4 # - [PP] Now version controlled in db.d.o bzr repository - 2007-12-25
5 # - [HE] Add 'purpose', 'physicalHost' to debianServer - 2007-12-25
6 # - [zobel] Add 'VoIP' - 2008-05-10
9 # - Add 'gender' and 'birthDate' to debianDeveloper
10 # - Add 'mailDisableMessage' to debianAccount
11 # - Add 'mailDisableMessage', 'mailCallout', 'mailGreylisting', 'mailRBL',
12 # 'mailRHSBL', and 'mailWhitelist' to debianDeveloper and debianRoleAccount
15 # - Add 'access' as a MAY for debianServer objectclass.
16 # - Make activity-from a UTF-8 string rather than ASCII.
17 # - add new debianRoleAccount objectclass.
20 # - Add 'access' as a MAY for debianDeveloper objectclass.
21 # - Add 'gid' attribute.
22 # - Make homeDirectory a MAY not MUST for debianAccount.
23 # - drop userPassword and memberUID MAYs from debianGroup.
24 # - add SUP top STRUCTURAL to debianGroup.
27 # - add a UTF8-enabled 'gecos' attribute type, conflicts with RFC2307
28 # - add debianAccount, which is roughly equivalent to posixAccount but
29 # permits UTF8 gecos fields
30 # - add debianGroup, which is the same as above but for posixGroup
33 # - Remove labeledURI, jpegPhoto from the list of supported
34 # attributes; using inetOrgPerson instead of organizationalPerson as
35 # a structural objectclass gives us both of these, and several other
36 # attributes that may be useful.
37 # - Add echelon attributes for MIA work to the debiandeveloper
38 # objectclass. (accountcomment,accountstatus)
39 # - Add specification for debianServer objectclass, used for Debian
43 # - grammarfied 'allowedHosts' to 'allowedHost' as
44 # 1.3.6.1.4.1.9586.100.4.2.12.
45 # - add 'privateSub' as 1.3.6.1.4.1.9586.100.4.4.5.
46 # - add 'jabberJID' as 1.3.6.1.4.1.9586.100.4.2.13.
47 # - change 'icqUIN' to an integer type (see? I told you it wasn't
48 # approved for use yet! ;)
54 # Project: db.debian.org
55 # Contact: Debian directory administrators <admin@db.debian.org>
59 # enterprise.Debian.project.userdir / 1.3.6.1.4.1.9586.100.4
61 # .1 - public LDAP objectClasses
65 # .2 - public LDAP attributeTypes
74 # .9 - middlename (mn)
76 # .11 - supplementaryGid
97 # .32 - mailDisableMessage
102 # .3 - experimental LDAP objectClasses
103 # .1 - debianDeveloper
105 # .3 - debianRoleAccount
107 # .4 - experimental LDAP attributeTypes
108 # .1 - allowedHosts - OBSOLETED
111 # .4 - keyFingerPrint
113 # .6 - accountComment
115 # .8 - perform callouts
116 # .9 - perform greylisting
121 # Public attribute types
122 attributetype ( 1.3.6.1.4.1.9586.100.4.2.1
124 DESC 'textual form of an SSH public key compatible with authorized_keys'
125 EQUALITY caseIgnoreMatch
126 SUBSTR caseIgnoreSubstringsMatch
127 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
129 attributetype ( 1.3.6.1.4.1.9586.100.4.2.2
131 DESC 'last known activity from user email address'
132 EQUALITY caseExactMatch
133 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
135 attributetype ( 1.3.6.1.4.1.9586.100.4.2.3
137 DESC 'last known activity from user PGP key'
138 EQUALITY caseExactIA5Match
139 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
141 attributetype ( 1.3.6.1.4.1.9586.100.4.2.4
143 DESC 'user-editable comment'
144 EQUALITY caseExactIA5Match
145 SUBSTR caseIgnoreIA5SubstringsMatch
146 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
148 attributetype ( 1.3.6.1.4.1.9586.100.4.2.5
150 DESC 'UIN for ICQ instant messaging system'
151 EQUALITY integerMatch
152 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
154 attributetype ( 1.3.6.1.4.1.9586.100.4.2.6
156 DESC 'Internet Relay Chat nickname'
157 EQUALITY caseIgnoreIA5Match
158 SUBSTR caseIgnoreIA5SubstringsMatch
159 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
161 attributetype ( 1.3.6.1.4.1.9586.100.4.2.7
163 DESC 'latitude coordinate'
164 EQUALITY caseExactIA5Match
165 SUBSTR caseExactIA5SubstringsMatch
166 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
168 attributetype ( 1.3.6.1.4.1.9586.100.4.2.8
170 DESC 'longitude coordinate'
171 EQUALITY caseExactIA5Match
172 SUBSTR caseExactIA5SubstringsMatch
173 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
175 attributetype ( 1.3.6.1.4.1.9586.100.4.2.9
176 NAME ( 'mn' 'middlename' )
179 attributetype ( 1.3.6.1.4.1.9586.100.4.2.10
181 DESC 'vacation message'
182 EQUALITY caseIgnoreMatch
183 SUBSTR caseIgnoreSubstringsMatch
184 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
186 attributetype ( 1.3.6.1.4.1.9586.100.4.2.11
187 NAME 'supplementaryGid'
188 DESC 'additional Unix group id of user'
189 EQUALITY caseIgnoreMatch
190 SUBSTR caseIgnoreSubstringsMatch
191 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
193 attributetype ( 1.3.6.1.4.1.9586.100.4.2.12
195 DESC 'host name this account is allowed access to'
196 EQUALITY caseIgnoreIA5Match
197 SUBSTR caseIgnoreIA5SubstringsMatch
198 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
200 attributetype ( 1.3.6.1.4.1.9586.100.4.2.13
202 DESC 'JID for Jabber instant messaging protocol'
203 EQUALITY caseIgnoreIA5Match
204 SUBSTR caseIgnoreIA5SubstringsMatch
205 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
207 attributetype ( 1.3.6.1.4.1.9586.100.4.2.14
209 DESC 'nature of access allowed to server'
210 EQUALITY caseIgnoreMatch
211 SUBSTR caseIgnoreSubstringsMatch
212 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
214 attributetype ( 1.3.6.1.4.1.9586.100.4.2.15
216 DESC 'email address of server administrator'
217 EQUALITY caseIgnoreIA5Match
218 SUBSTR caseIgnoreIA5SubstringsMatch
219 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
221 attributetype ( 1.3.6.1.4.1.9586.100.4.2.16
223 DESC 'hardware architecture of server'
224 EQUALITY caseIgnoreIA5Match
225 SUBSTR caseIgnoreIA5SubstringsMatch
226 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )
228 attributetype ( 1.3.6.1.4.1.9586.100.4.2.17
230 DESC 'type of network connection for server'
231 EQUALITY caseIgnoreMatch
232 SUBSTR caseIgnoreSubstringsMatch
233 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
235 attributetype ( 1.3.6.1.4.1.9586.100.4.2.18
237 DESC 'amount of disk space available to server'
238 EQUALITY caseIgnoreMatch
239 SUBSTR caseIgnoreSubstringsMatch
240 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} )
242 attributetype ( 1.3.6.1.4.1.9586.100.4.2.19
244 DESC 'host OS distribution'
245 EQUALITY caseIgnoreIA5Match
246 SUBSTR caseIgnoreIA5SubstringsMatch
247 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )
249 #attributetype ( 1.3.6.1.4.1.9586.100.4.2.20
251 # DESC '(short) host name of server'
252 # EQUALITY caseIgnoreIA5Match
253 # SUBSTR caseIgnoreIA5SubstringsMatch
254 # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGLE-VALUE )
256 attributetype ( 1.3.6.1.4.1.9586.100.4.2.21
258 DESC 'FQDN of the server'
259 EQUALITY caseIgnoreIA5Match
260 SUBSTR caseIgnoreIA5SubstringsMatch
261 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
263 attributetype ( 1.3.6.1.4.1.9586.100.4.2.22
265 DESC 'description of physical hardware'
266 EQUALITY caseIgnoreMatch
267 SUBSTR caseIgnoreSubstringsMatch
268 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} SINGLE-VALUE )
270 attributetype ( 1.3.6.1.4.1.9586.100.4.2.23
272 DESC 'amount of RAM available to server'
273 EQUALITY caseIgnoreMatch
274 SUBSTR caseIgnoreSubstringsMatch
275 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} )
277 attributetype ( 1.3.6.1.4.1.9586.100.4.2.24
279 DESC 'name of the sponsor of this server'
280 EQUALITY caseIgnoreMatch
281 SUBSTR caseIgnoreSubstringsMatch
282 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
284 attributetype ( 1.3.6.1.4.1.9586.100.4.2.25
286 DESC 'email address of sponsoring server administrator'
287 EQUALITY caseIgnoreIA5Match
288 SUBSTR caseIgnoreIA5SubstringsMatch
289 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
291 attributetype ( 1.3.6.1.4.1.9586.100.4.2.26
293 DESC 'textual form of an SSH public host key compatible with known_hosts'
294 EQUALITY caseIgnoreMatch
295 SUBSTR caseIgnoreSubstringsMatch
296 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
298 attributetype ( 1.3.6.1.4.1.9586.100.4.2.27
300 DESC 'administrative status of server'
301 EQUALITY caseIgnoreMatch
302 SUBSTR caseIgnoreSubstringsMatch
303 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
305 attributetype ( 1.3.6.1.4.1.9586.100.4.2.28
307 DESC 'The GECOS field; the common name'
308 EQUALITY caseIgnoreMatch
309 SUBSTR caseIgnoreSubstringsMatch
310 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
312 attributetype ( 1.3.6.1.4.1.9586.100.4.2.29
315 EQUALITY caseExactIA5Match
316 SUBSTR caseExactIA5SubstringsMatch
317 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
319 attributetype ( 1.3.6.1.4.1.9586.100.4.2.30
321 DESC 'ISO 5218 representation of human gender'
322 EQUALITY integerMatch
324 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27{1} )
326 attributetype ( 1.3.6.1.4.1.9586.100.4.2.31
328 DESC 'Date of birth in YYYYMMDD format'
329 EQUALITY numericStringMatch
331 SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{8} )
333 attributetype ( 1.3.6.1.4.1.9586.100.4.2.32
334 NAME 'mailDisableMessage'
335 DESC 'Message returned when all mail is disabled'
336 EQUALITY caseIgnoreIA5Match
337 SUBSTR caseIgnoreIA5SubstringsMatch
338 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
340 attributetype ( 1.3.6.1.4.1.9586.100.4.2.33
342 DESC 'purposes of this server'
343 EQUALITY caseIgnoreMatch
344 SUBSTR caseIgnoreSubstringsMatch
345 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
347 attributetype ( 1.3.6.1.4.1.9586.100.4.2.34
349 DESC 'FQDN of the physical host of this virtual server'
350 EQUALITY caseIgnoreIA5Match
351 SUBSTR caseIgnoreIA5SubstringsMatch
353 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
355 attributetype ( 1.3.6.1.4.1.9586.100.4.2.35
357 DESC 'VoIP URL to communicate with that person'
358 EQUALITY caseIgnoreIA5Match
359 SUBSTR caseIgnoreIA5SubstringsMatch
360 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
362 # Public object classes
364 objectclass ( 1.3.6.1.4.1.9586.100.4.1.1
366 DESC 'Abstraction of an account with POSIX attributes and UTF8 support'
368 MUST ( cn $ uid $ uidNumber $ gidNumber )
369 MAY ( userPassword $ loginShell $ gecos $ homeDirectory $ description $ mailDisableMessage ) )
371 objectclass ( 1.3.6.1.4.1.9586.100.4.1.2
374 DESC 'attributes used for Debian groups'
375 MUST ( gid $ gidNumber )
376 MAY ( description ) )
378 # Experimental attribute types
380 # There are existing schemas for doing DNS in LDAP; would one of
381 # these be better? c.f. draft-miller-dns-ldap-schema-00 (expired)
382 attributetype ( 1.3.6.1.4.1.9586.100.4.4.2
384 DESC 'DNS zone record for user'
385 EQUALITY octetStringMatch
386 SUBSTR caseIgnoreSubstringsMatch
387 SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
389 # rfc822mailbox (RFC1274) is recommended as a replacement for this in
391 attributetype ( 1.3.6.1.4.1.9586.100.4.4.3
393 DESC 'forwarding address for email sent to this account'
394 EQUALITY caseIgnoreIA5Match
395 SUBSTR caseIgnoreIA5SubstringsMatch
396 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
398 # Network Associates also has a schema for PGP keys / key IDs which may
399 # or may not be applicable:
400 # http://www.openldap.org/lists/openldap-devel/200010/msg00071.html
401 attributetype ( 1.3.6.1.4.1.9586.100.4.4.4
402 NAME 'keyFingerPrint'
403 EQUALITY caseIgnoreMatch
404 SUBSTR caseIgnoreSubstringsMatch
405 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
407 # Rather Debian-specific, not useful to the public.
408 attributetype ( 1.3.6.1.4.1.9586.100.4.4.5
410 DESC 'email subscription address for debian-private mailing list'
411 EQUALITY caseIgnoreIA5Match
412 SUBSTR caseIgnoreIA5SubstringsMatch
413 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
415 # Echelon attributes; re-evaluate later
416 attributetype ( 1.3.6.1.4.1.9586.100.4.4.6
417 NAME 'accountComment'
418 DESC 'additional comments regarding the account status'
419 EQUALITY caseIgnoreIA5Match
420 SUBSTR caseIgnoreIA5SubstringsMatch
421 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
423 attributetype ( 1.3.6.1.4.1.9586.100.4.4.7
425 DESC 'Debian developer account status'
426 EQUALITY caseIgnoreIA5Match
427 SUBSTR caseIgnoreIA5SubstringsMatch
428 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
430 # mail attributes; not public information
431 attributetype ( 1.3.6.1.4.1.9586.100.4.4.8
433 DESC 'Whether or not to require a successful callout attempt on email delivery'
434 EQUALITY booleanMatch
435 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
437 attributetype ( 1.3.6.1.4.1.9586.100.4.4.9
438 NAME 'mailGreylisting'
439 DESC 'Whether or not to perform greylisting on email delivery'
440 EQUALITY booleanMatch
441 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
443 attributetype ( 1.3.6.1.4.1.9586.100.4.4.11
445 DESC 'RBL sites to check at SMTP accept time'
446 EQUALITY caseIgnoreIA5Match
447 SUBSTR caseIgnoreIA5SubstringsMatch
448 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
450 attributetype ( 1.3.6.1.4.1.9586.100.4.4.12
452 DESC 'RHSBL sites to check at SMTP accept time'
453 EQUALITY caseIgnoreIA5Match
454 SUBSTR caseIgnoreIA5SubstringsMatch
455 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
457 attributetype ( 1.3.6.1.4.1.9586.100.4.4.13
459 DESC 'sites to whitelist from additional SMTP accept time checks'
460 EQUALITY caseIgnoreIA5Match
461 SUBSTR caseIgnoreIA5SubstringsMatch
462 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
464 # Experimental objectclasses:
466 objectclass ( 1.3.6.1.4.1.9586.100.4.3.1
467 NAME 'debianDeveloper'
468 DESC 'additional account attributes used by Debian'
470 MUST ( uid $ cn $ sn )
471 MAY ( accountComment $ accountStatus $ activity-from $
472 activity-pgp $ allowedHost $ comment $ countryName $
473 dnsZoneEntry $ emailForward $ icqUin $ ircNick $
474 jabberJID $ keyFingerPrint $ latitude $ longitude $ mn $
475 onVacation $ privateSub $ sshRSAAuthKey $ supplementaryGid $
476 access $ gender $ birthDate $ mailCallout $ mailGreylisting $
477 mailRBL $ mailRHSBL $ mailWhitelist
480 objectclass ( 1.3.6.1.4.1.9586.100.4.3.2
482 DESC 'Internet-connected server associated with Debian'
484 MUST ( host $ hostname )
485 MAY ( c $ access $ admin $ architecture $ bandwidth $ description $ disk $
486 distribution $ l $ machine $ memory $ sponsor $
487 sponsor-admin $ sshRSAHostKey $ status $ purpose $ physicalHost
490 objectclass ( 1.3.6.1.4.1.9586.100.4.3.3
491 NAME 'debianRoleAccount'
492 DESC 'Abstraction of an account with POSIX attributes and UTF8 support'
493 SUP account STRUCTURAL
494 MAY ( emailForward $ supplementaryGid $ allowedHost $ labeledURI $
495 mailCallout $ mailGreylisting $ mailRBL $ mailRHSBL $