--- /dev/null
+
+# Standard schema from RFC2251-RFC2256
+
+# Standard X.501(93) Operational Attribute Types from RFC2252
+
+attribute ( 2.5.18.1 NAME 'createTimestamp' EQUALITY generalizedTimeMatch
+ ORDERING generalizedTimeOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+ SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
+
+attribute ( 2.5.18.2 NAME 'modifyTimestamp' EQUALITY generalizedTimeMatch
+ ORDERING generalizedTimeOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+ SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
+
+attribute ( 2.5.18.3 NAME 'creatorsName' EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+ SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
+
+attribute ( 2.5.18.4 NAME 'modifiersName' EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+ SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
+
+attribute ( 2.5.18.10 NAME 'subschemaSubentry'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICATION
+ SINGLE-VALUE USAGE directoryOperation )
+
+attribute ( 2.5.21.5 NAME 'attributeTypes'
+ EQUALITY objectIdentifierFirstComponentMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.3 USAGE directoryOperation )
+
+attribute ( 2.5.21.6 NAME 'objectClasses'
+ EQUALITY objectIdentifierFirstComponentMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.37 USAGE directoryOperation )
+
+attribute ( 2.5.21.4 NAME 'matchingRules'
+ EQUALITY objectIdentifierFirstComponentMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.30 USAGE directoryOperation )
+
+attribute ( 2.5.21.8 NAME 'matchingRuleUse'
+ EQUALITY objectIdentifierFirstComponentMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.31 USAGE directoryOperation )
+
+# LDAP Operational Attributes from RFC2252
+
+attribute ( 1.3.6.1.4.1.1466.101.120.5 NAME 'namingContexts'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 USAGE dSAOperation )
+
+attribute ( 1.3.6.1.4.1.1466.101.120.6 NAME 'altServer'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE dSAOperation )
+
+attribute ( 1.3.6.1.4.1.1466.101.120.7 NAME 'supportedExtension'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation )
+
+attribute ( 1.3.6.1.4.1.1466.101.120.13 NAME 'supportedControl'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation )
+
+attribute ( 1.3.6.1.4.1.1466.101.120.14 NAME 'supportedSASLMechanisms'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE dSAOperation )
+
+attribute ( 1.3.6.1.4.1.1466.101.120.15 NAME 'supportedLDAPVersion'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 USAGE dSAOperation )
+
+# LDAP Subschema Atrribute from RFC2252
+
+attribute ( 1.3.6.1.4.1.1466.101.120.16 NAME 'ldapSyntaxes'
+ EQUALITY objectIdentifierFirstComponentMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.54 USAGE directoryOperation )
+
+# X.500 Subschema attributes from RFC2252
+
+attribute ( 2.5.21.1 NAME 'dITStructureRules' EQUALITY integerFirstComponentMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.17 USAGE directoryOperation )
+
+attribute ( 2.5.21.7 NAME 'nameForms'
+ EQUALITY objectIdentifierFirstComponentMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.35 USAGE directoryOperation )
+
+attribute ( 2.5.21.2 NAME 'dITContentRules'
+ EQUALITY objectIdentifierFirstComponentMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.16 USAGE directoryOperation )
+
+# Object Classes from RFC2252
+
+objectclass ( 1.3.6.1.4.1.1466.101.120.111 NAME 'extensibleObject'
+ SUP top AUXILIARY )
+
+# ldapSyntaxes (operational) is admissible in next:
+
+objectclass ( 2.5.20.1 NAME 'subschema' AUXILIARY
+ MAY ( dITStructureRules $ nameForms $ ditContentRules $
+ objectClasses $ attributeTypes $ matchingRules $
+ matchingRuleUse ) )
+
+# Standard attribute types from RFC2256
+
+attribute ( 2.5.4.0 NAME 'objectClass' EQUALITY objectIdentifierMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
+
+attribute ( 2.5.4.1 NAME 'aliasedObjectName' EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
+
+# Defined, but no longer used
+
+attribute ( 2.5.4.2 NAME 'knowledgeInformation' EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+
+attribute ( 2.5.4.3 NAME ( 'cn' 'commonName' ) SUP name )
+
+attribute ( 2.5.4.4 NAME ( 'sn' 'surname' ) SUP name )
+
+attribute ( 2.5.4.5 NAME 'serialNumber' EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} )
+
+# (2-letter code from ISO 3166)
+
+attribute ( 2.5.4.6 NAME ( 'c' 'countryName' ) SUP name SINGLE-VALUE )
+
+attribute ( 2.5.4.7 NAME ( 'l' 'localityName' ) SUP name )
+
+attribute ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' ) SUP name )
+
+attribute ( 2.5.4.9 NAME ( 'street' 'streetAddress' ) EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+
+attribute ( 2.5.4.10 NAME ( 'o' 'organizationName' ) SUP name )
+
+attribute ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' ) SUP name )
+
+attribute ( 2.5.4.12 NAME 'title' SUP name )
+
+attribute ( 2.5.4.13 NAME 'description' EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
+
+# Obsoleted by enhancedSearchGuide
+
+attribute ( 2.5.4.14 NAME 'searchGuide'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 )
+
+attribute ( 2.5.4.15 NAME 'businessCategory' EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+
+attribute ( 2.5.4.16 NAME 'postalAddress' EQUALITY caseIgnoreListMatch
+ SUBSTR caseIgnoreListSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+
+attribute ( 2.5.4.17 NAME 'postalCode' EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
+
+attribute ( 2.5.4.18 NAME 'postOfficeBox' EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
+
+attribute ( 2.5.4.19 NAME 'physicalDeliveryOfficeName' EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+
+attribute ( 2.5.4.20 NAME 'telephoneNumber' EQUALITY telephoneNumberMatch
+ SUBSTR telephoneNumberSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} )
+
+attribute ( 2.5.4.21 NAME 'telexNumber'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 )
+
+attribute ( 2.5.4.22 NAME 'teletexTerminalIdentifier'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 )
+
+attribute ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' )
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 )
+
+attribute ( 2.5.4.24 NAME 'x121Address' EQUALITY numericStringMatch
+ SUBSTR numericStringSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} )
+
+attribute ( 2.5.4.25 NAME 'internationaliSDNNumber' EQUALITY numericStringMatch
+ SUBSTR numericStringSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} )
+
+attribute ( 2.5.4.26 NAME 'registeredAddress' SUP postalAddress
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+
+attribute ( 2.5.4.27 NAME 'destinationIndicator' EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} )
+
+attribute ( 2.5.4.28 NAME 'preferredDeliveryMethod'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.14
+ SINGLE-VALUE )
+
+attribute ( 2.5.4.29 NAME 'presentationAddress'
+ EQUALITY presentationAddressMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.43
+ SINGLE-VALUE )
+
+attribute ( 2.5.4.30 NAME 'supportedApplicationContext'
+ EQUALITY objectIdentifierMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
+
+# SUP comes later
+
+attribute ( 2.5.4.31 NAME 'member' SUP distinguishedName )
+
+attribute ( 2.5.4.32 NAME 'owner' SUP distinguishedName )
+
+attribute ( 2.5.4.33 NAME 'roleOccupant' SUP distinguishedName )
+
+attribute ( 2.5.4.34 NAME 'seeAlso' SUP distinguishedName )
+
+attribute ( 2.5.4.35 NAME 'userPassword' EQUALITY octetStringMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
+
+# Must be stored and requested in the binary form, as
+# userCertificate;binary
+
+attribute ( 2.5.4.36 NAME 'userCertificate'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
+
+# As above
+
+attribute ( 2.5.4.37 NAME 'cACertificate'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
+
+# As above
+
+attribute ( 2.5.4.38 NAME 'authorityRevocationList'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+
+# As above
+
+attribute ( 2.5.4.39 NAME 'certificateRevocationList'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+
+# As above
+
+attribute ( 2.5.4.40 NAME 'crossCertificatePair'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 )
+
+# Out of order!!!
+
+attribute ( 2.5.4.41 NAME 'name' EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+
+attribute ( 2.5.4.42 NAME 'givenName' SUP name )
+
+attribute ( 2.5.4.43 NAME 'initials' SUP name )
+
+attribute ( 2.5.4.45 NAME 'x500UniqueIdentifier' EQUALITY bitStringMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )
+
+attribute ( 2.5.4.46 NAME 'dnQualifier' EQUALITY caseIgnoreMatch
+ ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
+
+attribute ( 2.5.4.47 NAME 'enhancedSearchGuide'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 )
+
+attribute ( 2.5.4.48 NAME 'protocolInformation'
+ EQUALITY protocolInformationMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 )
+
+# Out of order!!!
+# We had a dn definition in slapd.at.conf and Netscape lists both
+# names for that OID
+
+attribute ( 2.5.4.49 NAME ( 'distinguishedName' 'dn' ) EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attribute ( 2.5.4.50 NAME 'uniqueMember' EQUALITY uniqueMemberMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 )
+
+attribute ( 2.5.4.51 NAME 'houseIdentifier' EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+
+# This attribute is to be stored and requested in the binary form, as
+# 'supportedAlgorithms;binary'.
+
+attribute ( 2.5.4.52 NAME 'supportedAlgorithms'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 )
+
+# This attribute is to be stored and requested in the binary form, as
+# 'deltaRevocationList;binary'.
+
+attribute ( 2.5.4.53 NAME 'deltaRevocationList'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+
+attribute ( 2.5.4.54 NAME 'dmdName' SUP name )
+
+# Standard object classes from RFC2256
+
+objectclass ( 2.5.6.0 NAME 'top' ABSTRACT MUST objectClass )
+
+objectclass ( 2.5.6.1 NAME 'alias' SUP top STRUCTURAL MUST aliasedObjectName )
+
+objectclass ( 2.5.6.2 NAME 'country' SUP top STRUCTURAL MUST c
+ MAY ( searchGuide $ description ) )
+
+objectclass ( 2.5.6.3 NAME 'locality' SUP top STRUCTURAL
+ MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) )
+
+objectclass ( 2.5.6.4 NAME 'organization' SUP top STRUCTURAL MUST o
+ MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $
+ street $ postOfficeBox $ postalCode $ postalAddress $
+ physicalDeliveryOfficeName $ st $ l $ description ) )
+
+objectclass ( 2.5.6.5 NAME 'organizationalUnit' SUP top STRUCTURAL MUST ou
+ MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $
+ street $ postOfficeBox $ postalCode $ postalAddress $
+ physicalDeliveryOfficeName $ st $ l $ description ) )
+
+objectclass ( 2.5.6.6 NAME 'person' SUP top STRUCTURAL MUST ( sn $ cn )
+ MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) )
+
+objectclass ( 2.5.6.7 NAME 'organizationalPerson' SUP person STRUCTURAL
+ MAY ( title $ x121Address $ registeredAddress $
+ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $
+ street $ postOfficeBox $ postalCode $ postalAddress $
+ physicalDeliveryOfficeName $ ou $ st $ l ) )
+
+# Notice that preferredDeliveryMethod is duplicate
+
+objectclass ( 2.5.6.8 NAME 'organizationalRole' SUP top STRUCTURAL MUST cn
+ MAY ( x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $
+ seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $
+ postOfficeBox $ postalCode $ postalAddress $
+ physicalDeliveryOfficeName $ ou $ st $ l $ description ) )
+
+objectclass ( 2.5.6.9 NAME 'groupOfNames' SUP top STRUCTURAL MUST ( member $ cn )
+ MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
+
+# Notice that preferredDeliveryMethod is duplicate
+# It seems they could not agree on wheter telephoneNumber is MAY
+# in person. Probably it wasn't originally at was added as an
+# afterthought
+
+objectclass ( 2.5.6.10 NAME 'residentialPerson' SUP person STRUCTURAL MUST l
+ MAY ( businessCategory $ x121Address $ registeredAddress $
+ destinationIndicator $ preferredDeliveryMethod $ telexNumber $
+ teletexTerminalIdentifier $ telephoneNumber $
+ internationaliSDNNumber $
+ facsimileTelephoneNumber $ preferredDeliveryMethod $ street $
+ postOfficeBox $ postalCode $ postalAddress $
+ physicalDeliveryOfficeName $ st $ l ) )
+
+objectclass ( 2.5.6.11 NAME 'applicationProcess' SUP top STRUCTURAL MUST cn
+ MAY ( seeAlso $ ou $ l $ description ) )
+
+objectclass ( 2.5.6.12 NAME 'applicationEntity' SUP top STRUCTURAL
+ MUST ( presentationAddress $ cn )
+ MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $
+ description ) )
+
+# This one was wrong in our schema, it only allowed the aditional
+# knowledgeInformation attribute, while it is derived from
+# applicationEntity and should allow all its attributes as well.
+
+objectclass ( 2.5.6.13 NAME 'dSA' SUP applicationEntity STRUCTURAL
+ MAY knowledgeInformation )
+
+objectclass ( 2.5.6.14 NAME 'device' SUP top STRUCTURAL MUST cn
+ MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) )
+
+objectclass ( 2.5.6.15 NAME 'strongAuthenticationUser' SUP top AUXILIARY
+ MUST userCertificate )
+
+objectclass ( 2.5.6.16 NAME 'certificationAuthority' SUP top AUXILIARY
+ MUST ( authorityRevocationList $ certificateRevocationList $
+ cACertificate ) MAY crossCertificatePair )
+
+# New
+
+objectclass ( 2.5.6.17 NAME 'groupOfUniqueNames' SUP top STRUCTURAL
+ MUST ( uniqueMember $ cn )
+ MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
+
+# New
+
+objectclass ( 2.5.6.18 NAME 'userSecurityInformation' SUP top AUXILIARY
+ MAY ( supportedAlgorithms ) )
+
+# New
+
+objectclass ( 2.5.6.16.2 NAME 'certificationAuthority-V2' SUP
+ certificationAuthority
+ AUXILIARY MAY ( deltaRevocationList ) )
+
+# New
+
+objectclass ( 2.5.6.19 NAME 'cRLDistributionPoint' SUP top STRUCTURAL
+ MUST ( cn ) MAY ( certificateRevocationList $
+ authorityRevocationList $
+ deltaRevocationList ) )
+
+# New
+
+objectclass ( 2.5.6.20 NAME 'dmd' SUP top STRUCTURAL MUST ( dmdName )
+ MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $
+ street $ postOfficeBox $ postalCode $ postalAddress $
+ physicalDeliveryOfficeName $ st $ l $ description ) )
+
--- /dev/null
+
+# These come from RFC1274 and are in ASN.1 syntax. They have been
+# translated with some imagination. Only attributes and classes we
+# already had are here. In general, the matching rules in the
+# attribute types are incomplete or incorrect and have to be checked.
+
+# Note: It seems that the pilot schema evolved beyond what was
+# described in RFC1274. It also seems that Umich followed the changes
+# but we don't know where are documented. More worrisome is that it
+# seems that Netscape does not know either. Searches on Altavista
+# have not shed any light, so we will have to ask for help.
+
+# This file uses definitions from slapd.std.schema
+
+# ccitt.data.pss.ucl.pilot ( 0.9.2342.19200300.100 )
+# 1 pilotAttributeType
+# 3 pilotAttributeSyntax
+# 4 pilotObjectClass
+# 10 pilotGroups
+
+# Believe it or not, this is case-insensitive
+
+attribute ( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' )
+ EQUALITY caseIgnoreMatch
+ SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+
+attribute ( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress'
+ EQUALITY caseIgnoreMatch
+ SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+
+attribute ( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822Mailbox' )
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+
+attribute ( 0.9.2342.19200300.100.1.4 NAME 'info' EQUALITY caseIgnoreMatch
+ SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+
+attribute ( 0.9.2342.19200300.100.1.5 NAME ( 'drink' 'favouriteDrink' )
+ EQUALITY caseIgnoreMatch
+ SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+
+attribute ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber'
+ EQUALITY caseIgnoreMatch
+ SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+
+attribute ( 0.9.2342.19200300.100.1.7 NAME 'photo'
+ SYNTAX '1.3.6.1.4.1.1466.115.121.1.5' )
+
+attribute ( 0.9.2342.19200300.100.1.8 NAME 'userClass'
+ EQUALITY caseIgnoreMatch
+ SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+
+attribute ( 0.9.2342.19200300.100.1.9 NAME 'host'
+ EQUALITY caseIgnoreMatch
+ SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+
+attribute ( 0.9.2342.19200300.100.1.10 NAME 'manager'
+ EQUALITY distinguishedNameMatch
+ SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )
+
+attribute ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier'
+ EQUALITY caseIgnoreMatch
+ SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+
+attribute ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle'
+ EQUALITY caseIgnoreMatch
+ SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+
+attributes ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion'
+ EQUALITY caseIgnoreMatch
+ SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+
+attributes ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor'
+ EQUALITY distinguishedNameMatch
+ SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )
+
+attributes ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation'
+ EQUALITY caseIgnoreMatch
+ SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+
+attribute ( 0.9.2342.19200300.100.1.20 NAME ( 'homeTelephoneNumber' 'homePhone' )
+ EQUALITY telephoneNumberMatch
+ SUBSTR telephoneNumberSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
+
+attribute ( 0.9.2342.19200300.100.1.21 NAME 'secretary'
+ EQUALITY distinguishedNameMatch
+ SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )
+
+# Netscape defines this with syntax 1.15 TBC
+
+attribute ( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox'
+ SYNTAX '1.3.6.1.4.1.1466.115.121.1.39' )
+
+# Netscape defines this with syntax 1.15 TBC
+
+attribute ( 0.9.2342.19200300.100.1.23 NAME 'lastModifiedTime'
+ EQUALITY ??
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.53 )
+
+attribute ( 0.9.2342.19200300.100.1.24 NAME 'lastModifiedBy'
+ EQUALITY distinguishedNameMatch
+ SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )
+
+# This is the definition as defined in RFC2247
+
+attribute ( 0.9.2342.19200300.100.1.25 NAME 'dc'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+# This is aRecord in RFC1274. However, objectclass dNSDomain as we
+# and Netscape use it is very different.
+
+attribute ( 0.9.2342.19200300.100.1.26 NAME 'dNSRecord'
+ SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+
+# 0.9.2342.19200300.100.1.27 was probably intended to be mDRecord in
+# RFC1274, but they got it wrong and did not define it, thought it
+# is referenced by dNSDomain in it.
+
+# 0.9.2342.19200300.100.1.28 was mXRecord in RFC1274
+# 0.9.2342.19200300.100.1.29 was nSRecord in RFC1274
+# 0.9.2342.19200300.100.1.30 was sOARecord in RFC1274
+# 0.9.2342.19200300.100.1.31 was cNAMERecord in RFC1274
+
+attribute ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+
+attribute ( 0.9.2342.19200300.100.1.38 NAME 'associatedName' DESC
+ EQUALITY distinguishedNameMatch
+ SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )
+
+# Netscape gives syntax 1.15 to this. TBC
+
+attribute ( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress'
+ EQUALITY ??
+ SYNTAX '1.3.6.1.4.1.1466.115.121.1.41' )
+
+attribute ( 0.9.2342.19200300.100.1.40 NAME 'personalTitle'
+ EQUALITY caseIgnoreMatch
+ SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+
+attribute ( 0.9.2342.19200300.100.1.41 NAME ( 'mobileTelephoneNumber' 'mobile' )
+ EQUALITY telephoneNumberMatch
+ SUBSTR telephoneNumberSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
+
+attribute ( 0.9.2342.19200300.100.1.42 NAME ( 'pagerTelephoneNumber' 'pager' )
+ EQUALITY telephoneNumberMatch
+ SUBSTR telephoneNumberSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
+
+attribute ( 0.9.2342.19200300.100.1.43 NAME ( 'co' 'friendlyCountryName' )
+ EQUALITY caseIgnoreMatch
+ SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+
+attribute ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier'
+ EQUALITY caseIgnoreMatch
+ SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+
+attribute ( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus'
+ EQUALITY caseIgnoreMatch
+ SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+
+attribute ( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+
+# Netscape gives syntax 1.27 (integer). However, 1.32 is only listed
+# in RFC2252 without explanation. The SINGLE-VALUE thing comes from
+# Netscape and is not backed by RFC1274.
+
+attribute ( 0.9.2342.19200300.100.1.47 NAME 'mailPreferenceOption'
+ SYNTAX '1.3.6.1.4.1.1466.115.121.1.32' SINGLE-VALUE )
+
+# 0.9.2342.19200300.100.1.48 was buildingName in RFC1274
+# 0.9.2342.19200300.100.1.49 was dSAQuality in RFC1274
+# 0.9.2342.19200300.100.1.50 was singleLevelQuality in RFC1274
+# 0.9.2342.19200300.100.1.51 was subtreeMinimumQuality in RFC1274
+# 0.9.2342.19200300.100.1.52 was subtreeMaximumQuality in RFC1274
+
+# Netscape assigns binary syntax to this. RFC1274 is more detailed
+# about this but RFC2252 does not seem to list a specific syntax.
+# We had this as 'bin'
+
+attribute ( 0.9.2342.19200300.100.1.53 NAME 'personalSignature'
+ SYNTAX '1.3.6.1.4.1.1466.115.121.1.5' )
+
+attribute ( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect'
+ EQUALITY distinguishedNameMatch
+ SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )
+
+# Netscape gives syntax 1.5 to this. We had it as 'bin'.
+
+attribute ( 0.9.2342.19200300.100.1.55 NAME 'audio'
+ SYNTAX '1.3.6.1.4.1.1466.115.121.1.4' )
+
+attribute ( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher'
+ EQUALITY caseIgnoreMatch
+ SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+
+# This one is ripped from Netscape and is a pilot object. It is not
+# in RFC1274, but we had it as 'bin'.
+
+attribute ( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto'
+ SYNTAX '1.3.6.1.4.1.1466.115.121.1.5' )
+
+# These attributes are pilot-related attributes that we had and Netscape
+# has too, however, the OID is unknown for them and Netscape uses a
+# string in place of the missing OID. We will do the same until we
+# can make head or tails of this.
+
+attribute ( abstract-oid NAME 'abstract'
+ SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+
+attribute ( authorcn-oid NAME ( 'documentAuthorCommonName' 'authorCn' )
+ SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+
+attribute ( authorsn-oid NAME ( 'documentAuthorSurname' 'authorSn' )
+ SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+
+attribute ( documentStore-oid NAME 'documentStore'
+ SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+
+attribute ( keyWords-oid NAME 'keyWords'
+ SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+
+attribute ( obsoletedByDocument-oid NAME 'obsoletedByDocument'
+ SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )
+
+attributes ( obsoletesDocument-oid NAME 'obsoletesDocument'
+ SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )
+
+attributes ( subject-oid NAME 'subject'
+ SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+
+attributes ( updatedByDocument-oid NAME 'updatedByDocument'
+ SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )
+
+attributes ( updatesDocument-oid NAME 'updatesDocument'
+ SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )
+
+# In classes, STRUCTURAL or AUXILIARY is chosen depending on the
+# textual description that accompanies the class in RFC1274
+
+# This is pilotObject from the RFC. However, we had both photo
+# and jpegPhoto attributes. Nestcape does too.
+
+objectclass ( 0.9.2342.19200300.100.4.3 NAME 'pilotObject' SUP top
+ AUXILIARY MAY ( info $ photo $ manager $ uniqueIdentifier $
+ lastModifiedTime $ lastModifiedBy $ dITRedirect $ audio $
+ jpegPhoto ) )
+
+# This is probably wrong. RFC1274 defines a pilotPerson. We did not
+# have it and we did have a newPilotPerson instead. However, the
+# definition is the same. Maybe it changed and was not reflected
+# in the RFC.
+
+objectclass ( 0.9.2342.19200300.100.4.4 NAME 'newPilotPerson' SUP person
+ STRUCTURAL MAY ( uid $ textEncodedORAddress $ mail $ drink $
+ roomNumber $ userClass $ homePhone $ homePostalAddress $
+ secretary $ personalTitle $ preferredDeliveryMethod $
+ businessCategory $ janetMailbox $ otherMailbox $ mobile $
+ pager $ organizationalStatus $ mailPreferenceOption $
+ personalSignature ) )
+
+# The text is unclear about whether it is STRUCTURAL or AUXILIARY
+# I think it was meant to be STRUCTURAL, it is the least restrictive
+# of the options and RFC2377 explains uidObject as an auxiliary.
+
+objectclass ( 0.9.2342.19200300.100.4.5 NAME 'account' SUP top
+ STRUCTURAL MUST uid MAY ( description $ seeAlso $ l $ o $ ou $
+ host ) )
+
+# Netscape says this is derived from pilotObject, but RFC1274 says top.
+# Which is it? Our attribute list matches that of Netscape, so we will
+# go with Netscape for the time being.
+
+# Besides, this objectclass is a mess. I can only presume that
+# originally documentAuthor, but later someone noticed that not all
+# authors had DN's, so authorCN and authorSN were added. Other
+# attributes were added as well. However, either no one remembered to
+# assign OIDs to these attribute types or their assignments have been
+# lost. See their definitions above for the Netscape kludge that we
+# have adopted. FIX NEEDED.
+
+objectclass ( 0.9.2342.19200300.100.4.6 NAME 'document' SUP pilotObject
+ MUST documentIdentifier MAY ( cn $ description $ seeAlso $ l $
+ o $ ou $ documentTitle $ documentVersion $ documentAuthor $
+ documentLocation $ documentPublisher $
+ abstract $ authorCN $ authorSN $ documentStore $ keywords $
+ obsoletedByDocument $ obsoletesDocument $ subject $
+ updatedByDocument $ updatesDocument ) )
+
+objectclass ( 0.9.2342.19200300.100.4.7 NAME 'room' SUP top STRUCTURAL
+ MUST cn MAY ( roomNumber $ description $ seeAlso $ telephoneNumber ) )
+
+objectclass ( 0.9.2342.19200300.100.4.9 NAME 'documentSeries' SUP top
+ STRUCTURAL MUST cn MAY ( description $ seeAlso $ telephonenumber $
+ l $ o $ ou ) )
+
+# This definition is much longer than that in RFC1274 and is taken from RFC2247
+
+objectclass ( 0.9.2342.19200300.100.4.13 NAME 'domain' SUP top STRUCTURAL
+ MUST dc
+ MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
+ street $ postOfficeBox $ postalCode $ postalAddress $
+ physicalDeliveryOfficeName $ st $ l $ description $ o $
+ associatedName ) )
+
+# This class has in RFC1274 two attributes postalAttributeSet and
+# telecomunicationAttributeSet that we did not have. We let them out
+# for now. Netscape does not have them either.
+
+objectclass ( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart' SUP domain
+ MAY ( cn $ sn $ description $ seeAlso $ telephonenumber ) )
+
+# Another wonderful inconsistency. This objectclass has little
+# relationship to the way it was defined in RFC1274, that was derived
+# from domain, adding ARecord, MDRecord, MXRecord, NSRecord, SOARecord
+# and CNAMERecord attribute types of syntax DNSRecordSyntax. On the
+# other hand, we had dNSRecord and Netscape has it too. The OID for
+# dNSRecord is the one used in RFC1274 for ARecord. Netscape also has
+# a manager attribute type here that we did not. It seems a mistake
+# and we do not include it.
+
+objectclass ( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain' SUP 'domain'
+ MAY dnsrecord )
+
+objectclass ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject'
+ SUP 'top' MUST associatedDomain )
+
+# Well, first notice we (and Netscape) were using co as short for
+# friendlyCountryName
+
+objectclass ( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry' SUP country
+ MUST co )
+
+objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
+ SUP top MUST userPassword )
+
+# Nice test case of class with two superiors. Netscape does not give
+# OID for this objectclass and gives top as its superior. We use the
+# OID given in RFC1274
+
+objectclass ( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization'
+ SUP ( organization $ organizationalUnit ) MAY buildingName )
+
+
+
+
projects / openldap / commitdiff