4 # - [PP] Now version controlled in db.d.o bzr repository - 2007-12-25
5 # - [HE] Add 'purpose', 'physicalHost' to debianServer - 2007-12-25
6 # - [zobel] Add 'VoIP' - 2008-05-10
7 # - [luk] Add 'subGroup' to group - 2008-11-22
10 # - Add 'gender' and 'birthDate' to debianDeveloper
11 # - Add 'mailDisableMessage' to debianAccount
12 # - Add 'mailDisableMessage', 'mailCallout', 'mailGreylisting', 'mailRBL',
13 # 'mailRHSBL', and 'mailWhitelist' to debianDeveloper and debianRoleAccount
16 # - Add 'access' as a MAY for debianServer objectclass.
17 # - Make activity-from a UTF-8 string rather than ASCII.
18 # - add new debianRoleAccount objectclass.
21 # - Add 'access' as a MAY for debianDeveloper objectclass.
22 # - Add 'gid' attribute.
23 # - Make homeDirectory a MAY not MUST for debianAccount.
24 # - drop userPassword and memberUID MAYs from debianGroup.
25 # - add SUP top STRUCTURAL to debianGroup.
28 # - add a UTF8-enabled 'gecos' attribute type, conflicts with RFC2307
29 # - add debianAccount, which is roughly equivalent to posixAccount but
30 # permits UTF8 gecos fields
31 # - add debianGroup, which is the same as above but for posixGroup
34 # - Remove labeledURI, jpegPhoto from the list of supported
35 # attributes; using inetOrgPerson instead of organizationalPerson as
36 # a structural objectclass gives us both of these, and several other
37 # attributes that may be useful.
38 # - Add echelon attributes for MIA work to the debiandeveloper
39 # objectclass. (accountcomment,accountstatus)
40 # - Add specification for debianServer objectclass, used for Debian
44 # - grammarfied 'allowedHosts' to 'allowedHost' as
45 # 1.3.6.1.4.1.9586.100.4.2.12.
46 # - add 'privateSub' as 1.3.6.1.4.1.9586.100.4.4.5.
47 # - add 'jabberJID' as 1.3.6.1.4.1.9586.100.4.2.13.
48 # - change 'icqUIN' to an integer type (see? I told you it wasn't
49 # approved for use yet! ;)
55 # Project: db.debian.org
56 # Contact: Debian directory administrators <admin@db.debian.org>
60 # enterprise.Debian.project.userdir / 1.3.6.1.4.1.9586.100.4
62 # .1 - public LDAP objectClasses
66 # .2 - public LDAP attributeTypes
75 # .9 - middlename (mn)
77 # .11 - supplementaryGid
98 # .32 - mailDisableMessage
105 # .3 - experimental LDAP objectClasses
106 # .1 - debianDeveloper
108 # .3 - debianRoleAccount
110 # .4 - experimental LDAP attributeTypes
111 # .1 - allowedHosts - OBSOLETED
114 # .4 - keyFingerPrint
116 # .6 - accountComment
118 # .8 - perform callouts
119 # .9 - perform greylisting
123 # .14 - OptOut Spamfiltering
125 # Public attribute types
126 attributetype ( 1.3.6.1.4.1.9586.100.4.2.1
128 DESC 'textual form of an SSH public key compatible with authorized_keys'
129 EQUALITY caseIgnoreMatch
130 SUBSTR caseIgnoreSubstringsMatch
131 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
133 attributetype ( 1.3.6.1.4.1.9586.100.4.2.2
135 DESC 'last known activity from user email address'
136 EQUALITY caseExactMatch
137 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
139 attributetype ( 1.3.6.1.4.1.9586.100.4.2.3
141 DESC 'last known activity from user PGP key'
142 EQUALITY caseExactIA5Match
143 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
145 attributetype ( 1.3.6.1.4.1.9586.100.4.2.4
147 DESC 'user-editable comment'
148 EQUALITY caseExactIA5Match
149 SUBSTR caseIgnoreIA5SubstringsMatch
150 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
152 attributetype ( 1.3.6.1.4.1.9586.100.4.2.5
154 DESC 'UIN for ICQ instant messaging system'
155 EQUALITY integerMatch
156 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
158 attributetype ( 1.3.6.1.4.1.9586.100.4.2.6
160 DESC 'Internet Relay Chat nickname'
161 EQUALITY caseIgnoreIA5Match
162 SUBSTR caseIgnoreIA5SubstringsMatch
163 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
165 attributetype ( 1.3.6.1.4.1.9586.100.4.2.7
167 DESC 'latitude coordinate'
168 EQUALITY caseExactIA5Match
169 SUBSTR caseExactIA5SubstringsMatch
170 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
172 attributetype ( 1.3.6.1.4.1.9586.100.4.2.8
174 DESC 'longitude coordinate'
175 EQUALITY caseExactIA5Match
176 SUBSTR caseExactIA5SubstringsMatch
177 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
179 attributetype ( 1.3.6.1.4.1.9586.100.4.2.9
180 NAME ( 'mn' 'middlename' )
183 attributetype ( 1.3.6.1.4.1.9586.100.4.2.10
185 DESC 'vacation message'
186 EQUALITY caseIgnoreMatch
187 SUBSTR caseIgnoreSubstringsMatch
188 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
190 attributetype ( 1.3.6.1.4.1.9586.100.4.2.11
191 NAME 'supplementaryGid'
192 DESC 'additional Unix group id of user'
193 EQUALITY caseIgnoreMatch
194 SUBSTR caseIgnoreSubstringsMatch
195 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
197 attributetype ( 1.3.6.1.4.1.9586.100.4.2.12
199 DESC 'host name this account is allowed access to'
200 EQUALITY caseIgnoreIA5Match
201 SUBSTR caseIgnoreIA5SubstringsMatch
202 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
204 attributetype ( 1.3.6.1.4.1.9586.100.4.2.13
206 DESC 'JID for Jabber instant messaging protocol'
207 EQUALITY caseIgnoreIA5Match
208 SUBSTR caseIgnoreIA5SubstringsMatch
209 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
211 attributetype ( 1.3.6.1.4.1.9586.100.4.2.14
213 DESC 'nature of access allowed to server'
214 EQUALITY caseIgnoreMatch
215 SUBSTR caseIgnoreSubstringsMatch
216 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
218 attributetype ( 1.3.6.1.4.1.9586.100.4.2.15
220 DESC 'email address of server administrator'
221 EQUALITY caseIgnoreIA5Match
222 SUBSTR caseIgnoreIA5SubstringsMatch
223 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
225 attributetype ( 1.3.6.1.4.1.9586.100.4.2.16
227 DESC 'hardware architecture of server'
228 EQUALITY caseIgnoreIA5Match
229 SUBSTR caseIgnoreIA5SubstringsMatch
230 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )
232 attributetype ( 1.3.6.1.4.1.9586.100.4.2.17
234 DESC 'type of network connection for server'
235 EQUALITY caseIgnoreMatch
236 SUBSTR caseIgnoreSubstringsMatch
237 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
239 attributetype ( 1.3.6.1.4.1.9586.100.4.2.18
241 DESC 'amount of disk space available to server'
242 EQUALITY caseIgnoreMatch
243 SUBSTR caseIgnoreSubstringsMatch
244 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} )
246 attributetype ( 1.3.6.1.4.1.9586.100.4.2.19
248 DESC 'host OS distribution'
249 EQUALITY caseIgnoreIA5Match
250 SUBSTR caseIgnoreIA5SubstringsMatch
251 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )
253 #attributetype ( 1.3.6.1.4.1.9586.100.4.2.20
255 # DESC '(short) host name of server'
256 # EQUALITY caseIgnoreIA5Match
257 # SUBSTR caseIgnoreIA5SubstringsMatch
258 # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGLE-VALUE )
260 attributetype ( 1.3.6.1.4.1.9586.100.4.2.21
262 DESC 'FQDN of the server'
263 EQUALITY caseIgnoreIA5Match
264 SUBSTR caseIgnoreIA5SubstringsMatch
265 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
267 attributetype ( 1.3.6.1.4.1.9586.100.4.2.22
269 DESC 'description of physical hardware'
270 EQUALITY caseIgnoreMatch
271 SUBSTR caseIgnoreSubstringsMatch
272 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} SINGLE-VALUE )
274 attributetype ( 1.3.6.1.4.1.9586.100.4.2.23
276 DESC 'amount of RAM available to server'
277 EQUALITY caseIgnoreMatch
278 SUBSTR caseIgnoreSubstringsMatch
279 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} )
281 attributetype ( 1.3.6.1.4.1.9586.100.4.2.24
283 DESC 'name of the sponsor of this server'
284 EQUALITY caseIgnoreMatch
285 SUBSTR caseIgnoreSubstringsMatch
286 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
288 attributetype ( 1.3.6.1.4.1.9586.100.4.2.25
290 DESC 'email address of sponsoring server administrator'
291 EQUALITY caseIgnoreIA5Match
292 SUBSTR caseIgnoreIA5SubstringsMatch
293 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
295 attributetype ( 1.3.6.1.4.1.9586.100.4.2.26
297 DESC 'textual form of an SSH public host key compatible with known_hosts'
298 EQUALITY caseIgnoreMatch
299 SUBSTR caseIgnoreSubstringsMatch
300 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
302 attributetype ( 1.3.6.1.4.1.9586.100.4.2.27
304 DESC 'administrative status of server'
305 EQUALITY caseIgnoreMatch
306 SUBSTR caseIgnoreSubstringsMatch
307 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
309 attributetype ( 1.3.6.1.4.1.9586.100.4.2.28
311 DESC 'The GECOS field; the common name'
312 EQUALITY caseIgnoreMatch
313 SUBSTR caseIgnoreSubstringsMatch
314 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
316 attributetype ( 1.3.6.1.4.1.9586.100.4.2.29
319 EQUALITY caseExactIA5Match
320 SUBSTR caseExactIA5SubstringsMatch
321 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
323 attributetype ( 1.3.6.1.4.1.9586.100.4.2.30
325 DESC 'ISO 5218 representation of human gender'
326 EQUALITY integerMatch
328 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27{1} )
330 attributetype ( 1.3.6.1.4.1.9586.100.4.2.31
332 DESC 'Date of birth in YYYYMMDD format'
333 EQUALITY numericStringMatch
335 SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{8} )
337 attributetype ( 1.3.6.1.4.1.9586.100.4.2.32
338 NAME 'mailDisableMessage'
339 DESC 'Message returned when all mail is disabled'
340 EQUALITY caseIgnoreIA5Match
341 SUBSTR caseIgnoreIA5SubstringsMatch
342 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
344 attributetype ( 1.3.6.1.4.1.9586.100.4.2.33
346 DESC 'purposes of this server'
347 EQUALITY caseIgnoreMatch
348 SUBSTR caseIgnoreSubstringsMatch
349 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
351 attributetype ( 1.3.6.1.4.1.9586.100.4.2.34
353 DESC 'FQDN of the physical host of this virtual server'
354 EQUALITY caseIgnoreIA5Match
355 SUBSTR caseIgnoreIA5SubstringsMatch
357 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
359 attributetype ( 1.3.6.1.4.1.9586.100.4.2.35
361 DESC 'VoIP URL to communicate with that person'
362 EQUALITY caseIgnoreIA5Match
363 SUBSTR caseIgnoreIA5SubstringsMatch
364 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
366 attributetype ( 1.3.6.1.4.1.9586.100.4.2.36
369 EQUALITY octetStringMatch
370 SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
372 attributetype ( 1.3.6.1.4.1.9586.100.4.2.37
374 DESC 'name of other group for which membership implied by memberschip to this group'
375 EQUALITY caseIgnoreIA5Match
376 SUBSTR caseIgnoreIA5SubstringsMatch
377 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
380 # Public object classes
382 objectclass ( 1.3.6.1.4.1.9586.100.4.1.1
384 DESC 'Abstraction of an account with POSIX attributes and UTF8 support'
386 MUST ( cn $ uid $ uidNumber $ gidNumber )
387 MAY ( userPassword $ loginShell $ gecos $ homeDirectory $ description $ mailDisableMessage $ sudoPassword ) )
389 objectclass ( 1.3.6.1.4.1.9586.100.4.1.2
392 DESC 'attributes used for Debian groups'
393 MUST ( gid $ gidNumber )
394 MAY ( description $ subGroup ) )
396 # Experimental attribute types
398 # There are existing schemas for doing DNS in LDAP; would one of
399 # these be better? c.f. draft-miller-dns-ldap-schema-00 (expired)
400 attributetype ( 1.3.6.1.4.1.9586.100.4.4.2
402 DESC 'DNS zone record for user'
403 EQUALITY octetStringMatch
404 SUBSTR caseIgnoreSubstringsMatch
405 SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
407 # rfc822mailbox (RFC1274) is recommended as a replacement for this in
409 attributetype ( 1.3.6.1.4.1.9586.100.4.4.3
411 DESC 'forwarding address for email sent to this account'
412 EQUALITY caseIgnoreIA5Match
413 SUBSTR caseIgnoreIA5SubstringsMatch
414 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
416 # Network Associates also has a schema for PGP keys / key IDs which may
417 # or may not be applicable:
418 # http://www.openldap.org/lists/openldap-devel/200010/msg00071.html
419 attributetype ( 1.3.6.1.4.1.9586.100.4.4.4
420 NAME 'keyFingerPrint'
421 EQUALITY caseIgnoreMatch
422 SUBSTR caseIgnoreSubstringsMatch
423 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
425 # Rather Debian-specific, not useful to the public.
426 attributetype ( 1.3.6.1.4.1.9586.100.4.4.5
428 DESC 'email subscription address for debian-private mailing list'
429 EQUALITY caseIgnoreIA5Match
430 SUBSTR caseIgnoreIA5SubstringsMatch
431 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
433 # Echelon attributes; re-evaluate later
434 attributetype ( 1.3.6.1.4.1.9586.100.4.4.6
435 NAME 'accountComment'
436 DESC 'additional comments regarding the account status'
437 EQUALITY caseIgnoreIA5Match
438 SUBSTR caseIgnoreIA5SubstringsMatch
439 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
441 attributetype ( 1.3.6.1.4.1.9586.100.4.4.7
443 DESC 'Debian developer account status'
444 EQUALITY caseIgnoreIA5Match
445 SUBSTR caseIgnoreIA5SubstringsMatch
446 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
448 # mail attributes; not public information
449 attributetype ( 1.3.6.1.4.1.9586.100.4.4.8
451 DESC 'Whether or not to require a successful callout attempt on email delivery'
452 EQUALITY booleanMatch
453 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
455 attributetype ( 1.3.6.1.4.1.9586.100.4.4.9
456 NAME 'mailGreylisting'
457 DESC 'Whether or not to perform greylisting on email delivery'
458 EQUALITY booleanMatch
459 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
461 attributetype ( 1.3.6.1.4.1.9586.100.4.4.11
463 DESC 'RBL sites to check at SMTP accept time'
464 EQUALITY caseIgnoreIA5Match
465 SUBSTR caseIgnoreIA5SubstringsMatch
466 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
468 attributetype ( 1.3.6.1.4.1.9586.100.4.4.12
470 DESC 'RHSBL sites to check at SMTP accept time'
471 EQUALITY caseIgnoreIA5Match
472 SUBSTR caseIgnoreIA5SubstringsMatch
473 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
475 attributetype ( 1.3.6.1.4.1.9586.100.4.4.13
477 DESC 'sites to whitelist from additional SMTP accept time checks'
478 EQUALITY caseIgnoreIA5Match
479 SUBSTR caseIgnoreIA5SubstringsMatch
480 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
482 attributetype ( 1.3.6.1.4.1.9586.100.4.4.14
483 NAME 'mailSpamOptOut'
484 DESC 'I dont like the debian anti spam setup, i want no spam filtering'
485 EQUALITY booleanMatch
486 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
488 # Experimental objectclasses:
490 objectclass ( 1.3.6.1.4.1.9586.100.4.3.1
491 NAME 'debianDeveloper'
492 DESC 'additional account attributes used by Debian'
494 MUST ( uid $ cn $ sn )
495 MAY ( accountComment $ accountStatus $ activity-from $
496 activity-pgp $ allowedHost $ comment $ countryName $
497 dnsZoneEntry $ emailForward $ icqUin $ ircNick $
498 jabberJID $ keyFingerPrint $ latitude $ longitude $ mn $
499 onVacation $ privateSub $ sshRSAAuthKey $ supplementaryGid $
500 access $ gender $ birthDate $ mailCallout $ mailGreylisting $
501 mailRBL $ mailRHSBL $ mailWhitelist $ VoIP $ mailSpamOptOut
504 objectclass ( 1.3.6.1.4.1.9586.100.4.3.2
506 DESC 'Internet-connected server associated with Debian'
508 MUST ( host $ hostname )
509 MAY ( c $ access $ admin $ architecture $ bandwidth $ description $ disk $
510 distribution $ l $ machine $ memory $ sponsor $
511 sponsor-admin $ sshRSAHostKey $ status $ purpose $ physicalHost
514 objectclass ( 1.3.6.1.4.1.9586.100.4.3.3
515 NAME 'debianRoleAccount'
516 DESC 'Abstraction of an account with POSIX attributes and UTF8 support'
517 SUP account STRUCTURAL
518 MAY ( emailForward $ supplementaryGid $ allowedHost $ labeledURI $
519 mailCallout $ mailGreylisting $ mailRBL $ mailRHSBL $
520 mailWhitelist $ mailSpamOptOut $ dnsZoneEntry