3 # - [PP] Now version controlled in db.d.o git repository, also see debian/changelog - 2009
4 # - [PP] Now version controlled in db.d.o bzr repository - 2007-12-25
7 # - [HE] Add 'purpose', 'physicalHost' to debianServer - 2007-12-25
8 # - [zobel] Add 'VoIP' - 2008-05-10
9 # - [luk] Add 'subGroup' to group - 2008-11-22
12 # - Add 'gender' and 'birthDate' to debianDeveloper
13 # - Add 'mailDisableMessage' to debianAccount
14 # - Add 'mailDisableMessage', 'mailCallout', 'mailGreylisting', 'mailRBL',
15 # 'mailRHSBL', and 'mailWhitelist' to debianDeveloper and debianRoleAccount
18 # - Add 'access' as a MAY for debianServer objectclass.
19 # - Make activity-from a UTF-8 string rather than ASCII.
20 # - add new debianRoleAccount objectclass.
23 # - Add 'access' as a MAY for debianDeveloper objectclass.
24 # - Add 'gid' attribute.
25 # - Make homeDirectory a MAY not MUST for debianAccount.
26 # - drop userPassword and memberUID MAYs from debianGroup.
27 # - add SUP top STRUCTURAL to debianGroup.
30 # - add a UTF8-enabled 'gecos' attribute type, conflicts with RFC2307
31 # - add debianAccount, which is roughly equivalent to posixAccount but
32 # permits UTF8 gecos fields
33 # - add debianGroup, which is the same as above but for posixGroup
36 # - Remove labeledURI, jpegPhoto from the list of supported
37 # attributes; using inetOrgPerson instead of organizationalPerson as
38 # a structural objectclass gives us both of these, and several other
39 # attributes that may be useful.
40 # - Add echelon attributes for MIA work to the debiandeveloper
41 # objectclass. (accountcomment,accountstatus)
42 # - Add specification for debianServer objectclass, used for Debian
46 # - grammarfied 'allowedHosts' to 'allowedHost' as
47 # 1.3.6.1.4.1.9586.100.4.2.12.
48 # - add 'privateSub' as 1.3.6.1.4.1.9586.100.4.4.5.
49 # - add 'jabberJID' as 1.3.6.1.4.1.9586.100.4.2.13.
50 # - change 'icqUIN' to an integer type (see? I told you it wasn't
51 # approved for use yet! ;)
57 # Project: db.debian.org
58 # Contact: Debian directory administrators <admin@db.debian.org>
62 # enterprise.Debian.project.userdir / 1.3.6.1.4.1.9586.100.4
64 # .1 - public LDAP objectClasses
68 # .2 - public LDAP attributeTypes
77 # .9 - middlename (mn)
79 # .11 - supplementaryGid
100 # .32 - mailDisableMessage
106 # .38 - mailContentInspectionAction
107 # .39 - allowedGroups
108 # .40 - exportOptions
109 # .41 - sshdistAuthKeysHost
113 # .3 - experimental LDAP objectClasses
114 # .1 - debianDeveloper
116 # .3 - debianRoleAccount
118 # .4 - experimental LDAP attributeTypes
119 # .1 - allowedHosts - OBSOLETED
122 # .4 - keyFingerPrint
124 # .6 - accountComment
126 # .8 - perform callouts
127 # .9 - perform greylisting
132 # .15 - mailDefaultOptions
133 # .16 - mailPreserveSuffixSeparatorRidiculousName
135 # Public attribute types
136 attributetype ( 1.3.6.1.4.1.9586.100.4.2.1
138 DESC 'textual form of an SSH public key compatible with authorized_keys'
139 EQUALITY caseIgnoreMatch
140 SUBSTR caseIgnoreSubstringsMatch
141 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
143 attributetype ( 1.3.6.1.4.1.9586.100.4.2.2
145 DESC 'last known activity from user email address'
146 EQUALITY caseExactMatch
147 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
149 attributetype ( 1.3.6.1.4.1.9586.100.4.2.3
151 DESC 'last known activity from user PGP key'
152 EQUALITY caseExactIA5Match
153 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
155 attributetype ( 1.3.6.1.4.1.9586.100.4.2.4
157 DESC 'user-editable comment'
158 EQUALITY caseExactIA5Match
159 SUBSTR caseIgnoreIA5SubstringsMatch
160 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
162 attributetype ( 1.3.6.1.4.1.9586.100.4.2.5
164 DESC 'UIN for ICQ instant messaging system'
165 EQUALITY integerMatch
166 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
168 attributetype ( 1.3.6.1.4.1.9586.100.4.2.6
170 DESC 'Internet Relay Chat nickname'
171 EQUALITY caseIgnoreIA5Match
172 SUBSTR caseIgnoreIA5SubstringsMatch
173 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
175 attributetype ( 1.3.6.1.4.1.9586.100.4.2.7
177 DESC 'latitude coordinate'
178 EQUALITY caseExactIA5Match
179 SUBSTR caseExactIA5SubstringsMatch
180 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
182 attributetype ( 1.3.6.1.4.1.9586.100.4.2.8
184 DESC 'longitude coordinate'
185 EQUALITY caseExactIA5Match
186 SUBSTR caseExactIA5SubstringsMatch
187 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
189 attributetype ( 1.3.6.1.4.1.9586.100.4.2.9
190 NAME ( 'mn' 'middlename' )
193 attributetype ( 1.3.6.1.4.1.9586.100.4.2.10
195 DESC 'vacation message'
196 EQUALITY caseIgnoreMatch
197 SUBSTR caseIgnoreSubstringsMatch
198 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
200 attributetype ( 1.3.6.1.4.1.9586.100.4.2.11
201 NAME 'supplementaryGid'
202 DESC 'additional Unix group id of user'
203 EQUALITY caseIgnoreMatch
204 SUBSTR caseIgnoreSubstringsMatch
205 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
207 attributetype ( 1.3.6.1.4.1.9586.100.4.2.12
209 DESC 'host name this account is allowed access to'
210 EQUALITY caseIgnoreIA5Match
211 SUBSTR caseIgnoreIA5SubstringsMatch
212 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
214 attributetype ( 1.3.6.1.4.1.9586.100.4.2.13
216 DESC 'JID for Jabber instant messaging protocol'
217 EQUALITY caseIgnoreIA5Match
218 SUBSTR caseIgnoreIA5SubstringsMatch
219 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
221 attributetype ( 1.3.6.1.4.1.9586.100.4.2.14
223 DESC 'nature of access allowed to server'
224 EQUALITY caseIgnoreMatch
225 SUBSTR caseIgnoreSubstringsMatch
226 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
228 attributetype ( 1.3.6.1.4.1.9586.100.4.2.15
230 DESC 'email address of server administrator'
231 EQUALITY caseIgnoreIA5Match
232 SUBSTR caseIgnoreIA5SubstringsMatch
233 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
235 attributetype ( 1.3.6.1.4.1.9586.100.4.2.16
237 DESC 'hardware architecture of server'
238 EQUALITY caseIgnoreIA5Match
239 SUBSTR caseIgnoreIA5SubstringsMatch
240 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )
242 attributetype ( 1.3.6.1.4.1.9586.100.4.2.17
244 DESC 'type of network connection for server'
245 EQUALITY caseIgnoreMatch
246 SUBSTR caseIgnoreSubstringsMatch
247 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
249 attributetype ( 1.3.6.1.4.1.9586.100.4.2.18
251 DESC 'amount of disk space available to server'
252 EQUALITY caseIgnoreMatch
253 SUBSTR caseIgnoreSubstringsMatch
254 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} )
256 attributetype ( 1.3.6.1.4.1.9586.100.4.2.19
258 DESC 'host OS distribution'
259 EQUALITY caseIgnoreIA5Match
260 SUBSTR caseIgnoreIA5SubstringsMatch
261 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )
263 #attributetype ( 1.3.6.1.4.1.9586.100.4.2.20
265 # DESC '(short) host name of server'
266 # EQUALITY caseIgnoreIA5Match
267 # SUBSTR caseIgnoreIA5SubstringsMatch
268 # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGLE-VALUE )
270 attributetype ( 1.3.6.1.4.1.9586.100.4.2.21
272 DESC 'FQDN of the server'
273 EQUALITY caseIgnoreIA5Match
274 SUBSTR caseIgnoreIA5SubstringsMatch
275 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
277 attributetype ( 1.3.6.1.4.1.9586.100.4.2.22
279 DESC 'description of physical hardware'
280 EQUALITY caseIgnoreMatch
281 SUBSTR caseIgnoreSubstringsMatch
282 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} SINGLE-VALUE )
284 attributetype ( 1.3.6.1.4.1.9586.100.4.2.23
286 DESC 'amount of RAM available to server'
287 EQUALITY caseIgnoreMatch
288 SUBSTR caseIgnoreSubstringsMatch
289 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} )
291 attributetype ( 1.3.6.1.4.1.9586.100.4.2.24
293 DESC 'name of the sponsor of this server'
294 EQUALITY caseIgnoreMatch
295 SUBSTR caseIgnoreSubstringsMatch
296 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
298 attributetype ( 1.3.6.1.4.1.9586.100.4.2.25
300 DESC 'email address of sponsoring server administrator'
301 EQUALITY caseIgnoreIA5Match
302 SUBSTR caseIgnoreIA5SubstringsMatch
303 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
305 attributetype ( 1.3.6.1.4.1.9586.100.4.2.26
307 DESC 'textual form of an SSH public host key compatible with known_hosts'
308 EQUALITY caseIgnoreMatch
309 SUBSTR caseIgnoreSubstringsMatch
310 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
312 attributetype ( 1.3.6.1.4.1.9586.100.4.2.27
314 DESC 'administrative status of server'
315 EQUALITY caseIgnoreMatch
316 SUBSTR caseIgnoreSubstringsMatch
317 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
319 attributetype ( 1.3.6.1.4.1.9586.100.4.2.28
321 DESC 'The GECOS field; the common name'
322 EQUALITY caseIgnoreMatch
323 SUBSTR caseIgnoreSubstringsMatch
324 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
326 attributetype ( 1.3.6.1.4.1.9586.100.4.2.29
329 EQUALITY caseExactIA5Match
330 SUBSTR caseExactIA5SubstringsMatch
331 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
333 attributetype ( 1.3.6.1.4.1.9586.100.4.2.30
335 DESC 'ISO 5218 representation of human gender'
336 EQUALITY integerMatch
338 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27{1} )
340 attributetype ( 1.3.6.1.4.1.9586.100.4.2.31
342 DESC 'Date of birth in YYYYMMDD format'
343 EQUALITY numericStringMatch
345 SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{8} )
347 attributetype ( 1.3.6.1.4.1.9586.100.4.2.32
348 NAME 'mailDisableMessage'
349 DESC 'Message returned when all mail is disabled'
350 EQUALITY caseIgnoreIA5Match
351 SUBSTR caseIgnoreIA5SubstringsMatch
352 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
354 attributetype ( 1.3.6.1.4.1.9586.100.4.2.33
356 DESC 'purposes of this server'
357 EQUALITY caseIgnoreMatch
358 SUBSTR caseIgnoreSubstringsMatch
359 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
361 attributetype ( 1.3.6.1.4.1.9586.100.4.2.34
363 DESC 'FQDN of the physical host of this virtual server'
364 EQUALITY caseIgnoreIA5Match
365 SUBSTR caseIgnoreIA5SubstringsMatch
367 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
369 attributetype ( 1.3.6.1.4.1.9586.100.4.2.35
371 DESC 'VoIP URL to communicate with that person'
372 EQUALITY caseIgnoreIA5Match
373 SUBSTR caseIgnoreIA5SubstringsMatch
374 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
376 attributetype ( 1.3.6.1.4.1.9586.100.4.2.36
379 EQUALITY octetStringMatch
380 SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
382 attributetype ( 1.3.6.1.4.1.9586.100.4.2.37
384 DESC 'name of other group for which membership implied by memberschip to this group'
385 EQUALITY caseIgnoreIA5Match
386 SUBSTR caseIgnoreIA5SubstringsMatch
387 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
389 # more attributes below
390 attributetype ( 1.3.6.1.4.1.9586.100.4.2.39
392 DESC 'Groups that have access to a host'
393 EQUALITY caseExactIA5Match
394 SUBSTR caseExactIA5SubstringsMatch
395 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
397 attributetype ( 1.3.6.1.4.1.9586.100.4.2.40
399 DESC 'export options for servers'
400 EQUALITY caseIgnoreIA5Match
401 SUBSTR caseIgnoreIA5SubstringsMatch
402 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
404 attributetype ( 1.3.6.1.4.1.9586.100.4.2.43
406 DESC 'web password for SSO'
407 EQUALITY octetStringMatch
408 SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
410 # Experimental attribute types
412 # There are existing schemas for doing DNS in LDAP; would one of
413 # these be better? c.f. draft-miller-dns-ldap-schema-00 (expired)
414 attributetype ( 1.3.6.1.4.1.9586.100.4.4.2
416 DESC 'DNS zone record for user'
417 EQUALITY octetStringMatch
418 SUBSTR caseIgnoreSubstringsMatch
419 SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
421 # rfc822mailbox (RFC1274) is recommended as a replacement for this in
423 attributetype ( 1.3.6.1.4.1.9586.100.4.4.3
425 DESC 'forwarding address for email sent to this account'
426 EQUALITY caseIgnoreIA5Match
427 SUBSTR caseIgnoreIA5SubstringsMatch
428 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
430 # Network Associates also has a schema for PGP keys / key IDs which may
431 # or may not be applicable:
432 # http://www.openldap.org/lists/openldap-devel/200010/msg00071.html
433 attributetype ( 1.3.6.1.4.1.9586.100.4.4.4
434 NAME 'keyFingerPrint'
435 EQUALITY caseIgnoreMatch
436 SUBSTR caseIgnoreSubstringsMatch
437 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
439 # Rather Debian-specific, not useful to the public.
440 attributetype ( 1.3.6.1.4.1.9586.100.4.4.5
442 DESC 'email subscription address for debian-private mailing list'
443 EQUALITY caseIgnoreIA5Match
444 SUBSTR caseIgnoreIA5SubstringsMatch
445 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
447 # Echelon attributes; re-evaluate later
448 attributetype ( 1.3.6.1.4.1.9586.100.4.4.6
449 NAME 'accountComment'
450 DESC 'additional comments regarding the account status'
451 EQUALITY caseIgnoreIA5Match
452 SUBSTR caseIgnoreIA5SubstringsMatch
453 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
455 attributetype ( 1.3.6.1.4.1.9586.100.4.4.7
457 DESC 'Debian developer account status'
458 EQUALITY caseIgnoreIA5Match
459 SUBSTR caseIgnoreIA5SubstringsMatch
460 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
462 # mail attributes; not public information
463 attributetype ( 1.3.6.1.4.1.9586.100.4.4.8
465 DESC 'Whether or not to require a successful callout attempt on email delivery'
466 EQUALITY booleanMatch
467 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
469 attributetype ( 1.3.6.1.4.1.9586.100.4.4.9
470 NAME 'mailGreylisting'
471 DESC 'Whether or not to perform greylisting on email delivery'
472 EQUALITY booleanMatch
473 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
475 attributetype ( 1.3.6.1.4.1.9586.100.4.4.11
477 DESC 'RBL sites to check at SMTP accept time'
478 EQUALITY caseIgnoreIA5Match
479 SUBSTR caseIgnoreIA5SubstringsMatch
480 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
482 attributetype ( 1.3.6.1.4.1.9586.100.4.4.12
484 DESC 'RHSBL sites to check at SMTP accept time'
485 EQUALITY caseIgnoreIA5Match
486 SUBSTR caseIgnoreIA5SubstringsMatch
487 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
489 attributetype ( 1.3.6.1.4.1.9586.100.4.4.13
491 DESC 'sites to whitelist from additional SMTP accept time checks'
492 EQUALITY caseIgnoreIA5Match
493 SUBSTR caseIgnoreIA5SubstringsMatch
494 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
496 attributetype ( 1.3.6.1.4.1.9586.100.4.4.14
498 DESC 'Token for BATV'
499 EQUALITY caseExactMatch
500 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
502 attributetype ( 1.3.6.1.4.1.9586.100.4.4.15
503 NAME 'mailDefaultOptions'
504 DESC 'Whether or not to use a default set of anti-spam options'
505 EQUALITY booleanMatch
506 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
508 attributetype ( 1.3.6.1.4.1.9586.100.4.4.16
509 NAME 'mailPreserveSuffixSeparatorRidiculousName'
510 DESC 'Whether or not to preserve the suffix serparator'
511 EQUALITY booleanMatch
512 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
514 attributetype ( 1.3.6.1.4.1.9586.100.4.2.38
515 NAME 'mailContentInspectionAction'
516 DESC 'what to do on content inspection hits'
517 EQUALITY caseIgnoreIA5Match
518 SUBSTR caseIgnoreIA5SubstringsMatch
519 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )
521 attributetype ( 1.3.6.1.4.1.9586.100.4.2.41
522 NAME ( 'sshdistAuthKeysHost' )
525 attributetype ( 1.3.6.1.4.1.9586.100.4.4.42
527 DESC 'DNS Time To Live value'
528 EQUALITY caseIgnoreIA5Match
529 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
531 # Public object classes
533 objectclass ( 1.3.6.1.4.1.9586.100.4.1.1
535 DESC 'Abstraction of an account with POSIX attributes and UTF8 support'
537 MUST ( cn $ uid $ uidNumber $ gidNumber )
538 MAY ( userPassword $ loginShell $ gecos $ homeDirectory $ description $ mailDisableMessage $ sudoPassword $ webPassword ) )
540 objectclass ( 1.3.6.1.4.1.9586.100.4.1.2
543 DESC 'attributes used for Debian groups'
544 MUST ( gid $ gidNumber )
545 MAY ( cn $ description $ subGroup $ accountStatus ) )
547 # Experimental objectclasses:
549 objectclass ( 1.3.6.1.4.1.9586.100.4.3.1
550 NAME 'debianDeveloper'
551 DESC 'additional account attributes used by Debian'
553 MUST ( uid $ cn $ sn )
554 MAY ( accountComment $ accountStatus $ activity-from $
555 activity-pgp $ allowedHost $ comment $ countryName $
556 dnsZoneEntry $ emailForward $ icqUin $ ircNick $
557 jabberJID $ keyFingerPrint $ latitude $ longitude $ mn $
558 onVacation $ privateSub $ sshRSAAuthKey $ supplementaryGid $
559 access $ gender $ birthDate $ mailCallout $ mailGreylisting $
560 mailRBL $ mailRHSBL $ mailWhitelist $ VoIP $ mailContentInspectionAction $
561 bATVToken $ mailDefaultOptions $ mailPreserveSuffixSeparatorRidiculousName
564 objectclass ( 1.3.6.1.4.1.9586.100.4.3.2
566 DESC 'Internet-connected server associated with Debian'
568 MUST ( host $ hostname )
569 MAY ( c $ access $ admin $ architecture $ bandwidth $ description $ disk $
570 distribution $ l $ machine $ memory $ sponsor $
571 sponsor-admin $ status $ physicalHost $ ipHostNumber $ dnsTTL $
572 sshRSAHostKey $ purpose $ allowedGroups $ exportOptions $ MXRecord $
576 objectclass ( 1.3.6.1.4.1.9586.100.4.3.3
577 NAME 'debianRoleAccount'
578 DESC 'Abstraction of an account with POSIX attributes and UTF8 support'
579 SUP account STRUCTURAL
580 MAY ( emailForward $ supplementaryGid $ allowedHost $ labeledURI $
581 mailCallout $ mailGreylisting $ mailRBL $ mailRHSBL $
582 mailWhitelist $ dnsZoneEntry $ mailContentInspectionAction $
583 bATVToken $ mailDefaultOptions $ sshRSAAuthKey $ mailPreserveSuffixSeparatorRidiculousName