1 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
3 ## Copyright 1998-2004 The OpenLDAP Foundation.
4 ## All rights reserved.
6 ## Redistribution and use in source and binary forms, with or without
7 ## modification, are permitted only as authorized by the OpenLDAP
10 ## A copy of this license is available in the file LICENSE in the
11 ## top-level directory of the distribution or, alternatively, at
12 ## <http://www.OpenLDAP.org/license.html>.
15 ## - The matching rule for attributes followReferrals and dereferenceAliases
16 ## has been changed to booleanMatch since their syntax is boolean
17 ## - There was a typo in the name of the dereferenceAliases attributeType
18 ## in the DUAConfigProfile objectClass definition
19 ## - Credit goes to the original Authors
22 # Application Working Group M. Ansari
23 # INTERNET-DRAFT Sun Microsystems, Inc.
24 # Expires Febuary 2003 L. Howard
25 # PADL Software Pty. Ltd.
27 # Hewlett-Packard Company
29 # September 15th, 2003
30 # Intended Category: Informational
33 # A Configuration Schema for LDAP Based
34 # Directory User Agents
35 # <draft-joslin-config-schema-07.txt>
40 # This document describes a mechanism for global configuration of
41 # similar directory user agents. This document defines a schema for
42 # configuration of these DUAs that may be discovered using the Light-
43 # weight Directory Access Protocol in RFC 2251[17]. A set of attri-
44 # bute types and an objectclass are proposed, along with specific
45 # guidelines for interpreting them. A significant feature of the
46 # global configuration policy for DUAs is a mechanism that allows
47 # DUAs to re-configure their schema to that of the end user's
48 # environment. This configuration is achieved through attribute and
49 # objectclass mapping. This document is intended to be a skeleton
50 # for future documents that describe configuration of specific DUA
59 # The schema defined by this document is defined under the "DUA Con-
60 # figuration Schema." This schema is derived from the OID: iso (1)
61 # org (3) dod (6) internet (1) private (4) enterprises (1) Hewlett-
62 # Packard Company (11) directory (1) LDAP-UX Integration Project (3)
63 # DUA Configuration Schema (1). This OID is represented in this
64 # document by the keystring "DUAConfSchemaOID"
65 # (1.3.6.1.4.1.11.1.3.1).
66 objectidentifier DUAConfSchemaOID 1.3.6.1.4.1.11.1.3.1
70 # The attributes and classes defined in this document are summarized
73 # The following attributes are defined in this document:
79 # authenticationMethod
81 # serviceSearchDescriptor
86 # Internet-Draft DUA Configuration Schema October 2002
89 # serviceCredentialLevel
90 # serviceAuthenticationMethod
101 # The following object class is defined in this document:
106 attributeType ( DUAConfSchemaOID:1.0 NAME 'defaultServerList'
107 DESC 'Default LDAP server host address used by a DUA'
108 EQUALITY caseIgnoreMatch
109 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
112 attributeType ( DUAConfSchemaOID:1.1 NAME 'defaultSearchBase'
113 DESC 'Default LDAP base DN used by a DUA'
114 EQUALITY distinguishedNameMatch
115 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
118 attributeType ( DUAConfSchemaOID:1.2 NAME 'preferredServerList'
119 DESC 'Preferred LDAP server host addresses to be used by a
121 EQUALITY caseIgnoreMatch
122 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
125 attributeType ( DUAConfSchemaOID:1.3 NAME 'searchTimeLimit'
126 DESC 'Maximum time in seconds a DUA should allow for a
128 EQUALITY integerMatch
129 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
132 attributeType ( DUAConfSchemaOID:1.4 NAME 'bindTimeLimit'
133 DESC 'Maximum time in seconds a DUA should allow for the
134 bind operation to complete'
135 EQUALITY integerMatch
136 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
139 attributeType ( DUAConfSchemaOID:1.5 NAME 'followReferrals'
140 DESC 'Tells DUA if it should follow referrals
141 returned by a DSA search result'
142 EQUALITY booleanMatch
143 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
146 attributeType ( DUAConfSchemaOID:1.16 NAME 'dereferenceAliases'
147 DESC 'Tells DUA if it should dereference aliases'
148 EQUALITY booleanMatch
149 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
152 attributeType ( DUAConfSchemaOID:1.6 NAME 'authenticationMethod'
153 DESC 'A keystring which identifies the type of
154 authentication method used to contact the DSA'
155 EQUALITY caseIgnoreMatch
156 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
159 attributeType ( DUAConfSchemaOID:1.7 NAME 'profileTTL'
160 DESC 'Time to live, in seconds, before a client DUA
161 should re-read this configuration profile'
162 EQUALITY integerMatch
163 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
166 attributeType ( DUAConfSchemaOID:1.14 NAME 'serviceSearchDescriptor'
167 DESC 'LDAP search descriptor list used by a DUA'
168 EQUALITY caseExactMatch
169 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
171 attributeType ( DUAConfSchemaOID:1.9 NAME 'attributeMap'
172 DESC 'Attribute mappings used by a DUA'
173 EQUALITY caseIgnoreIA5Match
174 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
176 attributeType ( DUAConfSchemaOID:1.10 NAME 'credentialLevel'
177 DESC 'Identifies type of credentials a DUA should
178 use when binding to the LDAP server'
179 EQUALITY caseIgnoreIA5Match
180 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
183 attributeType ( DUAConfSchemaOID:1.11 NAME 'objectclassMap'
184 DESC 'Objectclass mappings used by a DUA'
185 EQUALITY caseIgnoreIA5Match
186 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
188 attributeType ( DUAConfSchemaOID:1.12 NAME 'defaultSearchScope'
189 DESC 'Default search scope used by a DUA'
190 EQUALITY caseIgnoreIA5Match
191 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
194 attributeType ( DUAConfSchemaOID:1.13 NAME 'serviceCredentialLevel'
195 DESC 'Identifies type of credentials a DUA
196 should use when binding to the LDAP server for a
198 EQUALITY caseIgnoreIA5Match
199 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
201 attributeType ( DUAConfSchemaOID:1.15 NAME 'serviceAuthenticationMethod'
202 DESC 'Authentication method used by a service of the DUA'
203 EQUALITY caseIgnoreMatch
204 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
206 # 4. Class Definition
208 # The objectclass below is constructed from the attributes defined in
209 # 3, with the exception of the cn attribute, which is defined in RFC
210 # 2256 [8]. cn is used to represent the name of the DUA configura-
213 objectClass ( DUAConfSchemaOID:2.5 NAME 'DUAConfigProfile'
215 DESC 'Abstraction of a base configuration for a DUA'
217 MAY ( defaultServerList $ preferredServerList $
218 defaultSearchBase $ defaultSearchScope $
219 searchTimeLimit $ bindTimeLimit $
220 credentialLevel $ authenticationMethod $
221 followReferrals $ dereferenceAliases $
222 serviceSearchDescriptor $ serviceCredentialLevel $
223 serviceAuthenticationMethod $ objectclassMap $
224 attributeMap $ profileTTL ) )