0001-delete-authentic2-provisionning-ldap-plugin-44334.patch
MANIFEST.in | ||
---|---|---|
49 | 49 |
recursive-include src/authentic2_auth_fc *.json |
50 | 50 | |
51 | 51 |
recursive-include src/authentic2 README |
52 |
recursive-include src/authentic2_provisionning_ldap/tests *.ldif |
|
53 |
recursive-include src/authentic2_provisionning_ldap/tests *.ldif |
|
54 | 52 | |
55 | 53 |
include doc/*.rst |
56 | 54 |
include doc/pictures/* |
setup.py | ||
---|---|---|
166 | 166 |
'install_lib': install_lib, |
167 | 167 |
'compile_translations': compile_translations, |
168 | 168 |
'sdist': sdist, |
169 |
}, |
|
170 |
entry_points={ |
|
171 |
'authentic2.plugin': [ |
|
172 |
'authentic2-provisionning-ldap = authentic2_provisionning_ldap:Plugin', |
|
173 |
], |
|
174 | 169 |
}) |
src/authentic2/settings.py | ||
---|---|---|
142 | 142 |
'authentic2.attribute_aggregator', |
143 | 143 |
'authentic2.disco_service', |
144 | 144 |
'authentic2.manager', |
145 |
'authentic2_provisionning_ldap', |
|
146 | 145 |
'authentic2', |
147 | 146 |
'django_rbac', |
148 | 147 |
'authentic2.a2_rbac', |
src/authentic2_provisionning_ldap/__init__.py | ||
---|---|---|
1 |
class Plugin(object): |
|
2 |
def get_apps(self): |
|
3 |
return [__name__] |
src/authentic2_provisionning_ldap/app_settings.py | ||
---|---|---|
1 |
# authentic2 - versatile identity manager |
|
2 |
# Copyright (C) 2010-2019 Entr'ouvert |
|
3 |
# |
|
4 |
# This program is free software: you can redistribute it and/or modify it |
|
5 |
# under the terms of the GNU Affero General Public License as published |
|
6 |
# by the Free Software Foundation, either version 3 of the License, or |
|
7 |
# (at your option) any later version. |
|
8 |
# |
|
9 |
# This program is distributed in the hope that it will be useful, |
|
10 |
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
11 |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
12 |
# GNU Affero General Public License for more details. |
|
13 |
# |
|
14 |
# You should have received a copy of the GNU Affero General Public License |
|
15 |
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
16 | ||
17 |
import sys |
|
18 | ||
19 | ||
20 |
class AppSettings(object): |
|
21 |
__DEFAULTS = { |
|
22 |
'RESSOURCES': {}, |
|
23 |
} |
|
24 | ||
25 |
def __init__(self, prefix): |
|
26 |
self.prefix = prefix |
|
27 | ||
28 |
def _setting(self, name, dflt): |
|
29 |
from django.conf import settings |
|
30 |
return getattr(settings, self.prefix + name, dflt) |
|
31 | ||
32 |
def __getattr__(self, name): |
|
33 |
if name not in self.__DEFAULTS: |
|
34 |
raise AttributeError(name) |
|
35 |
return self._setting(name, self.__DEFAULTS[name]) |
|
36 | ||
37 | ||
38 |
# Ugly? Guido recommends this himself ... |
|
39 |
# http://mail.python.org/pipermail/python-ideas/2012-May/014969.html |
|
40 |
app_settings = AppSettings('A2_PROVISIONNING_') |
|
41 |
app_settings.__name__ = __name__ |
|
42 |
sys.modules[__name__] = app_settings |
src/authentic2_provisionning_ldap/management/commands/provision.py | ||
---|---|---|
1 |
# authentic2 - versatile identity manager |
|
2 |
# Copyright (C) 2010-2019 Entr'ouvert |
|
3 |
# |
|
4 |
# This program is free software: you can redistribute it and/or modify it |
|
5 |
# under the terms of the GNU Affero General Public License as published |
|
6 |
# by the Free Software Foundation, either version 3 of the License, or |
|
7 |
# (at your option) any later version. |
|
8 |
# |
|
9 |
# This program is distributed in the hope that it will be useful, |
|
10 |
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
11 |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
12 |
# GNU Affero General Public License for more details. |
|
13 |
# |
|
14 |
# You should have received a copy of the GNU Affero General Public License |
|
15 |
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
16 | ||
17 |
from __future__ import print_function |
|
18 | ||
19 |
try: |
|
20 |
import ldap |
|
21 |
from ldap.dn import str2dn, dn2str |
|
22 |
from ldap.filter import filter_format |
|
23 |
except ImportError: |
|
24 |
ldap = None |
|
25 |
from ldaptools import paged |
|
26 | ||
27 |
from django.contrib.auth import get_user_model |
|
28 |
from django.core.management.base import BaseCommand |
|
29 |
from django.utils import six |
|
30 | ||
31 |
from authentic2.attributes_ng.engine import get_attributes |
|
32 |
from authentic2 import utils |
|
33 | ||
34 |
from authentic2_provisionning_ldap import app_settings |
|
35 | ||
36 |
User = get_user_model() |
|
37 | ||
38 |
ADD = 1 |
|
39 |
REPLACE = 2 |
|
40 |
DELETE = 3 |
|
41 | ||
42 | ||
43 |
class Command(BaseCommand): |
|
44 |
can_import_django_settings = True |
|
45 |
output_transaction = True |
|
46 |
requires_system_checks = True |
|
47 | ||
48 |
def add_arguments(self, parser): |
|
49 |
parser.add_argument('target_resource', nargs='*') |
|
50 |
parser.add_argument( |
|
51 |
'--fake', action='store_true', default=False, help='Do nothing, just simulate' |
|
52 |
) |
|
53 |
parser.add_argument( |
|
54 |
'--batch-size', action='store', type='int', default=200, help='Batch size' |
|
55 |
) |
|
56 | ||
57 |
def handle(self, *args, **options): |
|
58 |
ressources = app_settings.RESSOURCES |
|
59 |
if options['target_resource']: |
|
60 |
ressources = [ressource for ressource in ressources if ressource.get('name') in options['target_resource']] |
|
61 |
for ressource in ressources: |
|
62 |
self.sync_ressource(ressource, **options) |
|
63 | ||
64 |
def sync_ressource(self, ressource, **options): |
|
65 |
self.sync_ldap_ressource(ressource, **options) |
|
66 | ||
67 |
def add_values(self, ldap_attributes, ldap_attribute, values): |
|
68 |
if not isinstance(values, (list, tuple)): |
|
69 |
values = [values] |
|
70 |
ldap_values = ldap_attributes.setdefault(ldap_attribute, []) |
|
71 |
for value in values: |
|
72 |
if isinstance(value, six.text_type): |
|
73 |
value = value.encode('utf-8') |
|
74 |
elif isinstance(value, str): |
|
75 |
pass # must be well encoded |
|
76 |
else: |
|
77 |
raise NotImplementedError('value %r not supported' % value) |
|
78 |
ldap_values.append(value) |
|
79 | ||
80 |
def build_dn_and_filter(self, ressource, ldap_attributes): |
|
81 |
'''Build the target record dn''' |
|
82 |
base_dn = ressource['base_dn'] |
|
83 |
rdn_attributes = ressource['rdn_attributes'] |
|
84 |
dn = str2dn(base_dn) |
|
85 |
rdn = [] |
|
86 |
for ldap_attribute in rdn_attributes: |
|
87 |
values = ldap_attributes.get(ldap_attribute, []) |
|
88 |
assert len(values) == 1, 'RDN attribute must have exactly one value %r %r' % \ |
|
89 |
(rdn_attributes, ldap_attributes) |
|
90 |
rdn.append((ldap_attribute, values[0], 1)) |
|
91 |
dn = [rdn] + dn |
|
92 |
return dn2str(dn), ('&', [(a, b) for a, b, c in rdn]) |
|
93 | ||
94 |
def format_filter(self, filters): |
|
95 |
if isinstance(filters, six.string_types): |
|
96 |
return filters |
|
97 |
assert len(filters) == 2, 'filters %r' % (filters,) |
|
98 |
if isinstance(filters[1], (list, tuple)): |
|
99 |
return '(%s%s)' % (filters[0], ''.join(self.format_filter(x) for x in filters[1])) |
|
100 |
else: |
|
101 |
return filter_format('(%s=%%s)' % filters[0], (filters[1],)) |
|
102 | ||
103 |
def sync_ldap_ressource(self, ressource, **options): |
|
104 |
verbosity = int(options['verbosity']) |
|
105 |
fake = options['fake'] |
|
106 |
# FIXME: Check ressource well formedness |
|
107 |
conn = paged.PagedLDAPObject(ressource['url'], retry_max=10, retry_delay=2) |
|
108 |
base_dn = ressource['base_dn'] |
|
109 |
use_tls = ressource.get('use_tls') |
|
110 |
bind_dn = ressource.get('bind_dn') |
|
111 |
bind_pw = ressource.get('bind_pw') |
|
112 |
if use_tls: |
|
113 |
conn.start_tls_s() |
|
114 |
if bind_dn: |
|
115 |
conn.simple_bind_s(bind_dn, bind_pw) |
|
116 |
attribute_mapping = utils.lower_keys(ressource['attribute_mapping']) |
|
117 |
static_attributes = utils.lower_keys(ressource.get('static_attributes', {})) |
|
118 |
format_mapping = utils.lower_keys(ressource.get('format_mapping', {})) |
|
119 |
attributes = set(attribute_mapping.keys()) | set(static_attributes.keys()) |
|
120 |
default_ctx = ressource.get('attribute_context', {}) |
|
121 |
ldap_filter = ressource.get('ldap_filter', '(objectclass=*)') |
|
122 |
delete = ressource.get('delete', True) |
|
123 |
qs = User.objects.filter(**ressource.get('a2_filter', {})) |
|
124 |
todelete = set() |
|
125 |
user_dns = set() |
|
126 |
for batch in utils.batch(qs, options['batch_size']): |
|
127 |
ldap_users = {} |
|
128 |
filters = [] |
|
129 |
for user in batch: |
|
130 |
ctx = default_ctx.copy() |
|
131 |
ctx['user'] = user |
|
132 |
ctx = get_attributes(ctx) |
|
133 |
ldap_attributes = {} |
|
134 |
for ldap_attribute, a2_attributes in attribute_mapping.items(): |
|
135 |
if not isinstance(a2_attributes, (tuple, list)): |
|
136 |
a2_attributes = [a2_attributes] |
|
137 |
for a2_attribute in a2_attributes: |
|
138 |
self.add_values(ldap_attributes, ldap_attribute, ctx.get(a2_attribute)) |
|
139 |
for ldap_attribute, values in static_attributes.items(): |
|
140 |
self.add_values(ldap_attributes, ldap_attribute, values) |
|
141 |
for ldap_attribute, fmt_tpls in format_mapping.items(): |
|
142 |
for fmt_tpl in fmt_tpls: |
|
143 |
self.add_values(ldap_attributes, ldap_attribute, [fmt_tpl.format(**ctx)]) |
|
144 |
dn, filt = self.build_dn_and_filter(ressource, ldap_attributes) |
|
145 |
user_dns.add(dn) |
|
146 |
ldap_users[dn] = ldap_attributes |
|
147 |
filters.append(filt) |
|
148 |
batch_filter = ldap_filter |
|
149 |
if filters: |
|
150 |
batch_filter = self.format_filter(('&', (batch_filter, ('|', filters)))) |
|
151 |
existing_dn = set() |
|
152 |
for dn, entry in conn.paged_search_ext_s( |
|
153 |
base_dn, |
|
154 |
ldap.SCOPE_SUBTREE, |
|
155 |
batch_filter, list(attributes)): |
|
156 |
entry = utils.to_dict_of_set(utils.lower_keys(entry)) |
|
157 |
if dn not in ldap_users: |
|
158 |
todelete.add(dn) |
|
159 |
continue |
|
160 |
if entry == utils.to_dict_of_set(ldap_users[dn]): |
|
161 |
# no need to update, entry is already ok |
|
162 |
del ldap_users[dn] |
|
163 |
continue |
|
164 |
existing_dn.add(dn) |
|
165 |
for dn, ldap_attributes in ldap_users.items(): |
|
166 |
if dn in existing_dn: |
|
167 |
modlist = [] |
|
168 |
for key, values in ldap_attributes: |
|
169 |
modlist.append((ldap.MOD_REPLACE, key, values)) |
|
170 |
if not fake: |
|
171 |
conn.modify(dn, modlist) |
|
172 |
if verbosity > 1: |
|
173 |
print('- Replace %s values for %s' % (dn, ', '.join(ldap_attributes.keys()))) |
|
174 |
else: |
|
175 |
if not fake: |
|
176 |
conn.add(dn, ldap.modlist.addModlist(ldap_attributes)) |
|
177 |
if verbosity > 1: |
|
178 |
print('- Add %s with values for %s' % (dn, ', '.join(ldap_attributes.keys()))) |
|
179 |
# wait for results |
|
180 |
if not fake: |
|
181 |
for x in ldap_users: |
|
182 |
conn.result() |
|
183 |
for dn, entry in conn.paged_search_ext_s(base_dn, ldap.SCOPE_SUBTREE, ldap_filter): |
|
184 |
# ignore the basedn |
|
185 |
if dn == base_dn: |
|
186 |
continue |
|
187 |
if dn not in user_dns and dn not in todelete: |
|
188 |
if not fake: |
|
189 |
todelete.add(dn) |
|
190 |
if delete: |
|
191 |
if verbosity > 1: |
|
192 |
print('- Deleting:', ', '.join(todelete)) |
|
193 |
if not fake: |
|
194 |
for dn in todelete: |
|
195 |
conn.delete(dn) |
|
196 |
for dn in todelete: |
|
197 |
conn.result() |
src/authentic2_provisionning_ldap/tests/core.ldif | ||
---|---|---|
1 |
# OpenLDAP Core schema |
|
2 |
# $OpenLDAP: pkg/ldap/servers/slapd/schema/core.ldif,v 1.1.2.5 2007/01/02 21:44:09 kurt Exp $ |
|
3 |
## This work is part of OpenLDAP Software <http://www.openldap.org/>. |
|
4 |
## |
|
5 |
## Copyright 1998-2007 The OpenLDAP Foundation. |
|
6 |
## All rights reserved. |
|
7 |
## |
|
8 |
## Redistribution and use in source and binary forms, with or without |
|
9 |
## modification, are permitted only as authorized by the OpenLDAP |
|
10 |
## Public License. |
|
11 |
## |
|
12 |
## A copy of this license is available in the file LICENSE in the |
|
13 |
## top-level directory of the distribution or, alternatively, at |
|
14 |
## <http://www.OpenLDAP.org/license.html>. |
|
15 |
# |
|
16 | ||
17 |
# The version of this file as distributed by the OpenLDAP Foundation |
|
18 |
# contains text claiming copyright by the Internet Society and including |
|
19 |
# the IETF RFC license, which does not meet Debian's Free Software |
|
20 |
# Guidelines. However, apart from short and obvious comments, the text of |
|
21 |
# this file is purely a functional interface specification, which is not |
|
22 |
# subject to that license and is not copyrightable under US law. |
|
23 |
# |
|
24 |
# The license statement is retained below so as not to remove credit, but |
|
25 |
# as best as we can determine, it is not applicable to the contents of |
|
26 |
# this file. |
|
27 | ||
28 |
## Portions Copyright (C) The Internet Society (1997-2003). |
|
29 |
## All Rights Reserved. |
|
30 |
## |
|
31 |
## This document and translations of it may be copied and furnished to |
|
32 |
## others, and derivative works that comment on or otherwise explain it |
|
33 |
## or assist in its implementation may be prepared, copied, published |
|
34 |
## and distributed, in whole or in part, without restriction of any |
|
35 |
## kind, provided that the above copyright notice and this paragraph are |
|
36 |
## included on all such copies and derivative works. However, this |
|
37 |
## document itself may not be modified in any way, such as by removing |
|
38 |
## the copyright notice or references to the Internet Society or other |
|
39 |
## Internet organizations, except as needed for the purpose of |
|
40 |
## developing Internet standards in which case the procedures for |
|
41 |
## copyrights defined in the Internet Standards process must be |
|
42 |
## followed, or as required to translate it into languages other than |
|
43 |
## English. |
|
44 |
## |
|
45 |
## The limited permissions granted above are perpetual and will not be |
|
46 |
## revoked by the Internet Society or its successors or assigns. |
|
47 |
## |
|
48 |
## This document and the information contained herein is provided on an |
|
49 |
## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING |
|
50 |
## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING |
|
51 |
## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION |
|
52 |
## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF |
|
53 |
## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. |
|
54 |
# |
|
55 |
# |
|
56 |
# |
|
57 |
# Includes LDAPv3 schema items from: |
|
58 |
# RFC 2252/2256 (LDAPv3) |
|
59 |
# |
|
60 |
# Select standard track schema items: |
|
61 |
# RFC 1274 (uid/dc) |
|
62 |
# RFC 2079 (URI) |
|
63 |
# RFC 2247 (dc/dcObject) |
|
64 |
# RFC 2587 (PKI) |
|
65 |
# RFC 2589 (Dynamic Directory Services) |
|
66 |
# |
|
67 |
# Select informational schema items: |
|
68 |
# RFC 2377 (uidObject) |
|
69 |
# |
|
70 |
# |
|
71 |
# Standard attribute types from RFC 2256 |
|
72 |
# |
|
73 |
dn: cn=core,cn=schema,cn=config |
|
74 |
objectClass: olcSchemaConfig |
|
75 |
cn: core |
|
76 |
# |
|
77 |
# system schema |
|
78 |
#olcAttributeTypes: ( 2.5.4.0 NAME 'objectClass' |
|
79 |
# DESC 'RFC2256: object classes of the entity' |
|
80 |
# EQUALITY objectIdentifierMatch |
|
81 |
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) |
|
82 |
# |
|
83 |
# system schema |
|
84 |
#olcAttributeTypes: ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' ) |
|
85 |
# DESC 'RFC2256: name of aliased object' |
|
86 |
# EQUALITY distinguishedNameMatch |
|
87 |
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) |
|
88 |
# |
|
89 |
olcAttributeTypes: ( 2.5.4.2 NAME 'knowledgeInformation' |
|
90 |
DESC 'RFC2256: knowledge information' |
|
91 |
EQUALITY caseIgnoreMatch |
|
92 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) |
|
93 |
# |
|
94 |
# system schema |
|
95 |
#olcAttributeTypes: ( 2.5.4.3 NAME ( 'cn' 'commonName' ) |
|
96 |
# DESC 'RFC2256: common name(s) for which the entity is known by' |
|
97 |
# SUP name ) |
|
98 |
# |
|
99 |
olcAttributeTypes: ( 2.5.4.4 NAME ( 'sn' 'surname' ) |
|
100 |
DESC 'RFC2256: last (family) name(s) for which the entity is known by' |
|
101 |
SUP name ) |
|
102 |
# |
|
103 |
olcAttributeTypes: ( 2.5.4.5 NAME 'serialNumber' |
|
104 |
DESC 'RFC2256: serial number of the entity' |
|
105 |
EQUALITY caseIgnoreMatch |
|
106 |
SUBSTR caseIgnoreSubstringsMatch |
|
107 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} ) |
|
108 |
# |
|
109 |
olcAttributeTypes: ( 2.5.4.6 NAME ( 'c' 'countryName' ) |
|
110 |
DESC 'RFC2256: ISO-3166 country 2-letter code' |
|
111 |
SUP name SINGLE-VALUE ) |
|
112 |
# |
|
113 |
olcAttributeTypes: ( 2.5.4.7 NAME ( 'l' 'localityName' ) |
|
114 |
DESC 'RFC2256: locality which this object resides in' |
|
115 |
SUP name ) |
|
116 |
# |
|
117 |
olcAttributeTypes: ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' ) |
|
118 |
DESC 'RFC2256: state or province which this object resides in' |
|
119 |
SUP name ) |
|
120 |
# |
|
121 |
olcAttributeTypes: ( 2.5.4.9 NAME ( 'street' 'streetAddress' ) |
|
122 |
DESC 'RFC2256: street address of this object' |
|
123 |
EQUALITY caseIgnoreMatch |
|
124 |
SUBSTR caseIgnoreSubstringsMatch |
|
125 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) |
|
126 |
# |
|
127 |
olcAttributeTypes: ( 2.5.4.10 NAME ( 'o' 'organizationName' ) |
|
128 |
DESC 'RFC2256: organization this object belongs to' |
|
129 |
SUP name ) |
|
130 |
# |
|
131 |
olcAttributeTypes: ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' ) |
|
132 |
DESC 'RFC2256: organizational unit this object belongs to' |
|
133 |
SUP name ) |
|
134 |
# |
|
135 |
olcAttributeTypes: ( 2.5.4.12 NAME 'title' |
|
136 |
DESC 'RFC2256: title associated with the entity' |
|
137 |
SUP name ) |
|
138 |
# |
|
139 |
# system schema |
|
140 |
#olcAttributeTypes: ( 2.5.4.13 NAME 'description' |
|
141 |
# DESC 'RFC2256: descriptive information' |
|
142 |
# EQUALITY caseIgnoreMatch |
|
143 |
# SUBSTR caseIgnoreSubstringsMatch |
|
144 |
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} ) |
|
145 |
# |
|
146 |
# Deprecated by enhancedSearchGuide |
|
147 |
olcAttributeTypes: ( 2.5.4.14 NAME 'searchGuide' |
|
148 |
DESC 'RFC2256: search guide, deprecated by enhancedSearchGuide' |
|
149 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 ) |
|
150 |
# |
|
151 |
olcAttributeTypes: ( 2.5.4.15 NAME 'businessCategory' |
|
152 |
DESC 'RFC2256: business category' |
|
153 |
EQUALITY caseIgnoreMatch |
|
154 |
SUBSTR caseIgnoreSubstringsMatch |
|
155 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) |
|
156 |
# |
|
157 |
olcAttributeTypes: ( 2.5.4.16 NAME 'postalAddress' |
|
158 |
DESC 'RFC2256: postal address' |
|
159 |
EQUALITY caseIgnoreListMatch |
|
160 |
SUBSTR caseIgnoreListSubstringsMatch |
|
161 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) |
|
162 |
# |
|
163 |
olcAttributeTypes: ( 2.5.4.17 NAME 'postalCode' |
|
164 |
DESC 'RFC2256: postal code' |
|
165 |
EQUALITY caseIgnoreMatch |
|
166 |
SUBSTR caseIgnoreSubstringsMatch |
|
167 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} ) |
|
168 |
# |
|
169 |
olcAttributeTypes: ( 2.5.4.18 NAME 'postOfficeBox' |
|
170 |
DESC 'RFC2256: Post Office Box' |
|
171 |
EQUALITY caseIgnoreMatch |
|
172 |
SUBSTR caseIgnoreSubstringsMatch |
|
173 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} ) |
|
174 |
# |
|
175 |
olcAttributeTypes: ( 2.5.4.19 NAME 'physicalDeliveryOfficeName' |
|
176 |
DESC 'RFC2256: Physical Delivery Office Name' |
|
177 |
EQUALITY caseIgnoreMatch |
|
178 |
SUBSTR caseIgnoreSubstringsMatch |
|
179 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) |
|
180 |
# |
|
181 |
olcAttributeTypes: ( 2.5.4.20 NAME 'telephoneNumber' |
|
182 |
DESC 'RFC2256: Telephone Number' |
|
183 |
EQUALITY telephoneNumberMatch |
|
184 |
SUBSTR telephoneNumberSubstringsMatch |
|
185 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} ) |
|
186 |
# |
|
187 |
olcAttributeTypes: ( 2.5.4.21 NAME 'telexNumber' |
|
188 |
DESC 'RFC2256: Telex Number' |
|
189 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 ) |
|
190 |
# |
|
191 |
olcAttributeTypes: ( 2.5.4.22 NAME 'teletexTerminalIdentifier' |
|
192 |
DESC 'RFC2256: Teletex Terminal Identifier' |
|
193 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 ) |
|
194 |
# |
|
195 |
olcAttributeTypes: ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' ) |
|
196 |
DESC 'RFC2256: Facsimile (Fax) Telephone Number' |
|
197 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 ) |
|
198 |
# |
|
199 |
olcAttributeTypes: ( 2.5.4.24 NAME 'x121Address' |
|
200 |
DESC 'RFC2256: X.121 Address' |
|
201 |
EQUALITY numericStringMatch |
|
202 |
SUBSTR numericStringSubstringsMatch |
|
203 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} ) |
|
204 |
# |
|
205 |
olcAttributeTypes: ( 2.5.4.25 NAME 'internationaliSDNNumber' |
|
206 |
DESC 'RFC2256: international ISDN number' |
|
207 |
EQUALITY numericStringMatch |
|
208 |
SUBSTR numericStringSubstringsMatch |
|
209 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} ) |
|
210 |
# |
|
211 |
olcAttributeTypes: ( 2.5.4.26 NAME 'registeredAddress' |
|
212 |
DESC 'RFC2256: registered postal address' |
|
213 |
SUP postalAddress |
|
214 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) |
|
215 |
# |
|
216 |
olcAttributeTypes: ( 2.5.4.27 NAME 'destinationIndicator' |
|
217 |
DESC 'RFC2256: destination indicator' |
|
218 |
EQUALITY caseIgnoreMatch |
|
219 |
SUBSTR caseIgnoreSubstringsMatch |
|
220 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} ) |
|
221 |
# |
|
222 |
olcAttributeTypes: ( 2.5.4.28 NAME 'preferredDeliveryMethod' |
|
223 |
DESC 'RFC2256: preferred delivery method' |
|
224 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.14 |
|
225 |
SINGLE-VALUE ) |
|
226 |
# |
|
227 |
olcAttributeTypes: ( 2.5.4.29 NAME 'presentationAddress' |
|
228 |
DESC 'RFC2256: presentation address' |
|
229 |
EQUALITY presentationAddressMatch |
|
230 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.43 |
|
231 |
SINGLE-VALUE ) |
|
232 |
# |
|
233 |
olcAttributeTypes: ( 2.5.4.30 NAME 'supportedApplicationContext' |
|
234 |
DESC 'RFC2256: supported application context' |
|
235 |
EQUALITY objectIdentifierMatch |
|
236 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) |
|
237 |
# |
|
238 |
olcAttributeTypes: ( 2.5.4.31 NAME 'member' |
|
239 |
DESC 'RFC2256: member of a group' |
|
240 |
SUP distinguishedName ) |
|
241 |
# |
|
242 |
olcAttributeTypes: ( 2.5.4.32 NAME 'owner' |
|
243 |
DESC 'RFC2256: owner (of the object)' |
|
244 |
SUP distinguishedName ) |
|
245 |
# |
|
246 |
olcAttributeTypes: ( 2.5.4.33 NAME 'roleOccupant' |
|
247 |
DESC 'RFC2256: occupant of role' |
|
248 |
SUP distinguishedName ) |
|
249 |
# |
|
250 |
# system schema |
|
251 |
#olcAttributeTypes: ( 2.5.4.34 NAME 'seeAlso' |
|
252 |
# DESC 'RFC2256: DN of related object' |
|
253 |
# SUP distinguishedName ) |
|
254 |
# |
|
255 |
# system schema |
|
256 |
#olcAttributeTypes: ( 2.5.4.35 NAME 'userPassword' |
|
257 |
# DESC 'RFC2256/2307: password of user' |
|
258 |
# EQUALITY octetStringMatch |
|
259 |
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} ) |
|
260 |
# |
|
261 |
# Must be transferred using ;binary |
|
262 |
# with certificateExactMatch rule (per X.509) |
|
263 |
olcAttributeTypes: ( 2.5.4.36 NAME 'userCertificate' |
|
264 |
DESC 'RFC2256: X.509 user certificate, use ;binary' |
|
265 |
EQUALITY certificateExactMatch |
|
266 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 ) |
|
267 |
# |
|
268 |
# Must be transferred using ;binary |
|
269 |
# with certificateExactMatch rule (per X.509) |
|
270 |
olcAttributeTypes: ( 2.5.4.37 NAME 'cACertificate' |
|
271 |
DESC 'RFC2256: X.509 CA certificate, use ;binary' |
|
272 |
EQUALITY certificateExactMatch |
|
273 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 ) |
|
274 |
# |
|
275 |
# Must be transferred using ;binary |
|
276 |
olcAttributeTypes: ( 2.5.4.38 NAME 'authorityRevocationList' |
|
277 |
DESC 'RFC2256: X.509 authority revocation list, use ;binary' |
|
278 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) |
|
279 |
# |
|
280 |
# Must be transferred using ;binary |
|
281 |
olcAttributeTypes: ( 2.5.4.39 NAME 'certificateRevocationList' |
|
282 |
DESC 'RFC2256: X.509 certificate revocation list, use ;binary' |
|
283 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) |
|
284 |
# |
|
285 |
# Must be stored and requested in the binary form |
|
286 |
olcAttributeTypes: ( 2.5.4.40 NAME 'crossCertificatePair' |
|
287 |
DESC 'RFC2256: X.509 cross certificate pair, use ;binary' |
|
288 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 ) |
|
289 |
# |
|
290 |
# 2.5.4.41 is defined above as it's used for subtyping |
|
291 |
#olcAttributeTypes: ( 2.5.4.41 NAME 'name' |
|
292 |
# EQUALITY caseIgnoreMatch |
|
293 |
# SUBSTR caseIgnoreSubstringsMatch |
|
294 |
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) |
|
295 |
# |
|
296 |
olcAttributeTypes: ( 2.5.4.42 NAME ( 'givenName' 'gn' ) |
|
297 |
DESC 'RFC2256: first name(s) for which the entity is known by' |
|
298 |
SUP name ) |
|
299 |
# |
|
300 |
olcAttributeTypes: ( 2.5.4.43 NAME 'initials' |
|
301 |
DESC 'RFC2256: initials of some or all of names, but not the surname(s).' |
|
302 |
SUP name ) |
|
303 |
# |
|
304 |
olcAttributeTypes: ( 2.5.4.44 NAME 'generationQualifier' |
|
305 |
DESC 'RFC2256: name qualifier indicating a generation' |
|
306 |
SUP name ) |
|
307 |
# |
|
308 |
olcAttributeTypes: ( 2.5.4.45 NAME 'x500UniqueIdentifier' |
|
309 |
DESC 'RFC2256: X.500 unique identifier' |
|
310 |
EQUALITY bitStringMatch |
|
311 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 ) |
|
312 |
# |
|
313 |
olcAttributeTypes: ( 2.5.4.46 NAME 'dnQualifier' |
|
314 |
DESC 'RFC2256: DN qualifier' |
|
315 |
EQUALITY caseIgnoreMatch |
|
316 |
ORDERING caseIgnoreOrderingMatch |
|
317 |
SUBSTR caseIgnoreSubstringsMatch |
|
318 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 ) |
|
319 |
# |
|
320 |
olcAttributeTypes: ( 2.5.4.47 NAME 'enhancedSearchGuide' |
|
321 |
DESC 'RFC2256: enhanced search guide' |
|
322 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 ) |
|
323 |
# |
|
324 |
olcAttributeTypes: ( 2.5.4.48 NAME 'protocolInformation' |
|
325 |
DESC 'RFC2256: protocol information' |
|
326 |
EQUALITY protocolInformationMatch |
|
327 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 ) |
|
328 |
# |
|
329 |
# 2.5.4.49 is defined above as it's used for subtyping |
|
330 |
#olcAttributeTypes: ( 2.5.4.49 NAME 'distinguishedName' |
|
331 |
# EQUALITY distinguishedNameMatch |
|
332 |
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) |
|
333 |
# |
|
334 |
olcAttributeTypes: ( 2.5.4.50 NAME 'uniqueMember' |
|
335 |
DESC 'RFC2256: unique member of a group' |
|
336 |
EQUALITY uniqueMemberMatch |
|
337 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 ) |
|
338 |
# |
|
339 |
olcAttributeTypes: ( 2.5.4.51 NAME 'houseIdentifier' |
|
340 |
DESC 'RFC2256: house identifier' |
|
341 |
EQUALITY caseIgnoreMatch |
|
342 |
SUBSTR caseIgnoreSubstringsMatch |
|
343 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) |
|
344 |
# |
|
345 |
# Must be transferred using ;binary |
|
346 |
olcAttributeTypes: ( 2.5.4.52 NAME 'supportedAlgorithms' |
|
347 |
DESC 'RFC2256: supported algorithms' |
|
348 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 ) |
|
349 |
# |
|
350 |
# Must be transferred using ;binary |
|
351 |
olcAttributeTypes: ( 2.5.4.53 NAME 'deltaRevocationList' |
|
352 |
DESC 'RFC2256: delta revocation list; use ;binary' |
|
353 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) |
|
354 |
# |
|
355 |
olcAttributeTypes: ( 2.5.4.54 NAME 'dmdName' |
|
356 |
DESC 'RFC2256: name of DMD' |
|
357 |
SUP name ) |
|
358 |
# |
|
359 |
olcAttributeTypes: ( 2.5.4.65 NAME 'pseudonym' |
|
360 |
DESC 'X.520(4th): pseudonym for the object' |
|
361 |
SUP name ) |
|
362 |
# |
|
363 |
# Standard object classes from RFC2256 |
|
364 |
# |
|
365 |
# system schema |
|
366 |
#olcObjectClasses: ( 2.5.6.1 NAME 'alias' |
|
367 |
# DESC 'RFC2256: an alias' |
|
368 |
# SUP top STRUCTURAL |
|
369 |
# MUST aliasedObjectName ) |
|
370 |
# |
|
371 |
olcObjectClasses: ( 2.5.6.2 NAME 'country' |
|
372 |
DESC 'RFC2256: a country' |
|
373 |
SUP top STRUCTURAL |
|
374 |
MUST c |
|
375 |
MAY ( searchGuide $ description ) ) |
|
376 |
# |
|
377 |
olcObjectClasses: ( 2.5.6.3 NAME 'locality' |
|
378 |
DESC 'RFC2256: a locality' |
|
379 |
SUP top STRUCTURAL |
|
380 |
MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) ) |
|
381 |
# |
|
382 |
olcObjectClasses: ( 2.5.6.4 NAME 'organization' |
|
383 |
DESC 'RFC2256: an organization' |
|
384 |
SUP top STRUCTURAL |
|
385 |
MUST o |
|
386 |
MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ |
|
387 |
x121Address $ registeredAddress $ destinationIndicator $ |
|
388 |
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ |
|
389 |
telephoneNumber $ internationaliSDNNumber $ |
|
390 |
facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ |
|
391 |
postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) ) |
|
392 |
# |
|
393 |
olcObjectClasses: ( 2.5.6.5 NAME 'organizationalUnit' |
|
394 |
DESC 'RFC2256: an organizational unit' |
|
395 |
SUP top STRUCTURAL |
|
396 |
MUST ou |
|
397 |
MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ |
|
398 |
x121Address $ registeredAddress $ destinationIndicator $ |
|
399 |
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ |
|
400 |
telephoneNumber $ internationaliSDNNumber $ |
|
401 |
facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ |
|
402 |
postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) ) |
|
403 |
# |
|
404 |
olcObjectClasses: ( 2.5.6.6 NAME 'person' |
|
405 |
DESC 'RFC2256: a person' |
|
406 |
SUP top STRUCTURAL |
|
407 |
MUST ( sn $ cn ) |
|
408 |
MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) ) |
|
409 |
# |
|
410 |
olcObjectClasses: ( 2.5.6.7 NAME 'organizationalPerson' |
|
411 |
DESC 'RFC2256: an organizational person' |
|
412 |
SUP person STRUCTURAL |
|
413 |
MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $ |
|
414 |
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ |
|
415 |
telephoneNumber $ internationaliSDNNumber $ |
|
416 |
facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ |
|
417 |
postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) ) |
|
418 |
# |
|
419 |
olcObjectClasses: ( 2.5.6.8 NAME 'organizationalRole' |
|
420 |
DESC 'RFC2256: an organizational role' |
|
421 |
SUP top STRUCTURAL |
|
422 |
MUST cn |
|
423 |
MAY ( x121Address $ registeredAddress $ destinationIndicator $ |
|
424 |
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ |
|
425 |
telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ |
|
426 |
seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $ |
|
427 |
postOfficeBox $ postalCode $ postalAddress $ |
|
428 |
physicalDeliveryOfficeName $ ou $ st $ l $ description ) ) |
|
429 |
# |
|
430 |
olcObjectClasses: ( 2.5.6.9 NAME 'groupOfNames' |
|
431 |
DESC 'RFC2256: a group of names (DNs)' |
|
432 |
SUP top STRUCTURAL |
|
433 |
MUST ( member $ cn ) |
|
434 |
MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) ) |
|
435 |
# |
|
436 |
olcObjectClasses: ( 2.5.6.10 NAME 'residentialPerson' |
|
437 |
DESC 'RFC2256: an residential person' |
|
438 |
SUP person STRUCTURAL |
|
439 |
MUST l |
|
440 |
MAY ( businessCategory $ x121Address $ registeredAddress $ |
|
441 |
destinationIndicator $ preferredDeliveryMethod $ telexNumber $ |
|
442 |
teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ |
|
443 |
facsimileTelephoneNumber $ preferredDeliveryMethod $ street $ |
|
444 |
postOfficeBox $ postalCode $ postalAddress $ |
|
445 |
physicalDeliveryOfficeName $ st $ l ) ) |
|
446 |
# |
|
447 |
olcObjectClasses: ( 2.5.6.11 NAME 'applicationProcess' |
|
448 |
DESC 'RFC2256: an application process' |
|
449 |
SUP top STRUCTURAL |
|
450 |
MUST cn |
|
451 |
MAY ( seeAlso $ ou $ l $ description ) ) |
|
452 |
# |
|
453 |
olcObjectClasses: ( 2.5.6.12 NAME 'applicationEntity' |
|
454 |
DESC 'RFC2256: an application entity' |
|
455 |
SUP top STRUCTURAL |
|
456 |
MUST ( presentationAddress $ cn ) |
|
457 |
MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $ |
|
458 |
description ) ) |
|
459 |
# |
|
460 |
olcObjectClasses: ( 2.5.6.13 NAME 'dSA' |
|
461 |
DESC 'RFC2256: a directory system agent (a server)' |
|
462 |
SUP applicationEntity STRUCTURAL |
|
463 |
MAY knowledgeInformation ) |
|
464 |
# |
|
465 |
olcObjectClasses: ( 2.5.6.14 NAME 'device' |
|
466 |
DESC 'RFC2256: a device' |
|
467 |
SUP top STRUCTURAL |
|
468 |
MUST cn |
|
469 |
MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) ) |
|
470 |
# |
|
471 |
olcObjectClasses: ( 2.5.6.15 NAME 'strongAuthenticationUser' |
|
472 |
DESC 'RFC2256: a strong authentication user' |
|
473 |
SUP top AUXILIARY |
|
474 |
MUST userCertificate ) |
|
475 |
# |
|
476 |
olcObjectClasses: ( 2.5.6.16 NAME 'certificationAuthority' |
|
477 |
DESC 'RFC2256: a certificate authority' |
|
478 |
SUP top AUXILIARY |
|
479 |
MUST ( authorityRevocationList $ certificateRevocationList $ |
|
480 |
cACertificate ) MAY crossCertificatePair ) |
|
481 |
# |
|
482 |
olcObjectClasses: ( 2.5.6.17 NAME 'groupOfUniqueNames' |
|
483 |
DESC 'RFC2256: a group of unique names (DN and Unique Identifier)' |
|
484 |
SUP top STRUCTURAL |
|
485 |
MUST ( uniqueMember $ cn ) |
|
486 |
MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) ) |
|
487 |
# |
|
488 |
olcObjectClasses: ( 2.5.6.18 NAME 'userSecurityInformation' |
|
489 |
DESC 'RFC2256: a user security information' |
|
490 |
SUP top AUXILIARY |
|
491 |
MAY ( supportedAlgorithms ) ) |
|
492 |
# |
|
493 |
olcObjectClasses: ( 2.5.6.16.2 NAME 'certificationAuthority-V2' |
|
494 |
SUP certificationAuthority |
|
495 |
AUXILIARY MAY ( deltaRevocationList ) ) |
|
496 |
# |
|
497 |
olcObjectClasses: ( 2.5.6.19 NAME 'cRLDistributionPoint' |
|
498 |
SUP top STRUCTURAL |
|
499 |
MUST ( cn ) |
|
500 |
MAY ( certificateRevocationList $ authorityRevocationList $ |
|
501 |
deltaRevocationList ) ) |
|
502 |
# |
|
503 |
olcObjectClasses: ( 2.5.6.20 NAME 'dmd' |
|
504 |
SUP top STRUCTURAL |
|
505 |
MUST ( dmdName ) |
|
506 |
MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ |
|
507 |
x121Address $ registeredAddress $ destinationIndicator $ |
|
508 |
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ |
|
509 |
telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ |
|
510 |
street $ postOfficeBox $ postalCode $ postalAddress $ |
|
511 |
physicalDeliveryOfficeName $ st $ l $ description ) ) |
|
512 |
# |
|
513 |
# |
|
514 |
# Object Classes from RFC 2587 |
|
515 |
# |
|
516 |
olcObjectClasses: ( 2.5.6.21 NAME 'pkiUser' |
|
517 |
DESC 'RFC2587: a PKI user' |
|
518 |
SUP top AUXILIARY |
|
519 |
MAY userCertificate ) |
|
520 |
# |
|
521 |
olcObjectClasses: ( 2.5.6.22 NAME 'pkiCA' |
|
522 |
DESC 'RFC2587: PKI certificate authority' |
|
523 |
SUP top AUXILIARY |
|
524 |
MAY ( authorityRevocationList $ certificateRevocationList $ |
|
525 |
cACertificate $ crossCertificatePair ) ) |
|
526 |
# |
|
527 |
olcObjectClasses: ( 2.5.6.23 NAME 'deltaCRL' |
|
528 |
DESC 'RFC2587: PKI user' |
|
529 |
SUP top AUXILIARY |
|
530 |
MAY deltaRevocationList ) |
|
531 |
# |
|
532 |
# |
|
533 |
# Standard Track URI label schema from RFC 2079 |
|
534 |
# system schema |
|
535 |
#olcAttributeTypes: ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI' |
|
536 |
# DESC 'RFC2079: Uniform Resource Identifier with optional label' |
|
537 |
# EQUALITY caseExactMatch |
|
538 |
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) |
|
539 |
# |
|
540 |
olcObjectClasses: ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject' |
|
541 |
DESC 'RFC2079: object that contains the URI attribute type' |
|
542 |
MAY ( labeledURI ) |
|
543 |
SUP top AUXILIARY ) |
|
544 |
# |
|
545 |
# |
|
546 |
# Derived from RFC 1274, but with new "short names" |
|
547 |
# |
|
548 |
#olcAttributeTypes: ( 0.9.2342.19200300.100.1.1 |
|
549 |
# NAME ( 'uid' 'userid' ) |
|
550 |
# DESC 'RFC1274: user identifier' |
|
551 |
# EQUALITY caseIgnoreMatch |
|
552 |
# SUBSTR caseIgnoreSubstringsMatch |
|
553 |
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) |
|
554 |
# |
|
555 |
olcAttributeTypes: ( 0.9.2342.19200300.100.1.3 |
|
556 |
NAME ( 'mail' 'rfc822Mailbox' ) |
|
557 |
DESC 'RFC1274: RFC822 Mailbox' |
|
558 |
EQUALITY caseIgnoreIA5Match |
|
559 |
SUBSTR caseIgnoreIA5SubstringsMatch |
|
560 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) |
|
561 |
# |
|
562 |
olcObjectClasses: ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject' |
|
563 |
DESC 'RFC1274: simple security object' |
|
564 |
SUP top AUXILIARY |
|
565 |
MUST userPassword ) |
|
566 |
# |
|
567 |
# RFC 1274 + RFC 2247 |
|
568 |
olcAttributeTypes: ( 0.9.2342.19200300.100.1.25 |
|
569 |
NAME ( 'dc' 'domainComponent' ) |
|
570 |
DESC 'RFC1274/2247: domain component' |
|
571 |
EQUALITY caseIgnoreIA5Match |
|
572 |
SUBSTR caseIgnoreIA5SubstringsMatch |
|
573 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) |
|
574 |
# |
|
575 |
# RFC 2247 |
|
576 |
olcObjectClasses: ( 1.3.6.1.4.1.1466.344 NAME 'dcObject' |
|
577 |
DESC 'RFC2247: domain component object' |
|
578 |
SUP top AUXILIARY MUST dc ) |
|
579 |
# |
|
580 |
# RFC 2377 |
|
581 |
olcObjectClasses: ( 1.3.6.1.1.3.1 NAME 'uidObject' |
|
582 |
DESC 'RFC2377: uid object' |
|
583 |
SUP top AUXILIARY MUST uid ) |
|
584 |
# |
|
585 |
# From COSINE Pilot |
|
586 |
olcAttributeTypes: ( 0.9.2342.19200300.100.1.37 |
|
587 |
NAME 'associatedDomain' |
|
588 |
DESC 'RFC1274: domain associated with object' |
|
589 |
EQUALITY caseIgnoreIA5Match |
|
590 |
SUBSTR caseIgnoreIA5SubstringsMatch |
|
591 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) |
|
592 |
# |
|
593 |
# RFC 2459 -- deprecated in favor of 'mail' (in cosine.schema) |
|
594 |
olcAttributeTypes: ( 1.2.840.113549.1.9.1 |
|
595 |
NAME ( 'email' 'emailAddress' 'pkcs9email' ) |
|
596 |
DESC 'RFC3280: legacy attribute for email addresses in DNs' |
|
597 |
EQUALITY caseIgnoreIA5Match |
|
598 |
SUBSTR caseIgnoreIA5SubstringsMatch |
|
599 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) |
|
600 |
# |
src/authentic2_provisionning_ldap/tests/cosine.ldif | ||
---|---|---|
1 |
# RFC1274: Cosine and Internet X.500 schema |
|
2 |
# $OpenLDAP$ |
|
3 |
## This work is part of OpenLDAP Software <http://www.openldap.org/>. |
|
4 |
## |
|
5 |
## Copyright 1998-2012 The OpenLDAP Foundation. |
|
6 |
## All rights reserved. |
|
7 |
## |
|
8 |
## Redistribution and use in source and binary forms, with or without |
|
9 |
## modification, are permitted only as authorized by the OpenLDAP |
|
10 |
## Public License. |
|
11 |
## |
|
12 |
## A copy of this license is available in the file LICENSE in the |
|
13 |
## top-level directory of the distribution or, alternatively, at |
|
14 |
## <http://www.OpenLDAP.org/license.html>. |
|
15 |
# |
|
16 |
# RFC1274: Cosine and Internet X.500 schema |
|
17 |
# |
|
18 |
# This file contains LDAPv3 schema derived from X.500 COSINE "pilot" |
|
19 |
# schema. As this schema was defined for X.500(89), some |
|
20 |
# oddities were introduced in the mapping to LDAPv3. The |
|
21 |
# mappings were based upon: draft-ietf-asid-ldapv3-attributes-03.txt |
|
22 |
# (a work in progress) |
|
23 |
# |
|
24 |
# Note: It seems that the pilot schema evolved beyond what was |
|
25 |
# described in RFC1274. However, this document attempts to describes |
|
26 |
# RFC1274 as published. |
|
27 |
# |
|
28 |
# Depends on core.ldif |
|
29 |
# |
|
30 |
# This file was automatically generated from cosine.schema; see that |
|
31 |
# file for complete background. |
|
32 |
# |
|
33 |
dn: cn=cosine,cn=schema,cn=config |
|
34 |
objectClass: olcSchemaConfig |
|
35 |
cn: cosine |
|
36 |
olcAttributeTypes: ( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress' |
|
37 |
EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1. |
|
38 |
1466.115.121.1.15{256} ) |
|
39 |
olcAttributeTypes: ( 0.9.2342.19200300.100.1.4 NAME 'info' DESC 'RFC1274: g |
|
40 |
eneral information' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch |
|
41 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} ) |
|
42 |
olcAttributeTypes: ( 0.9.2342.19200300.100.1.5 NAME ( 'drink' 'favouriteDri |
|
43 |
nk' ) DESC 'RFC1274: favorite drink' EQUALITY caseIgnoreMatch SUBSTR caseIgno |
|
44 |
reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) |
|
45 |
olcAttributeTypes: ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' DESC 'RFC1 |
|
46 |
274: room number' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch S |
|
47 |
YNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) |
|
48 |
olcAttributeTypes: ( 0.9.2342.19200300.100.1.7 NAME 'photo' DESC 'RFC1274: |
|
49 |
photo (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000} ) |
|
50 |
olcAttributeTypes: ( 0.9.2342.19200300.100.1.8 NAME 'userClass' DESC 'RFC12 |
|
51 |
74: category of user' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMat |
|
52 |
ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) |
|
53 |
olcAttributeTypes: ( 0.9.2342.19200300.100.1.9 NAME 'host' DESC 'RFC1274: h |
|
54 |
ost computer' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTA |
|
55 |
X 1.3.6.1.4.1.1466.115.121.1.15{256} ) |
|
56 |
olcAttributeTypes: ( 0.9.2342.19200300.100.1.10 NAME 'manager' DESC 'RFC127 |
|
57 |
4: DN of manager' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115 |
|
58 |
.121.1.12 ) |
|
59 |
olcAttributeTypes: ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier' D |
|
60 |
ESC 'RFC1274: unique identifier of document' EQUALITY caseIgnoreMatch SUBSTR |
|
61 |
caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) |
|
62 |
olcAttributeTypes: ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle' DESC ' |
|
63 |
RFC1274: title of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstri |
|
64 |
ngsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) |
|
65 |
olcAttributeTypes: ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion' DES |
|
66 |
C 'RFC1274: version of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSu |
|
67 |
bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) |
|
68 |
olcAttributeTypes: ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor' DESC |
|
69 |
'RFC1274: DN of author of document' EQUALITY distinguishedNameMatch SYNTAX 1 |
|
70 |
.3.6.1.4.1.1466.115.121.1.12 ) |
|
71 |
olcAttributeTypes: ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation' DE |
|
72 |
SC 'RFC1274: location of document original' EQUALITY caseIgnoreMatch SUBSTR c |
|
73 |
aseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) |
|
74 |
olcAttributeTypes: ( 0.9.2342.19200300.100.1.20 NAME ( 'homePhone' 'homeTe |
|
75 |
lephoneNumber' ) DESC 'RFC1274: home telephone number' EQUALITY telephoneNumb |
|
76 |
erMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121 |
|
77 |
.1.50 ) |
|
78 |
olcAttributeTypes: ( 0.9.2342.19200300.100.1.21 NAME 'secretary' DESC 'RFC |
|
79 |
1274: DN of secretary' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.146 |
|
80 |
6.115.121.1.12 ) |
|
81 |
olcAttributeTypes: ( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox' SYNTAX |
|
82 |
1.3.6.1.4.1.1466.115.121.1.39 ) |
|
83 |
olcAttributeTypes: ( 0.9.2342.19200300.100.1.26 NAME 'aRecord' EQUALITY ca |
|
84 |
seIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) |
|
85 |
olcAttributeTypes: ( 0.9.2342.19200300.100.1.27 NAME 'mDRecord' EQUALITY c |
|
86 |
aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) |
|
87 |
olcAttributeTypes: ( 0.9.2342.19200300.100.1.28 NAME 'mXRecord' EQUALITY c |
|
88 |
aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) |
|
89 |
olcAttributeTypes: ( 0.9.2342.19200300.100.1.29 NAME 'nSRecord' EQUALITY c |
|
90 |
aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) |
|
91 |
olcAttributeTypes: ( 0.9.2342.19200300.100.1.30 NAME 'sOARecord' EQUALITY |
|
92 |
caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) |
|
93 |
olcAttributeTypes: ( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord' EQUALIT |
|
94 |
Y caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) |
|
95 |
olcAttributeTypes: ( 0.9.2342.19200300.100.1.38 NAME 'associatedName' DESC |
|
96 |
'RFC1274: DN of entry associated with domain' EQUALITY distinguishedNameMatc |
|
97 |
h SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) |
|
98 |
olcAttributeTypes: ( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress' D |
|
99 |
ESC 'RFC1274: home postal address' EQUALITY caseIgnoreListMatch SUBSTR caseIg |
|
100 |
noreListSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) |
|
101 |
olcAttributeTypes: ( 0.9.2342.19200300.100.1.40 NAME 'personalTitle' DESC |
|
102 |
'RFC1274: personal title' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring |
|
103 |
sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) |
|
104 |
olcAttributeTypes: ( 0.9.2342.19200300.100.1.41 NAME ( 'mobile' 'mobileTel |
|
105 |
ephoneNumber' ) DESC 'RFC1274: mobile telephone number' EQUALITY telephoneNum |
|
106 |
berMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 |
|
107 |
1.1.50 ) |
|
108 |
olcAttributeTypes: ( 0.9.2342.19200300.100.1.42 NAME ( 'pager' 'pagerTelep |
|
109 |
honeNumber' ) DESC 'RFC1274: pager telephone number' EQUALITY telephoneNumber |
|
110 |
Match SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 |
|
111 |
.50 ) |
|
112 |
olcAttributeTypes: ( 0.9.2342.19200300.100.1.43 NAME ( 'co' 'friendlyCount |
|
113 |
ryName' ) DESC 'RFC1274: friendly country name' EQUALITY caseIgnoreMatch SUBS |
|
114 |
TR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) |
|
115 |
olcAttributeTypes: ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier' DE |
|
116 |
SC 'RFC1274: unique identifer' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.14 |
|
117 |
66.115.121.1.15{256} ) |
|
118 |
olcAttributeTypes: ( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus |
|
119 |
' DESC 'RFC1274: organizational status' EQUALITY caseIgnoreMatch SUBSTR caseI |
|
120 |
gnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) |
|
121 |
olcAttributeTypes: ( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox' DESC ' |
|
122 |
RFC1274: Janet mailbox' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Subst |
|
123 |
ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) |
|
124 |
olcAttributeTypes: ( 0.9.2342.19200300.100.1.47 NAME 'mailPreferenceOption |
|
125 |
' DESC 'RFC1274: mail preference option' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 |
|
126 |
) |
|
127 |
olcAttributeTypes: ( 0.9.2342.19200300.100.1.48 NAME 'buildingName' DESC ' |
|
128 |
RFC1274: name of building' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrin |
|
129 |
gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) |
|
130 |
olcAttributeTypes: ( 0.9.2342.19200300.100.1.49 NAME 'dSAQuality' DESC 'RF |
|
131 |
C1274: DSA Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.19 SINGLE-VALUE ) |
|
132 |
olcAttributeTypes: ( 0.9.2342.19200300.100.1.50 NAME 'singleLevelQuality' |
|
133 |
DESC 'RFC1274: Single Level Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SIN |
|
134 |
GLE-VALUE ) |
|
135 |
olcAttributeTypes: ( 0.9.2342.19200300.100.1.51 NAME 'subtreeMinimumQualit |
|
136 |
y' DESC 'RFC1274: Subtree Mininum Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1. |
|
137 |
13 SINGLE-VALUE ) |
|
138 |
olcAttributeTypes: ( 0.9.2342.19200300.100.1.52 NAME 'subtreeMaximumQualit |
|
139 |
y' DESC 'RFC1274: Subtree Maximun Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1. |
|
140 |
13 SINGLE-VALUE ) |
|
141 |
olcAttributeTypes: ( 0.9.2342.19200300.100.1.53 NAME 'personalSignature' D |
|
142 |
ESC 'RFC1274: Personal Signature (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1. |
|
143 |
23 ) |
|
144 |
olcAttributeTypes: ( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect' DESC 'R |
|
145 |
FC1274: DIT Redirect' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466 |
|
146 |
.115.121.1.12 ) |
|
147 |
olcAttributeTypes: ( 0.9.2342.19200300.100.1.55 NAME 'audio' DESC 'RFC1274 |
|
148 |
: audio (u-law)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.4{25000} ) |
|
149 |
olcAttributeTypes: ( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher' D |
|
150 |
ESC 'RFC1274: publisher of document' EQUALITY caseIgnoreMatch SUBSTR caseIgno |
|
151 |
reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) |
|
152 |
olcObjectClasses: ( 0.9.2342.19200300.100.4.4 NAME ( 'pilotPerson' 'newPilo |
|
153 |
tPerson' ) SUP person STRUCTURAL MAY ( userid $ textEncodedORAddress $ rfc822 |
|
154 |
Mailbox $ favouriteDrink $ roomNumber $ userClass $ homeTelephoneNumber $ hom |
|
155 |
ePostalAddress $ secretary $ personalTitle $ preferredDeliveryMethod $ busine |
|
156 |
ssCategory $ janetMailbox $ otherMailbox $ mobileTelephoneNumber $ pagerTelep |
|
157 |
honeNumber $ organizationalStatus $ mailPreferenceOption $ personalSignature |
|
158 |
) ) |
|
159 |
olcObjectClasses: ( 0.9.2342.19200300.100.4.5 NAME 'account' SUP top STRUCT |
|
160 |
URAL MUST userid MAY ( description $ seeAlso $ localityName $ organizationNam |
|
161 |
e $ organizationalUnitName $ host ) ) |
|
162 |
olcObjectClasses: ( 0.9.2342.19200300.100.4.6 NAME 'document' SUP top STRUC |
|
163 |
TURAL MUST documentIdentifier MAY ( commonName $ description $ seeAlso $ loca |
|
164 |
lityName $ organizationName $ organizationalUnitName $ documentTitle $ docume |
|
165 |
ntVersion $ documentAuthor $ documentLocation $ documentPublisher ) ) |
|
166 |
olcObjectClasses: ( 0.9.2342.19200300.100.4.7 NAME 'room' SUP top STRUCTURA |
|
167 |
L MUST commonName MAY ( roomNumber $ description $ seeAlso $ telephoneNumber |
|
168 |
) ) |
|
169 |
olcObjectClasses: ( 0.9.2342.19200300.100.4.9 NAME 'documentSeries' SUP top |
|
170 |
STRUCTURAL MUST commonName MAY ( description $ seeAlso $ telephonenumber $ l |
|
171 |
ocalityName $ organizationName $ organizationalUnitName ) ) |
|
172 |
olcObjectClasses: ( 0.9.2342.19200300.100.4.13 NAME 'domain' SUP top STRUCT |
|
173 |
URAL MUST domainComponent MAY ( associatedName $ organizationName $ descripti |
|
174 |
on $ businessCategory $ seeAlso $ searchGuide $ userPassword $ localityName $ |
|
175 |
stateOrProvinceName $ streetAddress $ physicalDeliveryOfficeName $ postalAdd |
|
176 |
ress $ postalCode $ postOfficeBox $ streetAddress $ facsimileTelephoneNumber |
|
177 |
$ internationalISDNNumber $ telephoneNumber $ teletexTerminalIdentifier $ tel |
|
178 |
exNumber $ preferredDeliveryMethod $ destinationIndicator $ registeredAddress |
|
179 |
$ x121Address ) ) |
|
180 |
olcObjectClasses: ( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart' SUP d |
|
181 |
omain STRUCTURAL MAY ( commonName $ surname $ description $ seeAlso $ telepho |
|
182 |
neNumber $ physicalDeliveryOfficeName $ postalAddress $ postalCode $ postOffi |
|
183 |
ceBox $ streetAddress $ facsimileTelephoneNumber $ internationalISDNNumber $ |
|
184 |
telephoneNumber $ teletexTerminalIdentifier $ telexNumber $ preferredDelivery |
|
185 |
Method $ destinationIndicator $ registeredAddress $ x121Address ) ) |
|
186 |
olcObjectClasses: ( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain' SUP domain |
|
187 |
STRUCTURAL MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $ SOARecord $ CNAME |
|
188 |
Record ) ) |
|
189 |
olcObjectClasses: ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject' D |
|
190 |
ESC 'RFC1274: an object related to an domain' SUP top AUXILIARY MUST associat |
|
191 |
edDomain ) |
|
192 |
olcObjectClasses: ( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry' SUP c |
|
193 |
ountry STRUCTURAL MUST friendlyCountryName ) |
|
194 |
olcObjectClasses: ( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization' SU |
|
195 |
P ( organization $ organizationalUnit ) STRUCTURAL MAY buildingName ) |
|
196 |
olcObjectClasses: ( 0.9.2342.19200300.100.4.21 NAME 'pilotDSA' SUP dsa STR |
|
197 |
UCTURAL MAY dSAQuality ) |
|
198 |
olcObjectClasses: ( 0.9.2342.19200300.100.4.22 NAME 'qualityLabelledData' |
|
199 |
SUP top AUXILIARY MUST dsaQuality MAY ( subtreeMinimumQuality $ subtreeMaximu |
|
200 |
mQuality ) ) |
src/authentic2_provisionning_ldap/tests/inetorgperson.ldif | ||
---|---|---|
1 |
# InetOrgPerson (RFC2798) |
|
2 |
# $OpenLDAP$ |
|
3 |
## This work is part of OpenLDAP Software <http://www.openldap.org/>. |
|
4 |
## |
|
5 |
## Copyright 1998-2012 The OpenLDAP Foundation. |
|
6 |
## All rights reserved. |
|
7 |
## |
|
8 |
## Redistribution and use in source and binary forms, with or without |
|
9 |
## modification, are permitted only as authorized by the OpenLDAP |
|
10 |
## Public License. |
|
11 |
## |
|
12 |
## A copy of this license is available in the file LICENSE in the |
|
13 |
## top-level directory of the distribution or, alternatively, at |
|
14 |
## <http://www.OpenLDAP.org/license.html>. |
|
15 |
# |
|
16 |
# InetOrgPerson (RFC2798) |
|
17 |
# |
|
18 |
# Depends upon |
|
19 |
# Definition of an X.500 Attribute Type and an Object Class to Hold |
|
20 |
# Uniform Resource Identifiers (URIs) [RFC2079] |
|
21 |
# (core.ldif) |
|
22 |
# |
|
23 |
# A Summary of the X.500(96) User Schema for use with LDAPv3 [RFC2256] |
|
24 |
# (core.ldif) |
|
25 |
# |
|
26 |
# The COSINE and Internet X.500 Schema [RFC1274] (cosine.ldif) |
|
27 |
# |
|
28 |
# This file was automatically generated from inetorgperson.schema; see |
|
29 |
# that file for complete references. |
|
30 |
# |
|
31 |
dn: cn=inetorgperson,cn=schema,cn=config |
|
32 |
objectClass: olcSchemaConfig |
|
33 |
cn: inetorgperson |
|
34 |
olcAttributeTypes: ( 2.16.840.1.113730.3.1.1 NAME 'carLicense' DESC 'RFC279 |
|
35 |
8: vehicle license or registration plate' EQUALITY caseIgnoreMatch SUBSTR cas |
|
36 |
eIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) |
|
37 |
olcAttributeTypes: ( 2.16.840.1.113730.3.1.2 NAME 'departmentNumber' DESC ' |
|
38 |
RFC2798: identifies a department within an organization' EQUALITY caseIgnoreM |
|
39 |
atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) |
|
40 |
olcAttributeTypes: ( 2.16.840.1.113730.3.1.241 NAME 'displayName' DESC 'RFC |
|
41 |
2798: preferred name to be used when displaying entries' EQUALITY caseIgnoreM |
|
42 |
atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI |
|
43 |
NGLE-VALUE ) |
|
44 |
olcAttributeTypes: ( 2.16.840.1.113730.3.1.3 NAME 'employeeNumber' DESC 'RF |
|
45 |
C2798: numerically identifies an employee within an organization' EQUALITY ca |
|
46 |
seIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 |
|
47 |
1.1.15 SINGLE-VALUE ) |
|
48 |
olcAttributeTypes: ( 2.16.840.1.113730.3.1.4 NAME 'employeeType' DESC 'RFC2 |
|
49 |
798: type of employment for a person' EQUALITY caseIgnoreMatch SUBSTR caseIgn |
|
50 |
oreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) |
|
51 |
olcAttributeTypes: ( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' DESC 'RFC2 |
|
52 |
798: a JPEG image' SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 ) |
|
53 |
olcAttributeTypes: ( 2.16.840.1.113730.3.1.39 NAME 'preferredLanguage' DESC |
|
54 |
'RFC2798: preferred written or spoken language for a person' EQUALITY caseIg |
|
55 |
noreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. |
|
56 |
15 SINGLE-VALUE ) |
|
57 |
olcAttributeTypes: ( 2.16.840.1.113730.3.1.40 NAME 'userSMIMECertificate' D |
|
58 |
ESC 'RFC2798: PKCS#7 SignedData used to support S/MIME' SYNTAX 1.3.6.1.4.1.14 |
|
59 |
66.115.121.1.5 ) |
|
60 |
olcAttributeTypes: ( 2.16.840.1.113730.3.1.216 NAME 'userPKCS12' DESC 'RFC2 |
|
61 |
798: personal identity information, a PKCS #12 PFX' SYNTAX 1.3.6.1.4.1.1466.1 |
|
62 |
15.121.1.5 ) |
|
63 |
olcObjectClasses: ( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson' DESC 'RFC2 |
|
64 |
798: Internet Organizational Person' SUP organizationalPerson STRUCTURAL MAY |
|
65 |
( audio $ businessCategory $ carLicense $ departmentNumber $ displayName $ em |
|
66 |
ployeeNumber $ employeeType $ givenName $ homePhone $ homePostalAddress $ ini |
|
67 |
tials $ jpegPhoto $ labeledURI $ mail $ manager $ mobile $ o $ pager $ photo |
|
68 |
$ roomNumber $ secretary $ uid $ userCertificate $ x500uniqueIdentifier $ pre |
|
69 |
ferredLanguage $ userSMIMECertificate $ userPKCS12 ) ) |
src/authentic2_provisionning_ldap/tests/nis.ldif | ||
---|---|---|
1 |
# NIS (RFC2307) |
|
2 |
# $OpenLDAP$ |
|
3 |
## This work is part of OpenLDAP Software <http://www.openldap.org/>. |
|
4 |
## |
|
5 |
## Copyright 1998-2014 The OpenLDAP Foundation. |
|
6 |
## All rights reserved. |
|
7 |
## |
|
8 |
## Redistribution and use in source and binary forms, with or without |
|
9 |
## modification, are permitted only as authorized by the OpenLDAP |
|
10 |
## Public License. |
|
11 |
## |
|
12 |
## A copy of this license is available in the file LICENSE in the |
|
13 |
## top-level directory of the distribution or, alternatively, at |
|
14 |
## <http://www.OpenLDAP.org/license.html>. |
|
15 |
# |
|
16 |
# Definitions from RFC2307 (Experimental) |
|
17 |
# An Approach for Using LDAP as a Network Information Service |
|
18 |
# |
|
19 |
# Depends upon core.ldif and cosine.ldif |
|
20 |
# |
|
21 |
# This file was automatically generated from nis.schema; see that file |
|
22 |
# for complete references. |
|
23 |
# |
|
24 |
dn: cn=nis,cn=schema,cn=config |
|
25 |
objectClass: olcSchemaConfig |
|
26 |
cn: nis |
|
27 |
olcAttributeTypes: ( 1.3.6.1.1.1.1.2 NAME 'gecos' DESC 'The GECOS field; th |
|
28 |
e common name' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatc |
|
29 |
h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) |
|
30 |
olcAttributeTypes: ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory' DESC 'The absolut |
|
31 |
e path to the home directory' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1 |
|
32 |
466.115.121.1.26 SINGLE-VALUE ) |
|
33 |
olcAttributeTypes: ( 1.3.6.1.1.1.1.4 NAME 'loginShell' DESC 'The path to th |
|
34 |
e login shell' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.2 |
|
35 |
6 SINGLE-VALUE ) |
|
36 |
olcAttributeTypes: ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' EQUALITY integ |
|
37 |
erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) |
|
38 |
olcAttributeTypes: ( 1.3.6.1.1.1.1.6 NAME 'shadowMin' EQUALITY integerMatch |
|
39 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) |
|
40 |
olcAttributeTypes: ( 1.3.6.1.1.1.1.7 NAME 'shadowMax' EQUALITY integerMatch |
|
41 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) |
|
42 |
olcAttributeTypes: ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning' EQUALITY integerM |
|
43 |
atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) |
|
44 |
olcAttributeTypes: ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive' EQUALITY integer |
|
45 |
Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) |
|
46 |
olcAttributeTypes: ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire' EQUALITY integerM |
|
47 |
atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) |
|
48 |
olcAttributeTypes: ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag' EQUALITY integerMat |
|
49 |
ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) |
|
50 |
olcAttributeTypes: ( 1.3.6.1.1.1.1.12 NAME 'memberUid' EQUALITY caseExactI |
|
51 |
A5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. |
|
52 |
26 ) |
|
53 |
olcAttributeTypes: ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup' EQUALITY ca |
|
54 |
seExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.11 |
|
55 |
5.121.1.26 ) |
|
56 |
olcAttributeTypes: ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' DESC 'Netgr |
|
57 |
oup triple' SYNTAX 1.3.6.1.1.1.0.0 ) |
|
58 |
olcAttributeTypes: ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort' EQUALITY intege |
|
59 |
rMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) |
|
60 |
olcAttributeTypes: ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol' SUP name ) |
|
61 |
olcAttributeTypes: ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber' EQUALITY int |
|
62 |
egerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) |
|
63 |
olcAttributeTypes: ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber' EQUALITY integer |
|
64 |
Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) |
|
65 |
olcAttributeTypes: ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber' DESC 'IP address |
|
66 |
' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) |
|
67 |
olcAttributeTypes: ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber' DESC 'IP netw |
|
68 |
ork' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SI |
|
69 |
NGLE-VALUE ) |
|
70 |
olcAttributeTypes: ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber' DESC 'IP netm |
|
71 |
ask' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SI |
|
72 |
NGLE-VALUE ) |
|
73 |
olcAttributeTypes: ( 1.3.6.1.1.1.1.22 NAME 'macAddress' DESC 'MAC address' |
|
74 |
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) |
|
75 |
olcAttributeTypes: ( 1.3.6.1.1.1.1.23 NAME 'bootParameter' DESC 'rpc.bootp |
|
76 |
aramd parameter' SYNTAX 1.3.6.1.1.1.0.1 ) |
|
77 |
olcAttributeTypes: ( 1.3.6.1.1.1.1.24 NAME 'bootFile' DESC 'Boot image nam |
|
78 |
e' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) |
|
79 |
olcAttributeTypes: ( 1.3.6.1.1.1.1.26 NAME 'nisMapName' SUP name ) |
|
80 |
olcAttributeTypes: ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry' EQUALITY caseExac |
|
81 |
tIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121. |
|
82 |
1.26{1024} SINGLE-VALUE ) |
|
83 |
olcObjectClasses: ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' DESC 'Abstraction o |
|
84 |
f an account with POSIX attributes' SUP top AUXILIARY MUST ( cn $ uid $ uidNu |
|
85 |
mber $ gidNumber $ homeDirectory ) MAY ( userPassword $ loginShell $ gecos $ |
|
86 |
description ) ) |
|
87 |
olcObjectClasses: ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' DESC 'Additional a |
|
88 |
ttributes for shadow passwords' SUP top AUXILIARY MUST uid MAY ( userPassword |
|
89 |
$ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive |
|
90 |
$ shadowExpire $ shadowFlag $ description ) ) |
|
91 |
olcObjectClasses: ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' DESC 'Abstraction of |
|
92 |
a group of accounts' SUP top STRUCTURAL MUST ( cn $ gidNumber ) MAY ( userPas |
|
93 |
sword $ memberUid $ description ) ) |
|
94 |
olcObjectClasses: ( 1.3.6.1.1.1.2.3 NAME 'ipService' DESC 'Abstraction an I |
|
95 |
nternet Protocol service' SUP top STRUCTURAL MUST ( cn $ ipServicePort $ ipSe |
|
96 |
rviceProtocol ) MAY description ) |
|
97 |
olcObjectClasses: ( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' DESC 'Abstraction of |
|
98 |
an IP protocol' SUP top STRUCTURAL MUST ( cn $ ipProtocolNumber $ description |
|
99 |
) MAY description ) |
|
100 |
olcObjectClasses: ( 1.3.6.1.1.1.2.5 NAME 'oncRpc' DESC 'Abstraction of an O |
|
101 |
NC/RPC binding' SUP top STRUCTURAL MUST ( cn $ oncRpcNumber $ description ) M |
|
102 |
AY description ) |
|
103 |
olcObjectClasses: ( 1.3.6.1.1.1.2.6 NAME 'ipHost' DESC 'Abstraction of a ho |
|
104 |
st, an IP device' SUP top AUXILIARY MUST ( cn $ ipHostNumber ) MAY ( l $ desc |
|
105 |
ription $ manager ) ) |
|
106 |
olcObjectClasses: ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' DESC 'Abstraction of a |
|
107 |
n IP network' SUP top STRUCTURAL MUST ( cn $ ipNetworkNumber ) MAY ( ipNetmas |
|
108 |
kNumber $ l $ description $ manager ) ) |
|
109 |
olcObjectClasses: ( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' DESC 'Abstraction of |
|
110 |
a netgroup' SUP top STRUCTURAL MUST cn MAY ( nisNetgroupTriple $ memberNisNe |
|
111 |
tgroup $ description ) ) |
|
112 |
olcObjectClasses: ( 1.3.6.1.1.1.2.9 NAME 'nisMap' DESC 'A generic abstracti |
|
113 |
on of a NIS map' SUP top STRUCTURAL MUST nisMapName MAY description ) |
|
114 |
olcObjectClasses: ( 1.3.6.1.1.1.2.10 NAME 'nisObject' DESC 'An entry in a |
|
115 |
NIS map' SUP top STRUCTURAL MUST ( cn $ nisMapEntry $ nisMapName ) MAY descri |
|
116 |
ption ) |
|
117 |
olcObjectClasses: ( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' DESC 'A device w |
|
118 |
ith a MAC address' SUP top AUXILIARY MAY macAddress ) |
|
119 |
olcObjectClasses: ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' DESC 'A device |
|
120 |
with boot parameters' SUP top AUXILIARY MAY ( bootFile $ bootParameter ) ) |
src/authentic2_provisionning_ldap/tests/test_ldap.py | ||
---|---|---|
1 |
# authentic2 - versatile identity manager |
|
2 |
# Copyright (C) 2010-2019 Entr'ouvert |
|
3 |
# |
|
4 |
# This program is free software: you can redistribute it and/or modify it |
|
5 |
# under the terms of the GNU Affero General Public License as published |
|
6 |
# by the Free Software Foundation, either version 3 of the License, or |
|
7 |
# (at your option) any later version. |
|
8 |
# |
|
9 |
# This program is distributed in the hope that it will be useful, |
|
10 |
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
11 |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
12 |
# GNU Affero General Public License for more details. |
|
13 |
# |
|
14 |
# You should have received a copy of the GNU Affero General Public License |
|
15 |
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
16 | ||
17 |
import ldap |
|
18 | ||
19 |
from django.contrib.auth import get_user_model |
|
20 |
from django.test import TestCase |
|
21 |
from unittest import skipUnless |
|
22 | ||
23 |
from ldaptools import slapd |
|
24 |
from django.core.management import call_command |
|
25 | ||
26 |
User = get_user_model() |
|
27 | ||
28 | ||
29 |
@skipUnless(slapd.has_slapd(), 'slapd is not installed') |
|
30 |
class LDAPBaseTestCase(TestCase): |
|
31 |
slapd = None |
|
32 | ||
33 |
def setUp(self): |
|
34 |
if self.slapd is None: |
|
35 |
self.slapd = slapd.Slapd() |
|
36 |
self.slapd.stop() |
|
37 |
self.slapd.checkpoint() |
|
38 |
self.slapd.start() |
|
39 |
# fresh connection |
|
40 | ||
41 |
def tearDown(self): |
|
42 |
self.slapd.stop() |
|
43 |
self.slapd.restore() |
|
44 |
self.slapd.start() |
|
45 | ||
46 | ||
47 |
class WhoamiTest(LDAPBaseTestCase): |
|
48 |
def test_whoami(self): |
|
49 |
conn = self.slapd.get_connection() |
|
50 |
self.slapd.add_ldif('''dn: uid=admin,o=orga |
|
51 |
objectClass: inetOrgPerson |
|
52 |
cn: admin |
|
53 |
sn: admin |
|
54 |
uid: admin |
|
55 |
userPassword: admin''') |
|
56 |
conn.simple_bind_s('uid=admin,o=orga', 'admin') |
|
57 |
assert conn.whoami_s() == 'dn:uid=admin,o=orga' |
|
58 | ||
59 | ||
60 |
class ProvisionTest(LDAPBaseTestCase): |
|
61 |
def test_ldap_provisionning(self): |
|
62 |
conn = self.slapd.get_connection() |
|
63 |
ressources = [{ |
|
64 |
'name': 'ldap', |
|
65 |
'url': self.slapd.ldap_url, |
|
66 |
'bind_dn': self.slapd.root_bind_dn, |
|
67 |
'bind_pw': self.slapd.root_bind_password, |
|
68 |
'base_dn': 'o=orga', |
|
69 |
'rdn_attributes': ['uid'], |
|
70 |
'attribute_mapping': { |
|
71 |
'uid': 'django_user_username', |
|
72 |
'givenName': 'django_user_first_name', |
|
73 |
'sn': 'django_user_last_name', |
|
74 |
'mail': 'django_user_email', |
|
75 |
}, |
|
76 |
'format_mapping': { |
|
77 |
'cn': ['{django_user_first_name} {django_user_last_name}'], |
|
78 |
}, |
|
79 |
'static_attributes': { |
|
80 |
'objectclass': 'inetorgperson', |
|
81 |
}, |
|
82 |
'ldap_filter': '(objectclass=inetorgperson)', |
|
83 |
}] |
|
84 |
users = [ |
|
85 |
User(username='john.doe%s' % i, |
|
86 |
first_name='john', |
|
87 |
last_name='doe', |
|
88 |
email='john.doe@example.com') for i in range(1000)] |
|
89 | ||
90 |
User.objects.bulk_create(users) |
|
91 |
self.slapd.add_ldif('''dn: uid=test,o=orga |
|
92 |
objectClass: inetOrgPerson |
|
93 |
uid: test |
|
94 |
cn: test |
|
95 |
sn: test |
|
96 |
gn: test |
|
97 |
mail: test''') |
|
98 |
with self.settings(A2_PROVISIONNING_RESSOURCES=ressources): |
|
99 |
call_command('provision', 'ldap') |
|
100 |
results = conn.search_s('o=orga', ldap.SCOPE_ONELEVEL) |
|
101 |
self.assertEqual(len(results), 1000) |
|
102 |
for dn, entry in results: |
|
103 |
uid = entry['uid'][0] |
|
104 |
self.assertTrue(uid.startswith('john.doe')) |
|
105 |
self.assertEqual(entry, { |
|
106 |
'objectClass': ['inetOrgPerson'], |
|
107 |
'uid': [uid], |
|
108 |
'sn': [users[0].last_name], |
|
109 |
'givenName': [users[0].first_name], |
|
110 |
'cn': ['%s %s' % (users[0].first_name, users[0].last_name)], |
|
111 |
'mail': [users[0].email] |
|
112 |
}) |
|
113 |
- |