On Sun, Mar 07, 2004 at 03:50:05PM +0000, Magosányi Árpád wrote: > Where can I find the schema files used by the debian ldap server? > I coul only find a proposed schema with syntax errors with gugli. The most recent copy I have of the schema is attached. I believe this is what's currently in use on db.debian.org, but don't have access to confirm this. Regards, -- Steve Langasek postmodern programmer
# Revision history:
#
# 0.6
# - fix dnsZoneEntry attribute definition to support substring matching
#
# 0.5 [JT]
# - Add 'access' as a MAY for debianDeveloper objectclass.
# - Add 'gid' attribute.
# - Make homeDirectory a MAY not MUST for debianAccount.
# - drop userPassword and memberUID MAYs from debianGroup.
# - add SUP top STRUCTURAL to debianGroup.
#
# 0.4
# - add a UTF8-enabled 'gecos' attribute type, conflicts with RFC2307
# - add debianAccount, which is roughly equivalent to posixAccount but
# permits UTF8 gecos fields
# - add debianGroup, which is the same as above but for posixGroup
#
# 0.3
# - Remove labeledURI, jpegPhoto from the list of supported
# attributes; using inetOrgPerson instead of organizationalPerson as
# a structural objectclass gives us both of these, and several other
# attributes that may be useful.
# - Add echelon attributes for MIA work to the debiandeveloper
# objectclass. (accountcomment,accountstatus)
# - Add specification for debianServer objectclass, used for Debian
# server listings
#
# 0.2
# - grammarfied 'allowedHosts' to 'allowedHost' as
# 1.3.6.1.4.1.9586.100.4.2.12.
# - add 'privateSub' as 1.3.6.1.4.1.9586.100.4.4.5.
# - add 'jabberJID' as 1.3.6.1.4.1.9586.100.4.2.13.
# - change 'icqUIN' to an integer type (see? I told you it wasn't
# approved for use yet! ;)
#
# 0.1
# - initial revision
#
#
# Project: db.debian.org
# Contact: Debian directory administrators <admin@db.debian.org>
# Type: X.500/LDAP
# Section: Project
#
# enterprise.Debian.project.userdir / 1.3.6.1.4.1.9586.100.4
#
# .1 - public LDAP objectClasses
# .1 - debianAccount
# .2 - debianGroup
#
# .2 - public LDAP attributeTypes
# .1 - sshRSAAuthKey
# .2 - activity-from
# .3 - activity-pgp
# .4 - comment
# .5 - icqUin
# .6 - ircNick
# .7 - latitude
# .8 - longitude
# .9 - middlename (mn)
# .10 - onVacation
# .11 - supplementaryGid
# .12 - allowedHost
# .13 - jabberJID
# .14 - access
# .15 - admin
# .16 - architecture
# .17 - bandwidth
# .18 - disk
# .19 - distribution
# .20 - host
# .21 - hostname
# .22 - machine
# .23 - memory
# .24 - sponsor
# .25 - sponsor-admin
# .26 - sshRSAHostKey
# .27 - status
# .28 - gecos
# .29 - gid
#
# .3 - experimental LDAP objectClasses
# .1 - debianDeveloper
# .2 - debianServer
#
# .4 - experimental LDAP attributeTypes
# .1 - allowedHosts - OBSOLETED
# .2 - dnsZoneEntry
# .3 - emailForward
# .4 - keyFingerPrint
# .5 - privateSub
# .6 - accountComment
# .7 - accountStatus
# Public attribute types
attributetype ( 1.3.6.1.4.1.9586.100.4.2.1
NAME 'sshRSAAuthKey'
DESC 'textual form of an SSH public key compatible with authorized_keys'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.9586.100.4.2.2
NAME 'activity-from'
DESC 'last known activity from user email address'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.9586.100.4.2.3
NAME 'activity-pgp'
DESC 'last known activity from user PGP key'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.9586.100.4.2.4
NAME 'comment'
DESC 'user-editable comment'
EQUALITY caseExactIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.9586.100.4.2.5
NAME 'icqUin'
DESC 'UIN for ICQ instant messaging system'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
attributetype ( 1.3.6.1.4.1.9586.100.4.2.6
NAME 'ircNick'
DESC 'Internet Relay Chat nickname'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.9586.100.4.2.7
NAME 'latitude'
DESC 'latitude coordinate'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.9586.100.4.2.8
NAME 'longitude'
DESC 'longitude coordinate'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.9586.100.4.2.9
NAME ( 'mn' 'middlename' )
SUP name )
attributetype ( 1.3.6.1.4.1.9586.100.4.2.10
NAME 'onVacation'
DESC 'vacation message'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.9586.100.4.2.11
NAME 'supplementaryGid'
DESC 'additional Unix group id of user'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 1.3.6.1.4.1.9586.100.4.2.12
NAME 'allowedHost'
DESC 'host name this account is allowed access to'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.9586.100.4.2.13
NAME 'jabberJID'
DESC 'JID for Jabber instant messaging protocol'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.9586.100.4.2.14
NAME 'access'
DESC 'nature of access allowed to server'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.9586.100.4.2.15
NAME 'admin'
DESC 'email address of server administrator'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
attributetype ( 1.3.6.1.4.1.9586.100.4.2.16
NAME 'architecture'
DESC 'hardware architecture of server'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.9586.100.4.2.17
NAME 'bandwidth'
DESC 'type of network connection for server'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
attributetype ( 1.3.6.1.4.1.9586.100.4.2.18
NAME 'disk'
DESC 'amount of disk space available to server'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} )
attributetype ( 1.3.6.1.4.1.9586.100.4.2.19
NAME 'distribution'
DESC 'host OS distribution'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )
#attributetype ( 1.3.6.1.4.1.9586.100.4.2.20
# NAME 'host'
# DESC '(short) host name of server'
# EQUALITY caseIgnoreIA5Match
# SUBSTR caseIgnoreIA5SubstringsMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.9586.100.4.2.21
NAME 'hostname'
DESC 'FQDN of the server'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.9586.100.4.2.22
NAME 'machine'
DESC 'description of physical hardware'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.9586.100.4.2.23
NAME 'memory'
DESC 'amount of RAM available to server'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} )
attributetype ( 1.3.6.1.4.1.9586.100.4.2.24
NAME 'sponsor'
DESC 'name of the sponsor of this server'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.9586.100.4.2.25
NAME 'sponsor-admin'
DESC 'email address of sponsoring server administrator'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
attributetype ( 1.3.6.1.4.1.9586.100.4.2.26
NAME 'sshRSAHostKey'
DESC 'textual form of an SSH public host key compatible with known_hosts'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.9586.100.4.2.27
NAME 'status'
DESC 'administrative status of server'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.9586.100.4.2.28
NAME 'gecos'
DESC 'The GECOS field; the common name'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.9586.100.4.2.29
NAME 'gid'
DESC 'Group Name'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
# Public object classes
objectclass ( 1.3.6.1.4.1.9586.100.4.1.1
NAME 'debianAccount'
DESC 'Abstraction of an account with POSIX attributes and UTF8 support'
SUP top AUXILIARY
MUST ( cn $ uid $ uidNumber $ gidNumber )
MAY ( userPassword $ loginShell $ gecos $ homeDirectory $ description ) )
objectclass ( 1.3.6.1.4.1.9586.100.4.1.2
NAME 'debianGroup'
SUP top STRUCTURAL
DESC 'attributes used for Debian groups'
MUST ( gid $ gidNumber )
MAY ( description ) )
# Experimental attribute types
# There are existing schemas for doing DNS in LDAP; would one of
# these be better? c.f. draft-miller-dns-ldap-schema-00 (expired)
attributetype ( 1.3.6.1.4.1.9586.100.4.4.2
NAME 'dnsZoneEntry'
DESC 'DNS zone record for user'
EQUALITY octetStringMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
# rfc822mailbox (RFC1274) is recommended as a replacement for this in
# general.
attributetype ( 1.3.6.1.4.1.9586.100.4.4.3
NAME 'emailForward'
DESC 'forwarding address for email sent to this account'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
# Network Associates also has a schema for PGP keys / key IDs which may
# or may not be applicable:
# http://www.openldap.org/lists/openldap-devel/200010/msg00071.html
attributetype ( 1.3.6.1.4.1.9586.100.4.4.4
NAME 'keyFingerPrint'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
# Rather Debian-specific, not useful to the public.
attributetype ( 1.3.6.1.4.1.9586.100.4.4.5
NAME 'privateSub'
DESC 'email subscription address for debian-private mailing list'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
# Echelon attributes; re-evaluate later
attributetype ( 1.3.6.1.4.1.9586.100.4.4.6
NAME 'accountComment'
DESC 'additional comments regarding the account status'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.9586.100.4.4.7
NAME 'accountStatus'
DESC 'Debian developer account status'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
# Experimental objectclasses:
objectclass ( 1.3.6.1.4.1.9586.100.4.3.1
NAME 'debianDeveloper'
DESC 'additional account attributes used by Debian'
SUP top AUXILIARY
MUST ( uid $ cn $ sn )
MAY ( accountComment $ accountStatus $ activity-from $
activity-pgp $ allowedHost $ comment $ countryName $
dnsZoneEntry $ emailForward $ icqUin $ ircNick $
jabberJID $ keyFingerPrint $ latitude $ longitude $ mn $
onVacation $ privateSub $ sshRSAAuthKey $ supplementaryGid $
access
) )
objectclass ( 1.3.6.1.4.1.9586.100.4.3.2
NAME 'debianServer'
DESC 'Internet-connected server associated with Debian'
SUP top STRUCTURAL
MUST ( host $ hostname )
MAY ( admin $ architecture $ bandwidth $ description $ disk $
distribution $ l $ machine $ memory $ sponsor $
sponsor-admin $ sshRSAHostKey $ status
) )
Attachment:
signature.asc
Description: Digital signature