Re: [Freeipa-users] Problem FreeIPA 4.1.3 for vCenter 5.5u2b SSO

Herwono W Wijaya Fri, 06 Mar 2015 08:17:51 -0800

this result from
#strings /usr/lib/openldap/slapd | grep "1.3.6.1.4"


On 3/6/15 10:40 PM, Rich Megginson wrote:

On 03/06/2015 07:54 AM, Herwono W Wijaya wrote:
FreeIPA logs:
[06/Mar/2015:21:51:15 +0700] conn=30 op=0 BINDdn="uid=admin,cn=users,cn=compat,dc=server,dc=local" method=128 version=3[06/Mar/2015:21:51:15 +0700] conn=30 op=0 RESULT err=0 tag=97nentries=0 etime=0 dn="uid=admin,cn=users,cn=accounts,dc=server,dc=local"[06/Mar/2015:21:51:15 +0700] conn=30 op=1 SRCHbase="cn=users,cn=compat,dc=server,dc=local" scope=2filter="(objectClass=inetOrgPerson)" attrs="uid description givenNamesn mail useraccountcontrol pwdaccountlockedtime entryuuid"[06/Mar/2015:21:51:15 +0700] conn=30 op=1 RESULT err=0 tag=101nentries=2 etime=0 notes=P
[06/Mar/2015:21:51:15 +0700] conn=30 op=2 UNBIND
[06/Mar/2015:21:51:15 +0700] conn=30 op=2 fd=99 closed - U1

vCenter SSO error:
Error: Idm client exception: Control not found
There's no error log debug level which will give us all of thecontrols received by the server or all of the controls sent back bythe server. The TRACE level will give us some information.
But the problem appears to be that vCenter is expecting some control.There is no way we can tell what control that might be by analyzingthe LDAP protocol, even with wireshark. If the vCenter documentationdoes not suffice, and VMWare support is not forthcoming, then we mightbe able to reverse engineer the code. For example, search the code, ifscripts, or use something like the "strings" command on binaries, tolook for well known OID prefixes.
For example, from dirsrv:
# strings /usr/lib64/lib/dirsrv/libslapd.so.0.0.0|grep "1.3.6.1.4"
1.3.6.1.4.1.1466.115.121.1.34
1.3.6.1.4.1.1466.115.121.1.12
1.3.6.1.4.1.1466.115.121.1.15
1.3.6.1.4.1.42.2.27.8.5.1
1.3.6.1.4.1.42.2.27.9.5.2
...
If we can narrow down the list of possible control OIDs that vCenterknows about, we can perhaps figure out if 389 supports them.
On 3/6/15 8:45 PM, Herwono W Wijaya wrote:
sorry my mistake, okay I'll check slapd log files and try to figureout what happened
On 3/6/15 8:43 PM, Martin Kosek wrote:
This is the directory on FreeIPA server that the vCenter isauthenticating useres against.
On 03/06/2015 02:40 PM, Herwono W Wijaya wrote:
there is no directory "/var/log/dirsrv/" in 5.5u2b version

On 3/6/15 8:34 PM, Gianluca Cecchi wrote:
On Fri, Mar 6, 2015 at 2:12 PM, Martin Kosek <mko...@redhat.com
<mailto:mko...@redhat.com>> wrote:

    Ah, I am not sure what control do they mean.
But in general, when, it is always interesting to check theLDAP accesslogs to see the last failed request and then try the samesearch with
    ldapsearch and fix things.

    Martin


see my previous e-mail:

/var/log/dirsrv/slapd-REALM-NAME/
contains log and you will see which kind of queries vSphere isdoing.
Gianluca
--
Regards, Herwono W Wijaya https://linuxcoding.org | *VMwarevExpert 2014, 2015<https://communities.vmware.com/vexpert.jspa?src=vmw_so_vex_hwija_769&username=herwonowr>*
--
Regards, Herwono W Wijaya https://linuxcoding.org | *VMware vExpert2014, 2015<https://communities.vmware.com/vexpert.jspa?src=vmw_so_vex_hwija_769&username=herwonowr>*
--
Regards, Herwono W Wijaya https://linuxcoding.org | *VMware vExpert2014, 2015<https://communities.vmware.com/vexpert.jspa?src=vmw_so_vex_hwija_769&username=herwonowr>*


--
Regards,
Herwono W Wijaya

https://linuxcoding.org | *VMware vExpert 2014, 2015<https://communities.vmware.com/vexpert.jspa?src=vmw_so_vex_hwija_769&username=herwonowr>*

1.3.6.1.4.1.4203.1.12.2
1.3.6.1.4.1.1466.115.121.1
extended=1.3.6.1.4.1.1466.20037
extended=1.3.6.1.4.1.4203.1.11.1
extended=1.3.6.1.4.1.4203.1.11.3
1.3.6.1.4.1.1466.20036
1.3.6.1.4.1.1466.115.121.1.27
1.3.6.1.4.1.1466.115.121.1.34
1.3.6.1.4.1.1466.115.121.1.12
group "%s" attr "%s": inappropriate syntax: %s; must be 
1.3.6.1.4.1.1466.115.121.1.12 (DN), 1.3.6.1.4.1.1466.115.121.1.34 (NameUID) or 
a subtype of labeledURI.
1.3.6.1.4.1.4203.666.5.15
1.3.6.1.4.1.4203.1.10.1
1.3.6.1.4.1.4203.666.5.2
1.3.6.1.4.1.4203.666.5.12
1.3.6.1.4.1.1466.101.119.1
1.3.6.1.4.1.4203.1.11.1
1.3.6.1.4.1.4203.1.11.3
1.3.6.1.4.1.4203.666.11.2.1
1.3.6.1.4.1.1466.115.121.1.8
1.3.6.1.4.1.1466.115.121.1.9
1.3.6.1.4.1.1466.115.121.1.44
1.3.6.1.4.1.1466.115.121.1.17
1.3.6.1.4.1.1466.115.121.1.38
1.3.6.1.4.1.1466.115.121.1.3
1.3.6.1.4.1.1466.115.121.1.16
1.3.6.1.4.1.1466.115.121.1.54
1.3.6.1.4.1.1466.115.121.1.30
1.3.6.1.4.1.1466.115.121.1.31
1.3.6.1.4.1.1466.115.121.1.35
1.3.6.1.4.1.1466.115.121.1.37
1.3.6.1.4.1.4203.666.4.4
1.3.6.1.4.1.4203.666.4.5
1.3.6.1.4.1.1466.115.121.1.15
1.3.6.1.4.1.1466.115.121.1.26
1.3.6.1.4.1.4203.666.11.10.2.1
( 1.3.6.1.4.1.1466.115.121.1.1 DESC 'ACI Item' X-BINARY-TRANSFER-REQUIRED 
'TRUE' X-NOT-HUMAN-READABLE 'TRUE' )
( 1.3.6.1.4.1.1466.115.121.1.2 DESC 'Access Point' X-NOT-HUMAN-READABLE 'TRUE' )
( 1.3.6.1.4.1.1466.115.121.1.3 DESC 'Attribute Type Description' )
( 1.3.6.1.4.1.1466.115.121.1.4 DESC 'Audio' X-NOT-HUMAN-READABLE 'TRUE' )
( 1.3.6.1.4.1.1466.115.121.1.5 DESC 'Binary' X-NOT-HUMAN-READABLE 'TRUE' )
( 1.3.6.1.4.1.1466.115.121.1.6 DESC 'Bit String' )
( 1.3.6.1.4.1.1466.115.121.1.7 DESC 'Boolean' )
( 1.3.6.1.4.1.1466.115.121.1.8 DESC 'Certificate' X-BINARY-TRANSFER-REQUIRED 
'TRUE' X-NOT-HUMAN-READABLE 'TRUE' )
( 1.3.6.1.4.1.1466.115.121.1.9 DESC 'Certificate List' 
X-BINARY-TRANSFER-REQUIRED 'TRUE' X-NOT-HUMAN-READABLE 'TRUE' )
( 1.3.6.1.4.1.1466.115.121.1.10 DESC 'Certificate Pair' 
X-BINARY-TRANSFER-REQUIRED 'TRUE' X-NOT-HUMAN-READABLE 'TRUE' )
( 1.3.6.1.4.1.4203.666.11.10.2.1 DESC 'X.509 AttributeCertificate' 
X-BINARY-TRANSFER-REQUIRED 'TRUE' X-NOT-HUMAN-READABLE 'TRUE' )
( 1.3.6.1.4.1.1466.115.121.1.12 DESC 'Distinguished Name' )
( 1.3.6.1.4.1.1466.115.121.1.13 DESC 'Data Quality' )
( 1.3.6.1.4.1.1466.115.121.1.14 DESC 'Delivery Method' )
( 1.3.6.1.4.1.1466.115.121.1.15 DESC 'Directory String' )
( 1.3.6.1.4.1.1466.115.121.1.16 DESC 'DIT Content Rule Description' )
( 1.3.6.1.4.1.1466.115.121.1.17 DESC 'DIT Structure Rule Description' )
( 1.3.6.1.4.1.1466.115.121.1.19 DESC 'DSA Quality' )
( 1.3.6.1.4.1.1466.115.121.1.20 DESC 'DSE Type' )
( 1.3.6.1.4.1.1466.115.121.1.21 DESC 'Enhanced Guide' )
( 1.3.6.1.4.1.1466.115.121.1.22 DESC 'Facsimile Telephone Number' )
( 1.3.6.1.4.1.1466.115.121.1.23 DESC 'Fax' X-NOT-HUMAN-READABLE 'TRUE' )
( 1.3.6.1.4.1.1466.115.121.1.24 DESC 'Generalized Time' )
( 1.3.6.1.4.1.1466.115.121.1.25 DESC 'Guide' )
( 1.3.6.1.4.1.1466.115.121.1.26 DESC 'IA5 String' )
( 1.3.6.1.4.1.1466.115.121.1.27 DESC 'Integer' )
( 1.3.6.1.4.1.1466.115.121.1.28 DESC 'JPEG' X-NOT-HUMAN-READABLE 'TRUE' )
( 1.3.6.1.4.1.1466.115.121.1.29 DESC 'Master And Shadow Access Points' )
( 1.3.6.1.4.1.1466.115.121.1.30 DESC 'Matching Rule Description' )
( 1.3.6.1.4.1.1466.115.121.1.31 DESC 'Matching Rule Use Description' )
( 1.3.6.1.4.1.1466.115.121.1.32 DESC 'Mail Preference' )
( 1.3.6.1.4.1.1466.115.121.1.33 DESC 'MHS OR Address' )
( 1.3.6.1.4.1.1466.115.121.1.34 DESC 'Name And Optional UID' )
( 1.3.6.1.4.1.1466.115.121.1.35 DESC 'Name Form Description' )
( 1.3.6.1.4.1.1466.115.121.1.36 DESC 'Numeric String' )
( 1.3.6.1.4.1.1466.115.121.1.37 DESC 'Object Class Description' )
( 1.3.6.1.4.1.1466.115.121.1.38 DESC 'OID' )
( 1.3.6.1.4.1.1466.115.121.1.39 DESC 'Other Mailbox' )
( 1.3.6.1.4.1.1466.115.121.1.40 DESC 'Octet String' )
( 1.3.6.1.4.1.1466.115.121.1.41 DESC 'Postal Address' )
( 1.3.6.1.4.1.1466.115.121.1.42 DESC 'Protocol Information' )
( 1.3.6.1.4.1.1466.115.121.1.43 DESC 'Presentation Address' )
( 1.3.6.1.4.1.1466.115.121.1.44 DESC 'Printable String' )
( 1.3.6.1.4.1.1466.115.121.1.11 DESC 'Country String' )
( 1.3.6.1.4.1.1466.115.121.1.45 DESC 'SubtreeSpecification' )
( 1.3.6.1.4.1.1466.115.121.1.49 DESC 'Supported Algorithm' 
X-BINARY-TRANSFER-REQUIRED 'TRUE' X-NOT-HUMAN-READABLE 'TRUE' )
( 1.3.6.1.4.1.1466.115.121.1.50 DESC 'Telephone Number' )
( 1.3.6.1.4.1.1466.115.121.1.51 DESC 'Teletex Terminal Identifier' )
( 1.3.6.1.4.1.1466.115.121.1.52 DESC 'Telex Number' )
( 1.3.6.1.4.1.1466.115.121.1.54 DESC 'LDAP Syntax Description' )
( 1.3.6.1.4.1.1466.115.121.1.55 DESC 'Modify Rights' )
( 1.3.6.1.4.1.1466.115.121.1.56 DESC 'LDAP Schema Definition' )
( 1.3.6.1.4.1.1466.115.121.1.57 DESC 'LDAP Schema Description' )
( 1.3.6.1.4.1.1466.115.121.1.58 DESC 'Substring Assertion' )
( 1.3.6.1.4.1.4203.666.11.10.2.2 DESC 'AttributeCertificate Exact Assertion' )
( 1.3.6.1.4.1.4203.666.11.10.2.3 DESC 'AttributeCertificate Assertion' )
( 1.3.6.1.4.1.4203.666.11.2.1 DESC 'CSN' )
( 1.3.6.1.4.1.4203.666.11.2.4 DESC 'CSN SID' )
( 1.3.6.1.4.1.4203.1.1.1 DESC 'OpenLDAP void' )
( 1.3.6.1.4.1.4203.666.2.7 DESC 'OpenLDAP authz' )
( 1.3.6.1.4.1.4203.666.4.4 NAME 'directoryStringApproxMatch' SYNTAX 
1.3.6.1.4.1.1466.115.121.1.15 )
( 1.3.6.1.4.1.4203.666.4.5 NAME 'IA5StringApproxMatch' SYNTAX 
1.3.6.1.4.1.1466.115.121.1.26 )
( 2.5.13.0 NAME 'objectIdentifierMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
( 2.5.13.1 NAME 'distinguishedNameMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
( 1.3.6.1.4.1.4203.666.4.9 NAME 'dnSubtreeMatch' SYNTAX 
1.3.6.1.4.1.1466.115.121.1.12 )
( 1.3.6.1.4.1.4203.666.4.8 NAME 'dnOneLevelMatch' SYNTAX 
1.3.6.1.4.1.1466.115.121.1.12 )
( 1.3.6.1.4.1.4203.666.4.10 NAME 'dnSubordinateMatch' SYNTAX 
1.3.6.1.4.1.1466.115.121.1.12 )
( 1.3.6.1.4.1.4203.666.4.11 NAME 'dnSuperiorMatch' SYNTAX 
1.3.6.1.4.1.1466.115.121.1.12 )
( 2.5.13.2 NAME 'caseIgnoreMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
( 2.5.13.3 NAME 'caseIgnoreOrderingMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
( 2.5.13.4 NAME 'caseIgnoreSubstringsMatch' SYNTAX 
1.3.6.1.4.1.1466.115.121.1.58 )
( 2.5.13.5 NAME 'caseExactMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
( 2.5.13.6 NAME 'caseExactOrderingMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
( 2.5.13.7 NAME 'caseExactSubstringsMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 
)
( 2.5.13.8 NAME 'numericStringMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 )
( 2.5.13.9 NAME 'numericStringOrderingMatch' SYNTAX 
1.3.6.1.4.1.1466.115.121.1.36 )
( 2.5.13.10 NAME 'numericStringSubstringsMatch' SYNTAX 
1.3.6.1.4.1.1466.115.121.1.58 )
( 2.5.13.11 NAME 'caseIgnoreListMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
( 2.5.13.12 NAME 'caseIgnoreListSubstringsMatch' SYNTAX 
1.3.6.1.4.1.1466.115.121.1.58 )
( 2.5.13.13 NAME 'booleanMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
( 2.5.13.14 NAME 'integerMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
( 2.5.13.15 NAME 'integerOrderingMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
( 2.5.13.16 NAME 'bitStringMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )
( 2.5.13.17 NAME 'octetStringMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
( 2.5.13.18 NAME 'octetStringOrderingMatch' SYNTAX 
1.3.6.1.4.1.1466.115.121.1.40 )
( 2.5.13.19 NAME 'octetStringSubstringsMatch' SYNTAX 
1.3.6.1.4.1.1466.115.121.1.40 )
( 2.5.13.20 NAME 'telephoneNumberMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
( 2.5.13.21 NAME 'telephoneNumberSubstringsMatch' SYNTAX 
1.3.6.1.4.1.1466.115.121.1.58 )
( 2.5.13.22 NAME 'presentationAddressMatch' SYNTAX 
1.3.6.1.4.1.1466.115.121.1.43 )
( 2.5.13.23 NAME 'uniqueMemberMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 )
( 2.5.13.24 NAME 'protocolInformationMatch' SYNTAX 
1.3.6.1.4.1.1466.115.121.1.42 )
( 2.5.13.27 NAME 'generalizedTimeMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )
( 2.5.13.28 NAME 'generalizedTimeOrderingMatch' SYNTAX 
1.3.6.1.4.1.1466.115.121.1.24 )
( 2.5.13.29 NAME 'integerFirstComponentMatch' SYNTAX 
1.3.6.1.4.1.1466.115.121.1.27 )
( 2.5.13.30 NAME 'objectIdentifierFirstComponentMatch' SYNTAX 
1.3.6.1.4.1.1466.115.121.1.38 )
( 2.5.13.45 NAME 'attributeCertificateExactMatch' SYNTAX 
1.3.6.1.4.1.4203.666.11.10.2.2 )
( 2.5.13.46 NAME 'attributeCertificateMatch' SYNTAX 
1.3.6.1.4.1.4203.666.11.10.2.3 )
( 1.3.6.1.4.1.1466.109.114.1 NAME 'caseExactIA5Match' SYNTAX 
1.3.6.1.4.1.1466.115.121.1.26 )
( 1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' SYNTAX 
1.3.6.1.4.1.1466.115.121.1.26 )
( 1.3.6.1.4.1.1466.109.114.3 NAME 'caseIgnoreIA5SubstringsMatch' SYNTAX 
1.3.6.1.4.1.1466.115.121.1.26 )
( 1.3.6.1.4.1.4203.1.2.1 NAME 'caseExactIA5SubstringsMatch' SYNTAX 
1.3.6.1.4.1.1466.115.121.1.26 )
( 1.2.840.113556.1.4.803 NAME 'integerBitAndMatch' SYNTAX 
1.3.6.1.4.1.1466.115.121.1.27 )
( 1.2.840.113556.1.4.804 NAME 'integerBitOrMatch' SYNTAX 
1.3.6.1.4.1.1466.115.121.1.27 )
( 1.3.6.1.4.1.4203.666.11.2.2 NAME 'CSNMatch' SYNTAX 
1.3.6.1.4.1.4203.666.11.2.1 )
( 1.3.6.1.4.1.4203.666.11.2.3 NAME 'CSNOrderingMatch' SYNTAX 
1.3.6.1.4.1.4203.666.11.2.1 )
( 1.3.6.1.4.1.4203.666.11.2.5 NAME 'CSNSIDMatch' SYNTAX 
1.3.6.1.4.1.4203.666.11.2.4 )
( 1.3.6.1.4.1.4203.666.4.12 NAME 'authzMatch' SYNTAX 1.3.6.1.4.1.4203.666.2.7 )
1.3.6.1.4.1.1466.115.121.1.40
( 2.5.4.0 NAME 'objectClass' DESC 'RFC4512: object classes of the entity' 
EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
( 2.5.21.9 NAME 'structuralObjectClass' DESC 'RFC4512: structural object class 
of entry' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 
SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
( 2.5.18.1 NAME 'createTimestamp' DESC 'RFC4512: time which object was created' 
EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 
1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODIFICATION USAGE 
directoryOperation )
( 2.5.18.2 NAME 'modifyTimestamp' DESC 'RFC4512: time which object was last 
modified' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch 
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODIFICATION USAGE 
directoryOperation )
( 2.5.18.3 NAME 'creatorsName' DESC 'RFC4512: name of creator' EQUALITY 
distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE 
NO-USER-MODIFICATION USAGE directoryOperation )
( 2.5.18.4 NAME 'modifiersName' DESC 'RFC4512: name of last modifier' EQUALITY 
distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE 
NO-USER-MODIFICATION USAGE directoryOperation )
( 2.5.18.9 NAME 'hasSubordinates' DESC 'X.501: entry has children' EQUALITY 
booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE 
NO-USER-MODIFICATION USAGE directoryOperation )
( 2.5.18.10 NAME 'subschemaSubentry' DESC 'RFC4512: name of controlling 
subschema entry' EQUALITY distinguishedNameMatch SYNTAX 
1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE 
directoryOperation )
( 1.3.6.1.1.20 NAME 'entryDN' DESC 'DN of the entry' EQUALITY 
distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE 
NO-USER-MODIFICATION USAGE directoryOperation )
( 1.3.6.1.4.1.4203.666.1.7 NAME 'entryCSN' DESC 'change sequence number of the 
entry content' EQUALITY CSNMatch ORDERING CSNOrderingMatch SYNTAX 
1.3.6.1.4.1.4203.666.11.2.1{64} SINGLE-VALUE NO-USER-MODIFICATION USAGE 
directoryOperation )
( 1.3.6.1.4.1.4203.666.1.13 NAME 'namingCSN' DESC 'change sequence number of 
the entry naming (RDN)' EQUALITY CSNMatch ORDERING CSNOrderingMatch SYNTAX 
1.3.6.1.4.1.4203.666.11.2.1{64} SINGLE-VALUE NO-USER-MODIFICATION USAGE 
directoryOperation )
( 1.3.6.1.4.1.4203.666.1.23 NAME 'syncreplCookie' DESC 'syncrepl Cookie for 
shadow copy' EQUALITY octetStringMatch ORDERING octetStringOrderingMatch SYNTAX 
1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE NO-USER-MODIFICATION USAGE 
dSAOperation )
( 1.3.6.1.4.1.4203.666.1.25 NAME 'contextCSN' DESC 'the largest committed CSN 
of a context' EQUALITY CSNMatch ORDERING CSNOrderingMatch SYNTAX 
1.3.6.1.4.1.4203.666.11.2.1{64} NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.1466.101.120.6 NAME 'altServer' DESC 'RFC4512: alternative 
servers' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE dSAOperation )
( 1.3.6.1.4.1.1466.101.120.5 NAME 'namingContexts' DESC 'RFC4512: naming 
contexts' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 USAGE dSAOperation )
( 1.3.6.1.4.1.1466.101.120.13 NAME 'supportedControl' DESC 'RFC4512: supported 
controls' SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation )
( 1.3.6.1.4.1.1466.101.120.7 NAME 'supportedExtension' DESC 'RFC4512: supported 
extended operations' SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation )
( 1.3.6.1.4.1.1466.101.120.15 NAME 'supportedLDAPVersion' DESC 'RFC4512: 
supported LDAP versions' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 USAGE 
dSAOperation )
( 1.3.6.1.4.1.1466.101.120.14 NAME 'supportedSASLMechanisms' DESC 'RFC4512: 
supported SASL mechanisms'SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE 
dSAOperation )
( 1.3.6.1.4.1.4203.1.3.5 NAME 'supportedFeatures' DESC 'RFC4512: features 
supported by the server' EQUALITY objectIdentifierMatch SYNTAX 
1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.10 NAME 'monitorContext' DESC 'monitor context' SYNTAX 
1.3.6.1.4.1.1466.115.121.1.12 EQUALITY distinguishedNameMatch SINGLE-VALUE 
NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.1.12.2.1 NAME 'configContext' DESC 'config context' SYNTAX 
1.3.6.1.4.1.1466.115.121.1.12 EQUALITY distinguishedNameMatch SINGLE-VALUE 
NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.1.4 NAME 'vendorName' DESC 'RFC3045: name of implementation vendor' 
EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE 
NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.1.5 NAME 'vendorVersion' DESC 'RFC3045: version of implementation' 
EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE 
NO-USER-MODIFICATION USAGE dSAOperation )
( 2.5.18.5 NAME 'administrativeRole' DESC 'RFC3672: administrative role' 
EQUALITY objectIdentifierMatch USAGE directoryOperation SYNTAX 
1.3.6.1.4.1.1466.115.121.1.38 )
( 2.5.18.6 NAME 'subtreeSpecification' DESC 'RFC3672: subtree specification' 
SINGLE-VALUE USAGE directoryOperation SYNTAX 1.3.6.1.4.1.1466.115.121.1.45 )
( 2.5.21.1 NAME 'dITStructureRules' DESC 'RFC4512: DIT structure rules' 
EQUALITY integerFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.17 USAGE 
directoryOperation ) 
( 2.5.21.2 NAME 'dITContentRules' DESC 'RFC4512: DIT content rules' EQUALITY 
objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.16 USAGE 
directoryOperation )
( 2.5.21.4 NAME 'matchingRules' DESC 'RFC4512: matching rules' EQUALITY 
objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.30 USAGE 
directoryOperation )
( 2.5.21.5 NAME 'attributeTypes' DESC 'RFC4512: attribute types' EQUALITY 
objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.3 USAGE 
directoryOperation )
( 2.5.21.6 NAME 'objectClasses' DESC 'RFC4512: object classes' EQUALITY 
objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.37 USAGE 
directoryOperation )
( 2.5.21.7 NAME 'nameForms' DESC 'RFC4512: name forms ' EQUALITY 
objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.35 USAGE 
directoryOperation )
( 2.5.21.8 NAME 'matchingRuleUse' DESC 'RFC4512: matching rule uses' EQUALITY 
objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.31 USAGE 
directoryOperation )
( 1.3.6.1.4.1.1466.101.120.16 NAME 'ldapSyntaxes' DESC 'RFC4512: LDAP syntaxes' 
EQUALITY objectIdentifierFirstComponentMatch SYNTAX 
1.3.6.1.4.1.1466.115.121.1.54 USAGE directoryOperation )
( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' ) DESC 'RFC4512: name 
of aliased object' EQUALITY distinguishedNameMatch SYNTAX 
1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
( 2.16.840.1.113730.3.1.34 NAME 'ref' DESC 'RFC3296: subordinate referral URL' 
EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE 
distributedOperation )
( 1.3.6.1.4.1.4203.1.3.1 NAME 'entry' DESC 'OpenLDAP ACL entry 
pseudo-attribute' SYNTAX 1.3.6.1.4.1.4203.1.1.1 SINGLE-VALUE 
NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.1.3.2 NAME 'children' DESC 'OpenLDAP ACL children 
pseudo-attribute' SYNTAX 1.3.6.1.4.1.4203.1.1.1 SINGLE-VALUE 
NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.8 NAME ( 'authzTo' 'saslAuthzTo' ) DESC 'proxy 
authorization targets' EQUALITY authzMatch SYNTAX 1.3.6.1.4.1.4203.666.2.7 
X-ORDERED 'VALUES' USAGE distributedOperation )
( 1.3.6.1.4.1.4203.666.1.9 NAME ( 'authzFrom' 'saslAuthzFrom' ) DESC 'proxy 
authorization sources' EQUALITY authzMatch SYNTAX 1.3.6.1.4.1.4203.666.2.7 
X-ORDERED 'VALUES' USAGE distributedOperation )
( 1.3.6.1.4.1.1466.101.119.3 NAME 'entryTtl' DESC 'RFC2589: entry time-to-live' 
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE NO-USER-MODIFICATION USAGE 
dSAOperation )
( 1.3.6.1.4.1.1466.101.119.4 NAME 'dynamicSubtrees' DESC 'RFC2589: dynamic 
subtrees' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICATION USAGE 
dSAOperation )
( 2.5.4.49 NAME 'distinguishedName' DESC 'RFC4519: common supertype of DN 
attributes' EQUALITY distinguishedNameMatch SYNTAX 
1.3.6.1.4.1.1466.115.121.1.12 )
( 2.5.4.41 NAME 'name' DESC 'RFC4519: common supertype of name attributes' 
EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 
1.3.6.1.4.1.1466.115.121.1.15{32768} )
( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' ) DESC 'RFC4519: user 
identifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 
1.3.6.1.4.1.1466.115.121.1.15{256} )
( 1.3.6.1.1.1.1.0 NAME 'uidNumber' DESC 'RFC2307: An integer uniquely 
identifying a user in an administrative domain' EQUALITY integerMatch ORDERING 
integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
( 1.3.6.1.1.1.1.1 NAME 'gidNumber' DESC 'RFC2307: An integer uniquely 
identifying a group in an administrative domain' EQUALITY integerMatch ORDERING 
integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
( 2.5.4.35 NAME 'userPassword' DESC 'RFC4519/2307: password of user' EQUALITY 
octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI' DESC 'RFC2079: Uniform Resource 
Identifier with optional label' EQUALITY caseExactMatch SYNTAX 
1.3.6.1.4.1.1466.115.121.1.15 )
( 2.5.4.13 NAME 'description' DESC 'RFC4519: descriptive information' EQUALITY 
caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 
1.3.6.1.4.1.1466.115.121.1.15{1024} )
( 1.3.6.1.4.1.1466.101.120.111 NAME 'extensibleObject' DESC 'RFC4512: 
extensible object' SUP top AUXILIARY )
( 1.3.6.1.4.1.4203.1.4.1 NAME ( 'OpenLDAProotDSE' 'LDAProotDSE' ) DESC 
'OpenLDAP Root DSE object' SUP top STRUCTURAL MAY cn )
( 1.3.6.1.4.1.1466.101.119.2 NAME 'dynamicObject' DESC 'RFC2589: Dynamic 
Object' SUP top AUXILIARY )
( 1.3.6.1.4.1.4203.666.3.4 NAME 'glue' DESC 'Glue Entry' SUP top STRUCTURAL )
( 1.3.6.1.4.1.4203.666.3.5 NAME 'syncConsumerSubentry' DESC 'Persistent Info 
for SyncRepl Consumer' AUXILIARY MAY syncreplCookie )
( 1.3.6.1.4.1.4203.666.3.6 NAME 'syncProviderSubentry' DESC 'Persistent Info 
for SyncRepl Producer' AUXILIARY MAY contextCSN )
1.3.6.1.4.1.1466.20037
1.3.6.1.4.1.4203.1.5.1
1.3.6.1.4.1.4203.1.5.2
1.3.6.1.4.1.4203.1.5.3
1.3.6.1.4.1.4203.1.5.4
1.3.6.1.4.1.4203.1.5.5
1.3.6.1.4.1.4203.1.9.1.1
1.3.6.1.4.1.4203.1.9.1.2
1.3.6.1.4.1.4203.1.9.1.3
1.3.6.1.4.1.4203.1.9.1.4
( 1.3.6.1.4.1.4203.666.1.5 NAME 'OpenLDAPaci' DESC 'OpenLDAP access control 
information (experimental)' EQUALITY OpenLDAPaciMatch SYNTAX 
1.3.6.1.4.1.4203.666.2.1 USAGE directoryOperation )
( 1.3.6.1.4.1.4203.666.4.2 NAME 'OpenLDAPaciMatch' SYNTAX 
1.3.6.1.4.1.4203.666.2.1 )
( 1.3.6.1.4.1.4203.666.2.1 DESC 'OpenLDAP Experimental ACI' )
1.3.6.1.4.1.4203.666.2.1
1.3.6.1.4.1.4203.666.1.55
1.3.6.1.4.1.4203.666.3.16
( 1.3.6.1.4.1.4203.666.1.55.1 NAME 'monitoredInfo' DESC 'monitored info' 
EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 
1.3.6.1.4.1.1466.115.121.1.15{32768} NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.2 NAME 'managedInfo' DESC 'monitor managed info' 
SUP name )
( 1.3.6.1.4.1.4203.666.1.55.3 NAME 'monitorCounter' DESC 'monitor counter' 
EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 
1.3.6.1.4.1.1466.115.121.1.27 NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.4 NAME 'monitorOpCompleted' DESC 'monitor completed 
operations' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.5 NAME 'monitorOpInitiated' DESC 'monitor initiated 
operations' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.6 NAME 'monitorConnectionNumber' DESC 'monitor 
connection number' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.7 NAME 'monitorConnectionAuthzDN' DESC 'monitor 
connection authorization DN' EQUALITY distinguishedNameMatch SYNTAX 
1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.8 NAME 'monitorConnectionLocalAddress' DESC 
'monitor connection local address' SUP monitoredInfo NO-USER-MODIFICATION USAGE 
dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.9 NAME 'monitorConnectionPeerAddress' DESC 'monitor 
connection peer address' SUP monitoredInfo NO-USER-MODIFICATION USAGE 
dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.10 NAME 'monitorTimestamp' DESC 'monitor timestamp' 
EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 
1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODIFICATION USAGE 
dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.11 NAME 'monitorOverlay' DESC 'name of overlays 
defined for a given database' SUP monitoredInfo NO-USER-MODIFICATION USAGE 
dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.12 NAME 'readOnly' DESC 'read/write status of a 
given database' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 
SINGLE-VALUE USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.13 NAME 'restrictedOperation' DESC 'name of 
restricted operation for a given database' SUP managedInfo )
( 1.3.6.1.4.1.4203.666.1.55.14 NAME 'monitorConnectionProtocol' DESC 'monitor 
connection protocol' SUP monitoredInfo NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.15 NAME 'monitorConnectionOpsReceived' DESC 
'monitor number of operations received by the connection' SUP monitorCounter 
NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.16 NAME 'monitorConnectionOpsExecuting' DESC 
'monitor number of operations in execution within the connection' SUP 
monitorCounter NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.17 NAME 'monitorConnectionOpsPending' DESC 'monitor 
number of pending operations within the connection' SUP monitorCounter 
NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.18 NAME 'monitorConnectionOpsCompleted' DESC 
'monitor number of operations completed within the connection' SUP 
monitorCounter NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.19 NAME 'monitorConnectionGet' DESC 'number of 
times connection_get() was called so far' SUP monitorCounter 
NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.20 NAME 'monitorConnectionRead' DESC 'number of 
times connection_read() was called so far' SUP monitorCounter 
NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.21 NAME 'monitorConnectionWrite' DESC 'number of 
times connection_write() was called so far' SUP monitorCounter 
NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.22 NAME 'monitorConnectionMask' DESC 'monitor 
connection mask' SUP monitoredInfo NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.23 NAME 'monitorConnectionListener' DESC 'monitor 
connection listener' SUP monitoredInfo NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.24 NAME 'monitorConnectionPeerDomain' DESC 'monitor 
connection peer domain' SUP monitoredInfo NO-USER-MODIFICATION USAGE 
dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.25 NAME 'monitorConnectionStartTime' DESC 'monitor 
connection start time' SUP monitorTimestamp SINGLE-VALUE NO-USER-MODIFICATION 
USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.26 NAME 'monitorConnectionActivityTime' DESC 
'monitor connection activity time' SUP monitorTimestamp SINGLE-VALUE 
NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.27 NAME 'monitorIsShadow' DESC 'TRUE if the 
database is shadow' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 
SINGLE-VALUE USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.28 NAME 'monitorUpdateRef' DESC 'update referral 
for shadow databases' SUP monitoredInfo SINGLE-VALUE USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.29 NAME 'monitorRuntimeConfig' DESC 'TRUE if 
component allows runtime configuration' EQUALITY booleanMatch SYNTAX 
1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.30 NAME 'monitorSuperiorDN' DESC 'monitor superior 
DN' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 
NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.3.16.1 NAME 'monitor' DESC 'OpenLDAP system monitoring' 
SUP top STRUCTURAL MUST cn MAY ( description $ seeAlso $ labeledURI $ 
monitoredInfo $ managedInfo $ monitorOverlay ) )
( 1.3.6.1.4.1.4203.666.3.16.2 NAME 'monitorServer' DESC 'Server monitoring root 
entry' SUP monitor STRUCTURAL )
( 1.3.6.1.4.1.4203.666.3.16.3 NAME 'monitorContainer' DESC 'monitor container 
class' SUP monitor STRUCTURAL )
( 1.3.6.1.4.1.4203.666.3.16.4 NAME 'monitorCounterObject' DESC 'monitor counter 
class' SUP monitor STRUCTURAL )
( 1.3.6.1.4.1.4203.666.3.16.5 NAME 'monitorOperation' DESC 'monitor operation 
class' SUP monitor STRUCTURAL )
( 1.3.6.1.4.1.4203.666.3.16.6 NAME 'monitorConnection' DESC 'monitor connection 
class' SUP monitor STRUCTURAL )
( 1.3.6.1.4.1.4203.666.3.16.7 NAME 'managedObject' DESC 'monitor managed entity 
class' SUP monitor STRUCTURAL )
( 1.3.6.1.4.1.4203.666.3.16.8 NAME 'monitoredObject' DESC 'monitor monitored 
entity class' SUP monitor STRUCTURAL )
1.3.6.1.4.1.4203.666.11.3
1.3.6.1.4.1.4203.666.11.6.3
1.3.6.1.4.1.4203.666.11.6.1
1.3.6.1.4.1.4203.666.11.5.3.1
( 1.3.6.1.4.1.4203.666.11.5.3.1 DESC 'Control' )
( 1.3.6.1.4.1.4203.666.11.5.1.1 NAME 'reqDN' DESC 'Target DN of request' 
EQUALITY distinguishedNameMatch SYNTAX OMsDN SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.5.1.2 NAME 'reqStart' DESC 'Start time of request' 
EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 
1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.5.1.3 NAME 'reqEnd' DESC 'End time of request' 
EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 
1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.5.1.4 NAME 'reqType' DESC 'Type of request' EQUALITY 
caseIgnoreMatch SYNTAX OMsDirectoryString SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.5.1.5 NAME 'reqSession' DESC 'Session ID of request' 
EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.5.1.6 NAME 'reqAuthzID' DESC 'Authorization ID of 
requestor' EQUALITY distinguishedNameMatch SYNTAX OMsDN SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.5.1.7 NAME 'reqResult' DESC 'Result code of request' 
EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX OMsInteger 
SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.5.1.8 NAME 'reqMessage' DESC 'Error text of request' 
EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 
OMsDirectoryString SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.5.1.9 NAME 'reqReferral' DESC 'Referrals returned for 
request' SUP labeledURI )
( 1.3.6.1.4.1.4203.666.11.5.1.10 NAME 'reqControls' DESC 'Request controls' 
EQUALITY objectIdentifierFirstComponentMatch SYNTAX 
1.3.6.1.4.1.4203.666.11.5.3.1 X-ORDERED 'VALUES' )
( 1.3.6.1.4.1.4203.666.11.5.1.11 NAME 'reqRespControls' DESC 'Response controls 
of request' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 
1.3.6.1.4.1.4203.666.11.5.3.1 X-ORDERED 'VALUES' )
( 1.3.6.1.4.1.4203.666.11.5.1.12 NAME 'reqId' DESC 'ID of Request to Abandon' 
EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX OMsInteger 
SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.5.1.13 NAME 'reqVersion' DESC 'Protocol version of 
Bind request' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 
OMsInteger SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.5.1.14 NAME 'reqMethod' DESC 'Bind method of request' 
EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.5.1.15 NAME 'reqAssertion' DESC 'Compare Assertion of 
request' SYNTAX OMsDirectoryString SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.5.1.16 NAME 'reqMod' DESC 'Modifications of request' 
EQUALITY octetStringMatch SUBSTR octetStringSubstringsMatch SYNTAX 
OMsOctetString )
( 1.3.6.1.4.1.4203.666.11.5.1.17 NAME 'reqOld' DESC 'Old values of entry before 
request completed' EQUALITY octetStringMatch SUBSTR octetStringSubstringsMatch 
SYNTAX OMsOctetString )
( 1.3.6.1.4.1.4203.666.11.5.1.18 NAME 'reqNewRDN' DESC 'New RDN of request' 
EQUALITY distinguishedNameMatch SYNTAX OMsDN SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.5.1.19 NAME 'reqDeleteOldRDN' DESC 'Delete old RDN' 
EQUALITY booleanMatch SYNTAX OMsBoolean SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.5.1.20 NAME 'reqNewSuperior' DESC 'New superior DN of 
request' EQUALITY distinguishedNameMatch SYNTAX OMsDN SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.5.1.21 NAME 'reqScope' DESC 'Scope of request' 
EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.5.1.22 NAME 'reqDerefAliases' DESC 'Disposition of 
Aliases in request' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString 
SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.5.1.23 NAME 'reqAttrsOnly' DESC 'Attributes and 
values of request' EQUALITY booleanMatch SYNTAX OMsBoolean SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.5.1.24 NAME 'reqFilter' DESC 'Filter of request' 
EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 
OMsDirectoryString SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.5.1.25 NAME 'reqAttr' DESC 'Attributes of request' 
EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString )
( 1.3.6.1.4.1.4203.666.11.5.1.26 NAME 'reqSizeLimit' DESC 'Size limit of 
request' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX OMsInteger 
SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.5.1.27 NAME 'reqTimeLimit' DESC 'Time limit of 
request' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX OMsInteger 
SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.5.1.28 NAME 'reqEntries' DESC 'Number of entries 
returned' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX OMsInteger 
SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.5.1.29 NAME 'reqData' DESC 'Data of extended request' 
EQUALITY octetStringMatch SUBSTR octetStringSubstringsMatch SYNTAX 
OMsOctetString SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.5.1.30 NAME 'auditContext' DESC 'DN of 
auditContainer' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE 
NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.11.5.2.0 NAME 'auditContainer' DESC 'AuditLog container' 
SUP top STRUCTURAL MAY ( cn $ reqStart $ reqEnd ) )
( 1.3.6.1.4.1.4203.666.11.5.2.1 NAME 'auditObject' DESC 'OpenLDAP request 
auditing' SUP top STRUCTURAL MUST ( reqStart $ reqType $ reqSession ) MAY ( 
reqDN $ reqAuthzID $ reqControls $ reqRespControls $ reqEnd $ reqResult $ 
reqMessage $ reqReferral ) )
( 1.3.6.1.4.1.4203.666.11.5.2.2 NAME 'auditReadObject' DESC 'OpenLDAP read 
request record' SUP auditObject STRUCTURAL )
( 1.3.6.1.4.1.4203.666.11.5.2.3 NAME 'auditWriteObject' DESC 'OpenLDAP write 
request record' SUP auditObject STRUCTURAL )
( 1.3.6.1.4.1.4203.666.11.5.2.4 NAME 'auditAbandon' DESC 'Abandon operation' 
SUP auditObject STRUCTURAL MUST reqId )
( 1.3.6.1.4.1.4203.666.11.5.2.5 NAME 'auditAdd' DESC 'Add operation' SUP 
auditWriteObject STRUCTURAL MUST reqMod )
( 1.3.6.1.4.1.4203.666.11.5.2.6 NAME 'auditBind' DESC 'Bind operation' SUP 
auditObject STRUCTURAL MUST ( reqVersion $ reqMethod ) )
( 1.3.6.1.4.1.4203.666.11.5.2.7 NAME 'auditCompare' DESC 'Compare operation' 
SUP auditReadObject STRUCTURAL MUST reqAssertion )
( 1.3.6.1.4.1.4203.666.11.5.2.8 NAME 'auditDelete' DESC 'Delete operation' SUP 
auditWriteObject STRUCTURAL MAY reqOld )
( 1.3.6.1.4.1.4203.666.11.5.2.9 NAME 'auditModify' DESC 'Modify operation' SUP 
auditWriteObject STRUCTURAL MAY reqOld MUST reqMod )
( 1.3.6.1.4.1.4203.666.11.5.2.10 NAME 'auditModRDN' DESC 'ModRDN operation' SUP 
auditWriteObject STRUCTURAL MUST ( reqNewRDN $ reqDeleteOldRDN ) MAY ( 
reqNewSuperior $ reqMod $ reqOld ) )
( 1.3.6.1.4.1.4203.666.11.5.2.11 NAME 'auditSearch' DESC 'Search operation' SUP 
auditReadObject STRUCTURAL MUST ( reqScope $ reqDerefAliases $ reqAttrsonly ) 
MAY ( reqFilter $ reqAttr $ reqEntries $ reqSizeLimit $ reqTimeLimit ) )
( 1.3.6.1.4.1.4203.666.11.5.2.12 NAME 'auditExtended' DESC 'Extended operation' 
SUP auditObject STRUCTURAL MAY reqData )
( 1.3.6.1.4.1.4203.666.1.57 NAME ( 'entryExpireTimestamp' ) DESC 'RFC2589 
OpenLDAP extension: expire time of a dynamic object, computed as now + 
entryTtl' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch 
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODIFICATION USAGE 
dSAOperation )
1.3.6.1.4.1.4203.666.5.16
( 1.2.840.113556.1.2.102 NAME 'memberOf' DESC 'Group that the entry belongs to' 
SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' EQUALITY distinguishedNameMatch USAGE 
dSAOperation X-ORIGIN 'iPlanet Delegated Administrator' )
( 1.3.6.1.4.1.42.2.27.8.1.16 NAME ( 'pwdChangedTime' ) DESC 'The time the 
password was last changed' EQUALITY generalizedTimeMatch ORDERING 
generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE 
NO-USER-MODIFICATION USAGE directoryOperation )
( 1.3.6.1.4.1.42.2.27.8.1.17 NAME ( 'pwdAccountLockedTime' ) DESC 'The time an 
user account was locked' EQUALITY generalizedTimeMatch ORDERING 
generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE 
USAGE directoryOperation )
( 1.3.6.1.4.1.42.2.27.8.1.19 NAME ( 'pwdFailureTime' ) DESC 'The timestamps of 
the last consecutive authentication failures' EQUALITY generalizedTimeMatch 
ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 
NO-USER-MODIFICATION USAGE directoryOperation )
( 1.3.6.1.4.1.42.2.27.8.1.20 NAME ( 'pwdHistory' ) DESC 'The history of users 
passwords' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 
NO-USER-MODIFICATION USAGE directoryOperation )
( 1.3.6.1.4.1.42.2.27.8.1.21 NAME ( 'pwdGraceUseTime' ) DESC 'The timestamps of 
the grace login once the password has expired' EQUALITY generalizedTimeMatch 
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 NO-USER-MODIFICATION USAGE 
directoryOperation )
( 1.3.6.1.4.1.42.2.27.8.1.22 NAME ( 'pwdReset' ) DESC 'The indication that the 
password has been reset' EQUALITY booleanMatch SYNTAX 
1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE USAGE directoryOperation )
( 1.3.6.1.4.1.42.2.27.8.1.23 NAME ( 'pwdPolicySubentry' ) DESC 'The pwdPolicy 
subentry in effect for this object' EQUALITY distinguishedNameMatch SYNTAX 
1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE USAGE directoryOperation )
1.3.6.1.4.1.42.2.27.8.5.1
1.3.6.1.4.1.42.2.27.8.5.1
1.3.6.1.4.1.4203.666.11.9.1
( PCacheAttributes:1 NAME 'pcacheQueryID' DESC 'ID of query the entry belongs 
to, formatted as a UUID' EQUALITY octetStringMatch SYNTAX 
1.3.6.1.4.1.1466.115.121.1.40{64} NO-USER-MODIFICATION USAGE directoryOperation 
)
( PCacheAttributes:2 NAME 'pcacheQueryURL' DESC 'URI describing a cached query' 
EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 
NO-USER-MODIFICATION USAGE directoryOperation )
( 1.3.6.1.4.1.4203.666.11.4.3.0 NAME ( 'errAbsObject' ) SUP top ABSTRACT MUST ( 
errCode ) MAY ( cn $ description $ errOp $ errText $ errSleepTime $ 
errMatchedDN $ errUnsolicitedOID $ errUnsolicitedData $ errDisconnect ) )
( 1.3.6.1.4.1.4203.666.11.4.3.1 NAME ( 'errObject' ) SUP errAbsObject 
STRUCTURAL )
( 1.3.6.1.4.1.4203.666.11.4.3.2 NAME ( 'errAuxObject' ) SUP errAbsObject 
AUXILIARY )
( 1.3.6.1.4.1.4203.666.11.4.1.1 NAME ( 'errCode' ) DESC 'LDAP error code' 
EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 
1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.4.1.2 NAME ( 'errOp' ) DESC 'Operations the errObject 
applies to' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 
1.3.6.1.4.1.1466.115.121.1.15 )
( 1.3.6.1.4.1.4203.666.11.4.1.3 NAME ( 'errText' ) DESC 'LDAP error textual 
description' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 
1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.4.1.4 NAME ( 'errSleepTime' ) DESC 'Time to wait 
before returning the error' EQUALITY integerMatch SYNTAX 
1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.4.1.5 NAME ( 'errMatchedDN' ) DESC 'Value to be 
returned as matched DN' EQUALITY distinguishedNameMatch SYNTAX 
1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.4.1.6 NAME ( 'errUnsolicitedOID' ) DESC 'OID to be 
returned within unsolicited response' EQUALITY objectIdentifierMatch SYNTAX 
1.3.6.1.4.1.1466.115.121.1.38 SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.4.1.7 NAME ( 'errUnsolicitedData' ) DESC 'Data to be 
returned within unsolicited response' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 
SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.4.1.8 NAME ( 'errDisconnect' ) DESC 'Disconnect 
without notice' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
1.3.6.1.4.1.4203.666.5.14
1.3.6.1.4.1.1466.115.121.1.36

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Problem FreeIPA 4.1.3 for vCenter 5.5u2b SSO

Reply via email to