Re: [iana-pen@iana.org: RE: Application for Enterprise-number (9586)]

[Russell Coker <russell@coker.com.au>]

On Saturday 02 June 2001 22:16, Wichert Akkerman wrote:
> This got a bit stuck on my mailbox for the last two weeks. A while
> ago I submited a request to IANA to assign an enterprise number
> to Debian. These numbers are used for MIB (think SNMP) and X.500/LDAP.
>
> At this moment we aren't using it yet. I'll start using bits of
> it for the Debian-specific bits of our OpenLDAP packages, but other
> developers are free to request a bit of hierarchy space for
> Debian-specific projects as well. For this purpose the email
> address iana@debian.org has been setup.

Excellent news!

I have attached the schemalet I'm workong on at the moment for IP access 
controls.  The major changes since the previous version are the inclusion of 
the Debian number and the prefixing of all attribute and objectClass names 
with "deb" which I believe is the appropriate thing to do.

Please tell me what you think!

Also please note that this is not an official use of Debian schema space, 
until Wichert has given his blessing it's not official...

-- 
http://www.coker.com.au/bonnie++/     Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/       Postal SMTP/POP benchmark
http://www.coker.com.au/projects.html Projects I am working on
http://www.coker.com.au/~russell/     My home page

# under iso.org.dod.internet.private.enterprise (1.3.6.1.4.1) we have Debian
# (9586) giving us the prefix of 1.3.6.1.4.1.9586.
#
# under the base OID I have decided to use 2 for LDAP (leaving 1 for SNMP),
# then under that 1 is for attributes and 2 is for objectClass's.  This is
# arbitary but copies some sample schema from the OpenLDAP documentation

attributetype ( 1.3.6.1.4.1.9586.2.1.1 NAME 'debIpAllowedClients'
        DESC 'IP address or IP address range, either CIDR or 1.2.3.4-1.2.3.100 range allowed to connect'
        EQUALITY caseIgnoreIA5Match
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} )
attributetype ( 1.3.6.1.4.1.9586.2.1.2 NAME 'debIpDeniedClients'
        DESC 'IP address or IP address range, either CIDR or 1.2.3.4-1.2.3.100 range not allowed to connect'
        EQUALITY caseIgnoreIA5Match
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} )
attributetype ( 1.3.6.1.4.1.9586.2.1.3
        NAME ( 'debAllowedService' )
        DESC 'Service that this object allows access to, suggested values include "FTP", "SSH", "HTTP", or other names from /etc/services, or "ALL", or it can be classes of service EG "STAFF" to mean that the account works on staff machines'
        EQUALITY caseIgnoreMatch
        SUBSTR caseIgnoreSubstringsMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 1.3.6.1.4.1.9586.2.1.4
        NAME ( 'debDeniedService' )
        DESC 'Service that this object denies access to, suggested values include "FTP", "SSH", "HTTP", or other names from /etc/services, or "ALL", or it can be classes of service EG "STAFF" to mean that the account is denied on staff machines'
        EQUALITY caseIgnoreMatch
        SUBSTR caseIgnoreSubstringsMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )


objectclass ( 1.3.6.1.4.1.9586.2.2.1
        NAME 'debNetworkSecurity'
        DESC 'A security object to specify the access that a user has to network services, or the access that a server program provides to the world.'
        SUP top
        MAY ( debIpAllowedClients $ debIpDeniedClients $ debAllowedService $ debDeniedService ) )