├── HACKING.md ├── LICENSE ├── Makefile ├── OWNERS ├── README.md ├── contrib ├── DB_CONFIG ├── base.ldif ├── config │ ├── CONFIGURED │ ├── certs │ │ ├── .slapd-leave │ │ ├── cert8.db │ │ ├── key3.db │ │ ├── password │ │ └── secmod.db │ ├── check_password.conf │ ├── ldap.conf │ ├── schema │ │ ├── collective.ldif │ │ ├── collective.schema │ │ ├── corba.ldif │ │ ├── corba.schema │ │ ├── core.ldif │ │ ├── core.schema │ │ ├── cosine.ldif │ │ ├── cosine.schema │ │ ├── duaconf.ldif │ │ ├── duaconf.schema │ │ ├── dyngroup.ldif │ │ ├── dyngroup.schema │ │ ├── inetorgperson.ldif │ │ ├── inetorgperson.schema │ │ ├── java.ldif │ │ ├── java.schema │ │ ├── misc.ldif │ │ ├── misc.schema │ │ ├── nis.ldif │ │ ├── nis.schema │ │ ├── openldap.ldif │ │ ├── openldap.schema │ │ ├── pmi.ldif │ │ ├── pmi.schema │ │ ├── ppolicy.ldif │ │ └── ppolicy.schema │ └── slapd.d │ │ ├── cn=config.ldif │ │ └── cn=config │ │ ├── cn=module{0}.ldif │ │ ├── cn=schema.ldif │ │ ├── cn=schema │ │ ├── cn={0}core.ldif │ │ ├── cn={1}testperson.ldif │ │ ├── cn={2}cosine.ldif │ │ └── cn={3}inetorgperson.ldif │ │ ├── olcDatabase={-1}frontend.ldif │ │ ├── olcDatabase={0}config.ldif │ │ ├── olcDatabase={1}monitor.ldif │ │ ├── olcDatabase={2}hdb.ldif │ │ └── olcDatabase={2}hdb │ │ ├── olcOverlay={0}memberof.ldif │ │ └── olcOverlay={1}refint.ldif ├── configure_memberof.ldif ├── configure_refint.ldif ├── first_config.ldif ├── lib │ ├── DB_CONFIG │ ├── __db.001 │ ├── __db.002 │ ├── __db.003 │ ├── alock │ ├── dn2id.bdb │ ├── id2entry.bdb │ ├── log.0000000001 │ └── objectClass.bdb ├── load_modules.ldif ├── run-openldap.sh ├── testPerson.ldif └── testPerson.schema ├── hack └── test.sh ├── images ├── Dockerfile └── Dockerfile.rhel7 └── test └── test.ldif /HACKING.md: -------------------------------------------------------------------------------- 1 | # Development Reference 2 | 3 | ## Purpose 4 | The purpose of this document is to provide a clear and reference-filled document for developers that want to work with the OpenShift OpenLDAP Docker image. The creation of this image brought many issues to light and was not straightforward. Decisions were made to mitigate these issues and the description of those decisions follows. 5 | 6 | ## Development Considerations 7 | This image was originally created in order to facilitate testing of the OpenShift LDAP group sync feature. However, during creation it was clear that it would not be difficult to build the test image as a layer or layers on top of a general-purpose OpenLDAP image for use by developers in OpenShift. Therefore, the following characteristics were desriable from the image: 8 | 9 | * random UID for the user in the running container 10 | * user-settable attributes for OpenLDAP setup at run-time 11 | * ability for full user interaction: 12 | * searching for records 13 | * amending, adding and removing records 14 | 15 | In order to support all of these requirements, we need some permissions during the initial OpenLDAP installation. Specifically, if a user wants to set characteristics in the `cn=config` database (`olcDatabase{0}config`), the user needs to authenticate with the LDAP server. This can be done in three ways: [simply](http://www.openldap.org/doc/admin24/security.html#%22simple%22%20method), [using SASL](http://www.openldap.org/doc/admin24/sasl.html), and [using TLS](http://www.openldap.org/doc/admin24/tls.html). The user could also choose to use `slapcat` and `slapadd` to dump a valid configuration and load it into a new server, or bind-mount the entire `etc/openldap` and `var/lib/ldap` directories. 16 | 17 | ### OpenLDAP Authentication 18 | In order to use simple authentication, no extra work has to be done. However, this level of authentication does not give enough privilege to configure `olcDatabase{0}config` and therefore does not allow a user to change `root` characteristics, schemas, *etc.* 19 | 20 | In order to use [SASL](https://en.wikipedia.org/wiki/Simple_Authentication_and_Security_Layer), extra work might need to be done. The following table juxtaposes SASL mechanisms with the work they need: 21 | 22 | SASL Mechanism | Implementation 23 | ------------------------------------- | -------------- 24 | `EXTERNAL` | The `EXTERNAL` mechanism makes use of a lower-level authentication level, either IPC or TLS. In order to set up TLS, `root`-level authenticated access to `olcDatabase{0}config` database is necessary to add proper certificates. In order to set up IPC, `root`-level user privilege is necessary to open the `ldapi:///` socket. 25 | `GSSAPI`, `KERBEROS_V4`, `DIGEST-MD5` | The `GSSAPI`, `KERBEROS_V4`, `DIGEST-MD5` mechanisms all require the set-up of an external authentication mechanism, either Kerberos or an authentication identity mapping. They furthermore require `root`-level access to `olcDatabase{0}config` to initiate the setup. 26 | 27 | As is clear, in order to use SASL, `root`-level access to the `olcDatabase{0}config` database is required. If we are trying to acces this database in order to commit `root`-level credentials or information like schemas or the `top` object, this is a self-referential problem. 28 | 29 | In order to use TLS as the underlying mechanism for SASL `EXTERNAL`, one can only vaguely follow the [documentation](http://www.openldap.org/faq/data/cache/185.html) as it continues to refer to the `slapd.conf` schema for configuration, which is deprecated in the current OpenLDAP release. Furthermore, pointing the OpenLDAP daemon to certs requires `root`-level access to `olcDatabase{0}config`, which, again, is an endless problem if you are attempting to create an authentication scheme so you can access that database. 30 | 31 | The default out-of-the-box installation of OpenLDAP contains a `olcRootDN` manager for the `cn=config` database but does not list a password, which is problematic as it does not allow you to use the full authentication (`-x -D -w `) and therefore does not allow for the user to use this set-up to add or remove records unless they are `UID 0`. 32 | 33 | ### OpenLDAP Configuration Dump 34 | OpenLDAP exposes administrative tools like [`slapadd`](http://www.openldap.org/software/man.cgi?query=slapadd&apropos=0&sektion=0&manpath=OpenLDAP+2.4-Release&format=html) and [`slpacat`](http://www.openldap.org/software/man.cgi?query=slapcat&apropos=0&sektion=0&manpath=OpenLDAP+2.4-Release&format=html) which operate on OpenLDAP installations with the daemon not running. These tools are a promising work-around to the authentication nightmare above. The gist of this approach is as such: first, install OpenLDAP on a machine or container where you have `root` privileges (`UID 0` and `GID 0` are required due to how OpenLDAP generates authentication identities), create an OpenLDAP installation to your liking, stop the daemon (`slapd`), dump all of the OpenLDAP installation to `ldif` using `slapcat -n0`, then import all of the data using `slapadd -n0` on another installation. 35 | 36 | This approach does not seem to work, however. If there are no traces of the new `cn=config` configuration schema in the `etc/openldap` directory, the `slapadd` command looks for the old `slapd.conf` configuration schema and fails because that schema is deprecated. `slapadd` also cannot be used while the daemon is off to edit records as it is only capable of adding objects. Therefore, a partial edit using `slapadd` is not possible. Furthermore, editing the files by hand will trigger checksum errors and cause a corrupt installation. 37 | 38 | ### OpenLDAP Bind-Mount of Files 39 | The final and ugliest option is to bind-mount files to `etc/openldap` and `var/lib/ldap`. The process for this is very similar to that using `slapcat` and `slapadd` above. A working LDAP server has every single file in it's `etc/openldap` and `var/lib/ldap` directories copied and placed into the surrogate LDAP server you are trying to set up. The new server, when the daemon is run, will complain about the databases not being closed correctly but it is able tor recover and no errors result. The files in the [`contrib`](2.4.41/contrib) subdirectories ([`lib`](2.4.41/contrib/lib), [`config`](2.4.41/contrib/config)) are the result of this operation. These files can be re-created at any time by running the `openshift/openldap-2441-centos7` image as `UID 0` and harvesting the resulting files in the container's `var/lib/ldap` and `etc/openldap` directories, respectively. These are saved by Docker in the host system's `/var/lib/docker/volumes` directory, as they are declared as volumes. 40 | 41 | This last approach is the approach that was finally able to create a valid OpenLDAP installation with a non-root user running the container. 42 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | 2 | Apache License 3 | Version 2.0, January 2004 4 | http://www.apache.org/licenses/ 5 | 6 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 7 | 8 | 1. Definitions. 9 | 10 | "License" shall mean the terms and conditions for use, reproduction, 11 | and distribution as defined by Sections 1 through 9 of this document. 12 | 13 | "Licensor" shall mean the copyright owner or entity authorized by 14 | the copyright owner that is granting the License. 15 | 16 | "Legal Entity" shall mean the union of the acting entity and all 17 | other entities that control, are controlled by, or are under common 18 | control with that entity. For the purposes of this definition, 19 | "control" means (i) the power, direct or indirect, to cause the 20 | direction or management of such entity, whether by contract or 21 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 22 | outstanding shares, or (iii) beneficial ownership of such entity. 23 | 24 | "You" (or "Your") shall mean an individual or Legal Entity 25 | exercising permissions granted by this License. 26 | 27 | "Source" form shall mean the preferred form for making modifications, 28 | including but not limited to software source code, documentation 29 | source, and configuration files. 30 | 31 | "Object" form shall mean any form resulting from mechanical 32 | transformation or translation of a Source form, including but 33 | not limited to compiled object code, generated documentation, 34 | and conversions to other media types. 35 | 36 | "Work" shall mean the work of authorship, whether in Source or 37 | Object form, made available under the License, as indicated by a 38 | copyright notice that is included in or attached to the work 39 | (an example is provided in the Appendix below). 40 | 41 | "Derivative Works" shall mean any work, whether in Source or Object 42 | form, that is based on (or derived from) the Work and for which the 43 | editorial revisions, annotations, elaborations, or other modifications 44 | represent, as a whole, an original work of authorship. For the purposes 45 | of this License, Derivative Works shall not include works that remain 46 | separable from, or merely link (or bind by name) to the interfaces of, 47 | the Work and Derivative Works thereof. 48 | 49 | "Contribution" shall mean any work of authorship, including 50 | the original version of the Work and any modifications or additions 51 | to that Work or Derivative Works thereof, that is intentionally 52 | submitted to Licensor for inclusion in the Work by the copyright owner 53 | or by an individual or Legal Entity authorized to submit on behalf of 54 | the copyright owner. For the purposes of this definition, "submitted" 55 | means any form of electronic, verbal, or written communication sent 56 | to the Licensor or its representatives, including but not limited to 57 | communication on electronic mailing lists, source code control systems, 58 | and issue tracking systems that are managed by, or on behalf of, the 59 | Licensor for the purpose of discussing and improving the Work, but 60 | excluding communication that is conspicuously marked or otherwise 61 | designated in writing by the copyright owner as "Not a Contribution." 62 | 63 | "Contributor" shall mean Licensor and any individual or Legal Entity 64 | on behalf of whom a Contribution has been received by Licensor and 65 | subsequently incorporated within the Work. 66 | 67 | 2. Grant of Copyright License. Subject to the terms and conditions of 68 | this License, each Contributor hereby grants to You a perpetual, 69 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 70 | copyright license to reproduce, prepare Derivative Works of, 71 | publicly display, publicly perform, sublicense, and distribute the 72 | Work and such Derivative Works in Source or Object form. 73 | 74 | 3. Grant of Patent License. Subject to the terms and conditions of 75 | this License, each Contributor hereby grants to You a perpetual, 76 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 77 | (except as stated in this section) patent license to make, have made, 78 | use, offer to sell, sell, import, and otherwise transfer the Work, 79 | where such license applies only to those patent claims licensable 80 | by such Contributor that are necessarily infringed by their 81 | Contribution(s) alone or by combination of their Contribution(s) 82 | with the Work to which such Contribution(s) was submitted. If You 83 | institute patent litigation against any entity (including a 84 | cross-claim or counterclaim in a lawsuit) alleging that the Work 85 | or a Contribution incorporated within the Work constitutes direct 86 | or contributory patent infringement, then any patent licenses 87 | granted to You under this License for that Work shall terminate 88 | as of the date such litigation is filed. 89 | 90 | 4. Redistribution. You may reproduce and distribute copies of the 91 | Work or Derivative Works thereof in any medium, with or without 92 | modifications, and in Source or Object form, provided that You 93 | meet the following conditions: 94 | 95 | (a) You must give any other recipients of the Work or 96 | Derivative Works a copy of this License; and 97 | 98 | (b) You must cause any modified files to carry prominent notices 99 | stating that You changed the files; and 100 | 101 | (c) You must retain, in the Source form of any Derivative Works 102 | that You distribute, all copyright, patent, trademark, and 103 | attribution notices from the Source form of the Work, 104 | excluding those notices that do not pertain to any part of 105 | the Derivative Works; and 106 | 107 | (d) If the Work includes a "NOTICE" text file as part of its 108 | distribution, then any Derivative Works that You distribute must 109 | include a readable copy of the attribution notices contained 110 | within such NOTICE file, excluding those notices that do not 111 | pertain to any part of the Derivative Works, in at least one 112 | of the following places: within a NOTICE text file distributed 113 | as part of the Derivative Works; within the Source form or 114 | documentation, if provided along with the Derivative Works; or, 115 | within a display generated by the Derivative Works, if and 116 | wherever such third-party notices normally appear. The contents 117 | of the NOTICE file are for informational purposes only and 118 | do not modify the License. You may add Your own attribution 119 | notices within Derivative Works that You distribute, alongside 120 | or as an addendum to the NOTICE text from the Work, provided 121 | that such additional attribution notices cannot be construed 122 | as modifying the License. 123 | 124 | You may add Your own copyright statement to Your modifications and 125 | may provide additional or different license terms and conditions 126 | for use, reproduction, or distribution of Your modifications, or 127 | for any such Derivative Works as a whole, provided Your use, 128 | reproduction, and distribution of the Work otherwise complies with 129 | the conditions stated in this License. 130 | 131 | 5. Submission of Contributions. Unless You explicitly state otherwise, 132 | any Contribution intentionally submitted for inclusion in the Work 133 | by You to the Licensor shall be under the terms and conditions of 134 | this License, without any additional terms or conditions. 135 | Notwithstanding the above, nothing herein shall supersede or modify 136 | the terms of any separate license agreement you may have executed 137 | with Licensor regarding such Contributions. 138 | 139 | 6. Trademarks. This License does not grant permission to use the trade 140 | names, trademarks, service marks, or product names of the Licensor, 141 | except as required for reasonable and customary use in describing the 142 | origin of the Work and reproducing the content of the NOTICE file. 143 | 144 | 7. Disclaimer of Warranty. Unless required by applicable law or 145 | agreed to in writing, Licensor provides the Work (and each 146 | Contributor provides its Contributions) on an "AS IS" BASIS, 147 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 148 | implied, including, without limitation, any warranties or conditions 149 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 150 | PARTICULAR PURPOSE. You are solely responsible for determining the 151 | appropriateness of using or redistributing the Work and assume any 152 | risks associated with Your exercise of permissions under this License. 153 | 154 | 8. Limitation of Liability. In no event and under no legal theory, 155 | whether in tort (including negligence), contract, or otherwise, 156 | unless required by applicable law (such as deliberate and grossly 157 | negligent acts) or agreed to in writing, shall any Contributor be 158 | liable to You for damages, including any direct, indirect, special, 159 | incidental, or consequential damages of any character arising as a 160 | result of this License or out of the use or inability to use the 161 | Work (including but not limited to damages for loss of goodwill, 162 | work stoppage, computer failure or malfunction, or any and all 163 | other commercial damages or losses), even if such Contributor 164 | has been advised of the possibility of such damages. 165 | 166 | 9. Accepting Warranty or Additional Liability. While redistributing 167 | the Work or Derivative Works thereof, You may choose to offer, 168 | and charge a fee for, acceptance of support, warranty, indemnity, 169 | or other liability obligations and/or rights consistent with this 170 | License. However, in accepting such obligations, You may act only 171 | on Your own behalf and on Your sole responsibility, not on behalf 172 | of any other Contributor, and only if You agree to indemnify, 173 | defend, and hold each Contributor harmless for any liability 174 | incurred by, or claims asserted against, such Contributor by reason 175 | of your accepting any such warranty or additional liability. 176 | 177 | END OF TERMS AND CONDITIONS 178 | 179 | Copyright 2014 Red Hat, Inc. 180 | 181 | Licensed under the Apache License, Version 2.0 (the "License"); 182 | you may not use this file except in compliance with the License. 183 | You may obtain a copy of the License at 184 | 185 | http://www.apache.org/licenses/LICENSE-2.0 186 | 187 | Unless required by applicable law or agreed to in writing, software 188 | distributed under the License is distributed on an "AS IS" BASIS, 189 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 190 | See the License for the specific language governing permissions and 191 | limitations under the License. 192 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | RUNTIME ?= podman 2 | CONTAINER_REGISTRY := dockerhub.com 3 | IMAGE_NAME := openshift/openldap 4 | IMAGE_PATH := $(CONTAINER_REGISTRY)/$(IMAGE_NAME) 5 | 6 | ifeq ($(TARGET),rhel7) 7 | IMAGE_TAG := rhel7 8 | IMAGE_FILE := images/Dockerfile.rhel7 9 | else 10 | IMAGE_TAG := fedora34 11 | IMAGE_FILE := images/Dockerfile 12 | endif 13 | 14 | IMAGE := $(IMAGE_PATH):$(IMAGE_TAG) 15 | 16 | .PHONY: build 17 | build: 18 | $(RUNTIME) build \ 19 | -t "$(IMAGE)" \ 20 | -f "$(IMAGE_FILE)" \ 21 | . 22 | 23 | .PHONY: test 24 | test: build 25 | IMAGE="$(IMAGE)" \ 26 | RUNTIME="$(RUNTIME)" \ 27 | hack/test.sh 28 | 29 | .PHONY: image_name 30 | image_name: 31 | @echo "$(IMAGE)" 32 | -------------------------------------------------------------------------------- /OWNERS: -------------------------------------------------------------------------------- 1 | reviewers: 2 | - slaskawi 3 | - stlaz 4 | - s-urbaniak 5 | - ibihim 6 | approvers: 7 | - slaskawi 8 | - stlaz 9 | - ibihim 10 | - s-urbaniak 11 | 12 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | OpenLDAP for OpenShift - Docker images 2 | ======================================== 3 | DISCLAIMER - IMAGES ONLY FOR INTERNAL TESTING OF ORIGIN REPOSITORY 4 | ================================================================== 5 | 6 | This repository contains Dockerfiles for OpenLDAP images for OpenShift testing. 7 | Images are based on CentOS. Images are **NOT** meant to be used for LDAP servers in 8 | any environment other than the OpenShift Origin test environment at this time. No 9 | guarantees are given for the efficacy or stability of images in this repository or 10 | those created with Dockerfiles from this repository. 11 | 12 | If you are working on developing this image, refer to [the hacking document](HACKING.md) 13 | for detailed discussion of deploying OpenLDAP as a Docker container under OpenShift. 14 | 15 | 16 | Versions 17 | --------------- 18 | OpenLDAP versions currently provided are: 19 | * openldap-2.4.41 20 | 21 | CentOS versions currently supported are: 22 | * CentOS7 23 | 24 | 25 | Installation 26 | ---------------------- 27 | To build an OpenLDAP image from scratch run: 28 | 29 | ``` 30 | $ git clone https://github.com/openshift/openldap.git 31 | $ cd openldap 32 | $ make build 33 | ``` 34 | 35 | Environment variables and volumes 36 | ---------------------------------- 37 | 38 | The image recognizes the following environment variables that you can set during 39 | initialization by passing `-e VAR=VALUE` to the Docker `run` command. 40 | 41 | | Variable name | Description | Default | 42 | | :------------------------- | ----------------------------------------- | ------------------------- | 43 | | `OPENLDAP_ROOT_PASSWORD` | OpenLDAP `olcRootPW` password | `admin` | 44 | | `OPENLDAP_ROOT_DN_SUFFIX` | OpenLDAP `olcSuffix` suffix | `dc=example,dc=com` | 45 | | `OPENLDAP_ROOT_DN_PREFIX` | OpenLDAP `olcRootDN` prefix | `cn=Manager` | 46 | | `OPENLDAP_DEBUG_LEVEL` | OpenLDAP Server Debug Level | `256` | 47 | | `OPENLDAP_LISTEN_URIS` | OpenLDAP Server Listen URIs | `ldaps:/// ldap:///` | 48 | 49 | The following table details the possible debug levels. 50 | 51 | | Debug Level | Description | 52 | | ----------- | --------------------------------------------- | 53 | | -1 | Enable all debugging | 54 | | 0 | Enable no debugging | 55 | | 1 | Trace function calls | 56 | | 2 | Debug packet handling | 57 | | 4 | Heavy trace debugging | 58 | | 8 | Connection management | 59 | | 16 | Log packets sent and recieved | 60 | | 32 | Search filter processing | 61 | | 64 | Configuration file processing | 62 | | 128 | Access control list processing | 63 | | 256 | Stats log connections, operations and results | 64 | | 512 | Stats log entries sent | 65 | | 1024 | Log communication with shell backends | 66 | | 2048 | Log entry parsing debugging | 67 | 68 | You can also set the following mount points by passing the `-v /host:/container` flag to Docker. 69 | 70 | | Volume mount point | Description | 71 | | :------------------ | ---------------------------------- | 72 | | `/var/lib/ldap` | OpenLDAP data directory | 73 | | `/etc/openldap/` | OpenLDAP configuration directory. | 74 | 75 | **Notice: When mounting a directory from the host into the container, ensure that the mounted 76 | directory has the appropriate permissions and that the owner and group of the directory 77 | matches the user UID or name which is running inside the container.** 78 | 79 | Usage 80 | --------------------------------- 81 | 82 | If you want to set only the mandatory environment variables and not store 83 | the LDAP directory in a host directory, execute the following command: 84 | 85 | ``` 86 | $ docker run -d --name openldap_server -p 389:389 -p 636:636 openshift/openldap-2441-centos7:latest 87 | ``` 88 | 89 | This will create a container named `openldap_server` running OpenLDAP with an admin 90 | user with credentials `cn=Manager,dc=example,dc=com:admin`. Ports 389 and 636 will be exposed and mapped 91 | to the host for `ldap` and `ldaps` endpoints, respectively. If you want your directory to be persistent 92 | across container executions, also add a `-v /host/data/path:/var/lib/ldap` argument to specify 93 | the OpenLDAP data files, and a `-v /host/config/path:/etc/openshift` argument to specify OpenLDAP 94 | configuration files. Ensure that a file named `CONFIGURED` exists in the directory you are mounting to `/etc/openldap` 95 | so that the startup scripts do not try to re-configure slapd. 96 | 97 | If the configuration directory is not initialized, the entrypoint script will first 98 | run [`run-openldap.sh`](2.4.41/run-openldap.sh) and setup necessary directory users and passwords. 99 | After the database is initialized, or if it was already present, `slapd` is executed and will run 100 | as PID 1. You can stop the detached container by running `docker stop openldap_server`. 101 | 102 | Test 103 | --------------------------------- 104 | 105 | This repository also provides a test framework, which checks basic functionality 106 | of the OpenLDAP image. To run the tests, execute the follwing: 107 | 108 | ``` 109 | $ cd openldap 110 | $ make test 111 | ``` 112 | -------------------------------------------------------------------------------- /contrib/DB_CONFIG: -------------------------------------------------------------------------------- 1 | # $OpenLDAP$ 2 | # Example DB_CONFIG file for use with slapd(8) BDB/HDB databases. 3 | # 4 | # See the Oracle Berkeley DB documentation 5 | # 6 | # for detail description of DB_CONFIG syntax and semantics. 7 | # 8 | # Hints can also be found in the OpenLDAP Software FAQ 9 | # 10 | # in particular: 11 | # 12 | 13 | # Note: most DB_CONFIG settings will take effect only upon rebuilding 14 | # the DB environment. 15 | 16 | # one 0.25 GB cache 17 | set_cachesize 0 268435456 1 18 | 19 | # Data Directory 20 | #set_data_dir db 21 | 22 | # Transaction Log settings 23 | set_lg_regionmax 262144 24 | set_lg_bsize 2097152 25 | #set_lg_dir logs 26 | 27 | # Note: special DB_CONFIG flags are no longer needed for "quick" 28 | # slapadd(8) or slapindex(8) access (see their -q option). 29 | -------------------------------------------------------------------------------- /contrib/base.ldif: -------------------------------------------------------------------------------- 1 | # The base LDIF data 2 | dn: OPENLDAP_SUFFIX 3 | objectClass: top 4 | objectClass: dcObject 5 | objectclass: organization 6 | dc: FIRST_PART 7 | o: FIRST_PART 8 | 9 | dn: cn=Manager,OPENLDAP_SUFFIX 10 | objectClass: organizationalRole 11 | cn: Manager 12 | description: LDAP Directory Manager 13 | 14 | dn: ou=People,OPENLDAP_SUFFIX 15 | objectClass: organizationalUnit 16 | ou: People 17 | 18 | dn: ou=Group,OPENLDAP_SUFFIX 19 | objectClass: organizationalUnit 20 | ou: Group 21 | 22 | -------------------------------------------------------------------------------- /contrib/config/CONFIGURED: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openshift/openldap/bf6fe685b0a3ebba944b37631a088a58eb49516d/contrib/config/CONFIGURED -------------------------------------------------------------------------------- /contrib/config/certs/.slapd-leave: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openshift/openldap/bf6fe685b0a3ebba944b37631a088a58eb49516d/contrib/config/certs/.slapd-leave -------------------------------------------------------------------------------- /contrib/config/certs/cert8.db: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openshift/openldap/bf6fe685b0a3ebba944b37631a088a58eb49516d/contrib/config/certs/cert8.db -------------------------------------------------------------------------------- /contrib/config/certs/key3.db: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openshift/openldap/bf6fe685b0a3ebba944b37631a088a58eb49516d/contrib/config/certs/key3.db -------------------------------------------------------------------------------- /contrib/config/certs/password: -------------------------------------------------------------------------------- 1 | ZgBbt33rNEi7JLUqh67v/lywE8XAmb0xKYrAFCuLP1E= 2 | -------------------------------------------------------------------------------- /contrib/config/certs/secmod.db: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openshift/openldap/bf6fe685b0a3ebba944b37631a088a58eb49516d/contrib/config/certs/secmod.db -------------------------------------------------------------------------------- /contrib/config/check_password.conf: -------------------------------------------------------------------------------- 1 | # OpenLDAP pwdChecker library configuration 2 | 3 | #useCracklib 1 4 | #minPoints 3 5 | #minUpper 0 6 | #minLower 0 7 | #minDigit 0 8 | #minPunct 0 9 | -------------------------------------------------------------------------------- /contrib/config/ldap.conf: -------------------------------------------------------------------------------- 1 | # 2 | # LDAP Defaults 3 | # 4 | 5 | # See ldap.conf(5) for details 6 | # This file should be world readable but not world writable. 7 | 8 | #BASE dc=example,dc=com 9 | #URI ldap://ldap.example.com ldap://ldap-master.example.com:666 10 | 11 | #SIZELIMIT 12 12 | #TIMELIMIT 15 13 | #DEREF never 14 | 15 | TLS_CACERTDIR /etc/openldap/certs 16 | 17 | # Turning this off breaks GSSAPI used with krb5 when rdns = false 18 | SASL_NOCANON on 19 | -------------------------------------------------------------------------------- /contrib/config/schema/collective.ldif: -------------------------------------------------------------------------------- 1 | # collective.ldif -- Collective attribute schema 2 | # $OpenLDAP$ 3 | ## This work is part of OpenLDAP Software . 4 | ## 5 | ## Copyright 1998-2014 The OpenLDAP Foundation. 6 | ## All rights reserved. 7 | ## 8 | ## Redistribution and use in source and binary forms, with or without 9 | ## modification, are permitted only as authorized by the OpenLDAP 10 | ## Public License. 11 | ## 12 | ## A copy of this license is available in the file LICENSE in the 13 | ## top-level directory of the distribution or, alternatively, at 14 | ## . 15 | # 16 | ## Portions Copyright (C) The Internet Society (2003). 17 | ## Please see full copyright statement below. 18 | # 19 | # From RFC 3671 [portions trimmed]: 20 | # Collective Attributes in LDAP 21 | # 22 | # This file was automatically generated from collective.schema; see that file 23 | # for complete references. 24 | # 25 | dn: cn=collective,cn=schema,cn=config 26 | objectClass: olcSchemaConfig 27 | cn: collective 28 | olcAttributeTypes: {0}( 2.5.4.7.1 NAME 'c-l' SUP l COLLECTIVE ) 29 | olcAttributeTypes: {1}( 2.5.4.8.1 NAME 'c-st' SUP st COLLECTIVE ) 30 | olcAttributeTypes: {2}( 2.5.4.9.1 NAME 'c-street' SUP street COLLECTIVE ) 31 | olcAttributeTypes: {3}( 2.5.4.10.1 NAME 'c-o' SUP o COLLECTIVE ) 32 | olcAttributeTypes: {4}( 2.5.4.11.1 NAME 'c-ou' SUP ou COLLECTIVE ) 33 | olcAttributeTypes: {5}( 2.5.4.16.1 NAME 'c-PostalAddress' SUP postalAddress CO 34 | LLECTIVE ) 35 | olcAttributeTypes: {6}( 2.5.4.17.1 NAME 'c-PostalCode' SUP postalCode COLLECTI 36 | VE ) 37 | olcAttributeTypes: {7}( 2.5.4.18.1 NAME 'c-PostOfficeBox' SUP postOfficeBox CO 38 | LLECTIVE ) 39 | olcAttributeTypes: {8}( 2.5.4.19.1 NAME 'c-PhysicalDeliveryOfficeName' SUP phy 40 | sicalDeliveryOfficeName COLLECTIVE ) 41 | olcAttributeTypes: {9}( 2.5.4.20.1 NAME 'c-TelephoneNumber' SUP telephoneNumbe 42 | r COLLECTIVE ) 43 | olcAttributeTypes: {10}( 2.5.4.21.1 NAME 'c-TelexNumber' SUP telexNumber COLLE 44 | CTIVE ) 45 | olcAttributeTypes: {11}( 2.5.4.23.1 NAME 'c-FacsimileTelephoneNumber' SUP facs 46 | imileTelephoneNumber COLLECTIVE ) 47 | olcAttributeTypes: {12}( 2.5.4.25.1 NAME 'c-InternationalISDNNumber' SUP inter 48 | nationalISDNNumber COLLECTIVE ) 49 | -------------------------------------------------------------------------------- /contrib/config/schema/collective.schema: -------------------------------------------------------------------------------- 1 | # collective.schema -- Collective attribute schema 2 | # $OpenLDAP$ 3 | ## This work is part of OpenLDAP Software . 4 | ## 5 | ## Copyright 1998-2014 The OpenLDAP Foundation. 6 | ## All rights reserved. 7 | ## 8 | ## Redistribution and use in source and binary forms, with or without 9 | ## modification, are permitted only as authorized by the OpenLDAP 10 | ## Public License. 11 | ## 12 | ## A copy of this license is available in the file LICENSE in the 13 | ## top-level directory of the distribution or, alternatively, at 14 | ## . 15 | # 16 | ## Portions Copyright (C) The Internet Society (2003). 17 | ## Please see full copyright statement below. 18 | 19 | # From RFC 3671 [portions trimmed]: 20 | # Collective Attributes in LDAP 21 | 22 | #Abstract 23 | # 24 | # X.500 collective attributes allow common characteristics to be shared 25 | # between collections of entries. This document summarizes the X.500 26 | # information model for collective attributes and describes use of 27 | # collective attributes in LDAP (Lightweight Directory Access Protocol). 28 | # This document provides schema definitions for collective attributes 29 | # for use in LDAP. 30 | 31 | #3. Collective Attribute Types 32 | # 33 | # A userApplications attribute type can be defined to be COLLECTIVE 34 | # [RFC2252]. This indicates that the same attribute values will appear 35 | # in the entries of an entry collection subject to the use of the 36 | # collectiveExclusions attribute and other administrative controls. 37 | # 38 | # Collective attribute types are commonly defined as subtypes of non- 39 | # collective attribute types. By convention, collective attributes are 40 | # named by prefixing the name of their non-collective supertype with 41 | # "c-". For example, the collective telephone attribute is named 42 | # c-TelephoneNumber after its non-collective supertype telephoneNumber. 43 | # 44 | # Non-collective attributes types SHALL NOT subtype collective 45 | # attributes. 46 | # 47 | # Collective attributes SHALL NOT be SINGLE-VALUED. Collective 48 | # attribute types SHALL NOT appear in the attribute types of an object 49 | # class definition. 50 | # 51 | # Operational attributes SHALL NOT be defined to be collective. 52 | # 53 | # The remainder of section provides a summary of collective attributes 54 | # derived from those defined in [X.520]. Implementations of this 55 | # specification SHOULD support the following collective attributes and 56 | # MAY support additional collective attributes. 57 | # 58 | # 59 | #3.1. Collective Locality Name 60 | # 61 | # The c-l attribute type specifies a locality name for a collection of 62 | # entries. 63 | # 64 | attributeType ( 2.5.4.7.1 NAME 'c-l' 65 | SUP l COLLECTIVE ) 66 | # 67 | # 68 | #3.2. Collective State or Province Name 69 | # 70 | # The c-st attribute type specifies a state or province name for a 71 | # collection of entries. 72 | # 73 | attributeType ( 2.5.4.8.1 NAME 'c-st' 74 | SUP st COLLECTIVE ) 75 | # 76 | # 77 | #3.3. Collective Street Address 78 | # 79 | # The c-street attribute type specifies a street address for a 80 | # collection of entries. 81 | # 82 | attributeType ( 2.5.4.9.1 NAME 'c-street' 83 | SUP street COLLECTIVE ) 84 | # 85 | # 86 | #3.4. Collective Organization Name 87 | # 88 | # The c-o attribute type specifies an organization name for a collection 89 | # of entries. 90 | # 91 | attributeType ( 2.5.4.10.1 NAME 'c-o' 92 | SUP o COLLECTIVE ) 93 | # 94 | # 95 | #3.5. Collective Organizational Unit Name 96 | # 97 | # The c-ou attribute type specifies an organizational unit name for a 98 | # collection of entries. 99 | # 100 | attributeType ( 2.5.4.11.1 NAME 'c-ou' 101 | SUP ou COLLECTIVE ) 102 | # 103 | # 104 | #3.6. Collective Postal Address 105 | # 106 | # The c-PostalAddress attribute type specifies a postal address for a 107 | # collection of entries. 108 | # 109 | attributeType ( 2.5.4.16.1 NAME 'c-PostalAddress' 110 | SUP postalAddress COLLECTIVE ) 111 | # 112 | # 113 | #3.7. Collective Postal Code 114 | # 115 | # The c-PostalCode attribute type specifies a postal code for a 116 | # collection of entries. 117 | # 118 | attributeType ( 2.5.4.17.1 NAME 'c-PostalCode' 119 | SUP postalCode COLLECTIVE ) 120 | # 121 | # 122 | #3.8. Collective Post Office Box 123 | # 124 | # The c-PostOfficeBox attribute type specifies a post office box for a 125 | # collection of entries. 126 | # 127 | attributeType ( 2.5.4.18.1 NAME 'c-PostOfficeBox' 128 | SUP postOfficeBox COLLECTIVE ) 129 | # 130 | # 131 | #3.9. Collective Physical Delivery Office Name 132 | # 133 | # The c-PhysicalDeliveryOfficeName attribute type specifies a physical 134 | # delivery office name for a collection of entries. 135 | # 136 | attributeType ( 2.5.4.19.1 NAME 'c-PhysicalDeliveryOfficeName' 137 | SUP physicalDeliveryOfficeName COLLECTIVE ) 138 | # 139 | # 140 | #3.10. Collective Telephone Number 141 | # 142 | # The c-TelephoneNumber attribute type specifies a telephone number for 143 | # a collection of entries. 144 | # 145 | attributeType ( 2.5.4.20.1 NAME 'c-TelephoneNumber' 146 | SUP telephoneNumber COLLECTIVE ) 147 | # 148 | # 149 | #3.11. Collective Telex Number 150 | # 151 | # The c-TelexNumber attribute type specifies a telex number for a 152 | # collection of entries. 153 | # 154 | attributeType ( 2.5.4.21.1 NAME 'c-TelexNumber' 155 | SUP telexNumber COLLECTIVE ) 156 | # 157 | # 158 | #3.13. Collective Facsimile Telephone Number 159 | # 160 | # The c-FacsimileTelephoneNumber attribute type specifies a facsimile 161 | # telephone number for a collection of entries. 162 | # 163 | attributeType ( 2.5.4.23.1 NAME 'c-FacsimileTelephoneNumber' 164 | SUP facsimileTelephoneNumber COLLECTIVE ) 165 | # 166 | # 167 | #3.14. Collective International ISDN Number 168 | # 169 | # The c-InternationalISDNNumber attribute type specifies an 170 | # international ISDN number for a collection of entries. 171 | # 172 | attributeType ( 2.5.4.25.1 NAME 'c-InternationalISDNNumber' 173 | SUP internationalISDNNumber COLLECTIVE ) 174 | 175 | # Full Copyright 176 | # 177 | # Copyright (C) The Internet Society (2003). All Rights Reserved. 178 | # 179 | # This document and translations of it may be copied and furnished 180 | # to others, and derivative works that comment on or otherwise explain 181 | # it or assist in its implmentation may be prepared, copied, published 182 | # and distributed, in whole or in part, without restriction of any 183 | # kind, provided that the above copyright notice and this paragraph 184 | # are included on all such copies and derivative works. However, 185 | # this document itself may not be modified in any way, such as by 186 | # removing the copyright notice or references to the Internet Society 187 | # or other Internet organizations, except as needed for the purpose 188 | # of developing Internet standards in which case the procedures for 189 | # copyrights defined in the Internet Standards process must be followed, 190 | # or as required to translate it into languages other than English. 191 | -------------------------------------------------------------------------------- /contrib/config/schema/corba.ldif: -------------------------------------------------------------------------------- 1 | # corba.ldif -- Corba Object Schema 2 | # depends upon core.ldif 3 | # $OpenLDAP$ 4 | ## This work is part of OpenLDAP Software . 5 | ## 6 | ## Copyright 1998-2014 The OpenLDAP Foundation. 7 | ## All rights reserved. 8 | ## 9 | ## Redistribution and use in source and binary forms, with or without 10 | ## modification, are permitted only as authorized by the OpenLDAP 11 | ## Public License. 12 | ## 13 | ## A copy of this license is available in the file LICENSE in the 14 | ## top-level directory of the distribution or, alternatively, at 15 | ## . 16 | # 17 | ## Portions Copyright (C) The Internet Society (1999). 18 | ## Please see full copyright statement below. 19 | # 20 | # From RFC 2714 [portions trimmed]: 21 | # Schema for Representing CORBA Object References in an LDAP Directory 22 | # 23 | # This file was automatically generated from corba.schema; see that file 24 | # for complete references. 25 | # 26 | dn: cn=corba,cn=schema,cn=config 27 | objectClass: olcSchemaConfig 28 | cn: corba 29 | olcAttributeTypes: {0}( 1.3.6.1.4.1.42.2.27.4.1.14 NAME 'corbaIor' DESC 'Strin 30 | gified interoperable object reference of a CORBA object' EQUALITY caseIgnoreI 31 | A5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) 32 | olcAttributeTypes: {1}( 1.3.6.1.4.1.42.2.27.4.1.15 NAME 'corbaRepositoryId' DE 33 | SC 'Repository ids of interfaces implemented by a CORBA object' EQUALITY case 34 | ExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 35 | olcObjectClasses: {0}( 1.3.6.1.4.1.42.2.27.4.2.10 NAME 'corbaContainer' DESC ' 36 | Container for a CORBA object' SUP top STRUCTURAL MUST cn ) 37 | olcObjectClasses: {1}( 1.3.6.1.4.1.42.2.27.4.2.9 NAME 'corbaObject' DESC 'CORB 38 | A object representation' SUP top ABSTRACT MAY ( corbaRepositoryId $ descripti 39 | on ) ) 40 | olcObjectClasses: {2}( 1.3.6.1.4.1.42.2.27.4.2.11 NAME 'corbaObjectReference' 41 | DESC 'CORBA interoperable object reference' SUP corbaObject AUXILIARY MUST co 42 | rbaIor ) 43 | -------------------------------------------------------------------------------- /contrib/config/schema/corba.schema: -------------------------------------------------------------------------------- 1 | # corba.schema -- Corba Object Schema 2 | # depends upon core.schema 3 | # $OpenLDAP$ 4 | # $OpenLDAP$ 5 | ## This work is part of OpenLDAP Software . 6 | ## 7 | ## Copyright 1998-2014 The OpenLDAP Foundation. 8 | ## All rights reserved. 9 | ## 10 | ## Redistribution and use in source and binary forms, with or without 11 | ## modification, are permitted only as authorized by the OpenLDAP 12 | ## Public License. 13 | ## 14 | ## A copy of this license is available in the file LICENSE in the 15 | ## top-level directory of the distribution or, alternatively, at 16 | ## . 17 | # 18 | ## Portions Copyright (C) The Internet Society (1999). 19 | ## Please see full copyright statement below. 20 | 21 | 22 | # Network Working Group V. Ryan 23 | # Request for Comments: 2714 R. Lee 24 | # Category: Informational S. Seligman 25 | # Sun Microsystems, Inc. 26 | # October 1999 27 | # 28 | # 29 | # Schema for Representing CORBA Object References in an LDAP Directory 30 | # 31 | # Status of this Memo 32 | # 33 | # This memo provides information for the Internet community. It does 34 | # not specify an Internet standard of any kind. Distribution of this 35 | # memo is unlimited. 36 | # 37 | # Copyright Notice 38 | # 39 | # Copyright (C) The Internet Society (1999). All Rights Reserved. 40 | # 41 | # Abstract 42 | # 43 | # CORBA [CORBA] is the Common Object Request Broker Architecture 44 | # defined by the Object Management Group. This document defines the 45 | # schema for representing CORBA object references in an LDAP directory 46 | # [LDAPv3]. 47 | # 48 | # [trimmed] 49 | 50 | # 3. Attribute Type Definitions 51 | # 52 | # The following attribute types are defined in this document: 53 | # 54 | # corbaIor 55 | # corbaRepositoryId 56 | # 57 | # 3.1 corbaIor 58 | # 59 | # This attribute stores the string representation of the interoperable 60 | # object reference (IOR) for a CORBA object. An IOR is an opaque handle 61 | # for the object which contains the information necessary to locate the 62 | # object, even if the object is in another ORB. 63 | # 64 | # This attribute's syntax is 'IA5 String' and its case is 65 | # insignificant. 66 | # 67 | # ( 1.3.6.1.4.1.42.2.27.4.1.14 68 | # NAME 'corbaIor' 69 | # DESC 'Stringified interoperable object reference of a CORBA object' 70 | # EQUALITY caseIgnoreIA5Match 71 | # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 72 | # SINGLE-VALUE 73 | # ) 74 | # 75 | attributetype ( 1.3.6.1.4.1.42.2.27.4.1.14 76 | NAME 'corbaIor' 77 | DESC 'Stringified interoperable object reference of a CORBA object' 78 | EQUALITY caseIgnoreIA5Match 79 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 80 | SINGLE-VALUE ) 81 | 82 | # 3.2 corbaRepositoryId 83 | # 84 | # Each CORBA interface has a unique "repository id" (also called "type 85 | # id") that identifies the interface. A CORBA object has one or more 86 | # repository ids, one for each interface that it implements. 87 | # 88 | # The format of a repository id can be any string, but the OMG 89 | # specifies four standard formats: 90 | # 91 | # a. IDL-style 92 | # 93 | # IDL:Prefix/ModuleName/InterfaceName:VersionNumber 94 | # 95 | # For example, the repository id for the "NamingContext" in OMG's COS 96 | # Naming module is: "IDL:omg.org/CosNaming/NamingContext:1.0". 97 | # 98 | # b. RMI-style 99 | # 100 | # RMI:ClassName:HashCode[:SUID] 101 | # 102 | # This format is used by RMI-IIOP remote objects [RMI-IIOP]. 103 | # "ClassName" is the fully qualified name of the class (for example, 104 | # "java.lang.String"). "HashCode" is the object's hash code (that is, 105 | # that obtained by invoking the "hashCode()" method). "SUID" is the 106 | # "stream unique identifier", which is a 64-bit number that uniquely 107 | # identifies the serialization version of the class; SUID is optional 108 | # in the repository id. 109 | # 110 | # c. DCE-style 111 | # 112 | # DCE:UUID 113 | # 114 | # This format is used for DCE/CORBA interoperability [CORBA-DCE]. 115 | # "UUID" represents a DCE UUID. 116 | # 117 | # d. "local" 118 | # 119 | # This format is defined by the local Object Request Broker (ORB). 120 | # 121 | # The corbaRepositoryId attribute is a multivalued attribute; each 122 | # value records a single repository id of an interface implemented by 123 | # the CORBA object. This attribute need not contain a complete list of 124 | # the interfaces implemented by the CORBA object. 125 | # 126 | # This attribute's syntax is 'Directory String' and its case is 127 | # significant. The values of this attribute are encoded using UTF-8. 128 | # Some values may require translation from their native representation 129 | # in order to be correctly encoded using UTF-8. 130 | # 131 | # ( 1.3.6.1.4.1.42.2.27.4.1.15 132 | # NAME 'corbaRepositoryId' 133 | # DESC 'Repository ids of interfaces implemented by a CORBA object' 134 | # EQUALITY caseExactMatch 135 | # SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 136 | # ) 137 | # 138 | # 139 | attributetype ( 1.3.6.1.4.1.42.2.27.4.1.15 140 | NAME 'corbaRepositoryId' 141 | DESC 'Repository ids of interfaces implemented by a CORBA object' 142 | EQUALITY caseExactMatch 143 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 144 | 145 | # 4. Object Class Definitions 146 | # 147 | # The following object classes are defined in this document: 148 | # 149 | # corbaContainer 150 | # corbaObject 151 | # corbaObjectReference 152 | # 153 | # 4.1 corbaContainer 154 | # 155 | # This structural object class represents a container for a CORBA 156 | # object. 157 | # 158 | # ( 1.3.6.1.4.1.42.2.27.4.2.10 159 | # NAME 'corbaContainer' 160 | # DESC 'Container for a CORBA object' 161 | # SUP top 162 | # STRUCTURAL 163 | # MUST ( cn ) 164 | # ) 165 | # 166 | objectclass ( 1.3.6.1.4.1.42.2.27.4.2.10 167 | NAME 'corbaContainer' 168 | DESC 'Container for a CORBA object' 169 | SUP top 170 | STRUCTURAL 171 | MUST cn ) 172 | 173 | # 4.2 corbaObject 174 | # 175 | # This abstract object class is the root class for representing a CORBA 176 | # object. 177 | # 178 | # ( 1.3.6.1.4.1.42.2.27.4.2.9 179 | # NAME 'corbaObject' 180 | # DESC 'CORBA object representation' 181 | # SUP top 182 | # ABSTRACT 183 | # MAY ( corbaRepositoryId $ description ) 184 | # ) 185 | # 186 | objectclass ( 1.3.6.1.4.1.42.2.27.4.2.9 187 | NAME 'corbaObject' 188 | DESC 'CORBA object representation' 189 | SUP top 190 | ABSTRACT 191 | MAY ( corbaRepositoryId $ description ) ) 192 | 193 | # 4.3 corbaObjectReference 194 | # 195 | # This auxiliary object class represents a CORBA object reference. It 196 | # must be mixed in with a structural object class. 197 | # 198 | # ( 1.3.6.1.4.1.42.2.27.4.2.11 199 | # NAME 'corbaObjectReference' 200 | # DESC 'CORBA interoperable object reference' 201 | # SUP corbaObject 202 | # AUXILIARY 203 | # MUST ( corbaIor ) 204 | # ) 205 | # 206 | objectclass ( 1.3.6.1.4.1.42.2.27.4.2.11 207 | NAME 'corbaObjectReference' 208 | DESC 'CORBA interoperable object reference' 209 | SUP corbaObject 210 | AUXILIARY 211 | MUST corbaIor ) 212 | 213 | # 10. Full Copyright Statement 214 | # 215 | # Copyright (C) The Internet Society (1999). All Rights Reserved. 216 | # 217 | # This document and translations of it may be copied and furnished to 218 | # others, and derivative works that comment on or otherwise explain it 219 | # or assist in its implementation may be prepared, copied, published 220 | # and distributed, in whole or in part, without restriction of any 221 | # kind, provided that the above copyright notice and this paragraph are 222 | # included on all such copies and derivative works. However, this 223 | # document itself may not be modified in any way, such as by removing 224 | # the copyright notice or references to the Internet Society or other 225 | # Internet organizations, except as needed for the purpose of 226 | # developing Internet standards in which case the procedures for 227 | # copyrights defined in the Internet Standards process must be 228 | # followed, or as required to translate it into languages other than 229 | # English. 230 | # 231 | # The limited permissions granted above are perpetual and will not be 232 | # revoked by the Internet Society or its successors or assigns. 233 | # 234 | # This document and the information contained herein is provided on an 235 | # "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 236 | # TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 237 | # BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 238 | # HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 239 | # MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 240 | -------------------------------------------------------------------------------- /contrib/config/schema/cosine.ldif: -------------------------------------------------------------------------------- 1 | # RFC1274: Cosine and Internet X.500 schema 2 | # $OpenLDAP$ 3 | ## This work is part of OpenLDAP Software . 4 | ## 5 | ## Copyright 1998-2014 The OpenLDAP Foundation. 6 | ## All rights reserved. 7 | ## 8 | ## Redistribution and use in source and binary forms, with or without 9 | ## modification, are permitted only as authorized by the OpenLDAP 10 | ## Public License. 11 | ## 12 | ## A copy of this license is available in the file LICENSE in the 13 | ## top-level directory of the distribution or, alternatively, at 14 | ## . 15 | # 16 | # RFC1274: Cosine and Internet X.500 schema 17 | # 18 | # This file contains LDAPv3 schema derived from X.500 COSINE "pilot" 19 | # schema. As this schema was defined for X.500(89), some 20 | # oddities were introduced in the mapping to LDAPv3. The 21 | # mappings were based upon: draft-ietf-asid-ldapv3-attributes-03.txt 22 | # (a work in progress) 23 | # 24 | # Note: It seems that the pilot schema evolved beyond what was 25 | # described in RFC1274. However, this document attempts to describes 26 | # RFC1274 as published. 27 | # 28 | # Depends on core.ldif 29 | # 30 | # This file was automatically generated from cosine.schema; see that 31 | # file for complete background. 32 | # 33 | dn: cn=cosine,cn=schema,cn=config 34 | objectClass: olcSchemaConfig 35 | cn: cosine 36 | olcAttributeTypes: ( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress' 37 | EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1. 38 | 1466.115.121.1.15{256} ) 39 | olcAttributeTypes: ( 0.9.2342.19200300.100.1.4 NAME 'info' DESC 'RFC1274: g 40 | eneral information' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch 41 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} ) 42 | olcAttributeTypes: ( 0.9.2342.19200300.100.1.5 NAME ( 'drink' 'favouriteDri 43 | nk' ) DESC 'RFC1274: favorite drink' EQUALITY caseIgnoreMatch SUBSTR caseIgno 44 | reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) 45 | olcAttributeTypes: ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' DESC 'RFC1 46 | 274: room number' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch S 47 | YNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) 48 | olcAttributeTypes: ( 0.9.2342.19200300.100.1.7 NAME 'photo' DESC 'RFC1274: 49 | photo (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000} ) 50 | olcAttributeTypes: ( 0.9.2342.19200300.100.1.8 NAME 'userClass' DESC 'RFC12 51 | 74: category of user' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMat 52 | ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) 53 | olcAttributeTypes: ( 0.9.2342.19200300.100.1.9 NAME 'host' DESC 'RFC1274: h 54 | ost computer' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTA 55 | X 1.3.6.1.4.1.1466.115.121.1.15{256} ) 56 | olcAttributeTypes: ( 0.9.2342.19200300.100.1.10 NAME 'manager' DESC 'RFC127 57 | 4: DN of manager' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115 58 | .121.1.12 ) 59 | olcAttributeTypes: ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier' D 60 | ESC 'RFC1274: unique identifier of document' EQUALITY caseIgnoreMatch SUBSTR 61 | caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) 62 | olcAttributeTypes: ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle' DESC ' 63 | RFC1274: title of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstri 64 | ngsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) 65 | olcAttributeTypes: ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion' DES 66 | C 'RFC1274: version of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSu 67 | bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) 68 | olcAttributeTypes: ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor' DESC 69 | 'RFC1274: DN of author of document' EQUALITY distinguishedNameMatch SYNTAX 1 70 | .3.6.1.4.1.1466.115.121.1.12 ) 71 | olcAttributeTypes: ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation' DE 72 | SC 'RFC1274: location of document original' EQUALITY caseIgnoreMatch SUBSTR c 73 | aseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) 74 | olcAttributeTypes: ( 0.9.2342.19200300.100.1.20 NAME ( 'homePhone' 'homeTe 75 | lephoneNumber' ) DESC 'RFC1274: home telephone number' EQUALITY telephoneNumb 76 | erMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121 77 | .1.50 ) 78 | olcAttributeTypes: ( 0.9.2342.19200300.100.1.21 NAME 'secretary' DESC 'RFC 79 | 1274: DN of secretary' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.146 80 | 6.115.121.1.12 ) 81 | olcAttributeTypes: ( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox' SYNTAX 82 | 1.3.6.1.4.1.1466.115.121.1.39 ) 83 | olcAttributeTypes: ( 0.9.2342.19200300.100.1.26 NAME 'aRecord' EQUALITY ca 84 | seIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 85 | olcAttributeTypes: ( 0.9.2342.19200300.100.1.27 NAME 'mDRecord' EQUALITY c 86 | aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 87 | olcAttributeTypes: ( 0.9.2342.19200300.100.1.28 NAME 'mXRecord' EQUALITY c 88 | aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 89 | olcAttributeTypes: ( 0.9.2342.19200300.100.1.29 NAME 'nSRecord' EQUALITY c 90 | aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 91 | olcAttributeTypes: ( 0.9.2342.19200300.100.1.30 NAME 'sOARecord' EQUALITY 92 | caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 93 | olcAttributeTypes: ( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord' EQUALIT 94 | Y caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 95 | olcAttributeTypes: ( 0.9.2342.19200300.100.1.38 NAME 'associatedName' DESC 96 | 'RFC1274: DN of entry associated with domain' EQUALITY distinguishedNameMatc 97 | h SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) 98 | olcAttributeTypes: ( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress' D 99 | ESC 'RFC1274: home postal address' EQUALITY caseIgnoreListMatch SUBSTR caseIg 100 | noreListSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) 101 | olcAttributeTypes: ( 0.9.2342.19200300.100.1.40 NAME 'personalTitle' DESC 102 | 'RFC1274: personal title' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring 103 | sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) 104 | olcAttributeTypes: ( 0.9.2342.19200300.100.1.41 NAME ( 'mobile' 'mobileTel 105 | ephoneNumber' ) DESC 'RFC1274: mobile telephone number' EQUALITY telephoneNum 106 | berMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 107 | 1.1.50 ) 108 | olcAttributeTypes: ( 0.9.2342.19200300.100.1.42 NAME ( 'pager' 'pagerTelep 109 | honeNumber' ) DESC 'RFC1274: pager telephone number' EQUALITY telephoneNumber 110 | Match SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 111 | .50 ) 112 | olcAttributeTypes: ( 0.9.2342.19200300.100.1.43 NAME ( 'co' 'friendlyCount 113 | ryName' ) DESC 'RFC1274: friendly country name' EQUALITY caseIgnoreMatch SUBS 114 | TR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 115 | olcAttributeTypes: ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier' DE 116 | SC 'RFC1274: unique identifer' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.14 117 | 66.115.121.1.15{256} ) 118 | olcAttributeTypes: ( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus 119 | ' DESC 'RFC1274: organizational status' EQUALITY caseIgnoreMatch SUBSTR caseI 120 | gnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) 121 | olcAttributeTypes: ( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox' DESC ' 122 | RFC1274: Janet mailbox' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Subst 123 | ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) 124 | olcAttributeTypes: ( 0.9.2342.19200300.100.1.47 NAME 'mailPreferenceOption 125 | ' DESC 'RFC1274: mail preference option' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 126 | ) 127 | olcAttributeTypes: ( 0.9.2342.19200300.100.1.48 NAME 'buildingName' DESC ' 128 | RFC1274: name of building' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrin 129 | gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) 130 | olcAttributeTypes: ( 0.9.2342.19200300.100.1.49 NAME 'dSAQuality' DESC 'RF 131 | C1274: DSA Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.19 SINGLE-VALUE ) 132 | olcAttributeTypes: ( 0.9.2342.19200300.100.1.50 NAME 'singleLevelQuality' 133 | DESC 'RFC1274: Single Level Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SIN 134 | GLE-VALUE ) 135 | olcAttributeTypes: ( 0.9.2342.19200300.100.1.51 NAME 'subtreeMinimumQualit 136 | y' DESC 'RFC1274: Subtree Mininum Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 137 | 13 SINGLE-VALUE ) 138 | olcAttributeTypes: ( 0.9.2342.19200300.100.1.52 NAME 'subtreeMaximumQualit 139 | y' DESC 'RFC1274: Subtree Maximun Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 140 | 13 SINGLE-VALUE ) 141 | olcAttributeTypes: ( 0.9.2342.19200300.100.1.53 NAME 'personalSignature' D 142 | ESC 'RFC1274: Personal Signature (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 143 | 23 ) 144 | olcAttributeTypes: ( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect' DESC 'R 145 | FC1274: DIT Redirect' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466 146 | .115.121.1.12 ) 147 | olcAttributeTypes: ( 0.9.2342.19200300.100.1.55 NAME 'audio' DESC 'RFC1274 148 | : audio (u-law)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.4{25000} ) 149 | olcAttributeTypes: ( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher' D 150 | ESC 'RFC1274: publisher of document' EQUALITY caseIgnoreMatch SUBSTR caseIgno 151 | reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 152 | olcObjectClasses: ( 0.9.2342.19200300.100.4.4 NAME ( 'pilotPerson' 'newPilo 153 | tPerson' ) SUP person STRUCTURAL MAY ( userid $ textEncodedORAddress $ rfc822 154 | Mailbox $ favouriteDrink $ roomNumber $ userClass $ homeTelephoneNumber $ hom 155 | ePostalAddress $ secretary $ personalTitle $ preferredDeliveryMethod $ busine 156 | ssCategory $ janetMailbox $ otherMailbox $ mobileTelephoneNumber $ pagerTelep 157 | honeNumber $ organizationalStatus $ mailPreferenceOption $ personalSignature 158 | ) ) 159 | olcObjectClasses: ( 0.9.2342.19200300.100.4.5 NAME 'account' SUP top STRUCT 160 | URAL MUST userid MAY ( description $ seeAlso $ localityName $ organizationNam 161 | e $ organizationalUnitName $ host ) ) 162 | olcObjectClasses: ( 0.9.2342.19200300.100.4.6 NAME 'document' SUP top STRUC 163 | TURAL MUST documentIdentifier MAY ( commonName $ description $ seeAlso $ loca 164 | lityName $ organizationName $ organizationalUnitName $ documentTitle $ docume 165 | ntVersion $ documentAuthor $ documentLocation $ documentPublisher ) ) 166 | olcObjectClasses: ( 0.9.2342.19200300.100.4.7 NAME 'room' SUP top STRUCTURA 167 | L MUST commonName MAY ( roomNumber $ description $ seeAlso $ telephoneNumber 168 | ) ) 169 | olcObjectClasses: ( 0.9.2342.19200300.100.4.9 NAME 'documentSeries' SUP top 170 | STRUCTURAL MUST commonName MAY ( description $ seeAlso $ telephonenumber $ l 171 | ocalityName $ organizationName $ organizationalUnitName ) ) 172 | olcObjectClasses: ( 0.9.2342.19200300.100.4.13 NAME 'domain' SUP top STRUCT 173 | URAL MUST domainComponent MAY ( associatedName $ organizationName $ descripti 174 | on $ businessCategory $ seeAlso $ searchGuide $ userPassword $ localityName $ 175 | stateOrProvinceName $ streetAddress $ physicalDeliveryOfficeName $ postalAdd 176 | ress $ postalCode $ postOfficeBox $ streetAddress $ facsimileTelephoneNumber 177 | $ internationalISDNNumber $ telephoneNumber $ teletexTerminalIdentifier $ tel 178 | exNumber $ preferredDeliveryMethod $ destinationIndicator $ registeredAddress 179 | $ x121Address ) ) 180 | olcObjectClasses: ( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart' SUP d 181 | omain STRUCTURAL MAY ( commonName $ surname $ description $ seeAlso $ telepho 182 | neNumber $ physicalDeliveryOfficeName $ postalAddress $ postalCode $ postOffi 183 | ceBox $ streetAddress $ facsimileTelephoneNumber $ internationalISDNNumber $ 184 | telephoneNumber $ teletexTerminalIdentifier $ telexNumber $ preferredDelivery 185 | Method $ destinationIndicator $ registeredAddress $ x121Address ) ) 186 | olcObjectClasses: ( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain' SUP domain 187 | STRUCTURAL MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $ SOARecord $ CNAME 188 | Record ) ) 189 | olcObjectClasses: ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject' D 190 | ESC 'RFC1274: an object related to an domain' SUP top AUXILIARY MUST associat 191 | edDomain ) 192 | olcObjectClasses: ( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry' SUP c 193 | ountry STRUCTURAL MUST friendlyCountryName ) 194 | olcObjectClasses: ( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization' SU 195 | P ( organization $ organizationalUnit ) STRUCTURAL MAY buildingName ) 196 | olcObjectClasses: ( 0.9.2342.19200300.100.4.21 NAME 'pilotDSA' SUP dsa STR 197 | UCTURAL MAY dSAQuality ) 198 | olcObjectClasses: ( 0.9.2342.19200300.100.4.22 NAME 'qualityLabelledData' 199 | SUP top AUXILIARY MUST dsaQuality MAY ( subtreeMinimumQuality $ subtreeMaximu 200 | mQuality ) ) 201 | -------------------------------------------------------------------------------- /contrib/config/schema/duaconf.ldif: -------------------------------------------------------------------------------- 1 | # $OpenLDAP$ 2 | ## This work is part of OpenLDAP Software . 3 | ## 4 | ## Copyright 1998-2014 The OpenLDAP Foundation. 5 | ## All rights reserved. 6 | ## 7 | ## Redistribution and use in source and binary forms, with or without 8 | ## modification, are permitted only as authorized by the OpenLDAP 9 | ## Public License. 10 | ## 11 | ## A copy of this license is available in the file LICENSE in the 12 | ## top-level directory of the distribution or, alternatively, at 13 | ## . 14 | # 15 | # DUA schema from draft-joslin-config-schema (a work in progress) 16 | # 17 | # This file was automatically generated from duaconf.schema; see that file 18 | # for complete references. 19 | # 20 | dn: cn=duaconf,cn=schema,cn=config 21 | objectClass: olcSchemaConfig 22 | cn: duaconf 23 | olcObjectIdentifier: {0}DUAConfSchemaOID 1.3.6.1.4.1.11.1.3.1 24 | olcAttributeTypes: {0}( DUAConfSchemaOID:1.0 NAME 'defaultServerList' DESC 'De 25 | fault LDAP server host address used by a DUA' EQUALITY caseIgnoreMatch SYNTAX 26 | 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) 27 | olcAttributeTypes: {1}( DUAConfSchemaOID:1.1 NAME 'defaultSearchBase' DESC 'De 28 | fault LDAP base DN used by a DUA' EQUALITY distinguishedNameMatch SYNTAX 1.3. 29 | 6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) 30 | olcAttributeTypes: {2}( DUAConfSchemaOID:1.2 NAME 'preferredServerList' DESC ' 31 | Preferred LDAP server host addresses to be used by a DUA' EQUALITY 32 | caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) 33 | olcAttributeTypes: {3}( DUAConfSchemaOID:1.3 NAME 'searchTimeLimit' DESC 'Maxi 34 | mum time in seconds a DUA should allow for a search to complete' E 35 | QUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 36 | olcAttributeTypes: {4}( DUAConfSchemaOID:1.4 NAME 'bindTimeLimit' DESC 'Maximu 37 | m time in seconds a DUA should allow for the bind operation to com 38 | plete' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALU 39 | E ) 40 | olcAttributeTypes: {5}( DUAConfSchemaOID:1.5 NAME 'followReferrals' DESC 'Tell 41 | s DUA if it should follow referrals returned by a DSA search resul 42 | t' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) 43 | olcAttributeTypes: {6}( DUAConfSchemaOID:1.16 NAME 'dereferenceAliases' DESC ' 44 | Tells DUA if it should dereference aliases' EQUALITY booleanMatch SYNTAX 1.3. 45 | 6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) 46 | olcAttributeTypes: {7}( DUAConfSchemaOID:1.6 NAME 'authenticationMethod' DESC 47 | 'A keystring which identifies the type of authentication method us 48 | ed to contact the DSA' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.1 49 | 21.1.15 SINGLE-VALUE ) 50 | olcAttributeTypes: {8}( DUAConfSchemaOID:1.7 NAME 'profileTTL' DESC 'Time to l 51 | ive, in seconds, before a client DUA should re-read this configura 52 | tion profile' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SING 53 | LE-VALUE ) 54 | olcAttributeTypes: {9}( DUAConfSchemaOID:1.14 NAME 'serviceSearchDescriptor' D 55 | ESC 'LDAP search descriptor list used by a DUA' EQUALITY caseExactMatch SYNTA 56 | X 1.3.6.1.4.1.1466.115.121.1.15 ) 57 | olcAttributeTypes: {10}( DUAConfSchemaOID:1.9 NAME 'attributeMap' DESC 'Attrib 58 | ute mappings used by a DUA' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.14 59 | 66.115.121.1.26 ) 60 | olcAttributeTypes: {11}( DUAConfSchemaOID:1.10 NAME 'credentialLevel' DESC 'Id 61 | entifies type of credentials a DUA should use when binding to the 62 | LDAP server' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 63 | SINGLE-VALUE ) 64 | olcAttributeTypes: {12}( DUAConfSchemaOID:1.11 NAME 'objectclassMap' DESC 'Obj 65 | ectclass mappings used by a DUA' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4 66 | .1.1466.115.121.1.26 ) 67 | olcAttributeTypes: {13}( DUAConfSchemaOID:1.12 NAME 'defaultSearchScope' DESC 68 | 'Default search scope used by a DUA' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6 69 | .1.4.1.1466.115.121.1.26 SINGLE-VALUE ) 70 | olcAttributeTypes: {14}( DUAConfSchemaOID:1.13 NAME 'serviceCredentialLevel' D 71 | ESC 'Identifies type of credentials a DUA should use when binding 72 | to the LDAP server for a specific service' EQUALITY caseIgnoreIA5M 73 | atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 74 | olcAttributeTypes: {15}( DUAConfSchemaOID:1.15 NAME 'serviceAuthenticationMeth 75 | od' DESC 'Authentication method used by a service of the DUA' EQUALITY caseIg 76 | noreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 77 | olcObjectClasses: {0}( DUAConfSchemaOID:2.5 NAME 'DUAConfigProfile' DESC 'Abst 78 | raction of a base configuration for a DUA' SUP top STRUCTURAL MUST cn MAY ( d 79 | efaultServerList $ preferredServerList $ defaultSearchBase $ defaultSearchSco 80 | pe $ searchTimeLimit $ bindTimeLimit $ credentialLevel $ authenticationMethod 81 | $ followReferrals $ dereferenceAliases $ serviceSearchDescriptor $ serviceCr 82 | edentialLevel $ serviceAuthenticationMethod $ objectclassMap $ attributeMap $ 83 | profileTTL ) ) 84 | -------------------------------------------------------------------------------- /contrib/config/schema/duaconf.schema: -------------------------------------------------------------------------------- 1 | # $OpenLDAP$ 2 | ## This work is part of OpenLDAP Software . 3 | ## 4 | ## Copyright 1998-2014 The OpenLDAP Foundation. 5 | ## All rights reserved. 6 | ## 7 | ## Redistribution and use in source and binary forms, with or without 8 | ## modification, are permitted only as authorized by the OpenLDAP 9 | ## Public License. 10 | ## 11 | ## A copy of this license is available in the file LICENSE in the 12 | ## top-level directory of the distribution or, alternatively, at 13 | ## . 14 | 15 | # DUA schema from draft-joslin-config-schema (a work in progress) 16 | 17 | # Contents of this file are subject to change (including deletion) 18 | # without notice. 19 | # 20 | # Not recommended for production use! 21 | # Use with extreme caution! 22 | 23 | ## Notes: 24 | ## - The matching rule for attributes followReferrals and dereferenceAliases 25 | ## has been changed to booleanMatch since their syntax is boolean 26 | ## - There was a typo in the name of the dereferenceAliases attributeType 27 | ## in the DUAConfigProfile objectClass definition 28 | ## - Credit goes to the original Authors 29 | 30 | # 31 | # Application Working Group M. Ansari 32 | # INTERNET-DRAFT Sun Microsystems, Inc. 33 | # Expires Febuary 2003 L. Howard 34 | # PADL Software Pty. Ltd. 35 | # B. Joslin [ed.] 36 | # Hewlett-Packard Company 37 | # 38 | # September 15th, 2003 39 | # Intended Category: Informational 40 | # 41 | # 42 | # A Configuration Schema for LDAP Based 43 | # Directory User Agents 44 | # 45 | # 46 | #Status of this Memo 47 | # 48 | # This memo provides information for the Internet community. This 49 | # memo does not specify an Internet standard of any kind. Distribu- 50 | # tion of this memo is unlimited. 51 | # 52 | # This document is an Internet-Draft and is in full conformance with 53 | # all provisions of Section 10 of RFC2026. 54 | # 55 | # This document is an Internet-Draft. Internet-Drafts are working 56 | # documents of the Internet Engineering Task Force (IETF), its areas, 57 | # and its working groups. Note that other groups may also distribute 58 | # working documents as Internet-Drafts. 59 | # 60 | # Internet-Drafts are draft documents valid for a maximum of six 61 | # months. Internet-Drafts may be updated, replaced, or made obsolete 62 | # by other documents at any time. It is not appropriate to use 63 | # Internet-Drafts as reference material or to cite them other than as 64 | # a "working draft" or "work in progress". 65 | # 66 | # To learn the current status of any Internet-Draft, please check the 67 | # 1id-abstracts.txt listing contained in the Internet-Drafts Shadow 68 | # Directories on ds.internic.net (US East Coast), nic.nordu.net 69 | # (Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific 70 | # Rim). 71 | # 72 | # Distribution of this document is unlimited. 73 | # 74 | # 75 | # Abstract 76 | # 77 | # This document describes a mechanism for global configuration of 78 | # similar directory user agents. This document defines a schema for 79 | # configuration of these DUAs that may be discovered using the Light- 80 | # weight Directory Access Protocol in RFC 2251[17]. A set of attri- 81 | # bute types and an objectclass are proposed, along with specific 82 | # guidelines for interpreting them. A significant feature of the 83 | # global configuration policy for DUAs is a mechanism that allows 84 | # DUAs to re-configure their schema to that of the end user's 85 | # environment. This configuration is achieved through attribute and 86 | # objectclass mapping. This document is intended to be a skeleton 87 | # for future documents that describe configuration of specific DUA 88 | # services. 89 | # 90 | # 91 | # [trimmed] 92 | # 93 | # 94 | # 2. General Issues 95 | # 96 | # The schema defined by this document is defined under the "DUA Con- 97 | # figuration Schema." This schema is derived from the OID: iso (1) 98 | # org (3) dod (6) internet (1) private (4) enterprises (1) Hewlett- 99 | # Packard Company (11) directory (1) LDAP-UX Integration Project (3) 100 | # DUA Configuration Schema (1). This OID is represented in this 101 | # document by the keystring "DUAConfSchemaOID" 102 | # (1.3.6.1.4.1.11.1.3.1). 103 | objectidentifier DUAConfSchemaOID 1.3.6.1.4.1.11.1.3.1 104 | # 105 | # 2.2 Attributes 106 | # 107 | # The attributes and classes defined in this document are summarized 108 | # below. 109 | # 110 | # The following attributes are defined in this document: 111 | # 112 | # preferredServerList 113 | # defaultServerList 114 | # defaultSearchBase 115 | # defaultSearchScope 116 | # authenticationMethod 117 | # credentialLevel 118 | # serviceSearchDescriptor 119 | # 120 | # 121 | # 122 | # Joslin [Page 3] 123 | # Internet-Draft DUA Configuration Schema October 2002 124 | # 125 | # 126 | # serviceCredentialLevel 127 | # serviceAuthenticationMethod 128 | # attributeMap 129 | # objectclassMap 130 | # searchTimeLimit 131 | # bindTimeLimit 132 | # followReferrals 133 | # dereferenceAliases 134 | # profileTTL 135 | # 136 | # 2.3 Object Classes 137 | # 138 | # The following object class is defined in this document: 139 | # 140 | # DUAConfigProfile 141 | # 142 | # 143 | attributeType ( DUAConfSchemaOID:1.0 NAME 'defaultServerList' 144 | DESC 'Default LDAP server host address used by a DUA' 145 | EQUALITY caseIgnoreMatch 146 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 147 | SINGLE-VALUE ) 148 | 149 | attributeType ( DUAConfSchemaOID:1.1 NAME 'defaultSearchBase' 150 | DESC 'Default LDAP base DN used by a DUA' 151 | EQUALITY distinguishedNameMatch 152 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 153 | SINGLE-VALUE ) 154 | 155 | attributeType ( DUAConfSchemaOID:1.2 NAME 'preferredServerList' 156 | DESC 'Preferred LDAP server host addresses to be used by a 157 | DUA' 158 | EQUALITY caseIgnoreMatch 159 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 160 | SINGLE-VALUE ) 161 | 162 | attributeType ( DUAConfSchemaOID:1.3 NAME 'searchTimeLimit' 163 | DESC 'Maximum time in seconds a DUA should allow for a 164 | search to complete' 165 | EQUALITY integerMatch 166 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 167 | SINGLE-VALUE ) 168 | 169 | attributeType ( DUAConfSchemaOID:1.4 NAME 'bindTimeLimit' 170 | DESC 'Maximum time in seconds a DUA should allow for the 171 | bind operation to complete' 172 | EQUALITY integerMatch 173 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 174 | SINGLE-VALUE ) 175 | 176 | attributeType ( DUAConfSchemaOID:1.5 NAME 'followReferrals' 177 | DESC 'Tells DUA if it should follow referrals 178 | returned by a DSA search result' 179 | EQUALITY booleanMatch 180 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 181 | SINGLE-VALUE ) 182 | 183 | attributeType ( DUAConfSchemaOID:1.16 NAME 'dereferenceAliases' 184 | DESC 'Tells DUA if it should dereference aliases' 185 | EQUALITY booleanMatch 186 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 187 | SINGLE-VALUE ) 188 | 189 | attributeType ( DUAConfSchemaOID:1.6 NAME 'authenticationMethod' 190 | DESC 'A keystring which identifies the type of 191 | authentication method used to contact the DSA' 192 | EQUALITY caseIgnoreMatch 193 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 194 | SINGLE-VALUE ) 195 | 196 | attributeType ( DUAConfSchemaOID:1.7 NAME 'profileTTL' 197 | DESC 'Time to live, in seconds, before a client DUA 198 | should re-read this configuration profile' 199 | EQUALITY integerMatch 200 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 201 | SINGLE-VALUE ) 202 | 203 | attributeType ( DUAConfSchemaOID:1.14 NAME 'serviceSearchDescriptor' 204 | DESC 'LDAP search descriptor list used by a DUA' 205 | EQUALITY caseExactMatch 206 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 207 | 208 | attributeType ( DUAConfSchemaOID:1.9 NAME 'attributeMap' 209 | DESC 'Attribute mappings used by a DUA' 210 | EQUALITY caseIgnoreIA5Match 211 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 212 | 213 | attributeType ( DUAConfSchemaOID:1.10 NAME 'credentialLevel' 214 | DESC 'Identifies type of credentials a DUA should 215 | use when binding to the LDAP server' 216 | EQUALITY caseIgnoreIA5Match 217 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 218 | SINGLE-VALUE ) 219 | 220 | attributeType ( DUAConfSchemaOID:1.11 NAME 'objectclassMap' 221 | DESC 'Objectclass mappings used by a DUA' 222 | EQUALITY caseIgnoreIA5Match 223 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 224 | 225 | attributeType ( DUAConfSchemaOID:1.12 NAME 'defaultSearchScope' 226 | DESC 'Default search scope used by a DUA' 227 | EQUALITY caseIgnoreIA5Match 228 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 229 | SINGLE-VALUE ) 230 | 231 | attributeType ( DUAConfSchemaOID:1.13 NAME 'serviceCredentialLevel' 232 | DESC 'Identifies type of credentials a DUA 233 | should use when binding to the LDAP server for a 234 | specific service' 235 | EQUALITY caseIgnoreIA5Match 236 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 237 | 238 | attributeType ( DUAConfSchemaOID:1.15 NAME 'serviceAuthenticationMethod' 239 | DESC 'Authentication method used by a service of the DUA' 240 | EQUALITY caseIgnoreMatch 241 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 242 | # 243 | # 4. Class Definition 244 | # 245 | # The objectclass below is constructed from the attributes defined in 246 | # 3, with the exception of the cn attribute, which is defined in RFC 247 | # 2256 [8]. cn is used to represent the name of the DUA configura- 248 | # tion profile. 249 | # 250 | objectClass ( DUAConfSchemaOID:2.5 NAME 'DUAConfigProfile' 251 | SUP top STRUCTURAL 252 | DESC 'Abstraction of a base configuration for a DUA' 253 | MUST ( cn ) 254 | MAY ( defaultServerList $ preferredServerList $ 255 | defaultSearchBase $ defaultSearchScope $ 256 | searchTimeLimit $ bindTimeLimit $ 257 | credentialLevel $ authenticationMethod $ 258 | followReferrals $ dereferenceAliases $ 259 | serviceSearchDescriptor $ serviceCredentialLevel $ 260 | serviceAuthenticationMethod $ objectclassMap $ 261 | attributeMap $ profileTTL ) ) 262 | -------------------------------------------------------------------------------- /contrib/config/schema/dyngroup.ldif: -------------------------------------------------------------------------------- 1 | # dyngroup.schema -- Dynamic Group schema 2 | # $OpenLDAP$ 3 | ## This work is part of OpenLDAP Software . 4 | ## 5 | ## Copyright 1998-2014 The OpenLDAP Foundation. 6 | ## All rights reserved. 7 | ## 8 | ## Redistribution and use in source and binary forms, with or without 9 | ## modification, are permitted only as authorized by the OpenLDAP 10 | ## Public License. 11 | ## 12 | ## A copy of this license is available in the file LICENSE in the 13 | ## top-level directory of the distribution or, alternatively, at 14 | ## . 15 | # 16 | # Dynamic Group schema (experimental), as defined by Netscape. See 17 | # http://www.redhat.com/docs/manuals/ent-server/pdf/esadmin611.pdf 18 | # page 70 for details on how these groups were used. 19 | # 20 | # A description of the objectclass definition is available here: 21 | # http://www.redhat.com/docs/manuals/dir-server/schema/7.1/oc_dir.html#1303745 22 | # 23 | # depends upon: 24 | # core.schema 25 | # 26 | # These definitions are considered experimental due to the lack of 27 | # a formal specification (e.g., RFC). 28 | # 29 | # NOT RECOMMENDED FOR PRODUCTION USE! USE WITH CAUTION! 30 | # 31 | # The Netscape documentation describes this as an auxiliary objectclass 32 | # but their implementations have always defined it as a structural class. 33 | # The sloppiness here is because Netscape-derived servers don't actually 34 | # implement the X.500 data model, and they don't honor the distinction 35 | # between structural and auxiliary classes. This fact is noted here: 36 | # http://forum.java.sun.com/thread.jspa?threadID=5016864&messageID=9034636 37 | # 38 | # In accordance with other existing implementations, we define it as a 39 | # structural class. 40 | # 41 | # Our definition of memberURL also does not match theirs but again 42 | # their published definition and what works in practice do not agree. 43 | # In other words, the Netscape definitions are broken and interoperability 44 | # is not guaranteed. 45 | # 46 | # Also see the new DynGroup proposed spec at 47 | # http://tools.ietf.org/html/draft-haripriya-dynamicgroup-02 48 | dn: cn=dyngroup,cn=schema,cn=config 49 | objectClass: olcSchemaConfig 50 | cn: dyngroup 51 | olcObjectIdentifier: {0}NetscapeRoot 2.16.840.1.113730 52 | olcObjectIdentifier: {1}NetscapeLDAP NetscapeRoot:3 53 | olcObjectIdentifier: {2}NetscapeLDAPattributeType NetscapeLDAP:1 54 | olcObjectIdentifier: {3}NetscapeLDAPobjectClass NetscapeLDAP:2 55 | olcObjectIdentifier: {4}OpenLDAPExp11 1.3.6.1.4.1.4203.666.11 56 | olcObjectIdentifier: {5}DynGroupBase OpenLDAPExp11:8 57 | olcObjectIdentifier: {6}DynGroupAttr DynGroupBase:1 58 | olcObjectIdentifier: {7}DynGroupOC DynGroupBase:2 59 | olcAttributeTypes: {0}( NetscapeLDAPattributeType:198 NAME 'memberURL' DESC 'I 60 | dentifies an URL associated with each member of a group. Any type of labeled 61 | URL can be used.' SUP labeledURI ) 62 | olcAttributeTypes: {1}( DynGroupAttr:1 NAME 'dgIdentity' DESC 'Identity to use 63 | when processing the memberURL' SUP distinguishedName SINGLE-VALUE ) 64 | olcAttributeTypes: {2}( DynGroupAttr:2 NAME 'dgAuthz' DESC 'Optional authoriza 65 | tion rules that determine who is allowed to assume the dgIdentity' EQUALITY a 66 | uthzMatch SYNTAX 1.3.6.1.4.1.4203.666.2.7 X-ORDERED 'VALUES' ) 67 | olcObjectClasses: {0}( NetscapeLDAPobjectClass:33 NAME 'groupOfURLs' SUP top S 68 | TRUCTURAL MUST cn MAY ( memberURL $ businessCategory $ description $ o $ ou $ 69 | owner $ seeAlso ) ) 70 | olcObjectClasses: {1}( DynGroupOC:1 NAME 'dgIdentityAux' SUP top AUXILIARY MAY 71 | ( dgIdentity $ dgAuthz ) ) 72 | -------------------------------------------------------------------------------- /contrib/config/schema/dyngroup.schema: -------------------------------------------------------------------------------- 1 | # dyngroup.schema -- Dynamic Group schema 2 | # $OpenLDAP$ 3 | ## This work is part of OpenLDAP Software . 4 | ## 5 | ## Copyright 1998-2014 The OpenLDAP Foundation. 6 | ## All rights reserved. 7 | ## 8 | ## Redistribution and use in source and binary forms, with or without 9 | ## modification, are permitted only as authorized by the OpenLDAP 10 | ## Public License. 11 | ## 12 | ## A copy of this license is available in the file LICENSE in the 13 | ## top-level directory of the distribution or, alternatively, at 14 | ## . 15 | # 16 | # Dynamic Group schema (experimental), as defined by Netscape. See 17 | # http://www.redhat.com/docs/manuals/ent-server/pdf/esadmin611.pdf 18 | # page 70 for details on how these groups were used. 19 | # 20 | # A description of the objectclass definition is available here: 21 | # http://www.redhat.com/docs/manuals/dir-server/schema/7.1/oc_dir.html#1303745 22 | # 23 | # depends upon: 24 | # core.schema 25 | # 26 | # These definitions are considered experimental due to the lack of 27 | # a formal specification (e.g., RFC). 28 | # 29 | # NOT RECOMMENDED FOR PRODUCTION USE! USE WITH CAUTION! 30 | # 31 | # The Netscape documentation describes this as an auxiliary objectclass 32 | # but their implementations have always defined it as a structural class. 33 | # The sloppiness here is because Netscape-derived servers don't actually 34 | # implement the X.500 data model, and they don't honor the distinction 35 | # between structural and auxiliary classes. This fact is noted here: 36 | # http://forum.java.sun.com/thread.jspa?threadID=5016864&messageID=9034636 37 | # 38 | # In accordance with other existing implementations, we define it as a 39 | # structural class. 40 | # 41 | # Our definition of memberURL also does not match theirs but again 42 | # their published definition and what works in practice do not agree. 43 | # In other words, the Netscape definitions are broken and interoperability 44 | # is not guaranteed. 45 | # 46 | # Also see the new DynGroup proposed spec at 47 | # http://tools.ietf.org/html/draft-haripriya-dynamicgroup-02 48 | 49 | objectIdentifier NetscapeRoot 2.16.840.1.113730 50 | 51 | objectIdentifier NetscapeLDAP NetscapeRoot:3 52 | objectIdentifier NetscapeLDAPattributeType NetscapeLDAP:1 53 | objectIdentifier NetscapeLDAPobjectClass NetscapeLDAP:2 54 | 55 | objectIdentifier OpenLDAPExp11 1.3.6.1.4.1.4203.666.11 56 | objectIdentifier DynGroupBase OpenLDAPExp11:8 57 | objectIdentifier DynGroupAttr DynGroupBase:1 58 | objectIdentifier DynGroupOC DynGroupBase:2 59 | 60 | attributetype ( NetscapeLDAPattributeType:198 61 | NAME 'memberURL' 62 | DESC 'Identifies an URL associated with each member of a group. Any type of labeled URL can be used.' 63 | SUP labeledURI ) 64 | 65 | attributetype ( DynGroupAttr:1 66 | NAME 'dgIdentity' 67 | DESC 'Identity to use when processing the memberURL' 68 | SUP distinguishedName SINGLE-VALUE ) 69 | 70 | attributeType ( DynGroupAttr:2 71 | NAME 'dgAuthz' 72 | DESC 'Optional authorization rules that determine who is allowed to assume the dgIdentity' 73 | EQUALITY authzMatch 74 | SYNTAX 1.3.6.1.4.1.4203.666.2.7 75 | X-ORDERED 'VALUES' ) 76 | 77 | objectClass ( NetscapeLDAPobjectClass:33 78 | NAME 'groupOfURLs' 79 | SUP top STRUCTURAL 80 | MUST cn 81 | MAY ( memberURL $ businessCategory $ description $ o $ ou $ 82 | owner $ seeAlso ) ) 83 | 84 | # The Haripriya dyngroup schema still needs a lot of work. 85 | # We're just adding support for the dgIdentity attribute for now... 86 | objectClass ( DynGroupOC:1 87 | NAME 'dgIdentityAux' 88 | SUP top AUXILIARY 89 | MAY ( dgIdentity $ dgAuthz ) ) 90 | 91 | 92 | -------------------------------------------------------------------------------- /contrib/config/schema/inetorgperson.ldif: -------------------------------------------------------------------------------- 1 | # InetOrgPerson (RFC2798) 2 | # $OpenLDAP$ 3 | ## This work is part of OpenLDAP Software . 4 | ## 5 | ## Copyright 1998-2014 The OpenLDAP Foundation. 6 | ## All rights reserved. 7 | ## 8 | ## Redistribution and use in source and binary forms, with or without 9 | ## modification, are permitted only as authorized by the OpenLDAP 10 | ## Public License. 11 | ## 12 | ## A copy of this license is available in the file LICENSE in the 13 | ## top-level directory of the distribution or, alternatively, at 14 | ## . 15 | # 16 | # InetOrgPerson (RFC2798) 17 | # 18 | # Depends upon 19 | # Definition of an X.500 Attribute Type and an Object Class to Hold 20 | # Uniform Resource Identifiers (URIs) [RFC2079] 21 | # (core.ldif) 22 | # 23 | # A Summary of the X.500(96) User Schema for use with LDAPv3 [RFC2256] 24 | # (core.ldif) 25 | # 26 | # The COSINE and Internet X.500 Schema [RFC1274] (cosine.ldif) 27 | # 28 | # This file was automatically generated from inetorgperson.schema; see 29 | # that file for complete references. 30 | # 31 | dn: cn=inetorgperson,cn=schema,cn=config 32 | objectClass: olcSchemaConfig 33 | cn: inetorgperson 34 | olcAttributeTypes: ( 2.16.840.1.113730.3.1.1 NAME 'carLicense' DESC 'RFC279 35 | 8: vehicle license or registration plate' EQUALITY caseIgnoreMatch SUBSTR cas 36 | eIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 37 | olcAttributeTypes: ( 2.16.840.1.113730.3.1.2 NAME 'departmentNumber' DESC ' 38 | RFC2798: identifies a department within an organization' EQUALITY caseIgnoreM 39 | atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 40 | olcAttributeTypes: ( 2.16.840.1.113730.3.1.241 NAME 'displayName' DESC 'RFC 41 | 2798: preferred name to be used when displaying entries' EQUALITY caseIgnoreM 42 | atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI 43 | NGLE-VALUE ) 44 | olcAttributeTypes: ( 2.16.840.1.113730.3.1.3 NAME 'employeeNumber' DESC 'RF 45 | C2798: numerically identifies an employee within an organization' EQUALITY ca 46 | seIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 47 | 1.1.15 SINGLE-VALUE ) 48 | olcAttributeTypes: ( 2.16.840.1.113730.3.1.4 NAME 'employeeType' DESC 'RFC2 49 | 798: type of employment for a person' EQUALITY caseIgnoreMatch SUBSTR caseIgn 50 | oreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 51 | olcAttributeTypes: ( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' DESC 'RFC2 52 | 798: a JPEG image' SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 ) 53 | olcAttributeTypes: ( 2.16.840.1.113730.3.1.39 NAME 'preferredLanguage' DESC 54 | 'RFC2798: preferred written or spoken language for a person' EQUALITY caseIg 55 | noreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. 56 | 15 SINGLE-VALUE ) 57 | olcAttributeTypes: ( 2.16.840.1.113730.3.1.40 NAME 'userSMIMECertificate' D 58 | ESC 'RFC2798: PKCS#7 SignedData used to support S/MIME' SYNTAX 1.3.6.1.4.1.14 59 | 66.115.121.1.5 ) 60 | olcAttributeTypes: ( 2.16.840.1.113730.3.1.216 NAME 'userPKCS12' DESC 'RFC2 61 | 798: personal identity information, a PKCS #12 PFX' SYNTAX 1.3.6.1.4.1.1466.1 62 | 15.121.1.5 ) 63 | olcObjectClasses: ( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson' DESC 'RFC2 64 | 798: Internet Organizational Person' SUP organizationalPerson STRUCTURAL MAY 65 | ( audio $ businessCategory $ carLicense $ departmentNumber $ displayName $ em 66 | ployeeNumber $ employeeType $ givenName $ homePhone $ homePostalAddress $ ini 67 | tials $ jpegPhoto $ labeledURI $ mail $ manager $ mobile $ o $ pager $ photo 68 | $ roomNumber $ secretary $ uid $ userCertificate $ x500uniqueIdentifier $ pre 69 | ferredLanguage $ userSMIMECertificate $ userPKCS12 ) ) 70 | -------------------------------------------------------------------------------- /contrib/config/schema/inetorgperson.schema: -------------------------------------------------------------------------------- 1 | # inetorgperson.schema -- InetOrgPerson (RFC2798) 2 | # $OpenLDAP$ 3 | ## This work is part of OpenLDAP Software . 4 | ## 5 | ## Copyright 1998-2014 The OpenLDAP Foundation. 6 | ## All rights reserved. 7 | ## 8 | ## Redistribution and use in source and binary forms, with or without 9 | ## modification, are permitted only as authorized by the OpenLDAP 10 | ## Public License. 11 | ## 12 | ## A copy of this license is available in the file LICENSE in the 13 | ## top-level directory of the distribution or, alternatively, at 14 | ## . 15 | # 16 | # InetOrgPerson (RFC2798) 17 | # 18 | # Depends upon 19 | # Definition of an X.500 Attribute Type and an Object Class to Hold 20 | # Uniform Resource Identifiers (URIs) [RFC2079] 21 | # (core.schema) 22 | # 23 | # A Summary of the X.500(96) User Schema for use with LDAPv3 [RFC2256] 24 | # (core.schema) 25 | # 26 | # The COSINE and Internet X.500 Schema [RFC1274] (cosine.schema) 27 | 28 | # carLicense 29 | # This multivalued field is used to record the values of the license or 30 | # registration plate associated with an individual. 31 | attributetype ( 2.16.840.1.113730.3.1.1 32 | NAME 'carLicense' 33 | DESC 'RFC2798: vehicle license or registration plate' 34 | EQUALITY caseIgnoreMatch 35 | SUBSTR caseIgnoreSubstringsMatch 36 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 37 | 38 | # departmentNumber 39 | # Code for department to which a person belongs. This can also be 40 | # strictly numeric (e.g., 1234) or alphanumeric (e.g., ABC/123). 41 | attributetype ( 2.16.840.1.113730.3.1.2 42 | NAME 'departmentNumber' 43 | DESC 'RFC2798: identifies a department within an organization' 44 | EQUALITY caseIgnoreMatch 45 | SUBSTR caseIgnoreSubstringsMatch 46 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 47 | 48 | # displayName 49 | # When displaying an entry, especially within a one-line summary list, it 50 | # is useful to be able to identify a name to be used. Since other attri- 51 | # bute types such as 'cn' are multivalued, an additional attribute type is 52 | # needed. Display name is defined for this purpose. 53 | attributetype ( 2.16.840.1.113730.3.1.241 54 | NAME 'displayName' 55 | DESC 'RFC2798: preferred name to be used when displaying entries' 56 | EQUALITY caseIgnoreMatch 57 | SUBSTR caseIgnoreSubstringsMatch 58 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 59 | SINGLE-VALUE ) 60 | 61 | # employeeNumber 62 | # Numeric or alphanumeric identifier assigned to a person, typically based 63 | # on order of hire or association with an organization. Single valued. 64 | attributetype ( 2.16.840.1.113730.3.1.3 65 | NAME 'employeeNumber' 66 | DESC 'RFC2798: numerically identifies an employee within an organization' 67 | EQUALITY caseIgnoreMatch 68 | SUBSTR caseIgnoreSubstringsMatch 69 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 70 | SINGLE-VALUE ) 71 | 72 | # employeeType 73 | # Used to identify the employer to employee relationship. Typical values 74 | # used will be "Contractor", "Employee", "Intern", "Temp", "External", and 75 | # "Unknown" but any value may be used. 76 | attributetype ( 2.16.840.1.113730.3.1.4 77 | NAME 'employeeType' 78 | DESC 'RFC2798: type of employment for a person' 79 | EQUALITY caseIgnoreMatch 80 | SUBSTR caseIgnoreSubstringsMatch 81 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 82 | 83 | # jpegPhoto 84 | # Used to store one or more images of a person using the JPEG File 85 | # Interchange Format [JFIF]. 86 | # Note that the jpegPhoto attribute type was defined for use in the 87 | # Internet X.500 pilots but no referencable definition for it could be 88 | # located. 89 | attributetype ( 0.9.2342.19200300.100.1.60 90 | NAME 'jpegPhoto' 91 | DESC 'RFC2798: a JPEG image' 92 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 ) 93 | 94 | # preferredLanguage 95 | # Used to indicate an individual's preferred written or spoken 96 | # language. This is useful for international correspondence or human- 97 | # computer interaction. Values for this attribute type MUST conform to 98 | # the definition of the Accept-Language header field defined in 99 | # [RFC2068] with one exception: the sequence "Accept-Language" ":" 100 | # should be omitted. This is a single valued attribute type. 101 | attributetype ( 2.16.840.1.113730.3.1.39 102 | NAME 'preferredLanguage' 103 | DESC 'RFC2798: preferred written or spoken language for a person' 104 | EQUALITY caseIgnoreMatch 105 | SUBSTR caseIgnoreSubstringsMatch 106 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 107 | SINGLE-VALUE ) 108 | 109 | # userSMIMECertificate 110 | # A PKCS#7 [RFC2315] SignedData, where the content that is signed is 111 | # ignored by consumers of userSMIMECertificate values. It is 112 | # recommended that values have a `contentType' of data with an absent 113 | # `content' field. Values of this attribute contain a person's entire 114 | # certificate chain and an smimeCapabilities field [RFC2633] that at a 115 | # minimum describes their SMIME algorithm capabilities. Values for 116 | # this attribute are to be stored and requested in binary form, as 117 | # 'userSMIMECertificate;binary'. If available, this attribute is 118 | # preferred over the userCertificate attribute for S/MIME applications. 119 | ## OpenLDAP note: ";binary" transfer should NOT be used as syntax is binary 120 | attributetype ( 2.16.840.1.113730.3.1.40 121 | NAME 'userSMIMECertificate' 122 | DESC 'RFC2798: PKCS#7 SignedData used to support S/MIME' 123 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ) 124 | 125 | # userPKCS12 126 | # PKCS #12 [PKCS12] provides a format for exchange of personal identity 127 | # information. When such information is stored in a directory service, 128 | # the userPKCS12 attribute should be used. This attribute is to be stored 129 | # and requested in binary form, as 'userPKCS12;binary'. The attribute 130 | # values are PFX PDUs stored as binary data. 131 | ## OpenLDAP note: ";binary" transfer should NOT be used as syntax is binary 132 | attributetype ( 2.16.840.1.113730.3.1.216 133 | NAME 'userPKCS12' 134 | DESC 'RFC2798: personal identity information, a PKCS #12 PFX' 135 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ) 136 | 137 | 138 | # inetOrgPerson 139 | # The inetOrgPerson represents people who are associated with an 140 | # organization in some way. It is a structural class and is derived 141 | # from the organizationalPerson which is defined in X.521 [X521]. 142 | objectclass ( 2.16.840.1.113730.3.2.2 143 | NAME 'inetOrgPerson' 144 | DESC 'RFC2798: Internet Organizational Person' 145 | SUP organizationalPerson 146 | STRUCTURAL 147 | MAY ( 148 | audio $ businessCategory $ carLicense $ departmentNumber $ 149 | displayName $ employeeNumber $ employeeType $ givenName $ 150 | homePhone $ homePostalAddress $ initials $ jpegPhoto $ 151 | labeledURI $ mail $ manager $ mobile $ o $ pager $ 152 | photo $ roomNumber $ secretary $ uid $ userCertificate $ 153 | x500uniqueIdentifier $ preferredLanguage $ 154 | userSMIMECertificate $ userPKCS12 ) 155 | ) 156 | -------------------------------------------------------------------------------- /contrib/config/schema/java.ldif: -------------------------------------------------------------------------------- 1 | # java.ldif -- Java Object Schema 2 | # $OpenLDAP$ 3 | ## This work is part of OpenLDAP Software . 4 | ## 5 | ## Copyright 1998-2014 The OpenLDAP Foundation. 6 | ## All rights reserved. 7 | ## 8 | ## Redistribution and use in source and binary forms, with or without 9 | ## modification, are permitted only as authorized by the OpenLDAP 10 | ## Public License. 11 | ## 12 | ## A copy of this license is available in the file LICENSE in the 13 | ## top-level directory of the distribution or, alternatively, at 14 | ## . 15 | # 16 | # Java Object Schema (defined in RFC 2713) 17 | # depends upon core.ldif 18 | # 19 | # This file was automatically generated from java.schema; see that file 20 | # for complete references. 21 | # 22 | dn: cn=java,cn=schema,cn=config 23 | objectClass: olcSchemaConfig 24 | cn: java 25 | olcAttributeTypes: {0}( 1.3.6.1.4.1.42.2.27.4.1.6 NAME 'javaClassName' DESC 'F 26 | ully qualified name of distinguished Java class or interface' EQUALITY caseEx 27 | actMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) 28 | olcAttributeTypes: {1}( 1.3.6.1.4.1.42.2.27.4.1.7 NAME 'javaCodebase' DESC 'UR 29 | L(s) specifying the location of class definition' EQUALITY caseExactIA5Match 30 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 31 | olcAttributeTypes: {2}( 1.3.6.1.4.1.42.2.27.4.1.13 NAME 'javaClassNames' DESC 32 | 'Fully qualified Java class or interface name' EQUALITY caseExactMatch SYNTAX 33 | 1.3.6.1.4.1.1466.115.121.1.15 ) 34 | olcAttributeTypes: {3}( 1.3.6.1.4.1.42.2.27.4.1.8 NAME 'javaSerializedData' DE 35 | SC 'Serialized form of a Java object' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SI 36 | NGLE-VALUE ) 37 | olcAttributeTypes: {4}( 1.3.6.1.4.1.42.2.27.4.1.10 NAME 'javaFactory' DESC 'Fu 38 | lly qualified Java class name of a JNDI object factory' EQUALITY caseExactMat 39 | ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) 40 | olcAttributeTypes: {5}( 1.3.6.1.4.1.42.2.27.4.1.11 NAME 'javaReferenceAddress' 41 | DESC 'Addresses associated with a JNDI Reference' EQUALITY caseExactMatch SY 42 | NTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 43 | olcAttributeTypes: {6}( 1.3.6.1.4.1.42.2.27.4.1.12 NAME 'javaDoc' DESC 'The Ja 44 | va documentation for the class' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1 45 | .1466.115.121.1.26 ) 46 | olcObjectClasses: {0}( 1.3.6.1.4.1.42.2.27.4.2.1 NAME 'javaContainer' DESC 'Co 47 | ntainer for a Java object' SUP top STRUCTURAL MUST cn ) 48 | olcObjectClasses: {1}( 1.3.6.1.4.1.42.2.27.4.2.4 NAME 'javaObject' DESC 'Java 49 | object representation' SUP top ABSTRACT MUST javaClassName MAY ( javaClassNam 50 | es $ javaCodebase $ javaDoc $ description ) ) 51 | olcObjectClasses: {2}( 1.3.6.1.4.1.42.2.27.4.2.5 NAME 'javaSerializedObject' D 52 | ESC 'Java serialized object' SUP javaObject AUXILIARY MUST javaSerializedData 53 | ) 54 | olcObjectClasses: {3}( 1.3.6.1.4.1.42.2.27.4.2.8 NAME 'javaMarshalledObject' D 55 | ESC 'Java marshalled object' SUP javaObject AUXILIARY MUST javaSerializedData 56 | ) 57 | olcObjectClasses: {4}( 1.3.6.1.4.1.42.2.27.4.2.7 NAME 'javaNamingReference' DE 58 | SC 'JNDI reference' SUP javaObject AUXILIARY MAY ( javaReferenceAddress $ jav 59 | aFactory ) ) 60 | -------------------------------------------------------------------------------- /contrib/config/schema/java.schema: -------------------------------------------------------------------------------- 1 | # java.schema -- Java Object Schema 2 | # $OpenLDAP$ 3 | ## This work is part of OpenLDAP Software . 4 | ## 5 | ## Copyright 1998-2014 The OpenLDAP Foundation. 6 | ## All rights reserved. 7 | ## 8 | ## Redistribution and use in source and binary forms, with or without 9 | ## modification, are permitted only as authorized by the OpenLDAP 10 | ## Public License. 11 | ## 12 | ## A copy of this license is available in the file LICENSE in the 13 | ## top-level directory of the distribution or, alternatively, at 14 | ## . 15 | # 16 | # Java Object Schema (defined in RFC 2713) 17 | # depends upon core.schema 18 | # 19 | 20 | # Network Working Group V. Ryan 21 | # Request for Comments: 2713 S. Seligman 22 | # Category: Informational R. Lee 23 | # Sun Microsystems, Inc. 24 | # October 1999 25 | # 26 | # 27 | # Schema for Representing Java(tm) Objects in an LDAP Directory 28 | # 29 | # Status of this Memo 30 | # 31 | # This memo provides information for the Internet community. It does 32 | # not specify an Internet standard of any kind. Distribution of this 33 | # memo is unlimited. 34 | # 35 | # Copyright Notice 36 | # 37 | # Copyright (C) The Internet Society (1999). All Rights Reserved. 38 | # 39 | # Abstract 40 | # 41 | # This document defines the schema for representing Java(tm) objects in 42 | # an LDAP directory [LDAPv3]. It defines schema elements to represent 43 | # a Java serialized object [Serial], a Java marshalled object [RMI], a 44 | # Java remote object [RMI], and a JNDI reference [JNDI]. 45 | # 46 | 47 | # [trimmed] 48 | 49 | # 3 Attribute Type Definitions 50 | # 51 | # The following attribute types are defined in this document: 52 | # 53 | # javaClassName 54 | # javaClassNames 55 | # javaCodebase 56 | # javaSerializedData 57 | # javaFactory 58 | # javaReferenceAddress 59 | # javaDoc 60 | # 61 | # 3.1 javaClassName 62 | # 63 | # This attribute stores the fully qualified name of the Java object's 64 | # "distinguished" class or interface (for example, "java.lang.String"). 65 | # It is a single-valued attribute. This attribute's syntax is ' 66 | # Directory String' and its case is significant. 67 | # 68 | # ( 1.3.6.1.4.1.42.2.27.4.1.6 69 | # NAME 'javaClassName' 70 | # DESC 'Fully qualified name of distinguished Java class or 71 | # interface' 72 | # EQUALITY caseExactMatch 73 | # SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 74 | # SINGLE-VALUE 75 | # ) 76 | # 77 | attributetype ( 1.3.6.1.4.1.42.2.27.4.1.6 78 | NAME 'javaClassName' 79 | DESC 'Fully qualified name of distinguished Java class or interface' 80 | EQUALITY caseExactMatch 81 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 82 | SINGLE-VALUE ) 83 | 84 | # 3.2 javaCodebase 85 | # 86 | # This attribute stores the Java class definition's locations. It 87 | # specifies the locations from which to load the class definition for 88 | # the class specified by the javaClassName attribute. Each value of 89 | # the attribute contains an ordered list of URLs, separated by spaces. 90 | # For example, a value of "url1 url2 url3" means that the three 91 | # (possibly interdependent) URLs (url1, url2, and url3) form the 92 | # codebase for loading in the Java class definition. 93 | # 94 | # If the javaCodebase attribute contains more than one value, each 95 | # value is an independent codebase. That is, there is no relationship 96 | # between the URLs in one value and those in another; each value can be 97 | # viewed as an alternate source for loading the Java class definition. 98 | # See [Java] for information regarding class loading. 99 | # 100 | # This attribute's syntax is 'IA5 String' and its case is significant. 101 | # 102 | # ( 1.3.6.1.4.1.42.2.27.4.1.7 103 | # NAME 'javaCodebase' 104 | # DESC 'URL(s) specifying the location of class definition' 105 | # EQUALITY caseExactIA5Match 106 | # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 107 | # ) 108 | # 109 | attributetype ( 1.3.6.1.4.1.42.2.27.4.1.7 110 | NAME 'javaCodebase' 111 | DESC 'URL(s) specifying the location of class definition' 112 | EQUALITY caseExactIA5Match 113 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 114 | 115 | # 3.3 javaClassNames 116 | # 117 | # This attribute stores the Java object's fully qualified class or 118 | # interface names (for example, "java.lang.String"). It is a 119 | # multivalued attribute. When more than one value is present, each is 120 | # the name of a class or interface, or ancestor class or interface, of 121 | # this object. 122 | # 123 | # This attribute's syntax is 'Directory String' and its case is 124 | # significant. 125 | # 126 | # ( 1.3.6.1.4.1.42.2.27.4.1.13 127 | # NAME 'javaClassNames' 128 | # DESC 'Fully qualified Java class or interface name' 129 | # EQUALITY caseExactMatch 130 | # SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 131 | # ) 132 | # 133 | # 134 | attributetype ( 1.3.6.1.4.1.42.2.27.4.1.13 135 | NAME 'javaClassNames' 136 | DESC 'Fully qualified Java class or interface name' 137 | EQUALITY caseExactMatch 138 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 139 | 140 | # 3.4 javaSerializedData 141 | # 142 | # This attribute stores the serialized form of a Java object. The 143 | # serialized form is described in [Serial]. 144 | # 145 | # This attribute's syntax is 'Octet String'. 146 | # 147 | # ( 1.3.6.1.4.1.42.2.27.4.1.8 148 | # NAME 'javaSerializedData 149 | # DESC 'Serialized form of a Java object' 150 | # SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 151 | # SINGLE-VALUE 152 | # ) 153 | # 154 | attributetype ( 1.3.6.1.4.1.42.2.27.4.1.8 155 | NAME 'javaSerializedData' 156 | DESC 'Serialized form of a Java object' 157 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 158 | SINGLE-VALUE ) 159 | 160 | # 3.5 javaFactory 161 | # 162 | # This attribute stores the fully qualified class name of the object 163 | # factory (for example, "com.wiz.jndi.WizObjectFactory") that can be 164 | # used to create an instance of the object identified by the 165 | # javaClassName attribute. 166 | # 167 | # This attribute's syntax is 'Directory String' and its case is 168 | # significant. 169 | # 170 | # ( 1.3.6.1.4.1.42.2.27.4.1.10 171 | # NAME 'javaFactory' 172 | # DESC 'Fully qualified Java class name of a JNDI object factory' 173 | # EQUALITY caseExactMatch 174 | # SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 175 | # SINGLE-VALUE 176 | # ) 177 | # 178 | attributetype ( 1.3.6.1.4.1.42.2.27.4.1.10 179 | NAME 'javaFactory' 180 | DESC 'Fully qualified Java class name of a JNDI object factory' 181 | EQUALITY caseExactMatch 182 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 183 | SINGLE-VALUE ) 184 | 185 | # 3.6 javaReferenceAddress 186 | # 187 | # This attribute represents the sequence of addresses of a JNDI 188 | # reference. Each of its values represents one address, a Java object 189 | # of type javax.naming.RefAddr. Its value is a concatenation of the 190 | # address type and address contents, preceded by a sequence number (the 191 | # order of addresses in a JNDI reference is significant). For example: 192 | # 193 | # #0#TypeA#ValA 194 | # #1#TypeB#ValB 195 | # #2#TypeC##rO0ABXNyABpq... 196 | # 197 | # In more detail, the value is encoded as follows: 198 | # 199 | # The delimiter is the first character of the value. For readability 200 | # the character '#' is recommended when it is not otherwise used 201 | # anywhere in the value, but any character may be used subject to 202 | # restrictions given below. 203 | # 204 | # The first delimiter is followed by the sequence number. The sequence 205 | # number of an address is its position in the JNDI reference, with the 206 | # first address being numbered 0. It is represented by its shortest 207 | # string form, in decimal notation. 208 | # 209 | # The sequence number is followed by a delimiter, then by the address 210 | # type, and then by another delimiter. If the address is of Java class 211 | # javax.naming.StringRefAddr, then this delimiter is followed by the 212 | # value of the address contents (which is a string). Otherwise, this 213 | # delimiter is followed immediately by another delimiter, and then by 214 | # the Base64 encoding of the serialized form of the entire address. 215 | # 216 | # The delimiter may be any character other than a digit or a character 217 | # contained in the address type. In addition, if the address contents 218 | # is a string, the delimiter may not be the first character of that 219 | # string. 220 | # 221 | # This attribute's syntax is 'Directory String' and its case is 222 | # significant. It can contain multiple values. 223 | # 224 | # ( 1.3.6.1.4.1.42.2.27.4.1.11 225 | # NAME 'javaReferenceAddress' 226 | # DESC 'Addresses associated with a JNDI Reference' 227 | # EQUALITY caseExactMatch 228 | # SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 229 | # ) 230 | # 231 | attributetype ( 1.3.6.1.4.1.42.2.27.4.1.11 232 | NAME 'javaReferenceAddress' 233 | DESC 'Addresses associated with a JNDI Reference' 234 | EQUALITY caseExactMatch 235 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 236 | 237 | # 3.7 javaDoc 238 | # 239 | # This attribute stores a pointer to the Java documentation for the 240 | # class. It's value is a URL. For example, the following URL points to 241 | # the specification of the java.lang.String class: 242 | # http://java.sun.com/products/jdk/1.2/docs/api/java/lang/String.html 243 | # 244 | # This attribute's syntax is 'IA5 String' and its case is significant. 245 | # 246 | # ( 1.3.6.1.4.1.42.2.27.4.1.12 247 | # NAME 'javaDoc' 248 | # DESC 'The Java documentation for the class' 249 | # EQUALITY caseExactIA5Match 250 | # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 251 | # ) 252 | # 253 | attributetype ( 1.3.6.1.4.1.42.2.27.4.1.12 254 | NAME 'javaDoc' 255 | DESC 'The Java documentation for the class' 256 | EQUALITY caseExactIA5Match 257 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 258 | 259 | # 4 Object Class Definitions 260 | # 261 | # The following object classes are defined in this document: 262 | # 263 | # javaContainer 264 | # javaObject 265 | # javaSerializedObject 266 | # javaMarshalledObject 267 | # javaNamingReference 268 | # 269 | # 4.1 javaContainer 270 | # 271 | # This structural object class represents a container for a Java 272 | # object. 273 | # 274 | # ( 1.3.6.1.4.1.42.2.27.4.2.1 275 | # NAME 'javaContainer' 276 | # DESC 'Container for a Java object' 277 | # SUP top 278 | # STRUCTURAL 279 | # MUST ( cn ) 280 | # ) 281 | # 282 | objectclass ( 1.3.6.1.4.1.42.2.27.4.2.1 283 | NAME 'javaContainer' 284 | DESC 'Container for a Java object' 285 | SUP top 286 | STRUCTURAL 287 | MUST cn ) 288 | 289 | # 4.2 javaObject 290 | # 291 | # This abstract object class represents a Java object. A javaObject 292 | # cannot exist in the directory; only auxiliary or structural 293 | # subclasses of it can exist in the directory. 294 | # 295 | # ( 1.3.6.1.4.1.42.2.27.4.2.4 296 | # NAME 'javaObject' 297 | # DESC 'Java object representation' 298 | # SUP top 299 | # ABSTRACT 300 | # MUST ( javaClassName ) 301 | # MAY ( javaClassNames $ 302 | # javaCodebase $ 303 | # javaDoc $ 304 | # description ) 305 | # ) 306 | # 307 | objectclass ( 1.3.6.1.4.1.42.2.27.4.2.4 308 | NAME 'javaObject' 309 | DESC 'Java object representation' 310 | SUP top 311 | ABSTRACT 312 | MUST javaClassName 313 | MAY ( javaClassNames $ javaCodebase $ 314 | javaDoc $ description ) ) 315 | 316 | # 4.3 javaSerializedObject 317 | # 318 | # This auxiliary object class represents a Java serialized object. It 319 | # must be mixed in with a structural object class. 320 | # 321 | # ( 1.3.6.1.4.1.42.2.27.4.2.5 322 | # NAME 'javaSerializedObject' 323 | # DESC 'Java serialized object' 324 | # SUP javaObject 325 | # AUXILIARY 326 | # MUST ( javaSerializedData ) 327 | # ) 328 | # 329 | objectclass ( 1.3.6.1.4.1.42.2.27.4.2.5 330 | NAME 'javaSerializedObject' 331 | DESC 'Java serialized object' 332 | SUP javaObject 333 | AUXILIARY 334 | MUST javaSerializedData ) 335 | 336 | # 4.4 javaMarshalledObject 337 | # 338 | # This auxiliary object class represents a Java marshalled object. It 339 | # must be mixed in with a structural object class. 340 | # 341 | # ( 1.3.6.1.4.1.42.2.27.4.2.8 342 | # NAME 'javaMarshalledObject' 343 | # DESC 'Java marshalled object' 344 | # SUP javaObject 345 | # AUXILIARY 346 | # MUST ( javaSerializedData ) 347 | # ) 348 | # 349 | objectclass ( 1.3.6.1.4.1.42.2.27.4.2.8 350 | NAME 'javaMarshalledObject' 351 | DESC 'Java marshalled object' 352 | SUP javaObject 353 | AUXILIARY 354 | MUST javaSerializedData ) 355 | 356 | # 4.5 javaNamingReference 357 | # 358 | # This auxiliary object class represents a JNDI reference. It must be 359 | # mixed in with a structural object class. 360 | # 361 | # ( 1.3.6.1.4.1.42.2.27.4.2.7 362 | # NAME 'javaNamingReference' 363 | # DESC 'JNDI reference' 364 | # SUP javaObject 365 | # AUXILIARY 366 | # MAY ( javaReferenceAddress $ 367 | # javaFactory ) 368 | # ) 369 | # 370 | objectclass ( 1.3.6.1.4.1.42.2.27.4.2.7 371 | NAME 'javaNamingReference' 372 | DESC 'JNDI reference' 373 | SUP javaObject 374 | AUXILIARY 375 | MAY ( javaReferenceAddress $ javaFactory ) ) 376 | 377 | # Full Copyright Statement 378 | # 379 | # Copyright (C) The Internet Society (1999). All Rights Reserved. 380 | # 381 | # This document and translations of it may be copied and furnished to 382 | # others, and derivative works that comment on or otherwise explain it 383 | # or assist in its implementation may be prepared, copied, published 384 | # and distributed, in whole or in part, without restriction of any 385 | # kind, provided that the above copyright notice and this paragraph are 386 | # included on all such copies and derivative works. However, this 387 | # document itself may not be modified in any way, such as by removing 388 | # the copyright notice or references to the Internet Society or other 389 | # Internet organizations, except as needed for the purpose of 390 | # developing Internet standards in which case the procedures for 391 | # copyrights defined in the Internet Standards process must be 392 | # followed, or as required to translate it into languages other than 393 | # English. 394 | # 395 | # The limited permissions granted above are perpetual and will not be 396 | # revoked by the Internet Society or its successors or assigns. 397 | # 398 | # This document and the information contained herein is provided on an 399 | # "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 400 | # TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 401 | # BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 402 | # HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 403 | # MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 404 | -------------------------------------------------------------------------------- /contrib/config/schema/misc.ldif: -------------------------------------------------------------------------------- 1 | # misc.ldif -- assorted schema definitions 2 | # $OpenLDAP$ 3 | ## This work is part of OpenLDAP Software . 4 | ## 5 | ## Copyright 1998-2014 The OpenLDAP Foundation. 6 | ## All rights reserved. 7 | ## 8 | ## Redistribution and use in source and binary forms, with or without 9 | ## modification, are permitted only as authorized by the OpenLDAP 10 | ## Public License. 11 | ## 12 | ## A copy of this license is available in the file LICENSE in the 13 | ## top-level directory of the distribution or, alternatively, at 14 | ## . 15 | # 16 | # Assorted definitions from several sources, including 17 | # ''works in progress''. Contents of this file are 18 | # subject to change (including deletion) without notice. 19 | # 20 | # Not recommended for production use! 21 | # Use with extreme caution! 22 | # 23 | # This file was automatically generated from misc.schema; see that file 24 | # for complete references. 25 | # 26 | dn: cn=misc,cn=schema,cn=config 27 | objectClass: olcSchemaConfig 28 | cn: misc 29 | olcAttributeTypes: {0}( 2.16.840.1.113730.3.1.13 NAME 'mailLocalAddress' DESC 30 | 'RFC822 email address of this recipient' EQUALITY caseIgnoreIA5Match SYNTAX 1 31 | .3.6.1.4.1.1466.115.121.1.26{256} ) 32 | olcAttributeTypes: {1}( 2.16.840.1.113730.3.1.18 NAME 'mailHost' DESC 'FQDN of 33 | the SMTP/MTA of this recipient' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4 34 | .1.1466.115.121.1.26{256} SINGLE-VALUE ) 35 | olcAttributeTypes: {2}( 2.16.840.1.113730.3.1.47 NAME 'mailRoutingAddress' DES 36 | C 'RFC822 routing address of this recipient' EQUALITY caseIgnoreIA5Match SYNT 37 | AX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE ) 38 | olcAttributeTypes: {3}( 1.3.6.1.4.1.42.2.27.2.1.15 NAME 'rfc822MailMember' DES 39 | C 'rfc822 mail address of group member(s)' EQUALITY caseIgnoreIA5Match SYNTAX 40 | 1.3.6.1.4.1.1466.115.121.1.26 ) 41 | olcObjectClasses: {0}( 2.16.840.1.113730.3.2.147 NAME 'inetLocalMailRecipient' 42 | DESC 'Internet local mail recipient' SUP top AUXILIARY MAY ( mailLocalAddres 43 | s $ mailHost $ mailRoutingAddress ) ) 44 | olcObjectClasses: {1}( 1.3.6.1.4.1.42.2.27.1.2.5 NAME 'nisMailAlias' DESC 'NIS 45 | mail alias' SUP top STRUCTURAL MUST cn MAY rfc822MailMember ) 46 | -------------------------------------------------------------------------------- /contrib/config/schema/misc.schema: -------------------------------------------------------------------------------- 1 | # misc.schema -- assorted schema definitions 2 | # $OpenLDAP$ 3 | ## This work is part of OpenLDAP Software . 4 | ## 5 | ## Copyright 1998-2014 The OpenLDAP Foundation. 6 | ## All rights reserved. 7 | ## 8 | ## Redistribution and use in source and binary forms, with or without 9 | ## modification, are permitted only as authorized by the OpenLDAP 10 | ## Public License. 11 | ## 12 | ## A copy of this license is available in the file LICENSE in the 13 | ## top-level directory of the distribution or, alternatively, at 14 | ## . 15 | # 16 | # Assorted definitions from several sources, including 17 | # ''works in progress''. Contents of this file are 18 | # subject to change (including deletion) without notice. 19 | # 20 | # Not recommended for production use! 21 | # Use with extreme caution! 22 | 23 | #----------------------------------------------------------- 24 | # draft-lachman-laser-ldap-mail-routing-02.txt !!!EXPIRED!!! 25 | # (a work in progress) 26 | # 27 | attributetype ( 2.16.840.1.113730.3.1.13 28 | NAME 'mailLocalAddress' 29 | DESC 'RFC822 email address of this recipient' 30 | EQUALITY caseIgnoreIA5Match 31 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) 32 | 33 | attributetype ( 2.16.840.1.113730.3.1.18 34 | NAME 'mailHost' 35 | DESC 'FQDN of the SMTP/MTA of this recipient' 36 | EQUALITY caseIgnoreIA5Match 37 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} 38 | SINGLE-VALUE ) 39 | 40 | attributetype ( 2.16.840.1.113730.3.1.47 41 | NAME 'mailRoutingAddress' 42 | DESC 'RFC822 routing address of this recipient' 43 | EQUALITY caseIgnoreIA5Match 44 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} 45 | SINGLE-VALUE ) 46 | 47 | # I-D leaves this OID TBD. 48 | # iPlanet uses 2.16.840.1.113.730.3.2.147 but that is an 49 | # improperly delegated OID. A typo is likely. 50 | objectclass ( 2.16.840.1.113730.3.2.147 51 | NAME 'inetLocalMailRecipient' 52 | DESC 'Internet local mail recipient' 53 | SUP top AUXILIARY 54 | MAY ( mailLocalAddress $ mailHost $ mailRoutingAddress ) ) 55 | 56 | #----------------------------------------------------------- 57 | # draft-srivastava-ldap-mail-00.txt !!!EXPIRED!!! 58 | # (a work in progress) 59 | # 60 | attributetype ( 1.3.6.1.4.1.42.2.27.2.1.15 61 | NAME 'rfc822MailMember' 62 | DESC 'rfc822 mail address of group member(s)' 63 | EQUALITY caseIgnoreIA5Match 64 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 65 | 66 | #----------------------------------------------------------- 67 | # !!!no I-D!!! 68 | # (a work in progress) 69 | # 70 | objectclass ( 1.3.6.1.4.1.42.2.27.1.2.5 71 | NAME 'nisMailAlias' 72 | DESC 'NIS mail alias' 73 | SUP top STRUCTURAL 74 | MUST cn 75 | MAY rfc822MailMember ) 76 | -------------------------------------------------------------------------------- /contrib/config/schema/nis.ldif: -------------------------------------------------------------------------------- 1 | # NIS (RFC2307) 2 | # $OpenLDAP$ 3 | ## This work is part of OpenLDAP Software . 4 | ## 5 | ## Copyright 1998-2014 The OpenLDAP Foundation. 6 | ## All rights reserved. 7 | ## 8 | ## Redistribution and use in source and binary forms, with or without 9 | ## modification, are permitted only as authorized by the OpenLDAP 10 | ## Public License. 11 | ## 12 | ## A copy of this license is available in the file LICENSE in the 13 | ## top-level directory of the distribution or, alternatively, at 14 | ## . 15 | # 16 | # Definitions from RFC2307 (Experimental) 17 | # An Approach for Using LDAP as a Network Information Service 18 | # 19 | # Depends upon core.ldif and cosine.ldif 20 | # 21 | # This file was automatically generated from nis.schema; see that file 22 | # for complete references. 23 | # 24 | dn: cn=nis,cn=schema,cn=config 25 | objectClass: olcSchemaConfig 26 | cn: nis 27 | olcAttributeTypes: ( 1.3.6.1.1.1.1.2 NAME 'gecos' DESC 'The GECOS field; th 28 | e common name' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatc 29 | h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) 30 | olcAttributeTypes: ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory' DESC 'The absolut 31 | e path to the home directory' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1 32 | 466.115.121.1.26 SINGLE-VALUE ) 33 | olcAttributeTypes: ( 1.3.6.1.1.1.1.4 NAME 'loginShell' DESC 'The path to th 34 | e login shell' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.2 35 | 6 SINGLE-VALUE ) 36 | olcAttributeTypes: ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' EQUALITY integ 37 | erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 38 | olcAttributeTypes: ( 1.3.6.1.1.1.1.6 NAME 'shadowMin' EQUALITY integerMatch 39 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 40 | olcAttributeTypes: ( 1.3.6.1.1.1.1.7 NAME 'shadowMax' EQUALITY integerMatch 41 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 42 | olcAttributeTypes: ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning' EQUALITY integerM 43 | atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 44 | olcAttributeTypes: ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive' EQUALITY integer 45 | Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 46 | olcAttributeTypes: ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire' EQUALITY integerM 47 | atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 48 | olcAttributeTypes: ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag' EQUALITY integerMat 49 | ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 50 | olcAttributeTypes: ( 1.3.6.1.1.1.1.12 NAME 'memberUid' EQUALITY caseExactI 51 | A5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. 52 | 26 ) 53 | olcAttributeTypes: ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup' EQUALITY ca 54 | seExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.11 55 | 5.121.1.26 ) 56 | olcAttributeTypes: ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' DESC 'Netgr 57 | oup triple' SYNTAX 1.3.6.1.1.1.0.0 ) 58 | olcAttributeTypes: ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort' EQUALITY intege 59 | rMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 60 | olcAttributeTypes: ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol' SUP name ) 61 | olcAttributeTypes: ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber' EQUALITY int 62 | egerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 63 | olcAttributeTypes: ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber' EQUALITY integer 64 | Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 65 | olcAttributeTypes: ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber' DESC 'IP address 66 | ' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) 67 | olcAttributeTypes: ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber' DESC 'IP netw 68 | ork' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SI 69 | NGLE-VALUE ) 70 | olcAttributeTypes: ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber' DESC 'IP netm 71 | ask' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SI 72 | NGLE-VALUE ) 73 | olcAttributeTypes: ( 1.3.6.1.1.1.1.22 NAME 'macAddress' DESC 'MAC address' 74 | EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) 75 | olcAttributeTypes: ( 1.3.6.1.1.1.1.23 NAME 'bootParameter' DESC 'rpc.bootp 76 | aramd parameter' SYNTAX 1.3.6.1.1.1.0.1 ) 77 | olcAttributeTypes: ( 1.3.6.1.1.1.1.24 NAME 'bootFile' DESC 'Boot image nam 78 | e' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 79 | olcAttributeTypes: ( 1.3.6.1.1.1.1.26 NAME 'nisMapName' SUP name ) 80 | olcAttributeTypes: ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry' EQUALITY caseExac 81 | tIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 82 | 1.26{1024} SINGLE-VALUE ) 83 | olcObjectClasses: ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' DESC 'Abstraction o 84 | f an account with POSIX attributes' SUP top AUXILIARY MUST ( cn $ uid $ uidNu 85 | mber $ gidNumber $ homeDirectory ) MAY ( userPassword $ loginShell $ gecos $ 86 | description ) ) 87 | olcObjectClasses: ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' DESC 'Additional a 88 | ttributes for shadow passwords' SUP top AUXILIARY MUST uid MAY ( userPassword 89 | $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive 90 | $ shadowExpire $ shadowFlag $ description ) ) 91 | olcObjectClasses: ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' DESC 'Abstraction of 92 | a group of accounts' SUP top STRUCTURAL MUST ( cn $ gidNumber ) MAY ( userPas 93 | sword $ memberUid $ description ) ) 94 | olcObjectClasses: ( 1.3.6.1.1.1.2.3 NAME 'ipService' DESC 'Abstraction an I 95 | nternet Protocol service' SUP top STRUCTURAL MUST ( cn $ ipServicePort $ ipSe 96 | rviceProtocol ) MAY description ) 97 | olcObjectClasses: ( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' DESC 'Abstraction of 98 | an IP protocol' SUP top STRUCTURAL MUST ( cn $ ipProtocolNumber $ description 99 | ) MAY description ) 100 | olcObjectClasses: ( 1.3.6.1.1.1.2.5 NAME 'oncRpc' DESC 'Abstraction of an O 101 | NC/RPC binding' SUP top STRUCTURAL MUST ( cn $ oncRpcNumber $ description ) M 102 | AY description ) 103 | olcObjectClasses: ( 1.3.6.1.1.1.2.6 NAME 'ipHost' DESC 'Abstraction of a ho 104 | st, an IP device' SUP top AUXILIARY MUST ( cn $ ipHostNumber ) MAY ( l $ desc 105 | ription $ manager ) ) 106 | olcObjectClasses: ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' DESC 'Abstraction of a 107 | n IP network' SUP top STRUCTURAL MUST ( cn $ ipNetworkNumber ) MAY ( ipNetmas 108 | kNumber $ l $ description $ manager ) ) 109 | olcObjectClasses: ( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' DESC 'Abstraction of 110 | a netgroup' SUP top STRUCTURAL MUST cn MAY ( nisNetgroupTriple $ memberNisNe 111 | tgroup $ description ) ) 112 | olcObjectClasses: ( 1.3.6.1.1.1.2.9 NAME 'nisMap' DESC 'A generic abstracti 113 | on of a NIS map' SUP top STRUCTURAL MUST nisMapName MAY description ) 114 | olcObjectClasses: ( 1.3.6.1.1.1.2.10 NAME 'nisObject' DESC 'An entry in a 115 | NIS map' SUP top STRUCTURAL MUST ( cn $ nisMapEntry $ nisMapName ) MAY descri 116 | ption ) 117 | olcObjectClasses: ( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' DESC 'A device w 118 | ith a MAC address' SUP top AUXILIARY MAY macAddress ) 119 | olcObjectClasses: ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' DESC 'A device 120 | with boot parameters' SUP top AUXILIARY MAY ( bootFile $ bootParameter ) ) 121 | -------------------------------------------------------------------------------- /contrib/config/schema/nis.schema: -------------------------------------------------------------------------------- 1 | # $OpenLDAP$ 2 | ## This work is part of OpenLDAP Software . 3 | ## 4 | ## Copyright 1998-2014 The OpenLDAP Foundation. 5 | ## All rights reserved. 6 | ## 7 | ## Redistribution and use in source and binary forms, with or without 8 | ## modification, are permitted only as authorized by the OpenLDAP 9 | ## Public License. 10 | ## 11 | ## A copy of this license is available in the file LICENSE in the 12 | ## top-level directory of the distribution or, alternatively, at 13 | ## . 14 | 15 | # Definitions from RFC2307 (Experimental) 16 | # An Approach for Using LDAP as a Network Information Service 17 | 18 | # Depends upon core.schema and cosine.schema 19 | 20 | # Note: The definitions in RFC2307 are given in syntaxes closely related 21 | # to those in RFC2252, however, some liberties are taken that are not 22 | # supported by RFC2252. This file has been written following RFC2252 23 | # strictly. 24 | 25 | # OID Base is iso(1) org(3) dod(6) internet(1) directory(1) nisSchema(1). 26 | # i.e. nisSchema in RFC2307 is 1.3.6.1.1.1 27 | # 28 | # Syntaxes are under 1.3.6.1.1.1.0 (two new syntaxes are defined) 29 | # validaters for these syntaxes are incomplete, they only 30 | # implement printable string validation (which is good as the 31 | # common use of these syntaxes violates the specification). 32 | # Attribute types are under 1.3.6.1.1.1.1 33 | # Object classes are under 1.3.6.1.1.1.2 34 | 35 | # Attribute Type Definitions 36 | 37 | # builtin 38 | #attributetype ( 1.3.6.1.1.1.1.0 NAME 'uidNumber' 39 | # DESC 'An integer uniquely identifying a user in an administrative domain' 40 | # EQUALITY integerMatch 41 | # SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 42 | 43 | # builtin 44 | #attributetype ( 1.3.6.1.1.1.1.1 NAME 'gidNumber' 45 | # DESC 'An integer uniquely identifying a group in an administrative domain' 46 | # EQUALITY integerMatch 47 | # SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 48 | 49 | attributetype ( 1.3.6.1.1.1.1.2 NAME 'gecos' 50 | DESC 'The GECOS field; the common name' 51 | EQUALITY caseIgnoreIA5Match 52 | SUBSTR caseIgnoreIA5SubstringsMatch 53 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) 54 | 55 | attributetype ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory' 56 | DESC 'The absolute path to the home directory' 57 | EQUALITY caseExactIA5Match 58 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) 59 | 60 | attributetype ( 1.3.6.1.1.1.1.4 NAME 'loginShell' 61 | DESC 'The path to the login shell' 62 | EQUALITY caseExactIA5Match 63 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) 64 | 65 | attributetype ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' 66 | EQUALITY integerMatch 67 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 68 | 69 | attributetype ( 1.3.6.1.1.1.1.6 NAME 'shadowMin' 70 | EQUALITY integerMatch 71 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 72 | 73 | attributetype ( 1.3.6.1.1.1.1.7 NAME 'shadowMax' 74 | EQUALITY integerMatch 75 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 76 | 77 | attributetype ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning' 78 | EQUALITY integerMatch 79 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 80 | 81 | attributetype ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive' 82 | EQUALITY integerMatch 83 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 84 | 85 | attributetype ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire' 86 | EQUALITY integerMatch 87 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 88 | 89 | attributetype ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag' 90 | EQUALITY integerMatch 91 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 92 | 93 | attributetype ( 1.3.6.1.1.1.1.12 NAME 'memberUid' 94 | EQUALITY caseExactIA5Match 95 | SUBSTR caseExactIA5SubstringsMatch 96 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 97 | 98 | attributetype ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup' 99 | EQUALITY caseExactIA5Match 100 | SUBSTR caseExactIA5SubstringsMatch 101 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 102 | 103 | attributetype ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' 104 | DESC 'Netgroup triple' 105 | SYNTAX 1.3.6.1.1.1.0.0 ) 106 | 107 | attributetype ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort' 108 | EQUALITY integerMatch 109 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 110 | 111 | attributetype ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol' 112 | SUP name ) 113 | 114 | attributetype ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber' 115 | EQUALITY integerMatch 116 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 117 | 118 | attributetype ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber' 119 | EQUALITY integerMatch 120 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 121 | 122 | attributetype ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber' 123 | DESC 'IP address' 124 | EQUALITY caseIgnoreIA5Match 125 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) 126 | 127 | attributetype ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber' 128 | DESC 'IP network' 129 | EQUALITY caseIgnoreIA5Match 130 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGLE-VALUE ) 131 | 132 | attributetype ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber' 133 | DESC 'IP netmask' 134 | EQUALITY caseIgnoreIA5Match 135 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGLE-VALUE ) 136 | 137 | attributetype ( 1.3.6.1.1.1.1.22 NAME 'macAddress' 138 | DESC 'MAC address' 139 | EQUALITY caseIgnoreIA5Match 140 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) 141 | 142 | attributetype ( 1.3.6.1.1.1.1.23 NAME 'bootParameter' 143 | DESC 'rpc.bootparamd parameter' 144 | SYNTAX 1.3.6.1.1.1.0.1 ) 145 | 146 | attributetype ( 1.3.6.1.1.1.1.24 NAME 'bootFile' 147 | DESC 'Boot image name' 148 | EQUALITY caseExactIA5Match 149 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 150 | 151 | attributetype ( 1.3.6.1.1.1.1.26 NAME 'nisMapName' 152 | SUP name ) 153 | 154 | attributetype ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry' 155 | EQUALITY caseExactIA5Match 156 | SUBSTR caseExactIA5SubstringsMatch 157 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1024} SINGLE-VALUE ) 158 | 159 | # Object Class Definitions 160 | 161 | objectclass ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' 162 | DESC 'Abstraction of an account with POSIX attributes' 163 | SUP top AUXILIARY 164 | MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory ) 165 | MAY ( userPassword $ loginShell $ gecos $ description ) ) 166 | 167 | objectclass ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' 168 | DESC 'Additional attributes for shadow passwords' 169 | SUP top AUXILIARY 170 | MUST uid 171 | MAY ( userPassword $ shadowLastChange $ shadowMin $ 172 | shadowMax $ shadowWarning $ shadowInactive $ 173 | shadowExpire $ shadowFlag $ description ) ) 174 | 175 | objectclass ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' 176 | DESC 'Abstraction of a group of accounts' 177 | SUP top STRUCTURAL 178 | MUST ( cn $ gidNumber ) 179 | MAY ( userPassword $ memberUid $ description ) ) 180 | 181 | objectclass ( 1.3.6.1.1.1.2.3 NAME 'ipService' 182 | DESC 'Abstraction an Internet Protocol service' 183 | SUP top STRUCTURAL 184 | MUST ( cn $ ipServicePort $ ipServiceProtocol ) 185 | MAY ( description ) ) 186 | 187 | objectclass ( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' 188 | DESC 'Abstraction of an IP protocol' 189 | SUP top STRUCTURAL 190 | MUST ( cn $ ipProtocolNumber $ description ) 191 | MAY description ) 192 | 193 | objectclass ( 1.3.6.1.1.1.2.5 NAME 'oncRpc' 194 | DESC 'Abstraction of an ONC/RPC binding' 195 | SUP top STRUCTURAL 196 | MUST ( cn $ oncRpcNumber $ description ) 197 | MAY description ) 198 | 199 | objectclass ( 1.3.6.1.1.1.2.6 NAME 'ipHost' 200 | DESC 'Abstraction of a host, an IP device' 201 | SUP top AUXILIARY 202 | MUST ( cn $ ipHostNumber ) 203 | MAY ( l $ description $ manager ) ) 204 | 205 | objectclass ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' 206 | DESC 'Abstraction of an IP network' 207 | SUP top STRUCTURAL 208 | MUST ( cn $ ipNetworkNumber ) 209 | MAY ( ipNetmaskNumber $ l $ description $ manager ) ) 210 | 211 | objectclass ( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' 212 | DESC 'Abstraction of a netgroup' 213 | SUP top STRUCTURAL 214 | MUST cn 215 | MAY ( nisNetgroupTriple $ memberNisNetgroup $ description ) ) 216 | 217 | objectclass ( 1.3.6.1.1.1.2.9 NAME 'nisMap' 218 | DESC 'A generic abstraction of a NIS map' 219 | SUP top STRUCTURAL 220 | MUST nisMapName 221 | MAY description ) 222 | 223 | objectclass ( 1.3.6.1.1.1.2.10 NAME 'nisObject' 224 | DESC 'An entry in a NIS map' 225 | SUP top STRUCTURAL 226 | MUST ( cn $ nisMapEntry $ nisMapName ) 227 | MAY description ) 228 | 229 | objectclass ( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' 230 | DESC 'A device with a MAC address' 231 | SUP top AUXILIARY 232 | MAY macAddress ) 233 | 234 | objectclass ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' 235 | DESC 'A device with boot parameters' 236 | SUP top AUXILIARY 237 | MAY ( bootFile $ bootParameter ) ) 238 | -------------------------------------------------------------------------------- /contrib/config/schema/openldap.ldif: -------------------------------------------------------------------------------- 1 | # $OpenLDAP$ 2 | ## This work is part of OpenLDAP Software . 3 | ## 4 | ## Copyright 1998-2014 The OpenLDAP Foundation. 5 | ## All rights reserved. 6 | ## 7 | ## Redistribution and use in source and binary forms, with or without 8 | ## modification, are permitted only as authorized by the OpenLDAP 9 | ## Public License. 10 | ## 11 | ## A copy of this license is available in the file LICENSE in the 12 | ## top-level directory of the distribution or, alternatively, at 13 | ## . 14 | # 15 | # 16 | # OpenLDAP Project's directory schema items 17 | # 18 | # depends upon: 19 | # core.schema 20 | # cosine.schema 21 | # inetorgperson.schema 22 | # 23 | # These are provided for informational purposes only. 24 | # 25 | # This openldap.ldif file is provided as a demonstration of how to 26 | # convert a *.schema file into *.ldif format. The key points: 27 | # In LDIF, a blank line terminates an entry. Blank lines in a *.schema 28 | # file should be replaced with a single '#' to turn them into 29 | # comments, or they should just be removed. 30 | # In addition to the actual schema directives, the file needs a small 31 | # header to make it a valid LDAP entry. This header must provide the 32 | # dn of the entry, the objectClass, and the cn, as shown here: 33 | # 34 | dn: cn=openldap,cn=schema,cn=config 35 | objectClass: olcSchemaConfig 36 | cn: openldap 37 | # 38 | # The schema directives need to be changed to LDAP Attributes. 39 | # First a basic string substitution can be done on each of the keywords: 40 | # objectIdentifier -> olcObjectIdentifier: 41 | # objectClass -> olcObjectClasses: 42 | # attributeType -> olcAttributeTypes: 43 | # Then leading whitespace must be fixed. The slapd.conf format allows 44 | # tabs or spaces to denote line continuation, while LDIF only allows 45 | # the space character. 46 | # Also slapd.conf preserves the continuation character, while LDIF strips 47 | # it out. So a single TAB/SPACE in slapd.conf must be replaced with 48 | # two SPACEs in LDIF, otherwise the continued text may get joined as 49 | # a single word. 50 | # The directives must be listed in a proper sequence: 51 | # All olcObjectIdentifiers must be first, so they may be referenced by 52 | # any following definitions. 53 | # All olcAttributeTypes must be next, so they may be referenced by any 54 | # following objectClass definitions. 55 | # All olcObjectClasses must be after the olcAttributeTypes. 56 | # And of course, any superior must occur before anything that inherits 57 | # from it. 58 | # 59 | olcObjectIdentifier: OpenLDAProot 1.3.6.1.4.1.4203 60 | # 61 | olcObjectIdentifier: OpenLDAP OpenLDAProot:1 62 | olcObjectIdentifier: OpenLDAPattributeType OpenLDAP:3 63 | olcObjectIdentifier: OpenLDAPobjectClass OpenLDAP:4 64 | # 65 | olcObjectClasses: ( OpenLDAPobjectClass:3 66 | NAME 'OpenLDAPorg' 67 | DESC 'OpenLDAP Organizational Object' 68 | SUP organization 69 | MAY ( buildingName $ displayName $ labeledURI ) ) 70 | # 71 | olcObjectClasses: ( OpenLDAPobjectClass:4 72 | NAME 'OpenLDAPou' 73 | DESC 'OpenLDAP Organizational Unit Object' 74 | SUP organizationalUnit 75 | MAY ( buildingName $ displayName $ labeledURI $ o ) ) 76 | # 77 | olcObjectClasses: ( OpenLDAPobjectClass:5 78 | NAME 'OpenLDAPperson' 79 | DESC 'OpenLDAP Person' 80 | SUP ( pilotPerson $ inetOrgPerson ) 81 | MUST ( uid $ cn ) 82 | MAY ( givenName $ labeledURI $ o ) ) 83 | # 84 | olcObjectClasses: ( OpenLDAPobjectClass:6 85 | NAME 'OpenLDAPdisplayableObject' 86 | DESC 'OpenLDAP Displayable Object' 87 | AUXILIARY 88 | MAY displayName ) 89 | -------------------------------------------------------------------------------- /contrib/config/schema/openldap.schema: -------------------------------------------------------------------------------- 1 | # $OpenLDAP$ 2 | ## This work is part of OpenLDAP Software . 3 | ## 4 | ## Copyright 1998-2014 The OpenLDAP Foundation. 5 | ## All rights reserved. 6 | ## 7 | ## Redistribution and use in source and binary forms, with or without 8 | ## modification, are permitted only as authorized by the OpenLDAP 9 | ## Public License. 10 | ## 11 | ## A copy of this license is available in the file LICENSE in the 12 | ## top-level directory of the distribution or, alternatively, at 13 | ## . 14 | 15 | # 16 | # OpenLDAP Project's directory schema items 17 | # 18 | # depends upon: 19 | # core.schema 20 | # cosine.schema 21 | # inetorgperson.schema 22 | # 23 | # These are provided for informational purposes only. 24 | 25 | objectIdentifier OpenLDAProot 1.3.6.1.4.1.4203 26 | 27 | objectIdentifier OpenLDAP OpenLDAProot:1 28 | objectIdentifier OpenLDAPattributeType OpenLDAP:3 29 | objectIdentifier OpenLDAPobjectClass OpenLDAP:4 30 | 31 | objectClass ( OpenLDAPobjectClass:3 32 | NAME 'OpenLDAPorg' 33 | DESC 'OpenLDAP Organizational Object' 34 | SUP organization 35 | MAY ( buildingName $ displayName $ labeledURI ) ) 36 | 37 | objectClass ( OpenLDAPobjectClass:4 38 | NAME 'OpenLDAPou' 39 | DESC 'OpenLDAP Organizational Unit Object' 40 | SUP organizationalUnit 41 | MAY ( buildingName $ displayName $ labeledURI $ o ) ) 42 | 43 | objectClass ( OpenLDAPobjectClass:5 44 | NAME 'OpenLDAPperson' 45 | DESC 'OpenLDAP Person' 46 | SUP ( pilotPerson $ inetOrgPerson ) 47 | MUST ( uid $ cn ) 48 | MAY ( givenName $ labeledURI $ o ) ) 49 | 50 | objectClass ( OpenLDAPobjectClass:6 51 | NAME 'OpenLDAPdisplayableObject' 52 | DESC 'OpenLDAP Displayable Object' 53 | AUXILIARY 54 | MAY displayName ) 55 | -------------------------------------------------------------------------------- /contrib/config/schema/pmi.ldif: -------------------------------------------------------------------------------- 1 | # OpenLDAP X.509 PMI schema 2 | # $OpenLDAP$ 3 | ## This work is part of OpenLDAP Software . 4 | ## 5 | ## Copyright 1998-2014 The OpenLDAP Foundation. 6 | ## All rights reserved. 7 | ## 8 | ## Redistribution and use in source and binary forms, with or without 9 | ## modification, are permitted only as authorized by the OpenLDAP 10 | ## Public License. 11 | ## 12 | ## A copy of this license is available in the file LICENSE in the 13 | ## top-level directory of the distribution or, alternatively, at 14 | ## . 15 | # 16 | ## Portions Copyright (C) The Internet Society (1997-2006). 17 | ## All Rights Reserved. 18 | # 19 | # Includes LDAPv3 schema items from: 20 | # ITU X.509 (08/2005) 21 | # 22 | # This file was automatically generated from pmi.schema; see that file 23 | # for complete references. 24 | # 25 | dn: cn=pmi,cn=schema,cn=config 26 | objectClass: olcSchemaConfig 27 | cn: pmi 28 | olcObjectIdentifier: {0}id-oc-pmiUser 2.5.6.24 29 | olcObjectIdentifier: {1}id-oc-pmiAA 2.5.6.25 30 | olcObjectIdentifier: {2}id-oc-pmiSOA 2.5.6.26 31 | olcObjectIdentifier: {3}id-oc-attCertCRLDistributionPts 2.5.6.27 32 | olcObjectIdentifier: {4}id-oc-privilegePolicy 2.5.6.32 33 | olcObjectIdentifier: {5}id-oc-pmiDelegationPath 2.5.6.33 34 | olcObjectIdentifier: {6}id-oc-protectedPrivilegePolicy 2.5.6.34 35 | olcObjectIdentifier: {7}id-at-attributeCertificate 2.5.4.58 36 | olcObjectIdentifier: {8}id-at-attributeCertificateRevocationList 2.5.4.59 37 | olcObjectIdentifier: {9}id-at-aACertificate 2.5.4.61 38 | olcObjectIdentifier: {10}id-at-attributeDescriptorCertificate 2.5.4.62 39 | olcObjectIdentifier: {11}id-at-attributeAuthorityRevocationList 2.5.4.63 40 | olcObjectIdentifier: {12}id-at-privPolicy 2.5.4.71 41 | olcObjectIdentifier: {13}id-at-role 2.5.4.72 42 | olcObjectIdentifier: {14}id-at-delegationPath 2.5.4.73 43 | olcObjectIdentifier: {15}id-at-protPrivPolicy 2.5.4.74 44 | olcObjectIdentifier: {16}id-at-xMLPrivilegeInfo 2.5.4.75 45 | olcObjectIdentifier: {17}id-at-xMLPprotPrivPolicy 2.5.4.76 46 | olcObjectIdentifier: {18}id-mr 2.5.13 47 | olcObjectIdentifier: {19}id-mr-attributeCertificateMatch id-mr:42 48 | olcObjectIdentifier: {20}id-mr-attributeCertificateExactMatch id-mr:45 49 | olcObjectIdentifier: {21}id-mr-holderIssuerMatch id-mr:46 50 | olcObjectIdentifier: {22}id-mr-authAttIdMatch id-mr:53 51 | olcObjectIdentifier: {23}id-mr-roleSpecCertIdMatch id-mr:54 52 | olcObjectIdentifier: {24}id-mr-basicAttConstraintsMatch id-mr:55 53 | olcObjectIdentifier: {25}id-mr-delegatedNameConstraintsMatch id-mr:56 54 | olcObjectIdentifier: {26}id-mr-timeSpecMatch id-mr:57 55 | olcObjectIdentifier: {27}id-mr-attDescriptorMatch id-mr:58 56 | olcObjectIdentifier: {28}id-mr-acceptableCertPoliciesMatch id-mr:59 57 | olcObjectIdentifier: {29}id-mr-delegationPathMatch id-mr:61 58 | olcObjectIdentifier: {30}id-mr-sOAIdentifierMatch id-mr:66 59 | olcObjectIdentifier: {31}id-mr-indirectIssuerMatch id-mr:67 60 | olcObjectIdentifier: {32}AttributeCertificate 1.3.6.1.4.1.4203.666.11.10.2.1 61 | olcObjectIdentifier: {33}CertificateList 1.3.6.1.4.1.1466.115.121.1.9 62 | olcObjectIdentifier: {34}AttCertPath 1.3.6.1.4.1.4203.666.11.10.2.4 63 | olcObjectIdentifier: {35}PolicySyntax 1.3.6.1.4.1.4203.666.11.10.2.5 64 | olcObjectIdentifier: {36}RoleSyntax 1.3.6.1.4.1.4203.666.11.10.2.6 65 | olcLdapSyntaxes: {0}( 1.3.6.1.4.1.4203.666.11.10.2.4 DESC 'X.509 PMI attribute 66 | cartificate path: SEQUENCE OF AttributeCertificate' X-SUBST '1.3.6.1.4.1.146 67 | 6.115.121.1.15' ) 68 | olcLdapSyntaxes: {1}( 1.3.6.1.4.1.4203.666.11.10.2.5 DESC 'X.509 PMI policy sy 69 | ntax' X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' ) 70 | olcLdapSyntaxes: {2}( 1.3.6.1.4.1.4203.666.11.10.2.6 DESC 'X.509 PMI role synt 71 | ax' X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' ) 72 | olcAttributeTypes: {0}( id-at-role NAME 'role' DESC 'X.509 Role attribute, use 73 | ;binary' SYNTAX RoleSyntax ) 74 | olcAttributeTypes: {1}( id-at-xMLPrivilegeInfo NAME 'xmlPrivilegeInfo' DESC 'X 75 | .509 XML privilege information attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 76 | 5 ) 77 | olcAttributeTypes: {2}( id-at-attributeCertificate NAME 'attributeCertificateA 78 | ttribute' DESC 'X.509 Attribute certificate attribute, use ;binary' EQUALITY 79 | attributeCertificateExactMatch SYNTAX AttributeCertificate ) 80 | olcAttributeTypes: {3}( id-at-aACertificate NAME 'aACertificate' DESC 'X.509 A 81 | A certificate attribute, use ;binary' EQUALITY attributeCertificateExactMatch 82 | SYNTAX AttributeCertificate ) 83 | olcAttributeTypes: {4}( id-at-attributeDescriptorCertificate NAME 'attributeDe 84 | scriptorCertificate' DESC 'X.509 Attribute descriptor certificate attribute, 85 | use ;binary' EQUALITY attributeCertificateExactMatch SYNTAX AttributeCertific 86 | ate ) 87 | olcAttributeTypes: {5}( id-at-attributeCertificateRevocationList NAME 'attribu 88 | teCertificateRevocationList' DESC 'X.509 Attribute certificate revocation lis 89 | t attribute, use ;binary' SYNTAX CertificateList X-EQUALITY 'certificateListE 90 | xactMatch, not implemented yet' ) 91 | olcAttributeTypes: {6}( id-at-attributeAuthorityRevocationList NAME 'attribute 92 | AuthorityRevocationList' DESC 'X.509 AA certificate revocation list attribute 93 | , use ;binary' SYNTAX CertificateList X-EQUALITY 'certificateListExactMatch, 94 | not implemented yet' ) 95 | olcAttributeTypes: {7}( id-at-delegationPath NAME 'delegationPath' DESC 'X.509 96 | Delegation path attribute, use ;binary' SYNTAX AttCertPath ) 97 | olcAttributeTypes: {8}( id-at-privPolicy NAME 'privPolicy' DESC 'X.509 Privile 98 | ge policy attribute, use ;binary' SYNTAX PolicySyntax ) 99 | olcAttributeTypes: {9}( id-at-protPrivPolicy NAME 'protPrivPolicy' DESC 'X.509 100 | Protected privilege policy attribute, use ;binary' EQUALITY attributeCertifi 101 | cateExactMatch SYNTAX AttributeCertificate ) 102 | olcAttributeTypes: {10}( id-at-xMLPprotPrivPolicy NAME 'xmlPrivPolicy' DESC 'X 103 | .509 XML Protected privilege policy attribute' SYNTAX 1.3.6.1.4.1.1466.115.12 104 | 1.1.15 ) 105 | olcObjectClasses: {0}( id-oc-pmiUser NAME 'pmiUser' DESC 'X.509 PMI user objec 106 | t class' SUP top AUXILIARY MAY attributeCertificateAttribute ) 107 | olcObjectClasses: {1}( id-oc-pmiAA NAME 'pmiAA' DESC 'X.509 PMI AA object clas 108 | s' SUP top AUXILIARY MAY ( aACertificate $ attributeCertificateRevocationList 109 | $ attributeAuthorityRevocationList ) ) 110 | olcObjectClasses: {2}( id-oc-pmiSOA NAME 'pmiSOA' DESC 'X.509 PMI SOA object c 111 | lass' SUP top AUXILIARY MAY ( attributeCertificateRevocationList $ attributeA 112 | uthorityRevocationList $ attributeDescriptorCertificate ) ) 113 | olcObjectClasses: {3}( id-oc-attCertCRLDistributionPts NAME 'attCertCRLDistrib 114 | utionPt' DESC 'X.509 Attribute certificate CRL distribution point object clas 115 | s' SUP top AUXILIARY MAY ( attributeCertificateRevocationList $ attributeAuth 116 | orityRevocationList ) ) 117 | olcObjectClasses: {4}( id-oc-pmiDelegationPath NAME 'pmiDelegationPath' DESC ' 118 | X.509 PMI delegation path' SUP top AUXILIARY MAY delegationPath ) 119 | olcObjectClasses: {5}( id-oc-privilegePolicy NAME 'privilegePolicy' DESC 'X.50 120 | 9 Privilege policy object class' SUP top AUXILIARY MAY privPolicy ) 121 | olcObjectClasses: {6}( id-oc-protectedPrivilegePolicy NAME 'protectedPrivilege 122 | Policy' DESC 'X.509 Protected privilege policy object class' SUP top AUXILIAR 123 | Y MAY protPrivPolicy ) 124 | -------------------------------------------------------------------------------- /contrib/config/schema/ppolicy.ldif: -------------------------------------------------------------------------------- 1 | # $OpenLDAP$ 2 | ## This work is part of OpenLDAP Software . 3 | ## 4 | ## Copyright 2004-2014 The OpenLDAP Foundation. 5 | ## All rights reserved. 6 | ## 7 | ## Redistribution and use in source and binary forms, with or without 8 | ## modification, are permitted only as authorized by the OpenLDAP 9 | ## Public License. 10 | ## 11 | ## A copy of this license is available in the file LICENSE in the 12 | ## top-level directory of the distribution or, alternatively, at 13 | ## . 14 | # 15 | ## Portions Copyright (C) The Internet Society (2004). 16 | ## Please see full copyright statement below. 17 | # 18 | # Definitions from Draft behera-ldap-password-policy-07 (a work in progress) 19 | # Password Policy for LDAP Directories 20 | # With extensions from Hewlett-Packard: 21 | # pwdCheckModule etc. 22 | # 23 | # Contents of this file are subject to change (including deletion) 24 | # without notice. 25 | # 26 | # Not recommended for production use! 27 | # Use with extreme caution! 28 | # 29 | # This file was automatically generated from ppolicy.schema; see that file 30 | # for complete references. 31 | # 32 | dn: cn=ppolicy,cn=schema,cn=config 33 | objectClass: olcSchemaConfig 34 | cn: ppolicy 35 | olcAttributeTypes: {0}( 1.3.6.1.4.1.42.2.27.8.1.1 NAME 'pwdAttribute' EQUALITY 36 | objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) 37 | olcAttributeTypes: {1}( 1.3.6.1.4.1.42.2.27.8.1.2 NAME 'pwdMinAge' EQUALITY in 38 | tegerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 39 | olcAttributeTypes: {2}( 1.3.6.1.4.1.42.2.27.8.1.3 NAME 'pwdMaxAge' EQUALITY in 40 | tegerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 41 | olcAttributeTypes: {3}( 1.3.6.1.4.1.42.2.27.8.1.4 NAME 'pwdInHistory' EQUALITY 42 | integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 43 | olcAttributeTypes: {4}( 1.3.6.1.4.1.42.2.27.8.1.5 NAME 'pwdCheckQuality' EQUAL 44 | ITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 45 | olcAttributeTypes: {5}( 1.3.6.1.4.1.42.2.27.8.1.6 NAME 'pwdMinLength' EQUALITY 46 | integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 47 | olcAttributeTypes: {6}( 1.3.6.1.4.1.42.2.27.8.1.7 NAME 'pwdExpireWarning' EQUA 48 | LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 49 | olcAttributeTypes: {7}( 1.3.6.1.4.1.42.2.27.8.1.8 NAME 'pwdGraceAuthNLimit' EQ 50 | UALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 51 | olcAttributeTypes: {8}( 1.3.6.1.4.1.42.2.27.8.1.9 NAME 'pwdLockout' EQUALITY b 52 | ooleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) 53 | olcAttributeTypes: {9}( 1.3.6.1.4.1.42.2.27.8.1.10 NAME 'pwdLockoutDuration' E 54 | QUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 55 | olcAttributeTypes: {10}( 1.3.6.1.4.1.42.2.27.8.1.11 NAME 'pwdMaxFailure' EQUAL 56 | ITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 57 | olcAttributeTypes: {11}( 1.3.6.1.4.1.42.2.27.8.1.12 NAME 'pwdFailureCountInter 58 | val' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE 59 | ) 60 | olcAttributeTypes: {12}( 1.3.6.1.4.1.42.2.27.8.1.13 NAME 'pwdMustChange' EQUAL 61 | ITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) 62 | olcAttributeTypes: {13}( 1.3.6.1.4.1.42.2.27.8.1.14 NAME 'pwdAllowUserChange' 63 | EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) 64 | olcAttributeTypes: {14}( 1.3.6.1.4.1.42.2.27.8.1.15 NAME 'pwdSafeModify' EQUAL 65 | ITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) 66 | olcAttributeTypes: {15}( 1.3.6.1.4.1.4754.1.99.1 NAME 'pwdCheckModule' DESC 'L 67 | oadable module that instantiates "check_password() function' EQUALITY caseExa 68 | ctIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) 69 | olcObjectClasses: {0}( 1.3.6.1.4.1.4754.2.99.1 NAME 'pwdPolicyChecker' SUP top 70 | AUXILIARY MAY pwdCheckModule ) 71 | olcObjectClasses: {1}( 1.3.6.1.4.1.42.2.27.8.2.1 NAME 'pwdPolicy' SUP top AUXI 72 | LIARY MUST pwdAttribute MAY ( pwdMinAge $ pwdMaxAge $ pwdInHistory $ pwdCheck 73 | Quality $ pwdMinLength $ pwdExpireWarning $ pwdGraceAuthNLimit $ pwdLockout $ 74 | pwdLockoutDuration $ pwdMaxFailure $ pwdFailureCountInterval $ pwdMustChange 75 | $ pwdAllowUserChange $ pwdSafeModify ) ) 76 | -------------------------------------------------------------------------------- /contrib/config/slapd.d/cn=config.ldif: -------------------------------------------------------------------------------- 1 | # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. 2 | # CRC32 2d55e8ea 3 | dn: cn=config 4 | objectClass: olcGlobal 5 | cn: config 6 | olcArgsFile: /var/run/openldap/slapd.args 7 | olcPidFile: /var/run/openldap/slapd.pid 8 | structuralObjectClass: olcGlobal 9 | entryUUID: 1752bf5a-022c-1035-8b1b-150b514cd1c2 10 | creatorsName: cn=config 11 | createTimestamp: 20151008171643Z 12 | entryCSN: 20151008171643.377992Z#000000#000#000000 13 | modifiersName: cn=config 14 | modifyTimestamp: 20151008171643Z 15 | -------------------------------------------------------------------------------- /contrib/config/slapd.d/cn=config/cn=module{0}.ldif: -------------------------------------------------------------------------------- 1 | # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. 2 | # CRC32 bd5ab644 3 | dn: cn=module{0} 4 | objectClass: olcModuleList 5 | cn: module{0} 6 | olcModulePath: /usr/lib64/openldap 7 | olcModuleLoad: {0}memberof.la 8 | olcModuleLoad: {1}refint.la 9 | structuralObjectClass: olcModuleList 10 | entryUUID: 3462c554-022c-1035-8894-f17d3103ecde 11 | creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth 12 | createTimestamp: 20151008171732Z 13 | entryCSN: 20151008171732.136959Z#000000#000#000000 14 | modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth 15 | modifyTimestamp: 20151008171732Z 16 | -------------------------------------------------------------------------------- /contrib/config/slapd.d/cn=config/cn=schema.ldif: -------------------------------------------------------------------------------- 1 | # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. 2 | # CRC32 ffbe4398 3 | dn: cn=schema 4 | objectClass: olcSchemaConfig 5 | cn: schema 6 | structuralObjectClass: olcSchemaConfig 7 | entryUUID: 1752c31a-022c-1035-8b1c-150b514cd1c2 8 | creatorsName: cn=config 9 | createTimestamp: 20151008171643Z 10 | entryCSN: 20151008171643.378119Z#000000#000#000000 11 | modifiersName: cn=config 12 | modifyTimestamp: 20151008171643Z 13 | -------------------------------------------------------------------------------- /contrib/config/slapd.d/cn=config/cn=schema/cn={0}core.ldif: -------------------------------------------------------------------------------- 1 | # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. 2 | # CRC32 62d7ac41 3 | dn: cn={0}core 4 | objectClass: olcSchemaConfig 5 | cn: {0}core 6 | olcAttributeTypes: {0}( 2.5.4.2 NAME 'knowledgeInformation' DESC 'RFC2256: kno 7 | wledge information' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121. 8 | 1.15{32768} ) 9 | olcAttributeTypes: {1}( 2.5.4.4 NAME ( 'sn' 'surname' ) DESC 'RFC2256: last (f 10 | amily) name(s) for which the entity is known by' SUP name ) 11 | olcAttributeTypes: {2}( 2.5.4.5 NAME 'serialNumber' DESC 'RFC2256: serial numb 12 | er of the entity' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch S 13 | YNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} ) 14 | olcAttributeTypes: {3}( 2.5.4.6 NAME ( 'c' 'countryName' ) DESC 'RFC4519: two- 15 | letter ISO-3166 country code' SUP name SYNTAX 1.3.6.1.4.1.1466.115.121.1.11 S 16 | INGLE-VALUE ) 17 | olcAttributeTypes: {4}( 2.5.4.7 NAME ( 'l' 'localityName' ) DESC 'RFC2256: loc 18 | ality which this object resides in' SUP name ) 19 | olcAttributeTypes: {5}( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' ) DESC 'RFC2 20 | 256: state or province which this object resides in' SUP name ) 21 | olcAttributeTypes: {6}( 2.5.4.9 NAME ( 'street' 'streetAddress' ) DESC 'RFC225 22 | 6: street address of this object' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreS 23 | ubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) 24 | olcAttributeTypes: {7}( 2.5.4.10 NAME ( 'o' 'organizationName' ) DESC 'RFC2256 25 | : organization this object belongs to' SUP name ) 26 | olcAttributeTypes: {8}( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' ) DESC ' 27 | RFC2256: organizational unit this object belongs to' SUP name ) 28 | olcAttributeTypes: {9}( 2.5.4.12 NAME 'title' DESC 'RFC2256: title associated 29 | with the entity' SUP name ) 30 | olcAttributeTypes: {10}( 2.5.4.14 NAME 'searchGuide' DESC 'RFC2256: search gui 31 | de, deprecated by enhancedSearchGuide' SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 ) 32 | olcAttributeTypes: {11}( 2.5.4.15 NAME 'businessCategory' DESC 'RFC2256: busin 33 | ess category' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTA 34 | X 1.3.6.1.4.1.1466.115.121.1.15{128} ) 35 | olcAttributeTypes: {12}( 2.5.4.16 NAME 'postalAddress' DESC 'RFC2256: postal a 36 | ddress' EQUALITY caseIgnoreListMatch SUBSTR caseIgnoreListSubstringsMatch SYN 37 | TAX 1.3.6.1.4.1.1466.115.121.1.41 ) 38 | olcAttributeTypes: {13}( 2.5.4.17 NAME 'postalCode' DESC 'RFC2256: postal code 39 | ' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4. 40 | 1.1466.115.121.1.15{40} ) 41 | olcAttributeTypes: {14}( 2.5.4.18 NAME 'postOfficeBox' DESC 'RFC2256: Post Off 42 | ice Box' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3 43 | .6.1.4.1.1466.115.121.1.15{40} ) 44 | olcAttributeTypes: {15}( 2.5.4.19 NAME 'physicalDeliveryOfficeName' DESC 'RFC2 45 | 256: Physical Delivery Office Name' EQUALITY caseIgnoreMatch SUBSTR caseIgnor 46 | eSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) 47 | olcAttributeTypes: {16}( 2.5.4.20 NAME 'telephoneNumber' DESC 'RFC2256: Teleph 48 | one Number' EQUALITY telephoneNumberMatch SUBSTR telephoneNumberSubstringsMat 49 | ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} ) 50 | olcAttributeTypes: {17}( 2.5.4.21 NAME 'telexNumber' DESC 'RFC2256: Telex Numb 51 | er' SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 ) 52 | olcAttributeTypes: {18}( 2.5.4.22 NAME 'teletexTerminalIdentifier' DESC 'RFC22 53 | 56: Teletex Terminal Identifier' SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 ) 54 | olcAttributeTypes: {19}( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' ) DE 55 | SC 'RFC2256: Facsimile (Fax) Telephone Number' SYNTAX 1.3.6.1.4.1.1466.115.12 56 | 1.1.22 ) 57 | olcAttributeTypes: {20}( 2.5.4.24 NAME 'x121Address' DESC 'RFC2256: X.121 Addr 58 | ess' EQUALITY numericStringMatch SUBSTR numericStringSubstringsMatch SYNTAX 1 59 | .3.6.1.4.1.1466.115.121.1.36{15} ) 60 | olcAttributeTypes: {21}( 2.5.4.25 NAME 'internationaliSDNNumber' DESC 'RFC2256 61 | : international ISDN number' EQUALITY numericStringMatch SUBSTR numericString 62 | SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} ) 63 | olcAttributeTypes: {22}( 2.5.4.26 NAME 'registeredAddress' DESC 'RFC2256: regi 64 | stered postal address' SUP postalAddress SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 65 | ) 66 | olcAttributeTypes: {23}( 2.5.4.27 NAME 'destinationIndicator' DESC 'RFC2256: d 67 | estination indicator' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMat 68 | ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} ) 69 | olcAttributeTypes: {24}( 2.5.4.28 NAME 'preferredDeliveryMethod' DESC 'RFC2256 70 | : preferred delivery method' SYNTAX 1.3.6.1.4.1.1466.115.121.1.14 SINGLE-VALU 71 | E ) 72 | olcAttributeTypes: {25}( 2.5.4.29 NAME 'presentationAddress' DESC 'RFC2256: pr 73 | esentation address' EQUALITY presentationAddressMatch SYNTAX 1.3.6.1.4.1.1466 74 | .115.121.1.43 SINGLE-VALUE ) 75 | olcAttributeTypes: {26}( 2.5.4.30 NAME 'supportedApplicationContext' DESC 'RFC 76 | 2256: supported application context' EQUALITY objectIdentifierMatch SYNTAX 1. 77 | 3.6.1.4.1.1466.115.121.1.38 ) 78 | olcAttributeTypes: {27}( 2.5.4.31 NAME 'member' DESC 'RFC2256: member of a gro 79 | up' SUP distinguishedName ) 80 | olcAttributeTypes: {28}( 2.5.4.32 NAME 'owner' DESC 'RFC2256: owner (of the ob 81 | ject)' SUP distinguishedName ) 82 | olcAttributeTypes: {29}( 2.5.4.33 NAME 'roleOccupant' DESC 'RFC2256: occupant 83 | of role' SUP distinguishedName ) 84 | olcAttributeTypes: {30}( 2.5.4.36 NAME 'userCertificate' DESC 'RFC2256: X.509 85 | user certificate, use ;binary' EQUALITY certificateExactMatch SYNTAX 1.3.6.1. 86 | 4.1.1466.115.121.1.8 ) 87 | olcAttributeTypes: {31}( 2.5.4.37 NAME 'cACertificate' DESC 'RFC2256: X.509 CA 88 | certificate, use ;binary' EQUALITY certificateExactMatch SYNTAX 1.3.6.1.4.1. 89 | 1466.115.121.1.8 ) 90 | olcAttributeTypes: {32}( 2.5.4.38 NAME 'authorityRevocationList' DESC 'RFC2256 91 | : X.509 authority revocation list, use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.1 92 | 21.1.9 ) 93 | olcAttributeTypes: {33}( 2.5.4.39 NAME 'certificateRevocationList' DESC 'RFC22 94 | 56: X.509 certificate revocation list, use ;binary' SYNTAX 1.3.6.1.4.1.1466.1 95 | 15.121.1.9 ) 96 | olcAttributeTypes: {34}( 2.5.4.40 NAME 'crossCertificatePair' DESC 'RFC2256: X 97 | .509 cross certificate pair, use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 98 | 0 ) 99 | olcAttributeTypes: {35}( 2.5.4.42 NAME ( 'givenName' 'gn' ) DESC 'RFC2256: fir 100 | st name(s) for which the entity is known by' SUP name ) 101 | olcAttributeTypes: {36}( 2.5.4.43 NAME 'initials' DESC 'RFC2256: initials of s 102 | ome or all of names, but not the surname(s).' SUP name ) 103 | olcAttributeTypes: {37}( 2.5.4.44 NAME 'generationQualifier' DESC 'RFC2256: na 104 | me qualifier indicating a generation' SUP name ) 105 | olcAttributeTypes: {38}( 2.5.4.45 NAME 'x500UniqueIdentifier' DESC 'RFC2256: X 106 | .500 unique identifier' EQUALITY bitStringMatch SYNTAX 1.3.6.1.4.1.1466.115.1 107 | 21.1.6 ) 108 | olcAttributeTypes: {39}( 2.5.4.46 NAME 'dnQualifier' DESC 'RFC2256: DN qualifi 109 | er' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgno 110 | reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 ) 111 | olcAttributeTypes: {40}( 2.5.4.47 NAME 'enhancedSearchGuide' DESC 'RFC2256: en 112 | hanced search guide' SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 ) 113 | olcAttributeTypes: {41}( 2.5.4.48 NAME 'protocolInformation' DESC 'RFC2256: pr 114 | otocol information' EQUALITY protocolInformationMatch SYNTAX 1.3.6.1.4.1.1466 115 | .115.121.1.42 ) 116 | olcAttributeTypes: {42}( 2.5.4.50 NAME 'uniqueMember' DESC 'RFC2256: unique me 117 | mber of a group' EQUALITY uniqueMemberMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 118 | .34 ) 119 | olcAttributeTypes: {43}( 2.5.4.51 NAME 'houseIdentifier' DESC 'RFC2256: house 120 | identifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 121 | 1.3.6.1.4.1.1466.115.121.1.15{32768} ) 122 | olcAttributeTypes: {44}( 2.5.4.52 NAME 'supportedAlgorithms' DESC 'RFC2256: su 123 | pported algorithms' SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 ) 124 | olcAttributeTypes: {45}( 2.5.4.53 NAME 'deltaRevocationList' DESC 'RFC2256: de 125 | lta revocation list; use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) 126 | olcAttributeTypes: {46}( 2.5.4.54 NAME 'dmdName' DESC 'RFC2256: name of DMD' S 127 | UP name ) 128 | olcAttributeTypes: {47}( 2.5.4.65 NAME 'pseudonym' DESC 'X.520(4th): pseudonym 129 | for the object' SUP name ) 130 | olcAttributeTypes: {48}( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822Mailbo 131 | x' ) DESC 'RFC1274: RFC822 Mailbox' EQUALITY caseIgnoreIA5Match SUBSTR ca 132 | seIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) 133 | olcAttributeTypes: {49}( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domainCompone 134 | nt' ) DESC 'RFC1274/2247: domain component' EQUALITY caseIgnoreIA5Match SUBST 135 | R caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VA 136 | LUE ) 137 | olcAttributeTypes: {50}( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain' DE 138 | SC 'RFC1274: domain associated with object' EQUALITY caseIgnoreIA5Match SUBST 139 | R caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 140 | olcAttributeTypes: {51}( 1.2.840.113549.1.9.1 NAME ( 'email' 'emailAddress' 'p 141 | kcs9email' ) DESC 'RFC3280: legacy attribute for email addresses in DNs' EQUA 142 | LITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4. 143 | 1.1466.115.121.1.26{128} ) 144 | olcObjectClasses: {0}( 2.5.6.2 NAME 'country' DESC 'RFC2256: a country' SUP to 145 | p STRUCTURAL MUST c MAY ( searchGuide $ description ) ) 146 | olcObjectClasses: {1}( 2.5.6.3 NAME 'locality' DESC 'RFC2256: a locality' SUP 147 | top STRUCTURAL MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) 148 | ) 149 | olcObjectClasses: {2}( 2.5.6.4 NAME 'organization' DESC 'RFC2256: an organizat 150 | ion' SUP top STRUCTURAL MUST o MAY ( userPassword $ searchGuide $ seeAlso $ b 151 | usinessCategory $ x121Address $ registeredAddress $ destinationIndicator $ pr 152 | eferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNu 153 | mber $ internationaliSDNNumber $ facsimileTelephoneNumber $ street $ postOff 154 | iceBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l $ d 155 | escription ) ) 156 | olcObjectClasses: {3}( 2.5.6.5 NAME 'organizationalUnit' DESC 'RFC2256: an org 157 | anizational unit' SUP top STRUCTURAL MUST ou MAY ( userPassword $ searchGuide 158 | $ seeAlso $ businessCategory $ x121Address $ registeredAddress $ destination 159 | Indicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier 160 | $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ str 161 | eet $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName 162 | $ st $ l $ description ) ) 163 | olcObjectClasses: {4}( 2.5.6.6 NAME 'person' DESC 'RFC2256: a person' SUP top 164 | STRUCTURAL MUST ( sn $ cn ) MAY ( userPassword $ telephoneNumber $ seeAlso $ 165 | description ) ) 166 | olcObjectClasses: {5}( 2.5.6.7 NAME 'organizationalPerson' DESC 'RFC2256: an o 167 | rganizational person' SUP person STRUCTURAL MAY ( title $ x121Address $ regis 168 | teredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ 169 | teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ fac 170 | simileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ 171 | physicalDeliveryOfficeName $ ou $ st $ l ) ) 172 | olcObjectClasses: {6}( 2.5.6.8 NAME 'organizationalRole' DESC 'RFC2256: an org 173 | anizational role' SUP top STRUCTURAL MUST cn MAY ( x121Address $ registeredAd 174 | dress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ telete 175 | xTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTe 176 | lephoneNumber $ seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $ p 177 | ostOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ ou $ 178 | st $ l $ description ) ) 179 | olcObjectClasses: {7}( 2.5.6.9 NAME 'groupOfNames' DESC 'RFC2256: a group of n 180 | ames (DNs)' SUP top STRUCTURAL MUST ( member $ cn ) MAY ( businessCategory $ 181 | seeAlso $ owner $ ou $ o $ description ) ) 182 | olcObjectClasses: {8}( 2.5.6.10 NAME 'residentialPerson' DESC 'RFC2256: an res 183 | idential person' SUP person STRUCTURAL MUST l MAY ( businessCategory $ x121Ad 184 | dress $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ 185 | telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDN 186 | Number $ facsimileTelephoneNumber $ preferredDeliveryMethod $ street $ postOf 187 | ficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l ) 188 | ) 189 | olcObjectClasses: {9}( 2.5.6.11 NAME 'applicationProcess' DESC 'RFC2256: an ap 190 | plication process' SUP top STRUCTURAL MUST cn MAY ( seeAlso $ ou $ l $ descri 191 | ption ) ) 192 | olcObjectClasses: {10}( 2.5.6.12 NAME 'applicationEntity' DESC 'RFC2256: an ap 193 | plication entity' SUP top STRUCTURAL MUST ( presentationAddress $ cn ) MAY ( 194 | supportedApplicationContext $ seeAlso $ ou $ o $ l $ description ) ) 195 | olcObjectClasses: {11}( 2.5.6.13 NAME 'dSA' DESC 'RFC2256: a directory system 196 | agent (a server)' SUP applicationEntity STRUCTURAL MAY knowledgeInformation ) 197 | olcObjectClasses: {12}( 2.5.6.14 NAME 'device' DESC 'RFC2256: a device' SUP to 198 | p STRUCTURAL MUST cn MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ desc 199 | ription ) ) 200 | olcObjectClasses: {13}( 2.5.6.15 NAME 'strongAuthenticationUser' DESC 'RFC2256 201 | : a strong authentication user' SUP top AUXILIARY MUST userCertificate ) 202 | olcObjectClasses: {14}( 2.5.6.16 NAME 'certificationAuthority' DESC 'RFC2256: 203 | a certificate authority' SUP top AUXILIARY MUST ( authorityRevocationList $ c 204 | ertificateRevocationList $ cACertificate ) MAY crossCertificatePair ) 205 | olcObjectClasses: {15}( 2.5.6.17 NAME 'groupOfUniqueNames' DESC 'RFC2256: a gr 206 | oup of unique names (DN and Unique Identifier)' SUP top STRUCTURAL MUST ( uni 207 | queMember $ cn ) MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ descript 208 | ion ) ) 209 | olcObjectClasses: {16}( 2.5.6.18 NAME 'userSecurityInformation' DESC 'RFC2256: 210 | a user security information' SUP top AUXILIARY MAY ( supportedAlgorithms ) ) 211 | olcObjectClasses: {17}( 2.5.6.16.2 NAME 'certificationAuthority-V2' SUP certif 212 | icationAuthority AUXILIARY MAY ( deltaRevocationList ) ) 213 | olcObjectClasses: {18}( 2.5.6.19 NAME 'cRLDistributionPoint' SUP top STRUCTURA 214 | L MUST ( cn ) MAY ( certificateRevocationList $ authorityRevocationList $ del 215 | taRevocationList ) ) 216 | olcObjectClasses: {19}( 2.5.6.20 NAME 'dmd' SUP top STRUCTURAL MUST ( dmdName 217 | ) MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Address 218 | $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telex 219 | Number $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumbe 220 | r $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAd 221 | dress $ physicalDeliveryOfficeName $ st $ l $ description ) ) 222 | olcObjectClasses: {20}( 2.5.6.21 NAME 'pkiUser' DESC 'RFC2587: a PKI user' SUP 223 | top AUXILIARY MAY userCertificate ) 224 | olcObjectClasses: {21}( 2.5.6.22 NAME 'pkiCA' DESC 'RFC2587: PKI certificate a 225 | uthority' SUP top AUXILIARY MAY ( authorityRevocationList $ certificateRevoca 226 | tionList $ cACertificate $ crossCertificatePair ) ) 227 | olcObjectClasses: {22}( 2.5.6.23 NAME 'deltaCRL' DESC 'RFC2587: PKI user' SUP 228 | top AUXILIARY MAY deltaRevocationList ) 229 | olcObjectClasses: {23}( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject' DESC 'RFC 230 | 2079: object that contains the URI attribute type' MAY ( labeledURI ) SUP top 231 | AUXILIARY ) 232 | olcObjectClasses: {24}( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject' 233 | DESC 'RFC1274: simple security object' SUP top AUXILIARY MUST userPassword ) 234 | olcObjectClasses: {25}( 1.3.6.1.4.1.1466.344 NAME 'dcObject' DESC 'RFC2247: do 235 | main component object' SUP top AUXILIARY MUST dc ) 236 | olcObjectClasses: {26}( 1.3.6.1.1.3.1 NAME 'uidObject' DESC 'RFC2377: uid obje 237 | ct' SUP top AUXILIARY MUST uid ) 238 | structuralObjectClass: olcSchemaConfig 239 | entryUUID: 1752cd4c-022c-1035-8b1d-150b514cd1c2 240 | creatorsName: cn=config 241 | createTimestamp: 20151008171643Z 242 | entryCSN: 20151008171643.378379Z#000000#000#000000 243 | modifiersName: cn=config 244 | modifyTimestamp: 20151008171643Z 245 | -------------------------------------------------------------------------------- /contrib/config/slapd.d/cn=config/cn=schema/cn={1}testperson.ldif: -------------------------------------------------------------------------------- 1 | # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. 2 | # CRC32 7a01107f 3 | dn: cn={1}testPerson 4 | objectClass: olcSchemaConfig 5 | cn: {1}testPerson 6 | olcAttributeTypes: {0}( 2.16.840.1.113730.3.1.13 NAME 'testMemberOf' EQUALITY 7 | caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch ORDERING caseIgnoreOrderingM 8 | atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) 9 | olcObjectClasses: {0}( 1.3.6.1.4.1.42.2.27.1.2.5 NAME 'testPerson' DESC 'OpenS 10 | hift Origin LDAP test entry' SUP top AUXILIARY MUST ( testMemberOf )) 11 | structuralObjectClass: olcSchemaConfig 12 | entryUUID: 34616d94-022c-1035-8891-f17d3103ecde 13 | creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth 14 | createTimestamp: 20151008171732Z 15 | entryCSN: 20151008171732.128158Z#000000#000#000000 16 | modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth 17 | modifyTimestamp: 20151008171732Z 18 | -------------------------------------------------------------------------------- /contrib/config/slapd.d/cn=config/cn=schema/cn={2}cosine.ldif: -------------------------------------------------------------------------------- 1 | # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. 2 | # CRC32 0369fa65 3 | dn: cn={2}cosine 4 | objectClass: olcSchemaConfig 5 | cn: {2}cosine 6 | olcAttributeTypes: {0}( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress' 7 | EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1. 8 | 1466.115.121.1.15{256} ) 9 | olcAttributeTypes: {1}( 0.9.2342.19200300.100.1.4 NAME 'info' DESC 'RFC1274: g 10 | eneral information' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch 11 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} ) 12 | olcAttributeTypes: {2}( 0.9.2342.19200300.100.1.5 NAME ( 'drink' 'favouriteDri 13 | nk' ) DESC 'RFC1274: favorite drink' EQUALITY caseIgnoreMatch SUBSTR caseIgno 14 | reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) 15 | olcAttributeTypes: {3}( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' DESC 'RFC1 16 | 274: room number' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch S 17 | YNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) 18 | olcAttributeTypes: {4}( 0.9.2342.19200300.100.1.7 NAME 'photo' DESC 'RFC1274: 19 | photo (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000} ) 20 | olcAttributeTypes: {5}( 0.9.2342.19200300.100.1.8 NAME 'userClass' DESC 'RFC12 21 | 74: category of user' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMat 22 | ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) 23 | olcAttributeTypes: {6}( 0.9.2342.19200300.100.1.9 NAME 'host' DESC 'RFC1274: h 24 | ost computer' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTA 25 | X 1.3.6.1.4.1.1466.115.121.1.15{256} ) 26 | olcAttributeTypes: {7}( 0.9.2342.19200300.100.1.10 NAME 'manager' DESC 'RFC127 27 | 4: DN of manager' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115 28 | .121.1.12 ) 29 | olcAttributeTypes: {8}( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier' D 30 | ESC 'RFC1274: unique identifier of document' EQUALITY caseIgnoreMatch SUBSTR 31 | caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) 32 | olcAttributeTypes: {9}( 0.9.2342.19200300.100.1.12 NAME 'documentTitle' DESC ' 33 | RFC1274: title of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstri 34 | ngsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) 35 | olcAttributeTypes: {10}( 0.9.2342.19200300.100.1.13 NAME 'documentVersion' DES 36 | C 'RFC1274: version of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSu 37 | bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) 38 | olcAttributeTypes: {11}( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor' DESC 39 | 'RFC1274: DN of author of document' EQUALITY distinguishedNameMatch SYNTAX 1 40 | .3.6.1.4.1.1466.115.121.1.12 ) 41 | olcAttributeTypes: {12}( 0.9.2342.19200300.100.1.15 NAME 'documentLocation' DE 42 | SC 'RFC1274: location of document original' EQUALITY caseIgnoreMatch SUBSTR c 43 | aseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) 44 | olcAttributeTypes: {13}( 0.9.2342.19200300.100.1.20 NAME ( 'homePhone' 'homeTe 45 | lephoneNumber' ) DESC 'RFC1274: home telephone number' EQUALITY telephoneNumb 46 | erMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121 47 | .1.50 ) 48 | olcAttributeTypes: {14}( 0.9.2342.19200300.100.1.21 NAME 'secretary' DESC 'RFC 49 | 1274: DN of secretary' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.146 50 | 6.115.121.1.12 ) 51 | olcAttributeTypes: {15}( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox' SYNTAX 52 | 1.3.6.1.4.1.1466.115.121.1.39 ) 53 | olcAttributeTypes: {16}( 0.9.2342.19200300.100.1.26 NAME 'aRecord' EQUALITY ca 54 | seIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 55 | olcAttributeTypes: {17}( 0.9.2342.19200300.100.1.27 NAME 'mDRecord' EQUALITY c 56 | aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 57 | olcAttributeTypes: {18}( 0.9.2342.19200300.100.1.28 NAME 'mXRecord' EQUALITY c 58 | aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 59 | olcAttributeTypes: {19}( 0.9.2342.19200300.100.1.29 NAME 'nSRecord' EQUALITY c 60 | aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 61 | olcAttributeTypes: {20}( 0.9.2342.19200300.100.1.30 NAME 'sOARecord' EQUALITY 62 | caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 63 | olcAttributeTypes: {21}( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord' EQUALIT 64 | Y caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 65 | olcAttributeTypes: {22}( 0.9.2342.19200300.100.1.38 NAME 'associatedName' DESC 66 | 'RFC1274: DN of entry associated with domain' EQUALITY distinguishedNameMatc 67 | h SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) 68 | olcAttributeTypes: {23}( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress' D 69 | ESC 'RFC1274: home postal address' EQUALITY caseIgnoreListMatch SUBSTR caseIg 70 | noreListSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) 71 | olcAttributeTypes: {24}( 0.9.2342.19200300.100.1.40 NAME 'personalTitle' DESC 72 | 'RFC1274: personal title' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring 73 | sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) 74 | olcAttributeTypes: {25}( 0.9.2342.19200300.100.1.41 NAME ( 'mobile' 'mobileTel 75 | ephoneNumber' ) DESC 'RFC1274: mobile telephone number' EQUALITY telephoneNum 76 | berMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 77 | 1.1.50 ) 78 | olcAttributeTypes: {26}( 0.9.2342.19200300.100.1.42 NAME ( 'pager' 'pagerTelep 79 | honeNumber' ) DESC 'RFC1274: pager telephone number' EQUALITY telephoneNumber 80 | Match SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 81 | .50 ) 82 | olcAttributeTypes: {27}( 0.9.2342.19200300.100.1.43 NAME ( 'co' 'friendlyCount 83 | ryName' ) DESC 'RFC1274: friendly country name' EQUALITY caseIgnoreMatch SUBS 84 | TR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 85 | olcAttributeTypes: {28}( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier' DE 86 | SC 'RFC1274: unique identifer' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.14 87 | 66.115.121.1.15{256} ) 88 | olcAttributeTypes: {29}( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus 89 | ' DESC 'RFC1274: organizational status' EQUALITY caseIgnoreMatch SUBSTR caseI 90 | gnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) 91 | olcAttributeTypes: {30}( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox' DESC ' 92 | RFC1274: Janet mailbox' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Subst 93 | ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) 94 | olcAttributeTypes: {31}( 0.9.2342.19200300.100.1.47 NAME 'mailPreferenceOption 95 | ' DESC 'RFC1274: mail preference option' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 96 | ) 97 | olcAttributeTypes: {32}( 0.9.2342.19200300.100.1.48 NAME 'buildingName' DESC ' 98 | RFC1274: name of building' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrin 99 | gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) 100 | olcAttributeTypes: {33}( 0.9.2342.19200300.100.1.49 NAME 'dSAQuality' DESC 'RF 101 | C1274: DSA Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.19 SINGLE-VALUE ) 102 | olcAttributeTypes: {34}( 0.9.2342.19200300.100.1.50 NAME 'singleLevelQuality' 103 | DESC 'RFC1274: Single Level Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SIN 104 | GLE-VALUE ) 105 | olcAttributeTypes: {35}( 0.9.2342.19200300.100.1.51 NAME 'subtreeMinimumQualit 106 | y' DESC 'RFC1274: Subtree Mininum Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 107 | 13 SINGLE-VALUE ) 108 | olcAttributeTypes: {36}( 0.9.2342.19200300.100.1.52 NAME 'subtreeMaximumQualit 109 | y' DESC 'RFC1274: Subtree Maximun Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 110 | 13 SINGLE-VALUE ) 111 | olcAttributeTypes: {37}( 0.9.2342.19200300.100.1.53 NAME 'personalSignature' D 112 | ESC 'RFC1274: Personal Signature (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1. 113 | 23 ) 114 | olcAttributeTypes: {38}( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect' DESC 'R 115 | FC1274: DIT Redirect' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466 116 | .115.121.1.12 ) 117 | olcAttributeTypes: {39}( 0.9.2342.19200300.100.1.55 NAME 'audio' DESC 'RFC1274 118 | : audio (u-law)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.4{25000} ) 119 | olcAttributeTypes: {40}( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher' D 120 | ESC 'RFC1274: publisher of document' EQUALITY caseIgnoreMatch SUBSTR caseIgno 121 | reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 122 | olcObjectClasses: {0}( 0.9.2342.19200300.100.4.4 NAME ( 'pilotPerson' 'newPilo 123 | tPerson' ) SUP person STRUCTURAL MAY ( userid $ textEncodedORAddress $ rfc822 124 | Mailbox $ favouriteDrink $ roomNumber $ userClass $ homeTelephoneNumber $ hom 125 | ePostalAddress $ secretary $ personalTitle $ preferredDeliveryMethod $ busine 126 | ssCategory $ janetMailbox $ otherMailbox $ mobileTelephoneNumber $ pagerTelep 127 | honeNumber $ organizationalStatus $ mailPreferenceOption $ personalSignature 128 | ) ) 129 | olcObjectClasses: {1}( 0.9.2342.19200300.100.4.5 NAME 'account' SUP top STRUCT 130 | URAL MUST userid MAY ( description $ seeAlso $ localityName $ organizationNam 131 | e $ organizationalUnitName $ host ) ) 132 | olcObjectClasses: {2}( 0.9.2342.19200300.100.4.6 NAME 'document' SUP top STRUC 133 | TURAL MUST documentIdentifier MAY ( commonName $ description $ seeAlso $ loca 134 | lityName $ organizationName $ organizationalUnitName $ documentTitle $ docume 135 | ntVersion $ documentAuthor $ documentLocation $ documentPublisher ) ) 136 | olcObjectClasses: {3}( 0.9.2342.19200300.100.4.7 NAME 'room' SUP top STRUCTURA 137 | L MUST commonName MAY ( roomNumber $ description $ seeAlso $ telephoneNumber 138 | ) ) 139 | olcObjectClasses: {4}( 0.9.2342.19200300.100.4.9 NAME 'documentSeries' SUP top 140 | STRUCTURAL MUST commonName MAY ( description $ seeAlso $ telephonenumber $ l 141 | ocalityName $ organizationName $ organizationalUnitName ) ) 142 | olcObjectClasses: {5}( 0.9.2342.19200300.100.4.13 NAME 'domain' SUP top STRUCT 143 | URAL MUST domainComponent MAY ( associatedName $ organizationName $ descripti 144 | on $ businessCategory $ seeAlso $ searchGuide $ userPassword $ localityName $ 145 | stateOrProvinceName $ streetAddress $ physicalDeliveryOfficeName $ postalAdd 146 | ress $ postalCode $ postOfficeBox $ streetAddress $ facsimileTelephoneNumber 147 | $ internationalISDNNumber $ telephoneNumber $ teletexTerminalIdentifier $ tel 148 | exNumber $ preferredDeliveryMethod $ destinationIndicator $ registeredAddress 149 | $ x121Address ) ) 150 | olcObjectClasses: {6}( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart' SUP d 151 | omain STRUCTURAL MAY ( commonName $ surname $ description $ seeAlso $ telepho 152 | neNumber $ physicalDeliveryOfficeName $ postalAddress $ postalCode $ postOffi 153 | ceBox $ streetAddress $ facsimileTelephoneNumber $ internationalISDNNumber $ 154 | telephoneNumber $ teletexTerminalIdentifier $ telexNumber $ preferredDelivery 155 | Method $ destinationIndicator $ registeredAddress $ x121Address ) ) 156 | olcObjectClasses: {7}( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain' SUP domain 157 | STRUCTURAL MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $ SOARecord $ CNAME 158 | Record ) ) 159 | olcObjectClasses: {8}( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject' D 160 | ESC 'RFC1274: an object related to an domain' SUP top AUXILIARY MUST associat 161 | edDomain ) 162 | olcObjectClasses: {9}( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry' SUP c 163 | ountry STRUCTURAL MUST friendlyCountryName ) 164 | olcObjectClasses: {10}( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization' SU 165 | P ( organization $ organizationalUnit ) STRUCTURAL MAY buildingName ) 166 | olcObjectClasses: {11}( 0.9.2342.19200300.100.4.21 NAME 'pilotDSA' SUP dsa STR 167 | UCTURAL MAY dSAQuality ) 168 | olcObjectClasses: {12}( 0.9.2342.19200300.100.4.22 NAME 'qualityLabelledData' 169 | SUP top AUXILIARY MUST dsaQuality MAY ( subtreeMinimumQuality $ subtreeMaximu 170 | mQuality ) ) 171 | structuralObjectClass: olcSchemaConfig 172 | entryUUID: 3461cf96-022c-1035-8892-f17d3103ecde 173 | creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth 174 | createTimestamp: 20151008171732Z 175 | entryCSN: 20151008171732.130668Z#000000#000#000000 176 | modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth 177 | modifyTimestamp: 20151008171732Z 178 | -------------------------------------------------------------------------------- /contrib/config/slapd.d/cn=config/cn=schema/cn={3}inetorgperson.ldif: -------------------------------------------------------------------------------- 1 | # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. 2 | # CRC32 0d54f2b1 3 | dn: cn={3}inetorgperson 4 | objectClass: olcSchemaConfig 5 | cn: {3}inetorgperson 6 | olcAttributeTypes: {0}( 2.16.840.1.113730.3.1.1 NAME 'carLicense' DESC 'RFC279 7 | 8: vehicle license or registration plate' EQUALITY caseIgnoreMatch SUBSTR cas 8 | eIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 9 | olcAttributeTypes: {1}( 2.16.840.1.113730.3.1.2 NAME 'departmentNumber' DESC ' 10 | RFC2798: identifies a department within an organization' EQUALITY caseIgnoreM 11 | atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 12 | olcAttributeTypes: {2}( 2.16.840.1.113730.3.1.241 NAME 'displayName' DESC 'RFC 13 | 2798: preferred name to be used when displaying entries' EQUALITY caseIgnoreM 14 | atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI 15 | NGLE-VALUE ) 16 | olcAttributeTypes: {3}( 2.16.840.1.113730.3.1.3 NAME 'employeeNumber' DESC 'RF 17 | C2798: numerically identifies an employee within an organization' EQUALITY ca 18 | seIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 19 | 1.1.15 SINGLE-VALUE ) 20 | olcAttributeTypes: {4}( 2.16.840.1.113730.3.1.4 NAME 'employeeType' DESC 'RFC2 21 | 798: type of employment for a person' EQUALITY caseIgnoreMatch SUBSTR caseIgn 22 | oreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 23 | olcAttributeTypes: {5}( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' DESC 'RFC2 24 | 798: a JPEG image' SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 ) 25 | olcAttributeTypes: {6}( 2.16.840.1.113730.3.1.39 NAME 'preferredLanguage' DESC 26 | 'RFC2798: preferred written or spoken language for a person' EQUALITY caseIg 27 | noreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. 28 | 15 SINGLE-VALUE ) 29 | olcAttributeTypes: {7}( 2.16.840.1.113730.3.1.40 NAME 'userSMIMECertificate' D 30 | ESC 'RFC2798: PKCS#7 SignedData used to support S/MIME' SYNTAX 1.3.6.1.4.1.14 31 | 66.115.121.1.5 ) 32 | olcAttributeTypes: {8}( 2.16.840.1.113730.3.1.216 NAME 'userPKCS12' DESC 'RFC2 33 | 798: personal identity information, a PKCS #12 PFX' SYNTAX 1.3.6.1.4.1.1466.1 34 | 15.121.1.5 ) 35 | olcObjectClasses: {0}( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson' DESC 'RFC2 36 | 798: Internet Organizational Person' SUP organizationalPerson STRUCTURAL MAY 37 | ( audio $ businessCategory $ carLicense $ departmentNumber $ displayName $ em 38 | ployeeNumber $ employeeType $ givenName $ homePhone $ homePostalAddress $ ini 39 | tials $ jpegPhoto $ labeledURI $ mail $ manager $ mobile $ o $ pager $ photo 40 | $ roomNumber $ secretary $ uid $ userCertificate $ x500uniqueIdentifier $ pre 41 | ferredLanguage $ userSMIMECertificate $ userPKCS12 ) ) 42 | structuralObjectClass: olcSchemaConfig 43 | entryUUID: 3462629e-022c-1035-8893-f17d3103ecde 44 | creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth 45 | createTimestamp: 20151008171732Z 46 | entryCSN: 20151008171732.134431Z#000000#000#000000 47 | modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth 48 | modifyTimestamp: 20151008171732Z 49 | -------------------------------------------------------------------------------- /contrib/config/slapd.d/cn=config/olcDatabase={-1}frontend.ldif: -------------------------------------------------------------------------------- 1 | # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. 2 | # CRC32 d85495d3 3 | dn: olcDatabase={-1}frontend 4 | objectClass: olcDatabaseConfig 5 | objectClass: olcFrontendConfig 6 | olcDatabase: frontend 7 | structuralObjectClass: olcDatabaseConfig 8 | entryUUID: 1752e50c-022c-1035-8b1e-150b514cd1c2 9 | creatorsName: cn=config 10 | createTimestamp: 20151008171643Z 11 | entryCSN: 20151008171643.378987Z#000000#000#000000 12 | modifiersName: cn=config 13 | modifyTimestamp: 20151008171643Z 14 | -------------------------------------------------------------------------------- /contrib/config/slapd.d/cn=config/olcDatabase={0}config.ldif: -------------------------------------------------------------------------------- 1 | # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. 2 | # CRC32 bac014b5 3 | dn: olcDatabase={0}config 4 | objectClass: olcDatabaseConfig 5 | olcDatabase: {0}config 6 | olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external 7 | ,cn=auth" manage by * none 8 | structuralObjectClass: olcDatabaseConfig 9 | entryUUID: 1752e750-022c-1035-8b1f-150b514cd1c2 10 | creatorsName: cn=config 11 | createTimestamp: 20151008171643Z 12 | olcRootPW:: e1NTSEF9NVRNZ3lSRDdQL2lsTDk1clIxQXh4bDBXUGtwNXloaUk= 13 | entryCSN: 20151008171732.125623Z#000000#000#000000 14 | modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth 15 | modifyTimestamp: 20151008171732Z 16 | -------------------------------------------------------------------------------- /contrib/config/slapd.d/cn=config/olcDatabase={1}monitor.ldif: -------------------------------------------------------------------------------- 1 | # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. 2 | # CRC32 1eb933fe 3 | dn: olcDatabase={1}monitor 4 | objectClass: olcDatabaseConfig 5 | olcDatabase: {1}monitor 6 | olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external 7 | ,cn=auth" read by dn.base="cn=Manager,dc=my-domain,dc=com" read by * none 8 | structuralObjectClass: olcDatabaseConfig 9 | entryUUID: 1752e9ee-022c-1035-8b20-150b514cd1c2 10 | creatorsName: cn=config 11 | createTimestamp: 20151008171643Z 12 | entryCSN: 20151008171643.379113Z#000000#000#000000 13 | modifiersName: cn=config 14 | modifyTimestamp: 20151008171643Z 15 | -------------------------------------------------------------------------------- /contrib/config/slapd.d/cn=config/olcDatabase={2}hdb.ldif: -------------------------------------------------------------------------------- 1 | # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. 2 | # CRC32 12587906 3 | dn: olcDatabase={2}hdb 4 | objectClass: olcDatabaseConfig 5 | objectClass: olcHdbConfig 6 | olcDatabase: {2}hdb 7 | olcDbDirectory: /var/lib/ldap 8 | olcDbIndex: objectClass eq,pres 9 | olcDbIndex: ou,cn,mail,surname,givenname eq,pres,sub 10 | structuralObjectClass: olcHdbConfig 11 | entryUUID: 1752ed18-022c-1035-8b21-150b514cd1c2 12 | creatorsName: cn=config 13 | createTimestamp: 20151008171643Z 14 | olcRootPW:: e1NTSEF9NVRNZ3lSRDdQL2lsTDk1clIxQXh4bDBXUGtwNXloaUk= 15 | olcRootDN: cn=Manager,dc=example,dc=com 16 | olcSuffix: dc=example,dc=com 17 | entryCSN: 20151008171732.125884Z#000000#000#000000 18 | modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth 19 | modifyTimestamp: 20151008171732Z 20 | -------------------------------------------------------------------------------- /contrib/config/slapd.d/cn=config/olcDatabase={2}hdb/olcOverlay={0}memberof.ldif: -------------------------------------------------------------------------------- 1 | # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. 2 | # CRC32 d8fe7ae4 3 | dn: olcOverlay={0}memberof 4 | objectClass: olcConfig 5 | objectClass: olcMemberOf 6 | objectClass: olcOverlayConfig 7 | objectClass: top 8 | olcOverlay: {0}memberof 9 | olcMemberOfDangling: ignore 10 | olcMemberOfRefInt: TRUE 11 | olcMemberOfGroupOC: groupOfNames 12 | olcMemberOfMemberAD: member 13 | olcMemberOfMemberOfAD: memberOf 14 | structuralObjectClass: olcMemberOf 15 | entryUUID: 34634a4c-022c-1035-8895-f17d3103ecde 16 | creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth 17 | createTimestamp: 20151008171732Z 18 | entryCSN: 20151008171732.140363Z#000000#000#000000 19 | modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth 20 | modifyTimestamp: 20151008171732Z 21 | -------------------------------------------------------------------------------- /contrib/config/slapd.d/cn=config/olcDatabase={2}hdb/olcOverlay={1}refint.ldif: -------------------------------------------------------------------------------- 1 | # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. 2 | # CRC32 df3f6f1e 3 | dn: olcOverlay={1}refint 4 | objectClass: olcConfig 5 | objectClass: olcOverlayConfig 6 | objectClass: olcRefintConfig 7 | objectClass: top 8 | olcOverlay: {1}refint 9 | olcRefintAttribute: memberof member manager owner 10 | structuralObjectClass: olcRefintConfig 11 | entryUUID: 3463a00a-022c-1035-8896-f17d3103ecde 12 | creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth 13 | createTimestamp: 20151008171732Z 14 | entryCSN: 20151008171732.142559Z#000000#000#000000 15 | modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth 16 | modifyTimestamp: 20151008171732Z 17 | -------------------------------------------------------------------------------- /contrib/configure_memberof.ldif: -------------------------------------------------------------------------------- 1 | dn: olcOverlay={0}memberof,olcDatabase={2}hdb,cn=config 2 | objectClass: olcConfig 3 | objectClass: olcMemberOf 4 | objectClass: olcOverlayConfig 5 | objectClass: top 6 | olcOverlay: {0}memberof 7 | olcMemberOfDangling: ignore 8 | olcMemberOfRefInt: TRUE 9 | olcMemberOfGroupOC: groupOfNames 10 | olcMemberOfMemberAD: member 11 | olcMemberOfMemberOfAD: memberOf 12 | -------------------------------------------------------------------------------- /contrib/configure_refint.ldif: -------------------------------------------------------------------------------- 1 | dn: olcOverlay={1}refint,olcDatabase={2}hdb,cn=config 2 | objectClass: olcConfig 3 | objectClass: olcOverlayConfig 4 | objectClass: olcRefintConfig 5 | objectClass: top 6 | olcOverlay: {1}refint 7 | olcRefintAttribute: memberof member manager owner -------------------------------------------------------------------------------- /contrib/first_config.ldif: -------------------------------------------------------------------------------- 1 | dn: olcDatabase={0}config,cn=config 2 | changetype: modify 3 | replace: olcRootPW 4 | olcRootPW: OPENLDAP_ROOT_PASSWORD 5 | 6 | dn: olcDatabase={2}mdb,cn=config 7 | changetype: modify 8 | replace: olcRootPW 9 | olcRootPW: OPENLDAP_ROOT_PASSWORD 10 | - 11 | replace: olcRootDN 12 | olcRootDN: OPENLDAP_ROOT_DN,OPENLDAP_SUFFIX 13 | - 14 | replace: olcSuffix 15 | olcSuffix: OPENLDAP_SUFFIX 16 | 17 | -------------------------------------------------------------------------------- /contrib/lib/DB_CONFIG: -------------------------------------------------------------------------------- 1 | # $OpenLDAP$ 2 | # Example DB_CONFIG file for use with slapd(8) BDB/HDB databases. 3 | # 4 | # See the Oracle Berkeley DB documentation 5 | # 6 | # for detail description of DB_CONFIG syntax and semantics. 7 | # 8 | # Hints can also be found in the OpenLDAP Software FAQ 9 | # 10 | # in particular: 11 | # 12 | 13 | # Note: most DB_CONFIG settings will take effect only upon rebuilding 14 | # the DB environment. 15 | 16 | # one 0.25 GB cache 17 | set_cachesize 0 268435456 1 18 | 19 | # Data Directory 20 | #set_data_dir db 21 | 22 | # Transaction Log settings 23 | set_lg_regionmax 262144 24 | set_lg_bsize 2097152 25 | #set_lg_dir logs 26 | 27 | # Note: special DB_CONFIG flags are no longer needed for "quick" 28 | # slapadd(8) or slapindex(8) access (see their -q option). 29 | -------------------------------------------------------------------------------- /contrib/lib/__db.001: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openshift/openldap/bf6fe685b0a3ebba944b37631a088a58eb49516d/contrib/lib/__db.001 -------------------------------------------------------------------------------- /contrib/lib/__db.002: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openshift/openldap/bf6fe685b0a3ebba944b37631a088a58eb49516d/contrib/lib/__db.002 -------------------------------------------------------------------------------- /contrib/lib/__db.003: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openshift/openldap/bf6fe685b0a3ebba944b37631a088a58eb49516d/contrib/lib/__db.003 -------------------------------------------------------------------------------- /contrib/lib/alock: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openshift/openldap/bf6fe685b0a3ebba944b37631a088a58eb49516d/contrib/lib/alock -------------------------------------------------------------------------------- /contrib/lib/dn2id.bdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openshift/openldap/bf6fe685b0a3ebba944b37631a088a58eb49516d/contrib/lib/dn2id.bdb -------------------------------------------------------------------------------- /contrib/lib/id2entry.bdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openshift/openldap/bf6fe685b0a3ebba944b37631a088a58eb49516d/contrib/lib/id2entry.bdb -------------------------------------------------------------------------------- /contrib/lib/log.0000000001: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openshift/openldap/bf6fe685b0a3ebba944b37631a088a58eb49516d/contrib/lib/log.0000000001 -------------------------------------------------------------------------------- /contrib/lib/objectClass.bdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openshift/openldap/bf6fe685b0a3ebba944b37631a088a58eb49516d/contrib/lib/objectClass.bdb -------------------------------------------------------------------------------- /contrib/load_modules.ldif: -------------------------------------------------------------------------------- 1 | dn: cn=module{0},cn=config 2 | objectClass: olcModuleList 3 | cn: module{0} 4 | olcModulePath: /usr/lib64/openldap 5 | olcModuleLoad: memberof.la 6 | olcModuleLoad: refint.la 7 | -------------------------------------------------------------------------------- /contrib/run-openldap.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Reduce maximum number of number of open file descriptors to 1024 4 | # otherwise slapd consumes two orders of magnitude more of RAM 5 | # see https://github.com/docker/docker/issues/8231 6 | ulimit -n 1024 7 | 8 | OPENLDAP_ROOT_PASSWORD=${OPENLDAP_ROOT_PASSWORD:-admin} 9 | OPENLDAP_ROOT_DN_PREFIX=${OPENLDAP_ROOT_DN_PREFIX:-'cn=Manager'} 10 | OPENLDAP_ROOT_DN_SUFFIX=${OPENLDAP_ROOT_DN_SUFFIX:-'dc=example,dc=com'} 11 | OPENLDAP_DEBUG_LEVEL=${OPENLDAP_DEBUG_LEVEL:-256} 12 | 13 | # Only run if no config has happened fully before 14 | if [ ! -f /etc/openldap/CONFIGURED ]; then 15 | 16 | user=`id | grep -Po "(?<=uid=)\d+"` 17 | if (( user == 0 )) 18 | then 19 | # We are root, we can use user input! 20 | # Bring in default databse config 21 | cp /usr/local/etc/openldap/DB_CONFIG /var/lib/ldap/DB_CONFIG 22 | 23 | # start the daemon in another process and make config changes 24 | slapd -h "ldap:/// ldaps:/// ldapi:///" -d $OPENLDAP_DEBUG_LEVEL & 25 | for ((i=30; i>0; i--)) 26 | do 27 | ping_result=`ldapsearch 2>&1 | grep "Can.t contact LDAP server"` 28 | if [ -z "$ping_result" ] 29 | then 30 | break 31 | fi 32 | sleep 1 33 | done 34 | if [ $i -eq 0 ] 35 | then 36 | echo "slapd did not start correctly" 37 | exit 1 38 | fi 39 | 40 | # Generate hash of password 41 | OPENLDAP_ROOT_PASSWORD_HASH=$(slappasswd -s "${OPENLDAP_ROOT_PASSWORD}") 42 | 43 | # Update configuration with root password, root DN, and root suffix 44 | sed -e "s OPENLDAP_ROOT_PASSWORD ${OPENLDAP_ROOT_PASSWORD_HASH} g" \ 45 | -e "s OPENLDAP_ROOT_DN ${OPENLDAP_ROOT_DN_PREFIX} g" \ 46 | -e "s OPENLDAP_SUFFIX ${OPENLDAP_ROOT_DN_SUFFIX} g" /usr/local/etc/openldap/first_config.ldif | 47 | ldapmodify -Y EXTERNAL -H ldapi:/// -d $OPENLDAP_DEBUG_LEVEL 48 | 49 | # add test schema 50 | ldapadd -Y EXTERNAL -H ldapi:/// -f /usr/local/etc/openldap/testPerson.ldif -d $OPENLDAP_DEBUG_LEVEL 51 | 52 | # add useful schemas 53 | ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif -d $OPENLDAP_DEBUG_LEVEL 54 | ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif -d $OPENLDAP_DEBUG_LEVEL 55 | 56 | # load memberOf and refint modules 57 | ldapadd -Y EXTERNAL -H ldapi:/// -f /usr/local/etc/openldap/load_modules.ldif -d $OPENLDAP_DEBUG_LEVEL 58 | 59 | # configure memberOf module 60 | ldapadd -Y EXTERNAL -H ldapi:/// -f /usr/local/etc/openldap/configure_memberof.ldif -d $OPENLDAP_DEBUG_LEVEL 61 | 62 | # configure refint module 63 | ldapadd -Y EXTERNAL -H ldapi:/// -f /usr/local/etc/openldap/configure_refint.ldif -d $OPENLDAP_DEBUG_LEVEL 64 | 65 | # extract dc name from root DN suffix 66 | dc_name=$(echo "${OPENLDAP_ROOT_DN_SUFFIX}" | grep -Po "(?<=^dc\=)[\w\d]+") 67 | # create base organization object 68 | sed -e "s OPENLDAP_SUFFIX ${OPENLDAP_ROOT_DN_SUFFIX} g" \ 69 | -e "s FIRST_PART ${dc_name} g" \ 70 | usr/local/etc/openldap/base.ldif | 71 | ldapadd -x -D "$OPENLDAP_ROOT_DN_PREFIX,$OPENLDAP_ROOT_DN_SUFFIX" -w "$OPENLDAP_ROOT_PASSWORD" 72 | 73 | # stop the daemon 74 | pid=$(ps -A | grep slapd | awk '{print $1}') 75 | kill -2 $pid || echo $? 76 | 77 | # ensure the daemon stopped 78 | for ((i=30; i>0; i--)) 79 | do 80 | exists=$(ps -A | grep $pid) 81 | if [ -z "${exists}" ] 82 | then 83 | break 84 | fi 85 | sleep 1 86 | done 87 | if [ $i -eq 0 ] 88 | then 89 | echo "slapd did not stop correctly" 90 | exit 1 91 | fi 92 | else 93 | # We are not root, we need to populate from the default bind-mount source 94 | if [ -f /opt/openshift/config/slapd.d/cn\=config/olcDatabase\=\{0\}config.ldif ] 95 | then 96 | # Use provided default config, get rid of current data 97 | rm -rf /var/lib/ldap/* 98 | rm -rf /etc/openldap/* 99 | # Bring in associated default database files 100 | mv -f /opt/openshift/lib/* /var/lib/ldap 101 | mv -f /opt/openshift/config/* /etc/openldap 102 | else 103 | # Something has gone wrong with our image build 104 | echo "FAILURE: Default configuration files from /contrib/ are not present in the image at /opt/openshift." 105 | exit 1 106 | fi 107 | fi 108 | 109 | # Test configuration files, log checksum errors. Errors may be tolerated and repaired by slapd so don't exit 110 | LOG=`slaptest 2>&1` 111 | CHECKSUM_ERR=$(echo "${LOG}" | grep -Po "(?<=ldif_read_file: checksum error on \").+(?=\")") 112 | for err in $CHECKSUM_ERR 113 | do 114 | echo "The file ${err} has a checksum error. Ensure that this file is not edited manually, or re-calculate the checksum." 115 | done 116 | 117 | rm -rf /opt/openshift/* 118 | 119 | touch /etc/openldap/CONFIGURED 120 | fi 121 | 122 | # Start the slapd service 123 | exec slapd -h "ldap:/// ldaps:///" -d $OPENLDAP_DEBUG_LEVEL -------------------------------------------------------------------------------- /contrib/testPerson.ldif: -------------------------------------------------------------------------------- 1 | # testPerson.ldif -- OpenShift Origin test schema definition 2 | # 3 | dn: cn=testPerson,cn=schema,cn=config 4 | objectClass: olcSchemaConfig 5 | cn: testPerson 6 | olcAttributeTypes: ( 2.16.840.1.113730.3.1.13 NAME 'testMemberOf' 7 | EQUALITY caseIgnoreMatch 8 | SUBSTR caseIgnoreSubstringsMatch 9 | ORDERING caseIgnoreOrderingMatch 10 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) 11 | olcObjectClasses: ( 1.3.6.1.4.1.42.2.27.1.2.5 NAME 'testPerson' 12 | DESC 'OpenShift Origin LDAP test entry' 13 | SUP top 14 | AUXILIARY 15 | MUST ( testMemberOf )) -------------------------------------------------------------------------------- /contrib/testPerson.schema: -------------------------------------------------------------------------------- 1 | # Test Schema for OpenShift Origin test cases 2 | # WARNING: THIS STOMPS ON THE OID OF MEMBERS OF MISC.SCHEMA 3 | # ATTRIBUTE testMemberOf STOMPS ON mailLocalAddress 4 | # OBJECTCLASS testPerson STOMPS ON nisMailAlias 5 | # 6 | # testMemberOf allows us to fake Active-Directory style group management in OpenLDAP manually 7 | # without using the memberof overlay 8 | attributeType( 2.16.840.1.113730.3.1.13 NAME 'testMemberOf' 9 | EQUALITY caseIgnoreMatch 10 | SUBSTR caseIgnoreSubstringsMatch 11 | ORDERING caseIgnoreOrderingMatch 12 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) 13 | # 14 | # the testPerson objectClass allows us to append the above attributes 15 | objectClass ( 1.3.6.1.4.1.42.2.27.1.2.5 NAME 'testPerson' 16 | DESC 'OpenShift Origin LDAP test entry' 17 | SUP top AUXILIARY 18 | MUST ( testMemberOf )) 19 | -------------------------------------------------------------------------------- /hack/test.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Test the OpenLDAP image. 4 | # 5 | # IMAGE specifies the test_name of the candidate image used for testing. 6 | # The image has to be available before this script is executed. 7 | # 8 | 9 | set -eo nounset 10 | shopt -s nullglob 11 | 12 | IMAGE=${IMAGE:-openshift/openldap-candidate} 13 | RUNTIME=${RUNTIME:-podman} 14 | 15 | function cleanup() { 16 | local network_name=$1 17 | local container_names="$2 $3" 18 | 19 | for container in $container_names 20 | do 21 | echo "Stopping and removing container $container..." 22 | 23 | $RUNTIME stop "$container" 24 | exit_status=$($RUNTIME inspect -f '{{.State.ExitCode}}' "$container") 25 | if [ "$exit_status" != "0" ]; then 26 | echo "Dumping logs for $container" 27 | $RUNTIME logs "$container" 28 | fi 29 | 30 | $RUNTIME rm "$container" 31 | echo "Done." 32 | 33 | done 34 | 35 | echo "Remove network $network_name" 36 | $RUNTIME network rm -f "$network_name" 37 | 38 | } 39 | 40 | function test_connection() { 41 | local client_name=$1 42 | local server_name=$2 43 | local max_attempts=20 44 | local sleep_time=2 45 | 46 | echo " Testing OpenLDAP connection to $server_name..." 47 | 48 | for _ in $(seq $max_attempts); do 49 | echo " Trying to connect..." 50 | 51 | set +e 52 | $RUNTIME container exec "$client_name" \ 53 | ldapsearch -x \ 54 | -h "$server_name" -p 389 \ 55 | -b dc=example,dc=com objectClass="*" 56 | status=$? 57 | set -e 58 | 59 | if [ $status -eq 0 ]; then 60 | echo " Success!" 61 | return 0 62 | fi 63 | 64 | sleep $sleep_time 65 | done 66 | 67 | echo " Giving up: Failed to connect. Logs:" 68 | $RUNTIME logs "$client_name" 69 | 70 | return 1 71 | } 72 | 73 | function test_openldap() { 74 | local client_name=$1 75 | local server_name=$2 76 | echo " Testing OpenLDAP" 77 | 78 | $RUNTIME container exec "$client_name" \ 79 | ldapsearch -x -LLL \ 80 | -h "$server_name" -p 389 \ 81 | -b dc=example,dc=com objectClass=organization \ 82 | | grep "dc=example,dc=com" 83 | 84 | $RUNTIME container exec "$client_name" \ 85 | ldapadd -x \ 86 | -h "$server_name" -p 389 \ 87 | -D cn=Manager,dc=example,dc=com -w admin \ 88 | -f test/test.ldif 89 | 90 | $RUNTIME container exec "$client_name" \ 91 | ldapsearch -x -LLL \ 92 | -h "$server_name" -p 389 \ 93 | -b cn=person,dc=example,dc=com memberof \ 94 | | grep "dc=example,dc=com" 95 | 96 | echo " Success!" 97 | } 98 | 99 | function create_container() { 100 | local container_name=$1 101 | local docker_args=$2 102 | 103 | $RUNTIME run $docker_args --name "$container_name" -d "$IMAGE" 104 | 105 | echo "Created container $container_name" 106 | } 107 | 108 | function run_tests() { 109 | local test_name=$1 110 | local additional_args=$2 111 | local timestamp=$(date '+%s') 112 | local client_name="ldap_client_$timestamp" 113 | local server_name="ldap_server_$timestamp" 114 | local network_name="ldap_net_$timestamp" 115 | 116 | trap 'cleanup $network_name $client_name $server_name' SIGINT 117 | 118 | echo "#######################################" 119 | echo "# Test Case: $test_name" 120 | echo "#######################################" 121 | 122 | $RUNTIME network create -d bridge "$network_name" 123 | 124 | create_container "$client_name" "--network $network_name $additional_args" 125 | create_container "$server_name" "--network $network_name $additional_args" 126 | 127 | test_connection "$client_name" "$server_name" 128 | test_openldap "$client_name" "$server_name" 129 | 130 | echo " Test Success!" 131 | echo "#######################################" 132 | 133 | cleanup "$network_name" "$client_name" "$server_name" 134 | } 135 | 136 | # Tests. 137 | run_tests "root" " " 138 | run_tests "rootless" "-u 12345" 139 | -------------------------------------------------------------------------------- /images/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM fedora:34 2 | 3 | # OpenLDAP server image for OpenShift Origin 4 | # 5 | # Volumes: 6 | # * /var/lib/ldap/data - Datastore for OpenLDAP 7 | # * /etc/openldap/ - Config directory for slapd 8 | # Environment: 9 | # * $OPENLDAP_ADMIN_PASSWORD - OpenLDAP administrator password 10 | # * $OPENLDAP_DEBUG_LEVEL (Optional) - OpenLDAP debugging level, defaults to 256 11 | 12 | LABEL io.k8s.description="OpenLDAP is an open source implementation of the Lightweight Directory Access Protocol." \ 13 | io.openshift.expose-services="389:ldap,636:ldaps" \ 14 | io.openshift.tags="directory,ldap,openldap" \ 15 | io.openshift.non-scalable="true" 16 | 17 | # Add defaults for config 18 | COPY ./contrib/config /opt/openshift/config 19 | COPY ./contrib/lib /opt/openshift/lib 20 | 21 | # Add startup scripts 22 | COPY ./contrib/run-*.sh /usr/local/bin/ 23 | COPY ./contrib/*.ldif /usr/local/etc/openldap/ 24 | COPY ./contrib/*.schema /usr/local/etc/openldap/ 25 | COPY ./contrib/DB_CONFIG /usr/local/etc/openldap/ 26 | 27 | # Add test query 28 | COPY test/test.ldif /test/test.ldif 29 | 30 | # Install OpenLDAP Server, give it permissionst to bind to low ports 31 | RUN dnf install -y \ 32 | git findutils make \ 33 | openldap \ 34 | openldap-servers \ 35 | openldap-clients \ 36 | openssl \ 37 | procps-ng && \ 38 | dnf clean all -y && \ 39 | setcap 'cap_net_bind_service=+ep' /usr/sbin/slapd && \ 40 | mkdir -p /var/lib/ldap && \ 41 | chmod a+rwx -R /var/lib/ldap && \ 42 | mkdir -p /etc/openldap && \ 43 | chmod a+rwx -R /etc/openldap && \ 44 | mkdir -p /var/run/openldap && \ 45 | chmod a+rwx -R /var/run/openldap && \ 46 | chmod -R a+rw /opt/openshift 47 | 48 | # Set OpenLDAP data and config directories in a data volume 49 | VOLUME ["/var/lib/ldap", "/etc/openldap"] 50 | 51 | # Expose default ports for ldap and ldaps 52 | EXPOSE 389 636 53 | 54 | CMD ["/usr/local/bin/run-openldap.sh"] 55 | -------------------------------------------------------------------------------- /images/Dockerfile.rhel7: -------------------------------------------------------------------------------- 1 | FROM registry.access.redhat.com/ubi7/ubi 2 | 3 | # OpenLDAP server image for OpenShift Origin 4 | # 5 | # Volumes: 6 | # * /var/lib/ldap/data - Datastore for OpenLDAP 7 | # * /etc/openldap/ - Config directory for slapd 8 | # Environment: 9 | # * $OPENLDAP_ADMIN_PASSWORD - OpenLDAP administrator password 10 | # * $OPENLDAP_DEBUG_LEVEL (Optional) - OpenLDAP debugging level, defaults to 256 11 | 12 | LABEL io.k8s.description="OpenLDAP is an open source implementation of the Lightweight Directory Access Protocol." \ 13 | io.openshift.expose-services="389:ldap,636:ldaps" \ 14 | io.openshift.tags="directory,ldap,openldap" \ 15 | io.openshift.non-scalable="true" 16 | 17 | # Add defaults for config 18 | COPY ./contrib/config /opt/openshift/config 19 | COPY ./contrib/lib /opt/openshift/lib 20 | # Add startup scripts 21 | COPY ./contrib/run-*.sh /usr/local/bin/ 22 | COPY contrib/*.ldif /usr/local/etc/openldap/ 23 | COPY contrib/*.schema /usr/local/etc/openldap/ 24 | COPY contrib/DB_CONFIG /usr/local/etc/openldap/ 25 | 26 | # Install OpenLDAP Server, give it permissionst to bind to low ports 27 | RUN yum install -y git openssl openldap openldap-servers openldap-clients procps-ng && \ 28 | yum clean all -y && \ 29 | setcap 'cap_net_bind_service=+ep' /usr/sbin/slapd && \ 30 | mkdir -p /var/lib/ldap && \ 31 | chmod a+rwx -R /var/lib/ldap && \ 32 | mkdir -p /etc/openldap && \ 33 | chmod a+rwx -R /etc/openldap && \ 34 | mkdir -p /var/run/openldap && \ 35 | chmod a+rwx -R /var/run/openldap && \ 36 | chmod -R a+rw /opt/openshift 37 | 38 | # Set OpenLDAP data and config directories in a data volume 39 | VOLUME ["/var/lib/ldap", "/etc/openldap"] 40 | 41 | # Expose default ports for ldap and ldaps 42 | EXPOSE 389 636 43 | 44 | CMD ["/usr/local/bin/run-openldap.sh"] 45 | -------------------------------------------------------------------------------- /test/test.ldif: -------------------------------------------------------------------------------- 1 | dn: cn=person,dc=example,dc=com 2 | objectClass: person 3 | objectClass: testPerson 4 | cn: person 5 | sn: person 6 | testMemberOf: group 7 | 8 | dn: cn=group,dc=example,dc=com 9 | objectClass: groupOfNames 10 | cn: group 11 | member: cn=person,dc=example,dc=com 12 | --------------------------------------------------------------------------------