mirror of
https://git.openldap.org/openldap/openldap.git
synced 2025-12-28 18:49:34 -05:00
0de4adaf09
Still need object classes for both of these. Suspect we'll need to assign "experimental" ones from our arc.
489 lines
18 KiB
Text
489 lines
18 KiB
Text
# $OpenLDAP$
|
|
#
|
|
# OpenLDAP Core schema
|
|
#
|
|
# Includes "standard" schema items from:
|
|
# RFC2251-RFC2256 (LDAPv3)
|
|
# RFC2079 (URI)
|
|
#
|
|
# and other "core" items
|
|
# ldapsubentry draft
|
|
# named referrals draft
|
|
# alias draft
|
|
#
|
|
|
|
# Standard X.501(93) Operational Attribute Types from RFC2252
|
|
|
|
attributetype ( 2.5.18.1 NAME 'createTimestamp' EQUALITY generalizedTimeMatch
|
|
ORDERING generalizedTimeOrderingMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
|
|
SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
|
|
|
|
attributetype ( 2.5.18.2 NAME 'modifyTimestamp' EQUALITY generalizedTimeMatch
|
|
ORDERING generalizedTimeOrderingMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
|
|
SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
|
|
|
|
attributetype ( 2.5.18.3 NAME 'creatorsName' EQUALITY distinguishedNameMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
|
|
SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
|
|
|
|
attributetype ( 2.5.18.4 NAME 'modifiersName' EQUALITY distinguishedNameMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
|
|
SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
|
|
|
|
attributetype ( 2.5.18.10 NAME 'subschemaSubentry'
|
|
EQUALITY distinguishedNameMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICATION
|
|
SINGLE-VALUE USAGE directoryOperation )
|
|
|
|
attributetype ( 2.5.21.5 NAME 'attributeTypes'
|
|
EQUALITY objectIdentifierFirstComponentMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.3 USAGE directoryOperation )
|
|
|
|
attributetype ( 2.5.21.6 NAME 'objectClasses'
|
|
EQUALITY objectIdentifierFirstComponentMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.37 USAGE directoryOperation )
|
|
|
|
attributetype ( 2.5.21.4 NAME 'matchingRules'
|
|
EQUALITY objectIdentifierFirstComponentMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.30 USAGE directoryOperation )
|
|
|
|
attributetype ( 2.5.21.8 NAME 'matchingRuleUse'
|
|
EQUALITY objectIdentifierFirstComponentMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.31 USAGE directoryOperation )
|
|
|
|
# LDAP Operational Attributes from RFC2252
|
|
|
|
attributetype ( 1.3.6.1.4.1.1466.101.120.5 NAME 'namingContexts'
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 USAGE dSAOperation )
|
|
|
|
attributetype ( 1.3.6.1.4.1.1466.101.120.6 NAME 'altServer'
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE dSAOperation )
|
|
|
|
attributetype ( 1.3.6.1.4.1.1466.101.120.7 NAME 'supportedExtension'
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation )
|
|
|
|
attributetype ( 1.3.6.1.4.1.1466.101.120.13 NAME 'supportedControl'
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation )
|
|
|
|
attributetype ( 1.3.6.1.4.1.1466.101.120.14 NAME 'supportedSASLMechanisms'
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE dSAOperation )
|
|
|
|
attributetype ( 1.3.6.1.4.1.1466.101.120.15 NAME 'supportedLDAPVersion'
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 USAGE dSAOperation )
|
|
|
|
# LDAP Subschema Atrribute from RFC2252
|
|
|
|
attributetype ( 1.3.6.1.4.1.1466.101.120.16 NAME 'ldapSyntaxes'
|
|
EQUALITY objectIdentifierFirstComponentMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.54 USAGE directoryOperation )
|
|
|
|
# X.500 Subschema attributes from RFC2252
|
|
|
|
attributetype ( 2.5.21.1 NAME 'dITStructureRules' EQUALITY integerFirstComponentMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.17 USAGE directoryOperation )
|
|
|
|
attributetype ( 2.5.21.7 NAME 'nameForms'
|
|
EQUALITY objectIdentifierFirstComponentMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.35 USAGE directoryOperation )
|
|
|
|
attributetype ( 2.5.21.2 NAME 'dITContentRules'
|
|
EQUALITY objectIdentifierFirstComponentMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.16 USAGE directoryOperation )
|
|
|
|
# Object Classes from RFC2252
|
|
|
|
# extensibleObject moved forward, since it depends on top
|
|
# ldapSyntaxes (operational) is admissible in next:
|
|
|
|
objectclass ( 2.5.20.1 NAME 'subschema' AUXILIARY
|
|
MAY ( dITStructureRules $ nameForms $ ditContentRules $
|
|
objectClasses $ attributeTypes $ matchingRules $
|
|
matchingRuleUse ) )
|
|
|
|
# Standard attribute types from RFC2256
|
|
|
|
attributetype ( 2.5.4.0 NAME 'objectClass' EQUALITY objectIdentifierMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
|
|
|
|
attributetype ( 2.5.4.1 NAME 'aliasedObjectName' EQUALITY distinguishedNameMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
|
|
|
|
# Defined, but no longer used
|
|
|
|
attributetype ( 2.5.4.2 NAME 'knowledgeInformation' EQUALITY caseIgnoreMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
|
|
|
|
# Place here since other attribute types derive from it
|
|
|
|
attributetype ( 2.5.4.41 NAME 'name' EQUALITY caseIgnoreMatch
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
|
|
|
|
attributetype ( 2.5.4.3 NAME ( 'cn' 'commonName' ) SUP name )
|
|
|
|
attributetype ( 2.5.4.4 NAME ( 'sn' 'surname' ) SUP name )
|
|
|
|
attributetype ( 2.5.4.5 NAME 'serialNumber' EQUALITY caseIgnoreMatch
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} )
|
|
|
|
# (2-letter code from ISO 3166)
|
|
|
|
attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' ) SUP name SINGLE-VALUE )
|
|
|
|
attributetype ( 2.5.4.7 NAME ( 'l' 'localityName' ) SUP name )
|
|
|
|
attributetype ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' ) SUP name )
|
|
|
|
attributetype ( 2.5.4.9 NAME ( 'street' 'streetAddress' ) EQUALITY caseIgnoreMatch
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
|
|
|
|
attributetype ( 2.5.4.10 NAME ( 'o' 'organizationName' ) SUP name )
|
|
|
|
attributetype ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' ) SUP name )
|
|
|
|
attributetype ( 2.5.4.12 NAME 'title' SUP name )
|
|
|
|
attributetype ( 2.5.4.13 NAME 'description' EQUALITY caseIgnoreMatch
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
|
|
|
|
# Obsoleted by enhancedSearchGuide
|
|
|
|
attributetype ( 2.5.4.14 NAME 'searchGuide'
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 )
|
|
|
|
attributetype ( 2.5.4.15 NAME 'businessCategory' EQUALITY caseIgnoreMatch
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
|
|
|
|
# Show stopper: we don't have the definition of caseIgnoreListSubstringsMatch
|
|
#attribute ( 2.5.4.16 NAME 'postalAddress' EQUALITY caseIgnoreListMatch
|
|
# SUBSTR caseIgnoreListSubstringsMatch
|
|
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
|
|
attributetype ( 2.5.4.16 NAME 'postalAddress' EQUALITY caseIgnoreListMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
|
|
|
|
attributetype ( 2.5.4.17 NAME 'postalCode' EQUALITY caseIgnoreMatch
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
|
|
|
|
attributetype ( 2.5.4.18 NAME 'postOfficeBox' EQUALITY caseIgnoreMatch
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
|
|
|
|
attributetype ( 2.5.4.19 NAME 'physicalDeliveryOfficeName' EQUALITY caseIgnoreMatch
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
|
|
|
|
attributetype ( 2.5.4.20 NAME 'telephoneNumber' EQUALITY telephoneNumberMatch
|
|
SUBSTR telephoneNumberSubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} )
|
|
|
|
attributetype ( 2.5.4.21 NAME 'telexNumber'
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 )
|
|
|
|
attributetype ( 2.5.4.22 NAME 'teletexTerminalIdentifier'
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 )
|
|
|
|
attributetype ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' )
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 )
|
|
|
|
attributetype ( 2.5.4.24 NAME 'x121Address' EQUALITY numericStringMatch
|
|
SUBSTR numericStringSubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} )
|
|
|
|
attributetype ( 2.5.4.25 NAME 'internationaliSDNNumber' EQUALITY numericStringMatch
|
|
SUBSTR numericStringSubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} )
|
|
|
|
attributetype ( 2.5.4.26 NAME 'registeredAddress' SUP postalAddress
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
|
|
|
|
attributetype ( 2.5.4.27 NAME 'destinationIndicator' EQUALITY caseIgnoreMatch
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} )
|
|
|
|
attributetype ( 2.5.4.28 NAME 'preferredDeliveryMethod'
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.14
|
|
SINGLE-VALUE )
|
|
|
|
attributetype ( 2.5.4.29 NAME 'presentationAddress'
|
|
EQUALITY presentationAddressMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.43
|
|
SINGLE-VALUE )
|
|
|
|
attributetype ( 2.5.4.30 NAME 'supportedApplicationContext'
|
|
EQUALITY objectIdentifierMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
|
|
|
|
# Placed here because others derive from it.
|
|
|
|
# We had a dn definition in slapd.at.conf and Netscape lists both
|
|
# names for that OID. This is wrong, 'dn' is used internally in slapd
|
|
# as the name of a pseudo-attribute type that contains the
|
|
# distinguished name of an entry. On the other hand, the attribute
|
|
# type distinguishedName is meant to be an "abstract" type and other
|
|
# dn-valued attribute types derive from it. So at most, 'dn' would
|
|
# be a subtype of distinguishedName, something like:
|
|
# attributetype ( dnOID NAME 'dn' SUP distinguishedName
|
|
# SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
|
|
|
|
attributetype ( 2.5.4.49 NAME 'distinguishedName'
|
|
EQUALITY distinguishedNameMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
|
|
|
|
attributetype ( 2.5.4.31 NAME 'member' SUP distinguishedName )
|
|
|
|
attributetype ( 2.5.4.32 NAME 'owner' SUP distinguishedName )
|
|
|
|
attributetype ( 2.5.4.33 NAME 'roleOccupant' SUP distinguishedName )
|
|
|
|
attributetype ( 2.5.4.34 NAME 'seeAlso' SUP distinguishedName )
|
|
|
|
attributetype ( 2.5.4.35 NAME 'userPassword' EQUALITY octetStringMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
|
|
|
|
# Must be stored and requested in the binary form, as
|
|
# userCertificate;binary
|
|
|
|
attributetype ( 2.5.4.36 NAME 'userCertificate'
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
|
|
|
|
# As above
|
|
|
|
attributetype ( 2.5.4.37 NAME 'cACertificate'
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
|
|
|
|
# As above
|
|
|
|
attributetype ( 2.5.4.38 NAME 'authorityRevocationList'
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
|
|
|
|
# As above
|
|
|
|
attributetype ( 2.5.4.39 NAME 'certificateRevocationList'
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
|
|
|
|
# As above
|
|
|
|
attributetype ( 2.5.4.40 NAME 'crossCertificatePair'
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 )
|
|
|
|
# 2.5.4.41 is 'name', moved above since other attribute types derive from it
|
|
|
|
attributetype ( 2.5.4.42 NAME 'givenName' SUP name )
|
|
|
|
attributetype ( 2.5.4.43 NAME 'initials' SUP name )
|
|
|
|
attributetype ( 2.5.4.45 NAME 'x500UniqueIdentifier' EQUALITY bitStringMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )
|
|
|
|
attributetype ( 2.5.4.46 NAME 'dnQualifier' EQUALITY caseIgnoreMatch
|
|
ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
|
|
|
|
attributetype ( 2.5.4.47 NAME 'enhancedSearchGuide'
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 )
|
|
|
|
attributetype ( 2.5.4.48 NAME 'protocolInformation'
|
|
EQUALITY protocolInformationMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 )
|
|
|
|
# 2.5.4.49 is distinguishedName, moved up
|
|
|
|
attributetype ( 2.5.4.50 NAME 'uniqueMember' EQUALITY uniqueMemberMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 )
|
|
|
|
attributetype ( 2.5.4.51 NAME 'houseIdentifier' EQUALITY caseIgnoreMatch
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
|
|
|
|
# This attribute is to be stored and requested in the binary form, as
|
|
# 'supportedAlgorithms;binary'.
|
|
|
|
attributetype ( 2.5.4.52 NAME 'supportedAlgorithms'
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 )
|
|
|
|
# This attribute is to be stored and requested in the binary form, as
|
|
# 'deltaRevocationList;binary'.
|
|
|
|
attributetype ( 2.5.4.53 NAME 'deltaRevocationList'
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
|
|
|
|
attributetype ( 2.5.4.54 NAME 'dmdName' SUP name )
|
|
|
|
# Standard object classes from RFC2256
|
|
|
|
objectclass ( 2.5.6.0 NAME 'top' ABSTRACT MUST objectClass )
|
|
|
|
objectclass ( 2.5.6.1 NAME 'alias' SUP top STRUCTURAL MUST aliasedObjectName )
|
|
|
|
objectclass ( 2.5.6.2 NAME 'country' SUP top STRUCTURAL MUST c
|
|
MAY ( searchGuide $ description ) )
|
|
|
|
objectclass ( 2.5.6.3 NAME 'locality' SUP top STRUCTURAL
|
|
MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) )
|
|
|
|
objectclass ( 2.5.6.4 NAME 'organization' SUP top STRUCTURAL MUST o
|
|
MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
|
|
x121Address $ registeredAddress $ destinationIndicator $
|
|
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
|
|
telephoneNumber $ internationaliSDNNumber $
|
|
facsimileTelephoneNumber $
|
|
street $ postOfficeBox $ postalCode $ postalAddress $
|
|
physicalDeliveryOfficeName $ st $ l $ description ) )
|
|
|
|
objectclass ( 2.5.6.5 NAME 'organizationalUnit' SUP top STRUCTURAL MUST ou
|
|
MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
|
|
x121Address $ registeredAddress $ destinationIndicator $
|
|
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
|
|
telephoneNumber $ internationaliSDNNumber $
|
|
facsimileTelephoneNumber $
|
|
street $ postOfficeBox $ postalCode $ postalAddress $
|
|
physicalDeliveryOfficeName $ st $ l $ description ) )
|
|
|
|
objectclass ( 2.5.6.6 NAME 'person' SUP top STRUCTURAL MUST ( sn $ cn )
|
|
MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) )
|
|
|
|
objectclass ( 2.5.6.7 NAME 'organizationalPerson' SUP person STRUCTURAL
|
|
MAY ( title $ x121Address $ registeredAddress $
|
|
destinationIndicator $
|
|
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
|
|
telephoneNumber $ internationaliSDNNumber $
|
|
facsimileTelephoneNumber $
|
|
street $ postOfficeBox $ postalCode $ postalAddress $
|
|
physicalDeliveryOfficeName $ ou $ st $ l ) )
|
|
|
|
# Notice that preferredDeliveryMethod is duplicate
|
|
|
|
objectclass ( 2.5.6.8 NAME 'organizationalRole' SUP top STRUCTURAL MUST cn
|
|
MAY ( x121Address $ registeredAddress $ destinationIndicator $
|
|
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
|
|
telephoneNumber $ internationaliSDNNumber $
|
|
facsimileTelephoneNumber $
|
|
seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $
|
|
postOfficeBox $ postalCode $ postalAddress $
|
|
physicalDeliveryOfficeName $ ou $ st $ l $ description ) )
|
|
|
|
objectclass ( 2.5.6.9 NAME 'groupOfNames' SUP top STRUCTURAL MUST ( member $ cn )
|
|
MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
|
|
|
|
# Notice that preferredDeliveryMethod is duplicate
|
|
# It seems they could not agree on wheter telephoneNumber is MAY
|
|
# in person. Probably it wasn't originally at was added as an
|
|
# afterthought
|
|
|
|
objectclass ( 2.5.6.10 NAME 'residentialPerson' SUP person STRUCTURAL MUST l
|
|
MAY ( businessCategory $ x121Address $ registeredAddress $
|
|
destinationIndicator $ preferredDeliveryMethod $ telexNumber $
|
|
teletexTerminalIdentifier $ telephoneNumber $
|
|
internationaliSDNNumber $
|
|
facsimileTelephoneNumber $ preferredDeliveryMethod $ street $
|
|
postOfficeBox $ postalCode $ postalAddress $
|
|
physicalDeliveryOfficeName $ st $ l ) )
|
|
|
|
objectclass ( 2.5.6.11 NAME 'applicationProcess' SUP top STRUCTURAL MUST cn
|
|
MAY ( seeAlso $ ou $ l $ description ) )
|
|
|
|
objectclass ( 2.5.6.12 NAME 'applicationEntity' SUP top STRUCTURAL
|
|
MUST ( presentationAddress $ cn )
|
|
MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $
|
|
description ) )
|
|
|
|
# This one was wrong in our schema, it only allowed the aditional
|
|
# knowledgeInformation attribute, while it is derived from
|
|
# applicationEntity and should allow all its attributes as well.
|
|
|
|
objectclass ( 2.5.6.13 NAME 'dSA' SUP applicationEntity STRUCTURAL
|
|
MAY knowledgeInformation )
|
|
|
|
objectclass ( 2.5.6.14 NAME 'device' SUP top STRUCTURAL MUST cn
|
|
MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) )
|
|
|
|
objectclass ( 2.5.6.15 NAME 'strongAuthenticationUser' SUP top AUXILIARY
|
|
MUST userCertificate )
|
|
|
|
objectclass ( 2.5.6.16 NAME 'certificationAuthority' SUP top AUXILIARY
|
|
MUST ( authorityRevocationList $ certificateRevocationList $
|
|
cACertificate ) MAY crossCertificatePair )
|
|
|
|
# New
|
|
|
|
objectclass ( 2.5.6.17 NAME 'groupOfUniqueNames' SUP top STRUCTURAL
|
|
MUST ( uniqueMember $ cn )
|
|
MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
|
|
|
|
# New
|
|
|
|
objectclass ( 2.5.6.18 NAME 'userSecurityInformation' SUP top AUXILIARY
|
|
MAY ( supportedAlgorithms ) )
|
|
|
|
# New
|
|
|
|
objectclass ( 2.5.6.16.2 NAME 'certificationAuthority-V2' SUP
|
|
certificationAuthority
|
|
AUXILIARY MAY ( deltaRevocationList ) )
|
|
|
|
# New
|
|
|
|
objectclass ( 2.5.6.19 NAME 'cRLDistributionPoint' SUP top STRUCTURAL
|
|
MUST ( cn ) MAY ( certificateRevocationList $
|
|
authorityRevocationList $
|
|
deltaRevocationList ) )
|
|
|
|
# New
|
|
|
|
objectclass ( 2.5.6.20 NAME 'dmd' SUP top STRUCTURAL MUST ( dmdName )
|
|
MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
|
|
x121Address $ registeredAddress $ destinationIndicator $
|
|
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
|
|
telephoneNumber $ internationaliSDNNumber $
|
|
facsimileTelephoneNumber $
|
|
street $ postOfficeBox $ postalCode $ postalAddress $
|
|
physicalDeliveryOfficeName $ st $ l $ description ) )
|
|
|
|
# Next objectclass is defined in RFC2252, but has to be put after top
|
|
|
|
objectclass ( 1.3.6.1.4.1.1466.101.120.111 NAME 'extensibleObject'
|
|
SUP top AUXILIARY )
|
|
|
|
#
|
|
# Standard Track URI label schema from RFC2079
|
|
#
|
|
attributetype ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI'
|
|
DESC 'Uniform Resource Identifier with optional label'
|
|
EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
|
|
|
objectclass ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject'
|
|
DESC 'object that contains the URI attribute type'
|
|
MAY ( labeledURI ) SUP top AUXILIARY )
|
|
|
|
#
|
|
# From draft-ietf-ldapext-nameref-00.txt
|
|
# used to represent referrals in the directory
|
|
#
|
|
attributetype ( 2.16.840.1.113730.3.1.34 NAME 'ref' DESC 'URL Reference'
|
|
EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
|
|
USAGE distributedOperation )
|
|
|
|
objectclass ( 2.16.840.1.113730.3.2.6 NAME 'referral'
|
|
SUP top STRUCTURAL MAY ( ref ) )
|
|
|
|
#
|
|
# LDAPsubEntry
|
|
# OID not assigned (1.3.6.1.4.1.1466.115.121.1.??)
|
|
#
|
|
objectclass ( LDAPsubEntryOID NAME 'LDAPsubEntry'
|
|
DESC 'Limited X.501 Subentry class, named by cn'
|
|
SUP top STRUCTURAL MUST ( cn ) )
|
|
|
|
#
|
|
# LDAProotDSE
|
|
#
|
|
objectclass ( LDAProotDSEOID NAME 'LDAProotDSE'
|
|
DESC 'Root DSE object class'
|
|
SUP top STRUCTURAL )
|