5 # Includes LDAPv3 schema items from:
6 # RFC 2251-RFC2256 (LDAPv3)
8 # select standard track schema items:
12 # RFC 2247 (dc/dcObject)
13 # RFC 2289 (Dynamic Directory Services)
15 # select informational schema items:
16 # RFC 2377 (uidObject)
18 # select IETF ''work in progress'' LDAPext/LDUP items
25 # Standard X.501(93) Operational Attribute Types from RFC 2252
28 attributetype ( 2.5.18.1 NAME 'createTimestamp'
29 DESC 'RFC2252: time which object was created'
30 EQUALITY generalizedTimeMatch
31 ORDERING generalizedTimeOrderingMatch
32 SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
33 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
35 attributetype ( 2.5.18.2 NAME 'modifyTimestamp'
36 DESC 'RFC2252: time which object was last modified'
37 EQUALITY generalizedTimeMatch
38 ORDERING generalizedTimeOrderingMatch
39 SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
40 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
42 attributetype ( 2.5.18.3 NAME 'creatorsName'
43 DESC 'RFC2252: name of creator'
44 EQUALITY distinguishedNameMatch
45 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
46 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
48 attributetype ( 2.5.18.4 NAME 'modifiersName'
49 DESC 'RFC2252: name of last modifier'
50 EQUALITY distinguishedNameMatch
51 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
52 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
54 attributetype ( 2.5.18.10 NAME 'subschemaSubentry'
55 DESC 'RFC2252: name of controlling subschema entry'
56 EQUALITY distinguishedNameMatch
57 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICATION
58 SINGLE-VALUE USAGE directoryOperation )
60 attributetype ( 2.5.21.1 NAME 'dITStructureRules'
61 DESC 'RFC2252: DIT structure rules'
62 EQUALITY integerFirstComponentMatch
63 SYNTAX 1.3.6.1.4.1.1466.115.121.1.17 USAGE directoryOperation )
65 attributetype ( 2.5.21.2 NAME 'dITContentRules'
66 DESC 'RFC2252: DIT content rules'
67 EQUALITY objectIdentifierFirstComponentMatch
68 SYNTAX 1.3.6.1.4.1.1466.115.121.1.16 USAGE directoryOperation )
70 attributetype ( 2.5.21.4 NAME 'matchingRules'
71 DESC 'RFC2252: matching rules'
72 EQUALITY objectIdentifierFirstComponentMatch
73 SYNTAX 1.3.6.1.4.1.1466.115.121.1.30 USAGE directoryOperation )
75 attributetype ( 2.5.21.5 NAME 'attributeTypes'
76 DESC 'RFC2252: attribute types'
77 EQUALITY objectIdentifierFirstComponentMatch
78 SYNTAX 1.3.6.1.4.1.1466.115.121.1.3 USAGE directoryOperation )
80 attributetype ( 2.5.21.6 NAME 'objectClasses'
81 DESC 'RFC2252: object classes'
82 EQUALITY objectIdentifierFirstComponentMatch
83 SYNTAX 1.3.6.1.4.1.1466.115.121.1.37 USAGE directoryOperation )
85 attributetype ( 2.5.21.7 NAME 'nameForms'
86 DESC 'RFC2252: name forms '
87 EQUALITY objectIdentifierFirstComponentMatch
88 SYNTAX 1.3.6.1.4.1.1466.115.121.1.35 USAGE directoryOperation )
90 attributetype ( 2.5.21.8 NAME 'matchingRuleUse'
91 DESC 'RFC2252: matching rule uses'
92 EQUALITY objectIdentifierFirstComponentMatch
93 SYNTAX 1.3.6.1.4.1.1466.115.121.1.31 USAGE directoryOperation )
96 attributetype ( 2.5.21.9 NAME 'structuralObjectClass'
97 DESC 'X.500(93): structural object class of entry'
98 EQUALITY objectIdentifierMatch
99 SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
100 NO-USER-MODIFICATION SINGLE-VALUE USAGE directoryOperation )
103 # LDAP Operational Attributes from RFC 2252
106 attributetype ( 1.3.6.1.4.1.1466.101.120.5 NAME 'namingContexts'
107 DESC 'RFC2252: naming contexts'
108 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 USAGE dSAOperation )
110 attributetype ( 1.3.6.1.4.1.1466.101.120.6 NAME 'altServer'
111 DESC 'RFC2252: alternative servers'
112 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE dSAOperation )
114 attributetype ( 1.3.6.1.4.1.1466.101.120.7 NAME 'supportedExtension'
115 DESC 'RFC2252: supported extended operations'
116 SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation )
118 attributetype ( 1.3.6.1.4.1.1466.101.120.13 NAME 'supportedControl'
119 DESC 'RFC2252: supported controls'
120 SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation )
122 attributetype ( 1.3.6.1.4.1.1466.101.120.14 NAME 'supportedSASLMechanisms'
123 DESC 'RFC2252: supported SASL mechanisms'
124 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE dSAOperation )
126 attributetype ( 1.3.6.1.4.1.1466.101.120.15 NAME 'supportedLDAPVersion'
127 DESC 'RFC2252: supported LDAP versions'
128 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 USAGE dSAOperation )
130 attributetype ( 1.3.6.1.4.1.1466.101.120.16 NAME 'ldapSyntaxes'
131 DESC 'RFC2252: LDAP syntaxes'
132 EQUALITY objectIdentifierFirstComponentMatch
133 SYNTAX 1.3.6.1.4.1.1466.115.121.1.54 USAGE directoryOperation )
136 # Standard attribute types used for subtyping from RFC 2256
139 attributetype ( 2.5.4.41 NAME 'name'
140 DESC 'RFC2256: common supertype of name attributes'
141 EQUALITY caseIgnoreMatch
142 SUBSTR caseIgnoreSubstringsMatch
143 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
145 attributetype ( 2.5.4.49 NAME 'distinguishedName'
146 DESC 'RFC2256: common supertype of distingushed name attributes'
147 EQUALITY distinguishedNameMatch
148 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
151 # Standard attribute types from RFC 2256
154 attributetype ( 2.5.4.0 NAME 'objectClass'
155 DESC 'RFC2256: object classes of the entity'
156 EQUALITY objectIdentifierMatch
157 SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
159 attributetype ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' )
160 DESC 'RFC2256: name of aliased object'
161 EQUALITY distinguishedNameMatch
162 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
164 attributetype ( 2.5.4.2 NAME 'knowledgeInformation'
165 DESC 'RFC2256: knowledge information'
166 EQUALITY caseIgnoreMatch
167 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
169 attributetype ( 2.5.4.3 NAME ( 'cn' 'commonName' )
170 DESC 'RFC2256: common name(s) for which the entity is known by'
173 attributetype ( 2.5.4.4 NAME ( 'sn' 'surname' )
174 DESC 'RFC2256: last (family) name(s) for which the entity is known by'
177 attributetype ( 2.5.4.5 NAME 'serialNumber'
178 DESC 'RFC2256: serial number of the entity'
179 EQUALITY caseIgnoreMatch
180 SUBSTR caseIgnoreSubstringsMatch
181 SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} )
183 attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' )
184 DESC 'RFC2256: ISO-3166 country 2-letter code'
185 SUP name SINGLE-VALUE )
187 attributetype ( 2.5.4.7 NAME ( 'l' 'localityName' )
188 DESC 'RFC2256: locality which this object resides in'
191 attributetype ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' )
192 DESC 'RFC2256: state or province which this object resides in'
195 attributetype ( 2.5.4.9 NAME ( 'street' 'streetAddress' )
196 DESC 'RFC2256: street address of this object'
197 EQUALITY caseIgnoreMatch
198 SUBSTR caseIgnoreSubstringsMatch
199 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
201 attributetype ( 2.5.4.10 NAME ( 'o' 'organizationName' )
202 DESC 'RFC2256: organization this object belongs to'
205 attributetype ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' )
206 DESC 'RFC2256: organizational unit this object belongs to'
209 attributetype ( 2.5.4.12 NAME 'title'
210 DESC 'RFC2256: title associated with the entity'
213 attributetype ( 2.5.4.13 NAME 'description'
214 DESC 'RFC2256: descriptive information'
215 EQUALITY caseIgnoreMatch
216 SUBSTR caseIgnoreSubstringsMatch
217 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
219 # Obsoleted by enhancedSearchGuide
220 attributetype ( 2.5.4.14 NAME 'searchGuide'
221 DESC 'RFC2256: search guide, obsoleted by enhancedSearchGuide'
222 SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 )
224 attributetype ( 2.5.4.15 NAME 'businessCategory'
225 DESC 'RFC2256: business category'
226 EQUALITY caseIgnoreMatch
227 SUBSTR caseIgnoreSubstringsMatch
228 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
230 attributetype ( 2.5.4.16 NAME 'postalAddress'
231 DESC 'RFC2256: postal address'
232 EQUALITY caseIgnoreListMatch
233 SUBSTR caseIgnoreListSubstringsMatch
234 SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
236 attributetype ( 2.5.4.17 NAME 'postalCode'
237 DESC 'RFC2256: postal code'
238 EQUALITY caseIgnoreMatch
239 SUBSTR caseIgnoreSubstringsMatch
240 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
242 attributetype ( 2.5.4.18 NAME 'postOfficeBox'
243 DESC 'RFC2256: Post Office Box'
244 EQUALITY caseIgnoreMatch
245 SUBSTR caseIgnoreSubstringsMatch
246 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
248 attributetype ( 2.5.4.19 NAME 'physicalDeliveryOfficeName'
249 DESC 'RFC2256: Physical Delivery Office Name'
250 EQUALITY caseIgnoreMatch
251 SUBSTR caseIgnoreSubstringsMatch
252 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
254 attributetype ( 2.5.4.20 NAME 'telephoneNumber'
255 DESC 'RFC2256: Telephone Number'
256 EQUALITY telephoneNumberMatch
257 SUBSTR telephoneNumberSubstringsMatch
258 SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} )
260 attributetype ( 2.5.4.21 NAME 'telexNumber'
261 DESC 'RFC2256: Telex Number'
262 SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 )
264 attributetype ( 2.5.4.22 NAME 'teletexTerminalIdentifier'
265 DESC 'RFC2256: Teletex Terminal Identifier'
266 SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 )
268 attributetype ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' )
269 DESC 'RFC2256: Facsimile (Fax) Telephone Number'
270 SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 )
272 attributetype ( 2.5.4.24 NAME 'x121Address'
273 DESC 'RFC2256: X.121 Address'
274 EQUALITY numericStringMatch
275 SUBSTR numericStringSubstringsMatch
276 SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} )
278 attributetype ( 2.5.4.25 NAME 'internationaliSDNNumber'
279 DESC 'RFC2256: international ISDN number'
280 EQUALITY numericStringMatch
281 SUBSTR numericStringSubstringsMatch
282 SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} )
284 attributetype ( 2.5.4.26 NAME 'registeredAddress'
285 DESC 'RFC2256: registered postal address'
287 SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
289 attributetype ( 2.5.4.27 NAME 'destinationIndicator'
290 DESC 'RFC2256: destination indicator'
291 EQUALITY caseIgnoreMatch
292 SUBSTR caseIgnoreSubstringsMatch
293 SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} )
295 attributetype ( 2.5.4.28 NAME 'preferredDeliveryMethod'
296 DESC 'RFC2256: preferred delivery method'
297 SYNTAX 1.3.6.1.4.1.1466.115.121.1.14
300 attributetype ( 2.5.4.29 NAME 'presentationAddress'
301 DESC 'RFC2256: presentation address'
302 EQUALITY presentationAddressMatch
303 SYNTAX 1.3.6.1.4.1.1466.115.121.1.43
306 attributetype ( 2.5.4.30 NAME 'supportedApplicationContext'
307 DESC 'RFC2256: supported application context'
308 EQUALITY objectIdentifierMatch
309 SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
311 attributetype ( 2.5.4.31 NAME 'member'
312 DESC 'RFC2256: member of a group'
313 SUP distinguishedName )
315 attributetype ( 2.5.4.32 NAME 'owner'
316 DESC 'RFC2256: owner (of the object)'
317 SUP distinguishedName )
319 attributetype ( 2.5.4.33 NAME 'roleOccupant'
320 DESC 'RFC2256: occupant of role'
321 SUP distinguishedName )
323 attributetype ( 2.5.4.34 NAME 'seeAlso'
324 DESC 'RFC2256: DN of related object'
325 SUP distinguishedName )
327 attributetype ( 2.5.4.35 NAME 'userPassword'
328 DESC 'RFC2256/2307: password of user'
329 EQUALITY octetStringMatch
330 SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
332 # Must be transferred using ;binary
333 attributetype ( 2.5.4.36 NAME 'userCertificate'
334 DESC 'RFC2256: X.509 user certificate, use ;binary'
335 SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
337 # Must be transferred using ;binary
338 attributetype ( 2.5.4.37 NAME 'cACertificate'
339 DESC 'RFC2256: X.509 CA certificate, use ;binary'
340 SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
342 # Must be transferred using ;binary
343 attributetype ( 2.5.4.38 NAME 'authorityRevocationList'
344 DESC 'RFC2256: X.509 authority revocation list, use ;binary'
345 SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
347 # Must be transferred using ;binary
348 attributetype ( 2.5.4.39 NAME 'certificateRevocationList'
349 DESC 'RFC2256: X.509 certificate revocation list, use ;binary'
350 SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
352 # Must be stored and requested in the binary form
353 attributetype ( 2.5.4.40 NAME 'crossCertificatePair'
354 DESC 'RFC2256: X.509 cross certificate pair, use ;binary'
355 SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 )
357 # 2.5.4.41 is defined above as it's used for subtyping
358 #attributetype ( 2.5.4.41 NAME 'name'
359 # EQUALITY caseIgnoreMatch
360 # SUBSTR caseIgnoreSubstringsMatch
361 # SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
363 attributetype ( 2.5.4.42 NAME ( 'givenName' 'gn' )
364 DESC 'RFC2256: first name(s) for which the entity is known by'
367 attributetype ( 2.5.4.43 NAME 'initials'
368 DESC 'RFC2256: initials of some or all of names, but not the surname(s).'
371 attributetype ( 2.5.4.44 NAME 'generationQualifier'
372 DESC 'RFC2256: name qualifier indicating a generation'
375 attributetype ( 2.5.4.45 NAME 'x500UniqueIdentifier'
376 DESC 'RFC2256: X.500 unique identifier'
377 EQUALITY bitStringMatch
378 SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )
380 attributetype ( 2.5.4.46 NAME 'dnQualifier'
381 DESC 'RFC2256: DN qualifier'
382 EQUALITY caseIgnoreMatch
383 ORDERING caseIgnoreOrderingMatch
384 SUBSTR caseIgnoreSubstringsMatch
385 SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
387 attributetype ( 2.5.4.47 NAME 'enhancedSearchGuide'
388 DESC 'RFC2256: enhanced search guide'
389 SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 )
391 attributetype ( 2.5.4.48 NAME 'protocolInformation'
392 DESC 'RFC2256: protocol information'
393 EQUALITY protocolInformationMatch
394 SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 )
396 # 2.5.4.49 is defined above as it's used for subtyping
397 #attributetype ( 2.5.4.49 NAME 'distinguishedName'
398 # EQUALITY distinguishedNameMatch
399 # SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
401 attributetype ( 2.5.4.50 NAME 'uniqueMember'
402 DESC 'RFC2256: unique member of a group'
403 EQUALITY uniqueMemberMatch
404 SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 )
406 attributetype ( 2.5.4.51 NAME 'houseIdentifier'
407 DESC 'RFC2256: house identifier'
408 EQUALITY caseIgnoreMatch
409 SUBSTR caseIgnoreSubstringsMatch
410 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
412 # Must be transferred using ;binary
413 attributetype ( 2.5.4.52 NAME 'supportedAlgorithms'
414 DESC 'RFC2256: supported algorithms'
415 SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 )
417 # Must be transferred using ;binary
418 attributetype ( 2.5.4.53 NAME 'deltaRevocationList'
419 DESC 'RFC2256: delta revocation list; use ;binary'
420 SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
422 attributetype ( 2.5.4.54 NAME 'dmdName'
423 DESC 'RFC2256: name of DMD'
427 # Standard object classes from RFC2256
429 objectclass ( 2.5.6.0 NAME 'top'
430 DESC 'RFC2256: most superior class in superclass chain of all objects'
431 ABSTRACT MUST objectClass )
433 objectclass ( 2.5.6.1 NAME 'alias'
434 DESC 'RFC2256: an alias'
436 MUST aliasedObjectName )
438 objectclass ( 2.5.6.2 NAME 'country'
439 DESC 'RFC2256: a country'
442 MAY ( searchGuide $ description ) )
444 objectclass ( 2.5.6.3 NAME 'locality'
445 DESC 'RFC2256: a locality'
447 MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) )
449 objectclass ( 2.5.6.4 NAME 'organization'
450 DESC 'RFC2256: an organization'
453 MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
454 x121Address $ registeredAddress $ destinationIndicator $
455 preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
456 telephoneNumber $ internationaliSDNNumber $
457 facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
458 postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
460 objectclass ( 2.5.6.5 NAME 'organizationalUnit'
461 DESC 'RFC2256: an organizational unit'
464 MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
465 x121Address $ registeredAddress $ destinationIndicator $
466 preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
467 telephoneNumber $ internationaliSDNNumber $
468 facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
469 postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
471 objectclass ( 2.5.6.6 NAME 'person'
472 DESC 'RFC2256: a person'
475 MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) )
477 objectclass ( 2.5.6.7 NAME 'organizationalPerson'
478 DESC 'RFC2256: an organizational person'
479 SUP person STRUCTURAL
480 MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $
481 preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
482 telephoneNumber $ internationaliSDNNumber $
483 facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
484 postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) )
486 objectclass ( 2.5.6.8 NAME 'organizationalRole'
487 DESC 'RFC2256: an organizational role'
490 MAY ( x121Address $ registeredAddress $ destinationIndicator $
491 preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
492 telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
493 seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $
494 postOfficeBox $ postalCode $ postalAddress $
495 physicalDeliveryOfficeName $ ou $ st $ l $ description ) )
497 objectclass ( 2.5.6.9 NAME 'groupOfNames'
498 DESC 'RFC2256: a group of names (DNs)'
501 MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
503 objectclass ( 2.5.6.10 NAME 'residentialPerson'
504 DESC 'RFC2256: an residential person'
505 SUP person STRUCTURAL
507 MAY ( businessCategory $ x121Address $ registeredAddress $
508 destinationIndicator $ preferredDeliveryMethod $ telexNumber $
509 teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $
510 facsimileTelephoneNumber $ preferredDeliveryMethod $ street $
511 postOfficeBox $ postalCode $ postalAddress $
512 physicalDeliveryOfficeName $ st $ l ) )
514 objectclass ( 2.5.6.11 NAME 'applicationProcess'
515 DESC 'RFC2256: an application process'
518 MAY ( seeAlso $ ou $ l $ description ) )
520 objectclass ( 2.5.6.12 NAME 'applicationEntity'
521 DESC 'RFC2256: an application entity'
523 MUST ( presentationAddress $ cn )
524 MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $
527 objectclass ( 2.5.6.13 NAME 'dSA'
528 DESC 'RFC2256: a directory system agent (a server)'
529 SUP applicationEntity STRUCTURAL
530 MAY knowledgeInformation )
532 objectclass ( 2.5.6.14 NAME 'device'
533 DESC 'RFC2256: a device'
536 MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) )
538 objectclass ( 2.5.6.15 NAME 'strongAuthenticationUser'
539 DESC 'RFC2256: a strong authentication user'
541 MUST userCertificate )
543 objectclass ( 2.5.6.16 NAME 'certificationAuthority'
544 DESC 'RFC2256: a certificate authority'
546 MUST ( authorityRevocationList $ certificateRevocationList $
547 cACertificate ) MAY crossCertificatePair )
549 objectclass ( 2.5.6.17 NAME 'groupOfUniqueNames'
550 DESC 'RFC2256: a group of unique names (DN and Unique Identifier)'
552 MUST ( uniqueMember $ cn )
553 MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
555 objectclass ( 2.5.6.18 NAME 'userSecurityInformation'
556 DESC 'RFC2256: a user security information'
558 MAY ( supportedAlgorithms ) )
560 objectclass ( 2.5.6.16.2 NAME 'certificationAuthority-V2'
561 SUP certificationAuthority
562 AUXILIARY MAY ( deltaRevocationList ) )
564 objectclass ( 2.5.6.19 NAME 'cRLDistributionPoint'
567 MAY ( certificateRevocationList $ authorityRevocationList $
568 deltaRevocationList ) )
570 objectclass ( 2.5.6.20 NAME 'dmd' SUP top STRUCTURAL
572 MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
573 x121Address $ registeredAddress $ destinationIndicator $
574 preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
575 telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
576 street $ postOfficeBox $ postalCode $ postalAddress $
577 physicalDeliveryOfficeName $ st $ l $ description ) )
580 # Object Classes from RFC 2252
583 objectclass ( 1.3.6.1.4.1.1466.101.120.111 NAME 'extensibleObject'
584 DESC 'RFC2252: extensible object'
587 objectclass ( 2.5.20.1 NAME 'subschema' AUXILIARY
588 DESC 'RFC2252: controlling subschema (subentry)'
589 MAY ( dITStructureRules $ nameForms $ ditContentRules $
590 objectClasses $ attributeTypes $ matchingRules $
594 # Object Classes from RFC 2587
597 objectclass ( 2.5.6.21 NAME 'pkiUser'
598 DESC 'RFC2587: a PKI user'
600 MUST userCertificate )
602 objectclass ( 2.5.6.22 NAME 'pkiCA' SUP top AUXILIARY
603 DESC 'RFC2587: PKI certificate authority'
604 MAY ( authorityRevocationList $ certificateRevocationList $
605 cACertificate $ crossCertificatePair ) )
607 objectclass ( 2.5.6.23 NAME 'deltaCRL' SUP top AUXILIARY
608 DESC 'RFC2587: PKI user'
609 MAY deltaRevocationList )
613 # Standard Track URI label schema from RFC 2079
616 attributetype ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI'
617 DESC 'RFC2079: Uniform Resource Identifier with optional label'
618 EQUALITY caseExactMatch
619 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
621 objectclass ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject'
622 DESC 'RFC2079: object that contains the URI attribute type'
627 # Standard Track Dynamic Directory Services from RFC 2589
630 objectclass ( 1.3.6.1.4.1.1466.101.119.2 NAME 'dynamicObject'
631 DESC 'RFC2589: Dynamic Object'
634 attributetype ( 1.3.6.1.4.1.1466.101.119.3 NAME 'entryTtl'
635 DESC 'RFC2589: entry time-to-live'
636 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE
637 NO-USER-MODIFICATION USAGE dSAOperation )
639 attributetype ( 1.3.6.1.4.1.1466.101.119.4 NAME 'dynamicSubtrees'
640 DESC 'RFC2589: dynamic subtrees'
641 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICATION
645 # Derived from RFC 1274, but with new "short names"
647 attributetype ( 0.9.2342.19200300.100.1.1
648 NAME ( 'uid' 'userid' )
649 DESC 'RFC1274: user identifier'
650 EQUALITY caseIgnoreMatch
651 SUBSTR caseIgnoreSubstringsMatch
652 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
654 attributetype ( 0.9.2342.19200300.100.1.3
655 NAME ( 'mail' 'rfc822Mailbox' )
656 DESC 'RFC1274: RFC822 Mailbox'
657 EQUALITY caseIgnoreIA5Match
658 SUBSTR caseIgnoreIA5SubstringsMatch
659 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
661 objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
662 DESC 'RFC1274: simple security object'
666 # RFC 1274 + RFC 2247
667 attributetype ( 0.9.2342.19200300.100.1.25
668 NAME ( 'dc' 'domainComponent' )
669 DESC 'RFC1274/2247: domain component'
670 EQUALITY caseIgnoreIA5Match
671 SUBSTR caseIgnoreIA5SubstringsMatch
672 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
675 objectclass ( 1.3.6.1.4.1.1466.344 NAME 'dcObject'
676 DESC 'RFC2247: domain component object'
677 SUP top AUXILIARY MUST dc )
681 objectclass ( 1.3.6.1.1.3.1 NAME 'uidObject'
682 DESC 'RFC2377: uid object'
683 SUP top AUXILIARY MUST uid )
686 # From draft-zeilenga-ldap-namedref-00.txt
687 # used to represent referrals in the directory
689 attributetype ( 2.16.840.1.113730.3.1.34 NAME 'ref'
690 DESC 'namedref: subordinate referral URL'
691 EQUALITY caseExactMatch
692 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
693 USAGE distributedOperation )
695 objectclass ( 2.16.840.1.113730.3.2.6 NAME 'referral'
696 DESC 'namedref: named subordinate referral'
697 SUP top STRUCTURAL MUST ref )
702 objectclass ( 2.16.840.1.113719.2.142.6.1.1 NAME 'LDAPsubEntry'
704 SUP top STRUCTURAL MAY cn )
709 objectclass ( 1.3.6.1.4.1.4203.1.4.1
710 NAME ( 'OpenLDAProotDSE' 'LDAProotDSE' )
711 DESC 'OpenLDAP Root DSE object'
712 SUP top STRUCTURAL MAY cn )
717 attributetype ( 0.9.2342.19200300.100.1.37
718 NAME 'associatedDomain'
719 DESC 'domain associated with object'
720 EQUALITY caseIgnoreIA5Match
721 SUBSTR caseIgnoreIA5SubstringsMatch
722 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
727 attributetype ( 1.3.6.1.4.1.250.1.32
728 NAME ( 'krbName' 'kerberosName' )
729 DESC 'Kerberos principal associated with object'
730 EQUALITY caseIgnoreIA5Match
731 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
735 # draft-zeilenga-ldap-features-xx.txt (supportedFeatures)
737 attributetype ( 1.3.6.1.4.1.4203.1.3.5
738 NAME 'supportedFeatures'
739 DESC 'features supported by the server'
740 EQUALITY objectIdentifierMatch
741 SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
745 # RFC 3112 (authPassword)
747 attributetype ( 1.3.6.1.4.1.4203.1.3.4
749 DESC 'RFC3112: authentication password attribute'
750 SYNTAX 1.3.6.1.4.1.4203.666.2.2
753 attributetype ( 1.3.6.1.4.1.4203.1.3.3
754 NAME 'supportedAuthPasswordSchemes'
755 DESC 'RFC3112: supported authPassword schemes'
756 EQUALITY caseIgnoreIA5Match
757 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32}
758 NO-USER-MODIFICATION USAGE dSAOperation )
760 objectclass ( 1.3.6.1.4.1.4203.1.4.7
761 NAME 'authPasswordObject'
762 DESC 'RFC3112: authPassword mixin class'
767 # OpenLDAP specific schema items
770 attributetype ( 1.3.6.1.4.1.4203.1.3.1
772 DESC 'OpenLDAP ACL entry pseudo-attribute'
774 SYNTAX 1.3.6.1.4.1.4203.1.1.1
775 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
777 attributetype ( 1.3.6.1.4.1.4203.1.3.2
779 DESC 'OpenLDAP ACL children pseudo-attribute'
781 SYNTAX 1.3.6.1.4.1.4203.1.1.1
782 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
784 attributetype ( 1.3.6.1.4.1.4203.666.1.5
786 DESC 'OpenLDAP access control information (experimental)'
787 EQUALITY OpenLDAPaciMatch
788 SYNTAX 1.3.6.1.4.1.4203.666.2.1
789 USAGE directoryOperation )
792 # Author: Ando <ando@OpenLDAP.org>
793 # Subject: Monitor schema items
795 # Status: Work in Progress
801 # Notes: in 'cn' (inherited from 'LDAPsubEntry') it holds the name
802 # of the subsystem it is monitoring
804 #objectclass ( 1.3.6.1.4.1.4203.666.X.Y.Z
805 # NAME 'monitorSubEntry'
806 # DESC 'OpenLDAP ancestor class for system monitoring'
807 # SUP LDAPsubEntry STRUCTURAL )