4 # - Now version controlled in db.d.o bzr repository - 2007-12-25
7 # - Add 'gender' and 'birthDate' to debianDeveloper
8 # - Add 'mailDisableMessage' to debianAccount
9 # - Add 'mailDisableMessage', 'mailCallout', 'mailGreylisting', 'mailRBL',
10 # 'mailRHSBL', and 'mailWhitelist' to debianDeveloper and debianRoleAccount
13 # - Add 'access' as a MAY for debianServer objectclass.
14 # - Make activity-from a UTF-8 string rather than ASCII.
15 # - add new debianRoleAccount objectclass.
18 # - Add 'access' as a MAY for debianDeveloper objectclass.
19 # - Add 'gid' attribute.
20 # - Make homeDirectory a MAY not MUST for debianAccount.
21 # - drop userPassword and memberUID MAYs from debianGroup.
22 # - add SUP top STRUCTURAL to debianGroup.
25 # - add a UTF8-enabled 'gecos' attribute type, conflicts with RFC2307
26 # - add debianAccount, which is roughly equivalent to posixAccount but
27 # permits UTF8 gecos fields
28 # - add debianGroup, which is the same as above but for posixGroup
31 # - Remove labeledURI, jpegPhoto from the list of supported
32 # attributes; using inetOrgPerson instead of organizationalPerson as
33 # a structural objectclass gives us both of these, and several other
34 # attributes that may be useful.
35 # - Add echelon attributes for MIA work to the debiandeveloper
36 # objectclass. (accountcomment,accountstatus)
37 # - Add specification for debianServer objectclass, used for Debian
41 # - grammarfied 'allowedHosts' to 'allowedHost' as
42 # 1.3.6.1.4.1.9586.100.4.2.12.
43 # - add 'privateSub' as 1.3.6.1.4.1.9586.100.4.4.5.
44 # - add 'jabberJID' as 1.3.6.1.4.1.9586.100.4.2.13.
45 # - change 'icqUIN' to an integer type (see? I told you it wasn't
46 # approved for use yet! ;)
52 # Project: db.debian.org
53 # Contact: Debian directory administrators <admin@db.debian.org>
57 # enterprise.Debian.project.userdir / 1.3.6.1.4.1.9586.100.4
59 # .1 - public LDAP objectClasses
63 # .2 - public LDAP attributeTypes
72 # .9 - middlename (mn)
74 # .11 - supplementaryGid
95 # .32 - mailDisableMessage
97 # .3 - experimental LDAP objectClasses
98 # .1 - debianDeveloper
100 # .3 - debianRoleAccount
102 # .4 - experimental LDAP attributeTypes
103 # .1 - allowedHosts - OBSOLETED
106 # .4 - keyFingerPrint
108 # .6 - accountComment
110 # .8 - perform callouts
111 # .9 - perform greylisting
116 # Public attribute types
117 attributetype ( 1.3.6.1.4.1.9586.100.4.2.1
119 DESC 'textual form of an SSH public key compatible with authorized_keys'
120 EQUALITY caseIgnoreMatch
121 SUBSTR caseIgnoreSubstringsMatch
122 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
124 attributetype ( 1.3.6.1.4.1.9586.100.4.2.2
126 DESC 'last known activity from user email address'
127 EQUALITY caseExactMatch
128 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
130 attributetype ( 1.3.6.1.4.1.9586.100.4.2.3
132 DESC 'last known activity from user PGP key'
133 EQUALITY caseExactIA5Match
134 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
136 attributetype ( 1.3.6.1.4.1.9586.100.4.2.4
138 DESC 'user-editable comment'
139 EQUALITY caseExactIA5Match
140 SUBSTR caseIgnoreIA5SubstringsMatch
141 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
143 attributetype ( 1.3.6.1.4.1.9586.100.4.2.5
145 DESC 'UIN for ICQ instant messaging system'
146 EQUALITY integerMatch
147 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
149 attributetype ( 1.3.6.1.4.1.9586.100.4.2.6
151 DESC 'Internet Relay Chat nickname'
152 EQUALITY caseIgnoreIA5Match
153 SUBSTR caseIgnoreIA5SubstringsMatch
154 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
156 attributetype ( 1.3.6.1.4.1.9586.100.4.2.7
158 DESC 'latitude coordinate'
159 EQUALITY caseExactIA5Match
160 SUBSTR caseExactIA5SubstringsMatch
161 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
163 attributetype ( 1.3.6.1.4.1.9586.100.4.2.8
165 DESC 'longitude coordinate'
166 EQUALITY caseExactIA5Match
167 SUBSTR caseExactIA5SubstringsMatch
168 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
170 attributetype ( 1.3.6.1.4.1.9586.100.4.2.9
171 NAME ( 'mn' 'middlename' )
174 attributetype ( 1.3.6.1.4.1.9586.100.4.2.10
176 DESC 'vacation message'
177 EQUALITY caseIgnoreMatch
178 SUBSTR caseIgnoreSubstringsMatch
179 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
181 attributetype ( 1.3.6.1.4.1.9586.100.4.2.11
182 NAME 'supplementaryGid'
183 DESC 'additional Unix group id of user'
184 EQUALITY caseIgnoreMatch
185 SUBSTR caseIgnoreSubstringsMatch
186 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
188 attributetype ( 1.3.6.1.4.1.9586.100.4.2.12
190 DESC 'host name this account is allowed access to'
191 EQUALITY caseIgnoreIA5Match
192 SUBSTR caseIgnoreIA5SubstringsMatch
193 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
195 attributetype ( 1.3.6.1.4.1.9586.100.4.2.13
197 DESC 'JID for Jabber instant messaging protocol'
198 EQUALITY caseIgnoreIA5Match
199 SUBSTR caseIgnoreIA5SubstringsMatch
200 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
202 attributetype ( 1.3.6.1.4.1.9586.100.4.2.14
204 DESC 'nature of access allowed to server'
205 EQUALITY caseIgnoreMatch
206 SUBSTR caseIgnoreSubstringsMatch
207 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
209 attributetype ( 1.3.6.1.4.1.9586.100.4.2.15
211 DESC 'email address of server administrator'
212 EQUALITY caseIgnoreIA5Match
213 SUBSTR caseIgnoreIA5SubstringsMatch
214 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
216 attributetype ( 1.3.6.1.4.1.9586.100.4.2.16
218 DESC 'hardware architecture of server'
219 EQUALITY caseIgnoreIA5Match
220 SUBSTR caseIgnoreIA5SubstringsMatch
221 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )
223 attributetype ( 1.3.6.1.4.1.9586.100.4.2.17
225 DESC 'type of network connection for server'
226 EQUALITY caseIgnoreMatch
227 SUBSTR caseIgnoreSubstringsMatch
228 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
230 attributetype ( 1.3.6.1.4.1.9586.100.4.2.18
232 DESC 'amount of disk space available to server'
233 EQUALITY caseIgnoreMatch
234 SUBSTR caseIgnoreSubstringsMatch
235 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} )
237 attributetype ( 1.3.6.1.4.1.9586.100.4.2.19
239 DESC 'host OS distribution'
240 EQUALITY caseIgnoreIA5Match
241 SUBSTR caseIgnoreIA5SubstringsMatch
242 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )
244 #attributetype ( 1.3.6.1.4.1.9586.100.4.2.20
246 # DESC '(short) host name of server'
247 # EQUALITY caseIgnoreIA5Match
248 # SUBSTR caseIgnoreIA5SubstringsMatch
249 # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGLE-VALUE )
251 attributetype ( 1.3.6.1.4.1.9586.100.4.2.21
253 DESC 'FQDN of the server'
254 EQUALITY caseIgnoreIA5Match
255 SUBSTR caseIgnoreIA5SubstringsMatch
256 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
258 attributetype ( 1.3.6.1.4.1.9586.100.4.2.22
260 DESC 'description of physical hardware'
261 EQUALITY caseIgnoreMatch
262 SUBSTR caseIgnoreSubstringsMatch
263 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} SINGLE-VALUE )
265 attributetype ( 1.3.6.1.4.1.9586.100.4.2.23
267 DESC 'amount of RAM available to server'
268 EQUALITY caseIgnoreMatch
269 SUBSTR caseIgnoreSubstringsMatch
270 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} )
272 attributetype ( 1.3.6.1.4.1.9586.100.4.2.24
274 DESC 'name of the sponsor of this server'
275 EQUALITY caseIgnoreMatch
276 SUBSTR caseIgnoreSubstringsMatch
277 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
279 attributetype ( 1.3.6.1.4.1.9586.100.4.2.25
281 DESC 'email address of sponsoring server administrator'
282 EQUALITY caseIgnoreIA5Match
283 SUBSTR caseIgnoreIA5SubstringsMatch
284 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
286 attributetype ( 1.3.6.1.4.1.9586.100.4.2.26
288 DESC 'textual form of an SSH public host key compatible with known_hosts'
289 EQUALITY caseIgnoreMatch
290 SUBSTR caseIgnoreSubstringsMatch
291 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
293 attributetype ( 1.3.6.1.4.1.9586.100.4.2.27
295 DESC 'administrative status of server'
296 EQUALITY caseIgnoreMatch
297 SUBSTR caseIgnoreSubstringsMatch
298 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
300 attributetype ( 1.3.6.1.4.1.9586.100.4.2.28
302 DESC 'The GECOS field; the common name'
303 EQUALITY caseIgnoreMatch
304 SUBSTR caseIgnoreSubstringsMatch
305 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
307 attributetype ( 1.3.6.1.4.1.9586.100.4.2.29
310 EQUALITY caseExactIA5Match
311 SUBSTR caseExactIA5SubstringsMatch
312 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
314 attributetype ( 1.3.6.1.4.1.9586.100.4.2.30
316 DESC 'ISO 5218 representation of human gender'
317 EQUALITY integerMatch
319 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27{1} )
321 attributetype ( 1.3.6.1.4.1.9586.100.4.2.31
323 DESC 'Date of birth in YYYYMMDD format'
324 EQUALITY numericStringMatch
326 SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{8} )
328 attributetype ( 1.3.6.1.4.1.9586.100.4.2.32
329 NAME 'mailDisableMessage'
330 DESC 'Message returned when all mail is disabled'
331 EQUALITY caseIgnoreIA5Match
332 SUBSTR caseIgnoreIA5SubstringsMatch
333 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
335 # Public object classes
337 objectclass ( 1.3.6.1.4.1.9586.100.4.1.1
339 DESC 'Abstraction of an account with POSIX attributes and UTF8 support'
341 MUST ( cn $ uid $ uidNumber $ gidNumber )
342 MAY ( userPassword $ loginShell $ gecos $ homeDirectory $ description $ mailDisableMessage ) )
344 objectclass ( 1.3.6.1.4.1.9586.100.4.1.2
347 DESC 'attributes used for Debian groups'
348 MUST ( gid $ gidNumber )
349 MAY ( description ) )
351 # Experimental attribute types
353 # There are existing schemas for doing DNS in LDAP; would one of
354 # these be better? c.f. draft-miller-dns-ldap-schema-00 (expired)
355 attributetype ( 1.3.6.1.4.1.9586.100.4.4.2
357 DESC 'DNS zone record for user'
358 EQUALITY octetStringMatch
359 SUBSTR caseIgnoreSubstringsMatch
360 SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
362 # rfc822mailbox (RFC1274) is recommended as a replacement for this in
364 attributetype ( 1.3.6.1.4.1.9586.100.4.4.3
366 DESC 'forwarding address for email sent to this account'
367 EQUALITY caseIgnoreIA5Match
368 SUBSTR caseIgnoreIA5SubstringsMatch
369 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
371 # Network Associates also has a schema for PGP keys / key IDs which may
372 # or may not be applicable:
373 # http://www.openldap.org/lists/openldap-devel/200010/msg00071.html
374 attributetype ( 1.3.6.1.4.1.9586.100.4.4.4
375 NAME 'keyFingerPrint'
376 EQUALITY caseIgnoreMatch
377 SUBSTR caseIgnoreSubstringsMatch
378 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
380 # Rather Debian-specific, not useful to the public.
381 attributetype ( 1.3.6.1.4.1.9586.100.4.4.5
383 DESC 'email subscription address for debian-private mailing list'
384 EQUALITY caseIgnoreIA5Match
385 SUBSTR caseIgnoreIA5SubstringsMatch
386 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
388 # Echelon attributes; re-evaluate later
389 attributetype ( 1.3.6.1.4.1.9586.100.4.4.6
390 NAME 'accountComment'
391 DESC 'additional comments regarding the account status'
392 EQUALITY caseIgnoreIA5Match
393 SUBSTR caseIgnoreIA5SubstringsMatch
394 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
396 attributetype ( 1.3.6.1.4.1.9586.100.4.4.7
398 DESC 'Debian developer account status'
399 EQUALITY caseIgnoreIA5Match
400 SUBSTR caseIgnoreIA5SubstringsMatch
401 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
403 # mail attributes; not public information
404 attributetype ( 1.3.6.1.4.1.9586.100.4.4.8
406 DESC 'Whether or not to require a successful callout attempt on email delivery'
407 EQUALITY booleanMatch
408 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
410 attributetype ( 1.3.6.1.4.1.9586.100.4.4.9
411 NAME 'mailGreylisting'
412 DESC 'Whether or not to perform greylisting on email delivery'
413 EQUALITY booleanMatch
414 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
416 attributetype ( 1.3.6.1.4.1.9586.100.4.4.11
418 DESC 'RBL sites to check at SMTP accept time'
419 EQUALITY caseIgnoreIA5Match
420 SUBSTR caseIgnoreIA5SubstringsMatch
421 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
423 attributetype ( 1.3.6.1.4.1.9586.100.4.4.12
425 DESC 'RHSBL sites to check at SMTP accept time'
426 EQUALITY caseIgnoreIA5Match
427 SUBSTR caseIgnoreIA5SubstringsMatch
428 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
430 attributetype ( 1.3.6.1.4.1.9586.100.4.4.13
432 DESC 'sites to whitelist from additional SMTP accept time checks'
433 EQUALITY caseIgnoreIA5Match
434 SUBSTR caseIgnoreIA5SubstringsMatch
435 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
437 # Experimental objectclasses:
439 objectclass ( 1.3.6.1.4.1.9586.100.4.3.1
440 NAME 'debianDeveloper'
441 DESC 'additional account attributes used by Debian'
443 MUST ( uid $ cn $ sn )
444 MAY ( accountComment $ accountStatus $ activity-from $
445 activity-pgp $ allowedHost $ comment $ countryName $
446 dnsZoneEntry $ emailForward $ icqUin $ ircNick $
447 jabberJID $ keyFingerPrint $ latitude $ longitude $ mn $
448 onVacation $ privateSub $ sshRSAAuthKey $ supplementaryGid $
449 access $ gender $ birthDate $ mailCallout $ mailGreylisting $
450 mailRBL $ mailRHSBL $ mailWhitelist
453 objectclass ( 1.3.6.1.4.1.9586.100.4.3.2
455 DESC 'Internet-connected server associated with Debian'
457 MUST ( host $ hostname )
458 MAY ( c $ access $ admin $ architecture $ bandwidth $ description $ disk $
459 distribution $ l $ machine $ memory $ sponsor $
460 sponsor-admin $ sshRSAHostKey $ status
463 objectclass ( 1.3.6.1.4.1.9586.100.4.3.3
464 NAME 'debianRoleAccount'
465 DESC 'Abstraction of an account with POSIX attributes and UTF8 support'
466 SUP account STRUCTURAL
467 MAY ( emailForward $ supplementaryGid $ allowedHost $ labeledURI $
468 mailCallout $ mailGreylisting $ mailRBL $ mailRHSBL $