3 # - [PP] Now version controlled in db.d.o git repository, also see debian/changelog - 2009
4 # - [PP] Now version controlled in db.d.o bzr repository - 2007-12-25
7 # - [HE] Add 'purpose', 'physicalHost' to debianServer - 2007-12-25
8 # - [zobel] Add 'VoIP' - 2008-05-10
9 # - [luk] Add 'subGroup' to group - 2008-11-22
12 # - Add 'gender' and 'birthDate' to debianDeveloper
13 # - Add 'mailDisableMessage' to debianAccount
14 # - Add 'mailDisableMessage', 'mailCallout', 'mailGreylisting', 'mailRBL',
15 # 'mailRHSBL', and 'mailWhitelist' to debianDeveloper and debianRoleAccount
18 # - Add 'access' as a MAY for debianServer objectclass.
19 # - Make activity-from a UTF-8 string rather than ASCII.
20 # - add new debianRoleAccount objectclass.
23 # - Add 'access' as a MAY for debianDeveloper objectclass.
24 # - Add 'gid' attribute.
25 # - Make homeDirectory a MAY not MUST for debianAccount.
26 # - drop userPassword and memberUID MAYs from debianGroup.
27 # - add SUP top STRUCTURAL to debianGroup.
30 # - add a UTF8-enabled 'gecos' attribute type, conflicts with RFC2307
31 # - add debianAccount, which is roughly equivalent to posixAccount but
32 # permits UTF8 gecos fields
33 # - add debianGroup, which is the same as above but for posixGroup
36 # - Remove labeledURI, jpegPhoto from the list of supported
37 # attributes; using inetOrgPerson instead of organizationalPerson as
38 # a structural objectclass gives us both of these, and several other
39 # attributes that may be useful.
40 # - Add echelon attributes for MIA work to the debiandeveloper
41 # objectclass. (accountcomment,accountstatus)
42 # - Add specification for debianServer objectclass, used for Debian
46 # - grammarfied 'allowedHosts' to 'allowedHost' as
47 # 1.3.6.1.4.1.9586.100.4.2.12.
48 # - add 'privateSub' as 1.3.6.1.4.1.9586.100.4.4.5.
49 # - add 'jabberJID' as 1.3.6.1.4.1.9586.100.4.2.13.
50 # - change 'icqUIN' to an integer type (see? I told you it wasn't
51 # approved for use yet! ;)
57 # Project: db.debian.org
58 # Contact: Debian directory administrators <admin@db.debian.org>
62 # enterprise.Debian.project.userdir / 1.3.6.1.4.1.9586.100.4
64 # .1 - public LDAP objectClasses
68 # .2 - public LDAP attributeTypes
77 # .9 - middlename (mn)
79 # .11 - supplementaryGid
100 # .32 - mailDisableMessage
106 # .38 - mailContentInspectionAction
107 # .39 - allowedGroups
108 # .40 - exportOptions
109 # .41 - sshdistAuthKeysHost
112 # .3 - experimental LDAP objectClasses
113 # .1 - debianDeveloper
115 # .3 - debianRoleAccount
117 # .4 - experimental LDAP attributeTypes
118 # .1 - allowedHosts - OBSOLETED
121 # .4 - keyFingerPrint
123 # .6 - accountComment
125 # .8 - perform callouts
126 # .9 - perform greylisting
131 # .15 - mailDefaultOptions
133 # Public attribute types
134 attributetype ( 1.3.6.1.4.1.9586.100.4.2.1
136 DESC 'textual form of an SSH public key compatible with authorized_keys'
137 EQUALITY caseIgnoreMatch
138 SUBSTR caseIgnoreSubstringsMatch
139 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
141 attributetype ( 1.3.6.1.4.1.9586.100.4.2.2
143 DESC 'last known activity from user email address'
144 EQUALITY caseExactMatch
145 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
147 attributetype ( 1.3.6.1.4.1.9586.100.4.2.3
149 DESC 'last known activity from user PGP key'
150 EQUALITY caseExactIA5Match
151 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
153 attributetype ( 1.3.6.1.4.1.9586.100.4.2.4
155 DESC 'user-editable comment'
156 EQUALITY caseExactIA5Match
157 SUBSTR caseIgnoreIA5SubstringsMatch
158 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
160 attributetype ( 1.3.6.1.4.1.9586.100.4.2.5
162 DESC 'UIN for ICQ instant messaging system'
163 EQUALITY integerMatch
164 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
166 attributetype ( 1.3.6.1.4.1.9586.100.4.2.6
168 DESC 'Internet Relay Chat nickname'
169 EQUALITY caseIgnoreIA5Match
170 SUBSTR caseIgnoreIA5SubstringsMatch
171 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
173 attributetype ( 1.3.6.1.4.1.9586.100.4.2.7
175 DESC 'latitude coordinate'
176 EQUALITY caseExactIA5Match
177 SUBSTR caseExactIA5SubstringsMatch
178 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
180 attributetype ( 1.3.6.1.4.1.9586.100.4.2.8
182 DESC 'longitude coordinate'
183 EQUALITY caseExactIA5Match
184 SUBSTR caseExactIA5SubstringsMatch
185 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
187 attributetype ( 1.3.6.1.4.1.9586.100.4.2.9
188 NAME ( 'mn' 'middlename' )
191 attributetype ( 1.3.6.1.4.1.9586.100.4.2.10
193 DESC 'vacation message'
194 EQUALITY caseIgnoreMatch
195 SUBSTR caseIgnoreSubstringsMatch
196 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
198 attributetype ( 1.3.6.1.4.1.9586.100.4.2.11
199 NAME 'supplementaryGid'
200 DESC 'additional Unix group id of user'
201 EQUALITY caseIgnoreMatch
202 SUBSTR caseIgnoreSubstringsMatch
203 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
205 attributetype ( 1.3.6.1.4.1.9586.100.4.2.12
207 DESC 'host name this account is allowed access to'
208 EQUALITY caseIgnoreIA5Match
209 SUBSTR caseIgnoreIA5SubstringsMatch
210 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
212 attributetype ( 1.3.6.1.4.1.9586.100.4.2.13
214 DESC 'JID for Jabber instant messaging protocol'
215 EQUALITY caseIgnoreIA5Match
216 SUBSTR caseIgnoreIA5SubstringsMatch
217 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
219 attributetype ( 1.3.6.1.4.1.9586.100.4.2.14
221 DESC 'nature of access allowed to server'
222 EQUALITY caseIgnoreMatch
223 SUBSTR caseIgnoreSubstringsMatch
224 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
226 attributetype ( 1.3.6.1.4.1.9586.100.4.2.15
228 DESC 'email address of server administrator'
229 EQUALITY caseIgnoreIA5Match
230 SUBSTR caseIgnoreIA5SubstringsMatch
231 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
233 attributetype ( 1.3.6.1.4.1.9586.100.4.2.16
235 DESC 'hardware architecture of server'
236 EQUALITY caseIgnoreIA5Match
237 SUBSTR caseIgnoreIA5SubstringsMatch
238 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )
240 attributetype ( 1.3.6.1.4.1.9586.100.4.2.17
242 DESC 'type of network connection for server'
243 EQUALITY caseIgnoreMatch
244 SUBSTR caseIgnoreSubstringsMatch
245 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
247 attributetype ( 1.3.6.1.4.1.9586.100.4.2.18
249 DESC 'amount of disk space available to server'
250 EQUALITY caseIgnoreMatch
251 SUBSTR caseIgnoreSubstringsMatch
252 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} )
254 attributetype ( 1.3.6.1.4.1.9586.100.4.2.19
256 DESC 'host OS distribution'
257 EQUALITY caseIgnoreIA5Match
258 SUBSTR caseIgnoreIA5SubstringsMatch
259 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )
261 #attributetype ( 1.3.6.1.4.1.9586.100.4.2.20
263 # DESC '(short) host name of server'
264 # EQUALITY caseIgnoreIA5Match
265 # SUBSTR caseIgnoreIA5SubstringsMatch
266 # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGLE-VALUE )
268 attributetype ( 1.3.6.1.4.1.9586.100.4.2.21
270 DESC 'FQDN of the server'
271 EQUALITY caseIgnoreIA5Match
272 SUBSTR caseIgnoreIA5SubstringsMatch
273 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
275 attributetype ( 1.3.6.1.4.1.9586.100.4.2.22
277 DESC 'description of physical hardware'
278 EQUALITY caseIgnoreMatch
279 SUBSTR caseIgnoreSubstringsMatch
280 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} SINGLE-VALUE )
282 attributetype ( 1.3.6.1.4.1.9586.100.4.2.23
284 DESC 'amount of RAM available to server'
285 EQUALITY caseIgnoreMatch
286 SUBSTR caseIgnoreSubstringsMatch
287 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} )
289 attributetype ( 1.3.6.1.4.1.9586.100.4.2.24
291 DESC 'name of the sponsor of this server'
292 EQUALITY caseIgnoreMatch
293 SUBSTR caseIgnoreSubstringsMatch
294 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
296 attributetype ( 1.3.6.1.4.1.9586.100.4.2.25
298 DESC 'email address of sponsoring server administrator'
299 EQUALITY caseIgnoreIA5Match
300 SUBSTR caseIgnoreIA5SubstringsMatch
301 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
303 attributetype ( 1.3.6.1.4.1.9586.100.4.2.26
305 DESC 'textual form of an SSH public host key compatible with known_hosts'
306 EQUALITY caseIgnoreMatch
307 SUBSTR caseIgnoreSubstringsMatch
308 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
310 attributetype ( 1.3.6.1.4.1.9586.100.4.2.27
312 DESC 'administrative status of server'
313 EQUALITY caseIgnoreMatch
314 SUBSTR caseIgnoreSubstringsMatch
315 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
317 attributetype ( 1.3.6.1.4.1.9586.100.4.2.28
319 DESC 'The GECOS field; the common name'
320 EQUALITY caseIgnoreMatch
321 SUBSTR caseIgnoreSubstringsMatch
322 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
324 attributetype ( 1.3.6.1.4.1.9586.100.4.2.29
327 EQUALITY caseExactIA5Match
328 SUBSTR caseExactIA5SubstringsMatch
329 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
331 attributetype ( 1.3.6.1.4.1.9586.100.4.2.30
333 DESC 'ISO 5218 representation of human gender'
334 EQUALITY integerMatch
336 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27{1} )
338 attributetype ( 1.3.6.1.4.1.9586.100.4.2.31
340 DESC 'Date of birth in YYYYMMDD format'
341 EQUALITY numericStringMatch
343 SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{8} )
345 attributetype ( 1.3.6.1.4.1.9586.100.4.2.32
346 NAME 'mailDisableMessage'
347 DESC 'Message returned when all mail is disabled'
348 EQUALITY caseIgnoreIA5Match
349 SUBSTR caseIgnoreIA5SubstringsMatch
350 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
352 attributetype ( 1.3.6.1.4.1.9586.100.4.2.33
354 DESC 'purposes of this server'
355 EQUALITY caseIgnoreMatch
356 SUBSTR caseIgnoreSubstringsMatch
357 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
359 attributetype ( 1.3.6.1.4.1.9586.100.4.2.34
361 DESC 'FQDN of the physical host of this virtual server'
362 EQUALITY caseIgnoreIA5Match
363 SUBSTR caseIgnoreIA5SubstringsMatch
365 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
367 attributetype ( 1.3.6.1.4.1.9586.100.4.2.35
369 DESC 'VoIP URL to communicate with that person'
370 EQUALITY caseIgnoreIA5Match
371 SUBSTR caseIgnoreIA5SubstringsMatch
372 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
374 attributetype ( 1.3.6.1.4.1.9586.100.4.2.36
377 EQUALITY octetStringMatch
378 SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
380 attributetype ( 1.3.6.1.4.1.9586.100.4.2.37
382 DESC 'name of other group for which membership implied by memberschip to this group'
383 EQUALITY caseIgnoreIA5Match
384 SUBSTR caseIgnoreIA5SubstringsMatch
385 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
387 # more attributes below
388 attributetype ( 1.3.6.1.4.1.9586.100.4.2.39
390 DESC 'Groups that have access to a host'
391 EQUALITY caseExactIA5Match
392 SUBSTR caseExactIA5SubstringsMatch
393 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
395 attributetype ( 1.3.6.1.4.1.9586.100.4.2.40
397 DESC 'export options for servers'
398 EQUALITY caseIgnoreIA5Match
399 SUBSTR caseIgnoreIA5SubstringsMatch
400 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
402 # Experimental attribute types
404 # There are existing schemas for doing DNS in LDAP; would one of
405 # these be better? c.f. draft-miller-dns-ldap-schema-00 (expired)
406 attributetype ( 1.3.6.1.4.1.9586.100.4.4.2
408 DESC 'DNS zone record for user'
409 EQUALITY octetStringMatch
410 SUBSTR caseIgnoreSubstringsMatch
411 SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
413 # rfc822mailbox (RFC1274) is recommended as a replacement for this in
415 attributetype ( 1.3.6.1.4.1.9586.100.4.4.3
417 DESC 'forwarding address for email sent to this account'
418 EQUALITY caseIgnoreIA5Match
419 SUBSTR caseIgnoreIA5SubstringsMatch
420 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
422 # Network Associates also has a schema for PGP keys / key IDs which may
423 # or may not be applicable:
424 # http://www.openldap.org/lists/openldap-devel/200010/msg00071.html
425 attributetype ( 1.3.6.1.4.1.9586.100.4.4.4
426 NAME 'keyFingerPrint'
427 EQUALITY caseIgnoreMatch
428 SUBSTR caseIgnoreSubstringsMatch
429 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
431 # Rather Debian-specific, not useful to the public.
432 attributetype ( 1.3.6.1.4.1.9586.100.4.4.5
434 DESC 'email subscription address for debian-private mailing list'
435 EQUALITY caseIgnoreIA5Match
436 SUBSTR caseIgnoreIA5SubstringsMatch
437 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
439 # Echelon attributes; re-evaluate later
440 attributetype ( 1.3.6.1.4.1.9586.100.4.4.6
441 NAME 'accountComment'
442 DESC 'additional comments regarding the account status'
443 EQUALITY caseIgnoreIA5Match
444 SUBSTR caseIgnoreIA5SubstringsMatch
445 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
447 attributetype ( 1.3.6.1.4.1.9586.100.4.4.7
449 DESC 'Debian developer account status'
450 EQUALITY caseIgnoreIA5Match
451 SUBSTR caseIgnoreIA5SubstringsMatch
452 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
454 # mail attributes; not public information
455 attributetype ( 1.3.6.1.4.1.9586.100.4.4.8
457 DESC 'Whether or not to require a successful callout attempt on email delivery'
458 EQUALITY booleanMatch
459 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
461 attributetype ( 1.3.6.1.4.1.9586.100.4.4.9
462 NAME 'mailGreylisting'
463 DESC 'Whether or not to perform greylisting on email delivery'
464 EQUALITY booleanMatch
465 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
467 attributetype ( 1.3.6.1.4.1.9586.100.4.4.11
469 DESC 'RBL sites to check at SMTP accept time'
470 EQUALITY caseIgnoreIA5Match
471 SUBSTR caseIgnoreIA5SubstringsMatch
472 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
474 attributetype ( 1.3.6.1.4.1.9586.100.4.4.12
476 DESC 'RHSBL sites to check at SMTP accept time'
477 EQUALITY caseIgnoreIA5Match
478 SUBSTR caseIgnoreIA5SubstringsMatch
479 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
481 attributetype ( 1.3.6.1.4.1.9586.100.4.4.13
483 DESC 'sites to whitelist from additional SMTP accept time checks'
484 EQUALITY caseIgnoreIA5Match
485 SUBSTR caseIgnoreIA5SubstringsMatch
486 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
488 attributetype ( 1.3.6.1.4.1.9586.100.4.4.14
490 DESC 'Token for BATV'
491 EQUALITY caseExactMatch
492 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
494 attributetype ( 1.3.6.1.4.1.9586.100.4.4.15
495 NAME 'mailDefaultOptions'
496 DESC 'Whether or not to use a default set of anti-spam options'
497 EQUALITY booleanMatch
498 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
500 attributetype ( 1.3.6.1.4.1.9586.100.4.2.38
501 NAME 'mailContentInspectionAction'
502 DESC 'what to do on content inspection hits'
503 EQUALITY caseIgnoreIA5Match
504 SUBSTR caseIgnoreIA5SubstringsMatch
505 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )
507 attributetype ( 1.3.6.1.4.1.9586.100.4.2.41
508 NAME ( 'sshdistAuthKeysHost' )
511 attributetype ( 1.3.6.1.4.1.9586.100.4.4.42
513 DESC 'DNS Time To Live value'
514 EQUALITY caseIgnoreIA5Match
515 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
517 # Public object classes
519 objectclass ( 1.3.6.1.4.1.9586.100.4.1.1
521 DESC 'Abstraction of an account with POSIX attributes and UTF8 support'
523 MUST ( cn $ uid $ uidNumber $ gidNumber )
524 MAY ( userPassword $ loginShell $ gecos $ homeDirectory $ description $ mailDisableMessage $ sudoPassword ) )
526 objectclass ( 1.3.6.1.4.1.9586.100.4.1.2
529 DESC 'attributes used for Debian groups'
530 MUST ( gid $ gidNumber )
531 MAY ( description $ subGroup $ accountStatus ) )
533 # Experimental objectclasses:
535 objectclass ( 1.3.6.1.4.1.9586.100.4.3.1
536 NAME 'debianDeveloper'
537 DESC 'additional account attributes used by Debian'
539 MUST ( uid $ cn $ sn )
540 MAY ( accountComment $ accountStatus $ activity-from $
541 activity-pgp $ allowedHost $ comment $ countryName $
542 dnsZoneEntry $ emailForward $ icqUin $ ircNick $
543 jabberJID $ keyFingerPrint $ latitude $ longitude $ mn $
544 onVacation $ privateSub $ sshRSAAuthKey $ supplementaryGid $
545 access $ gender $ birthDate $ mailCallout $ mailGreylisting $
546 mailRBL $ mailRHSBL $ mailWhitelist $ VoIP $ mailContentInspectionAction $
547 bATVToken $ mailDefaultOptions
550 objectclass ( 1.3.6.1.4.1.9586.100.4.3.2
552 DESC 'Internet-connected server associated with Debian'
554 MUST ( host $ hostname )
555 MAY ( c $ access $ admin $ architecture $ bandwidth $ description $ disk $
556 distribution $ l $ machine $ memory $ sponsor $
557 sponsor-admin $ status $ physicalHost $ ipHostNumber $ dnsTTL $
558 sshRSAHostKey $ purpose $ allowedGroups $ exportOptions $ MXRecord $
562 objectclass ( 1.3.6.1.4.1.9586.100.4.3.3
563 NAME 'debianRoleAccount'
564 DESC 'Abstraction of an account with POSIX attributes and UTF8 support'
565 SUP account STRUCTURAL
566 MAY ( emailForward $ supplementaryGid $ allowedHost $ labeledURI $
567 mailCallout $ mailGreylisting $ mailRBL $ mailRHSBL $
568 mailWhitelist $ dnsZoneEntry $ mailContentInspectionAction $
569 bATVToken $ mailDefaultOptions