This file is indexed.

/etc/ldap/schema/duaconf.schema is in slapd 2.4.28-1.1ubuntu4.6.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2011 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.

# DUA schema from draft-joslin-config-schema (a work in progress)

# Contents of this file are subject to change (including deletion)
# without notice.
#
# Not recommended for production use!
# Use with extreme caution!

## Notes:
## - The matching rule for attributes followReferrals and dereferenceAliases
##   has been changed to booleanMatch since their syntax is boolean
## - There was a typo in the name of the dereferenceAliases attributeType
##   in the DUAConfigProfile objectClass definition
## - Credit goes to the original Authors

# 
# Application Working Group                                      M. Ansari
# INTERNET-DRAFT                                    Sun Microsystems, Inc.
# Expires Febuary 2003                                           L. Howard
#                                                  PADL Software Pty. Ltd.
#                                                          B. Joslin [ed.]
#                                                  Hewlett-Packard Company
# 
#                                                     September 15th, 2003
# Intended Category: Informational
# 
# 
#                  A Configuration Schema for LDAP Based
#                          Directory User Agents
#                   <draft-joslin-config-schema-07.txt>
#
#Status of this Memo
#
#    This memo provides information for the Internet community.  This
#    memo does not specify an Internet standard of any kind.  Distribu-
#    tion of this memo is unlimited.
#         
#    This document is an Internet-Draft and is in full conformance with
#    all provisions of Section 10 of RFC2026.
#    
#    This document is an Internet-Draft. Internet-Drafts are working  
#    documents of the Internet Engineering Task Force (IETF), its areas,
#    and its working groups. Note that other groups may also distribute
#    working documents as Internet-Drafts.
#    
#    Internet-Drafts are draft documents valid for a maximum of six
#    months.  Internet-Drafts may be updated, replaced, or made obsolete
#    by other documents at any time. It is not appropriate to use 
#    Internet-Drafts as reference material or to cite them other than as
#    a "working draft" or "work in progress".                
#         
#    To learn the current status of any Internet-Draft, please check the
#    1id-abstracts.txt listing contained in the Internet-Drafts Shadow 
#    Directories on ds.internic.net (US East Coast), nic.nordu.net      
#    (Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific
#    Rim).
#    
#    Distribution of this document is unlimited.
# 
# 
# Abstract
# 
#      This document describes a mechanism for global configuration of
#      similar directory user agents.  This document defines a schema for
#      configuration of these DUAs that may be discovered using the Light-
#      weight Directory Access Protocol in RFC 2251[17].  A set of attri-
#      bute types and an objectclass are proposed, along with specific
#      guidelines for interpreting them.  A significant feature of the
#      global configuration policy for DUAs is a mechanism that allows
#      DUAs to re-configure their schema to that of the end user's
#      environment.  This configuration is achieved through attribute and
#      objectclass mapping.  This document is intended to be a skeleton
#      for future documents that describe configuration of specific DUA
#      services.
# 
# 
# [trimmed]
# 
# 
# 2.  General Issues
# 
#      The schema defined by this document is defined under the "DUA Con-
#      figuration Schema."  This schema is derived from the OID: iso (1)
#      org (3) dod (6) internet (1) private (4) enterprises (1) Hewlett-
#      Packard Company (11) directory (1) LDAP-UX Integration Project (3)
#      DUA Configuration Schema (1).  This OID is represented in this
#      document by the keystring "DUAConfSchemaOID"
#      (1.3.6.1.4.1.11.1.3.1).
objectidentifier DUAConfSchemaOID 1.3.6.1.4.1.11.1.3.1
# 
# 2.2 Attributes
# 
#      The attributes and classes defined in this document are summarized
#      below.
# 
#      The following attributes are defined in this document:
# 
#           preferredServerList
#           defaultServerList
#           defaultSearchBase
#           defaultSearchScope
#           authenticationMethod
#           credentialLevel
#           serviceSearchDescriptor
# 
# 
# 
# Joslin                                                         [Page 3]
# Internet-Draft          DUA Configuration Schema            October 2002
# 
# 
#           serviceCredentialLevel
#           serviceAuthenticationMethod
#           attributeMap
#           objectclassMap
#           searchTimeLimit
#           bindTimeLimit
#           followReferrals
#           dereferenceAliases
#           profileTTL
# 
# 2.3 Object Classes
# 
#      The following object class is defined in this document:
# 
#           DUAConfigProfile
# 
# 
attributeType ( DUAConfSchemaOID:1.0 NAME 'defaultServerList'
            DESC 'Default LDAP server host address used by a DUA'
            EQUALITY caseIgnoreMatch
            SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
            SINGLE-VALUE )

attributeType ( DUAConfSchemaOID:1.1 NAME 'defaultSearchBase'
            DESC 'Default LDAP base DN used by a DUA'
            EQUALITY distinguishedNameMatch
            SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
            SINGLE-VALUE )

attributeType ( DUAConfSchemaOID:1.2 NAME 'preferredServerList'
            DESC 'Preferred LDAP server host addresses to be used by a
            DUA'
            EQUALITY caseIgnoreMatch
            SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
            SINGLE-VALUE )

attributeType ( DUAConfSchemaOID:1.3 NAME 'searchTimeLimit'
            DESC 'Maximum time in seconds a DUA should allow for a
            search to complete'
            EQUALITY integerMatch
            SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
            SINGLE-VALUE )

attributeType ( DUAConfSchemaOID:1.4 NAME 'bindTimeLimit'
            DESC 'Maximum time in seconds a DUA should allow for the
            bind operation to complete'
            EQUALITY integerMatch
            SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
            SINGLE-VALUE )

attributeType ( DUAConfSchemaOID:1.5 NAME 'followReferrals'
            DESC 'Tells DUA if it should follow referrals
            returned by a DSA search result'
            EQUALITY booleanMatch
            SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
            SINGLE-VALUE )

attributeType ( DUAConfSchemaOID:1.16 NAME 'dereferenceAliases'
            DESC 'Tells DUA if it should dereference aliases'
            EQUALITY booleanMatch
            SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
            SINGLE-VALUE )

attributeType ( DUAConfSchemaOID:1.6 NAME 'authenticationMethod'
            DESC 'A keystring which identifies the type of
            authentication method used to contact the DSA'
            EQUALITY caseIgnoreMatch
            SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
            SINGLE-VALUE )

attributeType ( DUAConfSchemaOID:1.7 NAME 'profileTTL'
            DESC 'Time to live, in seconds, before a client DUA
            should re-read this configuration profile'
            EQUALITY integerMatch
            SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
            SINGLE-VALUE )

attributeType ( DUAConfSchemaOID:1.14 NAME 'serviceSearchDescriptor'
            DESC 'LDAP search descriptor list used by a DUA'
            EQUALITY caseExactMatch
            SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

attributeType ( DUAConfSchemaOID:1.9 NAME 'attributeMap'
            DESC 'Attribute mappings used by a DUA'
            EQUALITY caseIgnoreIA5Match
            SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

attributeType ( DUAConfSchemaOID:1.10 NAME 'credentialLevel'
            DESC 'Identifies type of credentials a DUA should
            use when binding to the LDAP server'
            EQUALITY caseIgnoreIA5Match
            SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
            SINGLE-VALUE )

attributeType ( DUAConfSchemaOID:1.11 NAME 'objectclassMap'
            DESC 'Objectclass mappings used by a DUA'
            EQUALITY caseIgnoreIA5Match
            SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

attributeType ( DUAConfSchemaOID:1.12 NAME 'defaultSearchScope'
            DESC 'Default search scope used by a DUA'
            EQUALITY caseIgnoreIA5Match
            SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
            SINGLE-VALUE )

attributeType ( DUAConfSchemaOID:1.13 NAME 'serviceCredentialLevel'
            DESC 'Identifies type of credentials a DUA
            should use when binding to the LDAP server for a
            specific service'
            EQUALITY caseIgnoreIA5Match
            SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

attributeType ( DUAConfSchemaOID:1.15 NAME 'serviceAuthenticationMethod'
            DESC 'Authentication method used by a service of the DUA'
            EQUALITY caseIgnoreMatch
            SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
# 
# 4.  Class Definition
# 
#      The objectclass below is constructed from the attributes defined in
#      3, with the exception of the cn attribute, which is defined in RFC
#      2256 [8].  cn is used to represent the name of the DUA configura-
#      tion profile.
# 
objectClass ( DUAConfSchemaOID:2.5 NAME 'DUAConfigProfile'
          SUP top STRUCTURAL
          DESC 'Abstraction of a base configuration for a DUA'
          MUST ( cn )
          MAY ( defaultServerList $ preferredServerList $
                defaultSearchBase $ defaultSearchScope $
                searchTimeLimit $ bindTimeLimit $
                credentialLevel $ authenticationMethod $
                followReferrals $ dereferenceAliases $
                serviceSearchDescriptor $ serviceCredentialLevel $
                serviceAuthenticationMethod $ objectclassMap $
                attributeMap $ profileTTL ) )