# $OpenLDAP$
## This work is part of OpenLDAP Software .
##
## Copyright 1998-2019 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## .
# DUA schema from draft-joslin-config-schema (a work in progress)
# Contents of this file are subject to change (including deletion)
# without notice.
#
# Not recommended for production use!
# Use with extreme caution!
## Notes:
## - The matching rule for attributes followReferrals and dereferenceAliases
## has been changed to booleanMatch since their syntax is boolean
## - There was a typo in the name of the dereferenceAliases attributeType
## in the DUAConfigProfile objectClass definition
## - Credit goes to the original Authors
#
# Application Working Group M. Ansari
# INTERNET-DRAFT Sun Microsystems, Inc.
# Expires February 2003 L. Howard
# PADL Software Pty. Ltd.
# B. Joslin [ed.]
# Hewlett-Packard Company
#
# September 15th, 2003
# Intended Category: Informational
#
#
# A Configuration Schema for LDAP Based
# Directory User Agents
#
#
#Status of this Memo
#
# This memo provides information for the Internet community. This
# memo does not specify an Internet standard of any kind. Distribu-
# tion of this memo is unlimited.
#
# This document is an Internet-Draft and is in full conformance with
# all provisions of Section 10 of RFC2026.
#
# This document is an Internet-Draft. Internet-Drafts are working
# documents of the Internet Engineering Task Force (IETF), its areas,
# and its working groups. Note that other groups may also distribute
# working documents as Internet-Drafts.
#
# Internet-Drafts are draft documents valid for a maximum of six
# months. Internet-Drafts may be updated, replaced, or made obsolete
# by other documents at any time. It is not appropriate to use
# Internet-Drafts as reference material or to cite them other than as
# a "working draft" or "work in progress".
#
# To learn the current status of any Internet-Draft, please check the
# 1id-abstracts.txt listing contained in the Internet-Drafts Shadow
# Directories on ds.internic.net (US East Coast), nic.nordu.net
# (Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific
# Rim).
#
# Distribution of this document is unlimited.
#
#
# Abstract
#
# This document describes a mechanism for global configuration of
# similar directory user agents. This document defines a schema for
# configuration of these DUAs that may be discovered using the Light-
# weight Directory Access Protocol in RFC 2251[17]. A set of attri-
# bute types and an objectclass are proposed, along with specific
# guidelines for interpreting them. A significant feature of the
# global configuration policy for DUAs is a mechanism that allows
# DUAs to re-configure their schema to that of the end user's
# environment. This configuration is achieved through attribute and
# objectclass mapping. This document is intended to be a skeleton
# for future documents that describe configuration of specific DUA
# services.
#
#
# [trimmed]
#
#
# 2. General Issues
#
# The schema defined by this document is defined under the "DUA Con-
# figuration Schema." This schema is derived from the OID: iso (1)
# org (3) dod (6) internet (1) private (4) enterprises (1) Hewlett-
# Packard Company (11) directory (1) LDAP-UX Integration Project (3)
# DUA Configuration Schema (1). This OID is represented in this
# document by the keystring "DUAConfSchemaOID"
# (1.3.6.1.4.1.11.1.3.1).
objectidentifier DUAConfSchemaOID 1.3.6.1.4.1.11.1.3.1
#
# 2.2 Attributes
#
# The attributes and classes defined in this document are summarized
# below.
#
# The following attributes are defined in this document:
#
# preferredServerList
# defaultServerList
# defaultSearchBase
# defaultSearchScope
# authenticationMethod
# credentialLevel
# serviceSearchDescriptor
#
#
#
# Joslin [Page 3]
# Internet-Draft DUA Configuration Schema October 2002
#
#
# serviceCredentialLevel
# serviceAuthenticationMethod
# attributeMap
# objectclassMap
# searchTimeLimit
# bindTimeLimit
# followReferrals
# dereferenceAliases
# profileTTL
#
# 2.3 Object Classes
#
# The following object class is defined in this document:
#
# DUAConfigProfile
#
#
attributeType ( DUAConfSchemaOID:1.0 NAME 'defaultServerList'
DESC 'Default LDAP server host address used by a DUA'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
attributeType ( DUAConfSchemaOID:1.1 NAME 'defaultSearchBase'
DESC 'Default LDAP base DN used by a DUA'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
SINGLE-VALUE )
attributeType ( DUAConfSchemaOID:1.2 NAME 'preferredServerList'
DESC 'Preferred LDAP server host addresses to be used by a
DUA'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
attributeType ( DUAConfSchemaOID:1.3 NAME 'searchTimeLimit'
DESC 'Maximum time in seconds a DUA should allow for a
search to complete'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributeType ( DUAConfSchemaOID:1.4 NAME 'bindTimeLimit'
DESC 'Maximum time in seconds a DUA should allow for the
bind operation to complete'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributeType ( DUAConfSchemaOID:1.5 NAME 'followReferrals'
DESC 'Tells DUA if it should follow referrals
returned by a DSA search result'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE )
attributeType ( DUAConfSchemaOID:1.16 NAME 'dereferenceAliases'
DESC 'Tells DUA if it should dereference aliases'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE )
attributeType ( DUAConfSchemaOID:1.6 NAME 'authenticationMethod'
DESC 'A keystring which identifies the type of
authentication method used to contact the DSA'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
attributeType ( DUAConfSchemaOID:1.7 NAME 'profileTTL'
DESC 'Time to live, in seconds, before a client DUA
should re-read this configuration profile'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributeType ( DUAConfSchemaOID:1.14 NAME 'serviceSearchDescriptor'
DESC 'LDAP search descriptor list used by a DUA'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributeType ( DUAConfSchemaOID:1.9 NAME 'attributeMap'
DESC 'Attribute mappings used by a DUA'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributeType ( DUAConfSchemaOID:1.10 NAME 'credentialLevel'
DESC 'Identifies type of credentials a DUA should
use when binding to the LDAP server'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
attributeType ( DUAConfSchemaOID:1.11 NAME 'objectclassMap'
DESC 'Objectclass mappings used by a DUA'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributeType ( DUAConfSchemaOID:1.12 NAME 'defaultSearchScope'
DESC 'Default search scope used by a DUA'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
attributeType ( DUAConfSchemaOID:1.13 NAME 'serviceCredentialLevel'
DESC 'Identifies type of credentials a DUA
should use when binding to the LDAP server for a
specific service'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributeType ( DUAConfSchemaOID:1.15 NAME 'serviceAuthenticationMethod'
DESC 'Authentication method used by a service of the DUA'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
#
# 4. Class Definition
#
# The objectclass below is constructed from the attributes defined in
# 3, with the exception of the cn attribute, which is defined in RFC
# 2256 [8]. cn is used to represent the name of the DUA configura-
# tion profile.
#
objectClass ( DUAConfSchemaOID:2.5 NAME 'DUAConfigProfile'
SUP top STRUCTURAL
DESC 'Abstraction of a base configuration for a DUA'
MUST ( cn )
MAY ( defaultServerList $ preferredServerList $
defaultSearchBase $ defaultSearchScope $
searchTimeLimit $ bindTimeLimit $
credentialLevel $ authenticationMethod $
followReferrals $ dereferenceAliases $
serviceSearchDescriptor $ serviceCredentialLevel $
serviceAuthenticationMethod $ objectclassMap $
attributeMap $ profileTTL ) )