4 # - [PP] Now version controlled in db.d.o bzr repository - 2007-12-25
5 # - [HE] Add 'purpose', 'physicalHost' to debianServer - 2007-12-25
6 # - [zobel] Add 'VoIP' - 2008-05-10
9 # - Add 'gender' and 'birthDate' to debianDeveloper
10 # - Add 'mailDisableMessage' to debianAccount
11 # - Add 'mailDisableMessage', 'mailCallout', 'mailGreylisting', 'mailRBL',
12 # 'mailRHSBL', and 'mailWhitelist' to debianDeveloper and debianRoleAccount
15 # - Add 'access' as a MAY for debianServer objectclass.
16 # - Make activity-from a UTF-8 string rather than ASCII.
17 # - add new debianRoleAccount objectclass.
20 # - Add 'access' as a MAY for debianDeveloper objectclass.
21 # - Add 'gid' attribute.
22 # - Make homeDirectory a MAY not MUST for debianAccount.
23 # - drop userPassword and memberUID MAYs from debianGroup.
24 # - add SUP top STRUCTURAL to debianGroup.
27 # - add a UTF8-enabled 'gecos' attribute type, conflicts with RFC2307
28 # - add debianAccount, which is roughly equivalent to posixAccount but
29 # permits UTF8 gecos fields
30 # - add debianGroup, which is the same as above but for posixGroup
33 # - Remove labeledURI, jpegPhoto from the list of supported
34 # attributes; using inetOrgPerson instead of organizationalPerson as
35 # a structural objectclass gives us both of these, and several other
36 # attributes that may be useful.
37 # - Add echelon attributes for MIA work to the debiandeveloper
38 # objectclass. (accountcomment,accountstatus)
39 # - Add specification for debianServer objectclass, used for Debian
43 # - grammarfied 'allowedHosts' to 'allowedHost' as
44 # 1.3.6.1.4.1.9586.100.4.2.12.
45 # - add 'privateSub' as 1.3.6.1.4.1.9586.100.4.4.5.
46 # - add 'jabberJID' as 1.3.6.1.4.1.9586.100.4.2.13.
47 # - change 'icqUIN' to an integer type (see? I told you it wasn't
48 # approved for use yet! ;)
54 # Project: db.debian.org
55 # Contact: Debian directory administrators <admin@db.debian.org>
59 # enterprise.Debian.project.userdir / 1.3.6.1.4.1.9586.100.4
61 # .1 - public LDAP objectClasses
65 # .2 - public LDAP attributeTypes
74 # .9 - middlename (mn)
76 # .11 - supplementaryGid
97 # .32 - mailDisableMessage
103 # .3 - experimental LDAP objectClasses
104 # .1 - debianDeveloper
106 # .3 - debianRoleAccount
108 # .4 - experimental LDAP attributeTypes
109 # .1 - allowedHosts - OBSOLETED
112 # .4 - keyFingerPrint
114 # .6 - accountComment
116 # .8 - perform callouts
117 # .9 - perform greylisting
122 # Public attribute types
123 attributetype ( 1.3.6.1.4.1.9586.100.4.2.1
125 DESC 'textual form of an SSH public key compatible with authorized_keys'
126 EQUALITY caseIgnoreMatch
127 SUBSTR caseIgnoreSubstringsMatch
128 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
130 attributetype ( 1.3.6.1.4.1.9586.100.4.2.2
132 DESC 'last known activity from user email address'
133 EQUALITY caseExactMatch
134 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
136 attributetype ( 1.3.6.1.4.1.9586.100.4.2.3
138 DESC 'last known activity from user PGP key'
139 EQUALITY caseExactIA5Match
140 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
142 attributetype ( 1.3.6.1.4.1.9586.100.4.2.4
144 DESC 'user-editable comment'
145 EQUALITY caseExactIA5Match
146 SUBSTR caseIgnoreIA5SubstringsMatch
147 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
149 attributetype ( 1.3.6.1.4.1.9586.100.4.2.5
151 DESC 'UIN for ICQ instant messaging system'
152 EQUALITY integerMatch
153 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
155 attributetype ( 1.3.6.1.4.1.9586.100.4.2.6
157 DESC 'Internet Relay Chat nickname'
158 EQUALITY caseIgnoreIA5Match
159 SUBSTR caseIgnoreIA5SubstringsMatch
160 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
162 attributetype ( 1.3.6.1.4.1.9586.100.4.2.7
164 DESC 'latitude coordinate'
165 EQUALITY caseExactIA5Match
166 SUBSTR caseExactIA5SubstringsMatch
167 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
169 attributetype ( 1.3.6.1.4.1.9586.100.4.2.8
171 DESC 'longitude coordinate'
172 EQUALITY caseExactIA5Match
173 SUBSTR caseExactIA5SubstringsMatch
174 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
176 attributetype ( 1.3.6.1.4.1.9586.100.4.2.9
177 NAME ( 'mn' 'middlename' )
180 attributetype ( 1.3.6.1.4.1.9586.100.4.2.10
182 DESC 'vacation message'
183 EQUALITY caseIgnoreMatch
184 SUBSTR caseIgnoreSubstringsMatch
185 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
187 attributetype ( 1.3.6.1.4.1.9586.100.4.2.11
188 NAME 'supplementaryGid'
189 DESC 'additional Unix group id of user'
190 EQUALITY caseIgnoreMatch
191 SUBSTR caseIgnoreSubstringsMatch
192 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
194 attributetype ( 1.3.6.1.4.1.9586.100.4.2.12
196 DESC 'host name this account is allowed access to'
197 EQUALITY caseIgnoreIA5Match
198 SUBSTR caseIgnoreIA5SubstringsMatch
199 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
201 attributetype ( 1.3.6.1.4.1.9586.100.4.2.13
203 DESC 'JID for Jabber instant messaging protocol'
204 EQUALITY caseIgnoreIA5Match
205 SUBSTR caseIgnoreIA5SubstringsMatch
206 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
208 attributetype ( 1.3.6.1.4.1.9586.100.4.2.14
210 DESC 'nature of access allowed to server'
211 EQUALITY caseIgnoreMatch
212 SUBSTR caseIgnoreSubstringsMatch
213 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
215 attributetype ( 1.3.6.1.4.1.9586.100.4.2.15
217 DESC 'email address of server administrator'
218 EQUALITY caseIgnoreIA5Match
219 SUBSTR caseIgnoreIA5SubstringsMatch
220 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
222 attributetype ( 1.3.6.1.4.1.9586.100.4.2.16
224 DESC 'hardware architecture of server'
225 EQUALITY caseIgnoreIA5Match
226 SUBSTR caseIgnoreIA5SubstringsMatch
227 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )
229 attributetype ( 1.3.6.1.4.1.9586.100.4.2.17
231 DESC 'type of network connection for server'
232 EQUALITY caseIgnoreMatch
233 SUBSTR caseIgnoreSubstringsMatch
234 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
236 attributetype ( 1.3.6.1.4.1.9586.100.4.2.18
238 DESC 'amount of disk space available to server'
239 EQUALITY caseIgnoreMatch
240 SUBSTR caseIgnoreSubstringsMatch
241 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} )
243 attributetype ( 1.3.6.1.4.1.9586.100.4.2.19
245 DESC 'host OS distribution'
246 EQUALITY caseIgnoreIA5Match
247 SUBSTR caseIgnoreIA5SubstringsMatch
248 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )
250 #attributetype ( 1.3.6.1.4.1.9586.100.4.2.20
252 # DESC '(short) host name of server'
253 # EQUALITY caseIgnoreIA5Match
254 # SUBSTR caseIgnoreIA5SubstringsMatch
255 # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGLE-VALUE )
257 attributetype ( 1.3.6.1.4.1.9586.100.4.2.21
259 DESC 'FQDN of the server'
260 EQUALITY caseIgnoreIA5Match
261 SUBSTR caseIgnoreIA5SubstringsMatch
262 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
264 attributetype ( 1.3.6.1.4.1.9586.100.4.2.22
266 DESC 'description of physical hardware'
267 EQUALITY caseIgnoreMatch
268 SUBSTR caseIgnoreSubstringsMatch
269 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} SINGLE-VALUE )
271 attributetype ( 1.3.6.1.4.1.9586.100.4.2.23
273 DESC 'amount of RAM available to server'
274 EQUALITY caseIgnoreMatch
275 SUBSTR caseIgnoreSubstringsMatch
276 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} )
278 attributetype ( 1.3.6.1.4.1.9586.100.4.2.24
280 DESC 'name of the sponsor of this server'
281 EQUALITY caseIgnoreMatch
282 SUBSTR caseIgnoreSubstringsMatch
283 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
285 attributetype ( 1.3.6.1.4.1.9586.100.4.2.25
287 DESC 'email address of sponsoring server administrator'
288 EQUALITY caseIgnoreIA5Match
289 SUBSTR caseIgnoreIA5SubstringsMatch
290 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
292 attributetype ( 1.3.6.1.4.1.9586.100.4.2.26
294 DESC 'textual form of an SSH public host key compatible with known_hosts'
295 EQUALITY caseIgnoreMatch
296 SUBSTR caseIgnoreSubstringsMatch
297 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
299 attributetype ( 1.3.6.1.4.1.9586.100.4.2.27
301 DESC 'administrative status of server'
302 EQUALITY caseIgnoreMatch
303 SUBSTR caseIgnoreSubstringsMatch
304 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
306 attributetype ( 1.3.6.1.4.1.9586.100.4.2.28
308 DESC 'The GECOS field; the common name'
309 EQUALITY caseIgnoreMatch
310 SUBSTR caseIgnoreSubstringsMatch
311 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
313 attributetype ( 1.3.6.1.4.1.9586.100.4.2.29
316 EQUALITY caseExactIA5Match
317 SUBSTR caseExactIA5SubstringsMatch
318 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
320 attributetype ( 1.3.6.1.4.1.9586.100.4.2.30
322 DESC 'ISO 5218 representation of human gender'
323 EQUALITY integerMatch
325 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27{1} )
327 attributetype ( 1.3.6.1.4.1.9586.100.4.2.31
329 DESC 'Date of birth in YYYYMMDD format'
330 EQUALITY numericStringMatch
332 SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{8} )
334 attributetype ( 1.3.6.1.4.1.9586.100.4.2.32
335 NAME 'mailDisableMessage'
336 DESC 'Message returned when all mail is disabled'
337 EQUALITY caseIgnoreIA5Match
338 SUBSTR caseIgnoreIA5SubstringsMatch
339 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
341 attributetype ( 1.3.6.1.4.1.9586.100.4.2.33
343 DESC 'purposes of this server'
344 EQUALITY caseIgnoreMatch
345 SUBSTR caseIgnoreSubstringsMatch
346 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
348 attributetype ( 1.3.6.1.4.1.9586.100.4.2.34
350 DESC 'FQDN of the physical host of this virtual server'
351 EQUALITY caseIgnoreIA5Match
352 SUBSTR caseIgnoreIA5SubstringsMatch
354 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
356 attributetype ( 1.3.6.1.4.1.9586.100.4.2.35
358 DESC 'VoIP URL to communicate with that person'
359 EQUALITY caseIgnoreIA5Match
360 SUBSTR caseIgnoreIA5SubstringsMatch
361 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
363 attributetype ( 1.3.6.1.4.1.9586.100.4.2.36
366 EQUALITY octetStringMatch
367 SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
370 # Public object classes
372 objectclass ( 1.3.6.1.4.1.9586.100.4.1.1
374 DESC 'Abstraction of an account with POSIX attributes and UTF8 support'
376 MUST ( cn $ uid $ uidNumber $ gidNumber )
377 MAY ( userPassword $ loginShell $ gecos $ homeDirectory $ description $ mailDisableMessage $ sudoPassword ) )
379 objectclass ( 1.3.6.1.4.1.9586.100.4.1.2
382 DESC 'attributes used for Debian groups'
383 MUST ( gid $ gidNumber )
384 MAY ( description ) )
386 # Experimental attribute types
388 # There are existing schemas for doing DNS in LDAP; would one of
389 # these be better? c.f. draft-miller-dns-ldap-schema-00 (expired)
390 attributetype ( 1.3.6.1.4.1.9586.100.4.4.2
392 DESC 'DNS zone record for user'
393 EQUALITY octetStringMatch
394 SUBSTR caseIgnoreSubstringsMatch
395 SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
397 # rfc822mailbox (RFC1274) is recommended as a replacement for this in
399 attributetype ( 1.3.6.1.4.1.9586.100.4.4.3
401 DESC 'forwarding address for email sent to this account'
402 EQUALITY caseIgnoreIA5Match
403 SUBSTR caseIgnoreIA5SubstringsMatch
404 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
406 # Network Associates also has a schema for PGP keys / key IDs which may
407 # or may not be applicable:
408 # http://www.openldap.org/lists/openldap-devel/200010/msg00071.html
409 attributetype ( 1.3.6.1.4.1.9586.100.4.4.4
410 NAME 'keyFingerPrint'
411 EQUALITY caseIgnoreMatch
412 SUBSTR caseIgnoreSubstringsMatch
413 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
415 # Rather Debian-specific, not useful to the public.
416 attributetype ( 1.3.6.1.4.1.9586.100.4.4.5
418 DESC 'email subscription address for debian-private mailing list'
419 EQUALITY caseIgnoreIA5Match
420 SUBSTR caseIgnoreIA5SubstringsMatch
421 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
423 # Echelon attributes; re-evaluate later
424 attributetype ( 1.3.6.1.4.1.9586.100.4.4.6
425 NAME 'accountComment'
426 DESC 'additional comments regarding the account status'
427 EQUALITY caseIgnoreIA5Match
428 SUBSTR caseIgnoreIA5SubstringsMatch
429 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
431 attributetype ( 1.3.6.1.4.1.9586.100.4.4.7
433 DESC 'Debian developer account status'
434 EQUALITY caseIgnoreIA5Match
435 SUBSTR caseIgnoreIA5SubstringsMatch
436 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
438 # mail attributes; not public information
439 attributetype ( 1.3.6.1.4.1.9586.100.4.4.8
441 DESC 'Whether or not to require a successful callout attempt on email delivery'
442 EQUALITY booleanMatch
443 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
445 attributetype ( 1.3.6.1.4.1.9586.100.4.4.9
446 NAME 'mailGreylisting'
447 DESC 'Whether or not to perform greylisting on email delivery'
448 EQUALITY booleanMatch
449 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
451 attributetype ( 1.3.6.1.4.1.9586.100.4.4.11
453 DESC 'RBL sites to check at SMTP accept time'
454 EQUALITY caseIgnoreIA5Match
455 SUBSTR caseIgnoreIA5SubstringsMatch
456 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
458 attributetype ( 1.3.6.1.4.1.9586.100.4.4.12
460 DESC 'RHSBL sites to check at SMTP accept time'
461 EQUALITY caseIgnoreIA5Match
462 SUBSTR caseIgnoreIA5SubstringsMatch
463 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
465 attributetype ( 1.3.6.1.4.1.9586.100.4.4.13
467 DESC 'sites to whitelist from additional SMTP accept time checks'
468 EQUALITY caseIgnoreIA5Match
469 SUBSTR caseIgnoreIA5SubstringsMatch
470 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
472 # Experimental objectclasses:
474 objectclass ( 1.3.6.1.4.1.9586.100.4.3.1
475 NAME 'debianDeveloper'
476 DESC 'additional account attributes used by Debian'
478 MUST ( uid $ cn $ sn )
479 MAY ( accountComment $ accountStatus $ activity-from $
480 activity-pgp $ allowedHost $ comment $ countryName $
481 dnsZoneEntry $ emailForward $ icqUin $ ircNick $
482 jabberJID $ keyFingerPrint $ latitude $ longitude $ mn $
483 onVacation $ privateSub $ sshRSAAuthKey $ supplementaryGid $
484 access $ gender $ birthDate $ mailCallout $ mailGreylisting $
485 mailRBL $ mailRHSBL $ mailWhitelist $ VoIP
488 objectclass ( 1.3.6.1.4.1.9586.100.4.3.2
490 DESC 'Internet-connected server associated with Debian'
492 MUST ( host $ hostname )
493 MAY ( c $ access $ admin $ architecture $ bandwidth $ description $ disk $
494 distribution $ l $ machine $ memory $ sponsor $
495 sponsor-admin $ sshRSAHostKey $ status $ purpose $ physicalHost
498 objectclass ( 1.3.6.1.4.1.9586.100.4.3.3
499 NAME 'debianRoleAccount'
500 DESC 'Abstraction of an account with POSIX attributes and UTF8 support'
501 SUP account STRUCTURAL
502 MAY ( emailForward $ supplementaryGid $ allowedHost $ labeledURI $
503 mailCallout $ mailGreylisting $ mailRBL $ mailRHSBL $