+# $OpenLDAP$
+#
+# OpenLDAP Core schema
+#
+# Includes LDAPv3 schema items from:
+# RFC2251-RFC2256 (LDAPv3)
+#
+# select standard track schema items:
+# RFC2079 (URI)
+# RFC1274 (uid/dc)
+# RFC2247 (dc/dcObject)
+# RFC2289 (Dynamic Directory Services)
+#
+# select informational schema items:
+# RFC2377 (uidObject)
+#
+# select experimental IETF LDAPext items
+# ldapSubentry draft
+# ldapRootDSE
+# named referrals draft
+# alias draft
-# Standard schema from RFC2251-RFC2256
# Standard X.501(93) Operational Attribute Types from RFC2252
-attribute ( 2.5.18.1 NAME 'createTimestamp' EQUALITY generalizedTimeMatch
+attributetype ( 2.5.18.1 NAME 'createTimestamp' EQUALITY generalizedTimeMatch
ORDERING generalizedTimeOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
-attribute ( 2.5.18.2 NAME 'modifyTimestamp' EQUALITY generalizedTimeMatch
+attributetype ( 2.5.18.2 NAME 'modifyTimestamp' EQUALITY generalizedTimeMatch
ORDERING generalizedTimeOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
-attribute ( 2.5.18.3 NAME 'creatorsName' EQUALITY distinguishedNameMatch
+attributetype ( 2.5.18.3 NAME 'creatorsName' EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
-attribute ( 2.5.18.4 NAME 'modifiersName' EQUALITY distinguishedNameMatch
+attributetype ( 2.5.18.4 NAME 'modifiersName' EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
-attribute ( 2.5.18.10 NAME 'subschemaSubentry'
+attributetype ( 2.5.18.10 NAME 'subschemaSubentry'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICATION
SINGLE-VALUE USAGE directoryOperation )
-attribute ( 2.5.21.5 NAME 'attributeTypes'
+attributetype ( 2.5.21.5 NAME 'attributeTypes'
EQUALITY objectIdentifierFirstComponentMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.3 USAGE directoryOperation )
-attribute ( 2.5.21.6 NAME 'objectClasses'
+attributetype ( 2.5.21.6 NAME 'objectClasses'
EQUALITY objectIdentifierFirstComponentMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.37 USAGE directoryOperation )
-attribute ( 2.5.21.4 NAME 'matchingRules'
+attributetype ( 2.5.21.4 NAME 'matchingRules'
EQUALITY objectIdentifierFirstComponentMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.30 USAGE directoryOperation )
-attribute ( 2.5.21.8 NAME 'matchingRuleUse'
+attributetype ( 2.5.21.8 NAME 'matchingRuleUse'
EQUALITY objectIdentifierFirstComponentMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.31 USAGE directoryOperation )
# LDAP Operational Attributes from RFC2252
-attribute ( 1.3.6.1.4.1.1466.101.120.5 NAME 'namingContexts'
+attributetype ( 1.3.6.1.4.1.1466.101.120.5 NAME 'namingContexts'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 USAGE dSAOperation )
-attribute ( 1.3.6.1.4.1.1466.101.120.6 NAME 'altServer'
+attributetype ( 1.3.6.1.4.1.1466.101.120.6 NAME 'altServer'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE dSAOperation )
-attribute ( 1.3.6.1.4.1.1466.101.120.7 NAME 'supportedExtension'
+attributetype ( 1.3.6.1.4.1.1466.101.120.7 NAME 'supportedExtension'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation )
-attribute ( 1.3.6.1.4.1.1466.101.120.13 NAME 'supportedControl'
+attributetype ( 1.3.6.1.4.1.1466.101.120.13 NAME 'supportedControl'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation )
-attribute ( 1.3.6.1.4.1.1466.101.120.14 NAME 'supportedSASLMechanisms'
+attributetype ( 1.3.6.1.4.1.1466.101.120.14 NAME 'supportedSASLMechanisms'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE dSAOperation )
-attribute ( 1.3.6.1.4.1.1466.101.120.15 NAME 'supportedLDAPVersion'
+attributetype ( 1.3.6.1.4.1.1466.101.120.15 NAME 'supportedLDAPVersion'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 USAGE dSAOperation )
# LDAP Subschema Atrribute from RFC2252
-attribute ( 1.3.6.1.4.1.1466.101.120.16 NAME 'ldapSyntaxes'
+attributetype ( 1.3.6.1.4.1.1466.101.120.16 NAME 'ldapSyntaxes'
EQUALITY objectIdentifierFirstComponentMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.54 USAGE directoryOperation )
# X.500 Subschema attributes from RFC2252
-attribute ( 2.5.21.1 NAME 'dITStructureRules' EQUALITY integerFirstComponentMatch
+attributetype ( 2.5.21.1 NAME 'dITStructureRules' EQUALITY integerFirstComponentMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.17 USAGE directoryOperation )
-attribute ( 2.5.21.7 NAME 'nameForms'
+attributetype ( 2.5.21.7 NAME 'nameForms'
EQUALITY objectIdentifierFirstComponentMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.35 USAGE directoryOperation )
-attribute ( 2.5.21.2 NAME 'dITContentRules'
+attributetype ( 2.5.21.2 NAME 'dITContentRules'
EQUALITY objectIdentifierFirstComponentMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.16 USAGE directoryOperation )
# Object Classes from RFC2252
-objectclass ( 1.3.6.1.4.1.1466.101.120.111 NAME 'extensibleObject'
- SUP top AUXILIARY )
-
+# extensibleObject moved forward, since it depends on top
# ldapSyntaxes (operational) is admissible in next:
objectclass ( 2.5.20.1 NAME 'subschema' AUXILIARY
# Standard attribute types from RFC2256
-attribute ( 2.5.4.0 NAME 'objectClass' EQUALITY objectIdentifierMatch
+attributetype ( 2.5.4.0 NAME 'objectClass'
+ EQUALITY objectIdentifierMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
-attribute ( 2.5.4.1 NAME 'aliasedObjectName' EQUALITY distinguishedNameMatch
+attributetype ( 2.5.4.1 NAME 'aliasedObjectName'
+ EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
# Defined, but no longer used
-attribute ( 2.5.4.2 NAME 'knowledgeInformation' EQUALITY caseIgnoreMatch
+attributetype ( 2.5.4.2 NAME 'knowledgeInformation'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+
+# Place here since other attribute types derive from it
+
+attributetype ( 2.5.4.41 NAME 'name'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
-attribute ( 2.5.4.3 NAME ( 'cn' 'commonName' ) SUP name )
+attributetype ( 2.5.4.3 NAME ( 'cn' 'commonName' ) SUP name )
-attribute ( 2.5.4.4 NAME ( 'sn' 'surname' ) SUP name )
+attributetype ( 2.5.4.4 NAME ( 'sn' 'surname' ) SUP name )
-attribute ( 2.5.4.5 NAME 'serialNumber' EQUALITY caseIgnoreMatch
+attributetype ( 2.5.4.5 NAME 'serialNumber' EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} )
# (2-letter code from ISO 3166)
-attribute ( 2.5.4.6 NAME ( 'c' 'countryName' ) SUP name SINGLE-VALUE )
+attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' ) SUP name SINGLE-VALUE )
-attribute ( 2.5.4.7 NAME ( 'l' 'localityName' ) SUP name )
+attributetype ( 2.5.4.7 NAME ( 'l' 'localityName' ) SUP name )
-attribute ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' ) SUP name )
+attributetype ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' ) SUP name )
-attribute ( 2.5.4.9 NAME ( 'street' 'streetAddress' ) EQUALITY caseIgnoreMatch
+attributetype ( 2.5.4.9 NAME ( 'street' 'streetAddress' )
+ EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
-attribute ( 2.5.4.10 NAME ( 'o' 'organizationName' ) SUP name )
+attributetype ( 2.5.4.10 NAME ( 'o' 'organizationName' ) SUP name )
-attribute ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' ) SUP name )
+attributetype ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' ) SUP name )
-attribute ( 2.5.4.12 NAME 'title' SUP name )
+attributetype ( 2.5.4.12 NAME 'title' SUP name )
-attribute ( 2.5.4.13 NAME 'description' EQUALITY caseIgnoreMatch
+attributetype ( 2.5.4.13 NAME 'description'
+ EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
# Obsoleted by enhancedSearchGuide
-attribute ( 2.5.4.14 NAME 'searchGuide'
+attributetype ( 2.5.4.14 NAME 'searchGuide'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 )
-attribute ( 2.5.4.15 NAME 'businessCategory' EQUALITY caseIgnoreMatch
+attributetype ( 2.5.4.15 NAME 'businessCategory'
+ EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
-attribute ( 2.5.4.16 NAME 'postalAddress' EQUALITY caseIgnoreListMatch
+attribute ( 2.5.4.16 NAME 'postalAddress'
+ EQUALITY caseIgnoreListMatch
SUBSTR caseIgnoreListSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
-attribute ( 2.5.4.17 NAME 'postalCode' EQUALITY caseIgnoreMatch
+attributetype ( 2.5.4.17 NAME 'postalCode'
+ EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
-attribute ( 2.5.4.18 NAME 'postOfficeBox' EQUALITY caseIgnoreMatch
+attributetype ( 2.5.4.18 NAME 'postOfficeBox'
+ EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
-attribute ( 2.5.4.19 NAME 'physicalDeliveryOfficeName' EQUALITY caseIgnoreMatch
+attributetype ( 2.5.4.19 NAME 'physicalDeliveryOfficeName'
+ EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
-attribute ( 2.5.4.20 NAME 'telephoneNumber' EQUALITY telephoneNumberMatch
+attributetype ( 2.5.4.20 NAME 'telephoneNumber'
+ EQUALITY telephoneNumberMatch
SUBSTR telephoneNumberSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} )
-attribute ( 2.5.4.21 NAME 'telexNumber'
+attributetype ( 2.5.4.21 NAME 'telexNumber'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 )
-attribute ( 2.5.4.22 NAME 'teletexTerminalIdentifier'
+attributetype ( 2.5.4.22 NAME 'teletexTerminalIdentifier'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 )
-attribute ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' )
+attributetype ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' )
SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 )
-attribute ( 2.5.4.24 NAME 'x121Address' EQUALITY numericStringMatch
+attributetype ( 2.5.4.24 NAME 'x121Address'
+ EQUALITY numericStringMatch
SUBSTR numericStringSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} )
-attribute ( 2.5.4.25 NAME 'internationaliSDNNumber' EQUALITY numericStringMatch
+attributetype ( 2.5.4.25 NAME 'internationaliSDNNumber'
+ EQUALITY numericStringMatch
SUBSTR numericStringSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} )
-attribute ( 2.5.4.26 NAME 'registeredAddress' SUP postalAddress
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+attributetype ( 2.5.4.26 NAME 'registeredAddress' SUP postalAddress
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
-attribute ( 2.5.4.27 NAME 'destinationIndicator' EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} )
+attributetype ( 2.5.4.27 NAME 'destinationIndicator'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} )
-attribute ( 2.5.4.28 NAME 'preferredDeliveryMethod'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.14
- SINGLE-VALUE )
+attributetype ( 2.5.4.28 NAME 'preferredDeliveryMethod'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.14
+ SINGLE-VALUE )
-attribute ( 2.5.4.29 NAME 'presentationAddress'
- EQUALITY presentationAddressMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.43
- SINGLE-VALUE )
+attributetype ( 2.5.4.29 NAME 'presentationAddress'
+ EQUALITY presentationAddressMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.43
+ SINGLE-VALUE )
-attribute ( 2.5.4.30 NAME 'supportedApplicationContext'
- EQUALITY objectIdentifierMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
+attributetype ( 2.5.4.30 NAME 'supportedApplicationContext'
+ EQUALITY objectIdentifierMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
-# SUP comes later
+# Placed here because others derive from it.
-attribute ( 2.5.4.31 NAME 'member' SUP distinguishedName )
+# We had a dn definition in slapd.at.conf and Netscape lists both
+# names for that OID. This is wrong, 'dn' is used internally in slapd
+# as the name of a pseudo-attribute type that contains the
+# distinguished name of an entry. On the other hand, the attribute
+# type distinguishedName is meant to be an "abstract" type and other
+# dn-valued attribute types derive from it. So at most, 'dn' would
+# be a subtype of distinguishedName, something like:
+# attributetype ( dnOID NAME 'dn' SUP distinguishedName
+# SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
+
+attributetype ( 2.5.4.49 NAME 'distinguishedName'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
-attribute ( 2.5.4.32 NAME 'owner' SUP distinguishedName )
+attributetype ( 2.5.4.31 NAME 'member' SUP distinguishedName )
-attribute ( 2.5.4.33 NAME 'roleOccupant' SUP distinguishedName )
+attributetype ( 2.5.4.32 NAME 'owner' SUP distinguishedName )
-attribute ( 2.5.4.34 NAME 'seeAlso' SUP distinguishedName )
+attributetype ( 2.5.4.33 NAME 'roleOccupant' SUP distinguishedName )
-attribute ( 2.5.4.35 NAME 'userPassword' EQUALITY octetStringMatch
+attributetype ( 2.5.4.34 NAME 'seeAlso' SUP distinguishedName )
+
+attributetype ( 2.5.4.35 NAME 'userPassword'
+ EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
# Must be stored and requested in the binary form, as
# userCertificate;binary
-
-attribute ( 2.5.4.36 NAME 'userCertificate'
+attributetype ( 2.5.4.36 NAME 'userCertificate'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
# As above
-
-attribute ( 2.5.4.37 NAME 'cACertificate'
+attributetype ( 2.5.4.37 NAME 'cACertificate'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
# As above
-
-attribute ( 2.5.4.38 NAME 'authorityRevocationList'
+attributetype ( 2.5.4.38 NAME 'authorityRevocationList'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
# As above
-
-attribute ( 2.5.4.39 NAME 'certificateRevocationList'
+attributetype ( 2.5.4.39 NAME 'certificateRevocationList'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
# As above
-
-attribute ( 2.5.4.40 NAME 'crossCertificatePair'
+attributetype ( 2.5.4.40 NAME 'crossCertificatePair'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 )
-# Out of order!!!
+# 2.5.4.41 is 'name', moved above since other attribute types derive from it
-attribute ( 2.5.4.41 NAME 'name' EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+attributetype ( 2.5.4.42 NAME ( 'givenName' 'gn' ) SUP name )
-attribute ( 2.5.4.42 NAME 'givenName' SUP name )
+attributetype ( 2.5.4.43 NAME 'initials' SUP name )
-attribute ( 2.5.4.43 NAME 'initials' SUP name )
-
-attribute ( 2.5.4.45 NAME 'x500UniqueIdentifier' EQUALITY bitStringMatch
+attributetype ( 2.5.4.45 NAME 'x500UniqueIdentifier'
+ EQUALITY bitStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )
-attribute ( 2.5.4.46 NAME 'dnQualifier' EQUALITY caseIgnoreMatch
- ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch
+attributetype ( 2.5.4.46 NAME 'dnQualifier'
+ EQUALITY caseIgnoreMatch
+ ORDERING caseIgnoreOrderingMatch
+ SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
-attribute ( 2.5.4.47 NAME 'enhancedSearchGuide'
+attributetype ( 2.5.4.47 NAME 'enhancedSearchGuide'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 )
-attribute ( 2.5.4.48 NAME 'protocolInformation'
+attributetype ( 2.5.4.48 NAME 'protocolInformation'
EQUALITY protocolInformationMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 )
-# Out of order!!!
-# We had a dn definition in slapd.at.conf and Netscape lists both
-# names for that OID
+# 2.5.4.49 is distinguishedName, moved up
-attribute ( 2.5.4.49 NAME ( 'distinguishedName' 'dn' ) EQUALITY distinguishedNameMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
-
-attribute ( 2.5.4.50 NAME 'uniqueMember' EQUALITY uniqueMemberMatch
+attributetype ( 2.5.4.50 NAME 'uniqueMember'
+ EQUALITY uniqueMemberMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 )
-attribute ( 2.5.4.51 NAME 'houseIdentifier' EQUALITY caseIgnoreMatch
+attributetype ( 2.5.4.51 NAME 'houseIdentifier'
+ EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
# This attribute is to be stored and requested in the binary form, as
# 'supportedAlgorithms;binary'.
-attribute ( 2.5.4.52 NAME 'supportedAlgorithms'
+attributetype ( 2.5.4.52 NAME 'supportedAlgorithms'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 )
# This attribute is to be stored and requested in the binary form, as
# 'deltaRevocationList;binary'.
-attribute ( 2.5.4.53 NAME 'deltaRevocationList'
+attributetype ( 2.5.4.53 NAME 'deltaRevocationList'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
-attribute ( 2.5.4.54 NAME 'dmdName' SUP name )
+attributetype ( 2.5.4.54 NAME 'dmdName' SUP name )
# Standard object classes from RFC2256
-objectclass ( 2.5.6.0 NAME 'top' ABSTRACT MUST objectClass )
+objectclass ( 2.5.6.0 NAME 'top' ABSTRACT
+ MUST objectClass )
-objectclass ( 2.5.6.1 NAME 'alias' SUP top STRUCTURAL MUST aliasedObjectName )
+objectclass ( 2.5.6.1 NAME 'alias' SUP top STRUCTURAL
+ MUST aliasedObjectName )
-objectclass ( 2.5.6.2 NAME 'country' SUP top STRUCTURAL MUST c
+objectclass ( 2.5.6.2 NAME 'country' SUP top STRUCTURAL
+ MUST c
MAY ( searchGuide $ description ) )
objectclass ( 2.5.6.3 NAME 'locality' SUP top STRUCTURAL
MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) )
-objectclass ( 2.5.6.4 NAME 'organization' SUP top STRUCTURAL MUST o
+objectclass ( 2.5.6.4 NAME 'organization' SUP top STRUCTURAL
+ MUST o
MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
street $ postOfficeBox $ postalCode $ postalAddress $
physicalDeliveryOfficeName $ st $ l $ description ) )
-objectclass ( 2.5.6.5 NAME 'organizationalUnit' SUP top STRUCTURAL MUST ou
+objectclass ( 2.5.6.5 NAME 'organizationalUnit' SUP top STRUCTURAL
+ MUST ou
MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
street $ postOfficeBox $ postalCode $ postalAddress $
physicalDeliveryOfficeName $ st $ l $ description ) )
-objectclass ( 2.5.6.6 NAME 'person' SUP top STRUCTURAL MUST ( sn $ cn )
+objectclass ( 2.5.6.6 NAME 'person' SUP top STRUCTURAL
+ MUST ( sn $ cn )
MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) )
objectclass ( 2.5.6.7 NAME 'organizationalPerson' SUP person STRUCTURAL
# Notice that preferredDeliveryMethod is duplicate
-objectclass ( 2.5.6.8 NAME 'organizationalRole' SUP top STRUCTURAL MUST cn
+objectclass ( 2.5.6.8 NAME 'organizationalRole' SUP top STRUCTURAL
+ MUST cn
MAY ( x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $
postOfficeBox $ postalCode $ postalAddress $
physicalDeliveryOfficeName $ ou $ st $ l $ description ) )
-objectclass ( 2.5.6.9 NAME 'groupOfNames' SUP top STRUCTURAL MUST ( member $ cn )
+objectclass ( 2.5.6.9 NAME 'groupOfNames' SUP top STRUCTURAL
+ MUST ( member $ cn )
MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
# Notice that preferredDeliveryMethod is duplicate
-# It seems they could not agree on wheter telephoneNumber is MAY
+# It seems they could not agree on whether telephoneNumber is MAY
# in person. Probably it wasn't originally at was added as an
# afterthought
-objectclass ( 2.5.6.10 NAME 'residentialPerson' SUP person STRUCTURAL MUST l
+objectclass ( 2.5.6.10 NAME 'residentialPerson' SUP person STRUCTURAL
+ MUST l
MAY ( businessCategory $ x121Address $ registeredAddress $
destinationIndicator $ preferredDeliveryMethod $ telexNumber $
teletexTerminalIdentifier $ telephoneNumber $
postOfficeBox $ postalCode $ postalAddress $
physicalDeliveryOfficeName $ st $ l ) )
-objectclass ( 2.5.6.11 NAME 'applicationProcess' SUP top STRUCTURAL MUST cn
+objectclass ( 2.5.6.11 NAME 'applicationProcess' SUP top STRUCTURAL
+ MUST cn
MAY ( seeAlso $ ou $ l $ description ) )
objectclass ( 2.5.6.12 NAME 'applicationEntity' SUP top STRUCTURAL
objectclass ( 2.5.6.13 NAME 'dSA' SUP applicationEntity STRUCTURAL
MAY knowledgeInformation )
-objectclass ( 2.5.6.14 NAME 'device' SUP top STRUCTURAL MUST cn
+objectclass ( 2.5.6.14 NAME 'device' SUP top STRUCTURAL
+ MUST cn
MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) )
objectclass ( 2.5.6.15 NAME 'strongAuthenticationUser' SUP top AUXILIARY
# New
objectclass ( 2.5.6.19 NAME 'cRLDistributionPoint' SUP top STRUCTURAL
- MUST ( cn ) MAY ( certificateRevocationList $
- authorityRevocationList $
+ MUST ( cn )
+ MAY ( certificateRevocationList $ authorityRevocationList $
deltaRevocationList ) )
# New
-objectclass ( 2.5.6.20 NAME 'dmd' SUP top STRUCTURAL MUST ( dmdName )
+objectclass ( 2.5.6.20 NAME 'dmd' SUP top STRUCTURAL
+ MUST ( dmdName )
MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
street $ postOfficeBox $ postalCode $ postalAddress $
physicalDeliveryOfficeName $ st $ l $ description ) )
+# Next objectclass is defined in RFC2252, but has to be put after top
+
+objectclass ( 1.3.6.1.4.1.1466.101.120.111 NAME 'extensibleObject'
+ DESC 'RFC2252 extensible object'
+ SUP top AUXILIARY )
+
+#
+# Standard Track URI label schema from RFC2079
+#
+attributetype ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI'
+ DESC 'Uniform Resource Identifier with optional label'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+objectclass ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject'
+ DESC 'object that contains the URI attribute type'
+ MAY ( labeledURI )
+ SUP top AUXILIARY )
+
+#
+# Standard Track Dynamic Directory Services from RFC2589
+#
+objectclass ( 1.3.6.1.4.1.1466.101.119.2 NAME 'dynamicObject'
+ DESC 'RFC2589 Dynamic Object'
+ SUP top AUXILIARY )
+
+attributetype ( 1.3.6.1.4.1.1466.101.119.3 NAME 'entryTtl'
+ DESC 'RFC2589 entry time-to-live'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE
+ NO-USER-MODIFICATION USAGE dSAOperation )
+
+attributetype ( 1.3.6.1.4.1.1466.101.119.4 NAME 'dynamicSubtrees'
+ DESC 'RFC2589 dynamic subtrees'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICATION
+ USAGE dSAOperation )
+
+# Derived from RFC1274, but with new "short names"
+attributetype ( 0.9.2342.19200300.100.1.1
+ NAME ( 'uid' 'userid' )
+ DESC 'RFC1274 user identifier'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822Mailbox' )
+ DESC 'rfc822 mail box'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
+ SUP top AUXILIARY
+ MUST userPassword )
+
+
+# RFC1274 + RFC2247
+attributetype ( 0.9.2342.19200300.100.1.25
+ NAME ( 'dc' 'domainComponent' )
+ DESC 'RFC1274/2247 domain component'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+# RFC2247
+objectclass ( 1.3.6.1.4.1.1466.344 NAME 'dcObject'
+ SUP top AUXILIARY MUST dc )
+
+
+# From RFC2377
+objectclass ( 1.3.6.1.1.3.1 NAME 'uidObject'
+ DESC 'RFC2377 uid object'
+ SUP top AUXILIARY MUST uid )
+
+#
+# From draft-ietf-ldapext-nameref-00.txt
+# used to represent referrals in the directory
+#
+attributetype ( 2.16.840.1.113730.3.1.34 NAME 'ref'
+ DESC 'nameref URL Reference'
+ EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ USAGE distributedOperation )
+
+objectclass ( 2.16.840.1.113730.3.2.6 NAME 'referral'
+ DESC 'Named referral object'
+ SUP top STRUCTURAL MAY ref )
+
+#
+# LDAPsubEntry
+# likely to change!
+objectclass ( 2.16.840.1.113719.2.142.6.1.1 NAME 'LDAPsubEntry'
+ DESC 'LDAP Subentry'
+ SUP top STRUCTURAL MAY cn )
+
+#
+# OpenLDAProotDSE
+# likely to change!
+objectclass ( 1.3.6.1.4.1.4203.666.3.2
+ NAME ( 'OpenLDAProotDSE' 'LDAProotDSE' )
+ DESC 'OpenLDAP Root DSE object'
+ SUP top STRUCTURAL MAY cn )
+
+#
+# IETF LDAPext WG Access Control Model
+# likely to change!
+attributetype ( supportedACIMechanismsOID NAME 'supportedACIMechanisms'
+ DESC 'list of access control mechanisms supported by this directory server'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation )
+
+attributetype ( aCIMechanismOID NAME 'aCIMechanism'
+ DESC 'list of access control mechanism supported in this subtree'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation )
+
+attributetype ( ldapACIOID NAME 'ldapACI'
+ DESC 'LDAP access control information'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ USAGE directoryOperation )
projects / openldap / blobdiff