misc updates

[openldap] / servers / slapd / schema / duaconf.schema

# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2004 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.

## Notes:
## - The matching rule for attributes followReferrals and dereferenceAliases
##   has been changed to booleanMatch since their syntax is boolean
## - There was a typo in the name of the dereferenceAliases attributeType
##   in the DUAConfigProfile objectClass definition
## - Credit goes to the original Authors

# 
# Application Working Group                                      M. Ansari
# INTERNET-DRAFT                                    Sun Microsystems, Inc.
# Expires Febuary 2003                                           L. Howard
#                                                  PADL Software Pty. Ltd.
#                                                          B. Joslin [ed.]
#                                                  Hewlett-Packard Company
# 
#                                                     September 15th, 2003
# Intended Category: Informational
# 
# 
#                  A Configuration Schema for LDAP Based
#                          Directory User Agents
#                   <draft-joslin-config-schema-07.txt>
#
#Status of this Memo
#
#    This memo provides information for the Internet community.  This
#    memo does not specify an Internet standard of any kind.  Distribu-
#    tion of this memo is unlimited.
#         
#    This document is an Internet-Draft and is in full conformance with
#    all provisions of Section 10 of RFC2026.
#    
#    This document is an Internet-Draft. Internet-Drafts are working  
#    documents of the Internet Engineering Task Force (IETF), its areas,
#    and its working groups. Note that other groups may also distribute
#    working documents as Internet-Drafts.
#    
#    Internet-Drafts are draft documents valid for a maximum of six
#    months.  Internet-Drafts may be updated, replaced, or made obsolete
#    by other documents at any time. It is not appropriate to use 
#    Internet-Drafts as reference material or to cite them other than as
#    a "working draft" or "work in progress".                
#         
#    To learn the current status of any Internet-Draft, please check the
#    1id-abstracts.txt listing contained in the Internet-Drafts Shadow 
#    Directories on ds.internic.net (US East Coast), nic.nordu.net      
#    (Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific
#    Rim).
#    
#    Distribution of this document is unlimited.
# 
# 
# Abstract
# 
#      This document describes a mechanism for global configuration of
#      similar directory user agents.  This document defines a schema for
#      configuration of these DUAs that may be discovered using the Light-
#      weight Directory Access Protocol in RFC 2251[17].  A set of attri-
#      bute types and an objectclass are proposed, along with specific
#      guidelines for interpreting them.  A significant feature of the
#      global configuration policy for DUAs is a mechanism that allows
#      DUAs to re-configure their schema to that of the end user's
#      environment.  This configuration is achieved through attribute and
#      objectclass mapping.  This document is intended to be a skeleton
#      for future documents that describe configuration of specific DUA
#      services.
# 
# 
# [trimmed]
# 
# 
# 2.  General Issues
# 
#      The schema defined by this document is defined under the "DUA Con-
#      figuration Schema."  This schema is derived from the OID: iso (1)
#      org (3) dod (6) internet (1) private (4) enterprises (1) Hewlett-
#      Packard Company (11) directory (1) LDAP-UX Integration Project (3)
#      DUA Configuration Schema (1).  This OID is represented in this
#      document by the keystring "DUAConfSchemaOID"
#      (1.3.6.1.4.1.11.1.3.1).
objectidentifier DUAConfSchemaOID 1.3.6.1.4.1.11.1.3.1
# 
# 2.2 Attributes
# 
#      The attributes and classes defined in this document are summarized
#      below.
# 
#      The following attributes are defined in this document:
# 
#           preferredServerList
#           defaultServerList
#           defaultSearchBase
#           defaultSearchScope
#           authenticationMethod
#           credentialLevel
#           serviceSearchDescriptor
# 
# 
# 
# Joslin                                                         [Page 3]
# Internet-Draft          DUA Configuration Schema            October 2002
# 
# 
#           serviceCredentialLevel
#           serviceAuthenticationMethod
#           attributeMap
#           objectclassMap
#           searchTimeLimit
#           bindTimeLimit
#           followReferrals
#           dereferenceAliases
#           profileTTL
# 
# 2.3 Object Classes
# 
#      The following object class is defined in this document:
# 
#           DUAConfigProfile
# 
# 
attributeType ( DUAConfSchemaOID:1.0 NAME 'defaultServerList'
            DESC 'Default LDAP server host address used by a DUA'
            EQUALITY caseIgnoreMatch
            SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
            SINGLE-VALUE )

attributeType ( DUAConfSchemaOID:1.1 NAME 'defaultSearchBase'
            DESC 'Default LDAP base DN used by a DUA'
            EQUALITY distinguishedNameMatch
            SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
            SINGLE-VALUE )

attributeType ( DUAConfSchemaOID:1.2 NAME 'preferredServerList'
            DESC 'Preferred LDAP server host addresses to be used by a
            DUA'
            EQUALITY caseIgnoreMatch
            SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
            SINGLE-VALUE )

attributeType ( DUAConfSchemaOID:1.3 NAME 'searchTimeLimit'
            DESC 'Maximum time in seconds a DUA should allow for a
            search to complete'
            EQUALITY integerMatch
            SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
            SINGLE-VALUE )

attributeType ( DUAConfSchemaOID:1.4 NAME 'bindTimeLimit'
            DESC 'Maximum time in seconds a DUA should allow for the
            bind operation to complete'
            EQUALITY integerMatch
            SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
            SINGLE-VALUE )

attributeType ( DUAConfSchemaOID:1.5 NAME 'followReferrals'
            DESC 'Tells DUA if it should follow referrals
            returned by a DSA search result'
            EQUALITY booleanMatch
            SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
            SINGLE-VALUE )

attributeType ( DUAConfSchemaOID:1.16 NAME 'dereferenceAliases'
            DESC 'Tells DUA if it should dereference aliases'
            EQUALITY booleanMatch
            SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
            SINGLE-VALUE )

attributeType ( DUAConfSchemaOID:1.6 NAME 'authenticationMethod'
            DESC 'A keystring which identifies the type of
            authentication method used to contact the DSA'
            EQUALITY caseIgnoreMatch
            SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
            SINGLE-VALUE )

attributeType ( DUAConfSchemaOID:1.7 NAME 'profileTTL'
            DESC 'Time to live, in seconds, before a client DUA
            should re-read this configuration profile'
            EQUALITY integerMatch
            SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
            SINGLE-VALUE )

attributeType ( DUAConfSchemaOID:1.14 NAME 'serviceSearchDescriptor'
            DESC 'LDAP search descriptor list used by a DUA'
            EQUALITY caseExactMatch
            SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

attributeType ( DUAConfSchemaOID:1.9 NAME 'attributeMap'
            DESC 'Attribute mappings used by a DUA'
            EQUALITY caseIgnoreIA5Match
            SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

attributeType ( DUAConfSchemaOID:1.10 NAME 'credentialLevel'
            DESC 'Identifies type of credentials a DUA should
            use when binding to the LDAP server'
            EQUALITY caseIgnoreIA5Match
            SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
            SINGLE-VALUE )

attributeType ( DUAConfSchemaOID:1.11 NAME 'objectclassMap'
            DESC 'Objectclass mappings used by a DUA'
            EQUALITY caseIgnoreIA5Match
            SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

attributeType ( DUAConfSchemaOID:1.12 NAME 'defaultSearchScope'
            DESC 'Default search scope used by a DUA'
            EQUALITY caseIgnoreIA5Match
            SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
            SINGLE-VALUE )

attributeType ( DUAConfSchemaOID:1.13 NAME 'serviceCredentialLevel'
            DESC 'Identifies type of credentials a DUA
            should use when binding to the LDAP server for a
            specific service'
            EQUALITY caseIgnoreIA5Match
            SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

attributeType ( DUAConfSchemaOID:1.15 NAME 'serviceAuthenticationMethod'
            DESC 'Authentication method used by a service of the DUA'
            EQUALITY caseIgnoreMatch
            SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
# 
# 4.  Class Definition
# 
#      The objectclass below is constructed from the attributes defined in
#      3, with the exception of the cn attribute, which is defined in RFC
#      2256 [8].  cn is used to represent the name of the DUA configura-
#      tion profile.
# 
objectClass ( DUAConfSchemaOID:2.5 NAME 'DUAConfigProfile'
          SUP top STRUCTURAL
          DESC 'Abstraction of a base configuration for a DUA'
          MUST ( cn )
          MAY ( defaultServerList $ preferredServerList $
                defaultSearchBase $ defaultSearchScope $
                searchTimeLimit $ bindTimeLimit $
                credentialLevel $ authenticationMethod $
                followReferrals $ dereferenceAliases $
                serviceSearchDescriptor $ serviceCredentialLevel $
                serviceAuthenticationMethod $ objectclassMap $
                attributeMap $ profileTTL ) )