conn.search(dn, "(objectClass=*)", search_scope=ldap3.BASE): 48 | changes = {} 49 | for k, v in value.items(): 50 | changes[k] = [(ldap3.MODIFY_REPLACE, v)] 51 | if not self._conn.modify(dn, changes): 52 | raise ValueError("{!r}: {!s}".format(key, 53 | self._conn.result)) 54 | elif "objectClass" in value: 55 | object_class = value["objectClass"] 56 | if not self._conn.add(dn, object_class, value): 57 | raise ValueError("{!r}: {!s}".format(key, 58 | self._conn.result)) 59 | else: 60 | raise ValueError("{!r}: no objectClass".format(key)) 61 | 62 | def delete(self, key): 63 | self._conn.delete(_key_to_dn(key)) 64 | 65 | def contains(self, key): 66 | # No need to retrieve any attributes 67 | if self._conn.search(_key_to_dn(key), "(objectClass=*)", 68 | search_scope=ldap3.BASE): 69 | return True 70 | return False 71 | 72 | def query(self, pattern, limit=None, offset=0): 73 | raise NotImplementedError 74 | -------------------------------------------------------------------------------- /README.rst: -------------------------------------------------------------------------------- 1 | ===================== 2 | Indicium LDAP Store 3 | ===================== 4 | 5 | .. image:: https://img.shields.io/travis/aperezdc/indicium-ldap.svg?style=flat 6 | :target: https://travis-ci.org/aperezdc/indicium-ldap 7 | :alt: Build Status 8 | 9 | .. image:: https://img.shields.io/coveralls/aperezdc/indicium-ldap/master.svg?style=flat 10 | :target: https://coveralls.io/r/aperezdc/indicium-ldap?branch=master 11 | :alt: Code Coverage 12 | 13 | A LDAP-backed key-value store backend for `Indicium 14 | `_. 15 | 16 | 17 | Usage 18 | ===== 19 | 20 | .. code-block:: python 21 | 22 | # Instantiate and write some data. 23 | from indicium.ldap import LDAPStore 24 | store = LDAPStore("ldap://localhost") 25 | store.put("/dc=org/dc=test", { "dc": "test", "o": "My organization", 26 | "objectClass": ["top", "dcObject", "organization"] }) 27 | 28 | # Read the data back. 29 | org = store.get("/dc=org/dc=test") 30 | 31 | # Using the DN directly is also possible. 32 | assert org == store.get("/dc=test,dc=org") 33 | 34 | Note that a directory service accessed using LDAP is supposed to have a 35 | certain structure, so depending on the schema and structure used by the 36 | directory server, and therefore the set of useable keys (and whether they are 37 | writeable or not) will vary. In particular: 38 | 39 | * Path components of keys are mapped to the DN components of the LDAP 40 | entities, in reversed order. 41 | 42 | * When using ``.put()`` is is *mandatory* to specify an ``objectClass`` 43 | attribute. Note that when writing to existing objects *it is possible* 44 | to specify a different ``objectClass`` value to mutate the object, but this 45 | is discouraged and may not work with some directory servers—it may be needed 46 | to ``.delete()`` the entity first. 47 | 48 | * Using ``.put()`` to modify an existing object uses ``MODIFY_REPLACE`` 49 | change operations, which means that values of attributes *will be replaced*, 50 | or *added*, but never removed. For now the only way of deleting entity 51 | attributes is to ``.delete()`` the entity first, and then re-create it. 52 | 53 | 54 | Installation 55 | ============ 56 | 57 | All stable releases are uploaded to `PyPI `_, so you 58 | can install them and upgrade using ``pip``:: 59 | 60 | pip install indicium-ldap 61 | 62 | Alternatively, you can install the latest development code —at your own risk— 63 | directly from the Git repository:: 64 | 65 | pip install git://github.com/aperezdc/indicium-ldap 66 | 67 | 68 | Development 69 | =========== 70 | 71 | If you want to contribute, please use the usual GitHub workflow: 72 | 73 | 1. Clone the repository. 74 | 2. Hack on your clone. 75 | 3. Send a pull request for review. 76 | 77 | If you do not have programming skills, you can still contribute by `reporting 78 | issues `__ that you may 79 | encounter. Contributions to the documentation are very welcome, too! 80 | -------------------------------------------------------------------------------- /indicium/ldap/testdata/inetorgperson.schema: -------------------------------------------------------------------------------- 1 | # inetorgperson.schema -- InetOrgPerson (RFC2798) 2 | # $OpenLDAP$ 3 | ## This work is part of OpenLDAP Software . 4 | ## 5 | ## Copyright 1998-2016 The OpenLDAP Foundation. 6 | ## All rights reserved. 7 | ## 8 | ## Redistribution and use in source and binary forms, with or without 9 | ## modification, are permitted only as authorized by the OpenLDAP 10 | ## Public License. 11 | ## 12 | ## A copy of this license is available in the file LICENSE in the 13 | ## top-level directory of the distribution or, alternatively, at 14 | ## . 15 | # 16 | # InetOrgPerson (RFC2798) 17 | # 18 | # Depends upon 19 | # Definition of an X.500 Attribute Type and an Object Class to Hold 20 | # Uniform Resource Identifiers (URIs) [RFC2079] 21 | # (core.schema) 22 | # 23 | # A Summary of the X.500(96) User Schema for use with LDAPv3 [RFC2256] 24 | # (core.schema) 25 | # 26 | # The COSINE and Internet X.500 Schema [RFC1274] (cosine.schema) 27 | 28 | # carLicense 29 | # This multivalued field is used to record the values of the license or 30 | # registration plate associated with an individual. 31 | attributetype ( 2.16.840.1.113730.3.1.1 32 | NAME 'carLicense' 33 | DESC 'RFC2798: vehicle license or registration plate' 34 | EQUALITY caseIgnoreMatch 35 | SUBSTR caseIgnoreSubstringsMatch 36 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 37 | 38 | # departmentNumber 39 | # Code for department to which a person belongs. This can also be 40 | # strictly numeric (e.g., 1234) or alphanumeric (e.g., ABC/123). 41 | attributetype ( 2.16.840.1.113730.3.1.2 42 | NAME 'departmentNumber' 43 | DESC 'RFC2798: identifies a department within an organization' 44 | EQUALITY caseIgnoreMatch 45 | SUBSTR caseIgnoreSubstringsMatch 46 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 47 | 48 | # displayName 49 | # When displaying an entry, especially within a one-line summary list, it 50 | # is useful to be able to identify a name to be used. Since other attri- 51 | # bute types such as 'cn' are multivalued, an additional attribute type is 52 | # needed. Display name is defined for this purpose. 53 | attributetype ( 2.16.840.1.113730.3.1.241 54 | NAME 'displayName' 55 | DESC 'RFC2798: preferred name to be used when displaying entries' 56 | EQUALITY caseIgnoreMatch 57 | SUBSTR caseIgnoreSubstringsMatch 58 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 59 | SINGLE-VALUE ) 60 | 61 | # employeeNumber 62 | # Numeric or alphanumeric identifier assigned to a person, typically based 63 | # on order of hire or association with an organization. Single valued. 64 | attributetype ( 2.16.840.1.113730.3.1.3 65 | NAME 'employeeNumber' 66 | DESC 'RFC2798: numerically identifies an employee within an organization' 67 | EQUALITY caseIgnoreMatch 68 | SUBSTR caseIgnoreSubstringsMatch 69 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 70 | SINGLE-VALUE ) 71 | 72 | # employeeType 73 | # Used to identify the employer to employee relationship. Typical values 74 | # used will be "Contractor", "Employee", "Intern", "Temp", "External", and 75 | # "Unknown" but any value may be used. 76 | attributetype ( 2.16.840.1.113730.3.1.4 77 | NAME 'employeeType' 78 | DESC 'RFC2798: type of employment for a person' 79 | EQUALITY caseIgnoreMatch 80 | SUBSTR caseIgnoreSubstringsMatch 81 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 82 | 83 | # jpegPhoto 84 | # Used to store one or more images of a person using the JPEG File 85 | # Interchange Format [JFIF]. 86 | # Note that the jpegPhoto attribute type was defined for use in the 87 | # Internet X.500 pilots but no referencable definition for it could be 88 | # located. 89 | attributetype ( 0.9.2342.19200300.100.1.60 90 | NAME 'jpegPhoto' 91 | DESC 'RFC2798: a JPEG image' 92 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 ) 93 | 94 | # preferredLanguage 95 | # Used to indicate an individual's preferred written or spoken 96 | # language. This is useful for international correspondence or human- 97 | # computer interaction. Values for this attribute type MUST conform to 98 | # the definition of the Accept-Language header field defined in 99 | # [RFC2068] with one exception: the sequence "Accept-Language" ":" 100 | # should be omitted. This is a single valued attribute type. 101 | attributetype ( 2.16.840.1.113730.3.1.39 102 | NAME 'preferredLanguage' 103 | DESC 'RFC2798: preferred written or spoken language for a person' 104 | EQUALITY caseIgnoreMatch 105 | SUBSTR caseIgnoreSubstringsMatch 106 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 107 | SINGLE-VALUE ) 108 | 109 | # userSMIMECertificate 110 | # A PKCS#7 [RFC2315] SignedData, where the content that is signed is 111 | # ignored by consumers of userSMIMECertificate values. It is 112 | # recommended that values have a `contentType' of data with an absent 113 | # `content' field. Values of this attribute contain a person's entire 114 | # certificate chain and an smimeCapabilities field [RFC2633] that at a 115 | # minimum describes their SMIME algorithm capabilities. Values for 116 | # this attribute are to be stored and requested in binary form, as 117 | # 'userSMIMECertificate;binary'. If available, this attribute is 118 | # preferred over the userCertificate attribute for S/MIME applications. 119 | ## OpenLDAP note: ";binary" transfer should NOT be used as syntax is binary 120 | attributetype ( 2.16.840.1.113730.3.1.40 121 | NAME 'userSMIMECertificate' 122 | DESC 'RFC2798: PKCS#7 SignedData used to support S/MIME' 123 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ) 124 | 125 | # userPKCS12 126 | # PKCS #12 [PKCS12] provides a format for exchange of personal identity 127 | # information. When such information is stored in a directory service, 128 | # the userPKCS12 attribute should be used. This attribute is to be stored 129 | # and requested in binary form, as 'userPKCS12;binary'. The attribute 130 | # values are PFX PDUs stored as binary data. 131 | ## OpenLDAP note: ";binary" transfer should NOT be used as syntax is binary 132 | attributetype ( 2.16.840.1.113730.3.1.216 133 | NAME 'userPKCS12' 134 | DESC 'RFC2798: personal identity information, a PKCS #12 PFX' 135 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ) 136 | 137 | 138 | # inetOrgPerson 139 | # The inetOrgPerson represents people who are associated with an 140 | # organization in some way. It is a structural class and is derived 141 | # from the organizationalPerson which is defined in X.521 [X521]. 142 | objectclass ( 2.16.840.1.113730.3.2.2 143 | NAME 'inetOrgPerson' 144 | DESC 'RFC2798: Internet Organizational Person' 145 | SUP organizationalPerson 146 | STRUCTURAL 147 | MAY ( 148 | audio $ businessCategory $ carLicense $ departmentNumber $ 149 | displayName $ employeeNumber $ employeeType $ givenName $ 150 | homePhone $ homePostalAddress $ initials $ jpegPhoto $ 151 | labeledURI $ mail $ manager $ mobile $ o $ pager $ 152 | photo $ roomNumber $ secretary $ uid $ userCertificate $ 153 | x500uniqueIdentifier $ preferredLanguage $ 154 | userSMIMECertificate $ userPKCS12 ) 155 | ) 156 | -------------------------------------------------------------------------------- /indicium/ldap/testdata/nis.schema: -------------------------------------------------------------------------------- 1 | # $OpenLDAP$ 2 | ## This work is part of OpenLDAP Software . 3 | ## 4 | ## Copyright 1998-2016 The OpenLDAP Foundation. 5 | ## All rights reserved. 6 | ## 7 | ## Redistribution and use in source and binary forms, with or without 8 | ## modification, are permitted only as authorized by the OpenLDAP 9 | ## Public License. 10 | ## 11 | ## A copy of this license is available in the file LICENSE in the 12 | ## top-level directory of the distribution or, alternatively, at 13 | ## . 14 | 15 | # Definitions from RFC2307 (Experimental) 16 | # An Approach for Using LDAP as a Network Information Service 17 | 18 | # Depends upon core.schema and cosine.schema 19 | 20 | # Note: The definitions in RFC2307 are given in syntaxes closely related 21 | # to those in RFC2252, however, some liberties are taken that are not 22 | # supported by RFC2252. This file has been written following RFC2252 23 | # strictly. 24 | 25 | # OID Base is iso(1) org(3) dod(6) internet(1) directory(1) nisSchema(1). 26 | # i.e. nisSchema in RFC2307 is 1.3.6.1.1.1 27 | # 28 | # Syntaxes are under 1.3.6.1.1.1.0 (two new syntaxes are defined) 29 | # validaters for these syntaxes are incomplete, they only 30 | # implement printable string validation (which is good as the 31 | # common use of these syntaxes violates the specification). 32 | # Attribute types are under 1.3.6.1.1.1.1 33 | # Object classes are under 1.3.6.1.1.1.2 34 | 35 | # Attribute Type Definitions 36 | 37 | # builtin 38 | #attributetype ( 1.3.6.1.1.1.1.0 NAME 'uidNumber' 39 | # DESC 'An integer uniquely identifying a user in an administrative domain' 40 | # EQUALITY integerMatch 41 | # SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 42 | 43 | # builtin 44 | #attributetype ( 1.3.6.1.1.1.1.1 NAME 'gidNumber' 45 | # DESC 'An integer uniquely identifying a group in an administrative domain' 46 | # EQUALITY integerMatch 47 | # SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 48 | 49 | attributetype ( 1.3.6.1.1.1.1.2 NAME 'gecos' 50 | DESC 'The GECOS field; the common name' 51 | EQUALITY caseIgnoreIA5Match 52 | SUBSTR caseIgnoreIA5SubstringsMatch 53 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) 54 | 55 | attributetype ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory' 56 | DESC 'The absolute path to the home directory' 57 | EQUALITY caseExactIA5Match 58 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) 59 | 60 | attributetype ( 1.3.6.1.1.1.1.4 NAME 'loginShell' 61 | DESC 'The path to the login shell' 62 | EQUALITY caseExactIA5Match 63 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) 64 | 65 | attributetype ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' 66 | EQUALITY integerMatch 67 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 68 | 69 | attributetype ( 1.3.6.1.1.1.1.6 NAME 'shadowMin' 70 | EQUALITY integerMatch 71 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 72 | 73 | attributetype ( 1.3.6.1.1.1.1.7 NAME 'shadowMax' 74 | EQUALITY integerMatch 75 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 76 | 77 | attributetype ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning' 78 | EQUALITY integerMatch 79 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 80 | 81 | attributetype ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive' 82 | EQUALITY integerMatch 83 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 84 | 85 | attributetype ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire' 86 | EQUALITY integerMatch 87 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 88 | 89 | attributetype ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag' 90 | EQUALITY integerMatch 91 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 92 | 93 | attributetype ( 1.3.6.1.1.1.1.12 NAME 'memberUid' 94 | EQUALITY caseExactIA5Match 95 | SUBSTR caseExactIA5SubstringsMatch 96 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 97 | 98 | attributetype ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup' 99 | EQUALITY caseExactIA5Match 100 | SUBSTR caseExactIA5SubstringsMatch 101 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 102 | 103 | attributetype ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' 104 | DESC 'Netgroup triple' 105 | SYNTAX 1.3.6.1.1.1.0.0 ) 106 | 107 | attributetype ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort' 108 | EQUALITY integerMatch 109 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 110 | 111 | attributetype ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol' 112 | SUP name ) 113 | 114 | attributetype ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber' 115 | EQUALITY integerMatch 116 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 117 | 118 | attributetype ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber' 119 | EQUALITY integerMatch 120 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 121 | 122 | attributetype ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber' 123 | DESC 'IP address' 124 | EQUALITY caseIgnoreIA5Match 125 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) 126 | 127 | attributetype ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber' 128 | DESC 'IP network' 129 | EQUALITY caseIgnoreIA5Match 130 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGLE-VALUE ) 131 | 132 | attributetype ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber' 133 | DESC 'IP netmask' 134 | EQUALITY caseIgnoreIA5Match 135 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGLE-VALUE ) 136 | 137 | attributetype ( 1.3.6.1.1.1.1.22 NAME 'macAddress' 138 | DESC 'MAC address' 139 | EQUALITY caseIgnoreIA5Match 140 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) 141 | 142 | attributetype ( 1.3.6.1.1.1.1.23 NAME 'bootParameter' 143 | DESC 'rpc.bootparamd parameter' 144 | SYNTAX 1.3.6.1.1.1.0.1 ) 145 | 146 | attributetype ( 1.3.6.1.1.1.1.24 NAME 'bootFile' 147 | DESC 'Boot image name' 148 | EQUALITY caseExactIA5Match 149 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 150 | 151 | attributetype ( 1.3.6.1.1.1.1.26 NAME 'nisMapName' 152 | SUP name ) 153 | 154 | attributetype ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry' 155 | EQUALITY caseExactIA5Match 156 | SUBSTR caseExactIA5SubstringsMatch 157 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1024} SINGLE-VALUE ) 158 | 159 | # Object Class Definitions 160 | 161 | objectclass ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' 162 | DESC 'Abstraction of an account with POSIX attributes' 163 | SUP top AUXILIARY 164 | MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory ) 165 | MAY ( userPassword $ loginShell $ gecos $ description ) ) 166 | 167 | objectclass ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' 168 | DESC 'Additional attributes for shadow passwords' 169 | SUP top AUXILIARY 170 | MUST uid 171 | MAY ( userPassword $ shadowLastChange $ shadowMin $ 172 | shadowMax $ shadowWarning $ shadowInactive $ 173 | shadowExpire $ shadowFlag $ description ) ) 174 | 175 | objectclass ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' 176 | DESC 'Abstraction of a group of accounts' 177 | SUP top STRUCTURAL 178 | MUST ( cn $ gidNumber ) 179 | MAY ( userPassword $ memberUid $ description ) ) 180 | 181 | objectclass ( 1.3.6.1.1.1.2.3 NAME 'ipService' 182 | DESC 'Abstraction an Internet Protocol service' 183 | SUP top STRUCTURAL 184 | MUST ( cn $ ipServicePort $ ipServiceProtocol ) 185 | MAY ( description ) ) 186 | 187 | objectclass ( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' 188 | DESC 'Abstraction of an IP protocol' 189 | SUP top STRUCTURAL 190 | MUST ( cn $ ipProtocolNumber $ description ) 191 | MAY description ) 192 | 193 | objectclass ( 1.3.6.1.1.1.2.5 NAME 'oncRpc' 194 | DESC 'Abstraction of an ONC/RPC binding' 195 | SUP top STRUCTURAL 196 | MUST ( cn $ oncRpcNumber $ description ) 197 | MAY description ) 198 | 199 | objectclass ( 1.3.6.1.1.1.2.6 NAME 'ipHost' 200 | DESC 'Abstraction of a host, an IP device' 201 | SUP top AUXILIARY 202 | MUST ( cn $ ipHostNumber ) 203 | MAY ( l $ description $ manager ) ) 204 | 205 | objectclass ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' 206 | DESC 'Abstraction of an IP network' 207 | SUP top STRUCTURAL 208 | MUST ( cn $ ipNetworkNumber ) 209 | MAY ( ipNetmaskNumber $ l $ description $ manager ) ) 210 | 211 | objectclass ( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' 212 | DESC 'Abstraction of a netgroup' 213 | SUP top STRUCTURAL 214 | MUST cn 215 | MAY ( nisNetgroupTriple $ memberNisNetgroup $ description ) ) 216 | 217 | objectclass ( 1.3.6.1.1.1.2.9 NAME 'nisMap' 218 | DESC 'A generic abstraction of a NIS map' 219 | SUP top STRUCTURAL 220 | MUST nisMapName 221 | MAY description ) 222 | 223 | objectclass ( 1.3.6.1.1.1.2.10 NAME 'nisObject' 224 | DESC 'An entry in a NIS map' 225 | SUP top STRUCTURAL 226 | MUST ( cn $ nisMapEntry $ nisMapName ) 227 | MAY description ) 228 | 229 | objectclass ( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' 230 | DESC 'A device with a MAC address' 231 | SUP top AUXILIARY 232 | MAY macAddress ) 233 | 234 | objectclass ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' 235 | DESC 'A device with boot parameters' 236 | SUP top AUXILIARY 237 | MAY ( bootFile $ bootParameter ) ) 238 | -------------------------------------------------------------------------------- /indicium/ldap/test.py: -------------------------------------------------------------------------------- 1 | #! /usr/bin/env python 2 | # -*- coding: utf-8 -*- 3 | # vim:fenc=utf-8 4 | # 5 | # Copyright © 2016 Igalia S.L. 6 | # 7 | # Distributed under terms of the GPLv3 or, at your option, 8 | # under the terms of the Apache 2.0 license. 9 | 10 | import unittest, tempfile, random, socket, time, shutil, os, signal, ldap3 11 | from indicium.ldap import LDAPStore 12 | from os import path as P 13 | 14 | SCHEMA_PATH = os.getenv("OPENLDAP_SCHEMA_PATH", None) 15 | if SCHEMA_PATH is None or not P.isdir(SCHEMA_PATH): 16 | SCHEMA_PATH = P.abspath(P.join(P.dirname(__file__), "testdata")) 17 | 18 | SLAPD_CONF_TEMPLATE = """\ 19 | include {schema_path}/core.schema 20 | include {schema_path}/cosine.schema 21 | include {schema_path}/inetorgperson.schema 22 | include {schema_path}/nis.schema 23 | argsfile {tempdir}/slapd.args 24 | pidfile {tempdir}/slapd.pid 25 | logfile {tempdir}/slapd.log 26 | loglevel 0 27 | moduleload back_bdb 28 | backend bdb 29 | database bdb 30 | suffix "dc=test,dc=org" 31 | rootdn "cn=admin,dc=test,dc=org" 32 | rootpw "{{SHA}}5en6G6MezRroT3XKqkdPOmY/BfQ=" 33 | directory "{tempdir}/data" 34 | access to * 35 | by dn="cn=admin,dc=test,dc=org" write 36 | by * read 37 | """ 38 | 39 | 40 | class SlapdTestMixin(object): 41 | ldap_base = "dc=test,dc=org" 42 | ldap_bind_dn = "cn=admin,dc=test,dc=org" 43 | ldap_bind_pw = "secret" 44 | __slapd_path = None 45 | __slapd_pid = None 46 | __tempdir = None 47 | 48 | @classmethod 49 | def slapd_path(cls): 50 | if cls.__slapd_path is None: 51 | dirs = os.getenv("PATH", "").split(":") + \ 52 | ["/usr/sbin", "/usr/local/sbin", "/sbin"] 53 | cls.__slapd_path = False 54 | for d in dirs: 55 | p = P.join(d, "slapd") 56 | if P.exists(p) and os.access(p, os.X_OK): 57 | cls.__slapd_path = p 58 | break 59 | return cls.__slapd_path 60 | 61 | def slapd_setup(self): 62 | self.__tempdir = tempfile.mkdtemp("-indicium-ldap-test") 63 | self.__slapd_pid = None 64 | 65 | # Loop until we find a free port 66 | while True: 67 | self.__slapd_port = random.randint(15000, 65000) 68 | if not self.__check_port(retry=False): 69 | break 70 | 71 | self.__slapd_uri = "ldap://127.0.0.1:{!s}".format(self.__slapd_port) 72 | os.mkdir(P.join(self.__tempdir, "data")) 73 | 74 | conffile = SLAPD_CONF_TEMPLATE.format(tempdir=self.__tempdir, 75 | schema_path=SCHEMA_PATH) 76 | with open(P.join(self.__tempdir, "slapd.conf"), "w", encoding="utf-8") as f: 77 | f.write(conffile) 78 | 79 | self.__fork_slapd() 80 | self.__check_port() 81 | 82 | def slapd_connect(self, bind=True): 83 | server = ldap3.Server(self.slapd_uri, get_info=ldap3.ALL) 84 | return ldap3.Connection(server, authentication=ldap3.AUTH_SIMPLE, 85 | user=self.ldap_bind_dn, password=self.ldap_bind_pw, 86 | auto_bind=(ldap3.AUTO_BIND_NO_TLS if bind else ldap3.AUTO_BIND_NONE)) 87 | 88 | def slapd_create_base(self, conn): 89 | conn.add(self.ldap_base, ["top", "dcObject", "organization"], 90 | { "dc": "test", "o": "Test Organization" }) 91 | 92 | @property 93 | def slapd_uri(self): 94 | return self.__slapd_uri 95 | 96 | @property 97 | def slapd_log(self): 98 | path = P.join(self.__tempdir, "slapd.log") 99 | if not P.isfile(path): 100 | return "(no slapd log)" 101 | with open(path, "r", encoding="utf-8") as f: 102 | return f.read() 103 | 104 | def __check_port(self, host=None, port=None, retry=50, sleeptime=0.2): 105 | if host is None: 106 | host = "127.0.0.1" 107 | if port is None: 108 | port = self.__slapd_port 109 | if not retry: 110 | retry = 1 # Try at least once 111 | 112 | while retry: 113 | try: 114 | s = socket.socket() 115 | s.connect((host, port)) 116 | return True 117 | except socket.error: 118 | time.sleep(sleeptime) 119 | finally: 120 | if s: s.close() 121 | retry -= 1 122 | return False 123 | 124 | def __fork_slapd(self): 125 | cmdline = [ self.slapd_path(), "-4", "-d", "128", 126 | "-f", P.join(self.__tempdir, "slapd.conf"), 127 | "-h", self.__slapd_uri ] 128 | self.__slapd_pid = os.fork() 129 | if self.__slapd_pid: 130 | time.sleep(0.2) 131 | return 132 | 133 | # Avoid stderr clobbering the terminal 134 | nullfd = os.open("/dev/null", os.O_WRONLY) 135 | os.dup2(nullfd, 2) 136 | os.close(nullfd) 137 | os.execl(cmdline[0], *cmdline) 138 | 139 | def slapd_cleanup(self): 140 | if self.__slapd_pid: 141 | os.kill(self.__slapd_pid, signal.SIGTERM) 142 | os.waitpid(self.__slapd_pid, 0) 143 | if self.__tempdir: 144 | shutil.rmtree(self.__tempdir) 145 | 146 | 147 | def with_store(func): 148 | from functools import wraps 149 | @wraps(func) 150 | def wrapper(self, *arg, **kw): 151 | if not self.slapd_path(): 152 | return self.skipTest("slapd unavailable") 153 | exc, ret, log = None, None, "" 154 | store = None 155 | try: 156 | self.slapd_setup() 157 | store = LDAPStore(self.slapd_uri, auto_bind=ldap3.AUTO_BIND_NO_TLS, 158 | user=self.ldap_bind_dn, password=self.ldap_bind_pw) 159 | self.slapd_create_base(store.connection) 160 | ret = func(self, store, *arg, **kw) 161 | except Exception as e: 162 | log = self.slapd_log 163 | exc = e 164 | if store: del store 165 | self.slapd_cleanup() 166 | if exc is not None: 167 | import sys 168 | sys.stderr.write(log) 169 | raise exc 170 | return ret 171 | return wrapper 172 | 173 | 174 | class TestLDAPStore(unittest.TestCase, SlapdTestMixin): 175 | test_data_1 = ( 176 | ("/dc=org/dc=test/ou=People", { 177 | "objectClass" : "organizationalUnit", 178 | "ou" : "People", 179 | }), 180 | ("/dc=org/dc=Test/ou=Group", { 181 | "objectClass" : "organizationalUnit", 182 | "ou" : "Group", 183 | }), 184 | ("/dc=org/dc=test/ou=People/uid=user1", { 185 | "objectClass" : ["posixAccount", "inetOrgPerson"], 186 | "cn" : "Peter", 187 | "sn" : "Jackson", 188 | "uid" : "user1", 189 | "homeDirectory": "/home/user1", 190 | "loginShell" : "/bin/bash", 191 | "uidNumber" : "1", 192 | "gidNumber" : "1", 193 | }), 194 | ("/dc=org/dc=test/ou=People/uid=user2", { 195 | "objectClass" : ["posixAccount", "inetOrgPerson"], 196 | "cn" : "John", 197 | "sn" : "Doe", 198 | "uid" : "user2", 199 | "homeDirectory": "/home/user2", 200 | "loginShell" : "/bin/zsh", 201 | "uidNumber" : "2", 202 | "gidNumber" : "2", 203 | }), 204 | ("/dc=org/dc=test/ou=Group/cn=users", { 205 | "objectClass" : "posixGroup", 206 | "cn" : "users", 207 | "gidNumber" : "5", 208 | "memberUid" : ["user1", "user2"], 209 | }), 210 | ) 211 | 212 | @with_store 213 | def test_direct_dn_mapping(self, s): 214 | self.assertTrue(s.contains("dc=test,dc=org")) 215 | 216 | @with_store 217 | def test_get_base(self, s): 218 | self.assertTrue(s.contains("/dc=org/dc=test")) 219 | org = s.get("/dc=org/dc=test") 220 | self.assertIsNotNone(org) 221 | self.assertEqual(["Test Organization"], org["o"]) 222 | 223 | @with_store 224 | def test_modify_organization(self, s): 225 | key = "/dc=org/dc=test" 226 | self.assertTrue(s.contains(key)) 227 | org = s.get(key) 228 | self.assertIsNotNone(org) 229 | org["o"] = ["Some other organization"] 230 | s.put(key, org) 231 | self.assertEqual(["Some other organization"], s.get(key)["o"]) 232 | 233 | @with_store 234 | def test_add_orgunit(self, s): 235 | key, value = self.test_data_1[0] 236 | s.put(key, value) 237 | self.assertTrue(s.contains(key)) 238 | self.assertEqual({"ou": ["People"], 239 | "objectClass": ["organizationalUnit"]} , s.get(key)) 240 | 241 | @with_store 242 | def test_user_groups(self, s): 243 | [s.put(k, v) for k, v in self.test_data_1] 244 | self.assertTrue(s.contains("/dc=org/dc=test/ou=Group")) 245 | self.assertTrue(s.contains("/dc=org/dc=test/ou=Group/cn=users")) 246 | grp = s.get("/dc=org/dc=test/ou=Group/cn=users") 247 | members = grp["memberUid"] 248 | self.assertEqual(2, len(members)) 249 | self.assertEqual(["user1", "user2"], sorted(members)) 250 | 251 | @with_store 252 | def test_get_unexistent(self, s): 253 | self.assertIsNone(s.get("/dc=org/dc=test/ou=People/uid=somerandomuid")) 254 | 255 | @with_store 256 | def test_put_no_objectclass(self, s): 257 | with self.assertRaises(ValueError): 258 | s.put("/dc=org/dc=test/ou=People", {}) 259 | 260 | @with_store 261 | def test_put_invalid_objectclass(self, s): 262 | with self.assertRaises(ValueError): 263 | s.put("/dc=org/dc=test/ou=People", { "objectClass": ["foobar"] }) 264 | 265 | @with_store 266 | def test_modify_invalid_objectclass(self, s): 267 | key = "/dc=org/dc=test" 268 | org = s.get(key) 269 | org["objectClass"] = ["foobar"] 270 | with self.assertRaises(ValueError): 271 | s.put(key, org) 272 | 273 | @with_store 274 | def test_delete(self, s): 275 | [s.put(k, v) for k, v in self.test_data_1] 276 | key = "/dc=org/dc=test/ou=People/uid=user1" 277 | s.delete(key) 278 | self.assertFalse(s.contains(key)) 279 | -------------------------------------------------------------------------------- /indicium/ldap/testdata/core.schema: -------------------------------------------------------------------------------- 1 | # OpenLDAP Core schema 2 | # $OpenLDAP$ 3 | ## This work is part of OpenLDAP Software . 4 | ## 5 | ## Copyright 1998-2016 The OpenLDAP Foundation. 6 | ## All rights reserved. 7 | ## 8 | ## Redistribution and use in source and binary forms, with or without 9 | ## modification, are permitted only as authorized by the OpenLDAP 10 | ## Public License. 11 | ## 12 | ## A copy of this license is available in the file LICENSE in the 13 | ## top-level directory of the distribution or, alternatively, at 14 | ## . 15 | # 16 | ## Portions Copyright (C) The Internet Society (1997-2006). 17 | ## All Rights Reserved. 18 | ## 19 | ## This document and translations of it may be copied and furnished to 20 | ## others, and derivative works that comment on or otherwise explain it 21 | ## or assist in its implementation may be prepared, copied, published 22 | ## and distributed, in whole or in part, without restriction of any 23 | ## kind, provided that the above copyright notice and this paragraph are 24 | ## included on all such copies and derivative works. However, this 25 | ## document itself may not be modified in any way, such as by removing 26 | ## the copyright notice or references to the Internet Society or other 27 | ## Internet organizations, except as needed for the purpose of 28 | ## developing Internet standards in which case the procedures for 29 | ## copyrights defined in the Internet Standards process must be 30 | ## followed, or as required to translate it into languages other than 31 | ## English. 32 | ## 33 | ## The limited permissions granted above are perpetual and will not be 34 | ## revoked by the Internet Society or its successors or assigns. 35 | ## 36 | ## This document and the information contained herein is provided on an 37 | ## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 38 | ## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 39 | ## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 40 | ## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 41 | ## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 42 | 43 | # 44 | # 45 | # Includes LDAPv3 schema items from: 46 | # RFC 2252/2256 (LDAPv3) 47 | # 48 | # Select standard track schema items: 49 | # RFC 1274 (uid/dc) 50 | # RFC 2079 (URI) 51 | # RFC 2247 (dc/dcObject) 52 | # RFC 2587 (PKI) 53 | # RFC 2589 (Dynamic Directory Services) 54 | # RFC 4524 (associatedDomain) 55 | # 56 | # Select informational schema items: 57 | # RFC 2377 (uidObject) 58 | 59 | # 60 | # Standard attribute types from RFC 2256 61 | # 62 | 63 | # system schema 64 | #attributetype ( 2.5.4.0 NAME 'objectClass' 65 | # DESC 'RFC2256: object classes of the entity' 66 | # EQUALITY objectIdentifierMatch 67 | # SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) 68 | 69 | # system schema 70 | #attributetype ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' ) 71 | # DESC 'RFC2256: name of aliased object' 72 | # EQUALITY distinguishedNameMatch 73 | # SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) 74 | 75 | attributetype ( 2.5.4.2 NAME 'knowledgeInformation' 76 | DESC 'RFC2256: knowledge information' 77 | EQUALITY caseIgnoreMatch 78 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) 79 | 80 | # system schema 81 | #attributetype ( 2.5.4.3 NAME ( 'cn' 'commonName' ) 82 | # DESC 'RFC2256: common name(s) for which the entity is known by' 83 | # SUP name ) 84 | 85 | attributetype ( 2.5.4.4 NAME ( 'sn' 'surname' ) 86 | DESC 'RFC2256: last (family) name(s) for which the entity is known by' 87 | SUP name ) 88 | 89 | attributetype ( 2.5.4.5 NAME 'serialNumber' 90 | DESC 'RFC2256: serial number of the entity' 91 | EQUALITY caseIgnoreMatch 92 | SUBSTR caseIgnoreSubstringsMatch 93 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} ) 94 | 95 | # RFC 4519 definition ('countryName' in X.500 and RFC2256) 96 | attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' ) 97 | DESC 'RFC4519: two-letter ISO-3166 country code' 98 | SUP name 99 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.11 100 | SINGLE-VALUE ) 101 | 102 | #attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' ) 103 | # DESC 'RFC2256: ISO-3166 country 2-letter code' 104 | # SUP name SINGLE-VALUE ) 105 | 106 | attributetype ( 2.5.4.7 NAME ( 'l' 'localityName' ) 107 | DESC 'RFC2256: locality which this object resides in' 108 | SUP name ) 109 | 110 | attributetype ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' ) 111 | DESC 'RFC2256: state or province which this object resides in' 112 | SUP name ) 113 | 114 | attributetype ( 2.5.4.9 NAME ( 'street' 'streetAddress' ) 115 | DESC 'RFC2256: street address of this object' 116 | EQUALITY caseIgnoreMatch 117 | SUBSTR caseIgnoreSubstringsMatch 118 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) 119 | 120 | attributetype ( 2.5.4.10 NAME ( 'o' 'organizationName' ) 121 | DESC 'RFC2256: organization this object belongs to' 122 | SUP name ) 123 | 124 | attributetype ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' ) 125 | DESC 'RFC2256: organizational unit this object belongs to' 126 | SUP name ) 127 | 128 | attributetype ( 2.5.4.12 NAME 'title' 129 | DESC 'RFC2256: title associated with the entity' 130 | SUP name ) 131 | 132 | # system schema 133 | #attributetype ( 2.5.4.13 NAME 'description' 134 | # DESC 'RFC2256: descriptive information' 135 | # EQUALITY caseIgnoreMatch 136 | # SUBSTR caseIgnoreSubstringsMatch 137 | # SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} ) 138 | 139 | # Deprecated by enhancedSearchGuide 140 | attributetype ( 2.5.4.14 NAME 'searchGuide' 141 | DESC 'RFC2256: search guide, deprecated by enhancedSearchGuide' 142 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 ) 143 | 144 | attributetype ( 2.5.4.15 NAME 'businessCategory' 145 | DESC 'RFC2256: business category' 146 | EQUALITY caseIgnoreMatch 147 | SUBSTR caseIgnoreSubstringsMatch 148 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) 149 | 150 | attributetype ( 2.5.4.16 NAME 'postalAddress' 151 | DESC 'RFC2256: postal address' 152 | EQUALITY caseIgnoreListMatch 153 | SUBSTR caseIgnoreListSubstringsMatch 154 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) 155 | 156 | attributetype ( 2.5.4.17 NAME 'postalCode' 157 | DESC 'RFC2256: postal code' 158 | EQUALITY caseIgnoreMatch 159 | SUBSTR caseIgnoreSubstringsMatch 160 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} ) 161 | 162 | attributetype ( 2.5.4.18 NAME 'postOfficeBox' 163 | DESC 'RFC2256: Post Office Box' 164 | EQUALITY caseIgnoreMatch 165 | SUBSTR caseIgnoreSubstringsMatch 166 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} ) 167 | 168 | attributetype ( 2.5.4.19 NAME 'physicalDeliveryOfficeName' 169 | DESC 'RFC2256: Physical Delivery Office Name' 170 | EQUALITY caseIgnoreMatch 171 | SUBSTR caseIgnoreSubstringsMatch 172 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) 173 | 174 | attributetype ( 2.5.4.20 NAME 'telephoneNumber' 175 | DESC 'RFC2256: Telephone Number' 176 | EQUALITY telephoneNumberMatch 177 | SUBSTR telephoneNumberSubstringsMatch 178 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} ) 179 | 180 | attributetype ( 2.5.4.21 NAME 'telexNumber' 181 | DESC 'RFC2256: Telex Number' 182 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 ) 183 | 184 | attributetype ( 2.5.4.22 NAME 'teletexTerminalIdentifier' 185 | DESC 'RFC2256: Teletex Terminal Identifier' 186 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 ) 187 | 188 | attributetype ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' ) 189 | DESC 'RFC2256: Facsimile (Fax) Telephone Number' 190 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 ) 191 | 192 | attributetype ( 2.5.4.24 NAME 'x121Address' 193 | DESC 'RFC2256: X.121 Address' 194 | EQUALITY numericStringMatch 195 | SUBSTR numericStringSubstringsMatch 196 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} ) 197 | 198 | attributetype ( 2.5.4.25 NAME 'internationaliSDNNumber' 199 | DESC 'RFC2256: international ISDN number' 200 | EQUALITY numericStringMatch 201 | SUBSTR numericStringSubstringsMatch 202 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} ) 203 | 204 | attributetype ( 2.5.4.26 NAME 'registeredAddress' 205 | DESC 'RFC2256: registered postal address' 206 | SUP postalAddress 207 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) 208 | 209 | attributetype ( 2.5.4.27 NAME 'destinationIndicator' 210 | DESC 'RFC2256: destination indicator' 211 | EQUALITY caseIgnoreMatch 212 | SUBSTR caseIgnoreSubstringsMatch 213 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} ) 214 | 215 | attributetype ( 2.5.4.28 NAME 'preferredDeliveryMethod' 216 | DESC 'RFC2256: preferred delivery method' 217 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.14 218 | SINGLE-VALUE ) 219 | 220 | attributetype ( 2.5.4.29 NAME 'presentationAddress' 221 | DESC 'RFC2256: presentation address' 222 | EQUALITY presentationAddressMatch 223 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.43 224 | SINGLE-VALUE ) 225 | 226 | attributetype ( 2.5.4.30 NAME 'supportedApplicationContext' 227 | DESC 'RFC2256: supported application context' 228 | EQUALITY objectIdentifierMatch 229 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) 230 | 231 | attributetype ( 2.5.4.31 NAME 'member' 232 | DESC 'RFC2256: member of a group' 233 | SUP distinguishedName ) 234 | 235 | attributetype ( 2.5.4.32 NAME 'owner' 236 | DESC 'RFC2256: owner (of the object)' 237 | SUP distinguishedName ) 238 | 239 | attributetype ( 2.5.4.33 NAME 'roleOccupant' 240 | DESC 'RFC2256: occupant of role' 241 | SUP distinguishedName ) 242 | 243 | # system schema 244 | #attributetype ( 2.5.4.34 NAME 'seeAlso' 245 | # DESC 'RFC2256: DN of related object' 246 | # SUP distinguishedName ) 247 | 248 | # system schema 249 | #attributetype ( 2.5.4.35 NAME 'userPassword' 250 | # DESC 'RFC2256/2307: password of user' 251 | # EQUALITY octetStringMatch 252 | # SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} ) 253 | 254 | # Must be transferred using ;binary 255 | # with certificateExactMatch rule (per X.509) 256 | attributetype ( 2.5.4.36 NAME 'userCertificate' 257 | DESC 'RFC2256: X.509 user certificate, use ;binary' 258 | EQUALITY certificateExactMatch 259 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 ) 260 | 261 | # Must be transferred using ;binary 262 | # with certificateExactMatch rule (per X.509) 263 | attributetype ( 2.5.4.37 NAME 'cACertificate' 264 | DESC 'RFC2256: X.509 CA certificate, use ;binary' 265 | EQUALITY certificateExactMatch 266 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 ) 267 | 268 | # Must be transferred using ;binary 269 | attributetype ( 2.5.4.38 NAME 'authorityRevocationList' 270 | DESC 'RFC2256: X.509 authority revocation list, use ;binary' 271 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) 272 | 273 | # Must be transferred using ;binary 274 | attributetype ( 2.5.4.39 NAME 'certificateRevocationList' 275 | DESC 'RFC2256: X.509 certificate revocation list, use ;binary' 276 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) 277 | 278 | # Must be stored and requested in the binary form 279 | attributetype ( 2.5.4.40 NAME 'crossCertificatePair' 280 | DESC 'RFC2256: X.509 cross certificate pair, use ;binary' 281 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 ) 282 | 283 | # system schema 284 | #attributetype ( 2.5.4.41 NAME 'name' 285 | # EQUALITY caseIgnoreMatch 286 | # SUBSTR caseIgnoreSubstringsMatch 287 | # SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) 288 | 289 | attributetype ( 2.5.4.42 NAME ( 'givenName' 'gn' ) 290 | DESC 'RFC2256: first name(s) for which the entity is known by' 291 | SUP name ) 292 | 293 | attributetype ( 2.5.4.43 NAME 'initials' 294 | DESC 'RFC2256: initials of some or all of names, but not the surname(s).' 295 | SUP name ) 296 | 297 | attributetype ( 2.5.4.44 NAME 'generationQualifier' 298 | DESC 'RFC2256: name qualifier indicating a generation' 299 | SUP name ) 300 | 301 | attributetype ( 2.5.4.45 NAME 'x500UniqueIdentifier' 302 | DESC 'RFC2256: X.500 unique identifier' 303 | EQUALITY bitStringMatch 304 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 ) 305 | 306 | attributetype ( 2.5.4.46 NAME 'dnQualifier' 307 | DESC 'RFC2256: DN qualifier' 308 | EQUALITY caseIgnoreMatch 309 | ORDERING caseIgnoreOrderingMatch 310 | SUBSTR caseIgnoreSubstringsMatch 311 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 ) 312 | 313 | attributetype ( 2.5.4.47 NAME 'enhancedSearchGuide' 314 | DESC 'RFC2256: enhanced search guide' 315 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 ) 316 | 317 | attributetype ( 2.5.4.48 NAME 'protocolInformation' 318 | DESC 'RFC2256: protocol information' 319 | EQUALITY protocolInformationMatch 320 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 ) 321 | 322 | # system schema 323 | #attributetype ( 2.5.4.49 NAME 'distinguishedName' 324 | # EQUALITY distinguishedNameMatch 325 | # SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) 326 | 327 | attributetype ( 2.5.4.50 NAME 'uniqueMember' 328 | DESC 'RFC2256: unique member of a group' 329 | EQUALITY uniqueMemberMatch 330 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 ) 331 | 332 | attributetype ( 2.5.4.51 NAME 'houseIdentifier' 333 | DESC 'RFC2256: house identifier' 334 | EQUALITY caseIgnoreMatch 335 | SUBSTR caseIgnoreSubstringsMatch 336 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) 337 | 338 | # Must be transferred using ;binary 339 | attributetype ( 2.5.4.52 NAME 'supportedAlgorithms' 340 | DESC 'RFC2256: supported algorithms' 341 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 ) 342 | 343 | # Must be transferred using ;binary 344 | attributetype ( 2.5.4.53 NAME 'deltaRevocationList' 345 | DESC 'RFC2256: delta revocation list; use ;binary' 346 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) 347 | 348 | attributetype ( 2.5.4.54 NAME 'dmdName' 349 | DESC 'RFC2256: name of DMD' 350 | SUP name ) 351 | 352 | attributetype ( 2.5.4.65 NAME 'pseudonym' 353 | DESC 'X.520(4th): pseudonym for the object' 354 | SUP name ) 355 | 356 | # Standard object classes from RFC2256 357 | 358 | # system schema 359 | #objectclass ( 2.5.6.0 NAME 'top' 360 | # DESC 'RFC2256: top of the superclass chain' 361 | # ABSTRACT 362 | # MUST objectClass ) 363 | 364 | # system schema 365 | #objectclass ( 2.5.6.1 NAME 'alias' 366 | # DESC 'RFC2256: an alias' 367 | # SUP top STRUCTURAL 368 | # MUST aliasedObjectName ) 369 | 370 | objectclass ( 2.5.6.2 NAME 'country' 371 | DESC 'RFC2256: a country' 372 | SUP top STRUCTURAL 373 | MUST c 374 | MAY ( searchGuide $ description ) ) 375 | 376 | objectclass ( 2.5.6.3 NAME 'locality' 377 | DESC 'RFC2256: a locality' 378 | SUP top STRUCTURAL 379 | MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) ) 380 | 381 | objectclass ( 2.5.6.4 NAME 'organization' 382 | DESC 'RFC2256: an organization' 383 | SUP top STRUCTURAL 384 | MUST o 385 | MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ 386 | x121Address $ registeredAddress $ destinationIndicator $ 387 | preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ 388 | telephoneNumber $ internationaliSDNNumber $ 389 | facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ 390 | postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) ) 391 | 392 | objectclass ( 2.5.6.5 NAME 'organizationalUnit' 393 | DESC 'RFC2256: an organizational unit' 394 | SUP top STRUCTURAL 395 | MUST ou 396 | MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ 397 | x121Address $ registeredAddress $ destinationIndicator $ 398 | preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ 399 | telephoneNumber $ internationaliSDNNumber $ 400 | facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ 401 | postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) ) 402 | 403 | objectclass ( 2.5.6.6 NAME 'person' 404 | DESC 'RFC2256: a person' 405 | SUP top STRUCTURAL 406 | MUST ( sn $ cn ) 407 | MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) ) 408 | 409 | objectclass ( 2.5.6.7 NAME 'organizationalPerson' 410 | DESC 'RFC2256: an organizational person' 411 | SUP person STRUCTURAL 412 | MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $ 413 | preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ 414 | telephoneNumber $ internationaliSDNNumber $ 415 | facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ 416 | postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) ) 417 | 418 | objectclass ( 2.5.6.8 NAME 'organizationalRole' 419 | DESC 'RFC2256: an organizational role' 420 | SUP top STRUCTURAL 421 | MUST cn 422 | MAY ( x121Address $ registeredAddress $ destinationIndicator $ 423 | preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ 424 | telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ 425 | seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $ 426 | postOfficeBox $ postalCode $ postalAddress $ 427 | physicalDeliveryOfficeName $ ou $ st $ l $ description ) ) 428 | 429 | objectclass ( 2.5.6.9 NAME 'groupOfNames' 430 | DESC 'RFC2256: a group of names (DNs)' 431 | SUP top STRUCTURAL 432 | MUST ( member $ cn ) 433 | MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) ) 434 | 435 | objectclass ( 2.5.6.10 NAME 'residentialPerson' 436 | DESC 'RFC2256: an residential person' 437 | SUP person STRUCTURAL 438 | MUST l 439 | MAY ( businessCategory $ x121Address $ registeredAddress $ 440 | destinationIndicator $ preferredDeliveryMethod $ telexNumber $ 441 | teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ 442 | facsimileTelephoneNumber $ preferredDeliveryMethod $ street $ 443 | postOfficeBox $ postalCode $ postalAddress $ 444 | physicalDeliveryOfficeName $ st $ l ) ) 445 | 446 | objectclass ( 2.5.6.11 NAME 'applicationProcess' 447 | DESC 'RFC2256: an application process' 448 | SUP top STRUCTURAL 449 | MUST cn 450 | MAY ( seeAlso $ ou $ l $ description ) ) 451 | 452 | objectclass ( 2.5.6.12 NAME 'applicationEntity' 453 | DESC 'RFC2256: an application entity' 454 | SUP top STRUCTURAL 455 | MUST ( presentationAddress $ cn ) 456 | MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $ 457 | description ) ) 458 | 459 | objectclass ( 2.5.6.13 NAME 'dSA' 460 | DESC 'RFC2256: a directory system agent (a server)' 461 | SUP applicationEntity STRUCTURAL 462 | MAY knowledgeInformation ) 463 | 464 | objectclass ( 2.5.6.14 NAME 'device' 465 | DESC 'RFC2256: a device' 466 | SUP top STRUCTURAL 467 | MUST cn 468 | MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) ) 469 | 470 | objectclass ( 2.5.6.15 NAME 'strongAuthenticationUser' 471 | DESC 'RFC2256: a strong authentication user' 472 | SUP top AUXILIARY 473 | MUST userCertificate ) 474 | 475 | objectclass ( 2.5.6.16 NAME 'certificationAuthority' 476 | DESC 'RFC2256: a certificate authority' 477 | SUP top AUXILIARY 478 | MUST ( authorityRevocationList $ certificateRevocationList $ 479 | cACertificate ) MAY crossCertificatePair ) 480 | 481 | objectclass ( 2.5.6.17 NAME 'groupOfUniqueNames' 482 | DESC 'RFC2256: a group of unique names (DN and Unique Identifier)' 483 | SUP top STRUCTURAL 484 | MUST ( uniqueMember $ cn ) 485 | MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) ) 486 | 487 | objectclass ( 2.5.6.18 NAME 'userSecurityInformation' 488 | DESC 'RFC2256: a user security information' 489 | SUP top AUXILIARY 490 | MAY ( supportedAlgorithms ) ) 491 | 492 | objectclass ( 2.5.6.16.2 NAME 'certificationAuthority-V2' 493 | SUP certificationAuthority 494 | AUXILIARY MAY ( deltaRevocationList ) ) 495 | 496 | objectclass ( 2.5.6.19 NAME 'cRLDistributionPoint' 497 | SUP top STRUCTURAL 498 | MUST ( cn ) 499 | MAY ( certificateRevocationList $ authorityRevocationList $ 500 | deltaRevocationList ) ) 501 | 502 | objectclass ( 2.5.6.20 NAME 'dmd' 503 | SUP top STRUCTURAL 504 | MUST ( dmdName ) 505 | MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ 506 | x121Address $ registeredAddress $ destinationIndicator $ 507 | preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ 508 | telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ 509 | street $ postOfficeBox $ postalCode $ postalAddress $ 510 | physicalDeliveryOfficeName $ st $ l $ description ) ) 511 | 512 | # 513 | # Object Classes from RFC 2587 514 | # 515 | objectclass ( 2.5.6.21 NAME 'pkiUser' 516 | DESC 'RFC2587: a PKI user' 517 | SUP top AUXILIARY 518 | MAY userCertificate ) 519 | 520 | objectclass ( 2.5.6.22 NAME 'pkiCA' 521 | DESC 'RFC2587: PKI certificate authority' 522 | SUP top AUXILIARY 523 | MAY ( authorityRevocationList $ certificateRevocationList $ 524 | cACertificate $ crossCertificatePair ) ) 525 | 526 | objectclass ( 2.5.6.23 NAME 'deltaCRL' 527 | DESC 'RFC2587: PKI user' 528 | SUP top AUXILIARY 529 | MAY deltaRevocationList ) 530 | 531 | # 532 | # Standard Track URI label schema from RFC 2079 533 | # system schema 534 | #attributetype ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI' 535 | # DESC 'RFC2079: Uniform Resource Identifier with optional label' 536 | # EQUALITY caseExactMatch 537 | # SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 538 | 539 | objectclass ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject' 540 | DESC 'RFC2079: object that contains the URI attribute type' 541 | SUP top AUXILIARY 542 | MAY ( labeledURI ) ) 543 | 544 | # 545 | # Derived from RFC 1274, but with new "short names" 546 | # 547 | #attributetype ( 0.9.2342.19200300.100.1.1 548 | # NAME ( 'uid' 'userid' ) 549 | # DESC 'RFC1274: user identifier' 550 | # EQUALITY caseIgnoreMatch 551 | # SUBSTR caseIgnoreSubstringsMatch 552 | # SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) 553 | 554 | attributetype ( 0.9.2342.19200300.100.1.3 555 | NAME ( 'mail' 'rfc822Mailbox' ) 556 | DESC 'RFC1274: RFC822 Mailbox' 557 | EQUALITY caseIgnoreIA5Match 558 | SUBSTR caseIgnoreIA5SubstringsMatch 559 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) 560 | 561 | objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject' 562 | DESC 'RFC1274: simple security object' 563 | SUP top AUXILIARY 564 | MUST userPassword ) 565 | 566 | # RFC 1274 + RFC 2247 567 | attributetype ( 0.9.2342.19200300.100.1.25 568 | NAME ( 'dc' 'domainComponent' ) 569 | DESC 'RFC1274/2247: domain component' 570 | EQUALITY caseIgnoreIA5Match 571 | SUBSTR caseIgnoreIA5SubstringsMatch 572 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) 573 | 574 | # RFC 2247 575 | objectclass ( 1.3.6.1.4.1.1466.344 NAME 'dcObject' 576 | DESC 'RFC2247: domain component object' 577 | SUP top AUXILIARY MUST dc ) 578 | 579 | # RFC 2377 580 | objectclass ( 1.3.6.1.1.3.1 NAME 'uidObject' 581 | DESC 'RFC2377: uid object' 582 | SUP top AUXILIARY MUST uid ) 583 | 584 | # RFC 4524 585 | # The 'associatedDomain' attribute specifies DNS [RFC1034][RFC2181] 586 | # host names [RFC1123] that are associated with an object. That is, 587 | # values of this attribute should conform to the following ABNF: 588 | # 589 | # domain = root / label *( DOT label ) 590 | # root = SPACE 591 | # label = LETDIG [ *61( LETDIG / HYPHEN ) LETDIG ] 592 | # LETDIG = %x30-39 / %x41-5A / %x61-7A ; "0" - "9" / "A"-"Z" / "a"-"z" 593 | # SPACE = %x20 ; space (" ") 594 | # HYPHEN = %x2D ; hyphen ("-") 595 | # DOT = %x2E ; period (".") 596 | attributetype ( 0.9.2342.19200300.100.1.37 597 | NAME 'associatedDomain' 598 | DESC 'RFC1274: domain associated with object' 599 | EQUALITY caseIgnoreIA5Match 600 | SUBSTR caseIgnoreIA5SubstringsMatch 601 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 602 | 603 | # RFC 2459 -- deprecated in favor of 'mail' (in cosine.schema) 604 | attributetype ( 1.2.840.113549.1.9.1 605 | NAME ( 'email' 'emailAddress' 'pkcs9email' ) 606 | DESC 'RFC3280: legacy attribute for email addresses in DNs' 607 | EQUALITY caseIgnoreIA5Match 608 | SUBSTR caseIgnoreIA5SubstringsMatch 609 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) 610 | 611 | -------------------------------------------------------------------------------- /indicium/ldap/testdata/cosine.schema: -------------------------------------------------------------------------------- 1 | # RFC1274: Cosine and Internet X.500 schema 2 | # $OpenLDAP$ 3 | ## This work is part of OpenLDAP Software . 4 | ## 5 | ## Copyright 1998-2016 The OpenLDAP Foundation. 6 | ## All rights reserved. 7 | ## 8 | ## Redistribution and use in source and binary forms, with or without 9 | ## modification, are permitted only as authorized by the OpenLDAP 10 | ## Public License. 11 | ## 12 | ## A copy of this license is available in the file LICENSE in the 13 | ## top-level directory of the distribution or, alternatively, at 14 | ## . 15 | # 16 | # RFC1274: Cosine and Internet X.500 schema 17 | # 18 | # This file contains LDAPv3 schema derived from X.500 COSINE "pilot" 19 | # schema. As this schema was defined for X.500(89), some 20 | # oddities were introduced in the mapping to LDAPv3. The 21 | # mappings were based upon: draft-ietf-asid-ldapv3-attributes-03.txt 22 | # (a work in progress) 23 | # 24 | # Note: It seems that the pilot schema evolved beyond what was 25 | # described in RFC1274. However, this document attempts to describes 26 | # RFC1274 as published. 27 | # 28 | # Depends on core.schema 29 | 30 | 31 | # Network Working Group P. Barker 32 | # Request for Comments: 1274 S. Kille 33 | # University College London 34 | # November 1991 35 | # 36 | # The COSINE and Internet X.500 Schema 37 | # 38 | # [trimmed] 39 | # 40 | # Abstract 41 | # 42 | # This document suggests an X.500 Directory Schema, or Naming 43 | # Architecture, for use in the COSINE and Internet X.500 pilots. The 44 | # schema is independent of any specific implementation. As well as 45 | # indicating support for the standard object classes and attributes, a 46 | # large number of generally useful object classes and attributes are 47 | # also defined. An appendix to this document includes a machine 48 | # processable version of the schema. 49 | # 50 | # [trimmed] 51 | 52 | # 7. Object Identifiers 53 | # 54 | # Some additional object identifiers are defined for this schema. 55 | # These are also reproduced in Appendix C. 56 | # 57 | # data OBJECT IDENTIFIER ::= {ccitt 9} 58 | # pss OBJECT IDENTIFIER ::= {data 2342} 59 | # ucl OBJECT IDENTIFIER ::= {pss 19200300} 60 | # pilot OBJECT IDENTIFIER ::= {ucl 100} 61 | # 62 | # pilotAttributeType OBJECT IDENTIFIER ::= {pilot 1} 63 | # pilotAttributeSyntax OBJECT IDENTIFIER ::= {pilot 3} 64 | # pilotObjectClass OBJECT IDENTIFIER ::= {pilot 4} 65 | # pilotGroups OBJECT IDENTIFIER ::= {pilot 10} 66 | # 67 | # iA5StringSyntax OBJECT IDENTIFIER ::= {pilotAttributeSyntax 4} 68 | # caseIgnoreIA5StringSyntax OBJECT IDENTIFIER ::= 69 | # {pilotAttributeSyntax 5} 70 | # 71 | # 8. Object Classes 72 | # [relocated after 9] 73 | 74 | # 75 | # 9. Attribute Types 76 | # 77 | # 9.1. X.500 standard attribute types 78 | # 79 | # A number of generally useful attribute types are defined in X.520, 80 | # and these are supported. Refer to that document for descriptions of 81 | # the suggested usage of these attribute types. The ASN.1 for these 82 | # attribute types is reproduced for completeness in Appendix C. 83 | # 84 | # 9.2. X.400 standard attribute types 85 | # 86 | # The standard X.400 attribute types are supported. See X.402 for full 87 | # details. The ASN.1 for these attribute types is reproduced in 88 | # Appendix C. 89 | # 90 | # 9.3. COSINE/Internet attribute types 91 | # 92 | # This section describes all the attribute types defined for use in the 93 | # COSINE and Internet pilots. Descriptions are given as to the 94 | # suggested usage of these attribute types. The ASN.1 for these 95 | # attribute types is reproduced in Appendix C. 96 | # 97 | # 9.3.1. Userid 98 | # 99 | # The Userid attribute type specifies a computer system login name. 100 | # 101 | # userid ATTRIBUTE 102 | # WITH ATTRIBUTE-SYNTAX 103 | # caseIgnoreStringSyntax 104 | # (SIZE (1 .. ub-user-identifier)) 105 | # ::= {pilotAttributeType 1} 106 | # 107 | #(in core.schema) 108 | ##attributetype ( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' ) 109 | ## EQUALITY caseIgnoreMatch 110 | ## SUBSTR caseIgnoreSubstringsMatch 111 | ## SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) 112 | 113 | # 9.3.2. Text Encoded O/R Address 114 | # 115 | # The Text Encoded O/R Address attribute type specifies a text encoding 116 | # of an X.400 O/R address, as specified in RFC 987. The use of this 117 | # attribute is deprecated as the attribute is intended for interim use 118 | # only. This attribute will be the first candidate for the attribute 119 | # expiry mechanisms! 120 | # 121 | # textEncodedORAddress ATTRIBUTE 122 | # WITH ATTRIBUTE-SYNTAX 123 | # caseIgnoreStringSyntax 124 | # (SIZE (1 .. ub-text-encoded-or-address)) 125 | # ::= {pilotAttributeType 2} 126 | # 127 | attributetype ( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress' 128 | EQUALITY caseIgnoreMatch 129 | SUBSTR caseIgnoreSubstringsMatch 130 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) 131 | 132 | # 9.3.3. RFC 822 Mailbox 133 | # 134 | # The RFC822 Mailbox attribute type specifies an electronic mailbox 135 | # attribute following the syntax specified in RFC 822. Note that this 136 | # attribute should not be used for greybook or other non-Internet order 137 | # mailboxes. 138 | # 139 | # rfc822Mailbox ATTRIBUTE 140 | # WITH ATTRIBUTE-SYNTAX 141 | # caseIgnoreIA5StringSyntax 142 | # (SIZE (1 .. ub-rfc822-mailbox)) 143 | # ::= {pilotAttributeType 3} 144 | # 145 | #(in core.schema) 146 | ##attributetype ( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822Mailbox' ) 147 | ## EQUALITY caseIgnoreIA5Match 148 | ## SUBSTR caseIgnoreIA5SubstringsMatch 149 | ## SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) 150 | 151 | # 9.3.4. Information 152 | # 153 | # The Information attribute type specifies any general information 154 | # pertinent to an object. It is recommended that specific usage of 155 | # this attribute type is avoided, and that specific requirements are 156 | # met by other (possibly additional) attribute types. 157 | # 158 | # info ATTRIBUTE 159 | # WITH ATTRIBUTE-SYNTAX 160 | # caseIgnoreStringSyntax 161 | # (SIZE (1 .. ub-information)) 162 | # ::= {pilotAttributeType 4} 163 | # 164 | attributetype ( 0.9.2342.19200300.100.1.4 NAME 'info' 165 | DESC 'RFC1274: general information' 166 | EQUALITY caseIgnoreMatch 167 | SUBSTR caseIgnoreSubstringsMatch 168 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} ) 169 | 170 | 171 | # 9.3.5. Favourite Drink 172 | # 173 | # The Favourite Drink attribute type specifies the favourite drink of 174 | # an object (or person). 175 | # 176 | # favouriteDrink ATTRIBUTE 177 | # WITH ATTRIBUTE-SYNTAX 178 | # caseIgnoreStringSyntax 179 | # (SIZE (1 .. ub-favourite-drink)) 180 | # ::= {pilotAttributeType 5} 181 | # 182 | attributetype ( 0.9.2342.19200300.100.1.5 183 | NAME ( 'drink' 'favouriteDrink' ) 184 | DESC 'RFC1274: favorite drink' 185 | EQUALITY caseIgnoreMatch 186 | SUBSTR caseIgnoreSubstringsMatch 187 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) 188 | 189 | # 9.3.6. Room Number 190 | # 191 | # The Room Number attribute type specifies the room number of an 192 | # object. Note that the commonName attribute should be used for naming 193 | # room objects. 194 | # 195 | # roomNumber ATTRIBUTE 196 | # WITH ATTRIBUTE-SYNTAX 197 | # caseIgnoreStringSyntax 198 | # (SIZE (1 .. ub-room-number)) 199 | # ::= {pilotAttributeType 6} 200 | # 201 | attributetype ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' 202 | DESC 'RFC1274: room number' 203 | EQUALITY caseIgnoreMatch 204 | SUBSTR caseIgnoreSubstringsMatch 205 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) 206 | 207 | # 9.3.7. Photo 208 | # 209 | # The Photo attribute type specifies a "photograph" for an object. 210 | # This should be encoded in G3 fax as explained in recommendation T.4, 211 | # with an ASN.1 wrapper to make it compatible with an X.400 BodyPart as 212 | # defined in X.420. 213 | # 214 | # IMPORT G3FacsimileBodyPart FROM { mhs-motis ipms modules 215 | # information-objects } 216 | # 217 | # photo ATTRIBUTE 218 | # WITH ATTRIBUTE-SYNTAX 219 | # CHOICE { 220 | # g3-facsimile [3] G3FacsimileBodyPart 221 | # } 222 | # (SIZE (1 .. ub-photo)) 223 | # ::= {pilotAttributeType 7} 224 | # 225 | attributetype ( 0.9.2342.19200300.100.1.7 NAME 'photo' 226 | DESC 'RFC1274: photo (G3 fax)' 227 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000} ) 228 | 229 | # 9.3.8. User Class 230 | # 231 | # The User Class attribute type specifies a category of computer user. 232 | # The semantics placed on this attribute are for local interpretation. 233 | # Examples of current usage od this attribute in academia are 234 | # undergraduate student, researcher, lecturer, etc. Note that the 235 | # organizationalStatus attribute may now often be preferred as it makes 236 | # no distinction between computer users and others. 237 | # 238 | # userClass ATTRIBUTE 239 | # WITH ATTRIBUTE-SYNTAX 240 | # caseIgnoreStringSyntax 241 | # (SIZE (1 .. ub-user-class)) 242 | # ::= {pilotAttributeType 8} 243 | # 244 | attributetype ( 0.9.2342.19200300.100.1.8 NAME 'userClass' 245 | DESC 'RFC1274: category of user' 246 | EQUALITY caseIgnoreMatch 247 | SUBSTR caseIgnoreSubstringsMatch 248 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) 249 | 250 | # 9.3.9. Host 251 | # 252 | # The Host attribute type specifies a host computer. 253 | # 254 | # host ATTRIBUTE 255 | # WITH ATTRIBUTE-SYNTAX 256 | # caseIgnoreStringSyntax 257 | # (SIZE (1 .. ub-host)) 258 | # ::= {pilotAttributeType 9} 259 | # 260 | attributetype ( 0.9.2342.19200300.100.1.9 NAME 'host' 261 | DESC 'RFC1274: host computer' 262 | EQUALITY caseIgnoreMatch 263 | SUBSTR caseIgnoreSubstringsMatch 264 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) 265 | 266 | # 9.3.10. Manager 267 | # 268 | # The Manager attribute type specifies the manager of an object 269 | # represented by an entry. 270 | # 271 | # manager ATTRIBUTE 272 | # WITH ATTRIBUTE-SYNTAX 273 | # distinguishedNameSyntax 274 | # ::= {pilotAttributeType 10} 275 | # 276 | attributetype ( 0.9.2342.19200300.100.1.10 NAME 'manager' 277 | DESC 'RFC1274: DN of manager' 278 | EQUALITY distinguishedNameMatch 279 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) 280 | 281 | # 9.3.11. Document Identifier 282 | # 283 | # The Document Identifier attribute type specifies a unique identifier 284 | # for a document. 285 | # 286 | # documentIdentifier ATTRIBUTE 287 | # WITH ATTRIBUTE-SYNTAX 288 | # caseIgnoreStringSyntax 289 | # (SIZE (1 .. ub-document-identifier)) 290 | # ::= {pilotAttributeType 11} 291 | # 292 | attributetype ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier' 293 | DESC 'RFC1274: unique identifier of document' 294 | EQUALITY caseIgnoreMatch 295 | SUBSTR caseIgnoreSubstringsMatch 296 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) 297 | 298 | # 9.3.12. Document Title 299 | # 300 | # The Document Title attribute type specifies the title of a document. 301 | # 302 | # documentTitle ATTRIBUTE 303 | # WITH ATTRIBUTE-SYNTAX 304 | # caseIgnoreStringSyntax 305 | # (SIZE (1 .. ub-document-title)) 306 | # ::= {pilotAttributeType 12} 307 | # 308 | attributetype ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle' 309 | DESC 'RFC1274: title of document' 310 | EQUALITY caseIgnoreMatch 311 | SUBSTR caseIgnoreSubstringsMatch 312 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) 313 | 314 | # 9.3.13. Document Version 315 | # 316 | # The Document Version attribute type specifies the version number of a 317 | # document. 318 | # 319 | # documentVersion ATTRIBUTE 320 | # WITH ATTRIBUTE-SYNTAX 321 | # caseIgnoreStringSyntax 322 | # (SIZE (1 .. ub-document-version)) 323 | # ::= {pilotAttributeType 13} 324 | # 325 | attributetype ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion' 326 | DESC 'RFC1274: version of document' 327 | EQUALITY caseIgnoreMatch 328 | SUBSTR caseIgnoreSubstringsMatch 329 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) 330 | 331 | # 9.3.14. Document Author 332 | # 333 | # The Document Author attribute type specifies the distinguished name 334 | # of the author of a document. 335 | # 336 | # documentAuthor ATTRIBUTE 337 | # WITH ATTRIBUTE-SYNTAX 338 | # distinguishedNameSyntax 339 | # ::= {pilotAttributeType 14} 340 | # 341 | attributetype ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor' 342 | DESC 'RFC1274: DN of author of document' 343 | EQUALITY distinguishedNameMatch 344 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) 345 | 346 | # 9.3.15. Document Location 347 | # 348 | # The Document Location attribute type specifies the location of the 349 | # document original. 350 | # 351 | # documentLocation ATTRIBUTE 352 | # WITH ATTRIBUTE-SYNTAX 353 | # caseIgnoreStringSyntax 354 | # (SIZE (1 .. ub-document-location)) 355 | # ::= {pilotAttributeType 15} 356 | # 357 | attributetype ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation' 358 | DESC 'RFC1274: location of document original' 359 | EQUALITY caseIgnoreMatch 360 | SUBSTR caseIgnoreSubstringsMatch 361 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) 362 | 363 | # 9.3.16. Home Telephone Number 364 | # 365 | # The Home Telephone Number attribute type specifies a home telephone 366 | # number associated with a person. Attribute values should follow the 367 | # agreed format for international telephone numbers: i.e., "+44 71 123 368 | # 4567". 369 | # 370 | # homeTelephoneNumber ATTRIBUTE 371 | # WITH ATTRIBUTE-SYNTAX 372 | # telephoneNumberSyntax 373 | # ::= {pilotAttributeType 20} 374 | # 375 | attributetype ( 0.9.2342.19200300.100.1.20 376 | NAME ( 'homePhone' 'homeTelephoneNumber' ) 377 | DESC 'RFC1274: home telephone number' 378 | EQUALITY telephoneNumberMatch 379 | SUBSTR telephoneNumberSubstringsMatch 380 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ) 381 | 382 | # 9.3.17. Secretary 383 | # 384 | # The Secretary attribute type specifies the secretary of a person. 385 | # The attribute value for Secretary is a distinguished name. 386 | # 387 | # secretary ATTRIBUTE 388 | # WITH ATTRIBUTE-SYNTAX 389 | # distinguishedNameSyntax 390 | # ::= {pilotAttributeType 21} 391 | # 392 | attributetype ( 0.9.2342.19200300.100.1.21 NAME 'secretary' 393 | DESC 'RFC1274: DN of secretary' 394 | EQUALITY distinguishedNameMatch 395 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) 396 | 397 | # 9.3.18. Other Mailbox 398 | # 399 | # The Other Mailbox attribute type specifies values for electronic 400 | # mailbox types other than X.400 and rfc822. 401 | # 402 | # otherMailbox ATTRIBUTE 403 | # WITH ATTRIBUTE-SYNTAX 404 | # SEQUENCE { 405 | # mailboxType PrintableString, -- e.g. Telemail 406 | # mailbox IA5String -- e.g. X378:Joe 407 | # } 408 | # ::= {pilotAttributeType 22} 409 | # 410 | attributetype ( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox' 411 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.39 ) 412 | 413 | # 9.3.19. Last Modified Time 414 | # 415 | # The Last Modified Time attribute type specifies the last time, in UTC 416 | # time, that an entry was modified. Ideally, this attribute should be 417 | # maintained by the DSA. 418 | # 419 | # lastModifiedTime ATTRIBUTE 420 | # WITH ATTRIBUTE-SYNTAX 421 | # uTCTimeSyntax 422 | # ::= {pilotAttributeType 23} 423 | # 424 | ## Deprecated in favor of modifyTimeStamp 425 | #attributetype ( 0.9.2342.19200300.100.1.23 NAME 'lastModifiedTime' 426 | # DESC 'RFC1274: time of last modify, replaced by modifyTimestamp' 427 | # OBSOLETE 428 | # SYNTAX 1.3.6.1.4.1.1466.115.121.1.53 429 | # USAGE directoryOperation ) 430 | 431 | # 9.3.20. Last Modified By 432 | # 433 | # The Last Modified By attribute specifies the distinguished name of 434 | # the last user to modify the associated entry. Ideally, this 435 | # attribute should be maintained by the DSA. 436 | # 437 | # lastModifiedBy ATTRIBUTE 438 | # WITH ATTRIBUTE-SYNTAX 439 | # distinguishedNameSyntax 440 | # ::= {pilotAttributeType 24} 441 | # 442 | ## Deprecated in favor of modifiersName 443 | #attributetype ( 0.9.2342.19200300.100.1.24 NAME 'lastModifiedBy' 444 | # DESC 'RFC1274: last modifier, replaced by modifiersName' 445 | # OBSOLETE 446 | # EQUALITY distinguishedNameMatch 447 | # SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 448 | # USAGE directoryOperation ) 449 | 450 | # 9.3.21. Domain Component 451 | # 452 | # The Domain Component attribute type specifies a DNS/NRS domain. For 453 | # example, "uk" or "ac". 454 | # 455 | # domainComponent ATTRIBUTE 456 | # WITH ATTRIBUTE-SYNTAX 457 | # caseIgnoreIA5StringSyntax 458 | # SINGLE VALUE 459 | # ::= {pilotAttributeType 25} 460 | # 461 | ##(in core.schema) 462 | ##attributetype ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domainComponent' ) 463 | ## EQUALITY caseIgnoreIA5Match 464 | ## SUBSTR caseIgnoreIA5SubstringsMatch 465 | ## SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) 466 | 467 | # 9.3.22. DNS ARecord 468 | # 469 | # The A Record attribute type specifies a type A (Address) DNS resource 470 | # record [6] [7]. 471 | # 472 | # aRecord ATTRIBUTE 473 | # WITH ATTRIBUTE-SYNTAX 474 | # DNSRecordSyntax 475 | # ::= {pilotAttributeType 26} 476 | # 477 | ## incorrect syntax? 478 | attributetype ( 0.9.2342.19200300.100.1.26 NAME 'aRecord' 479 | EQUALITY caseIgnoreIA5Match 480 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 481 | 482 | ## missing from RFC1274 483 | ## incorrect syntax? 484 | attributetype ( 0.9.2342.19200300.100.1.27 NAME 'mDRecord' 485 | EQUALITY caseIgnoreIA5Match 486 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 487 | 488 | # 9.3.23. MX Record 489 | # 490 | # The MX Record attribute type specifies a type MX (Mail Exchange) DNS 491 | # resource record [6] [7]. 492 | # 493 | # mXRecord ATTRIBUTE 494 | # WITH ATTRIBUTE-SYNTAX 495 | # DNSRecordSyntax 496 | # ::= {pilotAttributeType 28} 497 | # 498 | ## incorrect syntax!! 499 | attributetype ( 0.9.2342.19200300.100.1.28 NAME 'mXRecord' 500 | EQUALITY caseIgnoreIA5Match 501 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 502 | 503 | # 9.3.24. NS Record 504 | # 505 | # The NS Record attribute type specifies an NS (Name Server) DNS 506 | # resource record [6] [7]. 507 | # 508 | # nSRecord ATTRIBUTE 509 | # WITH ATTRIBUTE-SYNTAX 510 | # DNSRecordSyntax 511 | # ::= {pilotAttributeType 29} 512 | # 513 | ## incorrect syntax!! 514 | attributetype ( 0.9.2342.19200300.100.1.29 NAME 'nSRecord' 515 | EQUALITY caseIgnoreIA5Match 516 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 517 | 518 | # 9.3.25. SOA Record 519 | # 520 | # The SOA Record attribute type specifies a type SOA (Start of 521 | # Authority) DNS resorce record [6] [7]. 522 | # 523 | # sOARecord ATTRIBUTE 524 | # WITH ATTRIBUTE-SYNTAX 525 | # DNSRecordSyntax 526 | # ::= {pilotAttributeType 30} 527 | # 528 | ## incorrect syntax!! 529 | attributetype ( 0.9.2342.19200300.100.1.30 NAME 'sOARecord' 530 | EQUALITY caseIgnoreIA5Match 531 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 532 | 533 | # 9.3.26. CNAME Record 534 | # 535 | # The CNAME Record attribute type specifies a type CNAME (Canonical 536 | # Name) DNS resource record [6] [7]. 537 | # 538 | # cNAMERecord ATTRIBUTE 539 | # WITH ATTRIBUTE-SYNTAX 540 | # iA5StringSyntax 541 | # ::= {pilotAttributeType 31} 542 | # 543 | ## incorrect syntax!! 544 | attributetype ( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord' 545 | EQUALITY caseIgnoreIA5Match 546 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 547 | 548 | # 9.3.27. Associated Domain 549 | # 550 | # The Associated Domain attribute type specifies a DNS or NRS domain 551 | # which is associated with an object in the DIT. For example, the entry 552 | # in the DIT with a distinguished name "C=GB, O=University College 553 | # London" would have an associated domain of "UCL.AC.UK. Note that all 554 | # domains should be represented in rfc822 order. See [3] for more 555 | # details of usage of this attribute. 556 | # 557 | # associatedDomain ATTRIBUTE 558 | # WITH ATTRIBUTE-SYNTAX 559 | # caseIgnoreIA5StringSyntax 560 | # ::= {pilotAttributeType 37} 561 | # 562 | #attributetype ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain' 563 | # EQUALITY caseIgnoreIA5Match 564 | # SUBSTR caseIgnoreIA5SubstringsMatch 565 | # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 566 | 567 | # 9.3.28. Associated Name 568 | # 569 | # The Associated Name attribute type specifies an entry in the 570 | # organisational DIT associated with a DNS/NRS domain. See [3] for 571 | # more details of usage of this attribute. 572 | # 573 | # associatedName ATTRIBUTE 574 | # WITH ATTRIBUTE-SYNTAX 575 | # distinguishedNameSyntax 576 | # ::= {pilotAttributeType 38} 577 | # 578 | attributetype ( 0.9.2342.19200300.100.1.38 NAME 'associatedName' 579 | DESC 'RFC1274: DN of entry associated with domain' 580 | EQUALITY distinguishedNameMatch 581 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) 582 | 583 | # 9.3.29. Home postal address 584 | # 585 | # The Home postal address attribute type specifies a home postal 586 | # address for an object. This should be limited to up to 6 lines of 30 587 | # characters each. 588 | # 589 | # homePostalAddress ATTRIBUTE 590 | # WITH ATTRIBUTE-SYNTAX 591 | # postalAddress 592 | # MATCHES FOR EQUALITY 593 | # ::= {pilotAttributeType 39} 594 | # 595 | attributetype ( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress' 596 | DESC 'RFC1274: home postal address' 597 | EQUALITY caseIgnoreListMatch 598 | SUBSTR caseIgnoreListSubstringsMatch 599 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) 600 | 601 | # 9.3.30. Personal Title 602 | # 603 | # The Personal Title attribute type specifies a personal title for a 604 | # person. Examples of personal titles are "Ms", "Dr", "Prof" and "Rev". 605 | # 606 | # personalTitle ATTRIBUTE 607 | # WITH ATTRIBUTE-SYNTAX 608 | # caseIgnoreStringSyntax 609 | # (SIZE (1 .. ub-personal-title)) 610 | # ::= {pilotAttributeType 40} 611 | # 612 | attributetype ( 0.9.2342.19200300.100.1.40 NAME 'personalTitle' 613 | DESC 'RFC1274: personal title' 614 | EQUALITY caseIgnoreMatch 615 | SUBSTR caseIgnoreSubstringsMatch 616 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) 617 | 618 | # 9.3.31. Mobile Telephone Number 619 | # 620 | # The Mobile Telephone Number attribute type specifies a mobile 621 | # telephone number associated with a person. Attribute values should 622 | # follow the agreed format for international telephone numbers: i.e., 623 | # "+44 71 123 4567". 624 | # 625 | # mobileTelephoneNumber ATTRIBUTE 626 | # WITH ATTRIBUTE-SYNTAX 627 | # telephoneNumberSyntax 628 | # ::= {pilotAttributeType 41} 629 | # 630 | attributetype ( 0.9.2342.19200300.100.1.41 631 | NAME ( 'mobile' 'mobileTelephoneNumber' ) 632 | DESC 'RFC1274: mobile telephone number' 633 | EQUALITY telephoneNumberMatch 634 | SUBSTR telephoneNumberSubstringsMatch 635 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ) 636 | 637 | # 9.3.32. Pager Telephone Number 638 | # 639 | # The Pager Telephone Number attribute type specifies a pager telephone 640 | # number for an object. Attribute values should follow the agreed 641 | # format for international telephone numbers: i.e., "+44 71 123 4567". 642 | # 643 | # pagerTelephoneNumber ATTRIBUTE 644 | # WITH ATTRIBUTE-SYNTAX 645 | # telephoneNumberSyntax 646 | # ::= {pilotAttributeType 42} 647 | # 648 | attributetype ( 0.9.2342.19200300.100.1.42 649 | NAME ( 'pager' 'pagerTelephoneNumber' ) 650 | DESC 'RFC1274: pager telephone number' 651 | EQUALITY telephoneNumberMatch 652 | SUBSTR telephoneNumberSubstringsMatch 653 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ) 654 | 655 | # 9.3.33. Friendly Country Name 656 | # 657 | # The Friendly Country Name attribute type specifies names of countries 658 | # in human readable format. The standard attribute country name must 659 | # be one of the two-letter codes defined in ISO 3166. 660 | # 661 | # friendlyCountryName ATTRIBUTE 662 | # WITH ATTRIBUTE-SYNTAX 663 | # caseIgnoreStringSyntax 664 | # ::= {pilotAttributeType 43} 665 | # 666 | attributetype ( 0.9.2342.19200300.100.1.43 667 | NAME ( 'co' 'friendlyCountryName' ) 668 | DESC 'RFC1274: friendly country name' 669 | EQUALITY caseIgnoreMatch 670 | SUBSTR caseIgnoreSubstringsMatch 671 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 672 | 673 | # 9.3.34. Unique Identifier 674 | # 675 | # The Unique Identifier attribute type specifies a "unique identifier" 676 | # for an object represented in the Directory. The domain within which 677 | # the identifier is unique, and the exact semantics of the identifier, 678 | # are for local definition. For a person, this might be an 679 | # institution-wide payroll number. For an organisational unit, it 680 | # might be a department code. 681 | # 682 | # uniqueIdentifier ATTRIBUTE 683 | # WITH ATTRIBUTE-SYNTAX 684 | # caseIgnoreStringSyntax 685 | # (SIZE (1 .. ub-unique-identifier)) 686 | # ::= {pilotAttributeType 44} 687 | # 688 | attributetype ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier' 689 | DESC 'RFC1274: unique identifer' 690 | EQUALITY caseIgnoreMatch 691 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) 692 | 693 | # 9.3.35. Organisational Status 694 | # 695 | # The Organisational Status attribute type specifies a category by 696 | # which a person is often referred to in an organisation. Examples of 697 | # usage in academia might include undergraduate student, researcher, 698 | # lecturer, etc. 699 | # 700 | # A Directory administrator should probably consider carefully the 701 | # distinctions between this and the title and userClass attributes. 702 | # 703 | # organizationalStatus ATTRIBUTE 704 | # WITH ATTRIBUTE-SYNTAX 705 | # caseIgnoreStringSyntax 706 | # (SIZE (1 .. ub-organizational-status)) 707 | # ::= {pilotAttributeType 45} 708 | # 709 | attributetype ( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus' 710 | DESC 'RFC1274: organizational status' 711 | EQUALITY caseIgnoreMatch 712 | SUBSTR caseIgnoreSubstringsMatch 713 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) 714 | 715 | # 9.3.36. Janet Mailbox 716 | # 717 | # The Janet Mailbox attribute type specifies an electronic mailbox 718 | # attribute following the syntax specified in the Grey Book of the 719 | # Coloured Book series. This attribute is intended for the convenience 720 | # of U.K users unfamiliar with rfc822 and little-endian mail addresses. 721 | # Entries using this attribute MUST also include an rfc822Mailbox 722 | # attribute. 723 | # 724 | # janetMailbox ATTRIBUTE 725 | # WITH ATTRIBUTE-SYNTAX 726 | # caseIgnoreIA5StringSyntax 727 | # (SIZE (1 .. ub-janet-mailbox)) 728 | # ::= {pilotAttributeType 46} 729 | # 730 | attributetype ( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox' 731 | DESC 'RFC1274: Janet mailbox' 732 | EQUALITY caseIgnoreIA5Match 733 | SUBSTR caseIgnoreIA5SubstringsMatch 734 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) 735 | 736 | # 9.3.37. Mail Preference Option 737 | # 738 | # An attribute to allow users to indicate a preference for inclusion of 739 | # their names on mailing lists (electronic or physical). The absence 740 | # of such an attribute should be interpreted as if the attribute was 741 | # present with value "no-list-inclusion". This attribute should be 742 | # interpreted by anyone using the directory to derive mailing lists, 743 | # and its value respected. 744 | # 745 | # mailPreferenceOption ATTRIBUTE 746 | # WITH ATTRIBUTE-SYNTAX ENUMERATED { 747 | # no-list-inclusion(0), 748 | # any-list-inclusion(1), -- may be added to any lists 749 | # professional-list-inclusion(2) 750 | # -- may be added to lists 751 | # -- which the list provider 752 | # -- views as related to the 753 | # -- users professional inter- 754 | # -- ests, perhaps evaluated 755 | # -- from the business of the 756 | # -- organisation or keywords 757 | # -- in the entry. 758 | # } 759 | # ::= {pilotAttributeType 47} 760 | # 761 | attributetype ( 0.9.2342.19200300.100.1.47 762 | NAME 'mailPreferenceOption' 763 | DESC 'RFC1274: mail preference option' 764 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) 765 | 766 | # 9.3.38. Building Name 767 | # 768 | # The Building Name attribute type specifies the name of the building 769 | # where an organisation or organisational unit is based. 770 | # 771 | # buildingName ATTRIBUTE 772 | # WITH ATTRIBUTE-SYNTAX 773 | # caseIgnoreStringSyntax 774 | # (SIZE (1 .. ub-building-name)) 775 | # ::= {pilotAttributeType 48} 776 | # 777 | attributetype ( 0.9.2342.19200300.100.1.48 NAME 'buildingName' 778 | DESC 'RFC1274: name of building' 779 | EQUALITY caseIgnoreMatch 780 | SUBSTR caseIgnoreSubstringsMatch 781 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) 782 | 783 | # 9.3.39. DSA Quality 784 | # 785 | # The DSA Quality attribute type specifies the purported quality of a 786 | # DSA. It allows a DSA manager to indicate the expected level of 787 | # availability of the DSA. See [8] for details of the syntax. 788 | # 789 | # dSAQuality ATTRIBUTE 790 | # WITH ATTRIBUTE-SYNTAX DSAQualitySyntax 791 | # SINGLE VALUE 792 | # ::= {pilotAttributeType 49} 793 | # 794 | attributetype ( 0.9.2342.19200300.100.1.49 NAME 'dSAQuality' 795 | DESC 'RFC1274: DSA Quality' 796 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.19 SINGLE-VALUE ) 797 | 798 | # 9.3.40. Single Level Quality 799 | # 800 | # The Single Level Quality attribute type specifies the purported data 801 | # quality at the level immediately below in the DIT. See [8] for 802 | # details of the syntax. 803 | # 804 | # singleLevelQuality ATTRIBUTE 805 | # WITH ATTRIBUTE-SYNTAX DataQualitySyntax 806 | # SINGLE VALUE 807 | # ::= {pilotAttributeType 50} 808 | # 809 | attributetype ( 0.9.2342.19200300.100.1.50 NAME 'singleLevelQuality' 810 | DESC 'RFC1274: Single Level Quality' 811 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE ) 812 | 813 | # 9.3.41. Subtree Minimum Quality 814 | # 815 | # The Subtree Minimum Quality attribute type specifies the purported 816 | # minimum data quality for a DIT subtree. See [8] for more discussion 817 | # and details of the syntax. 818 | # 819 | # subtreeMinimumQuality ATTRIBUTE 820 | # WITH ATTRIBUTE-SYNTAX DataQualitySyntax 821 | # SINGLE VALUE 822 | # -- Defaults to singleLevelQuality 823 | # ::= {pilotAttributeType 51} 824 | # 825 | attributetype ( 0.9.2342.19200300.100.1.51 NAME 'subtreeMinimumQuality' 826 | DESC 'RFC1274: Subtree Mininum Quality' 827 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE ) 828 | 829 | # 9.3.42. Subtree Maximum Quality 830 | # 831 | # The Subtree Maximum Quality attribute type specifies the purported 832 | # maximum data quality for a DIT subtree. See [8] for more discussion 833 | # and details of the syntax. 834 | # 835 | # subtreeMaximumQuality ATTRIBUTE 836 | # WITH ATTRIBUTE-SYNTAX DataQualitySyntax 837 | # SINGLE VALUE 838 | # -- Defaults to singleLevelQuality 839 | # ::= {pilotAttributeType 52} 840 | # 841 | attributetype ( 0.9.2342.19200300.100.1.52 NAME 'subtreeMaximumQuality' 842 | DESC 'RFC1274: Subtree Maximun Quality' 843 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE ) 844 | 845 | # 9.3.43. Personal Signature 846 | # 847 | # The Personal Signature attribute type allows for a representation of 848 | # a person's signature. This should be encoded in G3 fax as explained 849 | # in recommendation T.4, with an ASN.1 wrapper to make it compatible 850 | # with an X.400 BodyPart as defined in X.420. 851 | # 852 | # IMPORT G3FacsimileBodyPart FROM { mhs-motis ipms modules 853 | # information-objects } 854 | # 855 | # personalSignature ATTRIBUTE 856 | # WITH ATTRIBUTE-SYNTAX 857 | # CHOICE { 858 | # g3-facsimile [3] G3FacsimileBodyPart 859 | # } 860 | # (SIZE (1 .. ub-personal-signature)) 861 | # ::= {pilotAttributeType 53} 862 | # 863 | attributetype ( 0.9.2342.19200300.100.1.53 NAME 'personalSignature' 864 | DESC 'RFC1274: Personal Signature (G3 fax)' 865 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.23 ) 866 | 867 | # 9.3.44. DIT Redirect 868 | # 869 | # The DIT Redirect attribute type is used to indicate that the object 870 | # described by one entry now has a newer entry in the DIT. The entry 871 | # containing the redirection attribute should be expired after a 872 | # suitable grace period. This attribute may be used when an individual 873 | # changes his/her place of work, and thus acquires a new organisational 874 | # DN. 875 | # 876 | # dITRedirect ATTRIBUTE 877 | # WITH ATTRIBUTE-SYNTAX 878 | # distinguishedNameSyntax 879 | # ::= {pilotAttributeType 54} 880 | # 881 | attributetype ( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect' 882 | DESC 'RFC1274: DIT Redirect' 883 | EQUALITY distinguishedNameMatch 884 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) 885 | 886 | # 9.3.45. Audio 887 | # 888 | # The Audio attribute type allows the storing of sounds in the 889 | # Directory. The attribute uses a u-law encoded sound file as used by 890 | # the "play" utility on a Sun 4. This is an interim format. 891 | # 892 | # audio ATTRIBUTE 893 | # WITH ATTRIBUTE-SYNTAX 894 | # Audio 895 | # (SIZE (1 .. ub-audio)) 896 | # ::= {pilotAttributeType 55} 897 | # 898 | attributetype ( 0.9.2342.19200300.100.1.55 NAME 'audio' 899 | DESC 'RFC1274: audio (u-law)' 900 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.4{25000} ) 901 | 902 | # 9.3.46. Publisher of Document 903 | # 904 | # 905 | # The Publisher of Document attribute is the person and/or organization 906 | # that published a document. 907 | # 908 | # documentPublisher ATTRIBUTE 909 | # WITH ATTRIBUTE SYNTAX caseIgnoreStringSyntax 910 | # ::= {pilotAttributeType 56} 911 | # 912 | attributetype ( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher' 913 | DESC 'RFC1274: publisher of document' 914 | EQUALITY caseIgnoreMatch 915 | SUBSTR caseIgnoreSubstringsMatch 916 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 917 | 918 | # 9.4. Generally useful syntaxes 919 | # 920 | # caseIgnoreIA5StringSyntax ATTRIBUTE-SYNTAX 921 | # IA5String 922 | # MATCHES FOR EQUALITY SUBSTRINGS 923 | # 924 | # iA5StringSyntax ATTRIBUTE-SYNTAX 925 | # IA5String 926 | # MATCHES FOR EQUALITY SUBSTRINGS 927 | # 928 | # 929 | # -- Syntaxes to support the DNS attributes 930 | # 931 | # DNSRecordSyntax ATTRIBUTE-SYNTAX 932 | # IA5String 933 | # MATCHES FOR EQUALITY 934 | # 935 | # 936 | # NRSInformationSyntax ATTRIBUTE-SYNTAX 937 | # NRSInformation 938 | # MATCHES FOR EQUALITY 939 | # 940 | # 941 | # NRSInformation ::= SET { 942 | # [0] Context, 943 | # [1] Address-space-id, 944 | # routes [2] SEQUENCE OF SEQUENCE { 945 | # Route-cost, 946 | # Addressing-info } 947 | # } 948 | # 949 | # 950 | # 9.5. Upper bounds on length of attribute values 951 | # 952 | # 953 | # ub-document-identifier INTEGER ::= 256 954 | # 955 | # ub-document-location INTEGER ::= 256 956 | # 957 | # ub-document-title INTEGER ::= 256 958 | # 959 | # ub-document-version INTEGER ::= 256 960 | # 961 | # ub-favourite-drink INTEGER ::= 256 962 | # 963 | # ub-host INTEGER ::= 256 964 | # 965 | # ub-information INTEGER ::= 2048 966 | # 967 | # ub-unique-identifier INTEGER ::= 256 968 | # 969 | # ub-personal-title INTEGER ::= 256 970 | # 971 | # ub-photo INTEGER ::= 250000 972 | # 973 | # ub-rfc822-mailbox INTEGER ::= 256 974 | # 975 | # ub-room-number INTEGER ::= 256 976 | # 977 | # ub-text-or-address INTEGER ::= 256 978 | # 979 | # ub-user-class INTEGER ::= 256 980 | # 981 | # ub-user-identifier INTEGER ::= 256 982 | # 983 | # ub-organizational-status INTEGER ::= 256 984 | # 985 | # ub-janet-mailbox INTEGER ::= 256 986 | # 987 | # ub-building-name INTEGER ::= 256 988 | # 989 | # ub-personal-signature ::= 50000 990 | # 991 | # ub-audio INTEGER ::= 250000 992 | # 993 | 994 | # [back to 8] 995 | # 8. Object Classes 996 | # 997 | # 8.1. X.500 standard object classes 998 | # 999 | # A number of generally useful object classes are defined in X.521, and 1000 | # these are supported. Refer to that document for descriptions of the 1001 | # suggested usage of these object classes. The ASN.1 for these object 1002 | # classes is reproduced for completeness in Appendix C. 1003 | # 1004 | # 8.2. X.400 standard object classes 1005 | # 1006 | # A number of object classes defined in X.400 are supported. Refer to 1007 | # X.402 for descriptions of the usage of these object classes. The 1008 | # ASN.1 for these object classes is reproduced for completeness in 1009 | # Appendix C. 1010 | # 1011 | # 8.3. COSINE/Internet object classes 1012 | # 1013 | # This section attempts to fuse together the object classes designed 1014 | # for use in the COSINE and Internet pilot activities. Descriptions 1015 | # are given of the suggested usage of these object classes. The ASN.1 1016 | # for these object classes is also reproduced in Appendix C. 1017 | # 1018 | # 8.3.1. Pilot Object 1019 | # 1020 | # The PilotObject object class is used as a sub-class to allow some 1021 | # common, useful attributes to be assigned to entries of all other 1022 | # object classes. 1023 | # 1024 | # pilotObject OBJECT-CLASS 1025 | # SUBCLASS OF top 1026 | # MAY CONTAIN { 1027 | # info, 1028 | # photo, 1029 | # manager, 1030 | # uniqueIdentifier, 1031 | # lastModifiedTime, 1032 | # lastModifiedBy, 1033 | # dITRedirect, 1034 | # audio} 1035 | # ::= {pilotObjectClass 3} 1036 | # 1037 | #objectclass ( 0.9.2342.19200300.100.4.3 NAME 'pilotObject' 1038 | # DESC 'RFC1274: pilot object' 1039 | # SUP top AUXILIARY 1040 | # MAY ( info $ photo $ manager $ uniqueIdentifier $ 1041 | # lastModifiedTime $ lastModifiedBy $ dITRedirect $ audio ) 1042 | # ) 1043 | 1044 | # 8.3.2. Pilot Person 1045 | # 1046 | # The PilotPerson object class is used as a sub-class of person, to 1047 | # allow the use of a number of additional attributes to be assigned to 1048 | # entries of object class person. 1049 | # 1050 | # pilotPerson OBJECT-CLASS 1051 | # SUBCLASS OF person 1052 | # MAY CONTAIN { 1053 | # userid, 1054 | # textEncodedORAddress, 1055 | # rfc822Mailbox, 1056 | # favouriteDrink, 1057 | # roomNumber, 1058 | # userClass, 1059 | # homeTelephoneNumber, 1060 | # homePostalAddress, 1061 | # secretary, 1062 | # personalTitle, 1063 | # preferredDeliveryMethod, 1064 | # businessCategory, 1065 | # janetMailbox, 1066 | # otherMailbox, 1067 | # mobileTelephoneNumber, 1068 | # pagerTelephoneNumber, 1069 | # organizationalStatus, 1070 | # mailPreferenceOption, 1071 | # personalSignature} 1072 | # ::= {pilotObjectClass 4} 1073 | # 1074 | objectclass ( 0.9.2342.19200300.100.4.4 1075 | NAME ( 'pilotPerson' 'newPilotPerson' ) 1076 | SUP person STRUCTURAL 1077 | MAY ( userid $ textEncodedORAddress $ rfc822Mailbox $ 1078 | favouriteDrink $ roomNumber $ userClass $ 1079 | homeTelephoneNumber $ homePostalAddress $ secretary $ 1080 | personalTitle $ preferredDeliveryMethod $ businessCategory $ 1081 | janetMailbox $ otherMailbox $ mobileTelephoneNumber $ 1082 | pagerTelephoneNumber $ organizationalStatus $ 1083 | mailPreferenceOption $ personalSignature ) 1084 | ) 1085 | 1086 | # 8.3.3. Account 1087 | # 1088 | # The Account object class is used to define entries representing 1089 | # computer accounts. The userid attribute should be used for naming 1090 | # entries of this object class. 1091 | # 1092 | # account OBJECT-CLASS 1093 | # SUBCLASS OF top 1094 | # MUST CONTAIN { 1095 | # userid} 1096 | # MAY CONTAIN { 1097 | # description, 1098 | # seeAlso, 1099 | # localityName, 1100 | # organizationName, 1101 | # organizationalUnitName, 1102 | # host} 1103 | # ::= {pilotObjectClass 5} 1104 | # 1105 | objectclass ( 0.9.2342.19200300.100.4.5 NAME 'account' 1106 | SUP top STRUCTURAL 1107 | MUST userid 1108 | MAY ( description $ seeAlso $ localityName $ 1109 | organizationName $ organizationalUnitName $ host ) 1110 | ) 1111 | 1112 | # 8.3.4. Document 1113 | # 1114 | # The Document object class is used to define entries which represent 1115 | # documents. 1116 | # 1117 | # document OBJECT-CLASS 1118 | # SUBCLASS OF top 1119 | # MUST CONTAIN { 1120 | # documentIdentifier} 1121 | # MAY CONTAIN { 1122 | # commonName, 1123 | # description, 1124 | # seeAlso, 1125 | # localityName, 1126 | # organizationName, 1127 | # organizationalUnitName, 1128 | # documentTitle, 1129 | # documentVersion, 1130 | # documentAuthor, 1131 | # documentLocation, 1132 | # documentPublisher} 1133 | # ::= {pilotObjectClass 6} 1134 | # 1135 | objectclass ( 0.9.2342.19200300.100.4.6 NAME 'document' 1136 | SUP top STRUCTURAL 1137 | MUST documentIdentifier 1138 | MAY ( commonName $ description $ seeAlso $ localityName $ 1139 | organizationName $ organizationalUnitName $ 1140 | documentTitle $ documentVersion $ documentAuthor $ 1141 | documentLocation $ documentPublisher ) 1142 | ) 1143 | 1144 | # 8.3.5. Room 1145 | # 1146 | # The Room object class is used to define entries representing rooms. 1147 | # The commonName attribute should be used for naming pentries of this 1148 | # object class. 1149 | # 1150 | # room OBJECT-CLASS 1151 | # SUBCLASS OF top 1152 | # MUST CONTAIN { 1153 | # commonName} 1154 | # MAY CONTAIN { 1155 | # roomNumber, 1156 | # description, 1157 | # seeAlso, 1158 | # telephoneNumber} 1159 | # ::= {pilotObjectClass 7} 1160 | # 1161 | objectclass ( 0.9.2342.19200300.100.4.7 NAME 'room' 1162 | SUP top STRUCTURAL 1163 | MUST commonName 1164 | MAY ( roomNumber $ description $ seeAlso $ telephoneNumber ) 1165 | ) 1166 | 1167 | # 8.3.6. Document Series 1168 | # 1169 | # The Document Series object class is used to define an entry which 1170 | # represents a series of documents (e.g., The Request For Comments 1171 | # papers). 1172 | # 1173 | # documentSeries OBJECT-CLASS 1174 | # SUBCLASS OF top 1175 | # MUST CONTAIN { 1176 | # commonName} 1177 | # MAY CONTAIN { 1178 | # description, 1179 | # seeAlso, 1180 | # telephoneNumber, 1181 | # localityName, 1182 | # organizationName, 1183 | # organizationalUnitName} 1184 | # ::= {pilotObjectClass 9} 1185 | # 1186 | objectclass ( 0.9.2342.19200300.100.4.9 NAME 'documentSeries' 1187 | SUP top STRUCTURAL 1188 | MUST commonName 1189 | MAY ( description $ seeAlso $ telephonenumber $ 1190 | localityName $ organizationName $ organizationalUnitName ) 1191 | ) 1192 | 1193 | # 8.3.7. Domain 1194 | # 1195 | # The Domain object class is used to define entries which represent DNS 1196 | # or NRS domains. The domainComponent attribute should be used for 1197 | # naming entries of this object class. The usage of this object class 1198 | # is described in more detail in [3]. 1199 | # 1200 | # domain OBJECT-CLASS 1201 | # SUBCLASS OF top 1202 | # MUST CONTAIN { 1203 | # domainComponent} 1204 | # MAY CONTAIN { 1205 | # associatedName, 1206 | # organizationName, 1207 | # organizationalAttributeSet} 1208 | # ::= {pilotObjectClass 13} 1209 | # 1210 | objectclass ( 0.9.2342.19200300.100.4.13 NAME 'domain' 1211 | SUP top STRUCTURAL 1212 | MUST domainComponent 1213 | MAY ( associatedName $ organizationName $ description $ 1214 | businessCategory $ seeAlso $ searchGuide $ userPassword $ 1215 | localityName $ stateOrProvinceName $ streetAddress $ 1216 | physicalDeliveryOfficeName $ postalAddress $ postalCode $ 1217 | postOfficeBox $ streetAddress $ 1218 | facsimileTelephoneNumber $ internationalISDNNumber $ 1219 | telephoneNumber $ teletexTerminalIdentifier $ telexNumber $ 1220 | preferredDeliveryMethod $ destinationIndicator $ 1221 | registeredAddress $ x121Address ) 1222 | ) 1223 | 1224 | # 8.3.8. RFC822 Local Part 1225 | # 1226 | # The RFC822 Local Part object class is used to define entries which 1227 | # represent the local part of RFC822 mail addresses. This treats this 1228 | # part of an RFC822 address as a domain. The usage of this object 1229 | # class is described in more detail in [3]. 1230 | # 1231 | # rFC822localPart OBJECT-CLASS 1232 | # SUBCLASS OF domain 1233 | # MAY CONTAIN { 1234 | # commonName, 1235 | # surname, 1236 | # description, 1237 | # seeAlso, 1238 | # telephoneNumber, 1239 | # postalAttributeSet, 1240 | # telecommunicationAttributeSet} 1241 | # ::= {pilotObjectClass 14} 1242 | # 1243 | objectclass ( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart' 1244 | SUP domain STRUCTURAL 1245 | MAY ( commonName $ surname $ description $ seeAlso $ telephoneNumber $ 1246 | physicalDeliveryOfficeName $ postalAddress $ postalCode $ 1247 | postOfficeBox $ streetAddress $ 1248 | facsimileTelephoneNumber $ internationalISDNNumber $ 1249 | telephoneNumber $ teletexTerminalIdentifier $ 1250 | telexNumber $ preferredDeliveryMethod $ destinationIndicator $ 1251 | registeredAddress $ x121Address ) 1252 | ) 1253 | 1254 | # 8.3.9. DNS Domain 1255 | # 1256 | # The DNS Domain (Domain NameServer) object class is used to define 1257 | # entries for DNS domains. The usage of this object class is described 1258 | # in more detail in [3]. 1259 | # 1260 | # dNSDomain OBJECT-CLASS 1261 | # SUBCLASS OF domain 1262 | # MAY CONTAIN { 1263 | # ARecord, 1264 | # MDRecord, 1265 | # MXRecord, 1266 | # NSRecord, 1267 | # SOARecord, 1268 | # CNAMERecord} 1269 | # ::= {pilotObjectClass 15} 1270 | # 1271 | objectclass ( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain' 1272 | SUP domain STRUCTURAL 1273 | MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $ 1274 | SOARecord $ CNAMERecord ) 1275 | ) 1276 | 1277 | # 8.3.10. Domain Related Object 1278 | # 1279 | # The Domain Related Object object class is used to define entries 1280 | # which represent DNS/NRS domains which are "equivalent" to an X.500 1281 | # domain: e.g., an organisation or organisational unit. The usage of 1282 | # this object class is described in more detail in [3]. 1283 | # 1284 | # domainRelatedObject OBJECT-CLASS 1285 | # SUBCLASS OF top 1286 | # MUST CONTAIN { 1287 | # associatedDomain} 1288 | # ::= {pilotObjectClass 17} 1289 | # 1290 | objectclass ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject' 1291 | DESC 'RFC1274: an object related to an domain' 1292 | SUP top AUXILIARY 1293 | MUST associatedDomain ) 1294 | 1295 | # 8.3.11. Friendly Country 1296 | # 1297 | # The Friendly Country object class is used to define country entries 1298 | # in the DIT. The object class is used to allow friendlier naming of 1299 | # countries than that allowed by the object class country. The naming 1300 | # attribute of object class country, countryName, has to be a 2 letter 1301 | # string defined in ISO 3166. 1302 | # 1303 | # friendlyCountry OBJECT-CLASS 1304 | # SUBCLASS OF country 1305 | # MUST CONTAIN { 1306 | # friendlyCountryName} 1307 | # ::= {pilotObjectClass 18} 1308 | # 1309 | objectclass ( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry' 1310 | SUP country STRUCTURAL 1311 | MUST friendlyCountryName ) 1312 | 1313 | # 8.3.12. Simple Security Object 1314 | # 1315 | # The Simple Security Object object class is used to allow an entry to 1316 | # have a userPassword attribute when an entry's principal object 1317 | # classes do not allow userPassword as an attribute type. 1318 | # 1319 | # simpleSecurityObject OBJECT-CLASS 1320 | # SUBCLASS OF top 1321 | # MUST CONTAIN { 1322 | # userPassword } 1323 | # ::= {pilotObjectClass 19} 1324 | # 1325 | ## (in core.schema) 1326 | ## objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject' 1327 | ## SUP top AUXILIARY 1328 | ## MUST userPassword ) 1329 | 1330 | # 8.3.13. Pilot Organization 1331 | # 1332 | # The PilotOrganization object class is used as a sub-class of 1333 | # organization and organizationalUnit to allow a number of additional 1334 | # attributes to be assigned to entries of object classes organization 1335 | # and organizationalUnit. 1336 | # 1337 | # pilotOrganization OBJECT-CLASS 1338 | # SUBCLASS OF organization, organizationalUnit 1339 | # MAY CONTAIN { 1340 | # buildingName} 1341 | # ::= {pilotObjectClass 20} 1342 | # 1343 | objectclass ( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization' 1344 | SUP ( organization $ organizationalUnit ) STRUCTURAL 1345 | MAY buildingName ) 1346 | 1347 | # 8.3.14. Pilot DSA 1348 | # 1349 | # The PilotDSA object class is used as a sub-class of the dsa object 1350 | # class to allow additional attributes to be assigned to entries for 1351 | # DSAs. 1352 | # 1353 | # pilotDSA OBJECT-CLASS 1354 | # SUBCLASS OF dsa 1355 | # MUST CONTAIN { 1356 | # dSAQuality} 1357 | # ::= {pilotObjectClass 21} 1358 | # 1359 | objectclass ( 0.9.2342.19200300.100.4.21 NAME 'pilotDSA' 1360 | SUP dsa STRUCTURAL 1361 | MAY dSAQuality ) 1362 | 1363 | # 8.3.15. Quality Labelled Data 1364 | # 1365 | # The Quality Labelled Data object class is used to allow the 1366 | # assignment of the data quality attributes to subtrees in the DIT. 1367 | # 1368 | # See [8] for more details. 1369 | # 1370 | # qualityLabelledData OBJECT-CLASS 1371 | # SUBCLASS OF top 1372 | # MUST CONTAIN { 1373 | # dSAQuality} 1374 | # MAY CONTAIN { 1375 | # subtreeMinimumQuality, 1376 | # subtreeMaximumQuality} 1377 | # ::= {pilotObjectClass 22} 1378 | objectclass ( 0.9.2342.19200300.100.4.22 NAME 'qualityLabelledData' 1379 | SUP top AUXILIARY 1380 | MUST dsaQuality 1381 | MAY ( subtreeMinimumQuality $ subtreeMaximumQuality ) 1382 | ) 1383 | 1384 | 1385 | # References 1386 | # 1387 | # [1] CCITT/ISO, "X.500, The Directory - overview of concepts, 1388 | # models and services, CCITT /ISO IS 9594. 1389 | # 1390 | # [2] Kille, S., "The THORN and RARE X.500 Naming Architecture, in 1391 | # University College London, Department of Computer Science 1392 | # Research Note 89/48, May 1989. 1393 | # 1394 | # [3] Kille, S., "X.500 and Domains", RFC 1279, University College 1395 | # London, November 1991. 1396 | # 1397 | # [4] Rose, M., "PSI/NYSERNet White Pages Pilot Project: Status 1398 | # Report", Technical Report 90-09-10-1, published by NYSERNet 1399 | # Inc, 1990. 1400 | # 1401 | # [5] Craigie, J., "UK Academic Community Directory Service Pilot 1402 | # Project, pp. 305-310 in Computer Networks and ISDN Systems 1403 | # 17 (1989), published by North Holland. 1404 | # 1405 | # [6] Mockapetris, P., "Domain Names - Concepts and Facilities", 1406 | # RFC 1034, USC/Information Sciences Institute, November 1987. 1407 | # 1408 | # [7] Mockapetris, P., "Domain Names - Implementation and 1409 | # Specification, RFC 1035, USC/Information Sciences Institute, 1410 | # November 1987. 1411 | # 1412 | # [8] Kille, S., "Handling QOS (Quality of service) in the 1413 | # Directory," publication in process, March 1991. 1414 | # 1415 | # 1416 | # APPENDIX C - Summary of all Object Classes and Attribute Types 1417 | # 1418 | # -- Some Important Object Identifiers 1419 | # 1420 | # data OBJECT IDENTIFIER ::= {ccitt 9} 1421 | # pss OBJECT IDENTIFIER ::= {data 2342} 1422 | # ucl OBJECT IDENTIFIER ::= {pss 19200300} 1423 | # pilot OBJECT IDENTIFIER ::= {ucl 100} 1424 | # 1425 | # pilotAttributeType OBJECT IDENTIFIER ::= {pilot 1} 1426 | # pilotAttributeSyntax OBJECT IDENTIFIER ::= {pilot 3} 1427 | # pilotObjectClass OBJECT IDENTIFIER ::= {pilot 4} 1428 | # pilotGroups OBJECT IDENTIFIER ::= {pilot 10} 1429 | # 1430 | # iA5StringSyntax OBJECT IDENTIFIER ::= {pilotAttributeSyntax 4} 1431 | # caseIgnoreIA5StringSyntax OBJECT IDENTIFIER ::= 1432 | # {pilotAttributeSyntax 5} 1433 | # 1434 | # -- Standard Object Classes 1435 | # 1436 | # top OBJECT-CLASS 1437 | # MUST CONTAIN { 1438 | # objectClass} 1439 | # ::= {objectClass 0} 1440 | # 1441 | # 1442 | # alias OBJECT-CLASS 1443 | # SUBCLASS OF top 1444 | # MUST CONTAIN { 1445 | # aliasedObjectName} 1446 | # ::= {objectClass 1} 1447 | # 1448 | # 1449 | # country OBJECT-CLASS 1450 | # SUBCLASS OF top 1451 | # MUST CONTAIN { 1452 | # countryName} 1453 | # MAY CONTAIN { 1454 | # description, 1455 | # searchGuide} 1456 | # ::= {objectClass 2} 1457 | # 1458 | # 1459 | # locality OBJECT-CLASS 1460 | # SUBCLASS OF top 1461 | # MAY CONTAIN { 1462 | # description, 1463 | # localityName, 1464 | # stateOrProvinceName, 1465 | # searchGuide, 1466 | # seeAlso, 1467 | # streetAddress} 1468 | # ::= {objectClass 3} 1469 | # 1470 | # 1471 | # organization OBJECT-CLASS 1472 | # SUBCLASS OF top 1473 | # MUST CONTAIN { 1474 | # organizationName} 1475 | # MAY CONTAIN { 1476 | # organizationalAttributeSet} 1477 | # ::= {objectClass 4} 1478 | # 1479 | # 1480 | # organizationalUnit OBJECT-CLASS 1481 | # SUBCLASS OF top 1482 | # MUST CONTAIN { 1483 | # organizationalUnitName} 1484 | # MAY CONTAIN { 1485 | # organizationalAttributeSet} 1486 | # ::= {objectClass 5} 1487 | # 1488 | # 1489 | # person OBJECT-CLASS 1490 | # SUBCLASS OF top 1491 | # MUST CONTAIN { 1492 | # commonName, 1493 | # surname} 1494 | # MAY CONTAIN { 1495 | # description, 1496 | # seeAlso, 1497 | # telephoneNumber, 1498 | # userPassword} 1499 | # ::= {objectClass 6} 1500 | # 1501 | # 1502 | # organizationalPerson OBJECT-CLASS 1503 | # SUBCLASS OF person 1504 | # MAY CONTAIN { 1505 | # localeAttributeSet, 1506 | # organizationalUnitName, 1507 | # postalAttributeSet, 1508 | # telecommunicationAttributeSet, 1509 | # title} 1510 | # ::= {objectClass 7} 1511 | # 1512 | # 1513 | # organizationalRole OBJECT-CLASS 1514 | # SUBCLASS OF top 1515 | # MUST CONTAIN { 1516 | # commonName} 1517 | # MAY CONTAIN { 1518 | # description, 1519 | # localeAttributeSet, 1520 | # organizationalUnitName, 1521 | # postalAttributeSet, 1522 | # preferredDeliveryMethod, 1523 | # roleOccupant, 1524 | # seeAlso, 1525 | # telecommunicationAttributeSet} 1526 | # ::= {objectClass 8} 1527 | # 1528 | # 1529 | # groupOfNames OBJECT-CLASS 1530 | # SUBCLASS OF top 1531 | # MUST CONTAIN { 1532 | # commonName, 1533 | # member} 1534 | # MAY CONTAIN { 1535 | # description, 1536 | # organizationName, 1537 | # organizationalUnitName, 1538 | # owner, 1539 | # seeAlso, 1540 | # businessCategory} 1541 | # ::= {objectClass 9} 1542 | # 1543 | # 1544 | # residentialPerson OBJECT-CLASS 1545 | # SUBCLASS OF person 1546 | # MUST CONTAIN { 1547 | # localityName} 1548 | # MAY CONTAIN { 1549 | # localeAttributeSet, 1550 | # postalAttributeSet, 1551 | # preferredDeliveryMethod, 1552 | # telecommunicationAttributeSet, 1553 | # businessCategory} 1554 | # ::= {objectClass 10} 1555 | # 1556 | # 1557 | # applicationProcess OBJECT-CLASS 1558 | # SUBCLASS OF top 1559 | # MUST CONTAIN { 1560 | # commonName} 1561 | # MAY CONTAIN { 1562 | # description, 1563 | # localityName, 1564 | # organizationalUnitName, 1565 | # seeAlso} 1566 | # ::= {objectClass 11} 1567 | # 1568 | # 1569 | # applicationEntity OBJECT-CLASS 1570 | # SUBCLASS OF top 1571 | # MUST CONTAIN { 1572 | # commonName, 1573 | # presentationAddress} 1574 | # MAY CONTAIN { 1575 | # description, 1576 | # localityName, 1577 | # organizationName, 1578 | # organizationalUnitName, 1579 | # seeAlso, 1580 | # supportedApplicationContext} 1581 | # ::= {objectClass 12} 1582 | # 1583 | # 1584 | # dSA OBJECT-CLASS 1585 | # SUBCLASS OF applicationEntity 1586 | # MAY CONTAIN { 1587 | # knowledgeInformation} 1588 | # ::= {objectClass 13} 1589 | # 1590 | # 1591 | # device OBJECT-CLASS 1592 | # SUBCLASS OF top 1593 | # MUST CONTAIN { 1594 | # commonName} 1595 | # MAY CONTAIN { 1596 | # description, 1597 | # localityName, 1598 | # organizationName, 1599 | # organizationalUnitName, 1600 | # owner, 1601 | # seeAlso, 1602 | # serialNumber} 1603 | # ::= {objectClass 14} 1604 | # 1605 | # 1606 | # strongAuthenticationUser OBJECT-CLASS 1607 | # SUBCLASS OF top 1608 | # MUST CONTAIN { 1609 | # userCertificate} 1610 | # ::= {objectClass 15} 1611 | # 1612 | # 1613 | # certificationAuthority OBJECT-CLASS 1614 | # SUBCLASS OF top 1615 | # MUST CONTAIN { 1616 | # cACertificate, 1617 | # certificateRevocationList, 1618 | # authorityRevocationList} 1619 | # MAY CONTAIN { 1620 | # crossCertificatePair} 1621 | # ::= {objectClass 16} 1622 | # 1623 | # -- Standard MHS Object Classes 1624 | # 1625 | # mhsDistributionList OBJECT-CLASS 1626 | # SUBCLASS OF top 1627 | # MUST CONTAIN { 1628 | # commonName, 1629 | # mhsDLSubmitPermissions, 1630 | # mhsORAddresses} 1631 | # MAY CONTAIN { 1632 | # description, 1633 | # organizationName, 1634 | # organizationalUnitName, 1635 | # owner, 1636 | # seeAlso, 1637 | # mhsDeliverableContentTypes, 1638 | # mhsdeliverableEits, 1639 | # mhsDLMembers, 1640 | # mhsPreferredDeliveryMethods} 1641 | # ::= {mhsObjectClass 0} 1642 | # 1643 | # 1644 | # mhsMessageStore OBJECT-CLASS 1645 | # SUBCLASS OF applicationEntity 1646 | # MAY CONTAIN { 1647 | # description, 1648 | # owner, 1649 | # mhsSupportedOptionalAttributes, 1650 | # mhsSupportedAutomaticActions, 1651 | # mhsSupportedContentTypes} 1652 | # ::= {mhsObjectClass 1} 1653 | # 1654 | # 1655 | # mhsMessageTransferAgent OBJECT-CLASS 1656 | # SUBCLASS OF applicationEntity 1657 | # MAY CONTAIN { 1658 | # description, 1659 | # owner, 1660 | # mhsDeliverableContentLength} 1661 | # ::= {mhsObjectClass 2} 1662 | # 1663 | # 1664 | # mhsOrganizationalUser OBJECT-CLASS 1665 | # SUBCLASS OF organizationalPerson 1666 | # MUST CONTAIN { 1667 | # mhsORAddresses} 1668 | # MAY CONTAIN { 1669 | # mhsDeliverableContentLength, 1670 | # mhsDeliverableContentTypes, 1671 | # mhsDeliverableEits, 1672 | # mhsMessageStoreName, 1673 | # mhsPreferredDeliveryMethods } 1674 | # ::= {mhsObjectClass 3} 1675 | # 1676 | # 1677 | # mhsResidentialUser OBJECT-CLASS 1678 | # SUBCLASS OF residentialPerson 1679 | # MUST CONTAIN { 1680 | # mhsORAddresses} 1681 | # MAY CONTAIN { 1682 | # mhsDeliverableContentLength, 1683 | # mhsDeliverableContentTypes, 1684 | # mhsDeliverableEits, 1685 | # mhsMessageStoreName, 1686 | # mhsPreferredDeliveryMethods } 1687 | # ::= {mhsObjectClass 4} 1688 | # 1689 | # 1690 | # mhsUserAgent OBJECT-CLASS 1691 | # SUBCLASS OF applicationEntity 1692 | # MAY CONTAIN { 1693 | # mhsDeliverableContentLength, 1694 | # mhsDeliverableContentTypes, 1695 | # mhsDeliverableEits, 1696 | # mhsORAddresses, 1697 | # owner} 1698 | # ::= {mhsObjectClass 5} 1699 | # 1700 | # 1701 | # 1702 | # 1703 | # -- Pilot Object Classes 1704 | # 1705 | # pilotObject OBJECT-CLASS 1706 | # SUBCLASS OF top 1707 | # MAY CONTAIN { 1708 | # info, 1709 | # photo, 1710 | # manager, 1711 | # uniqueIdentifier, 1712 | # lastModifiedTime, 1713 | # lastModifiedBy, 1714 | # dITRedirect, 1715 | # audio} 1716 | # ::= {pilotObjectClass 3} 1717 | # pilotPerson OBJECT-CLASS 1718 | # SUBCLASS OF person 1719 | # MAY CONTAIN { 1720 | # userid, 1721 | # textEncodedORAddress, 1722 | # rfc822Mailbox, 1723 | # favouriteDrink, 1724 | # roomNumber, 1725 | # userClass, 1726 | # homeTelephoneNumber, 1727 | # homePostalAddress, 1728 | # secretary, 1729 | # personalTitle, 1730 | # preferredDeliveryMethod, 1731 | # businessCategory, 1732 | # janetMailbox, 1733 | # otherMailbox, 1734 | # mobileTelephoneNumber, 1735 | # pagerTelephoneNumber, 1736 | # organizationalStatus, 1737 | # mailPreferenceOption, 1738 | # personalSignature} 1739 | # ::= {pilotObjectClass 4} 1740 | # 1741 | # 1742 | # account OBJECT-CLASS 1743 | # SUBCLASS OF top 1744 | # MUST CONTAIN { 1745 | # userid} 1746 | # MAY CONTAIN { 1747 | # description, 1748 | # seeAlso, 1749 | # localityName, 1750 | # organizationName, 1751 | # organizationalUnitName, 1752 | # host} 1753 | # ::= {pilotObjectClass 5} 1754 | # 1755 | # 1756 | # document OBJECT-CLASS 1757 | # SUBCLASS OF top 1758 | # MUST CONTAIN { 1759 | # documentIdentifier} 1760 | # MAY CONTAIN { 1761 | # commonName, 1762 | # description, 1763 | # seeAlso, 1764 | # localityName, 1765 | # organizationName, 1766 | # organizationalUnitName, 1767 | # documentTitle, 1768 | # documentVersion, 1769 | # documentAuthor, 1770 | # documentLocation, 1771 | # documentPublisher} 1772 | # ::= {pilotObjectClass 6} 1773 | # 1774 | # 1775 | # room OBJECT-CLASS 1776 | # SUBCLASS OF top 1777 | # MUST CONTAIN { 1778 | # commonName} 1779 | # MAY CONTAIN { 1780 | # roomNumber, 1781 | # description, 1782 | # seeAlso, 1783 | # telephoneNumber} 1784 | # ::= {pilotObjectClass 7} 1785 | # 1786 | # 1787 | # documentSeries OBJECT-CLASS 1788 | # SUBCLASS OF top 1789 | # MUST CONTAIN { 1790 | # commonName} 1791 | # MAY CONTAIN { 1792 | # description, 1793 | # seeAlso, 1794 | # telephoneNumber, 1795 | # localityName, 1796 | # organizationName, 1797 | # organizationalUnitName} 1798 | # ::= {pilotObjectClass 9} 1799 | # 1800 | # 1801 | # domain OBJECT-CLASS 1802 | # SUBCLASS OF top 1803 | # MUST CONTAIN { 1804 | # domainComponent} 1805 | # MAY CONTAIN { 1806 | # associatedName, 1807 | # organizationName, 1808 | # organizationalAttributeSet} 1809 | # ::= {pilotObjectClass 13} 1810 | # 1811 | # 1812 | # rFC822localPart OBJECT-CLASS 1813 | # SUBCLASS OF domain 1814 | # MAY CONTAIN { 1815 | # commonName, 1816 | # surname, 1817 | # description, 1818 | # seeAlso, 1819 | # telephoneNumber, 1820 | # postalAttributeSet, 1821 | # telecommunicationAttributeSet} 1822 | # ::= {pilotObjectClass 14} 1823 | # 1824 | # 1825 | # dNSDomain OBJECT-CLASS 1826 | # SUBCLASS OF domain 1827 | # MAY CONTAIN { 1828 | # ARecord, 1829 | # MDRecord, 1830 | # MXRecord, 1831 | # NSRecord, 1832 | # SOARecord, 1833 | # CNAMERecord} 1834 | # ::= {pilotObjectClass 15} 1835 | # 1836 | # 1837 | # domainRelatedObject OBJECT-CLASS 1838 | # SUBCLASS OF top 1839 | # MUST CONTAIN { 1840 | # associatedDomain} 1841 | # ::= {pilotObjectClass 17} 1842 | # 1843 | # 1844 | # friendlyCountry OBJECT-CLASS 1845 | # SUBCLASS OF country 1846 | # MUST CONTAIN { 1847 | # friendlyCountryName} 1848 | # ::= {pilotObjectClass 18} 1849 | # 1850 | # 1851 | # simpleSecurityObject OBJECT-CLASS 1852 | # SUBCLASS OF top 1853 | # MUST CONTAIN { 1854 | # userPassword } 1855 | # ::= {pilotObjectClass 19} 1856 | # 1857 | # 1858 | # pilotOrganization OBJECT-CLASS 1859 | # SUBCLASS OF organization, organizationalUnit 1860 | # MAY CONTAIN { 1861 | # buildingName} 1862 | # ::= {pilotObjectClass 20} 1863 | # 1864 | # 1865 | # pilotDSA OBJECT-CLASS 1866 | # SUBCLASS OF dsa 1867 | # MUST CONTAIN { 1868 | # dSAQuality} 1869 | # ::= {pilotObjectClass 21} 1870 | # 1871 | # 1872 | # qualityLabelledData OBJECT-CLASS 1873 | # SUBCLASS OF top 1874 | # MUST CONTAIN { 1875 | # dSAQuality} 1876 | # MAY CONTAIN { 1877 | # subtreeMinimumQuality, 1878 | # subtreeMaximumQuality} 1879 | # ::= {pilotObjectClass 22} 1880 | # 1881 | # 1882 | # 1883 | # 1884 | # -- Standard Attribute Types 1885 | # 1886 | # objectClass ObjectClass 1887 | # ::= {attributeType 0} 1888 | # 1889 | # 1890 | # aliasedObjectName AliasedObjectName 1891 | # ::= {attributeType 1} 1892 | # 1893 | # 1894 | # knowledgeInformation ATTRIBUTE 1895 | # WITH ATTRIBUTE-SYNTAX caseIgnoreString 1896 | # ::= {attributeType 2} 1897 | # 1898 | # 1899 | # commonName ATTRIBUTE 1900 | # WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax 1901 | # (SIZE (1..ub-common-name)) 1902 | # ::= {attributeType 3} 1903 | # 1904 | # 1905 | # surname ATTRIBUTE 1906 | # WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax 1907 | # (SIZE (1..ub-surname)) 1908 | # ::= {attributeType 4} 1909 | # 1910 | # 1911 | # serialNumber ATTRIBUTE 1912 | # WITH ATTRIBUTE-SYNTAX printableStringSyntax 1913 | # (SIZE (1..ub-serial-number)) 1914 | # ::= {attributeType 5} 1915 | # 1916 | # 1917 | # countryName ATTRIBUTE 1918 | # WITH ATTRIBUTE-SYNTAX PrintableString 1919 | # (SIZE (1..ub-country-code)) 1920 | # SINGLE VALUE 1921 | # ::= {attributeType 6} 1922 | # 1923 | # 1924 | # localityName ATTRIBUTE 1925 | # WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax 1926 | # (SIZE (1..ub-locality-name)) 1927 | # ::= {attributeType 7} 1928 | # 1929 | # 1930 | # stateOrProvinceName ATTRIBUTE 1931 | # WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax 1932 | # (SIZE (1..ub-state-name)) 1933 | # ::= {attributeType 8} 1934 | # 1935 | # 1936 | # streetAddress ATTRIBUTE 1937 | # WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax 1938 | # (SIZE (1..ub-street-address)) 1939 | # ::= {attributeType 9} 1940 | # 1941 | # 1942 | # organizationName ATTRIBUTE 1943 | # WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax 1944 | # (SIZE (1..ub-organization-name)) 1945 | # ::= {attributeType 10} 1946 | # 1947 | # 1948 | # organizationalUnitName ATTRIBUTE 1949 | # WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax 1950 | # (SIZE (1..ub-organizational-unit-name)) 1951 | # ::= {attributeType 11} 1952 | # 1953 | # 1954 | # title ATTRIBUTE 1955 | # WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax 1956 | # (SIZE (1..ub-title)) 1957 | # ::= {attributeType 12} 1958 | # 1959 | # 1960 | # description ATTRIBUTE 1961 | # WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax 1962 | # (SIZE (1..ub-description)) 1963 | # ::= {attributeType 13} 1964 | # 1965 | # 1966 | # searchGuide ATTRIBUTE 1967 | # WITH ATTRIBUTE-SYNTAX Guide 1968 | # ::= {attributeType 14} 1969 | # 1970 | # 1971 | # businessCategory ATTRIBUTE 1972 | # WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax 1973 | # (SIZE (1..ub-business-category)) 1974 | # ::= {attributeType 15} 1975 | # 1976 | # 1977 | # postalAddress ATTRIBUTE 1978 | # WITH ATTRIBUTE-SYNTAX PostalAddress 1979 | # MATCHES FOR EQUALITY 1980 | # ::= {attributeType 16} 1981 | # 1982 | # 1983 | # postalCode ATTRIBUTE 1984 | # WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax 1985 | # (SIZE (1..ub-postal-code)) 1986 | # ::= {attributeType 17} 1987 | # 1988 | # 1989 | # postOfficeBox ATTRIBUTE 1990 | # WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax 1991 | # (SIZE (1..ub-post-office-box)) 1992 | # ::= {attributeType 18} 1993 | # 1994 | # 1995 | # physicalDeliveryOfficeName ATTRIBUTE 1996 | # WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax 1997 | # (SIZE (1..ub-physical-office-name)) 1998 | # ::= {attributeType 19} 1999 | # 2000 | # 2001 | # telephoneNumber ATTRIBUTE 2002 | # WITH ATTRIBUTE-SYNTAX telephoneNumberSyntax 2003 | # (SIZE (1..ub-telephone-number)) 2004 | # ::= {attributeType 20} 2005 | # 2006 | # 2007 | # telexNumber ATTRIBUTE 2008 | # WITH ATTRIBUTE-SYNTAX TelexNumber 2009 | # (SIZE (1..ub-telex)) 2010 | # ::= {attributeType 21} 2011 | # 2012 | # 2013 | # teletexTerminalIdentifier ATTRIBUTE 2014 | # WITH ATTRIBUTE-SYNTAX TeletexTerminalIdentifier 2015 | # (SIZE (1..ub-teletex-terminal-id)) 2016 | # ::= {attributeType 22} 2017 | # 2018 | # 2019 | # facsimileTelephoneNumber ATTRIBUTE 2020 | # WITH ATTRIBUTE-SYNTAX FacsimileTelephoneNumber 2021 | # ::= {attributeType 23} 2022 | # 2023 | # 2024 | # x121Address ATTRIBUTE 2025 | # WITH ATTRIBUTE-SYNTAX NumericString 2026 | # (SIZE (1..ub-x121-address)) 2027 | # ::= {attributeType 24} 2028 | # 2029 | # 2030 | # internationaliSDNNumber ATTRIBUTE 2031 | # WITH ATTRIBUTE-SYNTAX NumericString 2032 | # (SIZE (1..ub-isdn-address)) 2033 | # ::= {attributeType 25} 2034 | # 2035 | # 2036 | # registeredAddress ATTRIBUTE 2037 | # WITH ATTRIBUTE-SYNTAX PostalAddress 2038 | # ::= {attributeType 26} 2039 | # 2040 | # 2041 | # destinationIndicator ATTRIBUTE 2042 | # WITH ATTRIBUTE-SYNTAX PrintableString 2043 | # (SIZE (1..ub-destination-indicator)) 2044 | # MATCHES FOR EQUALITY SUBSTRINGS 2045 | # ::= {attributeType 27} 2046 | # 2047 | # 2048 | # preferredDeliveryMethod ATTRIBUTE 2049 | # WITH ATTRIBUTE-SYNTAX deliveryMethod 2050 | # ::= {attributeType 28} 2051 | # 2052 | # 2053 | # presentationAddress ATTRIBUTE 2054 | # WITH ATTRIBUTE-SYNTAX PresentationAddress 2055 | # MATCHES FOR EQUALITY 2056 | # ::= {attributeType 29} 2057 | # 2058 | # 2059 | # supportedApplicationContext ATTRIBUTE 2060 | # WITH ATTRIBUTE-SYNTAX objectIdentifierSyntax 2061 | # ::= {attributeType 30} 2062 | # 2063 | # 2064 | # member ATTRIBUTE 2065 | # WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax 2066 | # ::= {attributeType 31} 2067 | # 2068 | # 2069 | # owner ATTRIBUTE 2070 | # WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax 2071 | # ::= {attributeType 32} 2072 | # 2073 | # 2074 | # roleOccupant ATTRIBUTE 2075 | # WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax 2076 | # ::= {attributeType 33} 2077 | # 2078 | # 2079 | # seeAlso ATTRIBUTE 2080 | # WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax 2081 | # ::= {attributeType 34} 2082 | # 2083 | # 2084 | # userPassword ATTRIBUTE 2085 | # WITH ATTRIBUTE-SYNTAX Userpassword 2086 | # ::= {attributeType 35} 2087 | # 2088 | # 2089 | # userCertificate ATTRIBUTE 2090 | # WITH ATTRIBUTE-SYNTAX UserCertificate 2091 | # ::= {attributeType 36} 2092 | # 2093 | # 2094 | # cACertificate ATTRIBUTE 2095 | # WITH ATTRIBUTE-SYNTAX cACertificate 2096 | # ::= {attributeType 37} 2097 | # 2098 | # 2099 | # authorityRevocationList ATTRIBUTE 2100 | # WITH ATTRIBUTE-SYNTAX AuthorityRevocationList 2101 | # ::= {attributeType 38} 2102 | # 2103 | # 2104 | # certificateRevocationList ATTRIBUTE 2105 | # WITH ATTRIBUTE-SYNTAX CertificateRevocationList 2106 | # ::= {attributeType 39} 2107 | # 2108 | # 2109 | # crossCertificatePair ATTRIBUTE 2110 | # WITH ATTRIBUTE-SYNTAX CrossCertificatePair 2111 | # ::= {attributeType 40} 2112 | # 2113 | # 2114 | # 2115 | # 2116 | # -- Standard MHS Attribute Types 2117 | # 2118 | # mhsDeliverableContentLength ATTRIBUTE 2119 | # WITH ATTRIBUTE-SYNTAX integer 2120 | # ::= {mhsAttributeType 0} 2121 | # 2122 | # 2123 | # mhsDeliverableContentTypes ATTRIBUTE 2124 | # WITH ATTRIBUTE-SYNTAX oID 2125 | # ::= {mhsAttributeType 1} 2126 | # 2127 | # 2128 | # mhsDeliverableEits ATTRIBUTE 2129 | # WITH ATTRIBUTE-SYNTAX oID 2130 | # ::= {mhsAttributeType 2} 2131 | # 2132 | # 2133 | # mhsDLMembers ATTRIBUTE 2134 | # WITH ATTRIBUTE-SYNTAX oRName 2135 | # ::= {mhsAttributeType 3} 2136 | # 2137 | # 2138 | # mhsDLSubmitPermissions ATTRIBUTE 2139 | # WITH ATTRIBUTE-SYNTAX dLSubmitPermission 2140 | # ::= {mhsAttributeType 4} 2141 | # 2142 | # 2143 | # mhsMessageStoreName ATTRIBUTE 2144 | # WITH ATTRIBUTE-SYNTAX dN 2145 | # ::= {mhsAttributeType 5} 2146 | # 2147 | # 2148 | # mhsORAddresses ATTRIBUTE 2149 | # WITH ATTRIBUTE-SYNTAX oRAddress 2150 | # ::= {mhsAttributeType 6} 2151 | # 2152 | # 2153 | # mhsPreferredDeliveryMethods ATTRIBUTE 2154 | # WITH ATTRIBUTE-SYNTAX deliveryMethod 2155 | # ::= {mhsAttributeType 7} 2156 | # 2157 | # 2158 | # mhsSupportedAutomaticActions ATTRIBUTE 2159 | # WITH ATTRIBUTE-SYNTAX oID 2160 | # ::= {mhsAttributeType 8} 2161 | # 2162 | # 2163 | # mhsSupportedContentTypes ATTRIBUTE 2164 | # 2165 | # WITH ATTRIBUTE-SYNTAX oID 2166 | # ::= {mhsAttributeType 9} 2167 | # 2168 | # 2169 | # mhsSupportedOptionalAttributes ATTRIBUTE 2170 | # WITH ATTRIBUTE-SYNTAX oID 2171 | # ::= {mhsAttributeType 10} 2172 | # 2173 | # 2174 | # 2175 | # 2176 | # -- Pilot Attribute Types 2177 | # 2178 | # userid ATTRIBUTE 2179 | # WITH ATTRIBUTE-SYNTAX 2180 | # caseIgnoreStringSyntax 2181 | # (SIZE (1 .. ub-user-identifier)) 2182 | # ::= {pilotAttributeType 1} 2183 | # 2184 | # 2185 | # textEncodedORAddress ATTRIBUTE 2186 | # WITH ATTRIBUTE-SYNTAX 2187 | # caseIgnoreStringSyntax 2188 | # (SIZE (1 .. ub-text-encoded-or-address)) 2189 | # ::= {pilotAttributeType 2} 2190 | # 2191 | # 2192 | # rfc822Mailbox ATTRIBUTE 2193 | # WITH ATTRIBUTE-SYNTAX 2194 | # caseIgnoreIA5StringSyntax 2195 | # (SIZE (1 .. ub-rfc822-mailbox)) 2196 | # ::= {pilotAttributeType 3} 2197 | # 2198 | # 2199 | # info ATTRIBUTE 2200 | # WITH ATTRIBUTE-SYNTAX 2201 | # caseIgnoreStringSyntax 2202 | # (SIZE (1 .. ub-information)) 2203 | # ::= {pilotAttributeType 4} 2204 | # 2205 | # 2206 | # favouriteDrink ATTRIBUTE 2207 | # WITH ATTRIBUTE-SYNTAX 2208 | # caseIgnoreStringSyntax 2209 | # (SIZE (1 .. ub-favourite-drink)) 2210 | # ::= {pilotAttributeType 5} 2211 | # 2212 | # 2213 | # roomNumber ATTRIBUTE 2214 | # WITH ATTRIBUTE-SYNTAX 2215 | # caseIgnoreStringSyntax 2216 | # (SIZE (1 .. ub-room-number)) 2217 | # ::= {pilotAttributeType 6} 2218 | # 2219 | # 2220 | # photo ATTRIBUTE 2221 | # WITH ATTRIBUTE-SYNTAX 2222 | # CHOICE { 2223 | # g3-facsimile [3] G3FacsimileBodyPart 2224 | # } 2225 | # (SIZE (1 .. ub-photo)) 2226 | # ::= {pilotAttributeType 7} 2227 | # 2228 | # 2229 | # userClass ATTRIBUTE 2230 | # WITH ATTRIBUTE-SYNTAX 2231 | # caseIgnoreStringSyntax 2232 | # (SIZE (1 .. ub-user-class)) 2233 | # ::= {pilotAttributeType 8} 2234 | # 2235 | # 2236 | # host ATTRIBUTE 2237 | # WITH ATTRIBUTE-SYNTAX 2238 | # caseIgnoreStringSyntax 2239 | # (SIZE (1 .. ub-host)) 2240 | # ::= {pilotAttributeType 9} 2241 | # 2242 | # 2243 | # manager ATTRIBUTE 2244 | # WITH ATTRIBUTE-SYNTAX 2245 | # distinguishedNameSyntax 2246 | # ::= {pilotAttributeType 10} 2247 | # 2248 | # 2249 | # documentIdentifier ATTRIBUTE 2250 | # WITH ATTRIBUTE-SYNTAX 2251 | # caseIgnoreStringSyntax 2252 | # (SIZE (1 .. ub-document-identifier)) 2253 | # ::= {pilotAttributeType 11} 2254 | # 2255 | # 2256 | # documentTitle ATTRIBUTE 2257 | # WITH ATTRIBUTE-SYNTAX 2258 | # caseIgnoreStringSyntax 2259 | # (SIZE (1 .. ub-document-title)) 2260 | # ::= {pilotAttributeType 12} 2261 | # 2262 | # 2263 | # documentVersion ATTRIBUTE 2264 | # WITH ATTRIBUTE-SYNTAX 2265 | # caseIgnoreStringSyntax 2266 | # (SIZE (1 .. ub-document-version)) 2267 | # ::= {pilotAttributeType 13} 2268 | # 2269 | # 2270 | # documentAuthor ATTRIBUTE 2271 | # WITH ATTRIBUTE-SYNTAX 2272 | # distinguishedNameSyntax 2273 | # ::= {pilotAttributeType 14} 2274 | # 2275 | # 2276 | # documentLocation ATTRIBUTE 2277 | # WITH ATTRIBUTE-SYNTAX 2278 | # caseIgnoreStringSyntax 2279 | # (SIZE (1 .. ub-document-location)) 2280 | # ::= {pilotAttributeType 15} 2281 | # 2282 | # 2283 | # homeTelephoneNumber ATTRIBUTE 2284 | # WITH ATTRIBUTE-SYNTAX 2285 | # telephoneNumberSyntax 2286 | # ::= {pilotAttributeType 20} 2287 | # 2288 | # 2289 | # secretary ATTRIBUTE 2290 | # WITH ATTRIBUTE-SYNTAX 2291 | # distinguishedNameSyntax 2292 | # ::= {pilotAttributeType 21} 2293 | # 2294 | # 2295 | # otherMailbox ATTRIBUTE 2296 | # WITH ATTRIBUTE-SYNTAX 2297 | # SEQUENCE { 2298 | # mailboxType PrintableString, -- e.g. Telemail 2299 | # mailbox IA5String -- e.g. X378:Joe 2300 | # } 2301 | # ::= {pilotAttributeType 22} 2302 | # 2303 | # 2304 | # lastModifiedTime ATTRIBUTE 2305 | # WITH ATTRIBUTE-SYNTAX 2306 | # uTCTimeSyntax 2307 | # ::= {pilotAttributeType 23} 2308 | # 2309 | # 2310 | # lastModifiedBy ATTRIBUTE 2311 | # WITH ATTRIBUTE-SYNTAX 2312 | # distinguishedNameSyntax 2313 | # ::= {pilotAttributeType 24} 2314 | # 2315 | # 2316 | # domainComponent ATTRIBUTE 2317 | # WITH ATTRIBUTE-SYNTAX 2318 | # caseIgnoreIA5StringSyntax 2319 | # SINGLE VALUE 2320 | # ::= {pilotAttributeType 25} 2321 | # 2322 | # 2323 | # aRecord ATTRIBUTE 2324 | # WITH ATTRIBUTE-SYNTAX 2325 | # DNSRecordSyntax 2326 | # ::= {pilotAttributeType 26} 2327 | # 2328 | # 2329 | # mXRecord ATTRIBUTE 2330 | # WITH ATTRIBUTE-SYNTAX 2331 | # DNSRecordSyntax 2332 | # ::= {pilotAttributeType 28} 2333 | # 2334 | # 2335 | # nSRecord ATTRIBUTE 2336 | # WITH ATTRIBUTE-SYNTAX 2337 | # DNSRecordSyntax 2338 | # ::= {pilotAttributeType 29} 2339 | # 2340 | # sOARecord ATTRIBUTE 2341 | # WITH ATTRIBUTE-SYNTAX 2342 | # DNSRecordSyntax 2343 | # ::= {pilotAttributeType 30} 2344 | # 2345 | # 2346 | # cNAMERecord ATTRIBUTE 2347 | # WITH ATTRIBUTE-SYNTAX 2348 | # iA5StringSyntax 2349 | # ::= {pilotAttributeType 31} 2350 | # 2351 | # 2352 | # associatedDomain ATTRIBUTE 2353 | # WITH ATTRIBUTE-SYNTAX 2354 | # caseIgnoreIA5StringSyntax 2355 | # ::= {pilotAttributeType 37} 2356 | # 2357 | # 2358 | # associatedName ATTRIBUTE 2359 | # WITH ATTRIBUTE-SYNTAX 2360 | # distinguishedNameSyntax 2361 | # ::= {pilotAttributeType 38} 2362 | # 2363 | # 2364 | # homePostalAddress ATTRIBUTE 2365 | # WITH ATTRIBUTE-SYNTAX 2366 | # postalAddress 2367 | # MATCHES FOR EQUALITY 2368 | # ::= {pilotAttributeType 39} 2369 | # 2370 | # 2371 | # personalTitle ATTRIBUTE 2372 | # WITH ATTRIBUTE-SYNTAX 2373 | # caseIgnoreStringSyntax 2374 | # (SIZE (1 .. ub-personal-title)) 2375 | # ::= {pilotAttributeType 40} 2376 | # 2377 | # 2378 | # mobileTelephoneNumber ATTRIBUTE 2379 | # WITH ATTRIBUTE-SYNTAX 2380 | # telephoneNumberSyntax 2381 | # ::= {pilotAttributeType 41} 2382 | # 2383 | # 2384 | # pagerTelephoneNumber ATTRIBUTE 2385 | # WITH ATTRIBUTE-SYNTAX 2386 | # telephoneNumberSyntax 2387 | # ::= {pilotAttributeType 42} 2388 | # 2389 | # 2390 | # friendlyCountryName ATTRIBUTE 2391 | # WITH ATTRIBUTE-SYNTAX 2392 | # caseIgnoreStringSyntax 2393 | # ::= {pilotAttributeType 43} 2394 | # 2395 | # 2396 | # uniqueIdentifier ATTRIBUTE 2397 | # WITH ATTRIBUTE-SYNTAX 2398 | # caseIgnoreStringSyntax 2399 | # (SIZE (1 .. ub-unique-identifier)) 2400 | # ::= {pilotAttributeType 44} 2401 | # 2402 | # 2403 | # organizationalStatus ATTRIBUTE 2404 | # WITH ATTRIBUTE-SYNTAX 2405 | # caseIgnoreStringSyntax 2406 | # (SIZE (1 .. ub-organizational-status)) 2407 | # ::= {pilotAttributeType 45} 2408 | # 2409 | # 2410 | # janetMailbox ATTRIBUTE 2411 | # WITH ATTRIBUTE-SYNTAX 2412 | # caseIgnoreIA5StringSyntax 2413 | # (SIZE (1 .. ub-janet-mailbox)) 2414 | # ::= {pilotAttributeType 46} 2415 | # 2416 | # 2417 | # mailPreferenceOption ATTRIBUTE 2418 | # WITH ATTRIBUTE-SYNTAX ENUMERATED { 2419 | # no-list-inclusion(0), 2420 | # any-list-inclusion(1), -- may be added to any lists 2421 | # professional-list-inclusion(2) 2422 | # -- may be added to lists 2423 | # -- which the list provider 2424 | # -- views as related to the 2425 | # -- users professional inter- 2426 | # -- ests, perhaps evaluated 2427 | # -- from the business of the 2428 | # -- organisation or keywords 2429 | # -- in the entry. 2430 | # } 2431 | # ::= {pilotAttributeType 47} 2432 | # 2433 | # 2434 | # buildingName ATTRIBUTE 2435 | # WITH ATTRIBUTE-SYNTAX 2436 | # caseIgnoreStringSyntax 2437 | # (SIZE (1 .. ub-building-name)) 2438 | # ::= {pilotAttributeType 48} 2439 | # 2440 | # 2441 | # dSAQuality ATTRIBUTE 2442 | # WITH ATTRIBUTE-SYNTAX DSAQualitySyntax 2443 | # SINGLE VALUE 2444 | # ::= {pilotAttributeType 49} 2445 | # 2446 | # 2447 | # singleLevelQuality ATTRIBUTE 2448 | # WITH ATTRIBUTE-SYNTAX DataQualitySyntax 2449 | # SINGLE VALUE 2450 | # 2451 | # 2452 | # subtreeMinimumQuality ATTRIBUTE 2453 | # WITH ATTRIBUTE-SYNTAX DataQualitySyntax 2454 | # SINGLE VALUE 2455 | # -- Defaults to singleLevelQuality 2456 | # ::= {pilotAttributeType 51} 2457 | # 2458 | # 2459 | # subtreeMaximumQuality ATTRIBUTE 2460 | # WITH ATTRIBUTE-SYNTAX DataQualitySyntax 2461 | # SINGLE VALUE 2462 | # -- Defaults to singleLevelQuality 2463 | # ::= {pilotAttributeType 52} 2464 | # 2465 | # 2466 | # personalSignature ATTRIBUTE 2467 | # WITH ATTRIBUTE-SYNTAX 2468 | # CHOICE { 2469 | # g3-facsimile [3] G3FacsimileBodyPart 2470 | # } 2471 | # (SIZE (1 .. ub-personal-signature)) 2472 | # ::= {pilotAttributeType 53} 2473 | # 2474 | # 2475 | # dITRedirect ATTRIBUTE 2476 | # WITH ATTRIBUTE-SYNTAX 2477 | # distinguishedNameSyntax 2478 | # ::= {pilotAttributeType 54} 2479 | # 2480 | # 2481 | # audio ATTRIBUTE 2482 | # WITH ATTRIBUTE-SYNTAX 2483 | # Audio 2484 | # (SIZE (1 .. ub-audio)) 2485 | # ::= {pilotAttributeType 55} 2486 | # 2487 | # documentPublisher ATTRIBUTE 2488 | # WITH ATTRIBUTE SYNTAX caseIgnoreStringSyntax 2489 | # ::= {pilotAttributeType 56} 2490 | # 2491 | # 2492 | # 2493 | # -- Generally useful syntaxes 2494 | # 2495 | # 2496 | # caseIgnoreIA5StringSyntax ATTRIBUTE-SYNTAX 2497 | # IA5String 2498 | # MATCHES FOR EQUALITY SUBSTRINGS 2499 | # 2500 | # 2501 | # iA5StringSyntax ATTRIBUTE-SYNTAX 2502 | # IA5String 2503 | # MATCHES FOR EQUALITY SUBSTRINGS 2504 | # 2505 | # 2506 | # -- Syntaxes to support the DNS attributes 2507 | # 2508 | # DNSRecordSyntax ATTRIBUTE-SYNTAX 2509 | # IA5String 2510 | # MATCHES FOR EQUALITY 2511 | # 2512 | # 2513 | # NRSInformationSyntax ATTRIBUTE-SYNTAX 2514 | # NRSInformation 2515 | # MATCHES FOR EQUALITY 2516 | # 2517 | # 2518 | # NRSInformation ::= SET { 2519 | # [0] Context, 2520 | # [1] Address-space-id, 2521 | # routes [2] SEQUENCE OF SEQUENCE { 2522 | # Route-cost, 2523 | # Addressing-info } 2524 | # } 2525 | # 2526 | # 2527 | # -- Upper bounds on length of attribute values 2528 | # 2529 | # 2530 | # ub-document-identifier INTEGER ::= 256 2531 | # 2532 | # ub-document-location INTEGER ::= 256 2533 | # 2534 | # ub-document-title INTEGER ::= 256 2535 | # 2536 | # ub-document-version INTEGER ::= 256 2537 | # 2538 | # ub-favourite-drink INTEGER ::= 256 2539 | # 2540 | # ub-host INTEGER ::= 256 2541 | # 2542 | # ub-information INTEGER ::= 2048 2543 | # 2544 | # ub-unique-identifier INTEGER ::= 256 2545 | # 2546 | # ub-personal-title INTEGER ::= 256 2547 | # 2548 | # ub-photo INTEGER ::= 250000 2549 | # 2550 | # ub-rfc822-mailbox INTEGER ::= 256 2551 | # 2552 | # ub-room-number INTEGER ::= 256 2553 | # 2554 | # ub-text-or-address INTEGER ::= 256 2555 | # 2556 | # ub-user-class INTEGER ::= 256 2557 | # 2558 | # ub-user-identifier INTEGER ::= 256 2559 | # 2560 | # ub-organizational-status INTEGER ::= 256 2561 | # 2562 | # ub-janet-mailbox INTEGER ::= 256 2563 | # 2564 | # ub-building-name INTEGER ::= 256 2565 | # 2566 | # ub-personal-signature ::= 50000 2567 | # 2568 | # ub-audio INTEGER ::= 250000 2569 | # 2570 | # [remainder of memo trimmed] 2571 | 2572 | --------------------------------------------------------------------------------