3 # - [PP] Now version controlled in db.d.o git repository, also see debian/changelog - 2009
4 # - [PP] Now version controlled in db.d.o bzr repository - 2007-12-25
7 # - [HE] Add 'purpose', 'physicalHost' to debianServer - 2007-12-25
8 # - [zobel] Add 'VoIP' - 2008-05-10
9 # - [luk] Add 'subGroup' to group - 2008-11-22
12 # - Add 'gender' and 'birthDate' to debianDeveloper
13 # - Add 'mailDisableMessage' to debianAccount
14 # - Add 'mailDisableMessage', 'mailCallout', 'mailGreylisting', 'mailRBL',
15 # 'mailRHSBL', and 'mailWhitelist' to debianDeveloper and debianRoleAccount
18 # - Add 'access' as a MAY for debianServer objectclass.
19 # - Make activity-from a UTF-8 string rather than ASCII.
20 # - add new debianRoleAccount objectclass.
23 # - Add 'access' as a MAY for debianDeveloper objectclass.
24 # - Add 'gid' attribute.
25 # - Make homeDirectory a MAY not MUST for debianAccount.
26 # - drop userPassword and memberUID MAYs from debianGroup.
27 # - add SUP top STRUCTURAL to debianGroup.
30 # - add a UTF8-enabled 'gecos' attribute type, conflicts with RFC2307
31 # - add debianAccount, which is roughly equivalent to posixAccount but
32 # permits UTF8 gecos fields
33 # - add debianGroup, which is the same as above but for posixGroup
36 # - Remove labeledURI, jpegPhoto from the list of supported
37 # attributes; using inetOrgPerson instead of organizationalPerson as
38 # a structural objectclass gives us both of these, and several other
39 # attributes that may be useful.
40 # - Add echelon attributes for MIA work to the debiandeveloper
41 # objectclass. (accountcomment,accountstatus)
42 # - Add specification for debianServer objectclass, used for Debian
46 # - grammarfied 'allowedHosts' to 'allowedHost' as
47 # 1.3.6.1.4.1.9586.100.4.2.12.
48 # - add 'privateSub' as 1.3.6.1.4.1.9586.100.4.4.5.
49 # - add 'jabberJID' as 1.3.6.1.4.1.9586.100.4.2.13.
50 # - change 'icqUIN' to an integer type (see? I told you it wasn't
51 # approved for use yet! ;)
57 # Project: db.debian.org
58 # Contact: Debian directory administrators <admin@db.debian.org>
62 # enterprise.Debian.project.userdir / 1.3.6.1.4.1.9586.100.4
64 # .1 - public LDAP objectClasses
68 # .2 - public LDAP attributeTypes
77 # .9 - middlename (mn)
79 # .11 - supplementaryGid
100 # .32 - mailDisableMessage
106 # .38 - mailContentInspectionAction
107 # .39 - allowedGroups
108 # .40 - exportOptions
109 # .41 - sshdistAuthKeysHost
115 # .47 - sshfpHostname
117 # .3 - experimental LDAP objectClasses
118 # .1 - debianDeveloper
120 # .3 - debianRoleAccount
122 # .4 - experimental LDAP attributeTypes
123 # .1 - allowedHosts - OBSOLETED
126 # .4 - keyFingerPrint
128 # .6 - accountComment
130 # .8 - perform callouts
131 # .9 - perform greylisting
136 # .15 - mailDefaultOptions
137 # .16 - mailPreserveSuffixSeparator
139 # Public attribute types
140 attributetype ( 1.3.6.1.4.1.9586.100.4.2.1
142 DESC 'textual form of an SSH public key compatible with authorized_keys'
143 EQUALITY caseIgnoreMatch
144 SUBSTR caseIgnoreSubstringsMatch
145 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
147 attributetype ( 1.3.6.1.4.1.9586.100.4.2.2
149 DESC 'last known activity from user email address'
150 EQUALITY caseExactMatch
151 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
153 attributetype ( 1.3.6.1.4.1.9586.100.4.2.3
155 DESC 'last known activity from user PGP key'
156 EQUALITY caseExactIA5Match
157 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
159 attributetype ( 1.3.6.1.4.1.9586.100.4.2.4
161 DESC 'user-editable comment'
162 EQUALITY caseExactIA5Match
163 SUBSTR caseIgnoreIA5SubstringsMatch
164 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
166 attributetype ( 1.3.6.1.4.1.9586.100.4.2.5
168 DESC 'UIN for ICQ instant messaging system'
169 EQUALITY integerMatch
170 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
172 attributetype ( 1.3.6.1.4.1.9586.100.4.2.6
174 DESC 'Internet Relay Chat nickname'
175 EQUALITY caseIgnoreIA5Match
176 SUBSTR caseIgnoreIA5SubstringsMatch
177 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
179 attributetype ( 1.3.6.1.4.1.9586.100.4.2.7
181 DESC 'latitude coordinate'
182 EQUALITY caseExactIA5Match
183 SUBSTR caseExactIA5SubstringsMatch
184 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
186 attributetype ( 1.3.6.1.4.1.9586.100.4.2.8
188 DESC 'longitude coordinate'
189 EQUALITY caseExactIA5Match
190 SUBSTR caseExactIA5SubstringsMatch
191 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
193 attributetype ( 1.3.6.1.4.1.9586.100.4.2.9
194 NAME ( 'mn' 'middlename' )
197 attributetype ( 1.3.6.1.4.1.9586.100.4.2.10
199 DESC 'vacation message'
200 EQUALITY caseIgnoreMatch
201 SUBSTR caseIgnoreSubstringsMatch
202 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
204 attributetype ( 1.3.6.1.4.1.9586.100.4.2.11
205 NAME 'supplementaryGid'
206 DESC 'additional Unix group id of user'
207 EQUALITY caseIgnoreMatch
208 SUBSTR caseIgnoreSubstringsMatch
209 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
211 attributetype ( 1.3.6.1.4.1.9586.100.4.2.12
213 DESC 'host name this account is allowed access to'
214 EQUALITY caseIgnoreIA5Match
215 SUBSTR caseIgnoreIA5SubstringsMatch
216 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
218 attributetype ( 1.3.6.1.4.1.9586.100.4.2.13
220 DESC 'JID for Jabber instant messaging protocol'
221 EQUALITY caseIgnoreIA5Match
222 SUBSTR caseIgnoreIA5SubstringsMatch
223 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
225 attributetype ( 1.3.6.1.4.1.9586.100.4.2.14
227 DESC 'nature of access allowed to server'
228 EQUALITY caseIgnoreMatch
229 SUBSTR caseIgnoreSubstringsMatch
230 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
232 attributetype ( 1.3.6.1.4.1.9586.100.4.2.15
234 DESC 'email address of server administrator'
235 EQUALITY caseIgnoreIA5Match
236 SUBSTR caseIgnoreIA5SubstringsMatch
237 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
239 attributetype ( 1.3.6.1.4.1.9586.100.4.2.16
241 DESC 'hardware architecture of server'
242 EQUALITY caseIgnoreIA5Match
243 SUBSTR caseIgnoreIA5SubstringsMatch
244 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )
246 attributetype ( 1.3.6.1.4.1.9586.100.4.2.17
248 DESC 'type of network connection for server'
249 EQUALITY caseIgnoreMatch
250 SUBSTR caseIgnoreSubstringsMatch
251 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
253 attributetype ( 1.3.6.1.4.1.9586.100.4.2.18
255 DESC 'amount of disk space available to server'
256 EQUALITY caseIgnoreMatch
257 SUBSTR caseIgnoreSubstringsMatch
258 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} )
260 attributetype ( 1.3.6.1.4.1.9586.100.4.2.19
262 DESC 'host OS distribution'
263 EQUALITY caseIgnoreIA5Match
264 SUBSTR caseIgnoreIA5SubstringsMatch
265 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )
267 #attributetype ( 1.3.6.1.4.1.9586.100.4.2.20
269 # DESC '(short) host name of server'
270 # EQUALITY caseIgnoreIA5Match
271 # SUBSTR caseIgnoreIA5SubstringsMatch
272 # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGLE-VALUE )
274 attributetype ( 1.3.6.1.4.1.9586.100.4.2.21
276 DESC 'FQDN of the server'
277 EQUALITY caseIgnoreIA5Match
278 SUBSTR caseIgnoreIA5SubstringsMatch
279 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
281 attributetype ( 1.3.6.1.4.1.9586.100.4.2.22
283 DESC 'description of physical hardware'
284 EQUALITY caseIgnoreMatch
285 SUBSTR caseIgnoreSubstringsMatch
286 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} SINGLE-VALUE )
288 attributetype ( 1.3.6.1.4.1.9586.100.4.2.23
290 DESC 'amount of RAM available to server'
291 EQUALITY caseIgnoreMatch
292 SUBSTR caseIgnoreSubstringsMatch
293 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} )
295 attributetype ( 1.3.6.1.4.1.9586.100.4.2.24
297 DESC 'name of the sponsor of this server'
298 EQUALITY caseIgnoreMatch
299 SUBSTR caseIgnoreSubstringsMatch
300 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
302 attributetype ( 1.3.6.1.4.1.9586.100.4.2.25
304 DESC 'email address of sponsoring server administrator'
305 EQUALITY caseIgnoreIA5Match
306 SUBSTR caseIgnoreIA5SubstringsMatch
307 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
309 attributetype ( 1.3.6.1.4.1.9586.100.4.2.26
311 DESC 'textual form of an SSH public host key compatible with known_hosts'
312 EQUALITY caseIgnoreMatch
313 SUBSTR caseIgnoreSubstringsMatch
314 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
316 attributetype ( 1.3.6.1.4.1.9586.100.4.2.27
318 DESC 'administrative status of server'
319 EQUALITY caseIgnoreMatch
320 SUBSTR caseIgnoreSubstringsMatch
321 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
323 attributetype ( 1.3.6.1.4.1.9586.100.4.2.28
325 DESC 'The GECOS field; the common name'
326 EQUALITY caseIgnoreMatch
327 SUBSTR caseIgnoreSubstringsMatch
328 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
330 attributetype ( 1.3.6.1.4.1.9586.100.4.2.29
333 EQUALITY caseExactIA5Match
334 SUBSTR caseExactIA5SubstringsMatch
335 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
337 #attributetype ( 1.3.6.1.4.1.9586.100.4.2.30
339 # DESC 'ISO 5218 representation of human gender'
340 # EQUALITY integerMatch
342 # SYNTAX 1.3.6.1.4.1.1466.115.121.1.27{1} )
344 attributetype ( 1.3.6.1.4.1.9586.100.4.2.31
346 DESC 'Date of birth in YYYYMMDD format'
347 EQUALITY numericStringMatch
349 SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{8} )
351 attributetype ( 1.3.6.1.4.1.9586.100.4.2.32
352 NAME 'mailDisableMessage'
353 DESC 'Message returned when all mail is disabled'
354 EQUALITY caseIgnoreIA5Match
355 SUBSTR caseIgnoreIA5SubstringsMatch
356 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
358 attributetype ( 1.3.6.1.4.1.9586.100.4.2.33
360 DESC 'purposes of this server'
361 EQUALITY caseIgnoreMatch
362 SUBSTR caseIgnoreSubstringsMatch
363 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
365 attributetype ( 1.3.6.1.4.1.9586.100.4.2.34
367 DESC 'FQDN of the physical host of this virtual server'
368 EQUALITY caseIgnoreIA5Match
369 SUBSTR caseIgnoreIA5SubstringsMatch
371 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
373 attributetype ( 1.3.6.1.4.1.9586.100.4.2.35
375 DESC 'VoIP URL to communicate with that person'
376 EQUALITY caseIgnoreIA5Match
377 SUBSTR caseIgnoreIA5SubstringsMatch
378 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
380 attributetype ( 1.3.6.1.4.1.9586.100.4.2.36
383 EQUALITY octetStringMatch
384 SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
386 attributetype ( 1.3.6.1.4.1.9586.100.4.2.37
388 DESC 'name of other group for which membership implied by memberschip to this group'
389 EQUALITY caseIgnoreIA5Match
390 SUBSTR caseIgnoreIA5SubstringsMatch
391 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
393 # more attributes below
394 attributetype ( 1.3.6.1.4.1.9586.100.4.2.39
396 DESC 'Groups that have access to a host'
397 EQUALITY caseExactIA5Match
398 SUBSTR caseExactIA5SubstringsMatch
399 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
401 attributetype ( 1.3.6.1.4.1.9586.100.4.2.40
403 DESC 'export options for servers'
404 EQUALITY caseIgnoreIA5Match
405 SUBSTR caseIgnoreIA5SubstringsMatch
406 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
408 attributetype ( 1.3.6.1.4.1.9586.100.4.2.43
410 DESC 'web password for SSO'
411 EQUALITY octetStringMatch
412 SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
414 attributetype ( 1.3.6.1.4.1.9586.100.4.2.44
416 DESC 'rtc password for SIP/XMPP'
417 EQUALITY octetStringMatch
418 SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
420 # Experimental attribute types
422 # There are existing schemas for doing DNS in LDAP; would one of
423 # these be better? c.f. draft-miller-dns-ldap-schema-00 (expired)
424 attributetype ( 1.3.6.1.4.1.9586.100.4.4.2
426 DESC 'DNS zone record for user'
427 EQUALITY octetStringMatch
428 SUBSTR caseIgnoreSubstringsMatch
429 SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
431 # rfc822mailbox (RFC1274) is recommended as a replacement for this in
433 attributetype ( 1.3.6.1.4.1.9586.100.4.4.3
435 DESC 'forwarding address for email sent to this account'
436 EQUALITY caseIgnoreIA5Match
437 SUBSTR caseIgnoreIA5SubstringsMatch
438 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
440 # Network Associates also has a schema for PGP keys / key IDs which may
441 # or may not be applicable:
442 # http://www.openldap.org/lists/openldap-devel/200010/msg00071.html
443 attributetype ( 1.3.6.1.4.1.9586.100.4.4.4
444 NAME 'keyFingerPrint'
445 EQUALITY caseIgnoreMatch
446 SUBSTR caseIgnoreSubstringsMatch
447 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
449 # Rather Debian-specific, not useful to the public.
450 attributetype ( 1.3.6.1.4.1.9586.100.4.4.5
452 DESC 'email subscription address for debian-private mailing list'
453 EQUALITY caseIgnoreIA5Match
454 SUBSTR caseIgnoreIA5SubstringsMatch
455 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
457 # Echelon attributes; re-evaluate later
458 attributetype ( 1.3.6.1.4.1.9586.100.4.4.6
459 NAME 'accountComment'
460 DESC 'additional comments regarding the account status'
461 EQUALITY caseIgnoreIA5Match
462 SUBSTR caseIgnoreIA5SubstringsMatch
463 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
465 attributetype ( 1.3.6.1.4.1.9586.100.4.4.7
467 DESC 'Debian developer account status'
468 EQUALITY caseIgnoreIA5Match
469 SUBSTR caseIgnoreIA5SubstringsMatch
470 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
472 # mail attributes; not public information
473 attributetype ( 1.3.6.1.4.1.9586.100.4.4.8
475 DESC 'Whether or not to require a successful callout attempt on email delivery'
476 EQUALITY booleanMatch
477 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
479 attributetype ( 1.3.6.1.4.1.9586.100.4.4.9
480 NAME 'mailGreylisting'
481 DESC 'Whether or not to perform greylisting on email delivery'
482 EQUALITY booleanMatch
483 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
485 attributetype ( 1.3.6.1.4.1.9586.100.4.4.11
487 DESC 'RBL sites to check at SMTP accept time'
488 EQUALITY caseIgnoreIA5Match
489 SUBSTR caseIgnoreIA5SubstringsMatch
490 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
492 attributetype ( 1.3.6.1.4.1.9586.100.4.4.12
494 DESC 'RHSBL sites to check at SMTP accept time'
495 EQUALITY caseIgnoreIA5Match
496 SUBSTR caseIgnoreIA5SubstringsMatch
497 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
499 attributetype ( 1.3.6.1.4.1.9586.100.4.4.13
501 DESC 'sites to whitelist from additional SMTP accept time checks'
502 EQUALITY caseIgnoreIA5Match
503 SUBSTR caseIgnoreIA5SubstringsMatch
504 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
506 attributetype ( 1.3.6.1.4.1.9586.100.4.4.14
508 DESC 'Token for BATV'
509 EQUALITY caseExactMatch
510 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
512 attributetype ( 1.3.6.1.4.1.9586.100.4.4.15
513 NAME 'mailDefaultOptions'
514 DESC 'Whether or not to use a default set of anti-spam options'
515 EQUALITY booleanMatch
516 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
518 attributetype ( 1.3.6.1.4.1.9586.100.4.4.16
519 NAME 'mailPreserveSuffixSeparator'
520 DESC 'suffix serparator'
521 EQUALITY caseIgnoreIA5Match
522 SUBSTR caseIgnoreIA5SubstringsMatch
523 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1} )
525 attributetype ( 1.3.6.1.4.1.9586.100.4.2.38
526 NAME 'mailContentInspectionAction'
527 DESC 'what to do on content inspection hits'
528 EQUALITY caseIgnoreIA5Match
529 SUBSTR caseIgnoreIA5SubstringsMatch
530 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )
532 attributetype ( 1.3.6.1.4.1.9586.100.4.2.41
533 NAME ( 'sshdistAuthKeysHost' )
534 DESC 'Additional hosts/addresess from which to accept ssh connections to the ud-ldap distribution host (db.DOMAIN)'
537 attributetype ( 1.3.6.1.4.1.9586.100.4.4.42
539 DESC 'DNS Time To Live value'
540 EQUALITY caseIgnoreIA5Match
541 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
543 attributetype ( 1.3.6.1.4.1.9586.100.4.4.45
545 DESC 'which procedure to use for rebooting this host'
546 EQUALITY caseIgnoreIA5Match
547 SUBSTR caseIgnoreIA5SubstringsMatch
548 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
550 attributetype ( 1.3.6.1.4.1.9586.100.4.4.46
552 DESC 'Seed for TOTP authentication'
553 EQUALITY octetStringMatch
554 SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
556 attributetype ( 1.3.6.1.4.1.9586.100.4.2.47
558 DESC 'Additional FQDN of the server on which to publish SSHFP records'
559 EQUALITY caseIgnoreIA5Match
560 SUBSTR caseIgnoreIA5SubstringsMatch
561 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
563 # Public object classes
565 objectclass ( 1.3.6.1.4.1.9586.100.4.1.1
567 DESC 'Abstraction of an account with POSIX attributes and UTF8 support'
569 MUST ( cn $ uid $ uidNumber $ gidNumber )
570 MAY ( userPassword $ loginShell $ gecos $ homeDirectory $ description $ mailDisableMessage $ sudoPassword $ webPassword $ rtcPassword $ totpSeed ) )
572 objectclass ( 1.3.6.1.4.1.9586.100.4.1.2
575 DESC 'attributes used for Debian groups'
576 MUST ( gid $ gidNumber )
577 MAY ( cn $ description $ subGroup $ accountStatus ) )
579 # Experimental objectclasses:
581 objectclass ( 1.3.6.1.4.1.9586.100.4.3.1
582 NAME 'debianDeveloper'
583 DESC 'additional account attributes used by Debian'
585 MUST ( uid $ cn $ sn )
586 MAY ( accountComment $ accountStatus $ activity-from $
587 activity-pgp $ allowedHost $ comment $ countryName $
588 dnsZoneEntry $ emailForward $ icqUin $ ircNick $
589 jabberJID $ keyFingerPrint $ latitude $ longitude $ mn $
590 onVacation $ privateSub $ sshRSAAuthKey $ supplementaryGid $
591 access $ birthDate $ mailCallout $ mailGreylisting $
592 mailRBL $ mailRHSBL $ mailWhitelist $ VoIP $ mailContentInspectionAction $
593 bATVToken $ mailDefaultOptions $ mailPreserveSuffixSeparator
596 objectclass ( 1.3.6.1.4.1.9586.100.4.3.2
598 DESC 'Internet-connected server associated with Debian'
600 MUST ( host $ hostname )
601 MAY ( c $ access $ admin $ architecture $ bandwidth $ description $ disk $
602 distribution $ l $ machine $ memory $ sponsor $
603 sponsor-admin $ status $ physicalHost $ ipHostNumber $ dnsTTL $
604 sshRSAHostKey $ purpose $ allowedGroups $ exportOptions $ MXRecord $
605 sshdistAuthKeysHost $ rebootPolicy $ sshfpHostname
608 objectclass ( 1.3.6.1.4.1.9586.100.4.3.3
609 NAME 'debianRoleAccount'
610 DESC 'Abstraction of an account with POSIX attributes and UTF8 support'
611 SUP account STRUCTURAL
612 MAY ( emailForward $ supplementaryGid $ allowedHost $ labeledURI $
613 mailCallout $ mailGreylisting $ mailRBL $ mailRHSBL $
614 mailWhitelist $ dnsZoneEntry $ mailContentInspectionAction $
615 bATVToken $ mailDefaultOptions $ sshRSAAuthKey $ mailPreserveSuffixSeparator