From: Howard Chu Date: Tue, 1 Nov 2011 19:48:26 +0000 (-0700) Subject: ITS#7063 add auto-converted LDIFs for missing schema X-Git-Tag: OPENLDAP_REL_ENG_2_4_27~212 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=0ff93e055b84e8d601e9e73b1189b4a81a741887;p=openldap ITS#7063 add auto-converted LDIFs for missing schema --- diff --git a/servers/slapd/schema/collective.ldif b/servers/slapd/schema/collective.ldif new file mode 100644 index 0000000000..683507510e --- /dev/null +++ b/servers/slapd/schema/collective.ldif @@ -0,0 +1,48 @@ +# collective.ldif -- Collective attribute schema +# $OpenLDAP$ +## This work is part of OpenLDAP Software . +## +## Copyright 1998-2011 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## . +# +## Portions Copyright (C) The Internet Society (2003). +## Please see full copyright statement below. +# +# From RFC 3671 [portions trimmed]: +# Collective Attributes in LDAP +# +# This file was automatically generated from collective.schema; see that file +# for complete references. +# +dn: cn=collective,cn=schema,cn=config +objectClass: olcSchemaConfig +cn: collective +olcAttributeTypes: {0}( 2.5.4.7.1 NAME 'c-l' SUP l COLLECTIVE ) +olcAttributeTypes: {1}( 2.5.4.8.1 NAME 'c-st' SUP st COLLECTIVE ) +olcAttributeTypes: {2}( 2.5.4.9.1 NAME 'c-street' SUP street COLLECTIVE ) +olcAttributeTypes: {3}( 2.5.4.10.1 NAME 'c-o' SUP o COLLECTIVE ) +olcAttributeTypes: {4}( 2.5.4.11.1 NAME 'c-ou' SUP ou COLLECTIVE ) +olcAttributeTypes: {5}( 2.5.4.16.1 NAME 'c-PostalAddress' SUP postalAddress CO + LLECTIVE ) +olcAttributeTypes: {6}( 2.5.4.17.1 NAME 'c-PostalCode' SUP postalCode COLLECTI + VE ) +olcAttributeTypes: {7}( 2.5.4.18.1 NAME 'c-PostOfficeBox' SUP postOfficeBox CO + LLECTIVE ) +olcAttributeTypes: {8}( 2.5.4.19.1 NAME 'c-PhysicalDeliveryOfficeName' SUP phy + sicalDeliveryOfficeName COLLECTIVE ) +olcAttributeTypes: {9}( 2.5.4.20.1 NAME 'c-TelephoneNumber' SUP telephoneNumbe + r COLLECTIVE ) +olcAttributeTypes: {10}( 2.5.4.21.1 NAME 'c-TelexNumber' SUP telexNumber COLLE + CTIVE ) +olcAttributeTypes: {11}( 2.5.4.23.1 NAME 'c-FacsimileTelephoneNumber' SUP facs + imileTelephoneNumber COLLECTIVE ) +olcAttributeTypes: {12}( 2.5.4.25.1 NAME 'c-InternationalISDNNumber' SUP inter + nationalISDNNumber COLLECTIVE ) diff --git a/servers/slapd/schema/corba.ldif b/servers/slapd/schema/corba.ldif new file mode 100644 index 0000000000..1e425d21a9 --- /dev/null +++ b/servers/slapd/schema/corba.ldif @@ -0,0 +1,42 @@ +# corba.ldif -- Corba Object Schema +# depends upon core.ldif +# $OpenLDAP$ +## This work is part of OpenLDAP Software . +## +## Copyright 1998-2011 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## . +# +## Portions Copyright (C) The Internet Society (1999). +## Please see full copyright statement below. +# +# From RFC 2714 [portions trimmed]: +# Schema for Representing CORBA Object References in an LDAP Directory +# +# This file was automatically generated from corba.schema; see that file +# for complete references. +# +dn: cn=corba,cn=schema,cn=config +objectClass: olcSchemaConfig +cn: corba +olcAttributeTypes: {0}( 1.3.6.1.4.1.42.2.27.4.1.14 NAME 'corbaIor' DESC 'Strin + gified interoperable object reference of a CORBA object' EQUALITY caseIgnoreI + A5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {1}( 1.3.6.1.4.1.42.2.27.4.1.15 NAME 'corbaRepositoryId' DE + SC 'Repository ids of interfaces implemented by a CORBA object' EQUALITY case + ExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +olcObjectClasses: {0}( 1.3.6.1.4.1.42.2.27.4.2.10 NAME 'corbaContainer' DESC ' + Container for a CORBA object' SUP top STRUCTURAL MUST cn ) +olcObjectClasses: {1}( 1.3.6.1.4.1.42.2.27.4.2.9 NAME 'corbaObject' DESC 'CORB + A object representation' SUP top ABSTRACT MAY ( corbaRepositoryId $ descripti + on ) ) +olcObjectClasses: {2}( 1.3.6.1.4.1.42.2.27.4.2.11 NAME 'corbaObjectReference' + DESC 'CORBA interoperable object reference' SUP corbaObject AUXILIARY MUST co + rbaIor ) diff --git a/servers/slapd/schema/duaconf.ldif b/servers/slapd/schema/duaconf.ldif new file mode 100644 index 0000000000..ef0141d3d7 --- /dev/null +++ b/servers/slapd/schema/duaconf.ldif @@ -0,0 +1,83 @@ +# $OpenLDAP$ +## This work is part of OpenLDAP Software . +## +## Copyright 1998-2011 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## . +# +# DUA schema from draft-joslin-config-schema (a work in progress) +# +# This file was automatically generated from duaconf.schema; see that file +# for complete references. +# +dn: cn=duaconf,cn=schema,cn=config +objectClass: olcSchemaConfig +cn: duaconf +olcObjectIdentifier: {0}DUAConfSchemaOID 1.3.6.1.4.1.11.1.3.1 +olcAttributeTypes: {0}( DUAConfSchemaOID:1.0 NAME 'defaultServerList' DESC 'De + fault LDAP server host address used by a DUA' EQUALITY caseIgnoreMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +olcAttributeTypes: {1}( DUAConfSchemaOID:1.1 NAME 'defaultSearchBase' DESC 'De + fault LDAP base DN used by a DUA' EQUALITY distinguishedNameMatch SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) +olcAttributeTypes: {2}( DUAConfSchemaOID:1.2 NAME 'preferredServerList' DESC ' + Preferred LDAP server host addresses to be used by a DUA' EQUALITY + caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +olcAttributeTypes: {3}( DUAConfSchemaOID:1.3 NAME 'searchTimeLimit' DESC 'Maxi + mum time in seconds a DUA should allow for a search to complete' E + QUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {4}( DUAConfSchemaOID:1.4 NAME 'bindTimeLimit' DESC 'Maximu + m time in seconds a DUA should allow for the bind operation to com + plete' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALU + E ) +olcAttributeTypes: {5}( DUAConfSchemaOID:1.5 NAME 'followReferrals' DESC 'Tell + s DUA if it should follow referrals returned by a DSA search resul + t' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +olcAttributeTypes: {6}( DUAConfSchemaOID:1.16 NAME 'dereferenceAliases' DESC ' + Tells DUA if it should dereference aliases' EQUALITY booleanMatch SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +olcAttributeTypes: {7}( DUAConfSchemaOID:1.6 NAME 'authenticationMethod' DESC + 'A keystring which identifies the type of authentication method us + ed to contact the DSA' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.15 SINGLE-VALUE ) +olcAttributeTypes: {8}( DUAConfSchemaOID:1.7 NAME 'profileTTL' DESC 'Time to l + ive, in seconds, before a client DUA should re-read this configura + tion profile' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SING + LE-VALUE ) +olcAttributeTypes: {9}( DUAConfSchemaOID:1.14 NAME 'serviceSearchDescriptor' D + ESC 'LDAP search descriptor list used by a DUA' EQUALITY caseExactMatch SYNTA + X 1.3.6.1.4.1.1466.115.121.1.15 ) +olcAttributeTypes: {10}( DUAConfSchemaOID:1.9 NAME 'attributeMap' DESC 'Attrib + ute mappings used by a DUA' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.14 + 66.115.121.1.26 ) +olcAttributeTypes: {11}( DUAConfSchemaOID:1.10 NAME 'credentialLevel' DESC 'Id + entifies type of credentials a DUA should use when binding to the + LDAP server' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE ) +olcAttributeTypes: {12}( DUAConfSchemaOID:1.11 NAME 'objectclassMap' DESC 'Obj + ectclass mappings used by a DUA' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4 + .1.1466.115.121.1.26 ) +olcAttributeTypes: {13}( DUAConfSchemaOID:1.12 NAME 'defaultSearchScope' DESC + 'Default search scope used by a DUA' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6 + .1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {14}( DUAConfSchemaOID:1.13 NAME 'serviceCredentialLevel' D + ESC 'Identifies type of credentials a DUA should use when binding + to the LDAP server for a specific service' EQUALITY caseIgnoreIA5M + atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {15}( DUAConfSchemaOID:1.15 NAME 'serviceAuthenticationMeth + od' DESC 'Authentication method used by a service of the DUA' EQUALITY caseIg + noreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +olcObjectClasses: {0}( DUAConfSchemaOID:2.5 NAME 'DUAConfigProfile' DESC 'Abst + raction of a base configuration for a DUA' SUP top STRUCTURAL MUST cn MAY ( d + efaultServerList $ preferredServerList $ defaultSearchBase $ defaultSearchSco + pe $ searchTimeLimit $ bindTimeLimit $ credentialLevel $ authenticationMethod + $ followReferrals $ dereferenceAliases $ serviceSearchDescriptor $ serviceCr + edentialLevel $ serviceAuthenticationMethod $ objectclassMap $ attributeMap $ + profileTTL ) ) diff --git a/servers/slapd/schema/java.ldif b/servers/slapd/schema/java.ldif new file mode 100644 index 0000000000..25ae87cf87 --- /dev/null +++ b/servers/slapd/schema/java.ldif @@ -0,0 +1,59 @@ +# java.ldif -- Java Object Schema +# $OpenLDAP$ +## This work is part of OpenLDAP Software . +## +## Copyright 1998-2011 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## . +# +# Java Object Schema (defined in RFC 2713) +# depends upon core.ldif +# +# This file was automatically generated from java.schema; see that file +# for complete references. +# +dn: cn=java,cn=schema,cn=config +objectClass: olcSchemaConfig +cn: java +olcAttributeTypes: {0}( 1.3.6.1.4.1.42.2.27.4.1.6 NAME 'javaClassName' DESC 'F + ully qualified name of distinguished Java class or interface' EQUALITY caseEx + actMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +olcAttributeTypes: {1}( 1.3.6.1.4.1.42.2.27.4.1.7 NAME 'javaCodebase' DESC 'UR + L(s) specifying the location of class definition' EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {2}( 1.3.6.1.4.1.42.2.27.4.1.13 NAME 'javaClassNames' DESC + 'Fully qualified Java class or interface name' EQUALITY caseExactMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15 ) +olcAttributeTypes: {3}( 1.3.6.1.4.1.42.2.27.4.1.8 NAME 'javaSerializedData' DE + SC 'Serialized form of a Java object' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SI + NGLE-VALUE ) +olcAttributeTypes: {4}( 1.3.6.1.4.1.42.2.27.4.1.10 NAME 'javaFactory' DESC 'Fu + lly qualified Java class name of a JNDI object factory' EQUALITY caseExactMat + ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +olcAttributeTypes: {5}( 1.3.6.1.4.1.42.2.27.4.1.11 NAME 'javaReferenceAddress' + DESC 'Addresses associated with a JNDI Reference' EQUALITY caseExactMatch SY + NTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +olcAttributeTypes: {6}( 1.3.6.1.4.1.42.2.27.4.1.12 NAME 'javaDoc' DESC 'The Ja + va documentation for the class' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.26 ) +olcObjectClasses: {0}( 1.3.6.1.4.1.42.2.27.4.2.1 NAME 'javaContainer' DESC 'Co + ntainer for a Java object' SUP top STRUCTURAL MUST cn ) +olcObjectClasses: {1}( 1.3.6.1.4.1.42.2.27.4.2.4 NAME 'javaObject' DESC 'Java + object representation' SUP top ABSTRACT MUST javaClassName MAY ( javaClassNam + es $ javaCodebase $ javaDoc $ description ) ) +olcObjectClasses: {2}( 1.3.6.1.4.1.42.2.27.4.2.5 NAME 'javaSerializedObject' D + ESC 'Java serialized object' SUP javaObject AUXILIARY MUST javaSerializedData + ) +olcObjectClasses: {3}( 1.3.6.1.4.1.42.2.27.4.2.8 NAME 'javaMarshalledObject' D + ESC 'Java marshalled object' SUP javaObject AUXILIARY MUST javaSerializedData + ) +olcObjectClasses: {4}( 1.3.6.1.4.1.42.2.27.4.2.7 NAME 'javaNamingReference' DE + SC 'JNDI reference' SUP javaObject AUXILIARY MAY ( javaReferenceAddress $ jav + aFactory ) ) diff --git a/servers/slapd/schema/misc.ldif b/servers/slapd/schema/misc.ldif new file mode 100644 index 0000000000..bf77e96194 --- /dev/null +++ b/servers/slapd/schema/misc.ldif @@ -0,0 +1,45 @@ +# misc.ldif -- assorted schema definitions +# $OpenLDAP$ +## This work is part of OpenLDAP Software . +## +## Copyright 1998-2011 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## . +# +# Assorted definitions from several sources, including +# ''works in progress''. Contents of this file are +# subject to change (including deletion) without notice. +# +# Not recommended for production use! +# Use with extreme caution! +# +# This file was automatically generated from misc.schema; see that file +# for complete references. +# +dn: cn=misc,cn=schema,cn=config +objectClass: olcSchemaConfig +cn: misc +olcAttributeTypes: {0}( 2.16.840.1.113730.3.1.13 NAME 'mailLocalAddress' DESC + 'RFC822 email address of this recipient' EQUALITY caseIgnoreIA5Match SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.26{256} ) +olcAttributeTypes: {1}( 2.16.840.1.113730.3.1.18 NAME 'mailHost' DESC 'FQDN of + the SMTP/MTA of this recipient' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4 + .1.1466.115.121.1.26{256} SINGLE-VALUE ) +olcAttributeTypes: {2}( 2.16.840.1.113730.3.1.47 NAME 'mailRoutingAddress' DES + C 'RFC822 routing address of this recipient' EQUALITY caseIgnoreIA5Match SYNT + AX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE ) +olcAttributeTypes: {3}( 1.3.6.1.4.1.42.2.27.2.1.15 NAME 'rfc822MailMember' DES + C 'rfc822 mail address of group member(s)' EQUALITY caseIgnoreIA5Match SYNTAX + 1.3.6.1.4.1.1466.115.121.1.26 ) +olcObjectClasses: {0}( 2.16.840.1.113730.3.2.147 NAME 'inetLocalMailRecipient' + DESC 'Internet local mail recipient' SUP top AUXILIARY MAY ( mailLocalAddres + s $ mailHost $ mailRoutingAddress ) ) +olcObjectClasses: {1}( 1.3.6.1.4.1.42.2.27.1.2.5 NAME 'nisMailAlias' DESC 'NIS + mail alias' SUP top STRUCTURAL MUST cn MAY rfc822MailMember ) diff --git a/servers/slapd/schema/pmi.ldif b/servers/slapd/schema/pmi.ldif new file mode 100644 index 0000000000..ebfe0900d2 --- /dev/null +++ b/servers/slapd/schema/pmi.ldif @@ -0,0 +1,123 @@ +# OpenLDAP X.509 PMI schema +# $OpenLDAP$ +## This work is part of OpenLDAP Software . +## +## Copyright 1998-2011 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## . +# +## Portions Copyright (C) The Internet Society (1997-2006). +## All Rights Reserved. +# +# Includes LDAPv3 schema items from: +# ITU X.509 (08/2005) +# +# This file was automatically generated from pmi.schema; see that file +# for complete references. +# +dn: cn=pmi,cn=schema,cn=config +objectClass: olcSchemaConfig +cn: pmi +olcObjectIdentifier: {0}id-oc-pmiUser 2.5.6.24 +olcObjectIdentifier: {1}id-oc-pmiAA 2.5.6.25 +olcObjectIdentifier: {2}id-oc-pmiSOA 2.5.6.26 +olcObjectIdentifier: {3}id-oc-attCertCRLDistributionPts 2.5.6.27 +olcObjectIdentifier: {4}id-oc-privilegePolicy 2.5.6.32 +olcObjectIdentifier: {5}id-oc-pmiDelegationPath 2.5.6.33 +olcObjectIdentifier: {6}id-oc-protectedPrivilegePolicy 2.5.6.34 +olcObjectIdentifier: {7}id-at-attributeCertificate 2.5.4.58 +olcObjectIdentifier: {8}id-at-attributeCertificateRevocationList 2.5.4.59 +olcObjectIdentifier: {9}id-at-aACertificate 2.5.4.61 +olcObjectIdentifier: {10}id-at-attributeDescriptorCertificate 2.5.4.62 +olcObjectIdentifier: {11}id-at-attributeAuthorityRevocationList 2.5.4.63 +olcObjectIdentifier: {12}id-at-privPolicy 2.5.4.71 +olcObjectIdentifier: {13}id-at-role 2.5.4.72 +olcObjectIdentifier: {14}id-at-delegationPath 2.5.4.73 +olcObjectIdentifier: {15}id-at-protPrivPolicy 2.5.4.74 +olcObjectIdentifier: {16}id-at-xMLPrivilegeInfo 2.5.4.75 +olcObjectIdentifier: {17}id-at-xMLPprotPrivPolicy 2.5.4.76 +olcObjectIdentifier: {18}id-mr 2.5.13 +olcObjectIdentifier: {19}id-mr-attributeCertificateMatch id-mr:42 +olcObjectIdentifier: {20}id-mr-attributeCertificateExactMatch id-mr:45 +olcObjectIdentifier: {21}id-mr-holderIssuerMatch id-mr:46 +olcObjectIdentifier: {22}id-mr-authAttIdMatch id-mr:53 +olcObjectIdentifier: {23}id-mr-roleSpecCertIdMatch id-mr:54 +olcObjectIdentifier: {24}id-mr-basicAttConstraintsMatch id-mr:55 +olcObjectIdentifier: {25}id-mr-delegatedNameConstraintsMatch id-mr:56 +olcObjectIdentifier: {26}id-mr-timeSpecMatch id-mr:57 +olcObjectIdentifier: {27}id-mr-attDescriptorMatch id-mr:58 +olcObjectIdentifier: {28}id-mr-acceptableCertPoliciesMatch id-mr:59 +olcObjectIdentifier: {29}id-mr-delegationPathMatch id-mr:61 +olcObjectIdentifier: {30}id-mr-sOAIdentifierMatch id-mr:66 +olcObjectIdentifier: {31}id-mr-indirectIssuerMatch id-mr:67 +olcObjectIdentifier: {32}AttributeCertificate 1.3.6.1.4.1.4203.666.11.10.2.1 +olcObjectIdentifier: {33}CertificateList 1.3.6.1.4.1.1466.115.121.1.9 +olcObjectIdentifier: {34}AttCertPath 1.3.6.1.4.1.4203.666.11.10.2.4 +olcObjectIdentifier: {35}PolicySyntax 1.3.6.1.4.1.4203.666.11.10.2.5 +olcObjectIdentifier: {36}RoleSyntax 1.3.6.1.4.1.4203.666.11.10.2.6 +olcLdapSyntaxes: {0}( 1.3.6.1.4.1.4203.666.11.10.2.4 DESC 'X.509 PMI attribute + cartificate path: SEQUENCE OF AttributeCertificate' X-SUBST '1.3.6.1.4.1.146 + 6.115.121.1.15' ) +olcLdapSyntaxes: {1}( 1.3.6.1.4.1.4203.666.11.10.2.5 DESC 'X.509 PMI policy sy + ntax' X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' ) +olcLdapSyntaxes: {2}( 1.3.6.1.4.1.4203.666.11.10.2.6 DESC 'X.509 PMI role synt + ax' X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' ) +olcAttributeTypes: {0}( id-at-role NAME 'role' DESC 'X.509 Role attribute, use + ;binary' SYNTAX RoleSyntax ) +olcAttributeTypes: {1}( id-at-xMLPrivilegeInfo NAME 'xmlPrivilegeInfo' DESC 'X + .509 XML privilege information attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 + 5 ) +olcAttributeTypes: {2}( id-at-attributeCertificate NAME 'attributeCertificateA + ttribute' DESC 'X.509 Attribute certificate attribute, use ;binary' EQUALITY + attributeCertificateExactMatch SYNTAX AttributeCertificate ) +olcAttributeTypes: {3}( id-at-aACertificate NAME 'aACertificate' DESC 'X.509 A + A certificate attribute, use ;binary' EQUALITY attributeCertificateExactMatch + SYNTAX AttributeCertificate ) +olcAttributeTypes: {4}( id-at-attributeDescriptorCertificate NAME 'attributeDe + scriptorCertificate' DESC 'X.509 Attribute descriptor certificate attribute, + use ;binary' EQUALITY attributeCertificateExactMatch SYNTAX AttributeCertific + ate ) +olcAttributeTypes: {5}( id-at-attributeCertificateRevocationList NAME 'attribu + teCertificateRevocationList' DESC 'X.509 Attribute certificate revocation lis + t attribute, use ;binary' SYNTAX CertificateList X-EQUALITY 'certificateListE + xactMatch, not implemented yet' ) +olcAttributeTypes: {6}( id-at-attributeAuthorityRevocationList NAME 'attribute + AuthorityRevocationList' DESC 'X.509 AA certificate revocation list attribute + , use ;binary' SYNTAX CertificateList X-EQUALITY 'certificateListExactMatch, + not implemented yet' ) +olcAttributeTypes: {7}( id-at-delegationPath NAME 'delegationPath' DESC 'X.509 + Delegation path attribute, use ;binary' SYNTAX AttCertPath ) +olcAttributeTypes: {8}( id-at-privPolicy NAME 'privPolicy' DESC 'X.509 Privile + ge policy attribute, use ;binary' SYNTAX PolicySyntax ) +olcAttributeTypes: {9}( id-at-protPrivPolicy NAME 'protPrivPolicy' DESC 'X.509 + Protected privilege policy attribute, use ;binary' EQUALITY attributeCertifi + cateExactMatch SYNTAX AttributeCertificate ) +olcAttributeTypes: {10}( id-at-xMLPprotPrivPolicy NAME 'xmlPrivPolicy' DESC 'X + .509 XML Protected privilege policy attribute' SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.15 ) +olcObjectClasses: {0}( id-oc-pmiUser NAME 'pmiUser' DESC 'X.509 PMI user objec + t class' SUP top AUXILIARY MAY attributeCertificateAttribute ) +olcObjectClasses: {1}( id-oc-pmiAA NAME 'pmiAA' DESC 'X.509 PMI AA object clas + s' SUP top AUXILIARY MAY ( aACertificate $ attributeCertificateRevocationList + $ attributeAuthorityRevocationList ) ) +olcObjectClasses: {2}( id-oc-pmiSOA NAME 'pmiSOA' DESC 'X.509 PMI SOA object c + lass' SUP top AUXILIARY MAY ( attributeCertificateRevocationList $ attributeA + uthorityRevocationList $ attributeDescriptorCertificate ) ) +olcObjectClasses: {3}( id-oc-attCertCRLDistributionPts NAME 'attCertCRLDistrib + utionPt' DESC 'X.509 Attribute certificate CRL distribution point object clas + s' SUP top AUXILIARY MAY ( attributeCertificateRevocationList $ attributeAuth + orityRevocationList ) ) +olcObjectClasses: {4}( id-oc-pmiDelegationPath NAME 'pmiDelegationPath' DESC ' + X.509 PMI delegation path' SUP top AUXILIARY MAY delegationPath ) +olcObjectClasses: {5}( id-oc-privilegePolicy NAME 'privilegePolicy' DESC 'X.50 + 9 Privilege policy object class' SUP top AUXILIARY MAY privPolicy ) +olcObjectClasses: {6}( id-oc-protectedPrivilegePolicy NAME 'protectedPrivilege + Policy' DESC 'X.509 Protected privilege policy object class' SUP top AUXILIAR + Y MAY protPrivPolicy ) diff --git a/servers/slapd/schema/ppolicy.ldif b/servers/slapd/schema/ppolicy.ldif new file mode 100644 index 0000000000..022232f7fb --- /dev/null +++ b/servers/slapd/schema/ppolicy.ldif @@ -0,0 +1,75 @@ +# $OpenLDAP$ +## This work is part of OpenLDAP Software . +## +## Copyright 2004-2011 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## . +# +## Portions Copyright (C) The Internet Society (2004). +## Please see full copyright statement below. +# +# Definitions from Draft behera-ldap-password-policy-07 (a work in progress) +# Password Policy for LDAP Directories +# With extensions from Hewlett-Packard: +# pwdCheckModule etc. +# +# Contents of this file are subject to change (including deletion) +# without notice. +# +# Not recommended for production use! +# Use with extreme caution! +# +# This file was automatically generated from ppolicy.schema; see that file +# for complete references. +# +dn: cn=ppolicy,cn=schema,cn=config +objectClass: olcSchemaConfig +cn: ppolicy +olcAttributeTypes: {0}( 1.3.6.1.4.1.42.2.27.8.1.1 NAME 'pwdAttribute' EQUALITY + objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) +olcAttributeTypes: {1}( 1.3.6.1.4.1.42.2.27.8.1.2 NAME 'pwdMinAge' EQUALITY in + tegerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {2}( 1.3.6.1.4.1.42.2.27.8.1.3 NAME 'pwdMaxAge' EQUALITY in + tegerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {3}( 1.3.6.1.4.1.42.2.27.8.1.4 NAME 'pwdInHistory' EQUALITY + integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {4}( 1.3.6.1.4.1.42.2.27.8.1.5 NAME 'pwdCheckQuality' EQUAL + ITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {5}( 1.3.6.1.4.1.42.2.27.8.1.6 NAME 'pwdMinLength' EQUALITY + integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {6}( 1.3.6.1.4.1.42.2.27.8.1.7 NAME 'pwdExpireWarning' EQUA + LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {7}( 1.3.6.1.4.1.42.2.27.8.1.8 NAME 'pwdGraceAuthNLimit' EQ + UALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {8}( 1.3.6.1.4.1.42.2.27.8.1.9 NAME 'pwdLockout' EQUALITY b + ooleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +olcAttributeTypes: {9}( 1.3.6.1.4.1.42.2.27.8.1.10 NAME 'pwdLockoutDuration' E + QUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {10}( 1.3.6.1.4.1.42.2.27.8.1.11 NAME 'pwdMaxFailure' EQUAL + ITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {11}( 1.3.6.1.4.1.42.2.27.8.1.12 NAME 'pwdFailureCountInter + val' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE + ) +olcAttributeTypes: {12}( 1.3.6.1.4.1.42.2.27.8.1.13 NAME 'pwdMustChange' EQUAL + ITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +olcAttributeTypes: {13}( 1.3.6.1.4.1.42.2.27.8.1.14 NAME 'pwdAllowUserChange' + EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +olcAttributeTypes: {14}( 1.3.6.1.4.1.42.2.27.8.1.15 NAME 'pwdSafeModify' EQUAL + ITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +olcAttributeTypes: {15}( 1.3.6.1.4.1.4754.1.99.1 NAME 'pwdCheckModule' DESC 'L + oadable module that instantiates "check_password() function' EQUALITY caseExa + ctIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcObjectClasses: {0}( 1.3.6.1.4.1.4754.2.99.1 NAME 'pwdPolicyChecker' SUP top + AUXILIARY MAY pwdCheckModule ) +olcObjectClasses: {1}( 1.3.6.1.4.1.42.2.27.8.2.1 NAME 'pwdPolicy' SUP top AUXI + LIARY MUST pwdAttribute MAY ( pwdMinAge $ pwdMaxAge $ pwdInHistory $ pwdCheck + Quality $ pwdMinLength $ pwdExpireWarning $ pwdGraceAuthNLimit $ pwdLockout $ + pwdLockoutDuration $ pwdMaxFailure $ pwdFailureCountInterval $ pwdMustChange + $ pwdAllowUserChange $ pwdSafeModify ) )