2 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
4 ## Copyright 1998-2015 The OpenLDAP Foundation.
5 ## All rights reserved.
7 ## Redistribution and use in source and binary forms, with or without
8 ## modification, are permitted only as authorized by the OpenLDAP
11 ## A copy of this license is available in the file LICENSE in the
12 ## top-level directory of the distribution or, alternatively, at
13 ## <http://www.OpenLDAP.org/license.html>.
15 # DUA schema from draft-joslin-config-schema (a work in progress)
17 # Contents of this file are subject to change (including deletion)
20 # Not recommended for production use!
21 # Use with extreme caution!
24 ## - The matching rule for attributes followReferrals and dereferenceAliases
25 ## has been changed to booleanMatch since their syntax is boolean
26 ## - There was a typo in the name of the dereferenceAliases attributeType
27 ## in the DUAConfigProfile objectClass definition
28 ## - Credit goes to the original Authors
31 # Application Working Group M. Ansari
32 # INTERNET-DRAFT Sun Microsystems, Inc.
33 # Expires Febuary 2003 L. Howard
34 # PADL Software Pty. Ltd.
36 # Hewlett-Packard Company
38 # September 15th, 2003
39 # Intended Category: Informational
42 # A Configuration Schema for LDAP Based
43 # Directory User Agents
44 # <draft-joslin-config-schema-07.txt>
48 # This memo provides information for the Internet community. This
49 # memo does not specify an Internet standard of any kind. Distribu-
50 # tion of this memo is unlimited.
52 # This document is an Internet-Draft and is in full conformance with
53 # all provisions of Section 10 of RFC2026.
55 # This document is an Internet-Draft. Internet-Drafts are working
56 # documents of the Internet Engineering Task Force (IETF), its areas,
57 # and its working groups. Note that other groups may also distribute
58 # working documents as Internet-Drafts.
60 # Internet-Drafts are draft documents valid for a maximum of six
61 # months. Internet-Drafts may be updated, replaced, or made obsolete
62 # by other documents at any time. It is not appropriate to use
63 # Internet-Drafts as reference material or to cite them other than as
64 # a "working draft" or "work in progress".
66 # To learn the current status of any Internet-Draft, please check the
67 # 1id-abstracts.txt listing contained in the Internet-Drafts Shadow
68 # Directories on ds.internic.net (US East Coast), nic.nordu.net
69 # (Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific
72 # Distribution of this document is unlimited.
77 # This document describes a mechanism for global configuration of
78 # similar directory user agents. This document defines a schema for
79 # configuration of these DUAs that may be discovered using the Light-
80 # weight Directory Access Protocol in RFC 2251[17]. A set of attri-
81 # bute types and an objectclass are proposed, along with specific
82 # guidelines for interpreting them. A significant feature of the
83 # global configuration policy for DUAs is a mechanism that allows
84 # DUAs to re-configure their schema to that of the end user's
85 # environment. This configuration is achieved through attribute and
86 # objectclass mapping. This document is intended to be a skeleton
87 # for future documents that describe configuration of specific DUA
96 # The schema defined by this document is defined under the "DUA Con-
97 # figuration Schema." This schema is derived from the OID: iso (1)
98 # org (3) dod (6) internet (1) private (4) enterprises (1) Hewlett-
99 # Packard Company (11) directory (1) LDAP-UX Integration Project (3)
100 # DUA Configuration Schema (1). This OID is represented in this
101 # document by the keystring "DUAConfSchemaOID"
102 # (1.3.6.1.4.1.11.1.3.1).
103 objectidentifier DUAConfSchemaOID 1.3.6.1.4.1.11.1.3.1
107 # The attributes and classes defined in this document are summarized
110 # The following attributes are defined in this document:
112 # preferredServerList
116 # authenticationMethod
118 # serviceSearchDescriptor
123 # Internet-Draft DUA Configuration Schema October 2002
126 # serviceCredentialLevel
127 # serviceAuthenticationMethod
138 # The following object class is defined in this document:
143 attributeType ( DUAConfSchemaOID:1.0 NAME 'defaultServerList'
144 DESC 'Default LDAP server host address used by a DUA'
145 EQUALITY caseIgnoreMatch
146 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
149 attributeType ( DUAConfSchemaOID:1.1 NAME 'defaultSearchBase'
150 DESC 'Default LDAP base DN used by a DUA'
151 EQUALITY distinguishedNameMatch
152 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
155 attributeType ( DUAConfSchemaOID:1.2 NAME 'preferredServerList'
156 DESC 'Preferred LDAP server host addresses to be used by a
158 EQUALITY caseIgnoreMatch
159 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
162 attributeType ( DUAConfSchemaOID:1.3 NAME 'searchTimeLimit'
163 DESC 'Maximum time in seconds a DUA should allow for a
165 EQUALITY integerMatch
166 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
169 attributeType ( DUAConfSchemaOID:1.4 NAME 'bindTimeLimit'
170 DESC 'Maximum time in seconds a DUA should allow for the
171 bind operation to complete'
172 EQUALITY integerMatch
173 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
176 attributeType ( DUAConfSchemaOID:1.5 NAME 'followReferrals'
177 DESC 'Tells DUA if it should follow referrals
178 returned by a DSA search result'
179 EQUALITY booleanMatch
180 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
183 attributeType ( DUAConfSchemaOID:1.16 NAME 'dereferenceAliases'
184 DESC 'Tells DUA if it should dereference aliases'
185 EQUALITY booleanMatch
186 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
189 attributeType ( DUAConfSchemaOID:1.6 NAME 'authenticationMethod'
190 DESC 'A keystring which identifies the type of
191 authentication method used to contact the DSA'
192 EQUALITY caseIgnoreMatch
193 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
196 attributeType ( DUAConfSchemaOID:1.7 NAME 'profileTTL'
197 DESC 'Time to live, in seconds, before a client DUA
198 should re-read this configuration profile'
199 EQUALITY integerMatch
200 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
203 attributeType ( DUAConfSchemaOID:1.14 NAME 'serviceSearchDescriptor'
204 DESC 'LDAP search descriptor list used by a DUA'
205 EQUALITY caseExactMatch
206 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
208 attributeType ( DUAConfSchemaOID:1.9 NAME 'attributeMap'
209 DESC 'Attribute mappings used by a DUA'
210 EQUALITY caseIgnoreIA5Match
211 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
213 attributeType ( DUAConfSchemaOID:1.10 NAME 'credentialLevel'
214 DESC 'Identifies type of credentials a DUA should
215 use when binding to the LDAP server'
216 EQUALITY caseIgnoreIA5Match
217 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
220 attributeType ( DUAConfSchemaOID:1.11 NAME 'objectclassMap'
221 DESC 'Objectclass mappings used by a DUA'
222 EQUALITY caseIgnoreIA5Match
223 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
225 attributeType ( DUAConfSchemaOID:1.12 NAME 'defaultSearchScope'
226 DESC 'Default search scope used by a DUA'
227 EQUALITY caseIgnoreIA5Match
228 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
231 attributeType ( DUAConfSchemaOID:1.13 NAME 'serviceCredentialLevel'
232 DESC 'Identifies type of credentials a DUA
233 should use when binding to the LDAP server for a
235 EQUALITY caseIgnoreIA5Match
236 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
238 attributeType ( DUAConfSchemaOID:1.15 NAME 'serviceAuthenticationMethod'
239 DESC 'Authentication method used by a service of the DUA'
240 EQUALITY caseIgnoreMatch
241 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
243 # 4. Class Definition
245 # The objectclass below is constructed from the attributes defined in
246 # 3, with the exception of the cn attribute, which is defined in RFC
247 # 2256 [8]. cn is used to represent the name of the DUA configura-
250 objectClass ( DUAConfSchemaOID:2.5 NAME 'DUAConfigProfile'
252 DESC 'Abstraction of a base configuration for a DUA'
254 MAY ( defaultServerList $ preferredServerList $
255 defaultSearchBase $ defaultSearchScope $
256 searchTimeLimit $ bindTimeLimit $
257 credentialLevel $ authenticationMethod $
258 followReferrals $ dereferenceAliases $
259 serviceSearchDescriptor $ serviceCredentialLevel $
260 serviceAuthenticationMethod $ objectclassMap $
261 attributeMap $ profileTTL ) )