Re: [Freeipa-devel] [PATCH] 449 renumber IPA schema OIDs

Dmitri Pal Fri, 21 May 2010 08:50:02 -0700

Rob Crittenden wrote:
> Use correct OID base for ipaVolumeKey (its an objectClass, not an
> attribute).
>
> Re-number to use contiguous values. There were some pretty big gaps.
>
> rob
> ------------------------------------------------------------------------
>
> _______________________________________________
> Freeipa-devel mailing list
> [email protected]
> https://www.redhat.com/mailman/listinfo/freeipa-devel
Nack


Here are couple suggestions:
* Let us not add schema that we do not use and do not need. The policy
schema though well desinged has not been implemented. There is a risk
that it would require some changes if ever implemented. I suggest we
keep it in the tree but not include in the install.
* The volume key management schema is not used either. I would suggest
we extract it and save in a file aside but do not add into the main
schema. As things stand not this schema will not be used.
* For v2 we should use only 3,4,5,6. 1 and are reserved for v1


So the things would look like in the attached files.
I have not had a chance to make sure they load but I hope I did not miss
anything.






-- 
Thank you,
Dmitri Pal

Engineering Manager IPA project,
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/

## IPA Base OID:        2.16.840.1.113730.3.8
##
## Attributes:          2.16.840.1.113730.3.8.3 - V2 base attributres
## ObjectClasses:       2.16.840.1.113730.3.8.4 - V2 base objectclasses
## Attributes:          2.16.840.1.113730.3.8.5 - V2 DNS related attributres
## ObjectClasses:       2.16.840.1.113730.3.8.6 - V2 DNS related objectclasses
##
dn: cn=schema
attributeTypes: (2.16.840.1.113730.3.8.3.1 NAME 'ipaUniqueID' DESC 'Unique 
identifier' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730.3.8.3.2 NAME 'ipaClientVersion' DESC 'Text 
string describing client version of the IPA software installed' SYNTAX 
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730.3.8.3.3 NAME 'enrolledBy' DESC 'DN of 
administrator who performed manual enrollment of the host' SYNTAX 
1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730.3.8.3.4 NAME 'enrollmentPwd' DESC 'Password 
used to bulk enroll machines' EQUALITY octetStringMatch SYNTAX 
1.3.6.1.4.1.1466.115.121.1.40{128} X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730.3.8.3.18 NAME 'fqdn' DESC 'FQDN' SYNTAX 
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730.3.8.3.19 NAME 'managedBy' DESC 'DNs of 
entries allowed to manage' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA 
v2')
objectClasses: (2.16.840.1.113730.3.8.4.1 NAME 'ipaHost' AUXILIARY MUST ( fqdn 
) MAY ( userPassword $ ipaClientVersion $ enrolledBy $ memberOf) X-ORIGIN 'IPA 
v2' )
objectClasses: (2.16.840.1.113730.3.8.4.44 NAME 'ipaObject' DESC 'IPA 
objectclass' AUXILIARY MUST ( ipaUniqueId ) X-ORIGIN 'IPA v2' )
objectClasses: (2.16.840.1.113730.3.8.4.2 NAME 'ipaService' DESC 'IPA service 
objectclass' AUXILIARY MAY ( memberOf $ managedBy ) X-ORIGIN 'IPA v2' )
objectClasses: (2.16.840.1.113730.3.8.4.3 NAME 'nestedGroup' DESC 'Group that 
supports nesting' SUP groupOfNames STRUCTURAL MAY memberOf X-ORIGIN 'IPA v2' )
objectClasses: (2.16.840.1.113730.3.8.4.4 NAME 'ipaUserGroup' DESC 'IPA user 
group object class' SUP nestedGroup STRUCTURAL X-ORIGIN 'IPA v2' )
objectClasses: (2.16.840.1.113730.3.8.4.5 NAME 'ipaHostGroup' DESC 'IPA host 
group object class' SUP nestedGroup STRUCTURAL X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730.3.8.3.5 NAME 'memberUser' DESC 'Reference to 
a principal that performs an action (usually user).' SUP distinguishedName 
EQUALITY distinguishedNameMatch ORDERING distinguishedNameMatch SUBSTR 
distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730.3.8.3.6 NAME 'userCategory' DESC 'Additional 
classification for users' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch 
SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 
'IPA v2' )
attributeTypes: (2.16.840.1.113730.3.8.3.7 NAME 'memberHost' DESC 'Reference to 
a device where the operation takes place (usually host).' SUP distinguishedName 
EQUALITY distinguishedNameMatch ORDERING distinguishedNameMatch SUBSTR 
distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730.3.8.3.8 NAME 'hostCategory' DESC 'Additional 
classification for hosts' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch 
SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 
'IPA v2' )
attributeTypes: (2.16.840.1.113730.3.8.3.20 NAME 'serviceCategory' DESC 
'Additional classification for services' EQUALITY caseIgnoreMatch ORDERING 
caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730.3.8.3.21 NAME 'memberService' DESC 
'Reference to the pam service of this operation.' SUP distinguishedName 
EQUALITY distinguishedNameMatch ORDERING distinguishedNameMatch SUBSTR 
distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730.3.8.3.9 NAME 'ipaEnabledFlag' DESC 'The flag 
to show if the association is active or should be ignored' EQUALITY 
booleanMatch ORDERING booleanMatch SUBSTR booleanMatch SYNTAX 
1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'IPA v2' )
objectClasses: (2.16.840.1.113730.3.8.4.6 NAME 'ipaAssociation' ABSTRACT MUST ( 
ipaUniqueID $ cn ) MAY ( memberUser $ userCategory $ memberHost $ hostCategory 
$ serviceCategory $ memberService $ ipaEnabledFlag $ description ) X-ORIGIN 
'IPA v2' )
attributeTypes: (2.16.840.1.113730.3.8.3.10 NAME 'serviceName' DESC 'Name of 
the service used in HBAC in IPA' EQUALITY caseIgnoreMatch ORDERING 
caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730.3.8.3.11 NAME 'sourceHost' DESC 'Link to the 
host or group of hosts' SUP memberHost SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 
X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730.3.8.3.12 NAME 'externalHost' DESC 
'Multivalue string attribute that allows storing host names.' SYNTAX 
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730.3.8.3.13 NAME 'sourceHostCategory' DESC 
'Additional classification for hosts' EQUALITY caseIgnoreMatch ORDERING 
caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730.3.8.3.14 NAME 'accessRuleType' DESC 'The 
flag to represent if it is allow or deny rule.' EQUALITY caseIgnoreMatch 
ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730.3.8.3.15 NAME 'accessTime' DESC 'Access 
time' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
objectClasses: (2.16.840.1.113730.3.8.4.7 NAME 'ipaHBACRule' SUP ipaAssociation 
STRUCTURAL MUST accessRuleType MAY ( serviceName $ sourceHost $ 
sourceHostCategory $ externalHost $ accessTime ) X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730.3.8.3.16 NAME 'nisDomainName' DESC 'NIS 
domain name.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
objectClasses: (2.16.840.1.113730.3.8.4.8 NAME 'ipaNISNetgroup' DESC 'IPA 
version of NIS netgroup' SUP ipaAssociation STRUCTURAL MAY ( externalHost $ 
nisDomainName $ member $ memberOf ) X-ORIGIN 'IPA v2' )
attributeTypes: (1.3.6.1.1.1.1.31 NAME 'automountMapName' DESC 'automount Map 
Name' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 
SINGLE-VALUE X-ORIGIN 'RFC 2307bis' )
attributeTypes: (1.3.6.1.1.1.1.32 NAME 'automountKey' DESC 'Automount Key 
value' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 
SINGLE-VALUE X-ORIGIN 'RFC 2307bis' )
attributeTypes: (1.3.6.1.1.1.1.33 NAME 'automountInformation' DESC 'Automount 
information' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 
SINGLE-VALUE X-ORIGIN 'RFC 2307bis' )
objectClasses: (1.3.6.1.1.1.2.16 NAME 'automountMap' DESC 'Automount Map 
information' SUP top STRUCTURAL MUST automountMapName MAY description X-ORIGIN 
'RFC 2307bis' )
objectClasses: (1.3.6.1.1.1.2.17 NAME 'automount' DESC 'Automount information' 
SUP top STRUCTURAL MUST ( automountKey $ automountInformation ) MAY description 
X-ORIGIN 'RFC 2307bis' )
attributeTypes: (2.16.840.1.113730.3.8.3.17 NAME 'hostCApolicy' DESC 'Policy on 
how to treat host requests for cert operations.' EQUALITY caseIgnoreMatch 
ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 
1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA v2' )
objectClasses: (2.16.840.1.113730.3.8.4.9 NAME 'ipaCAaccess' STRUCTURAL MAY 
(member $ hostCApolicy) X-ORIGIN 'IPA v2' )
objectClasses: (2.16.840.1.113730.3.8.4.10 NAME 'ipaHBACService' AUXILIARY MUST 
( cn ) MAY ( description ) X-ORIGIN 'IPA v2' )
objectClasses: (2.16.840.1.113730.3.8.4.11 NAME 'ipaHBACServiceGroup' DESC 'IPA 
HBAC service group object class' SUP nestedGroup STRUCTURAL X-ORIGIN 'IPA v2' )
attributeTypes: (1.3.6.1.4.1.2428.20.0.0 NAME 'dNSTTL' DESC 'An integer 
denoting time to live' EQUALITY integerMatch SYNTAX 
1.3.6.1.4.1.1466.115.121.1.27 )
attributeTypes: (1.3.6.1.4.1.2428.20.0.1 NAME 'dNSClass' DESC 'The class of a 
resource record' EQUALITY caseIgnoreIA5Match SYNTAX 
1.3.6.1.4.1.1466.115.121.1.26 )
attributeTypes: (1.3.6.1.4.1.2428.20.1.12 NAME 'pTRRecord' DESC 'domain name 
pointer, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR 
caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributeTypes: (1.3.6.1.4.1.2428.20.1.13 NAME 'hInfoRecord' DESC 'host 
information, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR 
caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributeTypes: (1.3.6.1.4.1.2428.20.1.14 NAME 'mInfoRecord' DESC 'mailbox or 
mail list information, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR 
caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributeTypes: (1.3.6.1.4.1.2428.20.1.16 NAME 'tXTRecord' DESC 'text string, 
RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch 
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributeTypes: (1.3.6.1.4.1.2428.20.1.18 NAME 'aFSDBRecord' DESC 'for AFS Data 
Base location, RFC 1183' EQUALITY caseIgnoreIA5Match SUBSTR 
caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributeTypes: (1.3.6.1.4.1.2428.20.1.24 NAME 'SigRecord' DESC 'Signature, RFC 
2535' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 
1.3.6.1.4.1.1466.115.121.1.26 )
attributeTypes: (1.3.6.1.4.1.2428.20.1.25 NAME 'KeyRecord' DESC 'Key, RFC 2535' 
EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 
1.3.6.1.4.1.1466.115.121.1.26 )
attributeTypes: (1.3.6.1.4.1.2428.20.1.28 NAME 'aAAARecord' DESC 'IPv6 address, 
RFC 1886' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch 
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributeTypes: (1.3.6.1.4.1.2428.20.1.29 NAME 'LocRecord' DESC 'Location, RFC 
1876' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 
1.3.6.1.4.1.1466.115.121.1.26 )
attributeTypes: (1.3.6.1.4.1.2428.20.1.30 NAME 'nXTRecord' DESC 'non-existant, 
RFC 2535' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch 
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributeTypes: (1.3.6.1.4.1.2428.20.1.33 NAME 'sRVRecord' DESC 'service 
location, RFC 2782' EQUALITY caseIgnoreIA5Match SUBSTR 
caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributeTypes: (1.3.6.1.4.1.2428.20.1.35 NAME 'nAPTRRecord' DESC 'Naming 
Authority Pointer, RFC 2915' EQUALITY caseIgnoreIA5Match SUBSTR 
caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributeTypes: (1.3.6.1.4.1.2428.20.1.36 NAME 'kXRecord' DESC 'Key Exchange 
Delegation, RFC 2230' EQUALITY caseIgnoreIA5Match SUBSTR 
caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributeTypes: (1.3.6.1.4.1.2428.20.1.37 NAME 'certRecord' DESC 'certificate, 
RFC 2538' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch 
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributeTypes: (1.3.6.1.4.1.2428.20.1.38 NAME 'a6Record' DESC 'A6 Record Type, 
RFC 2874' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch 
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributeTypes: (1.3.6.1.4.1.2428.20.1.39 NAME 'dNameRecord' DESC 'Non-Terminal 
DNS Name Redirection, RFC 2672' EQUALITY caseIgnoreIA5Match SUBSTR 
caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributeTypes: (1.3.6.1.4.1.2428.20.1.43 NAME 'dSRecord' DESC 'Delegation 
Signer, RFC 3658' EQUALITY caseIgnoreIA5Match SUBSTR 
caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributeTypes: (1.3.6.1.4.1.2428.20.1.44 NAME 'sSHFPRecord' DESC 'SSH Key 
Fingerprint, draft-ietf-secsh-dns-05.txt' EQUALITY caseIgnoreIA5Match SUBSTR 
caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributeTypes: (1.3.6.1.4.1.2428.20.1.46 NAME 'rRSIGRecord' DESC 'RRSIG, RFC 
3755' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 
1.3.6.1.4.1.1466.115.121.1.26 )
attributeTypes: (1.3.6.1.4.1.2428.20.1.47 NAME 'nSECRecord' DESC 'NSEC, RFC 
3755' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 
1.3.6.1.4.1.1466.115.121.1.26 )
attributeTypes: (0.9.2342.19200300.100.1.26 NAME 'aRecord' EQUALITY 
caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributeTypes: (0.9.2342.19200300.100.1.29 NAME 'nSRecord' EQUALITY 
caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributeTypes: (0.9.2342.19200300.100.1.31 NAME 'cNAMERecord' EQUALITY 
caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributeTypes: (0.9.2342.19200300.100.1.28 NAME 'mXRecord' EQUALITY 
caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributeTypes: (0.9.2342.19200300.100.1.27 NAME 'mDRecord' EQUALITY 
caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributeTypes: (2.16.840.1.113730.3.8.5.0 NAME 'idnsName' DESC 'DNS FQDN' 
EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 
1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730.3.8.5.1 NAME 'idnsAllowDynUpdate' DESC 
'permit dynamic updates on this zone' EQUALITY booleanMatch SYNTAX 
1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730.3.8.5.2 NAME 'idnsZoneActive' DESC 'define 
if the zone is considered in use' EQUALITY booleanMatch SYNTAX 
1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730.3.8.5.3 NAME 'idnsSOAmName' DESC 'SOA Name' 
EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 
1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730.3.8.5.4 NAME 'idnsSOArName' DESC 'SOA root 
Name' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 
1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730.3.8.5.5 NAME 'idnsSOAserial' DESC 'SOA 
serial number' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch 
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730.3.8.5.6 NAME 'idnsSOArefresh' DESC 'SOA 
refresh value' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch 
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730.3.8.5.7 NAME 'idnsSOAretry' DESC 'SOA retry 
value' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 
1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730.3.8.5.8 NAME 'idnsSOAexpire' DESC 'SOA 
expire value' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch 
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730.3.8.5.9 NAME 'idnsSOAminimum' DESC 'SOA 
minimum value' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch 
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730.3.8.5.10 NAME 'idnsUpdatePolicy' DESC 'DNS 
dynamic updates policy' EQUALITY caseIgnoreIA5Match SUBSTR 
caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE 
X-ORIGIN 'IPA v2' )
objectClasses: (2.16.840.1.113730.3.8.6.0 NAME 'idnsRecord' DESC 'dns Record, 
usually a host' SUP top STRUCTURAL MUST idnsName MAY ( cn $ idnsAllowDynUpdate 
$ DNSTTL $ DNSClass $ ARecord $ AAAARecord $ A6Record $ NSRecord $ CNAMERecord 
$ PTRRecord $ SRVRecord $ TXTRecord $ MXRecord $ MDRecord $ HINFORecord $ 
MINFORecord $ AFSDBRecord $ SIGRecord $ KEYRecord $ LOCRecord $ NXTRecord $ 
NAPTRRecord $ KXRecord $ CERTRecord $ DNAMERecord $ DSRecord $ SSHFPRecord $ 
RRSIGRecord $ NSECRecord )
objectClasses: (2.16.840.1.113730.3.8.6.1 NAME 'idnsZone' DESC 'Zone class' SUP 
idnsRecord STRUCTURAL MUST ( idnsName $ idnsZoneActive $ idnsSOAmName $ 
idnsSOArName $ idnsSOAserial $ idnsSOArefresh $ idnsSOAretry $ idnsSOAexpire $ 
idnsSOAminimum) MAY idnsUpdatePolicy

Policy related schema.
This file should not be loaded.
Remove this comment and assign right OIDs when time comes to do something about 
this functionality.

dn: cn=schema
attributeTypes: (2.16.840.1.113730.3.8.L.1 NAME 'ipaPolicyType' DESC 'Type of 
the policy' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR 
caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA 
v2' )
attributeTypes: (2.16.840.1.113730.3.8.L.2 NAME 'ipaSchemaFile' DESC 'Name of 
the file with schema definition' EQUALITY caseIgnoreMatch ORDERING 
caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730.3.8.L.3 NAME 'ipaTrasformFile' DESC 'Name of 
the policy transformation file' EQUALITY caseIgnoreMatch ORDERING 
caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730.3.8.L.4 NAME 'ipaOrderedUUIDList' DESC 
'Defines order of the entities within some sort of ordered group' EQUALITY 
caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch 
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730.3.8.L.5 NAME 'ipaLastChangeBy' DESC 'DN of 
the user who caused the configuration change' SUP owner EQUALITY 
distinguishedNameMatch ORDERING distinguishedNameMatch SUBSTR 
distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730.3.8.L.6 NAME 'ipaLastChanged' DESC 'Last 
time there was some change to the data' EQUALITY generalizedTimeMatch ORDERING 
generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE 
X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730.3.8.L.7 NAME 'ipaAllowedTemplateRef' DESC 
'DN of the allowed policy template' SUP distinguishedName EQUALITY 
distinguishedNameMatch ORDERING distinguishedNameMatch SUBSTR 
distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730.3.8.L.8 NAME 'ipaTemplateRef' DESC 'DN of 
the allowed policy template' SUP distinguishedName EQUALITY 
distinguishedNameMatch ORDERING distinguishedNameMatch SUBSTR 
distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE 
X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730.3.8.L.9 NAME 'ipaPolicyBlob' DESC 
'Compressed XML policy data in binary format' SYNTAX 
1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730.3.8.L.10 NAME 'ipaPolicyState' DESC 'State 
of the policy data' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR 
caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE 
X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730.3.8.L.11 NAME 'ipaPolicyGroupRef' DESC 'DN 
of the member policy group reference' SUP distinguishedName EQUALITY 
distinguishedNameMatch ORDERING distinguishedNameMatch SUBSTR 
distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730.3.8.L.12 NAME 'ipaRoleType' DESC 'Type of 
the role' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR 
caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA 
v2')
attributeTypes: (2.16.840.1.113730.3.8.L.13 NAME 'ipaRoleOrder' DESC 'List of 
possible roles in priority order' EQUALITY caseIgnoreMatch ORDERING 
caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2')
attributeTypes: (2.16.840.1.113730.3.8.L.14 NAME 'ipaRoleRef' DESC 'DN of the 
role definition policy' SUP distinguishedName EQUALITY distinguishedNameMatch 
ORDERING distinguishedNameMatch SUBSTR distinguishedNameMatch SYNTAX 
1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730.3.8.L.15 NAME 'ipaRoleName' DESC 'Name of 
the role' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR 
caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA 
v2' )
objectClasses: (2.16.840.1.113730.3.8.M.1 NAME 'ipaContainer' SUP nsContainer 
STRUCTURAL MAY description X-ORIGIN 'IPA v2' )
objectClasses: (2.16.840.1.113730.3.8.M.2 NAME 'ipaPolicyTemplate' SUP top 
STRUCTURAL MUST ( cn $ ipaUniqueID $ ipaPolicyType $ ipaSchemaFile ) MAY ( 
ipaTrasformFile $ description ) X-ORIGIN 'IPA v2' )
objectClasses: (2.16.840.1.113730.3.8.M.3 NAME 'ipaOrderedContainer' SUP 
ipaContainer STRUCTURAL MAY ( ipaOrderedUUIDList $ ipaLastChangeBy $ 
ipaLastChanged ) X-ORIGIN 'IPA v2' )
objectClasses: (2.16.840.1.113730.3.8.M.4 NAME 'ipaPolicyGroup' SUP 
ipaOrderedContainer STRUCTURAL MUST ( ipaUniqueID $ ipaEnabledFlag ) MAY 
ipaAllowedTemplateRef X-ORIGIN 'IPA v2' )
objectClasses: (2.16.840.1.113730.3.8.M.5 NAME 'ipaPolicy' SUP ipaContainer 
STRUCTURAL MUST ( ipaUniqueID $ ipaEnabledFlag $ ipaTemplateRef ) MAY ( 
ipaLastChangeBy $ ipaLastChanged ) X-ORIGIN 'IPA v2' )
objectClasses: (2.16.840.1.113730.3.8.M.6 NAME 'ipaPolicyData' SUP top 
STRUCTURAL MUST ( ipaUniqueID $ cn $ ipaPolicyState $ ipaLastChangeBy $ 
ipaLastChanged ) MAY ( ipaPolicyBlob $ description ) X-ORIGIN 'IPA v2' )
objectClasses: (2.16.840.1.113730.3.8.M.7 NAME 'ipaPolicyLink' SUP 
ipaAssociation STRUCTURAL MAY ( ipaPolicyGroupRef $ owner ) X-ORIGIN 'IPA v2' )
objectClasses: (2.16.840.1.113730.3.8.M.8 NAME 'ipaRelationsContainer' SUP 
ipaContainer STRUCTURAL MUST ( ipaRoleType $ ipaRoleOrder ) X-ORIGIN 'IPA v2' )
objectClasses: (2.16.840.1.113730.3.8.M.9 NAME 'ipaRelation' SUP ipaAssociation 
STRUCTURAL MUST ( ipaRoleRef $ ipaRoleName ) X-ORIGIN 'IPA v2' )

Main shcema:

attributeTypes: (2.16.840.1.113730.3.8.A.X NAME 'ipaVolumeEscrowPacket' DESC 
'An encrypted packet containing a secret used for encrypting the volume' SYNTAX 
1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE )
attributeTypes: (2.16.840.1.113730.3.8.A.X NAME 'ipaVolumeHost' DESC 'Link to 
the host that contains this volume' SUP memberHost SYNTAX 
1.3.6.1.4.1.1466.115.121.1.12)
attributeTypes: (2.16.840.1.113730.3.8.A.X NAME 'ipaVolumeKeySecretType' DESC 
'Type of the secret defined in this packet' SYNTAX 
1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
attributeTypes: (2.16.840.1.113730.3.8.A.X NAME 'ipaVolumeInfo' DESC 
'Information about a volume: NAME:VALUE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40)
attributeTypes: (2.16.840.1.113730.3.8.A.X NAME 
'ipaVolumeKeyObsoletionTimestamp' DESC 'Time when a key was marked as obsolete' 
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE)
objectClasses: (2.16.840.1.113730.3.8.O.Y NAME 'ipaVolumeKey' SUP top 
STRUCTURAL MUST ( ipaUniqueID $ ipaVolumeHost $ ipaVolumeEscrowPacket ) MAY ( 
ipaVolumeKeySecretType $ ipaVolumeInfo $ ipaVolumeKeyObsoletionTimestamp ))


Config schema:

attributeTypes: ( 2.16.840.1.113730.3.8.3.50 NAME 
'ipaObsoleteEscrowPacketLifetime' DESC 'Number of days before an obsolete 
escrow packet is deleted (if a newer packet for the same volume is available)' 
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE)
attributeTypes: ( 2.16.840.1.113730.3.8.3.51 NAME 'ipaEscrowKeyCertificate' 
DESC 'Certificate for encrypting escrow packets' SYNTAX 
1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE)
attributeTypes: ( 2.16.840.1.113730.3.8.3.52 NAME 'ipaEscrowKey' DESC 
'PKCS#12-formatted encrypted certificate and private key for encrypting escrow 
packets' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5)

Removed from config object

$ ipaObsoleteEscrowPacketLifetime $ ipaEscrowKeyCertificate $ ipaEscrowKey

## schema file for ipa configuration
##
## IPA Base OID:        2.16.840.1.113730.3.8
##
## Attributes:          2.16.840.1.113730.3.8.1 - V1
## ObjectClasses:       2.16.840.1.113730.3.8.2 - V1
## Attributes:          2.16.840.1.113730.3.8.3 - V2
## ObjectClasses:       2.16.840.1.113730.3.8.4 - V2
dn: cn=schema
###############################################
##
## Attributes
##
## ipaUserSearchFields - attribute names to search against when looking for 
users
attributetypes: ( 2.16.840.1.113730.3.8.1.1 NAME 'ipaUserSearchFields' EQUALITY 
caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
## ipaGroupSearchFields - attribute names to search against when looking for 
groups
attributetypes: ( 2.16.840.1.113730.3.8.1.2 NAME 'ipaGroupSearchFields' 
EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
## ipaSearchTimeLimit - search time limit in seconds
attributetypes: ( 2.16.840.1.113730.3.8.1.3 NAME 'ipaSearchTimeLimit' EQUALITY 
integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE)
## ipaSearchRecordsLimit - maximum number of records to return
attributetypes: ( 2.16.840.1.113730.3.8.1.4 NAME 'ipaSearchRecordsLimit' 
EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE)
## ipaCustomFields - custom fields to show in the UI in addition to pre-defined 
ones
attributetypes: ( 2.16.840.1.113730.3.8.1.5 NAME 'ipaCustomFields' EQUALITY 
caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
## ipaHomesRootDir - default posix home directory root dir to use when creating 
new accounts
attributetypes: ( 2.16.840.1.113730.3.8.1.6 NAME 'ipaHomesRootDir' EQUALITY 
caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
## ipaDefaultLoginShell - default posix login shell to use when creating new 
accounts
attributetypes: ( 2.16.840.1.113730.3.8.1.7 NAME 'ipaDefaultLoginShell' 
EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
## ipaDefaultPrimaryGroup - default posix primary group to assign when creating 
new accounts
attributetypes: ( 2.16.840.1.113730.3.8.1.8 NAME 'ipaDefaultPrimaryGroup' 
EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
## ipaMaxUsernameLength - maximum username length to allow in the UI
attributetypes: ( 2.16.840.1.113730.3.8.1.9 NAME 'ipaMaxUsernameLength' 
EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE)
## ipaPwdExpAdvNotify - time in days to send out paswword expiration 
notification before passwpord actually expires
attributetypes: ( 2.16.840.1.113730.3.8.1.10 NAME 'ipaPwdExpAdvNotify' EQUALITY 
integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE)
# ipaUserObjectClasses - required objectclasses for users
attributetypes: ( 2.16.840.1.113730.3.8.1.11 NAME 'ipaUserObjectClasses' SYNTAX 
1.3.6.1.4.1.1466.115.121.1.15)
# ipaGroupObjectClasses - required objectclasses for groups
attributetypes: ( 2.16.840.1.113730.3.8.1.12 NAME 'ipaGroupObjectClasses' 
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
attributetypes: ( 2.16.840.1.113730.3.8.1.13 NAME 'ipaDefaultEmailDomain' 
EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
# ipaMigrationEnabled - if TRUE allow adding user entries with pre-hashed 
passwords
attributeTypes: ( 2.16.840.1.113730.3.8.3.22 NAME 'ipaMigrationEnabled' DESC 
'Enable adding user entries with pre-hashed passwords.' SYNTAX 
1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
attributetypes: ( 2.16.840.1.113730.3.8.3.23 NAME 'ipaCertificateSubjectBase' 
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
###############################################
##
## ObjectClasses
##
## ipaGuiConfig - GUI config parameters objectclass
objectClasses: ( 2.16.840.1.113730.3.8.2.1 NAME 'ipaGuiConfig' AUXILIARY MAY ( 
ipaUserSearchFields $ ipaGroupSearchFields $ ipaSearchTimeLimit $ 
ipaSearchRecordsLimit $ ipaCustomFields $ ipaHomesRootDir $ 
ipaDefaultLoginShell $ ipaDefaultPrimaryGroup $ ipaMaxUsernameLength $ 
ipaPwdExpAdvNotify $ ipaUserObjectClasses $ ipaGroupObjectClasses $ 
ipaDefaultEmailDomain $ ipaMigrationEnabled $ ipaCertificateSubjectBase) )

_______________________________________________
Freeipa-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 449 renumber IPA schema OIDs

Reply via email to