From: Julio Sánchez Fernández Date: Tue, 27 Apr 1999 06:34:10 +0000 (+0000) Subject: Initial version X-Git-Tag: OPENLDAP_SLAPD_BACK_LDAP~131 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=ab0e842ee2f7c899127ed5868f59b0a909581e4f;p=openldap Initial version --- diff --git a/servers/slapd/schema/core.schema b/servers/slapd/schema/core.schema new file mode 100644 index 0000000000..8d6d402c6c --- /dev/null +++ b/servers/slapd/schema/core.schema @@ -0,0 +1,425 @@ + +# Standard schema from RFC2251-RFC2256 + +# Standard X.501(93) Operational Attribute Types from RFC2252 + +attribute ( 2.5.18.1 NAME 'createTimestamp' EQUALITY generalizedTimeMatch + ORDERING generalizedTimeOrderingMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ) + +attribute ( 2.5.18.2 NAME 'modifyTimestamp' EQUALITY generalizedTimeMatch + ORDERING generalizedTimeOrderingMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ) + +attribute ( 2.5.18.3 NAME 'creatorsName' EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 + SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ) + +attribute ( 2.5.18.4 NAME 'modifiersName' EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 + SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ) + +attribute ( 2.5.18.10 NAME 'subschemaSubentry' + EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICATION + SINGLE-VALUE USAGE directoryOperation ) + +attribute ( 2.5.21.5 NAME 'attributeTypes' + EQUALITY objectIdentifierFirstComponentMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.3 USAGE directoryOperation ) + +attribute ( 2.5.21.6 NAME 'objectClasses' + EQUALITY objectIdentifierFirstComponentMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.37 USAGE directoryOperation ) + +attribute ( 2.5.21.4 NAME 'matchingRules' + EQUALITY objectIdentifierFirstComponentMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.30 USAGE directoryOperation ) + +attribute ( 2.5.21.8 NAME 'matchingRuleUse' + EQUALITY objectIdentifierFirstComponentMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.31 USAGE directoryOperation ) + +# LDAP Operational Attributes from RFC2252 + +attribute ( 1.3.6.1.4.1.1466.101.120.5 NAME 'namingContexts' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 USAGE dSAOperation ) + +attribute ( 1.3.6.1.4.1.1466.101.120.6 NAME 'altServer' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE dSAOperation ) + +attribute ( 1.3.6.1.4.1.1466.101.120.7 NAME 'supportedExtension' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation ) + +attribute ( 1.3.6.1.4.1.1466.101.120.13 NAME 'supportedControl' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation ) + +attribute ( 1.3.6.1.4.1.1466.101.120.14 NAME 'supportedSASLMechanisms' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE dSAOperation ) + +attribute ( 1.3.6.1.4.1.1466.101.120.15 NAME 'supportedLDAPVersion' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 USAGE dSAOperation ) + +# LDAP Subschema Atrribute from RFC2252 + +attribute ( 1.3.6.1.4.1.1466.101.120.16 NAME 'ldapSyntaxes' + EQUALITY objectIdentifierFirstComponentMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.54 USAGE directoryOperation ) + +# X.500 Subschema attributes from RFC2252 + +attribute ( 2.5.21.1 NAME 'dITStructureRules' EQUALITY integerFirstComponentMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.17 USAGE directoryOperation ) + +attribute ( 2.5.21.7 NAME 'nameForms' + EQUALITY objectIdentifierFirstComponentMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.35 USAGE directoryOperation ) + +attribute ( 2.5.21.2 NAME 'dITContentRules' + EQUALITY objectIdentifierFirstComponentMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.16 USAGE directoryOperation ) + +# Object Classes from RFC2252 + +objectclass ( 1.3.6.1.4.1.1466.101.120.111 NAME 'extensibleObject' + SUP top AUXILIARY ) + +# ldapSyntaxes (operational) is admissible in next: + +objectclass ( 2.5.20.1 NAME 'subschema' AUXILIARY + MAY ( dITStructureRules $ nameForms $ ditContentRules $ + objectClasses $ attributeTypes $ matchingRules $ + matchingRuleUse ) ) + +# Standard attribute types from RFC2256 + +attribute ( 2.5.4.0 NAME 'objectClass' EQUALITY objectIdentifierMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) + +attribute ( 2.5.4.1 NAME 'aliasedObjectName' EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) + +# Defined, but no longer used + +attribute ( 2.5.4.2 NAME 'knowledgeInformation' EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) + +attribute ( 2.5.4.3 NAME ( 'cn' 'commonName' ) SUP name ) + +attribute ( 2.5.4.4 NAME ( 'sn' 'surname' ) SUP name ) + +attribute ( 2.5.4.5 NAME 'serialNumber' EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} ) + +# (2-letter code from ISO 3166) + +attribute ( 2.5.4.6 NAME ( 'c' 'countryName' ) SUP name SINGLE-VALUE ) + +attribute ( 2.5.4.7 NAME ( 'l' 'localityName' ) SUP name ) + +attribute ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' ) SUP name ) + +attribute ( 2.5.4.9 NAME ( 'street' 'streetAddress' ) EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) + +attribute ( 2.5.4.10 NAME ( 'o' 'organizationName' ) SUP name ) + +attribute ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' ) SUP name ) + +attribute ( 2.5.4.12 NAME 'title' SUP name ) + +attribute ( 2.5.4.13 NAME 'description' EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} ) + +# Obsoleted by enhancedSearchGuide + +attribute ( 2.5.4.14 NAME 'searchGuide' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 ) + +attribute ( 2.5.4.15 NAME 'businessCategory' EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) + +attribute ( 2.5.4.16 NAME 'postalAddress' EQUALITY caseIgnoreListMatch + SUBSTR caseIgnoreListSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) + +attribute ( 2.5.4.17 NAME 'postalCode' EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} ) + +attribute ( 2.5.4.18 NAME 'postOfficeBox' EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} ) + +attribute ( 2.5.4.19 NAME 'physicalDeliveryOfficeName' EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) + +attribute ( 2.5.4.20 NAME 'telephoneNumber' EQUALITY telephoneNumberMatch + SUBSTR telephoneNumberSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} ) + +attribute ( 2.5.4.21 NAME 'telexNumber' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 ) + +attribute ( 2.5.4.22 NAME 'teletexTerminalIdentifier' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 ) + +attribute ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' ) + SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 ) + +attribute ( 2.5.4.24 NAME 'x121Address' EQUALITY numericStringMatch + SUBSTR numericStringSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} ) + +attribute ( 2.5.4.25 NAME 'internationaliSDNNumber' EQUALITY numericStringMatch + SUBSTR numericStringSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} ) + +attribute ( 2.5.4.26 NAME 'registeredAddress' SUP postalAddress + SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) + +attribute ( 2.5.4.27 NAME 'destinationIndicator' EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} ) + +attribute ( 2.5.4.28 NAME 'preferredDeliveryMethod' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.14 + SINGLE-VALUE ) + +attribute ( 2.5.4.29 NAME 'presentationAddress' + EQUALITY presentationAddressMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.43 + SINGLE-VALUE ) + +attribute ( 2.5.4.30 NAME 'supportedApplicationContext' + EQUALITY objectIdentifierMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) + +# SUP comes later + +attribute ( 2.5.4.31 NAME 'member' SUP distinguishedName ) + +attribute ( 2.5.4.32 NAME 'owner' SUP distinguishedName ) + +attribute ( 2.5.4.33 NAME 'roleOccupant' SUP distinguishedName ) + +attribute ( 2.5.4.34 NAME 'seeAlso' SUP distinguishedName ) + +attribute ( 2.5.4.35 NAME 'userPassword' EQUALITY octetStringMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} ) + +# Must be stored and requested in the binary form, as +# userCertificate;binary + +attribute ( 2.5.4.36 NAME 'userCertificate' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 ) + +# As above + +attribute ( 2.5.4.37 NAME 'cACertificate' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 ) + +# As above + +attribute ( 2.5.4.38 NAME 'authorityRevocationList' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) + +# As above + +attribute ( 2.5.4.39 NAME 'certificateRevocationList' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) + +# As above + +attribute ( 2.5.4.40 NAME 'crossCertificatePair' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 ) + +# Out of order!!! + +attribute ( 2.5.4.41 NAME 'name' EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) + +attribute ( 2.5.4.42 NAME 'givenName' SUP name ) + +attribute ( 2.5.4.43 NAME 'initials' SUP name ) + +attribute ( 2.5.4.45 NAME 'x500UniqueIdentifier' EQUALITY bitStringMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 ) + +attribute ( 2.5.4.46 NAME 'dnQualifier' EQUALITY caseIgnoreMatch + ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 ) + +attribute ( 2.5.4.47 NAME 'enhancedSearchGuide' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 ) + +attribute ( 2.5.4.48 NAME 'protocolInformation' + EQUALITY protocolInformationMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 ) + +# Out of order!!! +# We had a dn definition in slapd.at.conf and Netscape lists both +# names for that OID + +attribute ( 2.5.4.49 NAME ( 'distinguishedName' 'dn' ) EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) + +attribute ( 2.5.4.50 NAME 'uniqueMember' EQUALITY uniqueMemberMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 ) + +attribute ( 2.5.4.51 NAME 'houseIdentifier' EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) + +# This attribute is to be stored and requested in the binary form, as +# 'supportedAlgorithms;binary'. + +attribute ( 2.5.4.52 NAME 'supportedAlgorithms' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 ) + +# This attribute is to be stored and requested in the binary form, as +# 'deltaRevocationList;binary'. + +attribute ( 2.5.4.53 NAME 'deltaRevocationList' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) + +attribute ( 2.5.4.54 NAME 'dmdName' SUP name ) + +# Standard object classes from RFC2256 + +objectclass ( 2.5.6.0 NAME 'top' ABSTRACT MUST objectClass ) + +objectclass ( 2.5.6.1 NAME 'alias' SUP top STRUCTURAL MUST aliasedObjectName ) + +objectclass ( 2.5.6.2 NAME 'country' SUP top STRUCTURAL MUST c + MAY ( searchGuide $ description ) ) + +objectclass ( 2.5.6.3 NAME 'locality' SUP top STRUCTURAL + MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) ) + +objectclass ( 2.5.6.4 NAME 'organization' SUP top STRUCTURAL MUST o + MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ + x121Address $ registeredAddress $ destinationIndicator $ + preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ + telephoneNumber $ internationaliSDNNumber $ + facsimileTelephoneNumber $ + street $ postOfficeBox $ postalCode $ postalAddress $ + physicalDeliveryOfficeName $ st $ l $ description ) ) + +objectclass ( 2.5.6.5 NAME 'organizationalUnit' SUP top STRUCTURAL MUST ou + MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ + x121Address $ registeredAddress $ destinationIndicator $ + preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ + telephoneNumber $ internationaliSDNNumber $ + facsimileTelephoneNumber $ + street $ postOfficeBox $ postalCode $ postalAddress $ + physicalDeliveryOfficeName $ st $ l $ description ) ) + +objectclass ( 2.5.6.6 NAME 'person' SUP top STRUCTURAL MUST ( sn $ cn ) + MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) ) + +objectclass ( 2.5.6.7 NAME 'organizationalPerson' SUP person STRUCTURAL + MAY ( title $ x121Address $ registeredAddress $ + destinationIndicator $ + preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ + telephoneNumber $ internationaliSDNNumber $ + facsimileTelephoneNumber $ + street $ postOfficeBox $ postalCode $ postalAddress $ + physicalDeliveryOfficeName $ ou $ st $ l ) ) + +# Notice that preferredDeliveryMethod is duplicate + +objectclass ( 2.5.6.8 NAME 'organizationalRole' SUP top STRUCTURAL MUST cn + MAY ( x121Address $ registeredAddress $ destinationIndicator $ + preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ + telephoneNumber $ internationaliSDNNumber $ + facsimileTelephoneNumber $ + seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $ + postOfficeBox $ postalCode $ postalAddress $ + physicalDeliveryOfficeName $ ou $ st $ l $ description ) ) + +objectclass ( 2.5.6.9 NAME 'groupOfNames' SUP top STRUCTURAL MUST ( member $ cn ) + MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) ) + +# Notice that preferredDeliveryMethod is duplicate +# It seems they could not agree on wheter telephoneNumber is MAY +# in person. Probably it wasn't originally at was added as an +# afterthought + +objectclass ( 2.5.6.10 NAME 'residentialPerson' SUP person STRUCTURAL MUST l + MAY ( businessCategory $ x121Address $ registeredAddress $ + destinationIndicator $ preferredDeliveryMethod $ telexNumber $ + teletexTerminalIdentifier $ telephoneNumber $ + internationaliSDNNumber $ + facsimileTelephoneNumber $ preferredDeliveryMethod $ street $ + postOfficeBox $ postalCode $ postalAddress $ + physicalDeliveryOfficeName $ st $ l ) ) + +objectclass ( 2.5.6.11 NAME 'applicationProcess' SUP top STRUCTURAL MUST cn + MAY ( seeAlso $ ou $ l $ description ) ) + +objectclass ( 2.5.6.12 NAME 'applicationEntity' SUP top STRUCTURAL + MUST ( presentationAddress $ cn ) + MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $ + description ) ) + +# This one was wrong in our schema, it only allowed the aditional +# knowledgeInformation attribute, while it is derived from +# applicationEntity and should allow all its attributes as well. + +objectclass ( 2.5.6.13 NAME 'dSA' SUP applicationEntity STRUCTURAL + MAY knowledgeInformation ) + +objectclass ( 2.5.6.14 NAME 'device' SUP top STRUCTURAL MUST cn + MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) ) + +objectclass ( 2.5.6.15 NAME 'strongAuthenticationUser' SUP top AUXILIARY + MUST userCertificate ) + +objectclass ( 2.5.6.16 NAME 'certificationAuthority' SUP top AUXILIARY + MUST ( authorityRevocationList $ certificateRevocationList $ + cACertificate ) MAY crossCertificatePair ) + +# New + +objectclass ( 2.5.6.17 NAME 'groupOfUniqueNames' SUP top STRUCTURAL + MUST ( uniqueMember $ cn ) + MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) ) + +# New + +objectclass ( 2.5.6.18 NAME 'userSecurityInformation' SUP top AUXILIARY + MAY ( supportedAlgorithms ) ) + +# New + +objectclass ( 2.5.6.16.2 NAME 'certificationAuthority-V2' SUP + certificationAuthority + AUXILIARY MAY ( deltaRevocationList ) ) + +# New + +objectclass ( 2.5.6.19 NAME 'cRLDistributionPoint' SUP top STRUCTURAL + MUST ( cn ) MAY ( certificateRevocationList $ + authorityRevocationList $ + deltaRevocationList ) ) + +# New + +objectclass ( 2.5.6.20 NAME 'dmd' SUP top STRUCTURAL MUST ( dmdName ) + MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ + x121Address $ registeredAddress $ destinationIndicator $ + preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ + telephoneNumber $ internationaliSDNNumber $ + facsimileTelephoneNumber $ + street $ postOfficeBox $ postalCode $ postalAddress $ + physicalDeliveryOfficeName $ st $ l $ description ) ) + diff --git a/servers/slapd/schema/misc.schema b/servers/slapd/schema/misc.schema new file mode 100644 index 0000000000..c6273926c1 --- /dev/null +++ b/servers/slapd/schema/misc.schema @@ -0,0 +1,21 @@ + +# Assorted definitions from several sources + +# This file uses definitions from slapd.std.schema and +# slapd.pilot.schema + +# This comes from RFC2247 + +objectclass ( 1.3.6.1.4.1.1466.344 NAME 'dcObject' SUP top AUXILIARY MUST dc ) + +# This comes from RFC2377 + +objectclass ( 1.3.6.1.1.3.1 NAME 'uidObject' SUP top AUXILIARY MUST uid ) + +# Origin of this has not been identified. We had it and Netscape has it +# too. + +attribute ( 1.3.6.1.4.1.250.1.60 NAME ( 'timeToLive' 'ttl' ) + SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) + +objectclass ( 1.3.6.1.4.1.250.3.18 NAME 'cacheObject' SUP top MAY ttl ) diff --git a/servers/slapd/schema/pilot.schema b/servers/slapd/schema/pilot.schema new file mode 100644 index 0000000000..602a81c404 --- /dev/null +++ b/servers/slapd/schema/pilot.schema @@ -0,0 +1,357 @@ + +# These come from RFC1274 and are in ASN.1 syntax. They have been +# translated with some imagination. Only attributes and classes we +# already had are here. In general, the matching rules in the +# attribute types are incomplete or incorrect and have to be checked. + +# Note: It seems that the pilot schema evolved beyond what was +# described in RFC1274. It also seems that Umich followed the changes +# but we don't know where are documented. More worrisome is that it +# seems that Netscape does not know either. Searches on Altavista +# have not shed any light, so we will have to ask for help. + +# This file uses definitions from slapd.std.schema + +# ccitt.data.pss.ucl.pilot ( 0.9.2342.19200300.100 ) +# 1 pilotAttributeType +# 3 pilotAttributeSyntax +# 4 pilotObjectClass +# 10 pilotGroups + +# Believe it or not, this is case-insensitive + +attribute ( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' ) + EQUALITY caseIgnoreMatch + SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) + +attribute ( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress' + EQUALITY caseIgnoreMatch + SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) + +attribute ( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822Mailbox' ) + EQUALITY caseIgnoreIA5Match + SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) + +attribute ( 0.9.2342.19200300.100.1.4 NAME 'info' EQUALITY caseIgnoreMatch + SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) + +attribute ( 0.9.2342.19200300.100.1.5 NAME ( 'drink' 'favouriteDrink' ) + EQUALITY caseIgnoreMatch + SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) + +attribute ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' + EQUALITY caseIgnoreMatch + SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) + +attribute ( 0.9.2342.19200300.100.1.7 NAME 'photo' + SYNTAX '1.3.6.1.4.1.1466.115.121.1.5' ) + +attribute ( 0.9.2342.19200300.100.1.8 NAME 'userClass' + EQUALITY caseIgnoreMatch + SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) + +attribute ( 0.9.2342.19200300.100.1.9 NAME 'host' + EQUALITY caseIgnoreMatch + SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) + +attribute ( 0.9.2342.19200300.100.1.10 NAME 'manager' + EQUALITY distinguishedNameMatch + SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) + +attribute ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier' + EQUALITY caseIgnoreMatch + SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) + +attribute ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle' + EQUALITY caseIgnoreMatch + SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) + +attributes ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion' + EQUALITY caseIgnoreMatch + SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) + +attributes ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor' + EQUALITY distinguishedNameMatch + SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) + +attributes ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation' + EQUALITY caseIgnoreMatch + SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) + +attribute ( 0.9.2342.19200300.100.1.20 NAME ( 'homeTelephoneNumber' 'homePhone' ) + EQUALITY telephoneNumberMatch + SUBSTR telephoneNumberSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ) + +attribute ( 0.9.2342.19200300.100.1.21 NAME 'secretary' + EQUALITY distinguishedNameMatch + SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) + +# Netscape defines this with syntax 1.15 TBC + +attribute ( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox' + SYNTAX '1.3.6.1.4.1.1466.115.121.1.39' ) + +# Netscape defines this with syntax 1.15 TBC + +attribute ( 0.9.2342.19200300.100.1.23 NAME 'lastModifiedTime' + EQUALITY ?? + SYNTAX 1.3.6.1.4.1.1466.115.121.1.53 ) + +attribute ( 0.9.2342.19200300.100.1.24 NAME 'lastModifiedBy' + EQUALITY distinguishedNameMatch + SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) + +# This is the definition as defined in RFC2247 + +attribute ( 0.9.2342.19200300.100.1.25 NAME 'dc' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +# This is aRecord in RFC1274. However, objectclass dNSDomain as we +# and Netscape use it is very different. + +attribute ( 0.9.2342.19200300.100.1.26 NAME 'dNSRecord' + SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) + +# 0.9.2342.19200300.100.1.27 was probably intended to be mDRecord in +# RFC1274, but they got it wrong and did not define it, thought it +# is referenced by dNSDomain in it. + +# 0.9.2342.19200300.100.1.28 was mXRecord in RFC1274 +# 0.9.2342.19200300.100.1.29 was nSRecord in RFC1274 +# 0.9.2342.19200300.100.1.30 was sOARecord in RFC1274 +# 0.9.2342.19200300.100.1.31 was cNAMERecord in RFC1274 + +attribute ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) + +attribute ( 0.9.2342.19200300.100.1.38 NAME 'associatedName' DESC + EQUALITY distinguishedNameMatch + SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) + +# Netscape gives syntax 1.15 to this. TBC + +attribute ( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress' + EQUALITY ?? + SYNTAX '1.3.6.1.4.1.1466.115.121.1.41' ) + +attribute ( 0.9.2342.19200300.100.1.40 NAME 'personalTitle' + EQUALITY caseIgnoreMatch + SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) + +attribute ( 0.9.2342.19200300.100.1.41 NAME ( 'mobileTelephoneNumber' 'mobile' ) + EQUALITY telephoneNumberMatch + SUBSTR telephoneNumberSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ) + +attribute ( 0.9.2342.19200300.100.1.42 NAME ( 'pagerTelephoneNumber' 'pager' ) + EQUALITY telephoneNumberMatch + SUBSTR telephoneNumberSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ) + +attribute ( 0.9.2342.19200300.100.1.43 NAME ( 'co' 'friendlyCountryName' ) + EQUALITY caseIgnoreMatch + SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) + +attribute ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier' + EQUALITY caseIgnoreMatch + SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) + +attribute ( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus' + EQUALITY caseIgnoreMatch + SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) + +attribute ( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox' + EQUALITY caseIgnoreIA5Match + SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) + +# Netscape gives syntax 1.27 (integer). However, 1.32 is only listed +# in RFC2252 without explanation. The SINGLE-VALUE thing comes from +# Netscape and is not backed by RFC1274. + +attribute ( 0.9.2342.19200300.100.1.47 NAME 'mailPreferenceOption' + SYNTAX '1.3.6.1.4.1.1466.115.121.1.32' SINGLE-VALUE ) + +# 0.9.2342.19200300.100.1.48 was buildingName in RFC1274 +# 0.9.2342.19200300.100.1.49 was dSAQuality in RFC1274 +# 0.9.2342.19200300.100.1.50 was singleLevelQuality in RFC1274 +# 0.9.2342.19200300.100.1.51 was subtreeMinimumQuality in RFC1274 +# 0.9.2342.19200300.100.1.52 was subtreeMaximumQuality in RFC1274 + +# Netscape assigns binary syntax to this. RFC1274 is more detailed +# about this but RFC2252 does not seem to list a specific syntax. +# We had this as 'bin' + +attribute ( 0.9.2342.19200300.100.1.53 NAME 'personalSignature' + SYNTAX '1.3.6.1.4.1.1466.115.121.1.5' ) + +attribute ( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect' + EQUALITY distinguishedNameMatch + SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) + +# Netscape gives syntax 1.5 to this. We had it as 'bin'. + +attribute ( 0.9.2342.19200300.100.1.55 NAME 'audio' + SYNTAX '1.3.6.1.4.1.1466.115.121.1.4' ) + +attribute ( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher' + EQUALITY caseIgnoreMatch + SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) + +# This one is ripped from Netscape and is a pilot object. It is not +# in RFC1274, but we had it as 'bin'. + +attribute ( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' + SYNTAX '1.3.6.1.4.1.1466.115.121.1.5' ) + +# These attributes are pilot-related attributes that we had and Netscape +# has too, however, the OID is unknown for them and Netscape uses a +# string in place of the missing OID. We will do the same until we +# can make head or tails of this. + +attribute ( abstract-oid NAME 'abstract' + SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) + +attribute ( authorcn-oid NAME ( 'documentAuthorCommonName' 'authorCn' ) + SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) + +attribute ( authorsn-oid NAME ( 'documentAuthorSurname' 'authorSn' ) + SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) + +attribute ( documentStore-oid NAME 'documentStore' + SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) + +attribute ( keyWords-oid NAME 'keyWords' + SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) + +attribute ( obsoletedByDocument-oid NAME 'obsoletedByDocument' + SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) + +attributes ( obsoletesDocument-oid NAME 'obsoletesDocument' + SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) + +attributes ( subject-oid NAME 'subject' + SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) + +attributes ( updatedByDocument-oid NAME 'updatedByDocument' + SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) + +attributes ( updatesDocument-oid NAME 'updatesDocument' + SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) + +# In classes, STRUCTURAL or AUXILIARY is chosen depending on the +# textual description that accompanies the class in RFC1274 + +# This is pilotObject from the RFC. However, we had both photo +# and jpegPhoto attributes. Nestcape does too. + +objectclass ( 0.9.2342.19200300.100.4.3 NAME 'pilotObject' SUP top + AUXILIARY MAY ( info $ photo $ manager $ uniqueIdentifier $ + lastModifiedTime $ lastModifiedBy $ dITRedirect $ audio $ + jpegPhoto ) ) + +# This is probably wrong. RFC1274 defines a pilotPerson. We did not +# have it and we did have a newPilotPerson instead. However, the +# definition is the same. Maybe it changed and was not reflected +# in the RFC. + +objectclass ( 0.9.2342.19200300.100.4.4 NAME 'newPilotPerson' SUP person + STRUCTURAL MAY ( uid $ textEncodedORAddress $ mail $ drink $ + roomNumber $ userClass $ homePhone $ homePostalAddress $ + secretary $ personalTitle $ preferredDeliveryMethod $ + businessCategory $ janetMailbox $ otherMailbox $ mobile $ + pager $ organizationalStatus $ mailPreferenceOption $ + personalSignature ) ) + +# The text is unclear about whether it is STRUCTURAL or AUXILIARY +# I think it was meant to be STRUCTURAL, it is the least restrictive +# of the options and RFC2377 explains uidObject as an auxiliary. + +objectclass ( 0.9.2342.19200300.100.4.5 NAME 'account' SUP top + STRUCTURAL MUST uid MAY ( description $ seeAlso $ l $ o $ ou $ + host ) ) + +# Netscape says this is derived from pilotObject, but RFC1274 says top. +# Which is it? Our attribute list matches that of Netscape, so we will +# go with Netscape for the time being. + +# Besides, this objectclass is a mess. I can only presume that +# originally documentAuthor, but later someone noticed that not all +# authors had DN's, so authorCN and authorSN were added. Other +# attributes were added as well. However, either no one remembered to +# assign OIDs to these attribute types or their assignments have been +# lost. See their definitions above for the Netscape kludge that we +# have adopted. FIX NEEDED. + +objectclass ( 0.9.2342.19200300.100.4.6 NAME 'document' SUP pilotObject + MUST documentIdentifier MAY ( cn $ description $ seeAlso $ l $ + o $ ou $ documentTitle $ documentVersion $ documentAuthor $ + documentLocation $ documentPublisher $ + abstract $ authorCN $ authorSN $ documentStore $ keywords $ + obsoletedByDocument $ obsoletesDocument $ subject $ + updatedByDocument $ updatesDocument ) ) + +objectclass ( 0.9.2342.19200300.100.4.7 NAME 'room' SUP top STRUCTURAL + MUST cn MAY ( roomNumber $ description $ seeAlso $ telephoneNumber ) ) + +objectclass ( 0.9.2342.19200300.100.4.9 NAME 'documentSeries' SUP top + STRUCTURAL MUST cn MAY ( description $ seeAlso $ telephonenumber $ + l $ o $ ou ) ) + +# This definition is much longer than that in RFC1274 and is taken from RFC2247 + +objectclass ( 0.9.2342.19200300.100.4.13 NAME 'domain' SUP top STRUCTURAL + MUST dc + MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ + x121Address $ registeredAddress $ destinationIndicator $ + preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ + telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ + street $ postOfficeBox $ postalCode $ postalAddress $ + physicalDeliveryOfficeName $ st $ l $ description $ o $ + associatedName ) ) + +# This class has in RFC1274 two attributes postalAttributeSet and +# telecomunicationAttributeSet that we did not have. We let them out +# for now. Netscape does not have them either. + +objectclass ( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart' SUP domain + MAY ( cn $ sn $ description $ seeAlso $ telephonenumber ) ) + +# Another wonderful inconsistency. This objectclass has little +# relationship to the way it was defined in RFC1274, that was derived +# from domain, adding ARecord, MDRecord, MXRecord, NSRecord, SOARecord +# and CNAMERecord attribute types of syntax DNSRecordSyntax. On the +# other hand, we had dNSRecord and Netscape has it too. The OID for +# dNSRecord is the one used in RFC1274 for ARecord. Netscape also has +# a manager attribute type here that we did not. It seems a mistake +# and we do not include it. + +objectclass ( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain' SUP 'domain' + MAY dnsrecord ) + +objectclass ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject' + SUP 'top' MUST associatedDomain ) + +# Well, first notice we (and Netscape) were using co as short for +# friendlyCountryName + +objectclass ( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry' SUP country + MUST co ) + +objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject' + SUP top MUST userPassword ) + +# Nice test case of class with two superiors. Netscape does not give +# OID for this objectclass and gives top as its superior. We use the +# OID given in RFC1274 + +objectclass ( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization' + SUP ( organization $ organizationalUnit ) MAY buildingName ) + + + +