3 # - [PP] Now version controlled in db.d.o git repository, also see debian/changelog - 2009
4 # - [PP] Now version controlled in db.d.o bzr repository - 2007-12-25
7 # - [HE] Add 'purpose', 'physicalHost' to debianServer - 2007-12-25
8 # - [zobel] Add 'VoIP' - 2008-05-10
9 # - [luk] Add 'subGroup' to group - 2008-11-22
12 # - Add 'gender' and 'birthDate' to debianDeveloper
13 # - Add 'mailDisableMessage' to debianAccount
14 # - Add 'mailDisableMessage', 'mailCallout', 'mailGreylisting', 'mailRBL',
15 # 'mailRHSBL', and 'mailWhitelist' to debianDeveloper and debianRoleAccount
18 # - Add 'access' as a MAY for debianServer objectclass.
19 # - Make activity-from a UTF-8 string rather than ASCII.
20 # - add new debianRoleAccount objectclass.
23 # - Add 'access' as a MAY for debianDeveloper objectclass.
24 # - Add 'gid' attribute.
25 # - Make homeDirectory a MAY not MUST for debianAccount.
26 # - drop userPassword and memberUID MAYs from debianGroup.
27 # - add SUP top STRUCTURAL to debianGroup.
30 # - add a UTF8-enabled 'gecos' attribute type, conflicts with RFC2307
31 # - add debianAccount, which is roughly equivalent to posixAccount but
32 # permits UTF8 gecos fields
33 # - add debianGroup, which is the same as above but for posixGroup
36 # - Remove labeledURI, jpegPhoto from the list of supported
37 # attributes; using inetOrgPerson instead of organizationalPerson as
38 # a structural objectclass gives us both of these, and several other
39 # attributes that may be useful.
40 # - Add echelon attributes for MIA work to the debiandeveloper
41 # objectclass. (accountcomment,accountstatus)
42 # - Add specification for debianServer objectclass, used for Debian
46 # - grammarfied 'allowedHosts' to 'allowedHost' as
47 # 1.3.6.1.4.1.9586.100.4.2.12.
48 # - add 'privateSub' as 1.3.6.1.4.1.9586.100.4.4.5.
49 # - add 'jabberJID' as 1.3.6.1.4.1.9586.100.4.2.13.
50 # - change 'icqUIN' to an integer type (see? I told you it wasn't
51 # approved for use yet! ;)
57 # Project: db.debian.org
58 # Contact: Debian directory administrators <admin@db.debian.org>
62 # enterprise.Debian.project.userdir / 1.3.6.1.4.1.9586.100.4
64 # .1 - public LDAP objectClasses
68 # .2 - public LDAP attributeTypes
77 # .9 - middlename (mn)
79 # .11 - supplementaryGid
100 # .32 - mailDisableMessage
107 # .3 - experimental LDAP objectClasses
108 # .1 - debianDeveloper
110 # .3 - debianRoleAccount
112 # .4 - experimental LDAP attributeTypes
113 # .1 - allowedHosts - OBSOLETED
116 # .4 - keyFingerPrint
118 # .6 - accountComment
120 # .8 - perform callouts
121 # .9 - perform greylisting
126 # Public attribute types
127 attributetype ( 1.3.6.1.4.1.9586.100.4.2.1
129 DESC 'textual form of an SSH public key compatible with authorized_keys'
130 EQUALITY caseIgnoreMatch
131 SUBSTR caseIgnoreSubstringsMatch
132 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
134 attributetype ( 1.3.6.1.4.1.9586.100.4.2.2
136 DESC 'last known activity from user email address'
137 EQUALITY caseExactMatch
138 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
140 attributetype ( 1.3.6.1.4.1.9586.100.4.2.3
142 DESC 'last known activity from user PGP key'
143 EQUALITY caseExactIA5Match
144 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
146 attributetype ( 1.3.6.1.4.1.9586.100.4.2.4
148 DESC 'user-editable comment'
149 EQUALITY caseExactIA5Match
150 SUBSTR caseIgnoreIA5SubstringsMatch
151 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
153 attributetype ( 1.3.6.1.4.1.9586.100.4.2.5
155 DESC 'UIN for ICQ instant messaging system'
156 EQUALITY integerMatch
157 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
159 attributetype ( 1.3.6.1.4.1.9586.100.4.2.6
161 DESC 'Internet Relay Chat nickname'
162 EQUALITY caseIgnoreIA5Match
163 SUBSTR caseIgnoreIA5SubstringsMatch
164 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
166 attributetype ( 1.3.6.1.4.1.9586.100.4.2.7
168 DESC 'latitude coordinate'
169 EQUALITY caseExactIA5Match
170 SUBSTR caseExactIA5SubstringsMatch
171 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
173 attributetype ( 1.3.6.1.4.1.9586.100.4.2.8
175 DESC 'longitude coordinate'
176 EQUALITY caseExactIA5Match
177 SUBSTR caseExactIA5SubstringsMatch
178 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
180 attributetype ( 1.3.6.1.4.1.9586.100.4.2.9
181 NAME ( 'mn' 'middlename' )
184 attributetype ( 1.3.6.1.4.1.9586.100.4.2.10
186 DESC 'vacation message'
187 EQUALITY caseIgnoreMatch
188 SUBSTR caseIgnoreSubstringsMatch
189 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
191 attributetype ( 1.3.6.1.4.1.9586.100.4.2.11
192 NAME 'supplementaryGid'
193 DESC 'additional Unix group id of user'
194 EQUALITY caseIgnoreMatch
195 SUBSTR caseIgnoreSubstringsMatch
196 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
198 attributetype ( 1.3.6.1.4.1.9586.100.4.2.12
200 DESC 'host name this account is allowed access to'
201 EQUALITY caseIgnoreIA5Match
202 SUBSTR caseIgnoreIA5SubstringsMatch
203 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
205 attributetype ( 1.3.6.1.4.1.9586.100.4.2.13
207 DESC 'JID for Jabber instant messaging protocol'
208 EQUALITY caseIgnoreIA5Match
209 SUBSTR caseIgnoreIA5SubstringsMatch
210 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
212 attributetype ( 1.3.6.1.4.1.9586.100.4.2.14
214 DESC 'nature of access allowed to server'
215 EQUALITY caseIgnoreMatch
216 SUBSTR caseIgnoreSubstringsMatch
217 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
219 attributetype ( 1.3.6.1.4.1.9586.100.4.2.15
221 DESC 'email address of server administrator'
222 EQUALITY caseIgnoreIA5Match
223 SUBSTR caseIgnoreIA5SubstringsMatch
224 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
226 attributetype ( 1.3.6.1.4.1.9586.100.4.2.16
228 DESC 'hardware architecture of server'
229 EQUALITY caseIgnoreIA5Match
230 SUBSTR caseIgnoreIA5SubstringsMatch
231 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )
233 attributetype ( 1.3.6.1.4.1.9586.100.4.2.17
235 DESC 'type of network connection for server'
236 EQUALITY caseIgnoreMatch
237 SUBSTR caseIgnoreSubstringsMatch
238 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
240 attributetype ( 1.3.6.1.4.1.9586.100.4.2.18
242 DESC 'amount of disk space available to server'
243 EQUALITY caseIgnoreMatch
244 SUBSTR caseIgnoreSubstringsMatch
245 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} )
247 attributetype ( 1.3.6.1.4.1.9586.100.4.2.19
249 DESC 'host OS distribution'
250 EQUALITY caseIgnoreIA5Match
251 SUBSTR caseIgnoreIA5SubstringsMatch
252 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )
254 #attributetype ( 1.3.6.1.4.1.9586.100.4.2.20
256 # DESC '(short) host name of server'
257 # EQUALITY caseIgnoreIA5Match
258 # SUBSTR caseIgnoreIA5SubstringsMatch
259 # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGLE-VALUE )
261 attributetype ( 1.3.6.1.4.1.9586.100.4.2.21
263 DESC 'FQDN of the server'
264 EQUALITY caseIgnoreIA5Match
265 SUBSTR caseIgnoreIA5SubstringsMatch
266 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
268 attributetype ( 1.3.6.1.4.1.9586.100.4.2.22
270 DESC 'description of physical hardware'
271 EQUALITY caseIgnoreMatch
272 SUBSTR caseIgnoreSubstringsMatch
273 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} SINGLE-VALUE )
275 attributetype ( 1.3.6.1.4.1.9586.100.4.2.23
277 DESC 'amount of RAM available to server'
278 EQUALITY caseIgnoreMatch
279 SUBSTR caseIgnoreSubstringsMatch
280 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} )
282 attributetype ( 1.3.6.1.4.1.9586.100.4.2.24
284 DESC 'name of the sponsor of this server'
285 EQUALITY caseIgnoreMatch
286 SUBSTR caseIgnoreSubstringsMatch
287 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
289 attributetype ( 1.3.6.1.4.1.9586.100.4.2.25
291 DESC 'email address of sponsoring server administrator'
292 EQUALITY caseIgnoreIA5Match
293 SUBSTR caseIgnoreIA5SubstringsMatch
294 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
296 attributetype ( 1.3.6.1.4.1.9586.100.4.2.26
298 DESC 'textual form of an SSH public host key compatible with known_hosts'
299 EQUALITY caseIgnoreMatch
300 SUBSTR caseIgnoreSubstringsMatch
301 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
303 attributetype ( 1.3.6.1.4.1.9586.100.4.2.27
305 DESC 'administrative status of server'
306 EQUALITY caseIgnoreMatch
307 SUBSTR caseIgnoreSubstringsMatch
308 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
310 attributetype ( 1.3.6.1.4.1.9586.100.4.2.28
312 DESC 'The GECOS field; the common name'
313 EQUALITY caseIgnoreMatch
314 SUBSTR caseIgnoreSubstringsMatch
315 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
317 attributetype ( 1.3.6.1.4.1.9586.100.4.2.29
320 EQUALITY caseExactIA5Match
321 SUBSTR caseExactIA5SubstringsMatch
322 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
324 attributetype ( 1.3.6.1.4.1.9586.100.4.2.30
326 DESC 'ISO 5218 representation of human gender'
327 EQUALITY integerMatch
329 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27{1} )
331 attributetype ( 1.3.6.1.4.1.9586.100.4.2.31
333 DESC 'Date of birth in YYYYMMDD format'
334 EQUALITY numericStringMatch
336 SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{8} )
338 attributetype ( 1.3.6.1.4.1.9586.100.4.2.32
339 NAME 'mailDisableMessage'
340 DESC 'Message returned when all mail is disabled'
341 EQUALITY caseIgnoreIA5Match
342 SUBSTR caseIgnoreIA5SubstringsMatch
343 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
345 attributetype ( 1.3.6.1.4.1.9586.100.4.2.33
347 DESC 'purposes of this server'
348 EQUALITY caseIgnoreMatch
349 SUBSTR caseIgnoreSubstringsMatch
350 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
352 attributetype ( 1.3.6.1.4.1.9586.100.4.2.34
354 DESC 'FQDN of the physical host of this virtual server'
355 EQUALITY caseIgnoreIA5Match
356 SUBSTR caseIgnoreIA5SubstringsMatch
358 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
360 attributetype ( 1.3.6.1.4.1.9586.100.4.2.35
362 DESC 'VoIP URL to communicate with that person'
363 EQUALITY caseIgnoreIA5Match
364 SUBSTR caseIgnoreIA5SubstringsMatch
365 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
367 attributetype ( 1.3.6.1.4.1.9586.100.4.2.36
370 EQUALITY octetStringMatch
371 SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
373 attributetype ( 1.3.6.1.4.1.9586.100.4.2.37
375 DESC 'name of other group for which membership implied by memberschip to this group'
376 EQUALITY caseIgnoreIA5Match
377 SUBSTR caseIgnoreIA5SubstringsMatch
378 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
381 # Public object classes
383 objectclass ( 1.3.6.1.4.1.9586.100.4.1.1
385 DESC 'Abstraction of an account with POSIX attributes and UTF8 support'
387 MUST ( cn $ uid $ uidNumber $ gidNumber )
388 MAY ( userPassword $ loginShell $ gecos $ homeDirectory $ description $ mailDisableMessage $ sudoPassword ) )
390 objectclass ( 1.3.6.1.4.1.9586.100.4.1.2
393 DESC 'attributes used for Debian groups'
394 MUST ( gid $ gidNumber )
395 MAY ( description $ subGroup ) )
397 # Experimental attribute types
399 # There are existing schemas for doing DNS in LDAP; would one of
400 # these be better? c.f. draft-miller-dns-ldap-schema-00 (expired)
401 attributetype ( 1.3.6.1.4.1.9586.100.4.4.2
403 DESC 'DNS zone record for user'
404 EQUALITY octetStringMatch
405 SUBSTR caseIgnoreSubstringsMatch
406 SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
408 # rfc822mailbox (RFC1274) is recommended as a replacement for this in
410 attributetype ( 1.3.6.1.4.1.9586.100.4.4.3
412 DESC 'forwarding address for email sent to this account'
413 EQUALITY caseIgnoreIA5Match
414 SUBSTR caseIgnoreIA5SubstringsMatch
415 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
417 # Network Associates also has a schema for PGP keys / key IDs which may
418 # or may not be applicable:
419 # http://www.openldap.org/lists/openldap-devel/200010/msg00071.html
420 attributetype ( 1.3.6.1.4.1.9586.100.4.4.4
421 NAME 'keyFingerPrint'
422 EQUALITY caseIgnoreMatch
423 SUBSTR caseIgnoreSubstringsMatch
424 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
426 # Rather Debian-specific, not useful to the public.
427 attributetype ( 1.3.6.1.4.1.9586.100.4.4.5
429 DESC 'email subscription address for debian-private mailing list'
430 EQUALITY caseIgnoreIA5Match
431 SUBSTR caseIgnoreIA5SubstringsMatch
432 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
434 # Echelon attributes; re-evaluate later
435 attributetype ( 1.3.6.1.4.1.9586.100.4.4.6
436 NAME 'accountComment'
437 DESC 'additional comments regarding the account status'
438 EQUALITY caseIgnoreIA5Match
439 SUBSTR caseIgnoreIA5SubstringsMatch
440 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
442 attributetype ( 1.3.6.1.4.1.9586.100.4.4.7
444 DESC 'Debian developer account status'
445 EQUALITY caseIgnoreIA5Match
446 SUBSTR caseIgnoreIA5SubstringsMatch
447 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
449 # mail attributes; not public information
450 attributetype ( 1.3.6.1.4.1.9586.100.4.4.8
452 DESC 'Whether or not to require a successful callout attempt on email delivery'
453 EQUALITY booleanMatch
454 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
456 attributetype ( 1.3.6.1.4.1.9586.100.4.4.9
457 NAME 'mailGreylisting'
458 DESC 'Whether or not to perform greylisting on email delivery'
459 EQUALITY booleanMatch
460 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
462 attributetype ( 1.3.6.1.4.1.9586.100.4.4.11
464 DESC 'RBL sites to check at SMTP accept time'
465 EQUALITY caseIgnoreIA5Match
466 SUBSTR caseIgnoreIA5SubstringsMatch
467 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
469 attributetype ( 1.3.6.1.4.1.9586.100.4.4.12
471 DESC 'RHSBL sites to check at SMTP accept time'
472 EQUALITY caseIgnoreIA5Match
473 SUBSTR caseIgnoreIA5SubstringsMatch
474 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
476 attributetype ( 1.3.6.1.4.1.9586.100.4.4.13
478 DESC 'sites to whitelist from additional SMTP accept time checks'
479 EQUALITY caseIgnoreIA5Match
480 SUBSTR caseIgnoreIA5SubstringsMatch
481 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
483 # Experimental objectclasses:
485 objectclass ( 1.3.6.1.4.1.9586.100.4.3.1
486 NAME 'debianDeveloper'
487 DESC 'additional account attributes used by Debian'
489 MUST ( uid $ cn $ sn )
490 MAY ( accountComment $ accountStatus $ activity-from $
491 activity-pgp $ allowedHost $ comment $ countryName $
492 dnsZoneEntry $ emailForward $ icqUin $ ircNick $
493 jabberJID $ keyFingerPrint $ latitude $ longitude $ mn $
494 onVacation $ privateSub $ sshRSAAuthKey $ supplementaryGid $
495 access $ gender $ birthDate $ mailCallout $ mailGreylisting $
496 mailRBL $ mailRHSBL $ mailWhitelist $ VoIP
499 objectclass ( 1.3.6.1.4.1.9586.100.4.3.2
501 DESC 'Internet-connected server associated with Debian'
503 MUST ( host $ hostname )
504 MAY ( c $ access $ admin $ architecture $ bandwidth $ description $ disk $
505 distribution $ l $ machine $ memory $ sponsor $
506 sponsor-admin $ sshRSAHostKey $ status $ purpose $ physicalHost
509 objectclass ( 1.3.6.1.4.1.9586.100.4.3.3
510 NAME 'debianRoleAccount'
511 DESC 'Abstraction of an account with POSIX attributes and UTF8 support'
512 SUP account STRUCTURAL
513 MAY ( emailForward $ supplementaryGid $ allowedHost $ labeledURI $
514 mailCallout $ mailGreylisting $ mailRBL $ mailRHSBL $
515 mailWhitelist $ dnsZoneEntry