1# OpenLDAP Core schema 2# $OpenLDAP$ 3## This work is part of OpenLDAP Software <http://www.openldap.org/>. 4## 5## Copyright 1998-2011 The OpenLDAP Foundation. 6## All rights reserved. 7## 8## Redistribution and use in source and binary forms, with or without 9## modification, are permitted only as authorized by the OpenLDAP 10## Public License. 11## 12## A copy of this license is available in the file LICENSE in the 13## top-level directory of the distribution or, alternatively, at 14## <http://www.OpenLDAP.org/license.html>. 15# 16## Portions Copyright (C) The Internet Society (1997-2003). 17## All Rights Reserved. 18## 19## This document and translations of it may be copied and furnished to 20## others, and derivative works that comment on or otherwise explain it 21## or assist in its implementation may be prepared, copied, published 22## and distributed, in whole or in part, without restriction of any 23## kind, provided that the above copyright notice and this paragraph are 24## included on all such copies and derivative works. However, this 25## document itself may not be modified in any way, such as by removing 26## the copyright notice or references to the Internet Society or other 27## Internet organizations, except as needed for the purpose of 28## developing Internet standards in which case the procedures for 29## copyrights defined in the Internet Standards process must be 30## followed, or as required to translate it into languages other than 31## English. 32## 33## The limited permissions granted above are perpetual and will not be 34## revoked by the Internet Society or its successors or assigns. 35## 36## This document and the information contained herein is provided on an 37## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 38## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 39## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 40## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 41## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 42# 43# 44# 45# Includes LDAPv3 schema items from: 46# RFC 2252/2256 (LDAPv3) 47# 48# Select standard track schema items: 49# RFC 1274 (uid/dc) 50# RFC 2079 (URI) 51# RFC 2247 (dc/dcObject) 52# RFC 2587 (PKI) 53# RFC 2589 (Dynamic Directory Services) 54# 55# Select informational schema items: 56# RFC 2377 (uidObject) 57# 58# 59# Standard attribute types from RFC 2256 60# 61dn: cn=core,cn=schema,cn=config 62objectClass: olcSchemaConfig 63cn: core 64# 65# system schema 66#olcAttributeTypes: ( 2.5.4.0 NAME 'objectClass' 67# DESC 'RFC2256: object classes of the entity' 68# EQUALITY objectIdentifierMatch 69# SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) 70# 71# system schema 72#olcAttributeTypes: ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' ) 73# DESC 'RFC2256: name of aliased object' 74# EQUALITY distinguishedNameMatch 75# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) 76# 77olcAttributeTypes: ( 2.5.4.2 NAME 'knowledgeInformation' 78 DESC 'RFC2256: knowledge information' 79 EQUALITY caseIgnoreMatch 80 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) 81# 82# system schema 83#olcAttributeTypes: ( 2.5.4.3 NAME ( 'cn' 'commonName' ) 84# DESC 'RFC2256: common name(s) for which the entity is known by' 85# SUP name ) 86# 87olcAttributeTypes: ( 2.5.4.4 NAME ( 'sn' 'surname' ) 88 DESC 'RFC2256: last (family) name(s) for which the entity is known by' 89 SUP name ) 90# 91olcAttributeTypes: ( 2.5.4.5 NAME 'serialNumber' 92 DESC 'RFC2256: serial number of the entity' 93 EQUALITY caseIgnoreMatch 94 SUBSTR caseIgnoreSubstringsMatch 95 SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} ) 96# 97# RFC 4519 definition ('countryName' in X.500 and RFC2256) 98olcAttributeTypes: ( 2.5.4.6 NAME ( 'c' 'countryName' ) 99 DESC 'RFC4519: two-letter ISO-3166 country code' 100 SUP name 101 SYNTAX 1.3.6.1.4.1.1466.115.121.1.11 102 SINGLE-VALUE ) 103# 104olcAttributeTypes: ( 2.5.4.7 NAME ( 'l' 'localityName' ) 105 DESC 'RFC2256: locality which this object resides in' 106 SUP name ) 107# 108olcAttributeTypes: ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' ) 109 DESC 'RFC2256: state or province which this object resides in' 110 SUP name ) 111# 112olcAttributeTypes: ( 2.5.4.9 NAME ( 'street' 'streetAddress' ) 113 DESC 'RFC2256: street address of this object' 114 EQUALITY caseIgnoreMatch 115 SUBSTR caseIgnoreSubstringsMatch 116 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) 117# 118olcAttributeTypes: ( 2.5.4.10 NAME ( 'o' 'organizationName' ) 119 DESC 'RFC2256: organization this object belongs to' 120 SUP name ) 121# 122olcAttributeTypes: ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' ) 123 DESC 'RFC2256: organizational unit this object belongs to' 124 SUP name ) 125# 126olcAttributeTypes: ( 2.5.4.12 NAME 'title' 127 DESC 'RFC2256: title associated with the entity' 128 SUP name ) 129# 130# system schema 131#olcAttributeTypes: ( 2.5.4.13 NAME 'description' 132# DESC 'RFC2256: descriptive information' 133# EQUALITY caseIgnoreMatch 134# SUBSTR caseIgnoreSubstringsMatch 135# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} ) 136# 137# Deprecated by enhancedSearchGuide 138olcAttributeTypes: ( 2.5.4.14 NAME 'searchGuide' 139 DESC 'RFC2256: search guide, deprecated by enhancedSearchGuide' 140 SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 ) 141# 142olcAttributeTypes: ( 2.5.4.15 NAME 'businessCategory' 143 DESC 'RFC2256: business category' 144 EQUALITY caseIgnoreMatch 145 SUBSTR caseIgnoreSubstringsMatch 146 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) 147# 148olcAttributeTypes: ( 2.5.4.16 NAME 'postalAddress' 149 DESC 'RFC2256: postal address' 150 EQUALITY caseIgnoreListMatch 151 SUBSTR caseIgnoreListSubstringsMatch 152 SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) 153# 154olcAttributeTypes: ( 2.5.4.17 NAME 'postalCode' 155 DESC 'RFC2256: postal code' 156 EQUALITY caseIgnoreMatch 157 SUBSTR caseIgnoreSubstringsMatch 158 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} ) 159# 160olcAttributeTypes: ( 2.5.4.18 NAME 'postOfficeBox' 161 DESC 'RFC2256: Post Office Box' 162 EQUALITY caseIgnoreMatch 163 SUBSTR caseIgnoreSubstringsMatch 164 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} ) 165# 166olcAttributeTypes: ( 2.5.4.19 NAME 'physicalDeliveryOfficeName' 167 DESC 'RFC2256: Physical Delivery Office Name' 168 EQUALITY caseIgnoreMatch 169 SUBSTR caseIgnoreSubstringsMatch 170 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) 171# 172olcAttributeTypes: ( 2.5.4.20 NAME 'telephoneNumber' 173 DESC 'RFC2256: Telephone Number' 174 EQUALITY telephoneNumberMatch 175 SUBSTR telephoneNumberSubstringsMatch 176 SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} ) 177# 178olcAttributeTypes: ( 2.5.4.21 NAME 'telexNumber' 179 DESC 'RFC2256: Telex Number' 180 SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 ) 181# 182olcAttributeTypes: ( 2.5.4.22 NAME 'teletexTerminalIdentifier' 183 DESC 'RFC2256: Teletex Terminal Identifier' 184 SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 ) 185# 186olcAttributeTypes: ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' ) 187 DESC 'RFC2256: Facsimile (Fax) Telephone Number' 188 SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 ) 189# 190olcAttributeTypes: ( 2.5.4.24 NAME 'x121Address' 191 DESC 'RFC2256: X.121 Address' 192 EQUALITY numericStringMatch 193 SUBSTR numericStringSubstringsMatch 194 SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} ) 195# 196olcAttributeTypes: ( 2.5.4.25 NAME 'internationaliSDNNumber' 197 DESC 'RFC2256: international ISDN number' 198 EQUALITY numericStringMatch 199 SUBSTR numericStringSubstringsMatch 200 SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} ) 201# 202olcAttributeTypes: ( 2.5.4.26 NAME 'registeredAddress' 203 DESC 'RFC2256: registered postal address' 204 SUP postalAddress 205 SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) 206# 207olcAttributeTypes: ( 2.5.4.27 NAME 'destinationIndicator' 208 DESC 'RFC2256: destination indicator' 209 EQUALITY caseIgnoreMatch 210 SUBSTR caseIgnoreSubstringsMatch 211 SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} ) 212# 213olcAttributeTypes: ( 2.5.4.28 NAME 'preferredDeliveryMethod' 214 DESC 'RFC2256: preferred delivery method' 215 SYNTAX 1.3.6.1.4.1.1466.115.121.1.14 216 SINGLE-VALUE ) 217# 218olcAttributeTypes: ( 2.5.4.29 NAME 'presentationAddress' 219 DESC 'RFC2256: presentation address' 220 EQUALITY presentationAddressMatch 221 SYNTAX 1.3.6.1.4.1.1466.115.121.1.43 222 SINGLE-VALUE ) 223# 224olcAttributeTypes: ( 2.5.4.30 NAME 'supportedApplicationContext' 225 DESC 'RFC2256: supported application context' 226 EQUALITY objectIdentifierMatch 227 SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) 228# 229olcAttributeTypes: ( 2.5.4.31 NAME 'member' 230 DESC 'RFC2256: member of a group' 231 SUP distinguishedName ) 232# 233olcAttributeTypes: ( 2.5.4.32 NAME 'owner' 234 DESC 'RFC2256: owner (of the object)' 235 SUP distinguishedName ) 236# 237olcAttributeTypes: ( 2.5.4.33 NAME 'roleOccupant' 238 DESC 'RFC2256: occupant of role' 239 SUP distinguishedName ) 240# 241# system schema 242#olcAttributeTypes: ( 2.5.4.34 NAME 'seeAlso' 243# DESC 'RFC2256: DN of related object' 244# SUP distinguishedName ) 245# 246# system schema 247#olcAttributeTypes: ( 2.5.4.35 NAME 'userPassword' 248# DESC 'RFC2256/2307: password of user' 249# EQUALITY octetStringMatch 250# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} ) 251# 252# Must be transferred using ;binary 253# with certificateExactMatch rule (per X.509) 254olcAttributeTypes: ( 2.5.4.36 NAME 'userCertificate' 255 DESC 'RFC2256: X.509 user certificate, use ;binary' 256 EQUALITY certificateExactMatch 257 SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 ) 258# 259# Must be transferred using ;binary 260# with certificateExactMatch rule (per X.509) 261olcAttributeTypes: ( 2.5.4.37 NAME 'cACertificate' 262 DESC 'RFC2256: X.509 CA certificate, use ;binary' 263 EQUALITY certificateExactMatch 264 SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 ) 265# 266# Must be transferred using ;binary 267olcAttributeTypes: ( 2.5.4.38 NAME 'authorityRevocationList' 268 DESC 'RFC2256: X.509 authority revocation list, use ;binary' 269 SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) 270# 271# Must be transferred using ;binary 272olcAttributeTypes: ( 2.5.4.39 NAME 'certificateRevocationList' 273 DESC 'RFC2256: X.509 certificate revocation list, use ;binary' 274 SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) 275# 276# Must be stored and requested in the binary form 277olcAttributeTypes: ( 2.5.4.40 NAME 'crossCertificatePair' 278 DESC 'RFC2256: X.509 cross certificate pair, use ;binary' 279 SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 ) 280# 281# 2.5.4.41 is defined above as it's used for subtyping 282#olcAttributeTypes: ( 2.5.4.41 NAME 'name' 283# EQUALITY caseIgnoreMatch 284# SUBSTR caseIgnoreSubstringsMatch 285# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) 286# 287olcAttributeTypes: ( 2.5.4.42 NAME ( 'givenName' 'gn' ) 288 DESC 'RFC2256: first name(s) for which the entity is known by' 289 SUP name ) 290# 291olcAttributeTypes: ( 2.5.4.43 NAME 'initials' 292 DESC 'RFC2256: initials of some or all of names, but not the surname(s).' 293 SUP name ) 294# 295olcAttributeTypes: ( 2.5.4.44 NAME 'generationQualifier' 296 DESC 'RFC2256: name qualifier indicating a generation' 297 SUP name ) 298# 299olcAttributeTypes: ( 2.5.4.45 NAME 'x500UniqueIdentifier' 300 DESC 'RFC2256: X.500 unique identifier' 301 EQUALITY bitStringMatch 302 SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 ) 303# 304olcAttributeTypes: ( 2.5.4.46 NAME 'dnQualifier' 305 DESC 'RFC2256: DN qualifier' 306 EQUALITY caseIgnoreMatch 307 ORDERING caseIgnoreOrderingMatch 308 SUBSTR caseIgnoreSubstringsMatch 309 SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 ) 310# 311olcAttributeTypes: ( 2.5.4.47 NAME 'enhancedSearchGuide' 312 DESC 'RFC2256: enhanced search guide' 313 SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 ) 314# 315olcAttributeTypes: ( 2.5.4.48 NAME 'protocolInformation' 316 DESC 'RFC2256: protocol information' 317 EQUALITY protocolInformationMatch 318 SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 ) 319# 320# 2.5.4.49 is defined above as it's used for subtyping 321#olcAttributeTypes: ( 2.5.4.49 NAME 'distinguishedName' 322# EQUALITY distinguishedNameMatch 323# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) 324# 325olcAttributeTypes: ( 2.5.4.50 NAME 'uniqueMember' 326 DESC 'RFC2256: unique member of a group' 327 EQUALITY uniqueMemberMatch 328 SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 ) 329# 330olcAttributeTypes: ( 2.5.4.51 NAME 'houseIdentifier' 331 DESC 'RFC2256: house identifier' 332 EQUALITY caseIgnoreMatch 333 SUBSTR caseIgnoreSubstringsMatch 334 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) 335# 336# Must be transferred using ;binary 337olcAttributeTypes: ( 2.5.4.52 NAME 'supportedAlgorithms' 338 DESC 'RFC2256: supported algorithms' 339 SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 ) 340# 341# Must be transferred using ;binary 342olcAttributeTypes: ( 2.5.4.53 NAME 'deltaRevocationList' 343 DESC 'RFC2256: delta revocation list; use ;binary' 344 SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) 345# 346olcAttributeTypes: ( 2.5.4.54 NAME 'dmdName' 347 DESC 'RFC2256: name of DMD' 348 SUP name ) 349# 350olcAttributeTypes: ( 2.5.4.65 NAME 'pseudonym' 351 DESC 'X.520(4th): pseudonym for the object' 352 SUP name ) 353# 354# Standard object classes from RFC2256 355# 356# system schema 357#olcObjectClasses: ( 2.5.6.1 NAME 'alias' 358# DESC 'RFC2256: an alias' 359# SUP top STRUCTURAL 360# MUST aliasedObjectName ) 361# 362olcObjectClasses: ( 2.5.6.2 NAME 'country' 363 DESC 'RFC2256: a country' 364 SUP top STRUCTURAL 365 MUST c 366 MAY ( searchGuide $ description ) ) 367# 368olcObjectClasses: ( 2.5.6.3 NAME 'locality' 369 DESC 'RFC2256: a locality' 370 SUP top STRUCTURAL 371 MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) ) 372# 373olcObjectClasses: ( 2.5.6.4 NAME 'organization' 374 DESC 'RFC2256: an organization' 375 SUP top STRUCTURAL 376 MUST o 377 MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ 378 x121Address $ registeredAddress $ destinationIndicator $ 379 preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ 380 telephoneNumber $ internationaliSDNNumber $ 381 facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ 382 postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) ) 383# 384olcObjectClasses: ( 2.5.6.5 NAME 'organizationalUnit' 385 DESC 'RFC2256: an organizational unit' 386 SUP top STRUCTURAL 387 MUST ou 388 MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ 389 x121Address $ registeredAddress $ destinationIndicator $ 390 preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ 391 telephoneNumber $ internationaliSDNNumber $ 392 facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ 393 postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) ) 394# 395olcObjectClasses: ( 2.5.6.6 NAME 'person' 396 DESC 'RFC2256: a person' 397 SUP top STRUCTURAL 398 MUST ( sn $ cn ) 399 MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) ) 400# 401olcObjectClasses: ( 2.5.6.7 NAME 'organizationalPerson' 402 DESC 'RFC2256: an organizational person' 403 SUP person STRUCTURAL 404 MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $ 405 preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ 406 telephoneNumber $ internationaliSDNNumber $ 407 facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ 408 postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) ) 409# 410olcObjectClasses: ( 2.5.6.8 NAME 'organizationalRole' 411 DESC 'RFC2256: an organizational role' 412 SUP top STRUCTURAL 413 MUST cn 414 MAY ( x121Address $ registeredAddress $ destinationIndicator $ 415 preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ 416 telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ 417 seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $ 418 postOfficeBox $ postalCode $ postalAddress $ 419 physicalDeliveryOfficeName $ ou $ st $ l $ description ) ) 420# 421olcObjectClasses: ( 2.5.6.9 NAME 'groupOfNames' 422 DESC 'RFC2256: a group of names (DNs)' 423 SUP top STRUCTURAL 424 MUST ( member $ cn ) 425 MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) ) 426# 427olcObjectClasses: ( 2.5.6.10 NAME 'residentialPerson' 428 DESC 'RFC2256: an residential person' 429 SUP person STRUCTURAL 430 MUST l 431 MAY ( businessCategory $ x121Address $ registeredAddress $ 432 destinationIndicator $ preferredDeliveryMethod $ telexNumber $ 433 teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ 434 facsimileTelephoneNumber $ preferredDeliveryMethod $ street $ 435 postOfficeBox $ postalCode $ postalAddress $ 436 physicalDeliveryOfficeName $ st $ l ) ) 437# 438olcObjectClasses: ( 2.5.6.11 NAME 'applicationProcess' 439 DESC 'RFC2256: an application process' 440 SUP top STRUCTURAL 441 MUST cn 442 MAY ( seeAlso $ ou $ l $ description ) ) 443# 444olcObjectClasses: ( 2.5.6.12 NAME 'applicationEntity' 445 DESC 'RFC2256: an application entity' 446 SUP top STRUCTURAL 447 MUST ( presentationAddress $ cn ) 448 MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $ 449 description ) ) 450# 451olcObjectClasses: ( 2.5.6.13 NAME 'dSA' 452 DESC 'RFC2256: a directory system agent (a server)' 453 SUP applicationEntity STRUCTURAL 454 MAY knowledgeInformation ) 455# 456olcObjectClasses: ( 2.5.6.14 NAME 'device' 457 DESC 'RFC2256: a device' 458 SUP top STRUCTURAL 459 MUST cn 460 MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) ) 461# 462olcObjectClasses: ( 2.5.6.15 NAME 'strongAuthenticationUser' 463 DESC 'RFC2256: a strong authentication user' 464 SUP top AUXILIARY 465 MUST userCertificate ) 466# 467olcObjectClasses: ( 2.5.6.16 NAME 'certificationAuthority' 468 DESC 'RFC2256: a certificate authority' 469 SUP top AUXILIARY 470 MUST ( authorityRevocationList $ certificateRevocationList $ 471 cACertificate ) MAY crossCertificatePair ) 472# 473olcObjectClasses: ( 2.5.6.17 NAME 'groupOfUniqueNames' 474 DESC 'RFC2256: a group of unique names (DN and Unique Identifier)' 475 SUP top STRUCTURAL 476 MUST ( uniqueMember $ cn ) 477 MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) ) 478# 479olcObjectClasses: ( 2.5.6.18 NAME 'userSecurityInformation' 480 DESC 'RFC2256: a user security information' 481 SUP top AUXILIARY 482 MAY ( supportedAlgorithms ) ) 483# 484olcObjectClasses: ( 2.5.6.16.2 NAME 'certificationAuthority-V2' 485 SUP certificationAuthority 486 AUXILIARY MAY ( deltaRevocationList ) ) 487# 488olcObjectClasses: ( 2.5.6.19 NAME 'cRLDistributionPoint' 489 SUP top STRUCTURAL 490 MUST ( cn ) 491 MAY ( certificateRevocationList $ authorityRevocationList $ 492 deltaRevocationList ) ) 493# 494olcObjectClasses: ( 2.5.6.20 NAME 'dmd' 495 SUP top STRUCTURAL 496 MUST ( dmdName ) 497 MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ 498 x121Address $ registeredAddress $ destinationIndicator $ 499 preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ 500 telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ 501 street $ postOfficeBox $ postalCode $ postalAddress $ 502 physicalDeliveryOfficeName $ st $ l $ description ) ) 503# 504# 505# Object Classes from RFC 2587 506# 507olcObjectClasses: ( 2.5.6.21 NAME 'pkiUser' 508 DESC 'RFC2587: a PKI user' 509 SUP top AUXILIARY 510 MAY userCertificate ) 511# 512olcObjectClasses: ( 2.5.6.22 NAME 'pkiCA' 513 DESC 'RFC2587: PKI certificate authority' 514 SUP top AUXILIARY 515 MAY ( authorityRevocationList $ certificateRevocationList $ 516 cACertificate $ crossCertificatePair ) ) 517# 518olcObjectClasses: ( 2.5.6.23 NAME 'deltaCRL' 519 DESC 'RFC2587: PKI user' 520 SUP top AUXILIARY 521 MAY deltaRevocationList ) 522# 523# 524# Standard Track URI label schema from RFC 2079 525# system schema 526#olcAttributeTypes: ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI' 527# DESC 'RFC2079: Uniform Resource Identifier with optional label' 528# EQUALITY caseExactMatch 529# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 530# 531olcObjectClasses: ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject' 532 DESC 'RFC2079: object that contains the URI attribute type' 533 MAY ( labeledURI ) 534 SUP top AUXILIARY ) 535# 536# 537# Derived from RFC 1274, but with new "short names" 538# 539#olcAttributeTypes: ( 0.9.2342.19200300.100.1.1 540# NAME ( 'uid' 'userid' ) 541# DESC 'RFC1274: user identifier' 542# EQUALITY caseIgnoreMatch 543# SUBSTR caseIgnoreSubstringsMatch 544# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) 545# 546olcAttributeTypes: ( 0.9.2342.19200300.100.1.3 547 NAME ( 'mail' 'rfc822Mailbox' ) 548 DESC 'RFC1274: RFC822 Mailbox' 549 EQUALITY caseIgnoreIA5Match 550 SUBSTR caseIgnoreIA5SubstringsMatch 551 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) 552# 553olcObjectClasses: ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject' 554 DESC 'RFC1274: simple security object' 555 SUP top AUXILIARY 556 MUST userPassword ) 557# 558# RFC 1274 + RFC 2247 559olcAttributeTypes: ( 0.9.2342.19200300.100.1.25 560 NAME ( 'dc' 'domainComponent' ) 561 DESC 'RFC1274/2247: domain component' 562 EQUALITY caseIgnoreIA5Match 563 SUBSTR caseIgnoreIA5SubstringsMatch 564 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) 565# 566# RFC 2247 567olcObjectClasses: ( 1.3.6.1.4.1.1466.344 NAME 'dcObject' 568 DESC 'RFC2247: domain component object' 569 SUP top AUXILIARY MUST dc ) 570# 571# RFC 2377 572olcObjectClasses: ( 1.3.6.1.1.3.1 NAME 'uidObject' 573 DESC 'RFC2377: uid object' 574 SUP top AUXILIARY MUST uid ) 575# 576# From COSINE Pilot 577olcAttributeTypes: ( 0.9.2342.19200300.100.1.37 578 NAME 'associatedDomain' 579 DESC 'RFC1274: domain associated with object' 580 EQUALITY caseIgnoreIA5Match 581 SUBSTR caseIgnoreIA5SubstringsMatch 582 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 583# 584# RFC 2459 -- deprecated in favor of 'mail' (in cosine.schema) 585olcAttributeTypes: ( 1.2.840.113549.1.9.1 586 NAME ( 'email' 'emailAddress' 'pkcs9email' ) 587 DESC 'RFC3280: legacy attribute for email addresses in DNs' 588 EQUALITY caseIgnoreIA5Match 589 SUBSTR caseIgnoreIA5SubstringsMatch 590 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) 591# 592