1178825Sdfr# Definitions for a Kerberos V KDC schema
2178825Sdfr#
3178825Sdfr# $Id: hdb.schema 14958 2005-04-25 17:33:40Z lha $
4178825Sdfr#
5178825Sdfr# This version is compatible with OpenLDAP 1.8
6178825Sdfr#
7178825Sdfr# OID Base is iso(1) org(3) dod(6) internet(1) private(4) enterprise(1) padl(5322) kdcSchema(10)
8178825Sdfr#
9178825Sdfr# Syntaxes are under 1.3.6.1.4.1.5322.10.0
10178825Sdfr# Attributes types are under 1.3.6.1.4.1.5322.10.1
11178825Sdfr# Object classes are under 1.3.6.1.4.1.5322.10.2
12178825Sdfr
13178825Sdfr# Syntax definitions
14178825Sdfr
15178825Sdfr#krb5KDCFlagsSyntax SYNTAX ::= {
16178825Sdfr#   WITH SYNTAX            INTEGER
17178825Sdfr#--        initial(0),             -- require as-req
18178825Sdfr#--        forwardable(1),         -- may issue forwardable
19178825Sdfr#--        proxiable(2),           -- may issue proxiable
20178825Sdfr#--        renewable(3),           -- may issue renewable
21178825Sdfr#--        postdate(4),            -- may issue postdatable
22178825Sdfr#--        server(5),              -- may be server
23178825Sdfr#--        client(6),              -- may be client
24178825Sdfr#--        invalid(7),             -- entry is invalid
25178825Sdfr#--        require-preauth(8),     -- must use preauth
26178825Sdfr#--        change-pw(9),           -- change password service
27178825Sdfr#--        require-hwauth(10),     -- must use hwauth
28178825Sdfr#--        ok-as-delegate(11),     -- as in TicketFlags
29178825Sdfr#--        user-to-user(12),       -- may use user-to-user auth
30178825Sdfr#--        immutable(13)           -- may not be deleted         
31178825Sdfr#   ID                     { 1.3.6.1.4.1.5322.10.0.1 }
32178825Sdfr#}
33178825Sdfr
34178825Sdfr#krb5PrincipalNameSyntax SYNTAX ::= {
35178825Sdfr#   WITH SYNTAX            OCTET STRING
36178825Sdfr#-- String representations of distinguished names as per RFC1510
37178825Sdfr#   ID                     { 1.3.6.1.4.1.5322.10.0.2 }
38178825Sdfr#}
39178825Sdfr
40178825Sdfr# Attribute type definitions
41178825Sdfr 
42178825Sdfrattributetype ( 1.3.6.1.4.1.5322.10.1.1
43178825Sdfr	NAME 'krb5PrincipalName'
44178825Sdfr	DESC 'The unparsed Kerberos principal name'
45178825Sdfr	EQUALITY caseExactIA5Match
46178825Sdfr	SINGLE-VALUE
47178825Sdfr	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
48178825Sdfr
49178825Sdfrattributetype ( 1.3.6.1.4.1.5322.10.1.2
50178825Sdfr	NAME 'krb5KeyVersionNumber'
51178825Sdfr	EQUALITY integerMatch
52178825Sdfr	SINGLE-VALUE
53178825Sdfr	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
54178825Sdfr
55178825Sdfrattributetype ( 1.3.6.1.4.1.5322.10.1.3
56178825Sdfr	NAME 'krb5MaxLife'
57178825Sdfr	EQUALITY integerMatch
58178825Sdfr	SINGLE-VALUE
59178825Sdfr	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
60178825Sdfr
61178825Sdfrattributetype ( 1.3.6.1.4.1.5322.10.1.4
62178825Sdfr	NAME 'krb5MaxRenew'
63178825Sdfr	EQUALITY integerMatch
64178825Sdfr	SINGLE-VALUE
65178825Sdfr	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
66178825Sdfr
67178825Sdfrattributetype ( 1.3.6.1.4.1.5322.10.1.5
68178825Sdfr	NAME 'krb5KDCFlags'
69178825Sdfr	EQUALITY integerMatch
70178825Sdfr	SINGLE-VALUE
71178825Sdfr	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
72178825Sdfr
73178825Sdfrattributetype ( 1.3.6.1.4.1.5322.10.1.6
74178825Sdfr	NAME 'krb5EncryptionType'
75178825Sdfr	EQUALITY integerMatch
76178825Sdfr	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
77178825Sdfr
78178825Sdfrattributetype ( 1.3.6.1.4.1.5322.10.1.7
79178825Sdfr	NAME 'krb5ValidStart'
80178825Sdfr	EQUALITY generalizedTimeMatch
81178825Sdfr	ORDERING generalizedTimeOrderingMatch
82178825Sdfr	SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
83178825Sdfr	SINGLE-VALUE )
84178825Sdfr
85178825Sdfrattributetype ( 1.3.6.1.4.1.5322.10.1.8
86178825Sdfr	NAME 'krb5ValidEnd'
87178825Sdfr	EQUALITY generalizedTimeMatch
88178825Sdfr	ORDERING generalizedTimeOrderingMatch
89178825Sdfr	SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
90178825Sdfr	SINGLE-VALUE )
91178825Sdfr
92178825Sdfrattributetype ( 1.3.6.1.4.1.5322.10.1.9
93178825Sdfr	NAME 'krb5PasswordEnd'
94178825Sdfr	EQUALITY generalizedTimeMatch
95178825Sdfr	ORDERING generalizedTimeOrderingMatch
96178825Sdfr	SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
97178825Sdfr	SINGLE-VALUE )
98178825Sdfr
99178825Sdfr# this is temporary; keys will eventually
100178825Sdfr# be child entries or compound attributes.
101178825Sdfrattributetype ( 1.3.6.1.4.1.5322.10.1.10
102178825Sdfr	NAME 'krb5Key'
103178825Sdfr	DESC 'Encoded ASN1 Key as an octet string'
104178825Sdfr	SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
105178825Sdfr
106178825Sdfrattributetype ( 1.3.6.1.4.1.5322.10.1.11
107178825Sdfr	NAME 'krb5PrincipalRealm'
108178825Sdfr	DESC 'Distinguished name of krb5Realm entry'
109178825Sdfr	SUP distinguishedName )
110178825Sdfr
111178825Sdfrattributetype ( 1.3.6.1.4.1.5322.10.1.12
112178825Sdfr	NAME 'krb5RealmName'
113178825Sdfr	EQUALITY octetStringMatch
114178825Sdfr	SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
115178825Sdfr
116178825Sdfr# Object class definitions
117178825Sdfr
118178825Sdfrobjectclass ( 1.3.6.1.4.1.5322.10.2.1
119178825Sdfr	NAME 'krb5Principal'
120178825Sdfr	SUP top
121178825Sdfr	AUXILIARY
122178825Sdfr	MUST ( krb5PrincipalName )
123178825Sdfr	MAY ( cn $ krb5PrincipalRealm ) )
124178825Sdfr
125178825Sdfrobjectclass ( 1.3.6.1.4.1.5322.10.2.2
126178825Sdfr	NAME 'krb5KDCEntry'
127178825Sdfr	SUP krb5Principal
128178825Sdfr	AUXILIARY
129178825Sdfr	MUST ( krb5KeyVersionNumber )
130178825Sdfr	MAY ( krb5ValidStart $ krb5ValidEnd $ krb5PasswordEnd $
131178825Sdfr              krb5MaxLife $ krb5MaxRenew $ krb5KDCFlags $
132178825Sdfr              krb5EncryptionType $ krb5Key ) )
133178825Sdfr
134178825Sdfrobjectclass ( 1.3.6.1.4.1.5322.10.2.3
135178825Sdfr	NAME 'krb5Realm'
136178825Sdfr	SUP top
137178825Sdfr	AUXILIARY
138178825Sdfr	MUST ( krb5RealmName ) )
139178825Sdfr
140