X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fschema%2Fcore.schema;h=4551f7a095e618a88ee259936340be921c39af34;hb=a4d161cff64c74e03e5898eae104d5d52cc54a91;hp=3d3d3696743caea97b64bb2726b9a78494af295f;hpb=4b3e7fa668e4bb11986f012936ff761b447a9cce;p=openldap

diff --git a/servers/slapd/schema/core.schema b/servers/slapd/schema/core.schema
index 3d3d369674..4551f7a095 100644
--- a/servers/slapd/schema/core.schema
+++ b/servers/slapd/schema/core.schema
@@ -1,180 +1,85 @@
+# OpenLDAP Core schema
 # $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2006 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+## Portions Copyright (C) The Internet Society (1997-2003).
+## All Rights Reserved.
+##
+## This document and translations of it may be copied and furnished to
+## others, and derivative works that comment on or otherwise explain it
+## or assist in its implementation may be prepared, copied, published
+## and distributed, in whole or in part, without restriction of any
+## kind, provided that the above copyright notice and this paragraph are
+## included on all such copies and derivative works.  However, this
+## document itself may not be modified in any way, such as by removing
+## the copyright notice or references to the Internet Society or other
+## Internet organizations, except as needed for the purpose of
+## developing Internet standards in which case the procedures for
+## copyrights defined in the Internet Standards process must be         
+## followed, or as required to translate it into languages other than
+## English.
+##                                                                      
+## The limited permissions granted above are perpetual and will not be  
+## revoked by the Internet Society or its successors or assigns.        
+## 
+## This document and the information contained herein is provided on an 
+## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
+## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
 #
-# OpenLDAP Core schema
 #
 # Includes LDAPv3 schema items from:
-#	RFC 2251-RFC2256 (LDAPv3)
+#	RFC 2252/2256 (LDAPv3)
 #
-# select standard track schema items:
-#	RFC 2587 (PKI)
-#	RFC 2079 (URI)
+# Select standard track schema items:
 #	RFC 1274 (uid/dc)
+#	RFC 2079 (URI)
 #	RFC 2247 (dc/dcObject)
-#	RFC 2289 (Dynamic Directory Services)
+#	RFC 2587 (PKI)
+#	RFC 2589 (Dynamic Directory Services)
 #
-# select informational schema items:
+# Select informational schema items:
 #	RFC 2377 (uidObject)
-#
-# select IETF ''work in progress'' LDAPext/LDUP items
-#   ldapSubentry
-#	ldapRootDSE
-#	named referrals
-#	alias draft
-
-#
-# Standard X.501(93) Operational Attribute Types from RFC 2252
-#
-
-attributetype ( 2.5.18.1 NAME 'createTimestamp'
-	DESC 'RFC2252: time which object was created'
-	EQUALITY generalizedTimeMatch
-	ORDERING generalizedTimeOrderingMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
-	SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
-
-attributetype ( 2.5.18.2 NAME 'modifyTimestamp'
-	DESC 'RFC2252: time which object was last modified'
-	EQUALITY generalizedTimeMatch
-	ORDERING generalizedTimeOrderingMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
-	SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
-
-attributetype ( 2.5.18.3 NAME 'creatorsName'
-	DESC 'RFC2252: name of creator'
-	EQUALITY distinguishedNameMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-	SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
-
-attributetype ( 2.5.18.4 NAME 'modifiersName'
-	DESC 'RFC2252: name of last modifier'
-	EQUALITY distinguishedNameMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-	SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
-
-attributetype ( 2.5.18.9 NAME 'hasSubordinates'
-	DESC 'X.501: entry has children'
-	EQUALITY booleanMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-	SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
-
-attributetype ( 2.5.18.10 NAME 'subschemaSubentry'
-	DESC 'RFC2252: name of controlling subschema entry'
-	EQUALITY distinguishedNameMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICATION
-	SINGLE-VALUE USAGE directoryOperation )
-
-attributetype ( 2.5.21.1 NAME 'dITStructureRules'
-	DESC 'RFC2252: DIT structure rules'
-	EQUALITY integerFirstComponentMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.17 USAGE directoryOperation )
-
-attributetype ( 2.5.21.2 NAME 'dITContentRules'
-	DESC 'RFC2252: DIT content rules'
-	EQUALITY objectIdentifierFirstComponentMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.16 USAGE directoryOperation )
-
-attributetype ( 2.5.21.4 NAME 'matchingRules'
-	DESC 'RFC2252: matching rules'
-	EQUALITY objectIdentifierFirstComponentMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.30 USAGE directoryOperation )
-
-attributetype ( 2.5.21.5 NAME 'attributeTypes'
-	DESC 'RFC2252: attribute types'
-	EQUALITY objectIdentifierFirstComponentMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.3 USAGE directoryOperation )
-
-attributetype ( 2.5.21.6 NAME 'objectClasses'
-	DESC 'RFC2252: object classes'
-	EQUALITY objectIdentifierFirstComponentMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.37 USAGE directoryOperation )
-
-attributetype ( 2.5.21.7 NAME 'nameForms'
-	DESC 'RFC2252: name forms '
-	EQUALITY objectIdentifierFirstComponentMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.35 USAGE directoryOperation )
-
-attributetype ( 2.5.21.8 NAME 'matchingRuleUse'
-	DESC 'RFC2252: matching rule uses'
-	EQUALITY objectIdentifierFirstComponentMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.31 USAGE directoryOperation )
-
-# From X.500(93)
-attributetype ( 2.5.21.9 NAME 'structuralObjectClass'
-	DESC 'X.500(93): structural object class of entry'
-	EQUALITY objectIdentifierMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
-	NO-USER-MODIFICATION SINGLE-VALUE USAGE directoryOperation )
-
-#
-# LDAP Operational Attributes from RFC 2252
-#
-
-attributetype ( 1.3.6.1.4.1.1466.101.120.5 NAME 'namingContexts'
-	DESC 'RFC2252: naming contexts'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 USAGE dSAOperation )
-
-attributetype ( 1.3.6.1.4.1.1466.101.120.6 NAME 'altServer'
-	DESC 'RFC2252: alternative servers'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE dSAOperation )
-
-attributetype ( 1.3.6.1.4.1.1466.101.120.7 NAME 'supportedExtension'
-	DESC 'RFC2252: supported extended operations'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation )
-
-attributetype ( 1.3.6.1.4.1.1466.101.120.13 NAME 'supportedControl'
-	DESC 'RFC2252: supported controls'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation )
-
-attributetype ( 1.3.6.1.4.1.1466.101.120.14 NAME 'supportedSASLMechanisms'
-	DESC 'RFC2252: supported SASL mechanisms'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE dSAOperation )
-
-attributetype ( 1.3.6.1.4.1.1466.101.120.15 NAME 'supportedLDAPVersion'
-	DESC 'RFC2252: supported LDAP versions'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 USAGE dSAOperation )
-
-attributetype ( 1.3.6.1.4.1.1466.101.120.16 NAME 'ldapSyntaxes'
-	DESC 'RFC2252: LDAP syntaxes'
-	EQUALITY objectIdentifierFirstComponentMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.54 USAGE directoryOperation )
-
-#
-# Standard attribute types used for subtyping from RFC 2256
-#
-
-attributetype ( 2.5.4.41 NAME 'name'
-	DESC 'RFC2256: common supertype of name attributes'
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
-
-attributetype ( 2.5.4.49 NAME 'distinguishedName'
-	DESC 'RFC2256: common supertype of distingushed name attributes'
-	EQUALITY distinguishedNameMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
 
 #
 # Standard attribute types from RFC 2256
 #
 
-attributetype ( 2.5.4.0 NAME 'objectClass'
-	DESC 'RFC2256: object classes of the entity'
-	EQUALITY objectIdentifierMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
+# system schema
+#attributetype ( 2.5.4.0 NAME 'objectClass'
+#	DESC 'RFC2256: object classes of the entity'
+#	EQUALITY objectIdentifierMatch
+#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
 
-attributetype ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' )
-	DESC 'RFC2256: name of aliased object'
-	EQUALITY distinguishedNameMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
+# system schema
+#attributetype ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' )
+#	DESC 'RFC2256: name of aliased object'
+#	EQUALITY distinguishedNameMatch
+#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
 
 attributetype ( 2.5.4.2 NAME 'knowledgeInformation'
 	DESC 'RFC2256: knowledge information'
 	EQUALITY caseIgnoreMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
 
-attributetype ( 2.5.4.3 NAME ( 'cn' 'commonName' )
-	DESC 'RFC2256: common name(s) for which the entity is known by'
-	SUP name )
+# system schema
+#attributetype ( 2.5.4.3 NAME ( 'cn' 'commonName' )
+#	DESC 'RFC2256: common name(s) for which the entity is known by'
+#	SUP name )
 
 attributetype ( 2.5.4.4 NAME ( 'sn' 'surname' )
 	DESC 'RFC2256: last (family) name(s) for which the entity is known by'
@@ -216,15 +121,16 @@ attributetype ( 2.5.4.12 NAME 'title'
 	DESC 'RFC2256: title associated with the entity'
 	SUP name )
 
-attributetype ( 2.5.4.13 NAME 'description'
-	DESC 'RFC2256: descriptive information'
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
+# system schema
+#attributetype ( 2.5.4.13 NAME 'description'
+#	DESC 'RFC2256: descriptive information'
+#	EQUALITY caseIgnoreMatch
+#	SUBSTR caseIgnoreSubstringsMatch
+#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
 
-# Obsoleted by enhancedSearchGuide
+# Deprecated by enhancedSearchGuide
 attributetype ( 2.5.4.14 NAME 'searchGuide'
-	DESC 'RFC2256: search guide, obsoleted by enhancedSearchGuide'
+	DESC 'RFC2256: search guide, deprecated by enhancedSearchGuide'
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 )
 
 attributetype ( 2.5.4.15 NAME 'businessCategory'
@@ -326,23 +232,29 @@ attributetype ( 2.5.4.33 NAME 'roleOccupant'
 	DESC 'RFC2256: occupant of role'
 	SUP distinguishedName )
 
-attributetype ( 2.5.4.34 NAME 'seeAlso'
-	DESC 'RFC2256: DN of related object'
-	SUP distinguishedName )
+# system schema
+#attributetype ( 2.5.4.34 NAME 'seeAlso'
+#	DESC 'RFC2256: DN of related object'
+#	SUP distinguishedName )
 
-attributetype ( 2.5.4.35 NAME 'userPassword'
-	DESC 'RFC2256/2307: password of user'
-	EQUALITY octetStringMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
+# system schema
+#attributetype ( 2.5.4.35 NAME 'userPassword'
+#	DESC 'RFC2256/2307: password of user'
+#	EQUALITY octetStringMatch
+#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
 
 # Must be transferred using ;binary
+# with certificateExactMatch rule (per X.509)
 attributetype ( 2.5.4.36 NAME 'userCertificate'
 	DESC 'RFC2256: X.509 user certificate, use ;binary'
+	EQUALITY certificateExactMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
 
 # Must be transferred using ;binary
+# with certificateExactMatch rule (per X.509)
 attributetype ( 2.5.4.37 NAME 'cACertificate'
 	DESC 'RFC2256: X.509 CA certificate, use ;binary'
+	EQUALITY certificateExactMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
 
 # Must be transferred using ;binary
@@ -360,7 +272,7 @@ attributetype ( 2.5.4.40 NAME 'crossCertificatePair'
 	DESC 'RFC2256: X.509 cross certificate pair, use ;binary'
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 )
 
-# 2.5.4.41 is defined above as it's used for subtyping
+# system schema
 #attributetype ( 2.5.4.41 NAME 'name'
 #	EQUALITY caseIgnoreMatch
 #	SUBSTR caseIgnoreSubstringsMatch
@@ -399,7 +311,7 @@ attributetype ( 2.5.4.48 NAME 'protocolInformation'
 	EQUALITY protocolInformationMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 )
 
-# 2.5.4.49 is defined above as it's used for subtyping
+# system schema
 #attributetype ( 2.5.4.49 NAME 'distinguishedName'
 #	EQUALITY distinguishedNameMatch
 #	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
@@ -429,17 +341,23 @@ attributetype ( 2.5.4.54 NAME 'dmdName'
 	DESC 'RFC2256: name of DMD'
 	SUP name )
 
+attributetype ( 2.5.4.65 NAME 'pseudonym'
+	DESC 'X.520(4th): pseudonym for the object'
+	SUP name )
 
 # Standard object classes from RFC2256
 
-objectclass ( 2.5.6.0 NAME 'top'
-	DESC 'RFC2256: most superior class in superclass chain of all objects'
-	ABSTRACT MUST objectClass )
+# system schema
+#objectclass ( 2.5.6.0 NAME 'top'
+#	DESC 'RFC2256: top of the superclass chain'
+#	ABSTRACT
+#	MUST objectClass )
 
-objectclass ( 2.5.6.1 NAME 'alias'
-	DESC 'RFC2256: an alias'
-	SUP top STRUCTURAL
-	MUST aliasedObjectName )
+# system schema
+#objectclass ( 2.5.6.1 NAME 'alias'
+#	DESC 'RFC2256: an alias'
+#	SUP top STRUCTURAL
+#	MUST aliasedObjectName )
 
 objectclass ( 2.5.6.2 NAME 'country'
 	DESC 'RFC2256: a country'
@@ -459,7 +377,7 @@ objectclass ( 2.5.6.4 NAME 'organization'
 	MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
 		x121Address $ registeredAddress $ destinationIndicator $
 		preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
-		telephoneNumber $ internationaliSDNNumber $
+		telephoneNumber $ internationaliSDNNumber $ 
 		facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
 		postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
 
@@ -485,7 +403,7 @@ objectclass ( 2.5.6.7 NAME 'organizationalPerson'
 	SUP person STRUCTURAL
 	MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $
 		preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
-		telephoneNumber $ internationaliSDNNumber $
+		telephoneNumber $ internationaliSDNNumber $ 
 		facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
 		postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) )
 
@@ -583,29 +501,13 @@ objectclass ( 2.5.6.20 NAME 'dmd'
 		street $ postOfficeBox $ postalCode $ postalAddress $
 		physicalDeliveryOfficeName $ st $ l $ description ) )
 
-#
-# Object Classes from RFC 2252
-#
-
-objectclass ( 1.3.6.1.4.1.1466.101.120.111 NAME 'extensibleObject'
-	DESC 'RFC2252: extensible object'
-	SUP top AUXILIARY )
-
-objectclass ( 2.5.20.1 NAME 'subschema'
-	DESC 'RFC2252: controlling subschema (subentry)'
-	AUXILIARY
-	MAY ( dITStructureRules $ nameForms $ ditContentRules $
-		objectClasses $ attributeTypes $ matchingRules $
-		matchingRuleUse ) )
-
 #
 # Object Classes from RFC 2587
 #
-
 objectclass ( 2.5.6.21 NAME 'pkiUser'
 	DESC 'RFC2587: a PKI user'
 	SUP top AUXILIARY
-	MUST userCertificate )
+	MAY userCertificate )
 
 objectclass ( 2.5.6.22 NAME 'pkiCA'
 	DESC 'RFC2587: PKI certificate authority'
@@ -618,48 +520,28 @@ objectclass ( 2.5.6.23 NAME 'deltaCRL'
 	SUP top AUXILIARY
 	MAY deltaRevocationList )
 
-
 #
 # Standard Track URI label schema from RFC 2079
-#
-
-attributetype ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI'
-	DESC 'RFC2079: Uniform Resource Identifier with optional label'
-	EQUALITY caseExactMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+# system schema
+#attributetype ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI'
+#	DESC 'RFC2079: Uniform Resource Identifier with optional label'
+#	EQUALITY caseExactMatch
+#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
 
 objectclass ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject'
 	DESC 'RFC2079: object that contains the URI attribute type'
-	MAY ( labeledURI )
-	SUP top AUXILIARY )
-
-#
-# Standard Track Dynamic Directory Services from RFC 2589
-#
-
-objectclass ( 1.3.6.1.4.1.1466.101.119.2 NAME 'dynamicObject'
-	DESC 'RFC2589: Dynamic Object'
-	SUP top AUXILIARY )
-
-attributetype ( 1.3.6.1.4.1.1466.101.119.3 NAME 'entryTtl'
-	DESC 'RFC2589: entry time-to-live'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE
-	NO-USER-MODIFICATION USAGE dSAOperation )
-
-attributetype ( 1.3.6.1.4.1.1466.101.119.4 NAME 'dynamicSubtrees'
-	DESC 'RFC2589: dynamic subtrees'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICATION
-	USAGE dSAOperation )
+	SUP top AUXILIARY
+	MAY ( labeledURI ) )
 
 #
 # Derived from RFC 1274, but with new "short names"
 #
-attributetype ( 0.9.2342.19200300.100.1.1
-	NAME ( 'uid' 'userid' )
-	DESC 'RFC1274: user identifier'
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+#attributetype ( 0.9.2342.19200300.100.1.1
+#	NAME ( 'uid' 'userid' )
+#	DESC 'RFC1274: user identifier'
+#	EQUALITY caseIgnoreMatch
+#	SUBSTR caseIgnoreSubstringsMatch
+#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
 
 attributetype ( 0.9.2342.19200300.100.1.3
 	NAME ( 'mail' 'rfc822Mailbox' )
@@ -686,64 +568,12 @@ objectclass ( 1.3.6.1.4.1.1466.344 NAME 'dcObject'
 	DESC 'RFC2247: domain component object'
 	SUP top AUXILIARY MUST dc )
 
-
 # RFC 2377
 objectclass ( 1.3.6.1.1.3.1 NAME 'uidObject'
 	DESC 'RFC2377: uid object'
 	SUP top AUXILIARY MUST uid )
 
-#
-# From draft-zeilenga-ldap-namedref-00.txt
-#	used to represent referrals in the directory
-#
-attributetype ( 2.16.840.1.113730.3.1.34 NAME 'ref'
-	DESC 'namedref: subordinate referral URL'
-	EQUALITY caseExactMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	USAGE distributedOperation )
-
-objectclass ( 2.16.840.1.113730.3.2.6 NAME 'referral'
-	DESC 'namedref: named subordinate referral'
-	SUP top STRUCTURAL MUST ref )
-
-#
-# LDAP/X.500 subentry schema
-#	draft-zeilenga-ldap-subentry-xx.txt
-#
-attributetype ( 2.5.18.5 NAME 'administrativeRole'
-	EQUALITY objectIdentifierMatch
-	USAGE directoryOperation
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
-
-attributetype ( 2.5.18.6 NAME 'subtreeSpecification'
-	SINGLE-VALUE
-	USAGE directoryOperation
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.45 )
-
-objectclass ( 2.5.20.0 NAME 'subentry'
-	SUP top STRUCTURAL
-	MUST ( cn $ subtreeSpecification ) )   
-
-
-#
-# LDAPsubEntry
-#	deprecated!
-objectclass ( 2.16.840.1.113719.2.142.6.1.1
-	NAME 'LDAPsubEntry'
-	DESC 'LDAP Subentry'
-	SUP top STRUCTURAL MAY cn )
-
-#
-# OpenLDAProotDSE
-#	likely to change!
-objectclass ( 1.3.6.1.4.1.4203.1.4.1
-	NAME ( 'OpenLDAProotDSE' 'LDAProotDSE' )
-	DESC 'OpenLDAP Root DSE object'
-	SUP top STRUCTURAL MAY cn )
-
-#
 # From COSINE Pilot
-#
 attributetype ( 0.9.2342.19200300.100.1.37
 	NAME 'associatedDomain'
 	DESC 'RFC1274: domain associated with object'
@@ -751,85 +581,11 @@ attributetype ( 0.9.2342.19200300.100.1.37
 	SUBSTR caseIgnoreIA5SubstringsMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
 
-#
-# From U-Mich
-#
-attributetype ( 1.3.6.1.4.1.250.1.32
-	NAME ( 'krbName' 'kerberosName' )
-	DESC 'Kerberos principal associated with object'
-	EQUALITY caseIgnoreIA5Match
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-	SINGLE-VALUE )
-
-#
-# draft-zeilenga-ldap-features-xx.txt (supportedFeatures)
-#
-attributetype ( 1.3.6.1.4.1.4203.1.3.5
-	NAME 'supportedFeatures'
-	DESC 'features supported by the server'
-	EQUALITY objectIdentifierMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
-	USAGE dSAOperation )
-
-#
-# RFC 3112 (authPassword)
-#
-attributetype ( 1.3.6.1.4.1.4203.1.3.4
-	NAME 'authPassword'
-	DESC 'RFC3112: authentication password attribute'
-	SYNTAX 1.3.6.1.4.1.4203.666.2.2
-	USAGE dSAOperation )
-
-attributetype ( 1.3.6.1.4.1.4203.1.3.3
-	NAME 'supportedAuthPasswordSchemes'
-	DESC 'RFC3112: supported authPassword schemes'
+# RFC 2459 -- deprecated in favor of 'mail' (in cosine.schema)
+attributetype ( 1.2.840.113549.1.9.1
+	NAME ( 'email' 'emailAddress' 'pkcs9email' )
+	DESC 'RFC3280: legacy attribute for email addresses in DNs'
 	EQUALITY caseIgnoreIA5Match
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32}
-	NO-USER-MODIFICATION USAGE dSAOperation )
-
-objectclass ( 1.3.6.1.4.1.4203.1.4.7
-	NAME 'authPasswordObject'
-	DESC 'RFC3112: authPassword mixin class'
-	MAY authPassword
-	AUXILIARY )
-
-#
-# LDUP/LCUP attributes
-#  Experimental!
-#
-attributetype ( 1.3.6.1.4.1.4203.666.1.6 NAME 'entryUUID'
-	DESC 'LCUP/LDUP: universally unique identifier'
-	EQUALITY octetStringMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64}
-	SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
-
-attributetype ( 1.3.6.1.4.1.4203.666.1.7 NAME 'entryCSN'
-	DESC 'LCUP/LDUP: change sequence number'
-	EQUALITY octetStringMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64}
-	SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
-
-#
-# OpenLDAP specific schema items
-#
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
 
-attributetype ( 1.3.6.1.4.1.4203.1.3.1
-	NAME 'entry'
-	DESC 'OpenLDAP ACL entry pseudo-attribute'
-	SYNTAX 1.3.6.1.4.1.4203.1.1.1
-	SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
-
-attributetype ( 1.3.6.1.4.1.4203.1.3.2
-	NAME 'children'
-	DESC 'OpenLDAP ACL children pseudo-attribute'
-	SYNTAX 1.3.6.1.4.1.4203.1.1.1
-	SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
-
-# OpenLDAP Access Control Information
-#	Experimental
-attributetype ( 1.3.6.1.4.1.4203.666.1.5
-	NAME 'OpenLDAPaci'
-	DESC 'OpenLDAP access control information (experimental)'
-	EQUALITY OpenLDAPaciMatch
-	SYNTAX 1.3.6.1.4.1.4203.666.2.1
-	USAGE directoryOperation )