A significant feature of the # global configuration policy for DUAs is a mechanism that allows # DUAs to re-configure their schema to that of the end user's # environment. This configuration is achieved through attribute and # objectclass mapping. This document is intended to be a skeleton # for future documents that describe configuration of specific DUA # services. # # # [trimmed] # # # 2. General Issues # # The schema defined by this document is defined under the "DUA Con- # figuration Schema." This schema is derived from the OID: iso (1) # org (3) dod (6) internet (1) private (4) enterprises (1) Hewlett- # Packard Company (11) directory (1) LDAP-UX Integration Project (3) # DUA Configuration Schema (1). attributeType ( DUAConfSchemaOID:1.0 NAME 'defaultServerList' DESC 'Default LDAP server host address used by a DUA' EQUALITY caseIgnoreMatch SYNTAX SINGLE-VALUE ) attributeType ( DUAConfSchemaOID:1.1 NAME 'defaultSearchBase' DESC 'Default LDAP base DN used by a DUA' EQUALITY distinguishedNameMatch SYNTAX SINGLE-VALUE ) attributeType ( DUAConfSchemaOID:1.2 NAME 'preferredServerList' DESC 'Preferred LDAP server host addresses to be used by a DUA' EQUALITY caseIgnoreMatch SYNTAX SINGLE-VALUE ) attributeType ( DUAConfSchemaOID:1.3 NAME 'searchTimeLimit' DESC 'Maximum time in seconds a DUA should allow for a search to complete' EQUALITY integerMatch SYNTAX SINGLE-VALUE ) attributeType ( DUAConfSchemaOID:1.4 NAME 'bindTimeLimit' DESC 'Maximum time in seconds a DUA should allow for the bind operation to complete' EQUALITY integerMatch SYNTAX SINGLE-VALUE ) attributeType ( DUAConfSchemaOID:1.5 NAME 'followReferrals' DESC 'Tells DUA if it should follow referrals returned by a DSA search result' EQUALITY booleanMatch SYNTAX SINGLE-VALUE ) attributeType ( DUAConfSchemaOID:1.16 NAME 'dereferenceAliases' DESC 'Tells DUA if it should dereference aliases' EQUALITY booleanMatch SYNTAX SINGLE-VALUE ) attributeType ( DUAConfSchemaOID:1.6 NAME 'authenticationMethod' DESC 'A keystring which identifies the type of authentication method used to contact the DSA' EQUALITY caseIgnoreMatch SYNTAX SINGLE-VALUE ) attributeType ( DUAConfSchemaOID:1.7 NAME 'profileTTL' DESC 'Time to live, in seconds, before a client DUA should re-read this configuration profile' EQUALITY integerMatch SYNTAX SINGLE-VALUE ) attributeType ( DUAConfSchemaOID:1.14 NAME 'serviceSearchDescriptor' DESC 'LDAP search descriptor list used by a DUA' EQUALITY caseExactMatch SYNTAX ) attributeType ( DUAConfSchemaOID:1.9 NAME 'attributeMap' DESC 'Attribute mappings used by a DUA' EQUALITY caseIgnoreIA5Match SYNTAX ) attributeType ( DUAConfSchemaOID:1.10 NAME 'credentialLevel' DESC 'Identifies type of credentials a DUA should use when binding to the LDAP server' EQUALITY caseIgnoreIA5Match SYNTAX SINGLE-VALUE ) attributeType ( DUAConfSchemaOID:1.11 NAME 'objectclassMap' DESC 'Objectclass mappings used by a DUA' EQUALITY caseIgnoreIA5Match SYNTAX ) attributeType ( DUAConfSchemaOID:1.12 NAME 'defaultSearchScope' DESC 'Default search scope used by a DUA' EQUALITY caseIgnoreIA5Match SYNTAX SINGLE-VALUE ) attributeType ( DUAConfSchemaOID:1.13 NAME 'serviceCredentialLevel' DESC 'Identifies type of credentials a DUA should use when binding to the LDAP server for a specific service' EQUALITY caseIgnoreIA5Match SYNTAX ) attributeType ( DUAConfSchemaOID:1.15 NAME 'serviceAuthenticationMethod' DESC 'Authentication method used by a service of the DUA' EQUALITY caseIgnoreMatch SYNTAX ) Class Definition # # The objectclass below is constructed from the attributes defined in # 3, with the exception of the cn attribute, which is defined in RFC # 2256 [8]. cn is used to represent the name of the DUA configura- # tion profile. # objectClass ( DUAConfSchemaOID:2.5 NAME 'DUAConfigProfile' SUP top STRUCTURAL DESC 'Abstraction of a base configuration for a DUA' MUST ( cn ) MAY ( defaultServerList $ preferredServerList $ defaultSearchBase $ defaultSearchScope $ searchTimeLimit $ bindTimeLimit $ credentialLevel $ authenticationMethod $ followReferrals $ dereferenceAliases $ serviceSearchDescriptor $ serviceCredentialLevel $ serviceAuthenticationMethod $ objectclassMap $ attributeMap $ profileTTL ) )