4 # - [PP] Now version controlled in db.d.o bzr repository - 2007-12-25
5 # - [HE] Add 'purpose', 'physicalHost' to debianServer - 2007-12-25
6 # - [zobel] Add 'VoIP' - 2008-05-10
7 # - [luk] Add 'subGroup' to group - 2008-11-22
10 # - Add 'gender' and 'birthDate' to debianDeveloper
11 # - Add 'mailDisableMessage' to debianAccount
12 # - Add 'mailDisableMessage', 'mailCallout', 'mailGreylisting', 'mailRBL',
13 # 'mailRHSBL', and 'mailWhitelist' to debianDeveloper and debianRoleAccount
16 # - Add 'access' as a MAY for debianServer objectclass.
17 # - Make activity-from a UTF-8 string rather than ASCII.
18 # - add new debianRoleAccount objectclass.
21 # - Add 'access' as a MAY for debianDeveloper objectclass.
22 # - Add 'gid' attribute.
23 # - Make homeDirectory a MAY not MUST for debianAccount.
24 # - drop userPassword and memberUID MAYs from debianGroup.
25 # - add SUP top STRUCTURAL to debianGroup.
28 # - add a UTF8-enabled 'gecos' attribute type, conflicts with RFC2307
29 # - add debianAccount, which is roughly equivalent to posixAccount but
30 # permits UTF8 gecos fields
31 # - add debianGroup, which is the same as above but for posixGroup
34 # - Remove labeledURI, jpegPhoto from the list of supported
35 # attributes; using inetOrgPerson instead of organizationalPerson as
36 # a structural objectclass gives us both of these, and several other
37 # attributes that may be useful.
38 # - Add echelon attributes for MIA work to the debiandeveloper
39 # objectclass. (accountcomment,accountstatus)
40 # - Add specification for debianServer objectclass, used for Debian
44 # - grammarfied 'allowedHosts' to 'allowedHost' as
45 # 1.3.6.1.4.1.9586.100.4.2.12.
46 # - add 'privateSub' as 1.3.6.1.4.1.9586.100.4.4.5.
47 # - add 'jabberJID' as 1.3.6.1.4.1.9586.100.4.2.13.
48 # - change 'icqUIN' to an integer type (see? I told you it wasn't
49 # approved for use yet! ;)
55 # Project: db.debian.org
56 # Contact: Debian directory administrators <admin@db.debian.org>
60 # enterprise.Debian.project.userdir / 1.3.6.1.4.1.9586.100.4
62 # .1 - public LDAP objectClasses
66 # .2 - public LDAP attributeTypes
75 # .9 - middlename (mn)
77 # .11 - supplementaryGid
98 # .32 - mailDisableMessage
105 # .3 - experimental LDAP objectClasses
106 # .1 - debianDeveloper
108 # .3 - debianRoleAccount
110 # .4 - experimental LDAP attributeTypes
111 # .1 - allowedHosts - OBSOLETED
114 # .4 - keyFingerPrint
116 # .6 - accountComment
118 # .8 - perform callouts
119 # .9 - perform greylisting
124 # Public attribute types
125 attributetype ( 1.3.6.1.4.1.9586.100.4.2.1
127 DESC 'textual form of an SSH public key compatible with authorized_keys'
128 EQUALITY caseIgnoreMatch
129 SUBSTR caseIgnoreSubstringsMatch
130 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
132 attributetype ( 1.3.6.1.4.1.9586.100.4.2.2
134 DESC 'last known activity from user email address'
135 EQUALITY caseExactMatch
136 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
138 attributetype ( 1.3.6.1.4.1.9586.100.4.2.3
140 DESC 'last known activity from user PGP key'
141 EQUALITY caseExactIA5Match
142 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
144 attributetype ( 1.3.6.1.4.1.9586.100.4.2.4
146 DESC 'user-editable comment'
147 EQUALITY caseExactIA5Match
148 SUBSTR caseIgnoreIA5SubstringsMatch
149 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
151 attributetype ( 1.3.6.1.4.1.9586.100.4.2.5
153 DESC 'UIN for ICQ instant messaging system'
154 EQUALITY integerMatch
155 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
157 attributetype ( 1.3.6.1.4.1.9586.100.4.2.6
159 DESC 'Internet Relay Chat nickname'
160 EQUALITY caseIgnoreIA5Match
161 SUBSTR caseIgnoreIA5SubstringsMatch
162 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
164 attributetype ( 1.3.6.1.4.1.9586.100.4.2.7
166 DESC 'latitude coordinate'
167 EQUALITY caseExactIA5Match
168 SUBSTR caseExactIA5SubstringsMatch
169 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
171 attributetype ( 1.3.6.1.4.1.9586.100.4.2.8
173 DESC 'longitude coordinate'
174 EQUALITY caseExactIA5Match
175 SUBSTR caseExactIA5SubstringsMatch
176 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
178 attributetype ( 1.3.6.1.4.1.9586.100.4.2.9
179 NAME ( 'mn' 'middlename' )
182 attributetype ( 1.3.6.1.4.1.9586.100.4.2.10
184 DESC 'vacation message'
185 EQUALITY caseIgnoreMatch
186 SUBSTR caseIgnoreSubstringsMatch
187 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
189 attributetype ( 1.3.6.1.4.1.9586.100.4.2.11
190 NAME 'supplementaryGid'
191 DESC 'additional Unix group id of user'
192 EQUALITY caseIgnoreMatch
193 SUBSTR caseIgnoreSubstringsMatch
194 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
196 attributetype ( 1.3.6.1.4.1.9586.100.4.2.12
198 DESC 'host name this account is allowed access to'
199 EQUALITY caseIgnoreIA5Match
200 SUBSTR caseIgnoreIA5SubstringsMatch
201 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
203 attributetype ( 1.3.6.1.4.1.9586.100.4.2.13
205 DESC 'JID for Jabber instant messaging protocol'
206 EQUALITY caseIgnoreIA5Match
207 SUBSTR caseIgnoreIA5SubstringsMatch
208 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
210 attributetype ( 1.3.6.1.4.1.9586.100.4.2.14
212 DESC 'nature of access allowed to server'
213 EQUALITY caseIgnoreMatch
214 SUBSTR caseIgnoreSubstringsMatch
215 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
217 attributetype ( 1.3.6.1.4.1.9586.100.4.2.15
219 DESC 'email address of server administrator'
220 EQUALITY caseIgnoreIA5Match
221 SUBSTR caseIgnoreIA5SubstringsMatch
222 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
224 attributetype ( 1.3.6.1.4.1.9586.100.4.2.16
226 DESC 'hardware architecture of server'
227 EQUALITY caseIgnoreIA5Match
228 SUBSTR caseIgnoreIA5SubstringsMatch
229 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )
231 attributetype ( 1.3.6.1.4.1.9586.100.4.2.17
233 DESC 'type of network connection for server'
234 EQUALITY caseIgnoreMatch
235 SUBSTR caseIgnoreSubstringsMatch
236 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
238 attributetype ( 1.3.6.1.4.1.9586.100.4.2.18
240 DESC 'amount of disk space available to server'
241 EQUALITY caseIgnoreMatch
242 SUBSTR caseIgnoreSubstringsMatch
243 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} )
245 attributetype ( 1.3.6.1.4.1.9586.100.4.2.19
247 DESC 'host OS distribution'
248 EQUALITY caseIgnoreIA5Match
249 SUBSTR caseIgnoreIA5SubstringsMatch
250 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )
252 #attributetype ( 1.3.6.1.4.1.9586.100.4.2.20
254 # DESC '(short) host name of server'
255 # EQUALITY caseIgnoreIA5Match
256 # SUBSTR caseIgnoreIA5SubstringsMatch
257 # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGLE-VALUE )
259 attributetype ( 1.3.6.1.4.1.9586.100.4.2.21
261 DESC 'FQDN of the server'
262 EQUALITY caseIgnoreIA5Match
263 SUBSTR caseIgnoreIA5SubstringsMatch
264 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
266 attributetype ( 1.3.6.1.4.1.9586.100.4.2.22
268 DESC 'description of physical hardware'
269 EQUALITY caseIgnoreMatch
270 SUBSTR caseIgnoreSubstringsMatch
271 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} SINGLE-VALUE )
273 attributetype ( 1.3.6.1.4.1.9586.100.4.2.23
275 DESC 'amount of RAM available to server'
276 EQUALITY caseIgnoreMatch
277 SUBSTR caseIgnoreSubstringsMatch
278 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} )
280 attributetype ( 1.3.6.1.4.1.9586.100.4.2.24
282 DESC 'name of the sponsor of this server'
283 EQUALITY caseIgnoreMatch
284 SUBSTR caseIgnoreSubstringsMatch
285 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
287 attributetype ( 1.3.6.1.4.1.9586.100.4.2.25
289 DESC 'email address of sponsoring server administrator'
290 EQUALITY caseIgnoreIA5Match
291 SUBSTR caseIgnoreIA5SubstringsMatch
292 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
294 attributetype ( 1.3.6.1.4.1.9586.100.4.2.26
296 DESC 'textual form of an SSH public host key compatible with known_hosts'
297 EQUALITY caseIgnoreMatch
298 SUBSTR caseIgnoreSubstringsMatch
299 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
301 attributetype ( 1.3.6.1.4.1.9586.100.4.2.27
303 DESC 'administrative status of server'
304 EQUALITY caseIgnoreMatch
305 SUBSTR caseIgnoreSubstringsMatch
306 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
308 attributetype ( 1.3.6.1.4.1.9586.100.4.2.28
310 DESC 'The GECOS field; the common name'
311 EQUALITY caseIgnoreMatch
312 SUBSTR caseIgnoreSubstringsMatch
313 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
315 attributetype ( 1.3.6.1.4.1.9586.100.4.2.29
318 EQUALITY caseExactIA5Match
319 SUBSTR caseExactIA5SubstringsMatch
320 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
322 attributetype ( 1.3.6.1.4.1.9586.100.4.2.30
324 DESC 'ISO 5218 representation of human gender'
325 EQUALITY integerMatch
327 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27{1} )
329 attributetype ( 1.3.6.1.4.1.9586.100.4.2.31
331 DESC 'Date of birth in YYYYMMDD format'
332 EQUALITY numericStringMatch
334 SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{8} )
336 attributetype ( 1.3.6.1.4.1.9586.100.4.2.32
337 NAME 'mailDisableMessage'
338 DESC 'Message returned when all mail is disabled'
339 EQUALITY caseIgnoreIA5Match
340 SUBSTR caseIgnoreIA5SubstringsMatch
341 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
343 attributetype ( 1.3.6.1.4.1.9586.100.4.2.33
345 DESC 'purposes of this server'
346 EQUALITY caseIgnoreMatch
347 SUBSTR caseIgnoreSubstringsMatch
348 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
350 attributetype ( 1.3.6.1.4.1.9586.100.4.2.34
352 DESC 'FQDN of the physical host of this virtual server'
353 EQUALITY caseIgnoreIA5Match
354 SUBSTR caseIgnoreIA5SubstringsMatch
356 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
358 attributetype ( 1.3.6.1.4.1.9586.100.4.2.35
360 DESC 'VoIP URL to communicate with that person'
361 EQUALITY caseIgnoreIA5Match
362 SUBSTR caseIgnoreIA5SubstringsMatch
363 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
365 attributetype ( 1.3.6.1.4.1.9586.100.4.2.36
368 EQUALITY octetStringMatch
369 SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
371 attributetype ( 1.3.6.1.4.1.9586.100.4.2.37
373 DESC 'name of other group for which membership implied by memberschip to this group'
374 EQUALITY caseIgnoreIA5Match
375 SUBSTR caseIgnoreIA5SubstringsMatch
376 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
379 # Public object classes
381 objectclass ( 1.3.6.1.4.1.9586.100.4.1.1
383 DESC 'Abstraction of an account with POSIX attributes and UTF8 support'
385 MUST ( cn $ uid $ uidNumber $ gidNumber )
386 MAY ( userPassword $ loginShell $ gecos $ homeDirectory $ description $ mailDisableMessage $ sudoPassword ) )
388 objectclass ( 1.3.6.1.4.1.9586.100.4.1.2
391 DESC 'attributes used for Debian groups'
392 MUST ( gid $ gidNumber )
393 MAY ( description $ subGroup ) )
395 # Experimental attribute types
397 # There are existing schemas for doing DNS in LDAP; would one of
398 # these be better? c.f. draft-miller-dns-ldap-schema-00 (expired)
399 attributetype ( 1.3.6.1.4.1.9586.100.4.4.2
401 DESC 'DNS zone record for user'
402 EQUALITY octetStringMatch
403 SUBSTR caseIgnoreSubstringsMatch
404 SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
406 # rfc822mailbox (RFC1274) is recommended as a replacement for this in
408 attributetype ( 1.3.6.1.4.1.9586.100.4.4.3
410 DESC 'forwarding address for email sent to this account'
411 EQUALITY caseIgnoreIA5Match
412 SUBSTR caseIgnoreIA5SubstringsMatch
413 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
415 # Network Associates also has a schema for PGP keys / key IDs which may
416 # or may not be applicable:
417 # http://www.openldap.org/lists/openldap-devel/200010/msg00071.html
418 attributetype ( 1.3.6.1.4.1.9586.100.4.4.4
419 NAME 'keyFingerPrint'
420 EQUALITY caseIgnoreMatch
421 SUBSTR caseIgnoreSubstringsMatch
422 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
424 # Rather Debian-specific, not useful to the public.
425 attributetype ( 1.3.6.1.4.1.9586.100.4.4.5
427 DESC 'email subscription address for debian-private mailing list'
428 EQUALITY caseIgnoreIA5Match
429 SUBSTR caseIgnoreIA5SubstringsMatch
430 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
432 # Echelon attributes; re-evaluate later
433 attributetype ( 1.3.6.1.4.1.9586.100.4.4.6
434 NAME 'accountComment'
435 DESC 'additional comments regarding the account status'
436 EQUALITY caseIgnoreIA5Match
437 SUBSTR caseIgnoreIA5SubstringsMatch
438 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
440 attributetype ( 1.3.6.1.4.1.9586.100.4.4.7
442 DESC 'Debian developer account status'
443 EQUALITY caseIgnoreIA5Match
444 SUBSTR caseIgnoreIA5SubstringsMatch
445 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
447 # mail attributes; not public information
448 attributetype ( 1.3.6.1.4.1.9586.100.4.4.8
450 DESC 'Whether or not to require a successful callout attempt on email delivery'
451 EQUALITY booleanMatch
452 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
454 attributetype ( 1.3.6.1.4.1.9586.100.4.4.9
455 NAME 'mailGreylisting'
456 DESC 'Whether or not to perform greylisting on email delivery'
457 EQUALITY booleanMatch
458 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
460 attributetype ( 1.3.6.1.4.1.9586.100.4.4.11
462 DESC 'RBL sites to check at SMTP accept time'
463 EQUALITY caseIgnoreIA5Match
464 SUBSTR caseIgnoreIA5SubstringsMatch
465 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
467 attributetype ( 1.3.6.1.4.1.9586.100.4.4.12
469 DESC 'RHSBL sites to check at SMTP accept time'
470 EQUALITY caseIgnoreIA5Match
471 SUBSTR caseIgnoreIA5SubstringsMatch
472 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
474 attributetype ( 1.3.6.1.4.1.9586.100.4.4.13
476 DESC 'sites to whitelist from additional SMTP accept time checks'
477 EQUALITY caseIgnoreIA5Match
478 SUBSTR caseIgnoreIA5SubstringsMatch
479 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
481 # Experimental objectclasses:
483 objectclass ( 1.3.6.1.4.1.9586.100.4.3.1
484 NAME 'debianDeveloper'
485 DESC 'additional account attributes used by Debian'
487 MUST ( uid $ cn $ sn )
488 MAY ( accountComment $ accountStatus $ activity-from $
489 activity-pgp $ allowedHost $ comment $ countryName $
490 dnsZoneEntry $ emailForward $ icqUin $ ircNick $
491 jabberJID $ keyFingerPrint $ latitude $ longitude $ mn $
492 onVacation $ privateSub $ sshRSAAuthKey $ supplementaryGid $
493 access $ gender $ birthDate $ mailCallout $ mailGreylisting $
494 mailRBL $ mailRHSBL $ mailWhitelist $ VoIP
497 objectclass ( 1.3.6.1.4.1.9586.100.4.3.2
499 DESC 'Internet-connected server associated with Debian'
501 MUST ( host $ hostname )
502 MAY ( c $ access $ admin $ architecture $ bandwidth $ description $ disk $
503 distribution $ l $ machine $ memory $ sponsor $
504 sponsor-admin $ sshRSAHostKey $ status $ purpose $ physicalHost
507 objectclass ( 1.3.6.1.4.1.9586.100.4.3.3
508 NAME 'debianRoleAccount'
509 DESC 'Abstraction of an account with POSIX attributes and UTF8 support'
510 SUP account STRUCTURAL
511 MAY ( emailForward $ supplementaryGid $ allowedHost $ labeledURI $
512 mailCallout $ mailGreylisting $ mailRBL $ mailRHSBL $