mirror of
https://git.openldap.org/openldap/openldap.git
synced 2024-12-21 03:10:25 +08:00
ac49f25f75
former is a pseudo attribute type used internally by slapd to represent the distinguished name of an entry and its existance should not be visible. The latter is an "abstract" attribute type that is not meant to exist in practice except as supertype of other dn-valued types. So, the definition of attribute type 2.5.4.49 has been changed to be just distinguishedName. Work on the OPENLDAP_DEVEL_SCHEMA branch will treat pseudo attributes especially and will not be visible to the clients.
452 lines
16 KiB
Plaintext
452 lines
16 KiB
Plaintext
|
|
# OpenLDAP Core schema
|
|
# Includes "standard" schema items from RFC2251-RFC2256
|
|
|
|
# Standard X.501(93) Operational Attribute Types from RFC2252
|
|
|
|
attribute ( 2.5.18.1 NAME 'createTimestamp' EQUALITY generalizedTimeMatch
|
|
ORDERING generalizedTimeOrderingMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
|
|
SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
|
|
|
|
attribute ( 2.5.18.2 NAME 'modifyTimestamp' EQUALITY generalizedTimeMatch
|
|
ORDERING generalizedTimeOrderingMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
|
|
SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
|
|
|
|
attribute ( 2.5.18.3 NAME 'creatorsName' EQUALITY distinguishedNameMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
|
|
SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
|
|
|
|
attribute ( 2.5.18.4 NAME 'modifiersName' EQUALITY distinguishedNameMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
|
|
SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
|
|
|
|
attribute ( 2.5.18.10 NAME 'subschemaSubentry'
|
|
EQUALITY distinguishedNameMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICATION
|
|
SINGLE-VALUE USAGE directoryOperation )
|
|
|
|
attribute ( 2.5.21.5 NAME 'attributeTypes'
|
|
EQUALITY objectIdentifierFirstComponentMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.3 USAGE directoryOperation )
|
|
|
|
attribute ( 2.5.21.6 NAME 'objectClasses'
|
|
EQUALITY objectIdentifierFirstComponentMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.37 USAGE directoryOperation )
|
|
|
|
attribute ( 2.5.21.4 NAME 'matchingRules'
|
|
EQUALITY objectIdentifierFirstComponentMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.30 USAGE directoryOperation )
|
|
|
|
attribute ( 2.5.21.8 NAME 'matchingRuleUse'
|
|
EQUALITY objectIdentifierFirstComponentMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.31 USAGE directoryOperation )
|
|
|
|
# LDAP Operational Attributes from RFC2252
|
|
|
|
attribute ( 1.3.6.1.4.1.1466.101.120.5 NAME 'namingContexts'
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 USAGE dSAOperation )
|
|
|
|
attribute ( 1.3.6.1.4.1.1466.101.120.6 NAME 'altServer'
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE dSAOperation )
|
|
|
|
attribute ( 1.3.6.1.4.1.1466.101.120.7 NAME 'supportedExtension'
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation )
|
|
|
|
attribute ( 1.3.6.1.4.1.1466.101.120.13 NAME 'supportedControl'
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation )
|
|
|
|
attribute ( 1.3.6.1.4.1.1466.101.120.14 NAME 'supportedSASLMechanisms'
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE dSAOperation )
|
|
|
|
attribute ( 1.3.6.1.4.1.1466.101.120.15 NAME 'supportedLDAPVersion'
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 USAGE dSAOperation )
|
|
|
|
# LDAP Subschema Atrribute from RFC2252
|
|
|
|
attribute ( 1.3.6.1.4.1.1466.101.120.16 NAME 'ldapSyntaxes'
|
|
EQUALITY objectIdentifierFirstComponentMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.54 USAGE directoryOperation )
|
|
|
|
# X.500 Subschema attributes from RFC2252
|
|
|
|
attribute ( 2.5.21.1 NAME 'dITStructureRules' EQUALITY integerFirstComponentMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.17 USAGE directoryOperation )
|
|
|
|
attribute ( 2.5.21.7 NAME 'nameForms'
|
|
EQUALITY objectIdentifierFirstComponentMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.35 USAGE directoryOperation )
|
|
|
|
attribute ( 2.5.21.2 NAME 'dITContentRules'
|
|
EQUALITY objectIdentifierFirstComponentMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.16 USAGE directoryOperation )
|
|
|
|
# Object Classes from RFC2252
|
|
|
|
# extensibleObject moved forward, since it depends on top
|
|
# ldapSyntaxes (operational) is admissible in next:
|
|
|
|
objectclass ( 2.5.20.1 NAME 'subschema' AUXILIARY
|
|
MAY ( dITStructureRules $ nameForms $ ditContentRules $
|
|
objectClasses $ attributeTypes $ matchingRules $
|
|
matchingRuleUse ) )
|
|
|
|
# Standard attribute types from RFC2256
|
|
|
|
attribute ( 2.5.4.0 NAME 'objectClass' EQUALITY objectIdentifierMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
|
|
|
|
attribute ( 2.5.4.1 NAME 'aliasedObjectName' EQUALITY distinguishedNameMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
|
|
|
|
# Defined, but no longer used
|
|
|
|
attribute ( 2.5.4.2 NAME 'knowledgeInformation' EQUALITY caseIgnoreMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
|
|
|
|
# Place here since other attribute types derive from it
|
|
|
|
attribute ( 2.5.4.41 NAME 'name' EQUALITY caseIgnoreMatch
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
|
|
|
|
attribute ( 2.5.4.3 NAME ( 'cn' 'commonName' ) SUP name )
|
|
|
|
attribute ( 2.5.4.4 NAME ( 'sn' 'surname' ) SUP name )
|
|
|
|
attribute ( 2.5.4.5 NAME 'serialNumber' EQUALITY caseIgnoreMatch
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} )
|
|
|
|
# (2-letter code from ISO 3166)
|
|
|
|
attribute ( 2.5.4.6 NAME ( 'c' 'countryName' ) SUP name SINGLE-VALUE )
|
|
|
|
attribute ( 2.5.4.7 NAME ( 'l' 'localityName' ) SUP name )
|
|
|
|
attribute ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' ) SUP name )
|
|
|
|
attribute ( 2.5.4.9 NAME ( 'street' 'streetAddress' ) EQUALITY caseIgnoreMatch
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
|
|
|
|
attribute ( 2.5.4.10 NAME ( 'o' 'organizationName' ) SUP name )
|
|
|
|
attribute ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' ) SUP name )
|
|
|
|
attribute ( 2.5.4.12 NAME 'title' SUP name )
|
|
|
|
attribute ( 2.5.4.13 NAME 'description' EQUALITY caseIgnoreMatch
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
|
|
|
|
# Obsoleted by enhancedSearchGuide
|
|
|
|
attribute ( 2.5.4.14 NAME 'searchGuide'
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 )
|
|
|
|
attribute ( 2.5.4.15 NAME 'businessCategory' EQUALITY caseIgnoreMatch
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
|
|
|
|
# Show stopper: we don't have the definition of caseIgnoreListSubstringsMatch
|
|
#attribute ( 2.5.4.16 NAME 'postalAddress' EQUALITY caseIgnoreListMatch
|
|
# SUBSTR caseIgnoreListSubstringsMatch
|
|
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
|
|
attribute ( 2.5.4.16 NAME 'postalAddress' EQUALITY caseIgnoreListMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
|
|
|
|
attribute ( 2.5.4.17 NAME 'postalCode' EQUALITY caseIgnoreMatch
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
|
|
|
|
attribute ( 2.5.4.18 NAME 'postOfficeBox' EQUALITY caseIgnoreMatch
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
|
|
|
|
attribute ( 2.5.4.19 NAME 'physicalDeliveryOfficeName' EQUALITY caseIgnoreMatch
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
|
|
|
|
attribute ( 2.5.4.20 NAME 'telephoneNumber' EQUALITY telephoneNumberMatch
|
|
SUBSTR telephoneNumberSubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} )
|
|
|
|
attribute ( 2.5.4.21 NAME 'telexNumber'
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 )
|
|
|
|
attribute ( 2.5.4.22 NAME 'teletexTerminalIdentifier'
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 )
|
|
|
|
attribute ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' )
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 )
|
|
|
|
attribute ( 2.5.4.24 NAME 'x121Address' EQUALITY numericStringMatch
|
|
SUBSTR numericStringSubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} )
|
|
|
|
attribute ( 2.5.4.25 NAME 'internationaliSDNNumber' EQUALITY numericStringMatch
|
|
SUBSTR numericStringSubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} )
|
|
|
|
attribute ( 2.5.4.26 NAME 'registeredAddress' SUP postalAddress
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
|
|
|
|
attribute ( 2.5.4.27 NAME 'destinationIndicator' EQUALITY caseIgnoreMatch
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} )
|
|
|
|
attribute ( 2.5.4.28 NAME 'preferredDeliveryMethod'
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.14
|
|
SINGLE-VALUE )
|
|
|
|
attribute ( 2.5.4.29 NAME 'presentationAddress'
|
|
EQUALITY presentationAddressMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.43
|
|
SINGLE-VALUE )
|
|
|
|
attribute ( 2.5.4.30 NAME 'supportedApplicationContext'
|
|
EQUALITY objectIdentifierMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
|
|
|
|
# Placed here because others derive from it.
|
|
|
|
# We had a dn definition in slapd.at.conf and Netscape lists both
|
|
# names for that OID. This is wrong, 'dn' is used internally in slapd
|
|
# as the name of a pseudo-attribute type that contains the
|
|
# distinguished name of an entry. On the other hand, the attribute
|
|
# type distinguishedName is meant to be an "abstract" type and other
|
|
# dn-valued attribute types derive from it. So at most, 'dn' would
|
|
# be a subtype of distinguishedName.
|
|
|
|
attribute ( 2.5.4.49 NAME 'distinguishedName'
|
|
EQUALITY distinguishedNameMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
|
|
|
|
attribute ( 2.5.4.31 NAME 'member' SUP distinguishedName )
|
|
|
|
attribute ( 2.5.4.32 NAME 'owner' SUP distinguishedName )
|
|
|
|
attribute ( 2.5.4.33 NAME 'roleOccupant' SUP distinguishedName )
|
|
|
|
attribute ( 2.5.4.34 NAME 'seeAlso' SUP distinguishedName )
|
|
|
|
attribute ( 2.5.4.35 NAME 'userPassword' EQUALITY octetStringMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
|
|
|
|
# Must be stored and requested in the binary form, as
|
|
# userCertificate;binary
|
|
|
|
attribute ( 2.5.4.36 NAME 'userCertificate'
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
|
|
|
|
# As above
|
|
|
|
attribute ( 2.5.4.37 NAME 'cACertificate'
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
|
|
|
|
# As above
|
|
|
|
attribute ( 2.5.4.38 NAME 'authorityRevocationList'
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
|
|
|
|
# As above
|
|
|
|
attribute ( 2.5.4.39 NAME 'certificateRevocationList'
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
|
|
|
|
# As above
|
|
|
|
attribute ( 2.5.4.40 NAME 'crossCertificatePair'
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 )
|
|
|
|
# 2.5.4.41 is 'name', moved above since other attribute types derive from it
|
|
|
|
attribute ( 2.5.4.42 NAME 'givenName' SUP name )
|
|
|
|
attribute ( 2.5.4.43 NAME 'initials' SUP name )
|
|
|
|
attribute ( 2.5.4.45 NAME 'x500UniqueIdentifier' EQUALITY bitStringMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )
|
|
|
|
attribute ( 2.5.4.46 NAME 'dnQualifier' EQUALITY caseIgnoreMatch
|
|
ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
|
|
|
|
attribute ( 2.5.4.47 NAME 'enhancedSearchGuide'
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 )
|
|
|
|
attribute ( 2.5.4.48 NAME 'protocolInformation'
|
|
EQUALITY protocolInformationMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 )
|
|
|
|
# 2.5.4.49 is distinguishedName, moved up
|
|
|
|
attribute ( 2.5.4.50 NAME 'uniqueMember' EQUALITY uniqueMemberMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 )
|
|
|
|
attribute ( 2.5.4.51 NAME 'houseIdentifier' EQUALITY caseIgnoreMatch
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
|
|
|
|
# This attribute is to be stored and requested in the binary form, as
|
|
# 'supportedAlgorithms;binary'.
|
|
|
|
attribute ( 2.5.4.52 NAME 'supportedAlgorithms'
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 )
|
|
|
|
# This attribute is to be stored and requested in the binary form, as
|
|
# 'deltaRevocationList;binary'.
|
|
|
|
attribute ( 2.5.4.53 NAME 'deltaRevocationList'
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
|
|
|
|
attribute ( 2.5.4.54 NAME 'dmdName' SUP name )
|
|
|
|
# Standard object classes from RFC2256
|
|
|
|
objectclass ( 2.5.6.0 NAME 'top' ABSTRACT MUST objectClass )
|
|
|
|
objectclass ( 2.5.6.1 NAME 'alias' SUP top STRUCTURAL MUST aliasedObjectName )
|
|
|
|
objectclass ( 2.5.6.2 NAME 'country' SUP top STRUCTURAL MUST c
|
|
MAY ( searchGuide $ description ) )
|
|
|
|
objectclass ( 2.5.6.3 NAME 'locality' SUP top STRUCTURAL
|
|
MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) )
|
|
|
|
objectclass ( 2.5.6.4 NAME 'organization' SUP top STRUCTURAL MUST o
|
|
MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
|
|
x121Address $ registeredAddress $ destinationIndicator $
|
|
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
|
|
telephoneNumber $ internationaliSDNNumber $
|
|
facsimileTelephoneNumber $
|
|
street $ postOfficeBox $ postalCode $ postalAddress $
|
|
physicalDeliveryOfficeName $ st $ l $ description ) )
|
|
|
|
objectclass ( 2.5.6.5 NAME 'organizationalUnit' SUP top STRUCTURAL MUST ou
|
|
MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
|
|
x121Address $ registeredAddress $ destinationIndicator $
|
|
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
|
|
telephoneNumber $ internationaliSDNNumber $
|
|
facsimileTelephoneNumber $
|
|
street $ postOfficeBox $ postalCode $ postalAddress $
|
|
physicalDeliveryOfficeName $ st $ l $ description ) )
|
|
|
|
objectclass ( 2.5.6.6 NAME 'person' SUP top STRUCTURAL MUST ( sn $ cn )
|
|
MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) )
|
|
|
|
objectclass ( 2.5.6.7 NAME 'organizationalPerson' SUP person STRUCTURAL
|
|
MAY ( title $ x121Address $ registeredAddress $
|
|
destinationIndicator $
|
|
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
|
|
telephoneNumber $ internationaliSDNNumber $
|
|
facsimileTelephoneNumber $
|
|
street $ postOfficeBox $ postalCode $ postalAddress $
|
|
physicalDeliveryOfficeName $ ou $ st $ l ) )
|
|
|
|
# Notice that preferredDeliveryMethod is duplicate
|
|
|
|
objectclass ( 2.5.6.8 NAME 'organizationalRole' SUP top STRUCTURAL MUST cn
|
|
MAY ( x121Address $ registeredAddress $ destinationIndicator $
|
|
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
|
|
telephoneNumber $ internationaliSDNNumber $
|
|
facsimileTelephoneNumber $
|
|
seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $
|
|
postOfficeBox $ postalCode $ postalAddress $
|
|
physicalDeliveryOfficeName $ ou $ st $ l $ description ) )
|
|
|
|
objectclass ( 2.5.6.9 NAME 'groupOfNames' SUP top STRUCTURAL MUST ( member $ cn )
|
|
MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
|
|
|
|
# Notice that preferredDeliveryMethod is duplicate
|
|
# It seems they could not agree on wheter telephoneNumber is MAY
|
|
# in person. Probably it wasn't originally at was added as an
|
|
# afterthought
|
|
|
|
objectclass ( 2.5.6.10 NAME 'residentialPerson' SUP person STRUCTURAL MUST l
|
|
MAY ( businessCategory $ x121Address $ registeredAddress $
|
|
destinationIndicator $ preferredDeliveryMethod $ telexNumber $
|
|
teletexTerminalIdentifier $ telephoneNumber $
|
|
internationaliSDNNumber $
|
|
facsimileTelephoneNumber $ preferredDeliveryMethod $ street $
|
|
postOfficeBox $ postalCode $ postalAddress $
|
|
physicalDeliveryOfficeName $ st $ l ) )
|
|
|
|
objectclass ( 2.5.6.11 NAME 'applicationProcess' SUP top STRUCTURAL MUST cn
|
|
MAY ( seeAlso $ ou $ l $ description ) )
|
|
|
|
objectclass ( 2.5.6.12 NAME 'applicationEntity' SUP top STRUCTURAL
|
|
MUST ( presentationAddress $ cn )
|
|
MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $
|
|
description ) )
|
|
|
|
# This one was wrong in our schema, it only allowed the aditional
|
|
# knowledgeInformation attribute, while it is derived from
|
|
# applicationEntity and should allow all its attributes as well.
|
|
|
|
objectclass ( 2.5.6.13 NAME 'dSA' SUP applicationEntity STRUCTURAL
|
|
MAY knowledgeInformation )
|
|
|
|
objectclass ( 2.5.6.14 NAME 'device' SUP top STRUCTURAL MUST cn
|
|
MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) )
|
|
|
|
objectclass ( 2.5.6.15 NAME 'strongAuthenticationUser' SUP top AUXILIARY
|
|
MUST userCertificate )
|
|
|
|
objectclass ( 2.5.6.16 NAME 'certificationAuthority' SUP top AUXILIARY
|
|
MUST ( authorityRevocationList $ certificateRevocationList $
|
|
cACertificate ) MAY crossCertificatePair )
|
|
|
|
# New
|
|
|
|
objectclass ( 2.5.6.17 NAME 'groupOfUniqueNames' SUP top STRUCTURAL
|
|
MUST ( uniqueMember $ cn )
|
|
MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
|
|
|
|
# New
|
|
|
|
objectclass ( 2.5.6.18 NAME 'userSecurityInformation' SUP top AUXILIARY
|
|
MAY ( supportedAlgorithms ) )
|
|
|
|
# New
|
|
|
|
objectclass ( 2.5.6.16.2 NAME 'certificationAuthority-V2' SUP
|
|
certificationAuthority
|
|
AUXILIARY MAY ( deltaRevocationList ) )
|
|
|
|
# New
|
|
|
|
objectclass ( 2.5.6.19 NAME 'cRLDistributionPoint' SUP top STRUCTURAL
|
|
MUST ( cn ) MAY ( certificateRevocationList $
|
|
authorityRevocationList $
|
|
deltaRevocationList ) )
|
|
|
|
# New
|
|
|
|
objectclass ( 2.5.6.20 NAME 'dmd' SUP top STRUCTURAL MUST ( dmdName )
|
|
MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
|
|
x121Address $ registeredAddress $ destinationIndicator $
|
|
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
|
|
telephoneNumber $ internationaliSDNNumber $
|
|
facsimileTelephoneNumber $
|
|
street $ postOfficeBox $ postalCode $ postalAddress $
|
|
physicalDeliveryOfficeName $ st $ l $ description ) )
|
|
|
|
# Next objectclass is defined in RFC2252, but has to be put after top
|
|
|
|
objectclass ( 1.3.6.1.4.1.1466.101.120.111 NAME 'extensibleObject'
|
|
SUP top AUXILIARY )
|
|
|
|
#
|
|
# From draft-ietf-ldapext-nameref-00.txt
|
|
# used to represent referrals in the directory
|
|
#
|
|
attribute ( 2.16.840.1.113730.3.1.34 NAME 'ref' DESC 'URL Reference'
|
|
EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.1466.115.121.1.26
|
|
USAGE distributedOperation )
|
|
|
|
objectclass ( 2.16.840.1.113730.3.2.6 NAME 'referral'
|
|
SUP top STRUCTURAL MAY ( ref ) )
|