On Jun 1, 2009, at 4:30 AM, [email protected] wrote: > This is a multi-part message in MIME format. > --------------080004030402080700020504 > Content-Type: text/plain; charset=3DISO-8859-1 > Content-Transfer-Encoding: 8bit > > Updated schema file cosine-update.schema attached.
I note that differs are generally preferred, even where the file is =20 mostly changed. This helps ensure changes that others might make to =20 the file you started with are not lost. > Note that some schema > descriptions were copied from old cosine.schema to preserve backward > compability since RFC 4524 does not contain all schema descriptions =20= > e.g. > needed for 'pilotPerson'. Note that 'pilotPerson' is used as superior > class for 'OpenLDAPperson'. Also some aliases were added to NAME of > attribute type descriptions. > > IPR notice: > This patch file is derived from OpenLDAP Software and RFC 4524 and RFC > 1274. All of the modifications to OpenLDAP Software represented in the > attached file were developed by Michael Str=F6der =20 > <[email protected]>. > I have not assigned rights and/or interest in this work to any party. While this notice of origin is fine, you did not include a rights =20 statement. > > > --------------080004030402080700020504 > Content-Type: text/plain; > name=3D"cosine-update.schema" > Content-Transfer-Encoding: 7bit > Content-Disposition: inline; > filename=3D"cosine-update.schema" > > # RFC 4524: COSINE LDAP/X.500 Schema > # $OpenLDAP: pkg/ldap/servers/slapd/schema/cosine.schema,v 1.26 =20 > 2009/01/21 23:40:40 kurt Exp $ > ## This work is part of OpenLDAP Software <http://www.openldap.org/>. > ## > ## Copyright 1998-2009 The OpenLDAP Foundation. > ## All rights reserved. > ## > ## Redistribution and use in source and binary forms, with or without > ## modification, are permitted only as authorized by the OpenLDAP > ## Public License. > ## > ## A copy of this license is available in the file LICENSE in the > ## top-level directory of the distribution or, alternatively, at > ## <http://www.OpenLDAP.org/license.html>. > # > # RFC 4524: COSINE LDAP/X.500 Schema > # This file is mainly based on the schema descriptions found in RFC =20= > 4524. > # To preserve backwards compability with 'pilotPerson' schema some =20 > attribute > # types and object classes not declared in RFC 4524 were copied from > # (obsoleted) RFC 1274 and some attribute type descriptions were =20 > extended > # with aliases for NAME. > # > # Depends on core.schema > > # =20 > = --------------------------------------------------------------------------= > # 2. COSINE Attribute Types > # =20 > = --------------------------------------------------------------------------= > # > # This section details COSINE attribute types for use in LDAP. > # > > # =20 > = --------------------------------------------------------------------------= > # 2.1. associatedDomain > # > # The 'associatedDomain' attribute specifies DNS [RFC1034][RFC2181] > # host names [RFC1123] that are associated with an object. That =20= > is, > # values of this attribute should conform to the following ABNF: > # > # domain =3D root / label *( DOT label ) > # root =3D SPACE > # label =3D LETDIG [ *61( LETDIG / HYPHEN ) LETDIG ] > # LETDIG =3D %x30-39 / %x41-5A / %x61-7A ; "0" - "9" / "A"-"Z" / =20= > "a"-"z" > # SPACE =3D %x20 ; space (" ") > # HYPHEN =3D %x2D ; hyphen ("-") > # DOT =3D %x2E ; period (".") > # > # For example, the entry in the DIT with a DN <DC=3Dexample,DC=3Dcom>= =20 > might > # have an associated domain of "example.com". > # > # (OpenLDAP-specific: Declared in core.schema) > # attributetype ( 0.9.2342.19200300.100.1.37 > # NAME 'associatedDomain' > # EQUALITY caseIgnoreIA5Match > # SUBSTR caseIgnoreIA5SubstringsMatch > # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) > # > # The IA5String (1.3.6.1.4.1.1466.115.121.1.26) syntax and the > # 'caseIgnoreIA5Match' and 'caseIgnoreIA5SubstringsMatch' rules are > # described in [RFC4517]. > # > # Note that the directory will not ensure that values of this =20 > attribute > # conform to the <domain> production provided above. It is the > # application's responsibility to ensure that domains it stores =20 > in this > # attribute are appropriately represented. > # > # Also note that applications supporting Internationalized Domain =20= > Names > # SHALL use the ToASCII method [RFC3490] to produce <label> =20 > components > # of the <domain> production. > > # =20 > = --------------------------------------------------------------------------= > # 2.2. associatedName > # > # The 'associatedName' attribute specifies names of entries in the > # organizational DIT associated with a DNS domain [RFC1034]=20 > [RFC2181]. > # > > attributetype ( 0.9.2342.19200300.100.1.38 > NAME 'associatedName' > EQUALITY distinguishedNameMatch > SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) > > # > # The DistinguishedName (1.3.6.1.4.1.1466.115.121.1.12) syntax =20 > and the > # 'distinguishedNameMatch' rule are described in [RFC4517]. > # > > # =20 > = --------------------------------------------------------------------------= > # 2.3. buildingName > # > # The 'buildingName' attribute specifies names of the buildings =20 > where > # an organization or organizational unit is based, for example, =20 > "The > # White House". > # > > attributetype ( 0.9.2342.19200300.100.1.48 > NAME 'buildingName' > EQUALITY caseIgnoreMatch > SUBSTR caseIgnoreSubstringsMatch > SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) > > # > # The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and =20= > the > # 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are =20 > described > # in [RFC4517]. > # > > # =20 > = --------------------------------------------------------------------------= > # 2.4. co > # > # The 'co' (Friendly Country Name) attribute specifies names of > # countries in human-readable format, for example, "Germany" and > # "Federal Republic of Germany". It is commonly used in =20 > conjunction > # with the 'c' (Country Name) [RFC4519] attribute (whose values are > # restricted to the two-letter codes defined in [ISO3166]). > # > > attributetype ( 0.9.2342.19200300.100.1.43 > NAME 'co' > EQUALITY caseIgnoreMatch > SUBSTR caseIgnoreSubstringsMatch > SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) > > # > # The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and =20= > the > # 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are =20 > described > # in [RFC4517]. > # > > # =20 > = --------------------------------------------------------------------------= > # 2.5. documentAuthor > # > # The 'documentAuthor' attribute specifies the distinguished =20 > names of > # authors (or editors) of a document. For example, > # > > attributetype ( 0.9.2342.19200300.100.1.14 > NAME 'documentAuthor' > EQUALITY distinguishedNameMatch > SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) > > # > # The DistinguishedName (1.3.6.1.4.1.1466.115.121.1.12) syntax =20 > and the > # 'distinguishedNameMatch' rule are described in [RFC4517]. > # > > # =20 > = --------------------------------------------------------------------------= > # 2.6. documentIdentifier > # > # The 'documentIdentifier' attribute specifies unique identifiers =20= > for a > # document. A document may be identified by more than one unique > # identifier. For example, RFC 3383 and BCP 64 are unique =20 > identifiers > # that (presently) refer to the same document. > # > > attributetype ( 0.9.2342.19200300.100.1.11 > NAME 'documentIdentifier' > EQUALITY caseIgnoreMatch > SUBSTR caseIgnoreSubstringsMatch > SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) > > # > # The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and =20= > the > # 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are =20 > described > # in [RFC4517]. > # > > # =20 > = --------------------------------------------------------------------------= > # 2.7. documentLocation > # > # The 'documentLocation' attribute specifies locations of the =20 > document > # original. > # > > attributetype ( 0.9.2342.19200300.100.1.15 > NAME 'documentLocation' > EQUALITY caseIgnoreMatch > SUBSTR caseIgnoreSubstringsMatch > SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) > > # > # The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and =20= > the > # 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are =20 > described > # in [RFC4517]. > # > > # =20 > = --------------------------------------------------------------------------= > # 2.8. documentPublisher > # > # The 'documentPublisher' attribute is the persons and/or =20 > organizations > # that published the document. Documents that are jointly =20 > published > # have one value for each publisher. > # > > attributetype ( 0.9.2342.19200300.100.1.56 > NAME 'documentPublisher' > EQUALITY caseIgnoreMatch > SUBSTR caseIgnoreSubstringsMatch > SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) > > # > # The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and =20= > the > # 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are =20 > described > # in [RFC4517]. > # > > # =20 > = --------------------------------------------------------------------------= > # 2.9. documentTitle > # > # The 'documentTitle' attribute specifies the titles of a document. > # Multiple values are allowed to accommodate both long and short > # titles, or other situations where a document has multiple =20 > titles, for > # example, "The Lightweight Directory Access Protocol Technical > # Specification" and "The LDAP Technical Specification". > # > > attributetype ( 0.9.2342.19200300.100.1.12 > NAME 'documentTitle' > EQUALITY caseIgnoreMatch > SUBSTR caseIgnoreSubstringsMatch > SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) > > # > # The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and =20= > the > # 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are =20 > described > # in [RFC4517]. > # > > # =20 > = --------------------------------------------------------------------------= > # 2.10. documentVersion > # > # The 'documentVersion' attribute specifies the version =20 > information of > # a document. > # > > attributetype ( 0.9.2342.19200300.100.1.13 > NAME 'documentVersion' > EQUALITY caseIgnoreMatch > SUBSTR caseIgnoreSubstringsMatch > SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) > > # > # The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and =20= > the > # 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are =20 > described > # in [RFC4517]. > # > > # =20 > = --------------------------------------------------------------------------= > # 2.11. drink > # > # The 'drink' (favouriteDrink) attribute specifies the favorite =20 > drinks > # of an object (or person), for instance, "cola" and "beer". > # > > attributetype ( 0.9.2342.19200300.100.1.5 > NAME ( 'drink' 'favouriteDrink' ) > EQUALITY caseIgnoreMatch > SUBSTR caseIgnoreSubstringsMatch > SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) > > # > # The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and =20= > the > # 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are =20 > described > # in [RFC4517]. > # > > # =20 > = --------------------------------------------------------------------------= > # 2.12. homePhone > # > # The 'homePhone' (Home Telephone Number) attribute specifies home > # telephone numbers (e.g., "+1 775 555 1234") associated with a =20 > person. > # > > attributetype ( 0.9.2342.19200300.100.1.20 > NAME ( 'homePhone' 'homeTelephoneNumber' ) > EQUALITY telephoneNumberMatch > SUBSTR telephoneNumberSubstringsMatch > SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ) > > # > # The telephoneNumber (1.3.6.1.4.1.1466.115.121.1.50) syntax and =20= > the > # 'telephoneNumberMatch' and 'telephoneNumberSubstringsMatch' =20 > rules are > # described in [RFC4517]. > # > > # =20 > = --------------------------------------------------------------------------= > # 2.13. homePostalAddress > # > # The 'homePostalAddress' attribute specifies home postal =20 > addresses for > # an object. Each value should be limited to up to 6 directory =20 > strings > # of 30 characters each. (Note: It is not intended that the =20 > directory > # service enforce these limits.) > # > > attributetype ( 0.9.2342.19200300.100.1.39 > NAME 'homePostalAddress' > EQUALITY caseIgnoreListMatch > SUBSTR caseIgnoreListSubstringsMatch > SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) > > # > # The PostalAddress (1.3.6.1.4.1.1466.115.121.1.41) syntax and the > # 'caseIgnoreListMatch' and 'caseIgnoreListSubstringsMatch' rules =20= > are > # described in [RFC4517]. > # > > # =20 > = --------------------------------------------------------------------------= > # 2.14. host > # > # The 'host' attribute specifies host computers, generally by their > # primary fully qualified domain name (e.g., my-host.example.com). > # > > attributetype ( 0.9.2342.19200300.100.1.9 > NAME 'host' > EQUALITY caseIgnoreMatch > SUBSTR caseIgnoreSubstringsMatch > SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) > > # > # The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and =20= > the > # 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are =20 > described > # in [RFC4517]. > # > > # =20 > = --------------------------------------------------------------------------= > # 2.15. info > # > # The 'info' attribute specifies any general information =20 > pertinent to > # an object. This information is not necessarily descriptive of =20= > the > # object. > # > # Applications should not attach specific semantics to values of =20= > this > # attribute. The 'description' attribute [RFC4519] is available =20= > for > # specifying descriptive information pertinent to an object. > # > > attributetype ( 0.9.2342.19200300.100.1.4 > NAME 'info' > EQUALITY caseIgnoreMatch > SUBSTR caseIgnoreSubstringsMatch > SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} ) > > # > # The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and =20= > the > # 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are =20 > described > # in [RFC4517]. > # > > # =20 > = --------------------------------------------------------------------------= > # 2.16. mail > # > # The 'mail' (rfc822mailbox) attribute type holds Internet mail > # addresses in Mailbox [RFC2821] form (e.g., [email protected]). > # > # (OpenLDAP-specific: Declared in core.schema) > # attributetype ( 0.9.2342.19200300.100.1.3 > # NAME 'mail' > # EQUALITY caseIgnoreIA5Match > # SUBSTR caseIgnoreIA5SubstringsMatch > # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) > # > # The IA5String (1.3.6.1.4.1.1466.115.121.1.26) syntax and the > # 'caseIgnoreIA5Match' and 'caseIgnoreIA5SubstringsMatch' rules are > # described in [RFC4517]. > # > # Note that the directory will not ensure that values of this =20 > attribute > # conform to the <Mailbox> production [RFC2821]. It is the > # application's responsibility to ensure that domains it stores =20 > in this > # attribute are appropriately represented. > # > # Additionally, the directory will compare values per the matching > # rules named in the above attribute type description. As these =20= > rules > # differ from rules that normally apply to <Mailbox> comparisons, > # operational issues may arise. For example, the assertion > # ([email protected]) will match "[email protected]" even though = =20 > the > # <local-parts> differ. Also, where a user has two <Mailbox>es =20 > whose > # addresses differ only by case of the <local-part>, both cannot be > # listed as values of the user's mail attribute (as they are =20 > considered > # equal by the 'caseIgnoreIA5Match' rule). > # > # Also note that applications supporting internationalized domain =20= > names > # SHALL use the ToASCII method [RFC3490] to produce <sub-domain> > # components of the <Mailbox> production. > # > > # =20 > = --------------------------------------------------------------------------= > # 2.17. manager > # > # The 'manager' attribute specifies managers, by distinguished =20 > name, of > # the person (or entity). > # > > attributetype ( 0.9.2342.19200300.100.1.10 > NAME 'manager' > EQUALITY distinguishedNameMatch > SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) > > # > # The DistinguishedName (1.3.6.1.4.1.1466.115.121.1.12) syntax =20 > and the > # 'distinguishedNameMatch' rule are described in [RFC4517]. > # > > # =20 > = --------------------------------------------------------------------------= > # 2.18. mobile > # > # The 'mobile' (mobileTelephoneNumber) attribute specifies mobile > # telephone numbers (e.g., "+1 775 555 6789") associated with a =20 > person > # (or entity). > # > > attributetype ( 0.9.2342.19200300.100.1.41 > NAME ( 'mobile' 'mobileTelephoneNumber' ) > EQUALITY telephoneNumberMatch > SUBSTR telephoneNumberSubstringsMatch > SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ) > > # > # The telephoneNumber (1.3.6.1.4.1.1466.115.121.1.50) syntax and =20= > the > # 'telephoneNumberMatch' and 'telephoneNumberSubstringsMatch' =20 > rules are > # described in [RFC4517]. > # > > # =20 > = --------------------------------------------------------------------------= > # 2.19. organizationalStatus > # > # The 'organizationalStatus' attribute specifies categories by =20 > which a > # person is often referred to in an organization. Examples of =20 > usage in > # academia might include "undergraduate student", "researcher", > # "professor", and "staff". Multiple values are allowed where the > # person is in multiple categories. > # > # Directory administrators and application designers SHOULD =20 > consider > # carefully the distinctions between this and the 'title' and > # 'userClass' attributes. > # > > attributetype ( 0.9.2342.19200300.100.1.45 > NAME 'organizationalStatus' > EQUALITY caseIgnoreMatch > SUBSTR caseIgnoreSubstringsMatch > SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) > > # > # The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and =20= > the > # 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are =20 > described > # in [RFC4517]. > # > > # =20 > = --------------------------------------------------------------------------= > # 2.20. pager > # > # The 'pager' (pagerTelephoneNumber) attribute specifies pager > # telephone numbers (e.g., "+1 775 555 5555") for an object. > # > > attributetype ( 0.9.2342.19200300.100.1.42 > NAME ( 'pager' 'pagerTelephoneNumber' ) > EQUALITY telephoneNumberMatch > SUBSTR telephoneNumberSubstringsMatch > SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ) > > # > # The telephoneNumber (1.3.6.1.4.1.1466.115.121.1.50) syntax and =20= > the > # 'telephoneNumberMatch' and 'telephoneNumberSubstringsMatch' =20 > rules are > # described in [RFC4517]. > # > > # =20 > = --------------------------------------------------------------------------= > # 2.21. personalTitle > # > # The 'personalTitle' attribute specifies personal titles for a =20 > person. > # Examples of personal titles are "Frau", "Dr.", "Herr", and > # "Professor". > # > > attributetype ( 0.9.2342.19200300.100.1.40 > NAME 'personalTitle' > EQUALITY caseIgnoreMatch > SUBSTR caseIgnoreSubstringsMatch > SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) > > # > # The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and =20= > the > # 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are =20 > described > # in [RFC4517]. > # > > # =20 > = --------------------------------------------------------------------------= > # 2.22. roomNumber > # > # The 'roomNumber' attribute specifies the room number of an =20 > object. > # During periods of renumbering, or in other circumstances where =20= > a room > # has multiple valid room numbers associated with it, multiple =20 > values > # may be provided. Note that the 'cn' (commonName) attribute type > # SHOULD be used for naming room objects. > # > > attributetype ( 0.9.2342.19200300.100.1.6 > NAME 'roomNumber' > EQUALITY caseIgnoreMatch > SUBSTR caseIgnoreSubstringsMatch > SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) > > # > # The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and =20= > the > # 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are =20 > described > # in [RFC4517]. > # > > # =20 > = --------------------------------------------------------------------------= > # 2.23. secretary > # > # The 'secretary' attribute specifies secretaries and/or =20 > administrative > # assistants, by distinguished name. > # > > attributetype ( 0.9.2342.19200300.100.1.21 > NAME 'secretary' > EQUALITY distinguishedNameMatch > SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) > > # > # The DistinguishedName (1.3.6.1.4.1.1466.115.121.1.12) syntax =20 > and the > # 'distinguishedNameMatch' rule are described in [RFC4517]. > # > > # =20 > = --------------------------------------------------------------------------= > # 2.24. uniqueIdentifier > # > # The 'uniqueIdentifier' attribute specifies a unique identifier =20= > for an > # object represented in the Directory. The domain within which the > # identifier is unique and the exact semantics of the identifier =20= > are > # for local definition. For a person, this might be an =20 > institution- > # wide payroll number. For an organizational unit, it might be a > # department code. > # > > attributetype ( 0.9.2342.19200300.100.1.44 > NAME 'uniqueIdentifier' > EQUALITY caseIgnoreMatch > SUBSTR caseIgnoreSubstringsMatch > SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) > > # > # The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and =20= > the > # 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are =20 > described > # in [RFC4517]. > # > # Note: X.520 also describes an attribute called 'uniqueIdentifier' > # (2.5.4.45), which is called 'x500UniqueIdentifier' in LDAP > # [RFC4519]. The attribute detailed here ought not be =20 > confused > # with 'x500UniqueIdentifier'. > # > > # =20 > = --------------------------------------------------------------------------= > # 2.25. userClass > # > # The 'userClass' attribute specifies categories of computer or > # application user. The semantics placed on this attribute are for > # local interpretation. Examples of current usage of this =20 > attribute in > # academia are "student", "staff", and "faculty". Note that the > # 'organizationalStatus' attribute type is now often preferred, =20 > as it > # makes no distinction between persons as opposed to users. > # > > attributetype ( 0.9.2342.19200300.100.1.8 > NAME 'userClass' > EQUALITY caseIgnoreMatch > SUBSTR caseIgnoreSubstringsMatch > SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) > > # > # The DirectoryString (1.3.6.1.4.1.1466.115.121.1.15) syntax and =20= > the > # 'caseIgnoreMatch' and 'caseIgnoreSubstringsMatch' rules are =20 > described > # in [RFC4517]. > # > > > # =20 > = --------------------------------------------------------------------------= > # Attribute types from RFC 1274 which are missing in RFC 4524 > # =20 > = --------------------------------------------------------------------------= > # > # 9.3.2. Text Encoded O/R Address > # > # The Text Encoded O/R Address attribute type specifies a text =20 > encoding > # of an X.400 O/R address, as specified in RFC 987. The use of this > # attribute is deprecated as the attribute is intended for interim =20= > use > # only. This attribute will be the first candidate for the attribute > # expiry mechanisms! > # > # textEncodedORAddress ATTRIBUTE > # WITH ATTRIBUTE-SYNTAX > # caseIgnoreStringSyntax > # (SIZE (1 .. ub-text-encoded-or-address)) > # ::=3D {pilotAttributeType 2} > # > > attributetype ( 0.9.2342.19200300.100.1.2 > NAME 'textEncodedORAddress' > EQUALITY caseIgnoreMatch > SUBSTR caseIgnoreSubstringsMatch > SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) > > # =20 > = --------------------------------------------------------------------------= > # 9.3.7. Photo > # > # The Photo attribute type specifies a "photograph" for an object. > # This should be encoded in G3 fax as explained in recommendation T.=20= > 4, > # with an ASN.1 wrapper to make it compatible with an X.400 =20 > BodyPart as > # defined in X.420. > # > # IMPORT G3FacsimileBodyPart FROM { mhs-motis ipms modules > # information-objects } > # > # photo ATTRIBUTE > # WITH ATTRIBUTE-SYNTAX > # CHOICE { > # g3-facsimile [3] G3FacsimileBodyPart > # } > # (SIZE (1 .. ub-photo)) > # ::=3D {pilotAttributeType 7} > # > > attributetype ( 0.9.2342.19200300.100.1.7 > NAME 'photo' > DESC 'RFC1274: photo (G3 fax)' > SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000} ) > > # =20 > = --------------------------------------------------------------------------= > # 9.3.18. Other Mailbox > # > # The Other Mailbox attribute type specifies values for electronic > # mailbox types other than X.400 and rfc822. > # > # otherMailbox ATTRIBUTE > # WITH ATTRIBUTE-SYNTAX > # SEQUENCE { > # mailboxType PrintableString, -- e.g. Telemail > # mailbox IA5String -- e.g. X378:Joe > # } > # ::=3D {pilotAttributeType 22} > # > > attributetype ( 0.9.2342.19200300.100.1.22 > NAME 'otherMailbox' > SYNTAX 1.3.6.1.4.1.1466.115.121.1.39 ) > > # =20 > = --------------------------------------------------------------------------= > # 9.3.22. DNS ARecord > # > # The A Record attribute type specifies a type A (Address) DNS =20 > resource > # record [6] [7]. > # > # aRecord ATTRIBUTE > # WITH ATTRIBUTE-SYNTAX > # DNSRecordSyntax > # ::=3D {pilotAttributeType 26} > # > ## incorrect syntax? > attributetype ( 0.9.2342.19200300.100.1.26 > NAME 'aRecord' > EQUALITY caseIgnoreIA5Match > SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) > > ## missing from RFC1274 > ## incorrect syntax? > attributetype ( 0.9.2342.19200300.100.1.27 > NAME 'mDRecord' > EQUALITY caseIgnoreIA5Match > SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) > > # =20 > = --------------------------------------------------------------------------= > # 9.3.23. MX Record > # > # The MX Record attribute type specifies a type MX (Mail Exchange) =20= > DNS > # resource record [6] [7]. > # > # mXRecord ATTRIBUTE > # WITH ATTRIBUTE-SYNTAX > # DNSRecordSyntax > # ::=3D {pilotAttributeType 28} > # > ## incorrect syntax!! > attributetype ( 0.9.2342.19200300.100.1.28 > NAME 'mXRecord' > EQUALITY caseIgnoreIA5Match > SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) > > # =20 > = --------------------------------------------------------------------------= > # 9.3.24. NS Record > # > # The NS Record attribute type specifies an NS (Name Server) DNS > # resource record [6] [7]. > # > # nSRecord ATTRIBUTE > # WITH ATTRIBUTE-SYNTAX > # DNSRecordSyntax > # ::=3D {pilotAttributeType 29} > # > ## incorrect syntax!! > > attributetype ( 0.9.2342.19200300.100.1.29 > NAME 'nSRecord' > EQUALITY caseIgnoreIA5Match > SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) > > # =20 > = --------------------------------------------------------------------------= > # 9.3.25. SOA Record > # > # The SOA Record attribute type specifies a type SOA (Start of > # Authority) DNS resorce record [6] [7]. > # > # sOARecord ATTRIBUTE > # WITH ATTRIBUTE-SYNTAX > # DNSRecordSyntax > # ::=3D {pilotAttributeType 30} > # > ## incorrect syntax!! > > attributetype ( 0.9.2342.19200300.100.1.30 > NAME 'sOARecord' > EQUALITY caseIgnoreIA5Match > SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) > > # =20 > = --------------------------------------------------------------------------= > # 9.3.26. CNAME Record > # > # The CNAME Record attribute type specifies a type CNAME (Canonical > # Name) DNS resource record [6] [7]. > # > # cNAMERecord ATTRIBUTE > # WITH ATTRIBUTE-SYNTAX > # iA5StringSyntax > # ::=3D {pilotAttributeType 31} > # > ## incorrect syntax!! > > attributetype ( 0.9.2342.19200300.100.1.31 > NAME 'cNAMERecord' > EQUALITY caseIgnoreIA5Match > SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) > > # =20 > = --------------------------------------------------------------------------= > # 9.3.36. Janet Mailbox > # > # The Janet Mailbox attribute type specifies an electronic mailbox > # attribute following the syntax specified in the Grey Book of the > # Coloured Book series. This attribute is intended for the =20 > convenience > # of U.K users unfamiliar with rfc822 and little-endian mail =20 > addresses. > # Entries using this attribute MUST also include an rfc822Mailbox > # attribute. > # > # janetMailbox ATTRIBUTE > # WITH ATTRIBUTE-SYNTAX > # caseIgnoreIA5StringSyntax > # (SIZE (1 .. ub-janet-mailbox)) > # ::=3D {pilotAttributeType 46} > # > attributetype ( 0.9.2342.19200300.100.1.46 > NAME 'janetMailbox' > DESC 'RFC1274: Janet mailbox' > EQUALITY caseIgnoreIA5Match > SUBSTR caseIgnoreIA5SubstringsMatch > SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) > > # =20 > = --------------------------------------------------------------------------= > # 9.3.37. Mail Preference Option > # > # An attribute to allow users to indicate a preference for =20 > inclusion of > # their names on mailing lists (electronic or physical). The absence > # of such an attribute should be interpreted as if the attribute was > # present with value "no-list-inclusion". This attribute should be > # interpreted by anyone using the directory to derive mailing lists, > # and its value respected. > # > # mailPreferenceOption ATTRIBUTE > # WITH ATTRIBUTE-SYNTAX ENUMERATED { > # no-list-inclusion(0), > # any-list-inclusion(1), -- may be added to any lists > # professional-list-inclusion(2) > # -- may be added to lists > # -- which the list provider > # -- views as related to the > # -- users professional inter- > # -- ests, perhaps evaluated > # -- from the business of the > # -- organisation or keywords > # -- in the entry. > # } > # ::=3D {pilotAttributeType 47} > # > > attributetype ( 0.9.2342.19200300.100.1.47 > NAME 'mailPreferenceOption' > DESC 'RFC1274: mail preference option' > SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) > > # =20 > = --------------------------------------------------------------------------= > # 9.3.43. Personal Signature > # > # The Personal Signature attribute type allows for a representation =20= > of > # a person's signature. This should be encoded in G3 fax as =20 > explained > # in recommendation T.4, with an ASN.1 wrapper to make it compatible > # with an X.400 BodyPart as defined in X.420. > # > # IMPORT G3FacsimileBodyPart FROM { mhs-motis ipms modules > # information-objects } > # > # personalSignature ATTRIBUTE > # WITH ATTRIBUTE-SYNTAX > # CHOICE { > # g3-facsimile [3] G3FacsimileBodyPart > # } > # (SIZE (1 .. ub-personal-signature)) > # ::=3D {pilotAttributeType 53} > # > > attributetype ( 0.9.2342.19200300.100.1.53 > NAME 'personalSignature' > DESC 'RFC1274: Personal Signature (G3 fax)' > SYNTAX 1.3.6.1.4.1.1466.115.121.1.23 ) > > # =20 > = --------------------------------------------------------------------------= > # 9.3.45. Audio > # > # The Audio attribute type allows the storing of sounds in the > # Directory. The attribute uses a u-law encoded sound file as used =20= > by > # the "play" utility on a Sun 4. This is an interim format. > # > # audio ATTRIBUTE > # WITH ATTRIBUTE-SYNTAX > # Audio > # (SIZE (1 .. ub-audio)) > # ::=3D {pilotAttributeType 55} > # > > attributetype ( 0.9.2342.19200300.100.1.55 > NAME 'audio' > DESC 'RFC1274: audio (u-law)' > SYNTAX 1.3.6.1.4.1.1466.115.121.1.4{25000} ) > > > # =20 > = --------------------------------------------------------------------------= > # 3. COSINE Object Classes > # =20 > = --------------------------------------------------------------------------= > # > # This section details COSINE object classes for use in LDAP. > # > > # =20 > = --------------------------------------------------------------------------= > # 3.1. account > # > # The 'account' object class is used to define entries representing > # computer accounts. The 'uid' attribute SHOULD be used for naming > # entries of this object class. > # > > objectclass ( 0.9.2342.19200300.100.4.5 > NAME 'account' > SUP top STRUCTURAL > MUST uid > MAY ( description $ seeAlso $ l $ o $ ou $ host ) ) > > # > # The 'top' object class is described in [RFC4512]. The =20 > 'description', > # 'seeAlso', 'l', 'o', 'ou', and 'uid' attribute types are =20 > described in > # [RFC4519]. The 'host' attribute type is described in Section 2 =20= > of > # this document. > # > # Example: > # > # dn: uid=3Dkdz,cn=3DAccounts,dc=3DExample,dc=3DCOM > # objectClass: account > # uid: kdz > # seeAlso: cn=3DKurt D. Zeilenga,cn=3DPersons,dc=3DExample,dc=3DCO= M > # > > # =20 > = --------------------------------------------------------------------------= > # 3.2. document > # > # The 'document' object class is used to define entries that =20 > represent > # documents. > # > > objectclass ( 0.9.2342.19200300.100.4.6 > NAME 'document' > SUP top STRUCTURAL > MUST documentIdentifier > MAY ( cn $ description $ seeAlso $ l $ o $ ou $ > documentTitle $ documentVersion $ documentAuthor $ > documentLocation $ documentPublisher ) ) > > # > # The 'top' object class is described in [RFC4512]. The 'cn', > # 'description', 'seeAlso', 'l', 'o', and 'ou' attribute types are > # described in [RFC4519]. The 'documentIdentifier', =20 > 'documentTitle', > # 'documentVersion', 'documentAuthor', 'documentLocation', and > # 'documentPublisher' attribute types are described in Section 2 of > # this document. > # > # Example: > # > # dn: documentIdentifier=3DRFC 4524,cn=3DRFC,dc=3DExample,dc=3DCOM= > # objectClass: document > # documentIdentifier: RFC 4524 > # documentTitle: COSINE LDAP/X.500 Schema > # documentAuthor: cn=3DKurt D. =20 > Zeilenga,cn=3DPersons,dc=3DExample,dc=3DCOM > # documentLocation: http://www.rfc-editor.org/rfc/rfc4524.txt > # documentPublisher: Internet Engineering Task Force > # description: A collection of schema elements for use in LDAP > # description: Obsoletes RFC 1274 > # seeAlso: documentIdentifier=3DRFC = 4510,cn=3DRFC,dc=3DExample,dc=3DCOM > # seeAlso: documentIdentifier=3DRFC = 1274,cn=3DRFC,dc=3DExample,dc=3DCOM > # > > # =20 > = --------------------------------------------------------------------------= > # 3.3. documentSeries > # > # The 'documentSeries' object class is used to define an entry that > # represents a series of documents (e.g., The Request For Comments > # memos). > # > > objectclass ( 0.9.2342.19200300.100.4.9 > NAME 'documentSeries' > SUP top STRUCTURAL > MUST cn > MAY ( description $ l $ o $ ou $ seeAlso $ telephonenumber ) ) > > # > # The 'top' object class is described in [RFC4512]. The =20 > 'description', > # 'l', 'o', 'ou', 'seeAlso', and 'telephoneNumber' attribute =20 > types are > # described in [RFC4519]. > # > # Example: > # > # dn: cn=3DRFC,dc=3DExample,dc=3DCOM > # objectClass: documentSeries > # cn: Request for Comments > # cn: RFC > # description: a series of memos about the Internet > # > > # =20 > = --------------------------------------------------------------------------= > # 3.4. domain > # > # The 'domain' object class is used to define entries that =20 > represent > # DNS domains for objects that are not organizations, =20 > organizational > # units, or other kinds of objects more appropriately defined =20 > using an > # object class specific to the kind of object being defined (e.g., > # 'organization', 'organizationUnit'). > # > # The 'dc' attribute should be used for naming entries of the =20 > 'domain' > # object class. > # > > objectclass ( 0.9.2342.19200300.100.4.13 > NAME 'domain' > SUP top STRUCTURAL > MUST dc > MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ > x121Address $ registeredAddress $ destinationIndicator $ > preferredDeliveryMethod $ telexNumber $ > teletexTerminalIdentifier $ telephoneNumber $ > internationaliSDNNumber $ facsimileTelephoneNumber $ street $ > postOfficeBox $ postalCode $ postalAddress $ > physicalDeliveryOfficeName $ st $ l $ description $ o $ > associatedName ) ) > > # > # The 'top' object class and the 'dc', 'userPassword', =20 > 'searchGuide', > # 'seeAlso', 'businessCategory', 'x121Address', =20 > 'registeredAddress', > # 'destinationIndicator', 'preferredDeliveryMethod', 'telexNumber', > # 'teletexTerminalIdentifier', 'telephoneNumber', > # 'internationaliSDNNumber', 'facsimileTelephoneNumber', 'street', > # 'postOfficeBox', 'postalCode', 'postalAddress', > # 'physicalDeliveryOfficeName', 'st', 'l', 'description', and 'o' =20= > types > # are described in [RFC4519]. The 'associatedName' attribute =20 > type is > # described in Section 2 of this document. > # > # Example: > # > # dn: dc=3Dcom > # objectClass: domain > # dc: com > # description: the .COM TLD > # > > # =20 > = --------------------------------------------------------------------------= > # 3.5. domainRelatedObject > # > # The 'domainRelatedObject' object class is used to define =20 > entries that > # represent DNS domains that are "equivalent" to an X.500 domain, =20= > e.g., > # an organization or organizational unit. > # > > objectclass ( 0.9.2342.19200300.100.4.17 > NAME 'domainRelatedObject' > SUP top AUXILIARY > MUST associatedDomain ) > > # > # The 'top' object class is described in [RFC4512]. The > # 'associatedDomain' attribute type is described in Section 2 of =20= > this > # document. > # > # Example: > # > # dn: dc=3Dexample,dc=3Dcom > # objectClass: organization > # objectClass: dcObject > # objectClass: domainRelatedObject > # dc: example > # associatedDomain: example.com > # o: Example Organization > # > # The 'organization' and 'dcObject' object classes and the 'dc' =20 > and 'o' > # attribute types are described in [RFC4519]. > # > > # =20 > = --------------------------------------------------------------------------= > # 3.6. friendlyCountry > # > # The 'friendlyCountry' object class is used to define entries > # representing countries in the DIT. The object class is used to =20= > allow > # friendlier naming of countries than that allowed by the object =20= > class > # 'country' [RFC4519]. > # > > objectclass ( 0.9.2342.19200300.100.4.18 > NAME 'friendlyCountry' > SUP country STRUCTURAL > MUST co ) > > # > # The 'country' object class is described in [RFC4519]. The 'co' > # attribute type is described in Section 2 of this document. > # > # Example: > # > # dn: c=3DDE > # objectClass: country > # objectClass: friendlyCountry > # c: DE > # co: Deutschland > # co: Germany > # co: Federal Republic of Germany > # co: FRG > # > # The 'c' attribute type is described in [RFC4519]. > # > > # =20 > = --------------------------------------------------------------------------= > # 3.7. rFC822LocalPart > # > # The 'rFC822LocalPart' object class is used to define entries that > # represent the local part of Internet mail addresses [RFC2822]. =20= > This > # treats the local part of the address as a 'domain' object. > # > > objectclass ( 0.9.2342.19200300.100.4.14 > NAME 'rFC822localPart' > SUP domain STRUCTURAL > MAY ( cn $ description $ destinationIndicator $ > facsimileTelephoneNumber $ internationaliSDNNumber $ > physicalDeliveryOfficeName $ postalAddress $ postalCode $ > postOfficeBox $ preferredDeliveryMethod $ registeredAddress $ > seeAlso $ sn $ street $ telephoneNumber $ > teletexTerminalIdentifier $ telexNumber $ x121Address ) ) > > # > # The 'domain' object class is described in Section 3.4 of this > # document. The 'cn', 'description', 'destinationIndicator', > # 'facsimileTelephoneNumber', 'internationaliSDNNumber, > # 'physicalDeliveryOfficeName', 'postalAddress', 'postalCode', > # 'postOfficeBox', 'preferredDeliveryMethod', 'registeredAddress', > # 'seeAlso', 'sn, 'street', 'telephoneNumber', > # 'teletexTerminalIdentifier', 'telexNumber', and 'x121Address' > # attribute types are described in [RFC4519]. > # > # Example: > # > # dn: dc=3Dkdz,dc=3Dexample,dc=3Dcom > # objectClass: domain > # objectClass: rFC822LocalPart > # dc: kdz > # associatedName: cn=3DKurt D. =20 > Zeilenga,cn=3DPersons,dc=3DExample,dc=3DCOM > # > # The 'dc' attribute type is described in [RFC4519]. > # > > # =20 > = --------------------------------------------------------------------------= > # 3.8. room > # > # The 'room' object class is used to define entries representing =20= > rooms. > # The 'cn' (commonName) attribute SHOULD be used for naming =20 > entries of > # this object class. > # > > objectclass ( 0.9.2342.19200300.100.4.7 > NAME 'room' > SUP top STRUCTURAL > MUST cn > MAY ( roomNumber $ description $ seeAlso $ telephoneNumber ) ) > > # > # The 'top' object class is described in [RFC4512]. The 'cn', > # 'description', 'seeAlso', and 'telephoneNumber' attribute types =20= > are > # described in [RFC4519]. The 'roomNumber' attribute type is =20 > described > # in Section 2 of this document. > # > # dn: cn=3Dconference room,dc=3Dexample,dc=3Dcom > # objectClass: room > # cn: conference room > # telephoneNumber: +1 755 555 1111 > # > > # =20 > = --------------------------------------------------------------------------= > # 3.9. simpleSecurityObject > # > # The 'simpleSecurityObject' object class is used to require an =20 > entry > # to have a 'userPassword' attribute when the entry's structural =20= > object > # class does not require (or allow) the 'userPassword attribute'. > # > # (OpenLDAP-specific: Declared in core.schema) > # objectclass ( 0.9.2342.19200300.100.4.19 > # NAME 'simpleSecurityObject' > # SUP top AUXILIARY > # MUST userPassword ) > # > # The 'top' object class is described in [RFC4512]. The =20 > 'userPassword' > # attribute type is described in [RFC4519]. > # > # dn: dc=3Dkdz,dc=3DExample,dc=3DCOM > # objectClass: account > # objectClass: simpleSecurityObject > # uid: kdz > # userPassword: My Password > # seeAlso: cn=3DKurt D. Zeilenga,cn=3DPersons,dc=3DExample,dc=3DCO= M > # > > # =20 > = --------------------------------------------------------------------------= > # Object classes from RFC 1274 which are missing in RFC 4524 > # =20 > = --------------------------------------------------------------------------= > # > # 8.3.2. Pilot Person > # > # The PilotPerson object class is used as a sub-class of person, to > # allow the use of a number of additional attributes to be assigned =20= > to > # entries of object class person. > # > # pilotPerson OBJECT-CLASS > # SUBCLASS OF person > # MAY CONTAIN { > # userid, > # textEncodedORAddress, > # rfc822Mailbox, > # favouriteDrink, > # roomNumber, > # userClass, > # homeTelephoneNumber, > # homePostalAddress, > # secretary, > # personalTitle, > # preferredDeliveryMethod, > # businessCategory, > # janetMailbox, > # otherMailbox, > # mobileTelephoneNumber, > # pagerTelephoneNumber, > # organizationalStatus, > # mailPreferenceOption, > # personalSignature} > # ::=3D {pilotObjectClass 4} > # > > objectclass ( 0.9.2342.19200300.100.4.4 > NAME ( 'pilotPerson' 'newPilotPerson' ) > SUP person STRUCTURAL > MAY ( userid $ textEncodedORAddress $ rfc822Mailbox $ > favouriteDrink $ roomNumber $ userClass $ > homeTelephoneNumber $ homePostalAddress $ secretary $ > personalTitle $ preferredDeliveryMethod $ businessCategory $ > janetMailbox $ otherMailbox $ mobileTelephoneNumber $ > pagerTelephoneNumber $ organizationalStatus $ > mailPreferenceOption $ personalSignature ) ) > > # 8.3.9. DNS Domain > # > # The DNS Domain (Domain NameServer) object class is used to define > # entries for DNS domains. The usage of this object class is =20 > described > # in more detail in [3]. > # > # dNSDomain OBJECT-CLASS > # SUBCLASS OF domain > # MAY CONTAIN { > # ARecord, > # MDRecord, > # MXRecord, > # NSRecord, > # SOARecord, > # CNAMERecord} > # ::=3D {pilotObjectClass 15} > # > > objectclass ( 0.9.2342.19200300.100.4.15 > NAME 'dNSDomain' > SUP domain STRUCTURAL > MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $ > SOARecord $ CNAMERecord ) ) > > > --------------080004030402080700020504-- > >
