From bb97b312f1dcc801e5c80ef995e0799dd032332e Mon Sep 17 00:00:00 2001 From: Darren 'Tadgy' Austin Date: Wed, 29 Oct 2025 17:10:50 +0000 Subject: [PATCH] openldap schemas. --- .gitattributesdb | 5 + etc/openldap/schema/core-fd-conf.schema | 732 ++++++++++++++++++++++++ etc/openldap/schema/core-fd.schema | 580 +++++++++++++++++++ etc/openldap/schema/ldapns.schema | 23 + etc/openldap/schema/rfc2307bis.schema | 288 ++++++++++ etc/openldap/schema/template-fd.schema | 16 + 6 files changed, 1644 insertions(+) create mode 100644 etc/openldap/schema/core-fd-conf.schema create mode 100644 etc/openldap/schema/core-fd.schema create mode 100644 etc/openldap/schema/ldapns.schema create mode 100644 etc/openldap/schema/rfc2307bis.schema create mode 100644 etc/openldap/schema/template-fd.schema diff --git a/.gitattributesdb b/.gitattributesdb index 6a8696d..fd1d78b 100644 --- a/.gitattributesdb +++ b/.gitattributesdb @@ -48,6 +48,11 @@ ZXRjL21zbXRwcmMuZ3Bn 1761052674 1758049424 root:root 0644 - - ZXRjL25ldHdvcmsvLmdpdGlnbm9yZQ== 1757596572 1757596572 root:root 0644 - - ZXRjL25ldHdvcmsvaW50ZXJmYWNlcw== 1758915694 1757596330 root:root 0644 - - ZXRjL29wZW5sZGFwL2xkYXAuY29uZg== 1758374529 1730112559 root:root 0644 - - +ZXRjL29wZW5sZGFwL3NjaGVtYS9jb3JlLWZkLWNvbmYuc2NoZW1h 1759848180 1759848180 root:root 0644 - - +ZXRjL29wZW5sZGFwL3NjaGVtYS9jb3JlLWZkLnNjaGVtYQ== 1759848180 1759848180 root:root 0644 - - +ZXRjL29wZW5sZGFwL3NjaGVtYS9sZGFwbnMuc2NoZW1h 1759848180 1759848180 root:root 0644 - - +ZXRjL29wZW5sZGFwL3NjaGVtYS9yZmMyMzA3YmlzLnNjaGVtYQ== 1759835660 1759835660 root:root 0644 - - +ZXRjL29wZW5sZGFwL3NjaGVtYS90ZW1wbGF0ZS1mZC5zY2hlbWE= 1759848180 1759848180 root:root 0644 - - ZXRjL3Bhc3N3ZA== 1761056398 1761056398 root:root 0644 - - ZXRjL3BlcmlvZGljL2RhaWx5LzAtcm90YXRlLWxvZ3Mtc3ltbGlua3M= 1758222266 1758222266 root:root 0777 - - ZXRjL3BlcmlvZGljL2RhaWx5LzEwLWRlaHlkcmF0ZWQ= 1757708520 1757708520 root:root 0777 - - diff --git a/etc/openldap/schema/core-fd-conf.schema b/etc/openldap/schema/core-fd-conf.schema new file mode 100644 index 0000000..6ef5dbd --- /dev/null +++ b/etc/openldap/schema/core-fd-conf.schema @@ -0,0 +1,732 @@ +## +## fusiondirectory-conf.schema - Needed by FusionDirectory for its configuration +## + +#~ ldapTLS="true" + +# Attributes + +# Schema setup + +attributetype ( 1.3.6.1.4.1.38414.8.10.2 NAME 'fdSchemaCheck' + DESC 'FusionDirectory - Schema check' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +# Look n feel + +attributetype ( 1.3.6.1.4.1.38414.8.11.1 NAME 'fdLanguage' + DESC 'FusionDirectory - language' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.11.2 NAME 'fdTheme' + DESC 'FusionDirectory - theme' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.11.3 NAME 'fdTimezone' + DESC 'FusionDirectory - timezone' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +# People and group storage + +attributetype ( 1.3.6.1.4.1.38414.8.12.1 NAME 'fdAccountPrimaryAttribute' + DESC 'FusionDirectory - attribute that should be used in user dn' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.12.3 NAME 'fdNextIdHook' + DESC 'FusionDirectory - A script to be called for finding the next free id for users or groups' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.12.6 NAME 'fdStrictNamingRules' + DESC 'FusionDirectory - Strict naming rules' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.12.7 NAME 'fdMinId' + DESC 'FusionDirectory - minimum user id' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.12.8 NAME 'fdUidNumberBase' + DESC 'FusionDirectory - uid number base' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.12.9 NAME 'fdGidNumberBase' + DESC 'FusionDirectory - gid number base' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.12.10 NAME 'fdUserRDN' + DESC 'FusionDirectory - User RDN' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.12.11 NAME 'fdGroupRDN' + DESC 'FusionDirectory - Group RDN' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.12.12 NAME 'fdIdAllocationMethod' + DESC 'FusionDirectory - id allocation method traditional/pool' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.12.13 NAME 'fdGidNumberPoolMin' + DESC 'FusionDirectory - pool gid number min' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.12.14 NAME 'fdUidNumberPoolMin' + DESC 'FusionDirectory - pool uid number min' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.12.15 NAME 'fdGidNumberPoolMax' + DESC 'FusionDirectory - pool gid number max' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.12.16 NAME 'fdUidNumberPoolMax' + DESC 'FusionDirectory - pool uid number max' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.12.17 NAME 'fdAclRoleRDN' + DESC 'FusionDirectory - ACL role RDN' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.12.18 NAME 'fdCnPattern' + DESC 'FusionDirectory - Common Name pattern' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.12.19 NAME 'fdRestrictRoleMembers' + DESC 'FusionDirectory - Restrict role members to users from the same LDAP branch' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.12.20 NAME 'fdSplitPostalAddress' + DESC 'FusionDirectory - Expose street, postOfficeBox and postalCode fields instead of postalAddress' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.12.21 NAME 'fdPostalAddressPattern' + DESC 'FusionDirectory - When using separate address fields, you can use a pattern to fill postalAddress field' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.12.22 NAME 'fdMaxAvatarSize' + DESC 'FusionDirectory - Maximum user picture width and height in pixels' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.12.23 NAME 'fdGivenNameRequired' + DESC 'FusionDirectory - Whether givenName field is required on users' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +# Password + +attributetype ( 1.3.6.1.4.1.38414.8.13.1 NAME 'fdPasswordDefaultHash' + DESC 'FusionDirectory - Password default hash' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.13.2 NAME 'fdPasswordMinLength' + DESC 'FusionDirectory - Password min length' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.13.3 NAME 'fdPasswordMinDiffer' + DESC 'FusionDirectory - password min differ' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.13.5 NAME 'fdHandleExpiredAccounts' + DESC 'FusionDirectory - Handle expired accounts' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.13.6 NAME 'fdSaslRealm' + DESC 'FusionDirectory - SASL Realm' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.13.7 NAME 'fdSaslExop' + DESC 'FusionDirectory - SASL Exop' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.13.8 NAME 'fdForcePasswordDefaultHash' + DESC 'FusionDirectory - Force password default hash' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.13.9 NAME 'fdPasswordAllowedHashes' + DESC 'FusionDirectory - Allowed password hashes' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +# Core settings + +attributetype ( 1.3.6.1.4.1.38414.8.14.2 NAME 'fdListSummary' + DESC 'FusionDirectory - Show list summary' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.14.4 NAME 'fdModificationDetectionAttribute' + DESC 'FusionDirectory - Modification detection attribute' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.14.6 NAME 'fdLogging' + DESC 'FusionDirectory - Logging' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.14.7 NAME 'fdLdapSizeLimit' + DESC 'FusionDirectory - LDAP size limit' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.14.8 NAME 'fdWildcardForeignKeys' + DESC 'FusionDirectory - Weither or not to enable wildcard searches for foreign keys on dn' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +# Login and session + +attributetype ( 1.3.6.1.4.1.38414.8.15.1 NAME 'fdLoginAttribute' + DESC 'FusionDirectory attribute that will be used for login' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.15.2 NAME 'fdForceSSL' + DESC 'FusionDirectory - Force SSL' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.15.3 NAME 'fdWarnSSL' + DESC 'FusionDirectory - Warn user when SSL is not used' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.15.4 NAME 'fdStoreFilterSettings' + DESC 'FusionDirectory - Store filter settings' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.15.5 NAME 'fdSessionLifeTime' + DESC 'FusionDirectory - Session life time in seconds' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.15.6 NAME 'fdHttpAuthActivated' + DESC 'FusionDirectory - HTTP Basic Auth activation' + OBSOLETE + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.15.7 NAME 'fdHttpHeaderAuthActivated' + DESC 'FusionDirectory - HTTP Header Auth activation' + OBSOLETE + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.15.8 NAME 'fdHttpHeaderAuthHeaderName' + DESC 'FusionDirectory - HTTP Header Auth - Header name' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.15.9 NAME 'fdLoginMethod' + DESC 'FusionDirectory - Active login method' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE ) + +# Debugging + +attributetype ( 1.3.6.1.4.1.38414.8.16.1 NAME 'fdDisplayErrors' + DESC 'FusionDirectory - Weither or not to display errors' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.16.2 NAME 'fdLdapMaxQueryTime' + DESC 'FusionDirectory - Maximum LDAP query time' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.16.3 NAME 'fdLdapStats' + DESC 'FusionDirectory - Weither or not to activate ldap stats' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.16.4 NAME 'fdDebugLevel' + DESC 'FusionDirectory - Debug level' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.16.5 NAME 'fdDebugLogging' + DESC 'FusionDirectory - Debug logging' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +# Snapshots + +attributetype ( 1.3.6.1.4.1.38414.8.17.1 NAME 'fdEnableSnapshots' + DESC 'FusionDirectory - Weither or not to enable snapshots' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.17.2 NAME 'fdSnapshotBase' + DESC 'FusionDirectory - Snaphost base' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.17.3 NAME 'fdEnableAutomaticSnapshots' + DESC 'FusionDirectory - Weither or not to enable snapshots' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.17.4 NAME 'fdSnapshotMinRetention' + DESC 'Minimum number of snapshots to be kept in store' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.17.5 NAME 'fdSnapshotRetentionDays' + DESC 'Number of days a snapshot should be kept' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.17.6 NAME 'fdSnapshotSourceData' + DESC 'Possible Origin / Source of data received ' + EQUALITY octetStringMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.40) + SINGLE-VALUE) + +# Miscellaneous + +attributetype ( 1.3.6.1.4.1.38414.8.18.2 NAME 'fdTabHook' + DESC 'FusionDirectory - tab hook' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.8.18.3 NAME 'fdShells' + DESC 'FusionDirectory - available shells' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.8.18.4 NAME 'fusionConfigMd5' + DESC 'FusionDirectory - md5sum of class.cache' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.8.18.5 NAME 'fdDisplayHookOutput' + DESC 'FusionDirectory - display hook execution output to the user' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.18.6 NAME 'fdAclTabOnObjects' + DESC 'FusionDirectory - Should acl tabs be shown on all objects' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.18.7 NAME 'fdDepartmentCategories' + DESC 'FusionDirectory - available categories for departments' + EQUALITY caseExactMatch + SUBSTR caseExactSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38414.8.18.8 NAME 'fdDefaultShell' + DESC 'FusionDirectory - default shell' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.18.9 NAME 'fdPluginsMenuBlacklist' + DESC 'FusionDirectory - Blacklist as groupdn|plugin or roledn|plugin' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) + +attributetype ( 1.3.6.1.4.1.38414.8.18.10 NAME 'fdManagementConfig' + DESC 'FusionDirectory - Configuration for management classes' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) + +attributetype ( 1.3.6.1.4.1.38414.8.18.11 NAME 'fdManagementUserConfig' + DESC 'FusionDirectory - Per user configuration for management classes' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) + +attributetype ( 1.3.6.1.4.1.38414.8.18.12 NAME 'fdAclTargetFilterLimit' + DESC 'Fusion Directory - Size limit for LDAP filter on ACL targets' + EQUALITY integerMatch + ORDERING integerOrderingMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.18.13 NAME 'fdIncrementalModifierStates' + DESC 'FusionDirectory - States of the incremental modifier intances, with keys value and date, encoded as JSON' + EQUALITY caseExactMatch + SUBSTR caseExactSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +# Plugins + +attributetype ( 1.3.6.1.4.1.38414.8.19.1 NAME 'fdOGroupRDN' + DESC 'FusionDirectory - OGroup RDN' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.19.2 NAME 'fdForceSaslPasswordAsk' + DESC 'FusionDirectory - Force password ask for SASL users' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.19.3 NAME 'fdOGroupDefaultUser' + DESC 'FusionDirectory - Create a default user in ou=restricted for object groups' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +# SSL + +attributetype ( 1.3.6.1.4.1.38414.8.20.1 NAME 'fdSslCaCertPath' + DESC 'FusionDirectory - CA certificate path' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.20.2 NAME 'fdSslKeyPath' + DESC 'FusionDirectory - SSL key path' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.20.3 NAME 'fdSslCertPath' + DESC 'FusionDirectory - SSL certificate path' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +# CAS + +attributetype ( 1.3.6.1.4.1.38414.8.21.1 NAME 'fdCasActivated' + DESC 'FusionDirectory - CAS activation' + OBSOLETE + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.21.2 NAME 'fdCasServerCaCertPath' + DESC 'FusionDirectory - CAS server CA certificate path' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.21.3 NAME 'fdCasHost' + DESC 'FusionDirectory - CAS host' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.21.4 NAME 'fdCasPort' + DESC 'FusionDirectory - CAS port' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.21.5 NAME 'fdCasContext' + DESC 'FusionDirectory - CAS context' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.21.6 NAME 'fdCasVerbose' + DESC 'FusionDirectory - CAS verbose flag' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.21.7 NAME 'fdCasLibraryBool' + DESC 'FusionDirectory - CAS boolean to activate CAS library >= 1.6' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.21.8 NAME 'fdCasClientServiceName' + DESC 'FusionDirectory - CAS client service name' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +# FusionDirectory Tokens + +attributetype ( 1.3.6.1.4.1.38414.8.22.1 NAME 'fdTokenRDN' + DESC 'FusionDirectory - Branch where FusionDirectory Tokens are stored' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.22.2 NAME 'fdOrchestratorTokenRDN' + DESC 'FusionDirectory - Branch where FusionDirectory Orchestrator Tokens are stored' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.22.3 NAME 'fdRecoveryTokenRDN' + DESC 'FusionDirectory - Branch where FusionDirectory Recovery Tokens are stored' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +# merged from dashboard-fd.schema - Needed by Fusion Directory for dashboard options + +attributetype ( 1.3.6.1.4.1.38414.27.1.1 NAME 'fdDashboardPrefix' + DESC 'FusionDirectory - Dashboard computer name prefix' + OBSOLETE + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26) + +attributetype ( 1.3.6.1.4.1.38414.27.1.2 NAME 'fdDashboardNumberOfDigit' + DESC 'FusionDirectory - Dashboard number of digits after prefixes in computer names' + OBSOLETE + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.27.1.3 NAME 'fdDashboardExpiredAccountsDays' + DESC 'FusionDirectory - Dashboard number of days before expiration to be shown in board user tab' + OBSOLETE + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +# merged from recovery-fd.schema - Needed by Fusion Directory for password recovery options + +attributetype ( 1.3.6.1.4.1.38414.8.110.1 NAME 'fdPasswordRecoveryActivated' + DESC 'Fusion Directory - Password recovery enabled/disabled' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.110.2 NAME 'fdPasswordRecoveryEmail' + DESC 'Fusion Directory - Password recovery sender email' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.110.3 NAME 'fdPasswordRecoveryMailSubject' + DESC 'Fusion Directory - Password recovery first email subject' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.110.4 NAME 'fdPasswordRecoveryMailBody' + DESC 'Fusion Directory - Password recovery first email body' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.110.5 NAME 'fdPasswordRecoveryMail2Subject' + DESC 'Fusion Directory - Password recovery second email subject' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.110.6 NAME 'fdPasswordRecoveryMail2Body' + DESC 'Fusion Directory - Password recovery second email body' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.110.7 NAME 'fdPasswordRecoveryValidity' + DESC 'Fusion Directory - Password recovery link validity in minutes' + EQUALITY integerMatch + ORDERING integerOrderingMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.110.8 NAME 'fdPasswordRecoverySalt' + DESC 'Fusion Directory - Password recovery token salt' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.110.9 NAME 'fdPasswordRecoveryUseAlternate' + DESC 'Fusion Directory - Allow/disallow the use of alternate addresses for password recovery' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.110.10 NAME 'fdPasswordRecoveryLoginAttribute' + DESC 'Fusion Directory - Password recovery login attribute (usually uid)' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE ) + + +# Object Class +objectclass ( 1.3.6.1.4.1.38414.8.2.1 NAME 'fusionDirectoryConf' + DESC 'FusionDirectory configuration' + SUP top STRUCTURAL + MUST ( cn ) + MAY ( + fusionConfigMd5 $ + fdSchemaCheck $ + fdLanguage $ fdTheme $ fdTimezone $ + fdAccountPrimaryAttribute $ fdNextIdHook $ + fdStrictNamingRules $ fdMinId $ fdUidNumberBase $ + fdGidNumberBase $ fdUserRDN $ fdGroupRDN $ fdIdAllocationMethod $ + fdGidNumberPoolMin $ fdUidNumberPoolMin $ fdGidNumberPoolMax $ fdUidNumberPoolMax $ + fdAclRoleRDN $ fdCnPattern $ fdRestrictRoleMembers $ + fdSplitPostalAddress $ fdPostalAddressPattern $ fdMaxAvatarSize $ fdGivenNameRequired $ + fdPasswordDefaultHash $ fdPasswordMinLength $ fdPasswordMinDiffer $ + fdHandleExpiredAccounts $ fdSaslRealm $ fdSaslExop $ + fdForcePasswordDefaultHash $ fdPasswordAllowedHashes $ + fdListSummary $ + fdModificationDetectionAttribute $ fdLogging $ fdLdapSizeLimit $ fdWildcardForeignKeys $ + fdLoginAttribute $ fdForceSSL $ fdWarnSSL $ fdStoreFilterSettings $ fdSessionLifeTime $ + fdHttpAuthActivated $ fdHttpHeaderAuthActivated $ fdHttpHeaderAuthHeaderName $ + fdDisplayErrors $ fdLdapMaxQueryTime $ fdLdapStats $ fdDebugLevel $ fdDebugLogging $ + fdEnableSnapshots $ fdSnapshotBase $ + fdTabHook $ fdShells $ fdDefaultShell $ fdDisplayHookOutput $ + fdPluginsMenuBlacklist $ fdManagementConfig $ fdManagementUserConfig $ + fdAclTabOnObjects $ fdDepartmentCategories $ fdAclTargetFilterLimit $ + fdIncrementalModifierStates $ + fdSslCaCertPath $ fdSslKeyPath $ fdSslCertPath $ fdSnapshotRetentionDays $ fdSnapshotSourceData $ + fdCasActivated $ fdCasServerCaCertPath $ fdCasHost $ fdCasPort $ fdCasContext $ fdCasVerbose $ + fdLoginMethod $ fdCasLibraryBool $ fdCasClientServiceName $ fdEnableAutomaticSnapshots $ fdSnapshotMinRetention $ + fdTokenRDN $ fdOrchestratorTokenRDN $ fdRecoveryTokenRDN + ) ) + +objectclass ( 1.3.6.1.4.1.38414.8.2.2 NAME 'fusionDirectoryPluginsConf' + DESC 'FusionDirectory plugins configuration' + SUP top AUXILIARY + MUST ( cn ) + MAY ( fdOGroupRDN $ fdForceSaslPasswordAsk $ fdOGroupDefaultUser ) ) + +objectclass ( 1.3.6.1.4.1.38414.8.2.3 NAME 'fdPasswordRecoveryConf' + DESC 'FusionDirectory password recovery configuration' + SUP top AUXILIARY + MUST ( cn ) + MAY ( + fdPasswordRecoveryActivated $ fdPasswordRecoveryEmail $ + fdPasswordRecoveryMailSubject $ fdPasswordRecoveryMailBody $ + fdPasswordRecoveryMail2Subject $ fdPasswordRecoveryMail2Body $ + fdPasswordRecoveryValidity $ fdPasswordRecoverySalt $ + fdPasswordRecoveryUseAlternate $ fdPasswordRecoveryLoginAttribute + ) ) + +# Dashboard Object Class +objectclass ( 1.3.6.1.4.1.38414.27.2.1 NAME 'fdDashboardPluginConf' + DESC 'FusionDirectory dashboard plugin configuration' + SUP top AUXILIARY + MUST ( cn ) + MAY ( fdDashboardPrefix $ fdDashboardNumberOfDigit $ fdDashboardExpiredAccountsDays) ) diff --git a/etc/openldap/schema/core-fd.schema b/etc/openldap/schema/core-fd.schema new file mode 100644 index 0000000..b73b535 --- /dev/null +++ b/etc/openldap/schema/core-fd.schema @@ -0,0 +1,580 @@ +## +## core-fd.schema - Needed by FusionDirectory for its basic functionalities +## + +# Last OID used for attributes : 1.3.6.1.4.1.38414.62.1.77 04/08/25 # +# Last OID used for objectClass : 1.3.6.1.4.1.38414.62.2.11 29/01/24 # + +##### Attributes from gosa ###### + +attributetype ( 1.3.6.1.4.1.10098.1.1.12.30 NAME 'gosaGroupObjects' + DESC 'GOsa - List of all object types that are in a gosaGroupOfNames' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.10098.1.1.12.34 NAME 'gosaAclTemplate' + DESC 'GOsa - ACL entries for ACL roles' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26) + +attributetype ( 1.3.6.1.4.1.10098.1.1.12.35 NAME 'gosaAclEntry' + DESC 'GOsa - ACL entries' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26) + +attributetype ( 1.3.6.1.4.1.10098.1.1.12.37 NAME 'gosaSnapshotTimestamp' + DESC 'GOsa - Unix timestamp of snapshot' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.10098.1.1.12.38 NAME 'gosaSnapshotDN' + DESC 'GOsa - Original DN of saved object in snapshot' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.10098.1.1.12.39 NAME 'gosaSnapshotData' + DESC 'GOsa - Original data of saved object in snapshot' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE) + +##### Attributes from FusionDirectory ##### + +attributetype ( 1.3.6.1.4.1.38414.62.1.1 NAME 'fdUserDn' + DESC 'FusionDirectory - DN of a user' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.2 NAME 'fdObjectDn' + DESC 'FusionDirectory - DN of an object' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.3 NAME 'fdLockTimestamp' + DESC 'FusionDirectory - Lock token timestamp' + EQUALITY generalizedTimeMatch + ORDERING generalizedTimeOrderingMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.4 NAME 'fdSnapshotObjectType' + DESC 'FusionDirectory - object type of the snapshotted object' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.51 NAME 'fdSnapshotDataSource' + DESC 'FusionDirectory - snapshot data origin / source' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.68 NAME 'fdSnapshotHash' + DESC 'FusionDirectory - hash of the current snapShot allowing diff verification with MD5' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) + +##### Subscriptions Attributes ###### + +attributetype ( 1.3.6.1.4.1.38414.62.11.1 NAME 'fdSubscriptionStartDate' + DESC 'FusionDirectory - Subscription Starting Date' + EQUALITY generalizedTimeMatch + ORDERING generalizedTimeOrderingMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.62.11.2 NAME 'fdSubscriptionEndDate' + DESC 'FusionDirectory - Subscription End Date' + EQUALITY generalizedTimeMatch + ORDERING generalizedTimeOrderingMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.62.11.3 NAME 'fdSubscriptionType' + DESC 'FusionDirectory - Subscription type' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.62.11.4 NAME 'fdSubscriptionContractId' + DESC 'FusionDirectory - Subscription contract ID' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.62.11.5 NAME 'fdSubscriptionName' + DESC 'FusionDirectory - Subscription client name' + SUP name ) + +### Mail Template Attributes ### + +attributetype ( 1.3.6.1.4.1.38414.62.1.5 NAME 'fdMailTemplateBody' + DESC 'FusionDirectory - template mail field' + EQUALITY octetStringMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.40) + +attributetype ( 1.3.6.1.4.1.38414.62.1.6 NAME 'fdMailTemplateRDN' + DESC 'FusionDirectory - template Mail RDN' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.62.1.7 NAME 'fdMailTemplateSignature' + DESC 'FusionDirectory - template mail field' + EQUALITY octetStringMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.40) + +attributetype ( 1.3.6.1.4.1.38414.62.1.8 NAME 'fdMailAttachmentsContent' + DESC 'FusionDirectory - attachment data in bin format' + EQUALITY octetStringMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.40) + +attributetype ( 1.3.6.1.4.1.38414.62.1.9 NAME 'fdMailTemplateReadReceipt' + DESC 'FusionDirectory - template mail field' + EQUALITY octetStringMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.40) + +attributetype ( 1.3.6.1.4.1.38414.62.1.10 NAME 'fdMailTemplateSubject' + DESC 'FusionDirectory - template mail field' + EQUALITY octetStringMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.40) + +##### Tasks Attributes ##### + +attributetype ( 1.3.6.1.4.1.38414.62.1.11 NAME 'fdTasksMailObject' + DESC 'Fusion Directory - Tasks for mail template objects' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.12 NAME 'fdTasksScheduleDate' + DESC 'Scheduling of the Task - required processed date' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.13 NAME 'fdTasksMailUsers' + DESC 'Fusion Directory - Tasks Mail Users Recipient' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.14 NAME 'fdTasksStatus' + DESC 'Fusion Directory - Task Status' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.15 NAME 'fdTasksEndDate' + DESC 'Fusion Directory - Task End Date' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.57 NAME 'fdTasksLastExec' + DESC 'Fusion Directory - Time when tasks was last activated' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.77 NAME 'fdTasksNextExec' + DESC 'Fusion Directory - Time when tasks will be executed next' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.58 NAME 'fdTasksLastActivation' + DESC 'Fusion Directory - Time when tasks was last activated' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.16 NAME 'fdTasksCreationDate' + DESC 'Fusion Directory - Task Start Date' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.17 NAME 'fdTasksEmailsFromDN' + DESC 'Fusion Directory - Emails derived from DN' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.18 NAME 'fdTasksEmailSender' + DESC 'Fusion Directory - Emails derived from DN' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.55 NAME 'fdTasksEmailBCC' + DESC 'Fusion Directory - Emails derived from DN' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.19 NAME 'fdTasksMailType' + DESC 'Fusion Directory - Type of Mail attribute required' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +##### Tasks Granular ##### + +attributetype ( 1.3.6.1.4.1.38414.62.1.20 NAME 'fdTasksGranularStatus' + DESC 'Fusion Directory - Task Status' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.21 NAME 'fdTasksGranularSchedule' + DESC 'Scheduling of the Task - required processed date' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.22 NAME 'fdTasksGranularMaster' + DESC 'Fusion Directory - Tasks Master objects' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.23 NAME 'fdTasksGranularType' + DESC 'Fusion Directory - Tasks Type' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.24 NAME 'fdTasksGranularMail' + DESC 'Fusion Directory - Emails recipients if object mail' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.25 NAME 'fdTasksGranularMailFrom' + DESC 'Fusion Directory - Emails sender if object mail' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.56 NAME 'fdTasksGranularMailBCC' + DESC 'Fusion Directory - Emails sender if object mail' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.26 NAME 'fdTasksGranularRef' + DESC 'Fusion Directory - Reference towards a CN (E.g Mail Template)' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.69 NAME 'fdTasksGranularHelper' + DESC 'Fusion Directory - Reference towards a potential helper value from main task (case of reminder)' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.74 NAME 'fdTasksGranularCreationDate' + DESC 'Fusion Directory - Task Granular Creation Date' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.75 NAME 'fdTasksGranularLastExec' + DESC 'Fusion Directory - Time when granular tasks was last executed' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.76 NAME 'fdTasksGranularNextExec' + DESC 'Fusion Directory - Time when granular tasks will be executed next' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +## Any tasks requiring to store DN (Such as lifeCycle). ## + +attributetype ( 1.3.6.1.4.1.38414.62.1.67 NAME 'fdTasksGranularDN' + DESC 'Fusion Directory - DN of the targeted user' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +##### Tasks Conf ##### + +attributetype ( 1.3.6.1.4.1.38414.62.1.27 NAME 'fdTasksRDN' + DESC 'FusionDirectory - Tasks RDN' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.62.1.28 NAME 'fdTasksConfLastExecTime' + DESC 'Store time of last mail tasks success - secure spam interval' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.29 NAME 'fdTasksConfMaxEmails' + DESC 'FusionDirectory maximum emails to be processed by Orchestrator - secure spam' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.30 NAME 'fdTasksConfIntervalEmails' + DESC 'FusionDirectory maximum emails to be processed by Orchestrator - secure spam' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) + +##### Plugin Manager ##### + +attributetype ( 1.3.6.1.4.1.38414.62.1.31 NAME 'fdPluginManagerInfoAuthors' + DESC 'FusionDirectory - Plugin authors attribute' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.32 NAME 'fdPluginManagerInfoVersion' + DESC 'FusionDirectory - Plugin Version attribute' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.33 NAME 'fdPluginManagerSupportHomeUrl' + DESC 'FusionDirectory - Plugin Support page url attribute' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.34 NAME 'fdPluginManagerSupportTicketUrl' + DESC 'FusionDirectory - Plugin Suuport ticket url attribute' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.35 NAME 'fdPluginManagerSupportDiscussionUrl' + DESC 'FusionDirectory - Pluging discussion url attribute' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.36 NAME 'fdPluginManagerSupportSchemaUrl' + DESC 'FusionDirectory - Plugin schema url attribute needed if necessary' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.37 NAME 'fdPluginManagerReqFdVersion' + DESC 'FusionDirectory - Plugin Fusiondirectory Version requirement attribute' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.38 NAME 'fdPluginManagerReqPhpVersion' + DESC 'FusionDirectory - Plugin PHP Version requirement attribute' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.39 NAME 'fdPluginManagerContentPhpClass' + DESC 'FusionDirectory - Plugin Manager : list on php class provided' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.40 NAME 'fdPluginManagerContentLdapObject' + DESC 'FusionDirectory - Plugin Manager : list on Ldap Object needed' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.41 NAME 'fdPluginManagerContentLdapAttributes' + DESC 'FusionDirectory - Plugin Manager : list on Ldap attributes needed' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.42 NAME 'fdPluginManagerInfoStatus' + DESC 'FusionDirectory - Plugin Manager : status of plugin : Dev / stable / dontuse ' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.43 NAME 'fdPluginManagerSupportDownloadUrl' + DESC 'FusionDirectory - Plugin direct download url ' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.44 NAME 'fdPluginManagerInfoTags' + DESC 'FusionDirectory - Plugin Tag for identity plugins goals' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.45 NAME 'fdPluginManagerInfoLogoUrl' + DESC 'FusionDirectory - Plugin Logo url ' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.46 NAME 'fdPluginManagerInfoScreenshotUrl' + DESC 'FusionDirectory - Plugin Screenshot Url ' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.47 NAME 'fdPluginManagerInfoLicence' + DESC 'FusionDirectory - Plugin Licence' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.48 NAME 'fdPluginManagerInfoOrigin' + DESC 'FusionDirectory - Plugin Origin' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.49 NAME 'fdPluginManagerSupportProvider' + DESC 'FusionDirectory - Plugin Support Provider' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.50 NAME 'fdPluginManagerSupportContractUrl' + DESC 'FusionDirectory - Plugin Support Contract url' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +##### Tasks Granular Part 2 ##### + +attributetype ( 1.3.6.1.4.1.38414.62.1.52 NAME 'fdTasksRepeatable' + DESC 'Allow a given task to be repeatable' + EQUALITY booleanMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX '1.3.6.1.4.1.1466.115.121.1.7') + +attributetype ( 1.3.6.1.4.1.38414.62.1.53 NAME 'fdTasksUpdatable' + DESC 'Allow a given task to be updatable' + EQUALITY booleanMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX '1.3.6.1.4.1.1466.115.121.1.7') + +attributetype ( 1.3.6.1.4.1.38414.62.1.54 NAME 'fdTasksRepeatableSchedule' + DESC 'Set the repetition of the tasks via a set attribute' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX '1.3.6.1.4.1.1466.115.121.1.15') + +##### Token management attributes ##### + +attributetype ( 1.3.6.1.4.1.38414.62.1.70 NAME 'fdTokenUserDN' + DESC 'The DN user linked to the token' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) + +attributetype ( 1.3.6.1.4.1.38414.62.1.71 NAME 'fdTokenType' + DESC 'The token type eg reminder, recovery' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) + +attributetype ( 1.3.6.1.4.1.38414.62.1.72 NAME 'fdToken' + DESC 'The token' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) + +attributetype ( 1.3.6.1.4.1.38414.62.1.73 NAME 'fdTokenTimestamp' + DESC 'Timestamp for the validation of the token' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) + +##### Classes ##### + +### old gosa ObjectClass ### + +objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.4 NAME 'gosaDepartment' SUP top AUXILIARY + DESC 'GOsa - Class to mark Departments for GOsa' + MUST ( ou $ description ) + MAY ( manager $ co $ labeledURI ) ) + +objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.12 NAME 'gosaGroupOfNames' + DESC 'GOsa - Adds the gosaGroupObjects field to groupOfNames' + SUP top AUXILIARY + MUST ( cn $ gosaGroupObjects ) MAY ( member $ description ) ) + +objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.17 NAME 'gosaRole' + DESC 'GOsa - ACL container to define ACL roles' + SUP top STRUCTURAL + MUST ( gosaAclTemplate $ cn ) + MAY ( description ) ) + +objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.18 NAME 'gosaAcl' + DESC 'GOsa - ACL container to define single ACLs' + SUP top AUXILIARY + MUST ( gosaAclEntry )) + +objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.19 NAME 'gosaSnapshotObject' + DESC 'GOsa - Container object for undo and snapshot data' + SUP top STRUCTURAL + MUST ( gosaSnapshotTimestamp $ gosaSnapshotDN $ gosaSnapshotData $ fdSnapshotDataSource ) + MAY ( fdSnapshotObjectType $ description $ fdSnapshotHash) ) + +### New FusionDirectory Objectclass ### + +objectclass ( 1.3.6.1.4.1.38414.62.2.1 NAME 'fdLockEntry' SUP top STRUCTURAL + DESC 'FusionDirectory - Class for FD locking' + MUST ( fdUserDn $ fdObjectDn $ cn $ fdLockTimestamp )) + +### Subscription Related Object Class ### + +objectclass ( 1.3.6.1.4.1.38414.62.2.2 NAME 'fdSubscriptionInformation' SUP top STRUCTURAL + DESC 'FusionDirectory - Information about current subscription' + MUST ( cn ) + MAY ( uid $ fdSubscriptionStartDate $ fdSubscriptionEndDate $ fdSubscriptionType $ fdSubscriptionContractId $ fdSubscriptionName )) + +### Plugin manager Related Object Class ### + +objectclass (1.3.6.1.4.1.38414.62.2.3 NAME 'fdPluginManager' + DESC 'FusionDirectory - Plugins Manager ObjectClass' + MUST ( cn $ description $ fdPluginManagerInfoAuthors $ fdPluginManagerInfoVersion $ fdPluginManagerInfoStatus $ fdPluginManagerInfoLicence $ fdPluginManagerInfoOrigin $ fdPluginManagerSupportHomeUrl $ fdPluginManagerReqFdVersion $ fdPluginManagerReqPhpVersion $ fdPluginManagerSupportProvider ) + MAY ( fdPluginManagerInfoScreenshotUrl $ fdPluginManagerInfoLogoUrl $ fdPluginManagerInfoTags $ fdPluginManagerSupportTicketUrl $ fdPluginManagerSupportDiscussionUrl $ fdPluginManagerSupportSchemaUrl $ fdPluginManagerSupportDownloadUrl $ fdPluginManagerContentPhpClass $ fdPluginManagerContentLdapObject $ fdPluginManagerContentLdapAttributes $ fdPluginManagerSupportContractUrl )) + +### Mail Template Related Object Class ### + +objectclass (1.3.6.1.4.1.38414.62.2.4 NAME 'fdMailTemplate' + DESC 'FusionDirectory - template mail object' + SUP top STRUCTURAL + MUST ( cn $ fdMailTemplateBody $ fdMailTemplateSubject ) + MAY ( fdMailTemplateSignature $ fdMailTemplateReadReceipt)) + +objectclass (1.3.6.1.4.1.38414.62.2.10 NAME 'fdMailAttachments' + DESC 'FusionDirectory - mail template attachments' + MUST ( cn $ fdMailAttachmentsContent )) + +objectclass ( 1.3.6.1.4.1.38414.62.2.5 NAME 'fdMailTemplateConf' + DESC 'FusionDirectory Mail Template Configuration' + SUP top AUXILIARY + MUST ( cn ) + MAY ( fdMailTemplateRDN ) ) + +### Tasks Related Object Class ### + +objectclass (1.3.6.1.4.1.38414.62.2.6 NAME 'fdTasks' + DESC 'FusionDirectory - Tasks objects' + MUST ( cn $ fdTasksStatus $ fdTasksCreationDate ) + MAY ( fdTasksScheduleDate $ fdTasksEndDate $ fdTasksRepeatableSchedule $ fdTasksUpdatable $ fdTasksRepeatable + $ fdTasksLastActivation $ fdTasksLastExec $ fdTasksNextExec $ description)) + +objectclass (1.3.6.1.4.1.38414.62.2.7 NAME 'fdTasksMail' + DESC 'FusionDirectory - Tasks objects Mail' + SUP top AUXILIARY + MUST ( fdTasksMailObject $ fdTasksEmailSender ) + MAY ( fdTasksMailUsers $ fdTasksEmailsFromDN $ fdTasksMailType $ fdTasksEmailBCC ) ) + +objectclass (1.3.6.1.4.1.38414.62.2.8 NAME 'fdTasksGranular' + DESC 'FusionDirectory - Tasks granular objects' + MUST ( fdTasksGranularMaster $ cn $ fdTasksGranularType $ fdTasksGranularSchedule $ fdTasksGranularStatus $ fdTasksGranularCreationDate ) + MAY (fdTasksGranularMailBCC $ fdTasksGranularDN $ fdTasksGranularRef $ fdTasksGranularMail $ fdTasksGranularMailFrom $ fdTasksGranularHelper $ fdTasksGranularLastExec $ fdTasksGranularNextExec)) + +objectclass (1.3.6.1.4.1.38414.62.2.9 NAME 'fdTasksConf' + DESC 'FusionDirectory - Tasks objects Configuration' + SUP top AUXILIARY + MUST ( cn ) + MAY ( fdTasksRDN $ fdTasksConfLastExecTime $ fdTasksConfMaxEmails $ fdTasksConfIntervalEmails)) + +### token objectclass ### + +objectclass ( 1.3.6.1.4.1.38414.62.2.11 NAME 'fdTokenEntry' + SUP top STRUCTURAL + DESC 'FusionDirectory - Class for token storage' + MUST ( cn $ fdTokenUserDN $ fdTokenType $ fdToken $ fdTokenTimestamp )) diff --git a/etc/openldap/schema/ldapns.schema b/etc/openldap/schema/ldapns.schema new file mode 100644 index 0000000..21ae00c --- /dev/null +++ b/etc/openldap/schema/ldapns.schema @@ -0,0 +1,23 @@ +# $Id: ldapns.schema,v 1.3 2003/05/29 12:57:29 lukeh Exp $ + +# LDAP Name Service Additional Schema + +# http://www.iana.org/assignments/gssapi-service-names + +attributetype ( 1.3.6.1.4.1.5322.17.2.1 NAME 'authorizedService' + DESC 'IANA GSS-API authorized service name' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +objectclass ( 1.3.6.1.4.1.5322.17.1.1 NAME 'authorizedServiceObject' + DESC 'Auxiliary object class for adding authorizedService attribute' + SUP top + AUXILIARY + MAY authorizedService ) + +objectclass ( 1.3.6.1.4.1.5322.17.1.2 NAME 'hostObject' + DESC 'Auxiliary object class for adding host attribute' + SUP top + AUXILIARY + MAY host ) + diff --git a/etc/openldap/schema/rfc2307bis.schema b/etc/openldap/schema/rfc2307bis.schema new file mode 100644 index 0000000..db34365 --- /dev/null +++ b/etc/openldap/schema/rfc2307bis.schema @@ -0,0 +1,288 @@ +# builtin +# +#attributetype ( 1.3.6.1.1.1.1.0 NAME 'uidNumber' +# DESC 'An integer uniquely identifying a user in an administrative domain' +# EQUALITY integerMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 +# SINGLE-VALUE ) + +# builtin +# +#attributetype ( 1.3.6.1.1.1.1.1 NAME 'gidNumber' +# DESC 'An integer uniquely identifying a group in an +# administrative domain' +# EQUALITY integerMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 +# SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.2 NAME 'gecos' + DESC 'The GECOS field; the common name' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory' + DESC 'The absolute path to the home directory' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.4 NAME 'loginShell' + DESC 'The path to the login shell' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.6 NAME 'shadowMin' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.7 NAME 'shadowMax' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.12 NAME 'memberUid' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' + DESC 'Netgroup triple' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort' + DESC 'Service port number' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol' + DESC 'Service protocol name' + SUP name ) + +attributetype ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber' + DESC 'IP protocol number' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber' + DESC 'ONC RPC number' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) +attributetype ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber' + DESC 'IPv4 addresses as a dotted decimal omitting leading + zeros or IPv6 addresses as defined in RFC2373' + SUP name ) + +attributetype ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber' + DESC 'IP network as a dotted decimal, eg. 192.168, + omitting leading zeros' + SUP name + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber' + DESC 'IP netmask as a dotted decimal, eg. 255.255.255.0, + omitting leading zeros' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.22 NAME 'macAddress' + DESC 'MAC address in maximal, colon separated hex + notation, eg. 00:00:92:90:ee:e2' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.1.1.1.23 NAME 'bootParameter' + DESC 'rpc.bootparamd parameter' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.1.1.1.24 NAME 'bootFile' + DESC 'Boot image name' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.1.1.1.26 NAME 'nisMapName' + DESC 'Name of a A generic NIS map' + SUP name ) + +attributetype ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry' + DESC 'A generic NIS entry' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.28 NAME 'nisPublicKey' + DESC 'NIS public key' + EQUALITY octetStringMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.29 NAME 'nisSecretKey' + DESC 'NIS secret key' + EQUALITY octetStringMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.30 NAME 'nisDomain' + DESC 'NIS domain' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26) + +attributetype ( 1.3.6.1.1.1.1.31 NAME 'automountMapName' + DESC 'automount Map Name' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.32 NAME 'automountKey' + DESC 'Automount Key value' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.33 NAME 'automountInformation' + DESC 'Automount information' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +objectclass ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' SUP top AUXILIARY + DESC 'Abstraction of an account with POSIX attributes' + MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory ) + MAY ( userPassword $ loginShell $ gecos $ + description ) ) + +objectclass ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' SUP top AUXILIARY + DESC 'Additional attributes for shadow passwords' + MUST uid + MAY ( userPassword $ description $ + shadowLastChange $ shadowMin $ shadowMax $ + shadowWarning $ shadowInactive $ + shadowExpire $ shadowFlag ) ) + +objectclass ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' SUP top AUXILIARY + DESC 'Abstraction of a group of accounts' + MUST gidNumber + MAY ( userPassword $ memberUid $ + description ) ) + +objectclass ( 1.3.6.1.1.1.2.3 NAME 'ipService' SUP top STRUCTURAL + DESC 'Abstraction an Internet Protocol service. + Maps an IP port and protocol (such as tcp or udp) + to one or more names; the distinguished value of + the cn attribute denotes the services canonical + name' + MUST ( cn $ ipServicePort $ ipServiceProtocol ) + MAY description ) + +objectclass ( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' SUP top STRUCTURAL + DESC 'Abstraction of an IP protocol. Maps a protocol number + to one or more names. The distinguished value of the cn + attribute denotes the protocols canonical name' + MUST ( cn $ ipProtocolNumber ) + MAY description ) + +objectclass ( 1.3.6.1.1.1.2.5 NAME 'oncRpc' SUP top STRUCTURAL + DESC 'Abstraction of an Open Network Computing (ONC) + [RFC1057] Remote Procedure Call (RPC) binding. + This class maps an ONC RPC number to a name. + The distinguished value of the cn attribute denotes + the RPC services canonical name' + MUST ( cn $ oncRpcNumber ) + MAY description ) + +objectclass ( 1.3.6.1.1.1.2.6 NAME 'ipHost' SUP top AUXILIARY + DESC 'Abstraction of a host, an IP device. The distinguished + value of the cn attribute denotes the hosts canonical + name. Device SHOULD be used as a structural class' + MUST ( cn $ ipHostNumber ) + MAY ( userPassword $ l $ description $ manager ) ) + +objectclass ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' SUP top STRUCTURAL + DESC 'Abstraction of a network. The distinguished value of + the cn attribute denotes the networks canonical name' + MUST ipNetworkNumber + MAY ( cn $ ipNetmaskNumber $ l $ description $ manager ) ) + +objectclass ( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' SUP top STRUCTURAL + DESC 'Abstraction of a netgroup. May refer to other netgroups' + MUST cn + MAY ( nisNetgroupTriple $ memberNisNetgroup $ description ) ) + +objectclass ( 1.3.6.1.1.1.2.9 NAME 'nisMap' SUP top STRUCTURAL + DESC 'A generic abstraction of a NIS map' + MUST nisMapName + MAY description ) + +objectclass ( 1.3.6.1.1.1.2.10 NAME 'nisObject' SUP top STRUCTURAL + DESC 'An entry in a NIS map' + MUST ( cn $ nisMapEntry $ nisMapName ) + MAY description ) + +objectclass ( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' SUP top AUXILIARY + DESC 'A device with a MAC address; device SHOULD be + used as a structural class' + MAY macAddress ) + +objectclass ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' SUP top AUXILIARY + DESC 'A device with boot parameters; device SHOULD be + used as a structural class' + MAY ( bootFile $ bootParameter ) ) + +objectclass ( 1.3.6.1.1.1.2.14 NAME 'nisKeyObject' SUP top AUXILIARY + DESC 'An object with a public and secret key' + MUST ( cn $ nisPublicKey $ nisSecretKey ) + MAY ( uidNumber $ description ) ) + +objectclass ( 1.3.6.1.1.1.2.15 NAME 'nisDomainObject' SUP top AUXILIARY + DESC 'Associates a NIS domain with a naming context' + MUST nisDomain ) + +objectclass ( 1.3.6.1.1.1.2.16 NAME 'automountMap' SUP top STRUCTURAL + MUST ( automountMapName ) + MAY description ) + +objectclass ( 1.3.6.1.1.1.2.17 NAME 'automount' SUP top STRUCTURAL + DESC 'Automount information' + MUST ( automountKey $ automountInformation ) + MAY description ) +## namedObject is needed for groups without members +objectclass ( 1.3.6.1.4.1.5322.13.1.1 NAME 'namedObject' SUP top + STRUCTURAL MAY cn ) + diff --git a/etc/openldap/schema/template-fd.schema b/etc/openldap/schema/template-fd.schema new file mode 100644 index 0000000..a90ca87 --- /dev/null +++ b/etc/openldap/schema/template-fd.schema @@ -0,0 +1,16 @@ +## +## template-fd.schema - Needed by Fusion Directory for managing templates +## + +# Attributes +attributetype ( 1.3.6.1.4.1.38414.38.1.1 NAME 'fdTemplateField' + DESC 'FusionDirectory - template field' + EQUALITY octetStringMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.40) + +# Objectclasses +objectclass (1.3.6.1.4.1.38414.38.2.1 NAME 'fdTemplate' + DESC 'FusionDirectory - template object' + MUST ( cn ) + MAY ( fdTemplateField ) )