# Revision history: # # - [PP] Now version controlled in db.d.o git repository, also see debian/changelog - 2009 # - [PP] Now version controlled in db.d.o bzr repository - 2007-12-25 # # long time ago: # - [HE] Add 'purpose', 'physicalHost' to debianServer - 2007-12-25 # - [zobel] Add 'VoIP' - 2008-05-10 # - [luk] Add 'subGroup' to group - 2008-11-22 # # 0.7 [RM] # - Add 'gender' and 'birthDate' to debianDeveloper # - Add 'mailDisableMessage' to debianAccount # - Add 'mailDisableMessage', 'mailCallout', 'mailGreylisting', 'mailRBL', # 'mailRHSBL', and 'mailWhitelist' to debianDeveloper and debianRoleAccount # # 0.6 [JT] # - Add 'access' as a MAY for debianServer objectclass. # - Make activity-from a UTF-8 string rather than ASCII. # - add new debianRoleAccount objectclass. # # 0.5 [JT] # - Add 'access' as a MAY for debianDeveloper objectclass. # - Add 'gid' attribute. # - Make homeDirectory a MAY not MUST for debianAccount. # - drop userPassword and memberUID MAYs from debianGroup. # - add SUP top STRUCTURAL to debianGroup. # # 0.4 # - add a UTF8-enabled 'gecos' attribute type, conflicts with RFC2307 # - add debianAccount, which is roughly equivalent to posixAccount but # permits UTF8 gecos fields # - add debianGroup, which is the same as above but for posixGroup # # 0.3 # - Remove labeledURI, jpegPhoto from the list of supported # attributes; using inetOrgPerson instead of organizationalPerson as # a structural objectclass gives us both of these, and several other # attributes that may be useful. # - Add echelon attributes for MIA work to the debiandeveloper # objectclass. (accountcomment,accountstatus) # - Add specification for debianServer objectclass, used for Debian # server listings # # 0.2 # - grammarfied 'allowedHosts' to 'allowedHost' as # 1.3.6.1.4.1.9586.100.4.2.12. # - add 'privateSub' as 1.3.6.1.4.1.9586.100.4.4.5. # - add 'jabberJID' as 1.3.6.1.4.1.9586.100.4.2.13. # - change 'icqUIN' to an integer type (see? I told you it wasn't # approved for use yet! ;) # # 0.1 # - initial revision # # # Project: db.debian.org # Contact: Debian directory administrators # Type: X.500/LDAP # Section: Project # # enterprise.Debian.project.userdir / 1.3.6.1.4.1.9586.100.4 # # .1 - public LDAP objectClasses # .1 - debianAccount # .2 - debianGroup # # .2 - public LDAP attributeTypes # .1 - sshRSAAuthKey # .2 - activity-from # .3 - activity-pgp # .4 - comment # .5 - icqUin # .6 - ircNick # .7 - latitude # .8 - longitude # .9 - middlename (mn) # .10 - onVacation # .11 - supplementaryGid # .12 - allowedHost # .13 - jabberJID # .14 - access # .15 - admin # .16 - architecture # .17 - bandwidth # .18 - disk # .19 - distribution # .20 - host # .21 - hostname # .22 - machine # .23 - memory # .24 - sponsor # .25 - sponsor-admin # .26 - sshRSAHostKey # .27 - status # .28 - gecos # .29 - gid # .30 - gender # .31 - birthdate # .32 - mailDisableMessage # .33 - purpose # .34 - physicalHost # .35 - VoIP # .36 - sudoPassword # .37 - subGroup # .38 - mailContentInspectionAction # .39 - allowedGroups # .40 - exportOptions # .41 - sshdistAuthKeysHost # .42 - dnsTTL # .43 - webPassword # .44 - rtcPassword # .45 - rebootPolicy # # .3 - experimental LDAP objectClasses # .1 - debianDeveloper # .2 - debianServer # .3 - debianRoleAccount # # .4 - experimental LDAP attributeTypes # .1 - allowedHosts - OBSOLETED # .2 - dnsZoneEntry # .3 - emailForward # .4 - keyFingerPrint # .5 - privateSub # .6 - accountComment # .7 - accountStatus # .8 - perform callouts # .9 - perform greylisting # .11 - DNS RBL # .12 - RHS RBL # .13 - whitelist # .14 - bATVToken # .15 - mailDefaultOptions # .16 - mailPreserveSuffixSeparator # Public attribute types attributetype ( 1.3.6.1.4.1.9586.100.4.2.1 NAME 'sshRSAAuthKey' DESC 'textual form of an SSH public key compatible with authorized_keys' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributetype ( 1.3.6.1.4.1.9586.100.4.2.2 NAME 'activity-from' DESC 'last known activity from user email address' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.9586.100.4.2.3 NAME 'activity-pgp' DESC 'last known activity from user PGP key' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.9586.100.4.2.4 NAME 'comment' DESC 'user-editable comment' EQUALITY caseExactIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.9586.100.4.2.5 NAME 'icqUin' DESC 'UIN for ICQ instant messaging system' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) attributetype ( 1.3.6.1.4.1.9586.100.4.2.6 NAME 'ircNick' DESC 'Internet Relay Chat nickname' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.9586.100.4.2.7 NAME 'latitude' DESC 'latitude coordinate' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.9586.100.4.2.8 NAME 'longitude' DESC 'longitude coordinate' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.9586.100.4.2.9 NAME ( 'mn' 'middlename' ) SUP name ) attributetype ( 1.3.6.1.4.1.9586.100.4.2.10 NAME 'onVacation' DESC 'vacation message' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.9586.100.4.2.11 NAME 'supplementaryGid' DESC 'additional Unix group id of user' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) attributetype ( 1.3.6.1.4.1.9586.100.4.2.12 NAME 'allowedHost' DESC 'host name this account is allowed access to' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.9586.100.4.2.13 NAME 'jabberJID' DESC 'JID for Jabber instant messaging protocol' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.9586.100.4.2.14 NAME 'access' DESC 'nature of access allowed to server' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributetype ( 1.3.6.1.4.1.9586.100.4.2.15 NAME 'admin' DESC 'email address of server administrator' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) attributetype ( 1.3.6.1.4.1.9586.100.4.2.16 NAME 'architecture' DESC 'hardware architecture of server' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.9586.100.4.2.17 NAME 'bandwidth' DESC 'type of network connection for server' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) attributetype ( 1.3.6.1.4.1.9586.100.4.2.18 NAME 'disk' DESC 'amount of disk space available to server' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} ) attributetype ( 1.3.6.1.4.1.9586.100.4.2.19 NAME 'distribution' DESC 'host OS distribution' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE ) #attributetype ( 1.3.6.1.4.1.9586.100.4.2.20 # NAME 'host' # DESC '(short) host name of server' # EQUALITY caseIgnoreIA5Match # SUBSTR caseIgnoreIA5SubstringsMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.9586.100.4.2.21 NAME 'hostname' DESC 'FQDN of the server' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) attributetype ( 1.3.6.1.4.1.9586.100.4.2.22 NAME 'machine' DESC 'description of physical hardware' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.9586.100.4.2.23 NAME 'memory' DESC 'amount of RAM available to server' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} ) attributetype ( 1.3.6.1.4.1.9586.100.4.2.24 NAME 'sponsor' DESC 'name of the sponsor of this server' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributetype ( 1.3.6.1.4.1.9586.100.4.2.25 NAME 'sponsor-admin' DESC 'email address of sponsoring server administrator' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) attributetype ( 1.3.6.1.4.1.9586.100.4.2.26 NAME 'sshRSAHostKey' DESC 'textual form of an SSH public host key compatible with known_hosts' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributetype ( 1.3.6.1.4.1.9586.100.4.2.27 NAME 'status' DESC 'administrative status of server' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributetype ( 1.3.6.1.4.1.9586.100.4.2.28 NAME 'gecos' DESC 'The GECOS field; the common name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.9586.100.4.2.29 NAME 'gid' DESC 'Group Name' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.9586.100.4.2.30 NAME 'gender' DESC 'ISO 5218 representation of human gender' EQUALITY integerMatch SINGLE-VALUE SYNTAX 1.3.6.1.4.1.1466.115.121.1.27{1} ) attributetype ( 1.3.6.1.4.1.9586.100.4.2.31 NAME 'birthDate' DESC 'Date of birth in YYYYMMDD format' EQUALITY numericStringMatch SINGLE-VALUE SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{8} ) attributetype ( 1.3.6.1.4.1.9586.100.4.2.32 NAME 'mailDisableMessage' DESC 'Message returned when all mail is disabled' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.9586.100.4.2.33 NAME 'purpose' DESC 'purposes of this server' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributetype ( 1.3.6.1.4.1.9586.100.4.2.34 NAME 'physicalHost' DESC 'FQDN of the physical host of this virtual server' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SINGLE-VALUE SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) attributetype ( 1.3.6.1.4.1.9586.100.4.2.35 NAME 'VoIP' DESC 'VoIP URL to communicate with that person' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.9586.100.4.2.36 NAME 'sudoPassword' DESC 'sudo password' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributetype ( 1.3.6.1.4.1.9586.100.4.2.37 NAME 'subGroup' DESC 'name of other group for which membership implied by memberschip to this group' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) # more attributes below attributetype ( 1.3.6.1.4.1.9586.100.4.2.39 NAME 'allowedGroups' DESC 'Groups that have access to a host' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.9586.100.4.2.40 NAME 'exportOptions' DESC 'export options for servers' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.9586.100.4.2.43 NAME 'webPassword' DESC 'web password for SSO' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributetype ( 1.3.6.1.4.1.9586.100.4.2.44 NAME 'rtcPassword' DESC 'rtc password for SIP/XMPP' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) # Experimental attribute types # There are existing schemas for doing DNS in LDAP; would one of # these be better? c.f. draft-miller-dns-ldap-schema-00 (expired) attributetype ( 1.3.6.1.4.1.9586.100.4.4.2 NAME 'dnsZoneEntry' DESC 'DNS zone record for user' EQUALITY octetStringMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) # rfc822mailbox (RFC1274) is recommended as a replacement for this in # general. attributetype ( 1.3.6.1.4.1.9586.100.4.4.3 NAME 'emailForward' DESC 'forwarding address for email sent to this account' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE) # Network Associates also has a schema for PGP keys / key IDs which may # or may not be applicable: # http://www.openldap.org/lists/openldap-devel/200010/msg00071.html attributetype ( 1.3.6.1.4.1.9586.100.4.4.4 NAME 'keyFingerPrint' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) # Rather Debian-specific, not useful to the public. attributetype ( 1.3.6.1.4.1.9586.100.4.4.5 NAME 'privateSub' DESC 'email subscription address for debian-private mailing list' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE) # Echelon attributes; re-evaluate later attributetype ( 1.3.6.1.4.1.9586.100.4.4.6 NAME 'accountComment' DESC 'additional comments regarding the account status' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.9586.100.4.4.7 NAME 'accountStatus' DESC 'Debian developer account status' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) # mail attributes; not public information attributetype ( 1.3.6.1.4.1.9586.100.4.4.8 NAME 'mailCallout' DESC 'Whether or not to require a successful callout attempt on email delivery' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.9586.100.4.4.9 NAME 'mailGreylisting' DESC 'Whether or not to perform greylisting on email delivery' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.9586.100.4.4.11 NAME 'mailRBL' DESC 'RBL sites to check at SMTP accept time' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) attributetype ( 1.3.6.1.4.1.9586.100.4.4.12 NAME 'mailRHSBL' DESC 'RHSBL sites to check at SMTP accept time' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) attributetype ( 1.3.6.1.4.1.9586.100.4.4.13 NAME 'mailWhitelist' DESC 'sites to whitelist from additional SMTP accept time checks' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) attributetype ( 1.3.6.1.4.1.9586.100.4.4.14 NAME 'bATVToken' DESC 'Token for BATV' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.9586.100.4.4.15 NAME 'mailDefaultOptions' DESC 'Whether or not to use a default set of anti-spam options' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.9586.100.4.4.16 NAME 'mailPreserveSuffixSeparator' DESC 'suffix serparator' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1} ) attributetype ( 1.3.6.1.4.1.9586.100.4.2.38 NAME 'mailContentInspectionAction' DESC 'what to do on content inspection hits' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.9586.100.4.2.41 NAME ( 'sshdistAuthKeysHost' ) SUP ipHostNumber ) attributetype ( 1.3.6.1.4.1.9586.100.4.4.42 NAME 'dnsTTL' DESC 'DNS Time To Live value' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.9586.100.4.4.45 NAME 'rebootPolicy' DESC 'which procedure to use for rebooting this host' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) # Public object classes objectclass ( 1.3.6.1.4.1.9586.100.4.1.1 NAME 'debianAccount' DESC 'Abstraction of an account with POSIX attributes and UTF8 support' SUP top AUXILIARY MUST ( cn $ uid $ uidNumber $ gidNumber ) MAY ( userPassword $ loginShell $ gecos $ homeDirectory $ description $ mailDisableMessage $ sudoPassword $ webPassword $ rtcPassword ) ) objectclass ( 1.3.6.1.4.1.9586.100.4.1.2 NAME 'debianGroup' SUP top STRUCTURAL DESC 'attributes used for Debian groups' MUST ( gid $ gidNumber ) MAY ( cn $ description $ subGroup $ accountStatus ) ) # Experimental objectclasses: objectclass ( 1.3.6.1.4.1.9586.100.4.3.1 NAME 'debianDeveloper' DESC 'additional account attributes used by Debian' SUP top AUXILIARY MUST ( uid $ cn $ sn ) MAY ( accountComment $ accountStatus $ activity-from $ activity-pgp $ allowedHost $ comment $ countryName $ dnsZoneEntry $ emailForward $ icqUin $ ircNick $ jabberJID $ keyFingerPrint $ latitude $ longitude $ mn $ onVacation $ privateSub $ sshRSAAuthKey $ supplementaryGid $ access $ gender $ birthDate $ mailCallout $ mailGreylisting $ mailRBL $ mailRHSBL $ mailWhitelist $ VoIP $ mailContentInspectionAction $ bATVToken $ mailDefaultOptions $ mailPreserveSuffixSeparator ) ) objectclass ( 1.3.6.1.4.1.9586.100.4.3.2 NAME 'debianServer' DESC 'Internet-connected server associated with Debian' SUP top STRUCTURAL MUST ( host $ hostname ) MAY ( c $ access $ admin $ architecture $ bandwidth $ description $ disk $ distribution $ l $ machine $ memory $ sponsor $ sponsor-admin $ status $ physicalHost $ ipHostNumber $ dnsTTL $ sshRSAHostKey $ purpose $ allowedGroups $ exportOptions $ MXRecord $ sshdistAuthKeysHost $ rebootPolicy ) ) objectclass ( 1.3.6.1.4.1.9586.100.4.3.3 NAME 'debianRoleAccount' DESC 'Abstraction of an account with POSIX attributes and UTF8 support' SUP account STRUCTURAL MAY ( emailForward $ supplementaryGid $ allowedHost $ labeledURI $ mailCallout $ mailGreylisting $ mailRBL $ mailRHSBL $ mailWhitelist $ dnsZoneEntry $ mailContentInspectionAction $ bATVToken $ mailDefaultOptions $ sshRSAAuthKey $ mailPreserveSuffixSeparator ) )