Fwd: Re: Debian LDAP Schema

To: bortzmeyer@netaktiv.com, wichert@valinux.com
Cc: debian-isp@lists.debian.org
Subject: Fwd: Re: Debian LDAP Schema
From: Russell Coker <russell@coker.com.au>
Date: Thu, 26 Apr 2001 09:43:25 +0200
Message-id: <01042609432500.01917@lyta>
Reply-to: Russell Coker <russell@coker.com.au>

This is a thread that I'm moving from debian-devel.

On Wednesday 25 April 2001 12:45, Stephane Bortzmeyer wrote:
>  a message of 35 lines which said:
> > Wichert, some time ago you were talking about the possibility of getting
> > an ISO number assigned to Debian so we can create our own official LDAP
> > schema. Has there been any progress on this issue?  If not then what has
> > to be done?
>
> Getting a number is just a matter of two mail exchanges with IANA. It
> is quite simple and takes a few days. I can do it, if you wish.

I've just received a message from Wichert informing me that this is already
under way.

> PS: where can I find the current Debian schema?

AFAIK there isn't one (yet).

How about the following as a start:


# These object classes and attributes are rooted at OID
# DEBIAN for the Debian project

attributetype ( DEBIAN.xx NAME 'ipAllowedClients'
        DESC 'IP address or IP address range (either CIDR or
1.2.3.4-1.2.3.100 range allowed to connect'
        EQUALITY caseIgnoreIA5Match
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} )
attributetype ( DEBIAN.xx NAME 'ipDeniedClients'
        DESC 'IP address or IP address range (either CIDR or
1.2.3.4-1.2.3.100 range not allowed to connect'
        EQUALITY caseIgnoreIA5Match
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} )
attributetype ( DEBIAN.xx
        NAME ( 'allowedService' )
        DESC 'Service that this object allows access to, suggested values
include "FTP", "SSH", "HTTP", or other names from /etc/services, or "ALL", or 
it can be classes of service EG "STAFF" to mean that the account works on 
staff machines'
        EQUALITY caseIgnoreMatch
        SUBSTR caseIgnoreSubstringsMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( DEBIAN.xx
        NAME ( 'deniedService' )
        DESC 'Service that this object denies access to, suggested values
include "FTP", "SSH", "HTTP", or other names from /etc/services, or "ALL", or 
it can be classes of service EG "STAFF" to mean that the account is denied on 
staff machines'
        EQUALITY caseIgnoreMatch
        SUBSTR caseIgnoreSubstringsMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )


objectclass ( DEBIAN.xx
        NAME 'networkSecurity'
        DESC 'A security object to specify the access that a user has to
network services, or the access that a server program provides to the world.'
        SUP top
        MAY ( ipAllowedClients $ ipDeniedClients $ allowedService $
deniedService )


--
http://www.coker.com.au/bonnie++/     Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/       Postal SMTP/POP benchmark
http://www.coker.com.au/projects.html Projects I am working on
http://www.coker.com.au/~russell/     My home page

Reply to:

Prev by Date: verifiying porstsentry entries in '/etc/hosts.deny'
Next by Date: Apache and multiple virtual domains
Previous by thread: verifiying porstsentry entries in '/etc/hosts.deny'
Next by thread: Apache and multiple virtual domains
Index(es):
- Date
- Thread