/etc/ldap/schema/duaconf.schema is in slapd 2.4.28-1.1ubuntu4.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 | # $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2011 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
# DUA schema from draft-joslin-config-schema (a work in progress)
# Contents of this file are subject to change (including deletion)
# without notice.
#
# Not recommended for production use!
# Use with extreme caution!
## Notes:
## - The matching rule for attributes followReferrals and dereferenceAliases
## has been changed to booleanMatch since their syntax is boolean
## - There was a typo in the name of the dereferenceAliases attributeType
## in the DUAConfigProfile objectClass definition
## - Credit goes to the original Authors
#
# Application Working Group M. Ansari
# INTERNET-DRAFT Sun Microsystems, Inc.
# Expires Febuary 2003 L. Howard
# PADL Software Pty. Ltd.
# B. Joslin [ed.]
# Hewlett-Packard Company
#
# September 15th, 2003
# Intended Category: Informational
#
#
# A Configuration Schema for LDAP Based
# Directory User Agents
# <draft-joslin-config-schema-07.txt>
#
#Status of this Memo
#
# This memo provides information for the Internet community. This
# memo does not specify an Internet standard of any kind. Distribu-
# tion of this memo is unlimited.
#
# This document is an Internet-Draft and is in full conformance with
# all provisions of Section 10 of RFC2026.
#
# This document is an Internet-Draft. Internet-Drafts are working
# documents of the Internet Engineering Task Force (IETF), its areas,
# and its working groups. Note that other groups may also distribute
# working documents as Internet-Drafts.
#
# Internet-Drafts are draft documents valid for a maximum of six
# months. Internet-Drafts may be updated, replaced, or made obsolete
# by other documents at any time. It is not appropriate to use
# Internet-Drafts as reference material or to cite them other than as
# a "working draft" or "work in progress".
#
# To learn the current status of any Internet-Draft, please check the
# 1id-abstracts.txt listing contained in the Internet-Drafts Shadow
# Directories on ds.internic.net (US East Coast), nic.nordu.net
# (Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific
# Rim).
#
# Distribution of this document is unlimited.
#
#
# Abstract
#
# This document describes a mechanism for global configuration of
# similar directory user agents. This document defines a schema for
# configuration of these DUAs that may be discovered using the Light-
# weight Directory Access Protocol in RFC 2251[17]. A set of attri-
# bute types and an objectclass are proposed, along with specific
# guidelines for interpreting them. A significant feature of the
# global configuration policy for DUAs is a mechanism that allows
# DUAs to re-configure their schema to that of the end user's
# environment. This configuration is achieved through attribute and
# objectclass mapping. This document is intended to be a skeleton
# for future documents that describe configuration of specific DUA
# services.
#
#
# [trimmed]
#
#
# 2. General Issues
#
# The schema defined by this document is defined under the "DUA Con-
# figuration Schema." This schema is derived from the OID: iso (1)
# org (3) dod (6) internet (1) private (4) enterprises (1) Hewlett-
# Packard Company (11) directory (1) LDAP-UX Integration Project (3)
# DUA Configuration Schema (1). This OID is represented in this
# document by the keystring "DUAConfSchemaOID"
# (1.3.6.1.4.1.11.1.3.1).
objectidentifier DUAConfSchemaOID 1.3.6.1.4.1.11.1.3.1
#
# 2.2 Attributes
#
# The attributes and classes defined in this document are summarized
# below.
#
# The following attributes are defined in this document:
#
# preferredServerList
# defaultServerList
# defaultSearchBase
# defaultSearchScope
# authenticationMethod
# credentialLevel
# serviceSearchDescriptor
#
#
#
# Joslin [Page 3]
# Internet-Draft DUA Configuration Schema October 2002
#
#
# serviceCredentialLevel
# serviceAuthenticationMethod
# attributeMap
# objectclassMap
# searchTimeLimit
# bindTimeLimit
# followReferrals
# dereferenceAliases
# profileTTL
#
# 2.3 Object Classes
#
# The following object class is defined in this document:
#
# DUAConfigProfile
#
#
attributeType ( DUAConfSchemaOID:1.0 NAME 'defaultServerList'
DESC 'Default LDAP server host address used by a DUA'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
attributeType ( DUAConfSchemaOID:1.1 NAME 'defaultSearchBase'
DESC 'Default LDAP base DN used by a DUA'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
SINGLE-VALUE )
attributeType ( DUAConfSchemaOID:1.2 NAME 'preferredServerList'
DESC 'Preferred LDAP server host addresses to be used by a
DUA'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
attributeType ( DUAConfSchemaOID:1.3 NAME 'searchTimeLimit'
DESC 'Maximum time in seconds a DUA should allow for a
search to complete'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributeType ( DUAConfSchemaOID:1.4 NAME 'bindTimeLimit'
DESC 'Maximum time in seconds a DUA should allow for the
bind operation to complete'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributeType ( DUAConfSchemaOID:1.5 NAME 'followReferrals'
DESC 'Tells DUA if it should follow referrals
returned by a DSA search result'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE )
attributeType ( DUAConfSchemaOID:1.16 NAME 'dereferenceAliases'
DESC 'Tells DUA if it should dereference aliases'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE )
attributeType ( DUAConfSchemaOID:1.6 NAME 'authenticationMethod'
DESC 'A keystring which identifies the type of
authentication method used to contact the DSA'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
attributeType ( DUAConfSchemaOID:1.7 NAME 'profileTTL'
DESC 'Time to live, in seconds, before a client DUA
should re-read this configuration profile'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributeType ( DUAConfSchemaOID:1.14 NAME 'serviceSearchDescriptor'
DESC 'LDAP search descriptor list used by a DUA'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributeType ( DUAConfSchemaOID:1.9 NAME 'attributeMap'
DESC 'Attribute mappings used by a DUA'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributeType ( DUAConfSchemaOID:1.10 NAME 'credentialLevel'
DESC 'Identifies type of credentials a DUA should
use when binding to the LDAP server'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
attributeType ( DUAConfSchemaOID:1.11 NAME 'objectclassMap'
DESC 'Objectclass mappings used by a DUA'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributeType ( DUAConfSchemaOID:1.12 NAME 'defaultSearchScope'
DESC 'Default search scope used by a DUA'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
attributeType ( DUAConfSchemaOID:1.13 NAME 'serviceCredentialLevel'
DESC 'Identifies type of credentials a DUA
should use when binding to the LDAP server for a
specific service'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributeType ( DUAConfSchemaOID:1.15 NAME 'serviceAuthenticationMethod'
DESC 'Authentication method used by a service of the DUA'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
#
# 4. Class Definition
#
# The objectclass below is constructed from the attributes defined in
# 3, with the exception of the cn attribute, which is defined in RFC
# 2256 [8]. cn is used to represent the name of the DUA configura-
# tion profile.
#
objectClass ( DUAConfSchemaOID:2.5 NAME 'DUAConfigProfile'
SUP top STRUCTURAL
DESC 'Abstraction of a base configuration for a DUA'
MUST ( cn )
MAY ( defaultServerList $ preferredServerList $
defaultSearchBase $ defaultSearchScope $
searchTimeLimit $ bindTimeLimit $
credentialLevel $ authenticationMethod $
followReferrals $ dereferenceAliases $
serviceSearchDescriptor $ serviceCredentialLevel $
serviceAuthenticationMethod $ objectclassMap $
attributeMap $ profileTTL ) )
|