| # Licensed to the Apache Software Foundation (ASF) under one |
| # or more contributor license agreements. See the NOTICE file |
| # distributed with this work for additional information |
| # regarding copyright ownership. The ASF licenses this file |
| # to you under the Apache License, Version 2.0 (the |
| # "License"); you may not use this file except in compliance |
| # with the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, |
| # software distributed under the License is distributed on an |
| # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| # KIND, either express or implied. See the License for the |
| # specific language governing permissions and limitations |
| # under the License. |
| |
| # ============================================================================= |
| # System Schema |
| # |
| # Depends on no other schema! |
| # ============================================================================= |
| |
| attributetype ( 2.5.4.0 NAME 'objectClass' |
| DESC 'RFC2256: object classes of the entity' |
| EQUALITY objectIdentifierMatch |
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) |
| |
| attributetype ( 2.5.21.9 NAME 'structuralObjectClass' |
| DESC 'X.500(93): structural object class of entry' |
| EQUALITY objectIdentifierMatch |
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 |
| SINGLE-VALUE |
| NO-USER-MODIFICATION |
| USAGE directoryOperation ) |
| |
| attributetype ( 2.5.18.1 NAME 'createTimestamp' |
| DESC 'RFC2252: time which object was created' |
| EQUALITY generalizedTimeMatch |
| ORDERING generalizedTimeOrderingMatch |
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 |
| SINGLE-VALUE |
| NO-USER-MODIFICATION |
| USAGE directoryOperation ) |
| |
| attributetype ( 2.5.18.2 NAME 'modifyTimestamp' |
| DESC 'RFC2252: time which object was last modified' |
| EQUALITY generalizedTimeMatch |
| ORDERING generalizedTimeOrderingMatch |
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 |
| SINGLE-VALUE |
| NO-USER-MODIFICATION |
| USAGE directoryOperation ) |
| |
| attributetype ( 2.5.18.3 NAME 'creatorsName' |
| DESC 'RFC2252: name of creator' |
| EQUALITY distinguishedNameMatch |
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 |
| SINGLE-VALUE |
| NO-USER-MODIFICATION |
| USAGE directoryOperation ) |
| |
| attributetype ( 2.5.18.4 NAME 'modifiersName' |
| DESC 'RFC2252: name of last modifier' |
| EQUALITY distinguishedNameMatch |
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 |
| SINGLE-VALUE |
| NO-USER-MODIFICATION |
| USAGE directoryOperation ) |
| |
| attributetype ( 2.5.18.9 NAME 'hasSubordinates' |
| DESC 'X.501: entry has children' |
| EQUALITY booleanMatch |
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 |
| SINGLE-VALUE |
| NO-USER-MODIFICATION |
| USAGE directoryOperation ) |
| |
| attributetype ( 2.5.18.10 NAME 'subschemaSubentry' |
| DESC 'RFC2252: name of controlling subschema entry' |
| EQUALITY distinguishedNameMatch |
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 |
| SINGLE-VALUE |
| NO-USER-MODIFICATION |
| USAGE directoryOperation ) |
| |
| attributetype ( 2.5.18.12 NAME 'collectiveAttributeSubentries' |
| EQUALITY distinguishedNameMatch |
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 |
| NO-USER-MODIFICATION |
| USAGE directoryOperation ) |
| |
| attributetype ( 2.5.18.7 NAME 'collectiveExclusions' |
| EQUALITY objectIdentifierMatch |
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 |
| USAGE directoryOperation ) |
| |
| # root DSE attributes |
| |
| attributetype ( 1.3.6.1.4.1.1466.101.120.6 NAME 'altServer' |
| DESC 'RFC2252: alternative servers' |
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 |
| USAGE dSAOperation ) |
| |
| attributetype ( 1.3.6.1.4.1.1466.101.120.5 NAME 'namingContexts' |
| DESC 'RFC2252: naming contexts' |
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 |
| USAGE dSAOperation ) |
| |
| attributetype ( 1.3.6.1.4.1.1466.101.120.13 NAME 'supportedControl' |
| DESC 'RFC2252: supported controls' |
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation ) |
| |
| attributetype ( 1.3.6.1.4.1.1466.101.120.7 NAME 'supportedExtension' |
| DESC 'RFC2252: supported extended operations' |
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 |
| USAGE dSAOperation ) |
| |
| attributetype ( 1.3.6.1.4.1.1466.101.120.15 NAME 'supportedLDAPVersion' |
| DESC 'RFC2252: supported LDAP versions' |
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 |
| USAGE dSAOperation ) |
| |
| attributetype ( 1.3.6.1.4.1.1466.101.120.14 NAME 'supportedSASLMechanisms' |
| DESC 'RFC2252: supported SASL mechanisms' |
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 |
| USAGE dSAOperation ) |
| |
| attributetype ( 1.3.6.1.1.4 NAME 'vendorName' |
| DESC 'RFC3045: name of implementation vendor' |
| EQUALITY caseExactMatch |
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 |
| SINGLE-VALUE |
| NO-USER-MODIFICATION |
| USAGE dSAOperation ) |
| |
| attributetype ( 1.3.6.1.1.5 NAME 'vendorVersion' |
| DESC 'RFC3045: version of implementation' |
| EQUALITY caseExactMatch |
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 |
| SINGLE-VALUE NO-USER-MODIFICATION |
| USAGE dSAOperation ) |
| |
| # =================== |
| # subentry attributes |
| # =================== |
| |
| attributetype ( 2.5.18.5 NAME 'administrativeRole' |
| EQUALITY objectIdentifierMatch |
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 |
| USAGE directoryOperation ) |
| |
| attributetype ( 2.5.18.6 NAME 'subtreeSpecification' |
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.45 |
| SINGLE-VALUE |
| USAGE directoryOperation ) |
| |
| # ============================= |
| # subschema subentry attributes |
| # ============================= |
| |
| attributetype ( 2.5.21.1 NAME 'dITStructureRules' |
| DESC 'RFC2252: DIT structure rules' |
| EQUALITY integerFirstComponentMatch |
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.17 |
| USAGE directoryOperation ) |
| |
| attributetype ( 2.5.21.2 NAME 'dITContentRules' |
| DESC 'RFC2252: DIT content rules' |
| EQUALITY objectIdentifierFirstComponentMatch |
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.16 |
| USAGE directoryOperation ) |
| |
| attributetype ( 2.5.21.4 NAME 'matchingRules' |
| DESC 'RFC2252: matching rules' |
| EQUALITY objectIdentifierFirstComponentMatch |
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.30 |
| USAGE directoryOperation ) |
| |
| attributetype ( 2.5.21.5 NAME 'attributeTypes' |
| DESC 'RFC2252: attribute types' |
| EQUALITY objectIdentifierFirstComponentMatch |
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.3 |
| USAGE directoryOperation ) |
| |
| attributetype ( 2.5.21.6 NAME 'objectClasses' |
| DESC 'RFC2252: object classes' |
| EQUALITY objectIdentifierFirstComponentMatch |
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.37 |
| USAGE directoryOperation ) |
| |
| attributetype ( 2.5.21.7 NAME 'nameForms' |
| DESC 'RFC2252: name forms ' |
| EQUALITY objectIdentifierFirstComponentMatch |
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.35 |
| USAGE directoryOperation ) |
| |
| attributetype ( 2.5.21.8 NAME 'matchingRuleUse' |
| DESC 'RFC2252: matching rule uses' |
| EQUALITY objectIdentifierFirstComponentMatch |
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.31 |
| USAGE directoryOperation ) |
| |
| attributetype ( 1.3.6.1.4.1.1466.101.120.16 NAME 'ldapSyntaxes' |
| DESC 'RFC2252: LDAP syntaxes' |
| EQUALITY objectIdentifierFirstComponentMatch |
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.54 |
| USAGE directoryOperation ) |
| |
| # ===================== |
| # knowledge information |
| # ===================== |
| |
| attributetype ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' ) |
| DESC 'RFC2256: name of aliased object' |
| EQUALITY distinguishedNameMatch |
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 |
| SINGLE-VALUE ) |
| |
| attributetype ( 2.16.840.1.113730.3.1.34 NAME 'ref' |
| DESC 'namedref: subordinate referral URL' |
| EQUALITY caseExactMatch |
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 |
| USAGE distributedOperation ) |
| |
| attributetype ( 1.3.6.1.4.1.1466.101.119.3 NAME 'entryTtl' |
| DESC 'RFC2589: entry time-to-live' |
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 |
| SINGLE-VALUE |
| NO-USER-MODIFICATION |
| USAGE dSAOperation ) |
| |
| attributetype ( 1.3.6.1.4.1.1466.101.119.4 NAME 'dynamicSubtrees' |
| DESC 'RFC2589: dynamic subtrees' |
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 |
| NO-USER-MODIFICATION |
| USAGE dSAOperation ) |
| |
| # ============================================================= |
| # userApplication attributes (which system schema depends upon) |
| # ============================================================= |
| |
| attributetype ( 2.5.4.49 NAME 'distinguishedName' |
| DESC 'RFC2256: common supertype of DN attributes' |
| EQUALITY distinguishedNameMatch |
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) |
| |
| attributetype ( 2.5.4.41 NAME 'name' |
| DESC 'RFC2256: common supertype of name attributes' |
| EQUALITY caseIgnoreMatch |
| SUBSTR caseIgnoreSubstringsMatch |
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) |
| |
| attributetype ( 2.5.4.3 NAME ( 'cn' 'commonName' ) |
| DESC 'RFC2256: common name(s) for which the entity is known by' |
| SUP name ) |
| |
| attributetype ( 2.5.4.35 NAME 'userPassword' |
| DESC 'RFC2256/2307: password of user' |
| EQUALITY octetStringMatch |
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} ) |
| |
| attributetype ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI' |
| DESC 'RFC2079: Uniform Resource Identifier with optional label' |
| EQUALITY caseExactMatch |
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) |
| |
| attributetype ( 1.3.6.1.4.1.4203.1.3.5 NAME 'supportedFeatures' |
| EQUALITY objectIdentifierMatch |
| SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 |
| USAGE dSAOperation ) |
| |
| # ============== |
| # objectClasses |
| # ============== |
| |
| |
| objectclass ( 2.5.6.0 NAME 'top' |
| DESC 'top of the superclass chain' |
| ABSTRACT |
| MUST objectClass ) |
| |
| |
| objectclass ( 1.3.6.1.4.1.1466.101.120.111 |
| NAME 'extensibleObject' |
| DESC 'RFC2252: extensible object' |
| SUP top |
| AUXILIARY ) |
| |
| |
| objectclass ( 2.5.6.1 NAME 'alias' |
| DESC 'RFC2256: an alias' |
| SUP top |
| STRUCTURAL |
| MUST aliasedObjectName ) |
| |
| |
| objectclass ( 2.16.840.1.113730.3.2.6 NAME 'referral' |
| DESC 'namedref: named subordinate referral' |
| SUP top |
| STRUCTURAL |
| MUST ref ) |
| |
| |
| objectclass ( 1.3.6.1.4.1.4203.1.4.1 |
| NAME ( 'OpenLDAProotDSE' 'LDAProotDSE' ) |
| DESC 'OpenLDAP Root DSE object' |
| SUP top |
| STRUCTURAL |
| MAY cn ) |
| |
| |
| objectclass ( 2.5.17.0 NAME 'subentry' |
| SUP top |
| STRUCTURAL |
| MUST ( cn $ subtreeSpecification ) ) |
| |
| |
| objectclass ( 2.5.20.1 NAME 'subschema' |
| DESC 'RFC2252: controlling subschema (sub)entry' |
| AUXILIARY |
| MAY ( dITStructureRules $ nameForms $ ditContentRules $ |
| objectClasses $ attributeTypes $ matchingRules $ |
| matchingRuleUse ) ) |
| |
| |
| objectclass ( 2.5.17.2 |
| NAME 'collectiveAttributeSubentry' |
| AUXILIARY ) |
| |
| |
| objectclass ( 1.3.6.1.4.1.1466.101.119.2 |
| NAME 'dynamicObject' |
| DESC 'RFC2589: Dynamic Object' |
| SUP top |
| AUXILIARY ) |
| |