4 # - [PP] Now version controlled in db.d.o bzr repository - 2007-12-25
5 # - [HE] Add 'purpose', 'physicalHost' to debianServer - 2007-12-25
8 # - Add 'gender' and 'birthDate' to debianDeveloper
9 # - Add 'mailDisableMessage' to debianAccount
10 # - Add 'mailDisableMessage', 'mailCallout', 'mailGreylisting', 'mailRBL',
11 # 'mailRHSBL', and 'mailWhitelist' to debianDeveloper and debianRoleAccount
14 # - Add 'access' as a MAY for debianServer objectclass.
15 # - Make activity-from a UTF-8 string rather than ASCII.
16 # - add new debianRoleAccount objectclass.
19 # - Add 'access' as a MAY for debianDeveloper objectclass.
20 # - Add 'gid' attribute.
21 # - Make homeDirectory a MAY not MUST for debianAccount.
22 # - drop userPassword and memberUID MAYs from debianGroup.
23 # - add SUP top STRUCTURAL to debianGroup.
26 # - add a UTF8-enabled 'gecos' attribute type, conflicts with RFC2307
27 # - add debianAccount, which is roughly equivalent to posixAccount but
28 # permits UTF8 gecos fields
29 # - add debianGroup, which is the same as above but for posixGroup
32 # - Remove labeledURI, jpegPhoto from the list of supported
33 # attributes; using inetOrgPerson instead of organizationalPerson as
34 # a structural objectclass gives us both of these, and several other
35 # attributes that may be useful.
36 # - Add echelon attributes for MIA work to the debiandeveloper
37 # objectclass. (accountcomment,accountstatus)
38 # - Add specification for debianServer objectclass, used for Debian
42 # - grammarfied 'allowedHosts' to 'allowedHost' as
43 # 1.3.6.1.4.1.9586.100.4.2.12.
44 # - add 'privateSub' as 1.3.6.1.4.1.9586.100.4.4.5.
45 # - add 'jabberJID' as 1.3.6.1.4.1.9586.100.4.2.13.
46 # - change 'icqUIN' to an integer type (see? I told you it wasn't
47 # approved for use yet! ;)
53 # Project: db.debian.org
54 # Contact: Debian directory administrators <admin@db.debian.org>
58 # enterprise.Debian.project.userdir / 1.3.6.1.4.1.9586.100.4
60 # .1 - public LDAP objectClasses
64 # .2 - public LDAP attributeTypes
73 # .9 - middlename (mn)
75 # .11 - supplementaryGid
96 # .32 - mailDisableMessage
100 # .3 - experimental LDAP objectClasses
101 # .1 - debianDeveloper
103 # .3 - debianRoleAccount
105 # .4 - experimental LDAP attributeTypes
106 # .1 - allowedHosts - OBSOLETED
109 # .4 - keyFingerPrint
111 # .6 - accountComment
113 # .8 - perform callouts
114 # .9 - perform greylisting
119 # Public attribute types
120 attributetype ( 1.3.6.1.4.1.9586.100.4.2.1
122 DESC 'textual form of an SSH public key compatible with authorized_keys'
123 EQUALITY caseIgnoreMatch
124 SUBSTR caseIgnoreSubstringsMatch
125 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
127 attributetype ( 1.3.6.1.4.1.9586.100.4.2.2
129 DESC 'last known activity from user email address'
130 EQUALITY caseExactMatch
131 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
133 attributetype ( 1.3.6.1.4.1.9586.100.4.2.3
135 DESC 'last known activity from user PGP key'
136 EQUALITY caseExactIA5Match
137 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
139 attributetype ( 1.3.6.1.4.1.9586.100.4.2.4
141 DESC 'user-editable comment'
142 EQUALITY caseExactIA5Match
143 SUBSTR caseIgnoreIA5SubstringsMatch
144 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
146 attributetype ( 1.3.6.1.4.1.9586.100.4.2.5
148 DESC 'UIN for ICQ instant messaging system'
149 EQUALITY integerMatch
150 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
152 attributetype ( 1.3.6.1.4.1.9586.100.4.2.6
154 DESC 'Internet Relay Chat nickname'
155 EQUALITY caseIgnoreIA5Match
156 SUBSTR caseIgnoreIA5SubstringsMatch
157 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
159 attributetype ( 1.3.6.1.4.1.9586.100.4.2.7
161 DESC 'latitude coordinate'
162 EQUALITY caseExactIA5Match
163 SUBSTR caseExactIA5SubstringsMatch
164 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
166 attributetype ( 1.3.6.1.4.1.9586.100.4.2.8
168 DESC 'longitude coordinate'
169 EQUALITY caseExactIA5Match
170 SUBSTR caseExactIA5SubstringsMatch
171 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
173 attributetype ( 1.3.6.1.4.1.9586.100.4.2.9
174 NAME ( 'mn' 'middlename' )
177 attributetype ( 1.3.6.1.4.1.9586.100.4.2.10
179 DESC 'vacation message'
180 EQUALITY caseIgnoreMatch
181 SUBSTR caseIgnoreSubstringsMatch
182 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
184 attributetype ( 1.3.6.1.4.1.9586.100.4.2.11
185 NAME 'supplementaryGid'
186 DESC 'additional Unix group id of user'
187 EQUALITY caseIgnoreMatch
188 SUBSTR caseIgnoreSubstringsMatch
189 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
191 attributetype ( 1.3.6.1.4.1.9586.100.4.2.12
193 DESC 'host name this account is allowed access to'
194 EQUALITY caseIgnoreIA5Match
195 SUBSTR caseIgnoreIA5SubstringsMatch
196 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
198 attributetype ( 1.3.6.1.4.1.9586.100.4.2.13
200 DESC 'JID for Jabber instant messaging protocol'
201 EQUALITY caseIgnoreIA5Match
202 SUBSTR caseIgnoreIA5SubstringsMatch
203 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
205 attributetype ( 1.3.6.1.4.1.9586.100.4.2.14
207 DESC 'nature of access allowed to server'
208 EQUALITY caseIgnoreMatch
209 SUBSTR caseIgnoreSubstringsMatch
210 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
212 attributetype ( 1.3.6.1.4.1.9586.100.4.2.15
214 DESC 'email address of server administrator'
215 EQUALITY caseIgnoreIA5Match
216 SUBSTR caseIgnoreIA5SubstringsMatch
217 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
219 attributetype ( 1.3.6.1.4.1.9586.100.4.2.16
221 DESC 'hardware architecture of server'
222 EQUALITY caseIgnoreIA5Match
223 SUBSTR caseIgnoreIA5SubstringsMatch
224 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )
226 attributetype ( 1.3.6.1.4.1.9586.100.4.2.17
228 DESC 'type of network connection for server'
229 EQUALITY caseIgnoreMatch
230 SUBSTR caseIgnoreSubstringsMatch
231 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
233 attributetype ( 1.3.6.1.4.1.9586.100.4.2.18
235 DESC 'amount of disk space available to server'
236 EQUALITY caseIgnoreMatch
237 SUBSTR caseIgnoreSubstringsMatch
238 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} )
240 attributetype ( 1.3.6.1.4.1.9586.100.4.2.19
242 DESC 'host OS distribution'
243 EQUALITY caseIgnoreIA5Match
244 SUBSTR caseIgnoreIA5SubstringsMatch
245 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )
247 #attributetype ( 1.3.6.1.4.1.9586.100.4.2.20
249 # DESC '(short) host name of server'
250 # EQUALITY caseIgnoreIA5Match
251 # SUBSTR caseIgnoreIA5SubstringsMatch
252 # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGLE-VALUE )
254 attributetype ( 1.3.6.1.4.1.9586.100.4.2.21
256 DESC 'FQDN of the server'
257 EQUALITY caseIgnoreIA5Match
258 SUBSTR caseIgnoreIA5SubstringsMatch
259 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
261 attributetype ( 1.3.6.1.4.1.9586.100.4.2.22
263 DESC 'description of physical hardware'
264 EQUALITY caseIgnoreMatch
265 SUBSTR caseIgnoreSubstringsMatch
266 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} SINGLE-VALUE )
268 attributetype ( 1.3.6.1.4.1.9586.100.4.2.23
270 DESC 'amount of RAM available to server'
271 EQUALITY caseIgnoreMatch
272 SUBSTR caseIgnoreSubstringsMatch
273 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} )
275 attributetype ( 1.3.6.1.4.1.9586.100.4.2.24
277 DESC 'name of the sponsor of this server'
278 EQUALITY caseIgnoreMatch
279 SUBSTR caseIgnoreSubstringsMatch
280 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
282 attributetype ( 1.3.6.1.4.1.9586.100.4.2.25
284 DESC 'email address of sponsoring server administrator'
285 EQUALITY caseIgnoreIA5Match
286 SUBSTR caseIgnoreIA5SubstringsMatch
287 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
289 attributetype ( 1.3.6.1.4.1.9586.100.4.2.26
291 DESC 'textual form of an SSH public host key compatible with known_hosts'
292 EQUALITY caseIgnoreMatch
293 SUBSTR caseIgnoreSubstringsMatch
294 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
296 attributetype ( 1.3.6.1.4.1.9586.100.4.2.27
298 DESC 'administrative status of server'
299 EQUALITY caseIgnoreMatch
300 SUBSTR caseIgnoreSubstringsMatch
301 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
303 attributetype ( 1.3.6.1.4.1.9586.100.4.2.28
305 DESC 'The GECOS field; the common name'
306 EQUALITY caseIgnoreMatch
307 SUBSTR caseIgnoreSubstringsMatch
308 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
310 attributetype ( 1.3.6.1.4.1.9586.100.4.2.29
313 EQUALITY caseExactIA5Match
314 SUBSTR caseExactIA5SubstringsMatch
315 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
317 attributetype ( 1.3.6.1.4.1.9586.100.4.2.30
319 DESC 'ISO 5218 representation of human gender'
320 EQUALITY integerMatch
322 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27{1} )
324 attributetype ( 1.3.6.1.4.1.9586.100.4.2.31
326 DESC 'Date of birth in YYYYMMDD format'
327 EQUALITY numericStringMatch
329 SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{8} )
331 attributetype ( 1.3.6.1.4.1.9586.100.4.2.32
332 NAME 'mailDisableMessage'
333 DESC 'Message returned when all mail is disabled'
334 EQUALITY caseIgnoreIA5Match
335 SUBSTR caseIgnoreIA5SubstringsMatch
336 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
338 attributetype ( 1.3.6.1.4.1.9586.100.4.2.33
340 DESC 'purposes of this server'
341 EQUALITY caseIgnoreMatch
342 SUBSTR caseIgnoreSubstringsMatch
343 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
345 attributetype ( 1.3.6.1.4.1.9586.100.4.2.34
347 DESC 'FQDN of the physical host of this virtual server'
348 EQUALITY caseIgnoreIA5Match
349 SUBSTR caseIgnoreIA5SubstringsMatch
351 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
353 # Public object classes
355 objectclass ( 1.3.6.1.4.1.9586.100.4.1.1
357 DESC 'Abstraction of an account with POSIX attributes and UTF8 support'
359 MUST ( cn $ uid $ uidNumber $ gidNumber )
360 MAY ( userPassword $ loginShell $ gecos $ homeDirectory $ description $ mailDisableMessage ) )
362 objectclass ( 1.3.6.1.4.1.9586.100.4.1.2
365 DESC 'attributes used for Debian groups'
366 MUST ( gid $ gidNumber )
367 MAY ( description ) )
369 # Experimental attribute types
371 # There are existing schemas for doing DNS in LDAP; would one of
372 # these be better? c.f. draft-miller-dns-ldap-schema-00 (expired)
373 attributetype ( 1.3.6.1.4.1.9586.100.4.4.2
375 DESC 'DNS zone record for user'
376 EQUALITY octetStringMatch
377 SUBSTR caseIgnoreSubstringsMatch
378 SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
380 # rfc822mailbox (RFC1274) is recommended as a replacement for this in
382 attributetype ( 1.3.6.1.4.1.9586.100.4.4.3
384 DESC 'forwarding address for email sent to this account'
385 EQUALITY caseIgnoreIA5Match
386 SUBSTR caseIgnoreIA5SubstringsMatch
387 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
389 # Network Associates also has a schema for PGP keys / key IDs which may
390 # or may not be applicable:
391 # http://www.openldap.org/lists/openldap-devel/200010/msg00071.html
392 attributetype ( 1.3.6.1.4.1.9586.100.4.4.4
393 NAME 'keyFingerPrint'
394 EQUALITY caseIgnoreMatch
395 SUBSTR caseIgnoreSubstringsMatch
396 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
398 # Rather Debian-specific, not useful to the public.
399 attributetype ( 1.3.6.1.4.1.9586.100.4.4.5
401 DESC 'email subscription address for debian-private mailing list'
402 EQUALITY caseIgnoreIA5Match
403 SUBSTR caseIgnoreIA5SubstringsMatch
404 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
406 # Echelon attributes; re-evaluate later
407 attributetype ( 1.3.6.1.4.1.9586.100.4.4.6
408 NAME 'accountComment'
409 DESC 'additional comments regarding the account status'
410 EQUALITY caseIgnoreIA5Match
411 SUBSTR caseIgnoreIA5SubstringsMatch
412 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
414 attributetype ( 1.3.6.1.4.1.9586.100.4.4.7
416 DESC 'Debian developer account status'
417 EQUALITY caseIgnoreIA5Match
418 SUBSTR caseIgnoreIA5SubstringsMatch
419 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
421 # mail attributes; not public information
422 attributetype ( 1.3.6.1.4.1.9586.100.4.4.8
424 DESC 'Whether or not to require a successful callout attempt on email delivery'
425 EQUALITY booleanMatch
426 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
428 attributetype ( 1.3.6.1.4.1.9586.100.4.4.9
429 NAME 'mailGreylisting'
430 DESC 'Whether or not to perform greylisting on email delivery'
431 EQUALITY booleanMatch
432 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
434 attributetype ( 1.3.6.1.4.1.9586.100.4.4.11
436 DESC 'RBL sites to check at SMTP accept time'
437 EQUALITY caseIgnoreIA5Match
438 SUBSTR caseIgnoreIA5SubstringsMatch
439 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
441 attributetype ( 1.3.6.1.4.1.9586.100.4.4.12
443 DESC 'RHSBL sites to check at SMTP accept time'
444 EQUALITY caseIgnoreIA5Match
445 SUBSTR caseIgnoreIA5SubstringsMatch
446 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
448 attributetype ( 1.3.6.1.4.1.9586.100.4.4.13
450 DESC 'sites to whitelist from additional SMTP accept time checks'
451 EQUALITY caseIgnoreIA5Match
452 SUBSTR caseIgnoreIA5SubstringsMatch
453 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
455 # Experimental objectclasses:
457 objectclass ( 1.3.6.1.4.1.9586.100.4.3.1
458 NAME 'debianDeveloper'
459 DESC 'additional account attributes used by Debian'
461 MUST ( uid $ cn $ sn )
462 MAY ( accountComment $ accountStatus $ activity-from $
463 activity-pgp $ allowedHost $ comment $ countryName $
464 dnsZoneEntry $ emailForward $ icqUin $ ircNick $
465 jabberJID $ keyFingerPrint $ latitude $ longitude $ mn $
466 onVacation $ privateSub $ sshRSAAuthKey $ supplementaryGid $
467 access $ gender $ birthDate $ mailCallout $ mailGreylisting $
468 mailRBL $ mailRHSBL $ mailWhitelist
471 objectclass ( 1.3.6.1.4.1.9586.100.4.3.2
473 DESC 'Internet-connected server associated with Debian'
475 MUST ( host $ hostname )
476 MAY ( c $ access $ admin $ architecture $ bandwidth $ description $ disk $
477 distribution $ l $ machine $ memory $ sponsor $
478 sponsor-admin $ sshRSAHostKey $ status $ purpose $ physicalHost
481 objectclass ( 1.3.6.1.4.1.9586.100.4.3.3
482 NAME 'debianRoleAccount'
483 DESC 'Abstraction of an account with POSIX attributes and UTF8 support'
484 SUP account STRUCTURAL
485 MAY ( emailForward $ supplementaryGid $ allowedHost $ labeledURI $
486 mailCallout $ mailGreylisting $ mailRBL $ mailRHSBL $