From 00bb2e68c5ac3e2a70a49816839468e8bb10b12d Mon Sep 17 00:00:00 2001 From: osixia Date: Tue, 3 Mar 2015 15:32:21 +0100 Subject: [PATCH 01/19] Delete Dockerfile --- Dockerfile | 47 ----------------------------------------------- 1 file changed, 47 deletions(-) delete mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index e02136d4..00000000 --- a/Dockerfile +++ /dev/null @@ -1,47 +0,0 @@ -FROM osixia/baseimage:0.6.0 -MAINTAINER Bertrand Gouny - -# From Nick Stenning's work -# https://github.com/nickstenning/docker-slapd - -# Default configuration: can be overridden at the docker command line -ENV LDAP_ADMIN_PWD toor -ENV LDAP_ORGANISATION Example Inc. -ENV LDAP_DOMAIN example.com - -# /!\ To store the data outside the container, -# mount /var/lib/ldap and /etc/ldap/slapd.d as a data volume add -# -v /some/host/directory:/var/lib/ldap and -v /some/other/host/directory:/etc/ldap/slapd.d -# to the run command - -# Disable SSH -# RUN rm -rf /etc/service/sshd /etc/my_init.d/00_regen_ssh_host_keys.sh - -# Enable dnsmasq -RUN /sbin/enable-service dnsmasq - -# Use baseimage-docker's init system. -CMD ["/sbin/my_init"] - -# Resynchronize the package index files from their sources -RUN apt-get -y update - -# Install openldap (slapd) and ldap-utils -RUN LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends slapd ldap-utils openssl - -# Expose ldap default port -EXPOSE 389 - -# Create TLS certificats directory -RUN mkdir /etc/ldap/ssl - -# Add config directory -RUN mkdir /etc/ldap/config -ADD service/slapd/config /etc/ldap/config - -# Add slapd deamon -RUN mkdir /etc/service/slapd -ADD service/slapd/slapd.sh /etc/service/slapd/run - -# Clear out the local repository of retrieved package files -RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* From 6831afe6d1e8873651082f98bc7b8d52d1d462c3 Mon Sep 17 00:00:00 2001 From: osixia Date: Tue, 3 Mar 2015 15:32:27 +0100 Subject: [PATCH 02/19] Delete test-repository.sh --- test-repository.sh | 15 --------------- 1 file changed, 15 deletions(-) delete mode 100755 test-repository.sh diff --git a/test-repository.sh b/test-repository.sh deleted file mode 100755 index 5d311161..00000000 --- a/test-repository.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/sh - -# Usage -# sudo ./test.sh -# add -v for verbose mode (or type whatever you like !) :p - -. test/config-repository -. test/tools/run.sh - -run_test simple.sh "dn: dc=example,dc=com" -run_test tls.sh "dn: dc=example,dc=com" -run_test db.sh "dn: dc=otherdomain,dc=com" - -. test/tools/end.sh - From de91fe043c33708cd570e1fc5bb05d5b190d072d Mon Sep 17 00:00:00 2001 From: osixia Date: Tue, 3 Mar 2015 15:32:31 +0100 Subject: [PATCH 03/19] Delete test.sh --- test.sh | 16 ---------------- 1 file changed, 16 deletions(-) delete mode 100755 test.sh diff --git a/test.sh b/test.sh deleted file mode 100755 index 4daa2d33..00000000 --- a/test.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/sh - -# Usage -# sudo ./test.sh -# add -v for verbose mode (or type whatever you like !) :p - -. test/config -. test/tools/run.sh - -run_test tools/build-container.sh "Successfully built" -run_test simple.sh "dn: dc=example,dc=com" -run_test tls.sh "dn: dc=example,dc=com" -run_test db.sh "dn: dc=otherdomain,dc=com" - -. test/tools/end.sh - From 1283a3b43969eb17f828ac7120a7a36cb469edb1 Mon Sep 17 00:00:00 2001 From: Bertrand Gouny Date: Tue, 3 Mar 2015 16:05:14 +0100 Subject: [PATCH 04/19] rm old dir --- service/slapd/config/auto/tls.ldif | 17 ------ service/slapd/config/logging.ldif | 4 -- service/slapd/slapd.sh | 89 ------------------------------ 3 files changed, 110 deletions(-) delete mode 100644 service/slapd/config/auto/tls.ldif delete mode 100644 service/slapd/config/logging.ldif delete mode 100755 service/slapd/slapd.sh diff --git a/service/slapd/config/auto/tls.ldif b/service/slapd/config/auto/tls.ldif deleted file mode 100644 index 55fb4efc..00000000 --- a/service/slapd/config/auto/tls.ldif +++ /dev/null @@ -1,17 +0,0 @@ -dn: cn=config -changetype: modify -replace: olcTLSCACertificateFile -olcTLSCACertificateFile: /etc/ldap/ssl/ca.crt -- -replace: olcTLSCertificateFile -olcTLSCertificateFile: /etc/ldap/ssl/ldap.crt -- -replace: olcTLSCertificateKeyFile -olcTLSCertificateKeyFile: /etc/ldap/ssl/ldap.key -- -replace: olcTLSDHParamFile -olcTLSDHParamFile: /etc/ldap/ssl/dhparam.pem -- -replace: olcTLSVerifyClient -olcTLSVerifyClient: never - diff --git a/service/slapd/config/logging.ldif b/service/slapd/config/logging.ldif deleted file mode 100644 index 5494c101..00000000 --- a/service/slapd/config/logging.ldif +++ /dev/null @@ -1,4 +0,0 @@ -dn: cn=config -changetype: modify -replace: olcLogLevel -olcLogLevel: stats diff --git a/service/slapd/slapd.sh b/service/slapd/slapd.sh deleted file mode 100755 index 1e8a3093..00000000 --- a/service/slapd/slapd.sh +++ /dev/null @@ -1,89 +0,0 @@ -#!/bin/sh - -set -eu - -status () { - echo "---> ${@}" >&2 -} - - -set -x -: LDAP_ADMIN_PWD=${LDAP_ADMIN_PWD} -: LDAP_DOMAIN=${LDAP_DOMAIN} -: LDAP_ORGANISATION=${LDAP_ORGANISATION} - - -############ Base config ############ -if [ ! -e /var/lib/ldap/docker_bootstrapped ]; then - status "configuring slapd database" - - cat <> /etc/dhosts - - fi - - # Replication - # todo :) - - # Other config files - for f in $(find /etc/ldap/config -maxdepth 1 -name \*.ldif -type f); do - status "Processing file ${f}" - ldapmodify -Y EXTERNAL -H ldapi:/// -f $f -Q - done - - kill -INT `cat /run/slapd/slapd.pid` - - touch /etc/ldap/config/docker_bootstrapped - -else - status "found already-configured slapd" -fi - -status "starting slapd on default port 389" -set -x - -exec /usr/sbin/slapd -h "ldap:///" -u openldap -g openldap -d -1 From 31c552fd1b982212a044f90c72d8b6ff08d7846b Mon Sep 17 00:00:00 2001 From: osixia Date: Wed, 4 Mar 2015 16:06:04 +0100 Subject: [PATCH 05/19] Update README.md --- README.md | 160 +++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 157 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 5d7a5a0d..a625e4b2 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,162 @@ -# docker-openldap +# osixia/openldap + +A docker image to run OpenLDAP. +> [www.openldap.org](http://www.openldap.org/) Fork of Nick Stenning docker-slapd : https://github.com/nickstenning/docker-slapd -Add support of tls. +Add support of tls. Use docker 1.5.0 + +## Quick start +Run OpenLDAP docker image : + + docker run -d osixia/openldap + +This start a new container with a OpenLDAP server running inside. +The odd string printed by this command is the `CONTAINER_ID`. +We are going to use this `CONTAINER_ID` to execute some commands inside the container. + +Wait 1 or 2 minutes the container startup to be completed. + +Then run a terminal on this container, +make sure to replace `CONTAINER_ID` by your container id : + + docker exec -it CONTAINER_ID bash + +You should now be in the container terminal, +and we can search on the ldap server : + + ldapsearch -x -h 127.0.0.1 -b dc=example,dc=org + +This should output : + + # extended LDIF + # + # LDAPv3 + # base with scope subtree + # filter: (objectclass=*) + # requesting: ALL + # + + [...] + + # numResponses: 3 + # numEntries: 2 + +if you have the following error, OpenLDAP is not started yet, wait some time. + + ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) + + +## Examples + +### Create new ldap server + +This is the default behaviour when you run the image. +It will create an empty ldap for the compagny **Example Inc.** and the domain **example.org**. + +By default the admin has the password **admin**. All those default settings can be changed at the docker command line, for example : + + docker run -e LDAP_ORGANISATION="My Compagny" -e LDAP_DOMAIN="my-compagny.com" \ + -e LDAP_ADMIN_PASSWORD="JonSn0w" -d osixia/openldap + +#### Data persitance + +The directories `/var/lib/ldap` (LDAP database files) and `/etc/ldap/slapd.d` (LDAP config files) has been declared as volumes, so your ldap files are saved outside the container in data volumes. + +This mean that you can stop, and restart the container and get back your ldap without losing any data. But if you remove the container, data volumes will me removed too, except if you have linked this data volume to an other container. + +For more information about docker data volume, please refer to : + +> [https://docs.docker.com/userguide/dockervolumes/](https://docs.docker.com/userguide/dockervolumes/) + + +### Use an existing ldap database + +This can be achieved by mounting host directories as volume. +Assuming you have a LDAP database on your docker host in the directory `/data/slapd/database` +and the corresponding LDAP config files on your docker host in the directory `/data/slapd/config` +simply mount this directories as a volume to `/var/lib/ldap` and `/etc/ldap/slapd.d`: + + docker run -v /data/slapd/database:/var/lib/ldap \ + -v /data/slapd/config:/etc/ldap/slapd.d + -d osixia/openldap + +### Using TLS + +#### Use autogenerated certificate +By default TLS is enable, a certificate is created for the CN (common name) ldap.example.org. To work properly on your server adjust SERVER_NAME environment variable to match the ldap server CN. + + docker run -e SERVER_NAME=ldap.my-compagny.com -d osixia/openldap + +#### Use your own certificate + +Add your custom certificate, private key and CA certificate in the directory **image/service/slapd/assets/ssl** adjust filename in **image/env.yml** and rebuild the image ([see manual build](#manual-build)). + +Or you can set your custom certificate at run time, by mouting your a directory containing thoses files to **/osixia/slapd/ssl** and adjust there name with the following environment variables : + + docker run -v /path/to/certifates:/osixia/slapd/ssl \ + -e SSL_CRT_FILENAME=my-ldap.crt \ + -e SSL_KEY_FILENAME=my-ldap.key \ + -e SSL_CA_CRT_FILENAME=the-ca.crt \ + -d osixia/mariadb + +## Environment Variables + +Environement variables defaults are set in **image/env.yml**. You can modify environment variable values directly in this file and rebuild the image ([see manual build](#manual-build)) or you can override those values at run time with -e argument. See example below. + +Required for new ldap server : +- **LDAP_ORGANISATION**: Organisation name. Defaults to `Example Inc.` +- **LDAP_DOMAIN**: Ldap domain. Defaults to `example.org` +- **LDAP_ADMIN_PASSWORD** Admin password. Defaults to `admin` + +TLS options : +- **USE_TLS**: Add openldap TLS capabilities. Defaults to `true` +- **SSL_CRT_FILENAME**: Ldap ssl certificate filename. Defaults to `ldap.crt` +- **SSL_KEY_FILENAME**: Ldap ssl certificate private key filename. Defaults to `ldap.key` +- **SSL_CA_CRT_FILENAME**: Ldap ssl CA certificate filename. Defaults to `ca.crt` +- **SERVER_NAME**: Use by autogenerated certificate: Server CN. Defaults to `ldap.example.org` + +### Set environment variables at run time : + +Environment variable can be set directly by adding the -e argument in the command line, for example : + + docker run -e LDAP_ORGANISATION="My Compagny" -e LDAP_DOMAIN="my-compagny.com" \ + -e LDAP_ADMIN_PASSWORD="JonSn0w" -d osixia/openldap + +## Manual build + +Clone this project : + + git clone https://github.com/osixia/docker-openldap + cd docker-mariadb + +Adapt Makefile, set your image NAME and VERSION, for example : + + NAME = osixia/openldap + VERSION = 0.10.0 + + becomes : + NAME = billy-the-king/openldap + VERSION = 0.1.0 + +Build your image : + + make build + +Run your image : + + docker run -d billy-the-king/openldap:0.1.0 + +## Tests + +We use **Bats** (Bash Automated Testing System) to test this image: + +> [https://github.com/sstephenson/bats](https://github.com/sstephenson/bats) + +Install Bats, and in this project directory run : + + make test -Use docker 1.5.0 \ No newline at end of file + From f43c1e91e95f74e86967ef5a8d71a1591e9f4502 Mon Sep 17 00:00:00 2001 From: osixia Date: Wed, 4 Mar 2015 16:07:19 +0100 Subject: [PATCH 06/19] Update README.md --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index a625e4b2..07e57c53 100644 --- a/README.md +++ b/README.md @@ -83,6 +83,9 @@ simply mount this directories as a volume to `/var/lib/ldap` and `/etc/ldap/slap -v /data/slapd/config:/etc/ldap/slapd.d -d osixia/openldap +You can also use data volume containers. Please refer to : +> [https://docs.docker.com/userguide/dockervolumes/](https://docs.docker.com/userguide/dockervolumes/) + ### Using TLS #### Use autogenerated certificate From 9381fd86fcee02a999ee1191806cf9694c11573d Mon Sep 17 00:00:00 2001 From: osixia Date: Fri, 6 Mar 2015 14:49:52 +0100 Subject: [PATCH 07/19] Update README.md --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 07e57c53..70282e1c 100644 --- a/README.md +++ b/README.md @@ -105,6 +105,10 @@ Or you can set your custom certificate at run time, by mouting your a directory -e SSL_CA_CRT_FILENAME=the-ca.crt \ -d osixia/mariadb +## Administrate your ldap server +If you are looking for a simple solution to administrate your ldap server you can take a look at our phpLDAPadmin docker image : +> [osixia/phpldapadmin](https://github.com/osixia/docker-phpLDAPadmin) + ## Environment Variables Environement variables defaults are set in **image/env.yml**. You can modify environment variable values directly in this file and rebuild the image ([see manual build](#manual-build)) or you can override those values at run time with -e argument. See example below. From 7b73341fc6fc9f09f711268b948bbb83f7ab78c4 Mon Sep 17 00:00:00 2001 From: osixia Date: Fri, 6 Mar 2015 15:08:06 +0100 Subject: [PATCH 08/19] Update README.md --- README.md | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 70282e1c..ce235c63 100644 --- a/README.md +++ b/README.md @@ -103,7 +103,12 @@ Or you can set your custom certificate at run time, by mouting your a directory -e SSL_CRT_FILENAME=my-ldap.crt \ -e SSL_KEY_FILENAME=my-ldap.key \ -e SSL_CA_CRT_FILENAME=the-ca.crt \ - -d osixia/mariadb + -d osixia/openldap + +#### Disable TLS +Add -e USE_TLS=false to the run command : + + docker run -e USE_TLS=false -d osixia/openldap ## Administrate your ldap server If you are looking for a simple solution to administrate your ldap server you can take a look at our phpLDAPadmin docker image : @@ -137,7 +142,7 @@ Environment variable can be set directly by adding the -e argument in the comman Clone this project : git clone https://github.com/osixia/docker-openldap - cd docker-mariadb + cd docker-openldap Adapt Makefile, set your image NAME and VERSION, for example : From a2ea38093681e432daf15aca356506b4b3ab05f5 Mon Sep 17 00:00:00 2001 From: Bertrand Gouny Date: Wed, 18 Mar 2015 10:28:12 +0100 Subject: [PATCH 09/19] [twgit] Init hotfix 'hotfix-0.10.1'. From 54e16cc96dcabb0f3e8ccaa1a462f2673d817cfa Mon Sep 17 00:00:00 2001 From: Bertrand Gouny Date: Wed, 18 Mar 2015 16:46:01 +0100 Subject: [PATCH 10/19] custom ldap schema --- CHANGELOG.md | 4 + Makefile | 2 +- image/env.yml | 2 +- image/service/slapd/assets/schema-to-ldif.sh | 50 ++ .../service/slapd/assets/schema/mmc/README.md | 1 + .../slapd/assets/schema/mmc/dhcp.schema | 466 ++++++++++++++ .../slapd/assets/schema/mmc/dnszone.schema | 155 +++++ .../slapd/assets/schema/mmc/mail.schema | 128 ++++ .../slapd/assets/schema/mmc/mmc.schema | 31 + .../assets/schema/mmc/openssh-lpk.schema | 19 + .../slapd/assets/schema/mmc/quota.schema | 29 + .../slapd/assets/schema/mmc/radius.schema | 589 ++++++++++++++++++ .../slapd/assets/schema/mmc/samba.schema | 554 ++++++++++++++++ .../slapd/assets/schema/mmc/zarafa.schema | 300 +++++++++ image/service/slapd/container-start.sh | 21 +- image/service/slapd/daemon.sh | 2 +- 16 files changed, 2347 insertions(+), 6 deletions(-) create mode 100755 image/service/slapd/assets/schema-to-ldif.sh create mode 100644 image/service/slapd/assets/schema/mmc/README.md create mode 100644 image/service/slapd/assets/schema/mmc/dhcp.schema create mode 100644 image/service/slapd/assets/schema/mmc/dnszone.schema create mode 100644 image/service/slapd/assets/schema/mmc/mail.schema create mode 100644 image/service/slapd/assets/schema/mmc/mmc.schema create mode 100644 image/service/slapd/assets/schema/mmc/openssh-lpk.schema create mode 100644 image/service/slapd/assets/schema/mmc/quota.schema create mode 100644 image/service/slapd/assets/schema/mmc/radius.schema create mode 100644 image/service/slapd/assets/schema/mmc/samba.schema create mode 100644 image/service/slapd/assets/schema/mmc/zarafa.schema diff --git a/CHANGELOG.md b/CHANGELOG.md index ed938586..e5380ec6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,2 +1,6 @@ +## 0.10.1 (release date: 2015-03-18) + - Add ldapi + - Add custom ldap schema + ## 0.10.0 (release date: 2015-03-03) - New version initial release \ No newline at end of file diff --git a/Makefile b/Makefile index 7b690410..3a1592f6 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,5 @@ NAME = osixia/openldap -VERSION = 0.10.0 +VERSION = 0.10.1 .PHONY: all build test tag_latest release diff --git a/image/env.yml b/image/env.yml index ef0e574b..40b0b934 100644 --- a/image/env.yml +++ b/image/env.yml @@ -4,7 +4,7 @@ LDAP_ADMIN_PASSWORD: admin SERVER_NAME: ldap.example.org -USE_TLS: true +USE_TLS: false SSL_CRT_FILENAME: ldap.crt SSL_KEY_FILENAME: ldap.key SSL_CA_CRT_FILENAME: ca.crt \ No newline at end of file diff --git a/image/service/slapd/assets/schema-to-ldif.sh b/image/service/slapd/assets/schema-to-ldif.sh new file mode 100755 index 00000000..9538126b --- /dev/null +++ b/image/service/slapd/assets/schema-to-ldif.sh @@ -0,0 +1,50 @@ +#!/bin/bash + +SCHEMAS=$1 + +tmpd=`mktemp -d` +pushd ${tmpd} >>/dev/null + +echo "include /etc/ldap/schema/core.schema" >> convert.dat +echo "include /etc/ldap/schema/cosine.schema" >> convert.dat +echo "include /etc/ldap/schema/nis.schema" >> convert.dat +echo "include /etc/ldap/schema/inetorgperson.schema" >> convert.dat + +for schema in ${SCHEMAS} ; do + echo "include ${schema}" >> convert.dat +done + +slaptest -f convert.dat -F . + +if [ $? -ne 0 ] ; then + echo "slaptest conversion failed" + exit +fi + +for schema in ${SCHEMAS} ; do + fullpath=${schema} + schema_name=`basename ${fullpath} .schema` + schema_dir=`dirname ${fullpath}` + ldif_file=${schema_name}.ldif + + find . -name *${schema_name}.ldif -exec mv '{}' ./${ldif_file} \; + + # TODO: these sed invocations could all be combined + sed -i "/dn:/ c dn: cn=${schema_name},cn=schema,cn=config" ${ldif_file} + sed -i "/cn:/ c cn: ${schema_name}" ${ldif_file} + sed -i '/structuralObjectClass/ d' ${ldif_file} + sed -i '/entryUUID/ d' ${ldif_file} + sed -i '/creatorsName/ d' ${ldif_file} + sed -i '/createTimestamp/ d' ${ldif_file} + sed -i '/entryCSN/ d' ${ldif_file} + sed -i '/modifiersName/ d' ${ldif_file} + sed -i '/modifyTimestamp/ d' ${ldif_file} + + # slapd seems to be very sensitive to how a file ends. There should be no blank lines. + sed -i '/^ *$/d' ${ldif_file} + + mv ${ldif_file} ${schema_dir} +done + +popd >>/dev/null +rm -rf $tmpd \ No newline at end of file diff --git a/image/service/slapd/assets/schema/mmc/README.md b/image/service/slapd/assets/schema/mmc/README.md new file mode 100644 index 00000000..ce426b5f --- /dev/null +++ b/image/service/slapd/assets/schema/mmc/README.md @@ -0,0 +1 @@ +Mandriva Management Console (MMC) ldap schemas, delete the forlder if not needed ;) \ No newline at end of file diff --git a/image/service/slapd/assets/schema/mmc/dhcp.schema b/image/service/slapd/assets/schema/mmc/dhcp.schema new file mode 100644 index 00000000..233d5b6e --- /dev/null +++ b/image/service/slapd/assets/schema/mmc/dhcp.schema @@ -0,0 +1,466 @@ +attributetype ( 2.16.840.1.113719.1.203.4.1 + NAME 'dhcpPrimaryDN' + EQUALITY distinguishedNameMatch + DESC 'The DN of the dhcpServer which is the primary server for the configuration.' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) + +attributetype ( 2.16.840.1.113719.1.203.4.2 + NAME 'dhcpSecondaryDN' + EQUALITY distinguishedNameMatch + DESC 'The DN of dhcpServer(s) which provide backup service for the configuration.' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) + +attributetype ( 2.16.840.1.113719.1.203.4.3 + NAME 'dhcpStatements' + EQUALITY caseIgnoreIA5Match + DESC 'Flexible storage for specific data depending on what object this exists in. Like conditional statements, server parameters, etc. This allows the standard to evolve without needing to adjust the schema.' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 2.16.840.1.113719.1.203.4.4 + NAME 'dhcpRange' + EQUALITY caseIgnoreIA5Match + DESC 'The starting & ending IP Addresses in the range (inclusive), separated by a hyphen; if the range only contains one address, then just the address can be specified with no hyphen. Each range is defined as a separate value.' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 2.16.840.1.113719.1.203.4.5 + NAME 'dhcpPermitList' + EQUALITY caseIgnoreIA5Match + DESC 'This attribute contains the permit lists associated with a pool. Each permit list is defined as a separate value.' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 2.16.840.1.113719.1.203.4.6 + NAME 'dhcpNetMask' + EQUALITY integerMatch + DESC 'The subnet mask length for the subnet. The mask can be easily computed from this length.' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 2.16.840.1.113719.1.203.4.7 + NAME 'dhcpOption' + EQUALITY caseIgnoreIA5Match + DESC 'Encoded option values to be sent to clients. Each value represents a single option and contains (OptionTag, Length, OptionValue) encoded in the format used by DHCP.' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 2.16.840.1.113719.1.203.4.8 + NAME 'dhcpClassData' + EQUALITY caseIgnoreIA5Match + DESC 'Encoded text string or list of bytes expressed in hexadecimal, separated by colons. Clients match subclasses based on matching the class data with the results of match or spawn with statements in the class name declarations.' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +attributetype ( 2.16.840.1.113719.1.203.4.9 + NAME 'dhcpOptionsDN' + EQUALITY distinguishedNameMatch + DESC 'The distinguished name(s) of the dhcpOption objects containing the configuration options provided by the server.' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) + +attributetype ( 2.16.840.1.113719.1.203.4.10 + NAME 'dhcpHostDN' + EQUALITY distinguishedNameMatch + DESC 'the distinguished name(s) of the dhcpHost objects.' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) + +attributetype ( 2.16.840.1.113719.1.203.4.11 + NAME 'dhcpPoolDN' + EQUALITY distinguishedNameMatch + DESC 'The distinguished name(s) of pools.' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) + +attributetype ( 2.16.840.1.113719.1.203.4.12 + NAME 'dhcpGroupDN' + EQUALITY distinguishedNameMatch + DESC 'The distinguished name(s) of the groups.' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) + +attributetype ( 2.16.840.1.113719.1.203.4.13 + NAME 'dhcpSubnetDN' + EQUALITY distinguishedNameMatch + DESC 'The distinguished name(s) of the subnets.' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) + +attributetype ( 2.16.840.1.113719.1.203.4.14 + NAME 'dhcpLeaseDN' + EQUALITY distinguishedNameMatch + DESC 'The distinguished name of a client address.' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE) + +attributetype ( 2.16.840.1.113719.1.203.4.15 + NAME 'dhcpLeasesDN' + DESC 'The distinguished name(s) client addresses.' + EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) + +attributetype ( 2.16.840.1.113719.1.203.4.16 + NAME 'dhcpClassesDN' + EQUALITY distinguishedNameMatch + DESC 'The distinguished name(s) of a class(es) in a subclass.' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) + +attributetype ( 2.16.840.1.113719.1.203.4.17 + NAME 'dhcpSubclassesDN' + EQUALITY distinguishedNameMatch + DESC 'The distinguished name(s) of subclass(es).' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) + +attributetype ( 2.16.840.1.113719.1.203.4.18 + NAME 'dhcpSharedNetworkDN' + EQUALITY distinguishedNameMatch + DESC 'The distinguished name(s) of sharedNetworks.' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) + +attributetype ( 2.16.840.1.113719.1.203.4.19 + NAME 'dhcpServiceDN' + EQUALITY distinguishedNameMatch + DESC 'The DN of dhcpService object(s)which contain the configuration information. Each dhcpServer object has this attribute identifying the DHCP configuration(s) that the server is associated with.' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) + +attributetype ( 2.16.840.1.113719.1.203.4.20 + NAME 'dhcpVersion' + DESC 'The version attribute of this object.' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +attributetype ( 2.16.840.1.113719.1.203.4.21 + NAME 'dhcpImplementation' + EQUALITY caseIgnoreIA5Match + DESC 'Description of the DHCP Server implementation e.g. DHCP Servers vendor.' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +attributetype ( 2.16.840.1.113719.1.203.4.22 + NAME 'dhcpAddressState' + EQUALITY caseIgnoreIA5Match + DESC 'This stores information about the current binding-status of an address. For dynamic addresses managed by DHCP, the values should be restricted to the following: "FREE", "ACTIVE", "EXPIRED", "RELEASED", "RESET", "ABANDONED", "BACKUP". For other addresses, it SHOULD be one of the following: "UNKNOWN", "RESERVED" (an address that is managed by DHCP that is reserved for a specific client), "RESERVED-ACTIVE" (same as reserved, but address is currently in use), "ASSIGNED" (assigned manually or by some other mechanism), "UNASSIGNED", "NOTASSIGNABLE".' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +attributetype ( 2.16.840.1.113719.1.203.4.23 + NAME 'dhcpExpirationTime' + EQUALITY generalizedTimeMatch + DESC 'This is the time the current lease for an address expires.' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) + +attributetype ( 2.16.840.1.113719.1.203.4.24 + NAME 'dhcpStartTimeOfState' + EQUALITY generalizedTimeMatch + DESC 'This is the time of the last state change for a leased address.' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) + +attributetype ( 2.16.840.1.113719.1.203.4.25 + NAME 'dhcpLastTransactionTime' + EQUALITY generalizedTimeMatch + DESC 'This is the last time a valid DHCP packet was received from the client.' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) + +attributetype ( 2.16.840.1.113719.1.203.4.26 + NAME 'dhcpBootpFlag' + EQUALITY booleanMatch + DESC 'This indicates whether the address was assigned via BOOTP.' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) + +attributetype ( 2.16.840.1.113719.1.203.4.27 + NAME 'dhcpDomainName' + EQUALITY caseIgnoreIA5Match + DESC 'This is the name of the domain sent to the client by the server. It is essentially the same as the value for DHCP option 15 sent to the client, and represents only the domain - not the full FQDN. To obtain the full FQDN assigned to the client you must prepend the "dhcpAssignedHostName" to this value with a ".".' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +attributetype ( 2.16.840.1.113719.1.203.4.28 + NAME 'dhcpDnsStatus' + EQUALITY integerMatch + DESC 'This indicates the status of updating DNS resource records on behalf of the client by the DHCP server for this address. The value is a 16-bit bitmask.' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 2.16.840.1.113719.1.203.4.29 + NAME 'dhcpRequestedHostName' + EQUALITY caseIgnoreIA5Match + DESC 'This is the hostname that was requested by the client.' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +attributetype ( 2.16.840.1.113719.1.203.4.30 + NAME 'dhcpAssignedHostName' + EQUALITY caseIgnoreIA5Match + DESC 'This is the actual hostname that was assigned to a client. It may not be the name that was requested by the client. The fully qualified domain name can be determined by appending the value of "dhcpDomainName" (with a dot separator) to this name.' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +attributetype ( 2.16.840.1.113719.1.203.4.31 + NAME 'dhcpReservedForClient' + EQUALITY distinguishedNameMatch + DESC 'The distinguished name of a "dhcpClient" that an address is reserved for. This may not be the same as the "dhcpAssignedToClient" attribute if the address is being reassigned but the current lease has not yet expired.' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) + +attributetype ( 2.16.840.1.113719.1.203.4.32 + NAME 'dhcpAssignedToClient' + EQUALITY distinguishedNameMatch + DESC 'This is the distinguished name of a "dhcpClient" that an address is currently assigned to. This attribute is only present in the class when the address is leased.' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) + +attributetype ( 2.16.840.1.113719.1.203.4.33 + NAME 'dhcpRelayAgentInfo' + EQUALITY octetStringMatch + DESC 'If the client request was received via a relay agent, this contains information about the relay agent that was available from the DHCP request. This is a hex-encoded option value.' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) + +attributetype ( 2.16.840.1.113719.1.203.4.34 + NAME 'dhcpHWAddress' + EQUALITY caseIgnoreIA5Match + DESC 'The clients hardware address that requested this IP address.' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +attributetype ( 2.16.840.1.113719.1.203.4.35 + NAME 'dhcpHashBucketAssignment' + EQUALITY octetStringMatch + DESC 'HashBucketAssignment bit map for the DHCP Server, as defined in DHC Load Balancing Algorithm [RFC 3074].' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) + +attributetype ( 2.16.840.1.113719.1.203.4.36 + NAME 'dhcpDelayedServiceParameter' + EQUALITY integerMatch + DESC 'Delay in seconds corresponding to Delayed Service Parameter configuration, as defined in DHC Load Balancing Algorithm [RFC 3074]. ' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 2.16.840.1.113719.1.203.4.37 + NAME 'dhcpMaxClientLeadTime' + EQUALITY integerMatch + DESC 'Maximum Client Lead Time configuration in seconds, as defined in DHCP Failover Protocol [FAILOVR]' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 2.16.840.1.113719.1.203.4.38 + NAME 'dhcpFailOverEndpointState' + EQUALITY caseIgnoreIA5Match + DESC 'Server (Failover Endpoint) state, as defined in DHCP Failover Protocol [FAILOVR]' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +attributetype ( 2.16.840.1.113719.1.203.4.39 + NAME 'dhcpErrorLog' + EQUALITY caseIgnoreIA5Match + DESC 'Generic error log attribute that allows logging error conditions within a dhcpService or a dhcpSubnet, like no IP addresses available for lease.' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +attributetype ( 2.16.840.1.113719.1.203.4.40 + NAME 'dhcpLocatorDN' + EQUALITY distinguishedNameMatch + DESC 'The DN of dhcpLocator object which contain the DNs of all DHCP configuration objects. There will be a single dhcpLocator object in the tree with links to all the DHCP objects in the tree' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) + +attributetype ( 2.16.840.1.113719.1.203.4.41 + NAME 'dhcpKeyAlgorithm' + EQUALITY caseIgnoreIA5Match + DESC 'Algorithm to generate TSIG Key' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +attributetype ( 2.16.840.1.113719.1.203.4.42 + NAME 'dhcpKeySecret' + EQUALITY octetStringMatch + DESC 'Secret to generate TSIG Key' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) + +attributetype ( 2.16.840.1.113719.1.203.4.43 + NAME 'dhcpDnsZoneServer' + EQUALITY caseIgnoreIA5Match + DESC 'Master server of the DNS Zone' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +attributetype ( 2.16.840.1.113719.1.203.4.44 + NAME 'dhcpKeyDN' + EQUALITY distinguishedNameMatch + DESC 'The DNs of TSIG Key to use in secure dynamic updates. In case of locator object, this will be list of TSIG keys. In case of DHCP Service, Shared Network, Subnet and DNS Zone, it will be a single key.' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12) + +attributetype ( 2.16.840.1.113719.1.203.4.45 + NAME 'dhcpZoneDN' + EQUALITY distinguishedNameMatch + DESC 'The DNs of DNS Zone. In case of locator object, this will be list of DNS Zones in the tree. In case of DHCP Service, Shared Network and Subnet, it will be a single DNS Zone.' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12) + +attributetype ( 2.16.840.1.113719.1.203.4.46 + NAME 'dhcpFailOverRole' + EQUALITY caseIgnoreIA5Match + DESC 'Role of the DHCP Server. Either primary or secondary' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 2.16.840.1.113719.1.203.4.47 + NAME 'dhcpFailOverReceiveAddress' + EQUALITY caseIgnoreIA5Match + DESC 'IP address or DNS name on which the server should listen for connections from its fail over peer' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 2.16.840.1.113719.1.203.4.48 + NAME 'dhcpFailOverPeerAddress' + EQUALITY caseIgnoreIA5Match + DESC 'IP address or DNS name to which the server should connect to reach its fail over peer' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 2.16.840.1.113719.1.203.4.49 + NAME 'dhcpFailOverPeerPort' + EQUALITY integerMatch + DESC 'Port to which server should connect to reach its fail over peer' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) + +attributetype ( 2.16.840.1.113719.1.203.4.50 + NAME 'dhcpFailOverReceivePort' + EQUALITY integerMatch + DESC 'Port on which server should listen for connections from its fail over peer' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) + +attributetype ( 2.16.840.1.113719.1.203.4.51 + NAME 'dhcpFailOverResponseDelay' + EQUALITY integerMatch + DESC 'Maximum response time in seconds, before Server assumes that connection to fail over peer has failed' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) + +attributetype ( 2.16.840.1.113719.1.203.4.52 + NAME 'dhcpFailOverUnpackedUpdates' + EQUALITY integerMatch + DESC 'Number of BNDUPD messages that server can send before it receives BNDACK from its fail over peer' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) + +attributetype ( 2.16.840.1.113719.1.203.4.53 + NAME 'dhcpFailOverSplit' + EQUALITY integerMatch + DESC 'Split between the primary and secondary servers for fail over purpose' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) + +attributetype ( 2.16.840.1.113719.1.203.4.54 + NAME 'dhcpFailOverLoadBalanceTime' + EQUALITY integerMatch + DESC 'Cutoff time in seconds, after which load balance is disabled' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) + +attributetype ( 2.16.840.1.113719.1.203.4.55 + NAME 'dhcpFailOverPeerDN' + EQUALITY distinguishedNameMatch + DESC 'The DNs of Fail over peers. In case of locator object, this will be list of fail over peers in the tree. In case of Subnet and pool, it will be a single Fail Over Peer' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) + +#List of all servers in the tree +attributetype ( 2.16.840.1.113719.1.203.4.56 + NAME 'dhcpServerDN' + EQUALITY distinguishedNameMatch + DESC 'List of all DHCP Servers in the tree. Used by dhcpLocatorObject' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) + +attributetype ( 2.16.840.1.113719.1.203.4.57 + NAME 'dhcpComments' + EQUALITY caseIgnoreIA5Match + DESC 'Generic attribute that allows coments within any DHCP object' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +# Classes + +objectclass ( 2.16.840.1.113719.1.203.6.1 + NAME 'dhcpService' + DESC 'Service object that represents the actual DHCP Service configuration. This is a container object.' + SUP top + MUST (cn) + MAY ( dhcpPrimaryDN $ dhcpSecondaryDN $ dhcpServerDN $ dhcpSharedNetworkDN $ dhcpSubnetDN $ dhcpGroupDN $ dhcpHostDN $ dhcpClassesDN $ dhcpOptionsDN $ dhcpZoneDN $ dhcpKeyDN $ dhcpFailOverPeerDN $ dhcpStatements $dhcpComments $ dhcpOption) ) + +objectclass ( 2.16.840.1.113719.1.203.6.2 + NAME 'dhcpSharedNetwork' + DESC 'This stores configuration information for a shared network.' + SUP top + MUST cn + MAY ( dhcpSubnetDN $ dhcpPoolDN $ dhcpOptionsDN $ dhcpZoneDN $ dhcpStatements $dhcpComments $ dhcpOption) X-NDS_CONTAINMENT ('dhcpService' ) ) + +objectclass ( 2.16.840.1.113719.1.203.6.3 + NAME 'dhcpSubnet' + DESC 'This class defines a subnet. This is a container object.' + SUP top + MUST ( cn $ dhcpNetMask ) + MAY ( dhcpRange $ dhcpPoolDN $ dhcpGroupDN $ dhcpHostDN $ dhcpClassesDN $ dhcpLeasesDN $ dhcpOptionsDN $ dhcpZoneDN $ dhcpKeyDN $ dhcpFailOverPeerDN $ dhcpStatements $ dhcpComments $ dhcpOption ) X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork') ) + +objectclass ( 2.16.840.1.113719.1.203.6.4 + NAME 'dhcpPool' + DESC 'This stores configuration information about a pool.' + SUP top + MUST ( cn $ dhcpRange ) + MAY ( dhcpClassesDN $ dhcpPermitList $ dhcpLeasesDN $ dhcpOptionsDN $ dhcpZoneDN $dhcpKeyDN $ dhcpStatements $ dhcpComments $ dhcpOption ) + X-NDS_CONTAINMENT ('dhcpSubnet' 'dhcpSharedNetwork') ) + +objectclass ( 2.16.840.1.113719.1.203.6.5 + NAME 'dhcpGroup' + DESC 'Group object that lists host DNs and parameters. This is a container object.' + SUP top + MUST cn + MAY ( dhcpHostDN $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption ) + X-NDS_CONTAINMENT ('dhcpSubnet' 'dhcpService' ) ) + +objectclass ( 2.16.840.1.113719.1.203.6.6 + NAME 'dhcpHost' + DESC 'This represents information about a particular client' + SUP top + MUST cn + MAY (dhcpLeaseDN $ dhcpHWAddress $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption) + X-NDS_CONTAINMENT ('dhcpService' 'dhcpSubnet' 'dhcpGroup') ) + +objectclass ( 2.16.840.1.113719.1.203.6.7 + NAME 'dhcpClass' + DESC 'Represents information about a collection of related clients.' + SUP top + MUST cn + MAY (dhcpSubClassesDN $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption) + X-NDS_CONTAINMENT ('dhcpService' 'dhcpSubnet' ) ) + +objectclass ( 2.16.840.1.113719.1.203.6.8 + NAME 'dhcpSubClass' + DESC 'Represents information about a collection of related classes.' + SUP top + MUST cn + MAY (dhcpClassData $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption) X-NDS_CONTAINMENT 'dhcpClass' ) + +objectclass ( 2.16.840.1.113719.1.203.6.9 + NAME 'dhcpOptions' + DESC 'Represents information about a collection of options defined.' + SUP top AUXILIARY + MUST cn + MAY ( dhcpOption $ dhcpComments ) + X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet' 'dhcpPool' 'dhcpGroup' 'dhcpHost' 'dhcpClass' ) ) + +objectclass ( 2.16.840.1.113719.1.203.6.10 + NAME 'dhcpLeases' + DESC 'This class represents an IP Address, which may or may not have been leased.' + SUP top + MUST ( cn $ dhcpAddressState ) + MAY ( dhcpExpirationTime $ dhcpStartTimeOfState $ dhcpLastTransactionTime $ dhcpBootpFlag $ dhcpDomainName $ dhcpDnsStatus $ dhcpRequestedHostName $ dhcpAssignedHostName $ dhcpReservedForClient $ dhcpAssignedToClient $ dhcpRelayAgentInfo $ dhcpHWAddress $ dhcpOption ) + X-NDS_CONTAINMENT ( 'dhcpService' 'dhcpSubnet' 'dhcpPool') ) + +objectclass ( 2.16.840.1.113719.1.203.6.11 + NAME 'dhcpLog' + DESC 'This is the object that holds past information about the IP address. The cn is the time/date stamp when the address was assigned or released, the address state at the time, if the address was assigned or released.' + SUP top + MUST ( cn ) + MAY ( dhcpAddressState $ dhcpExpirationTime $ dhcpStartTimeOfState $ dhcpLastTransactionTime $ dhcpBootpFlag $ dhcpDomainName $ dhcpDnsStatus $ dhcpRequestedHostName $ dhcpAssignedHostName $ dhcpReservedForClient $ dhcpAssignedToClient $ dhcpRelayAgentInfo $ dhcpHWAddress $ dhcpErrorLog) + X-NDS_CONTAINMENT ('dhcpLeases' 'dhcpPool' 'dhcpSubnet' 'dhcpSharedNetwork' 'dhcpService' ) ) + +objectclass ( 2.16.840.1.113719.1.203.6.12 + NAME 'dhcpServer' + DESC 'DHCP Server Object' + SUP top + MUST ( cn ) + MAY (dhcpServiceDN $ dhcpLocatorDN $ dhcpVersion $ dhcpImplementation $ dhcpHashBucketAssignment $ dhcpDelayedServiceParameter $ dhcpMaxClientLeadTime $ dhcpFailOverEndpointState $ dhcpStatements $ dhcpComments $ dhcpOption) + X-NDS_CONTAINMENT ('organization' 'organizationalunit' 'domain') ) + +objectclass ( 2.16.840.1.113719.1.203.6.13 + NAME 'dhcpTSigKey' + DESC 'TSIG key for secure dynamic updates' + SUP top + MUST (cn $ dhcpKeyAlgorithm $ dhcpKeySecret ) + MAY ( dhcpComments ) + X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet') ) + +objectclass ( 2.16.840.1.113719.1.203.6.14 + NAME 'dhcpDnsZone' + DESC 'DNS Zone for updating leases' + SUP top + MUST (cn $ dhcpDnsZoneServer ) + MAY (dhcpKeyDN $ dhcpComments) + X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet') ) + +objectclass ( 2.16.840.1.113719.1.203.6.15 + NAME 'dhcpFailOverPeer' + DESC 'This class defines the Fail over peer' + SUP top + MUST ( cn $ dhcpFailOverRole $ dhcpFailOverReceiveAddress $ dhcpFailOverPeerAddress $ dhcpFailoverReceivePort $ dhcpFailOverPeerPort ) MAY ( dhcpFailOverResponseDelay $ dhcpFailOverUnpackedUpdates $ dhcpMaxClientLeadTime $ dhcpFailOverSplit $ dhcpHashBucketAssignment $ dhcpFailOverLoadBalanceTime $ dhcpComments $ dhcpOption) X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet') ) + +objectclass ( 2.16.840.1.113719.1.203.6.16 + NAME 'dhcpLocator' + DESC 'Locator object for DHCP configuration in the tree. There will be a single dhcpLocator object in the tree with links to all the DHCP objects in the tree' + SUP top + MUST ( cn ) + MAY ( dhcpServiceDN $dhcpServerDN $ dhcpSharedNetworkDN $ dhcpSubnetDN $ dhcpPoolDN $ dhcpGroupDN $ dhcpHostDN $ dhcpClassesDN $ dhcpKeyDN $ dhcpZoneDN $ dhcpFailOverPeerDN $ dhcpOption $ dhcpComments) + X-NDS_CONTAINMENT ('organization' 'organizationalunit' 'domain') ) + diff --git a/image/service/slapd/assets/schema/mmc/dnszone.schema b/image/service/slapd/assets/schema/mmc/dnszone.schema new file mode 100644 index 00000000..a2a14729 --- /dev/null +++ b/image/service/slapd/assets/schema/mmc/dnszone.schema @@ -0,0 +1,155 @@ +# A schema for storing DNS zones in LDAP +# +attributetype ( 1.3.6.1.4.1.2428.20.0.0 NAME 'dNSTTL' + DESC 'An integer denoting time to live' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) + +attributetype ( 1.3.6.1.4.1.2428.20.0.1 NAME 'dNSClass' + DESC 'The class of a resource record' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.0.2 NAME 'zoneName' + DESC 'The name of a zone, i.e. the name of the highest node in the zone' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.0.3 NAME 'relativeDomainName' + DESC 'The starting labels of a domain name' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.1.12 NAME 'pTRRecord' + DESC 'domain name pointer, RFC 1035' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.1.13 NAME 'hInfoRecord' + DESC 'host information, RFC 1035' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.1.14 NAME 'mInfoRecord' + DESC 'mailbox or mail list information, RFC 1035' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.1.16 NAME 'tXTRecord' + DESC 'text string, RFC 1035' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.1.18 NAME 'aFSDBRecord' + DESC 'for AFS Data Base location, RFC 1183' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.1.24 NAME 'SigRecord' + DESC 'Signature, RFC 2535' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.1.25 NAME 'KeyRecord' + DESC 'Key, RFC 2535' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.1.28 NAME 'aAAARecord' + DESC 'IPv6 address, RFC 1886' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.1.29 NAME 'LocRecord' + DESC 'Location, RFC 1876' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.1.30 NAME 'nXTRecord' + DESC 'non-existant, RFC 2535' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.1.33 NAME 'sRVRecord' + DESC 'service location, RFC 2782' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.1.35 NAME 'nAPTRRecord' + DESC 'Naming Authority Pointer, RFC 2915' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.1.36 NAME 'kXRecord' + DESC 'Key Exchange Delegation, RFC 2230' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.1.37 NAME 'certRecord' + DESC 'certificate, RFC 2538' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.1.38 NAME 'a6Record' + DESC 'A6 Record Type, RFC 2874' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.1.39 NAME 'dNameRecord' + DESC 'Non-Terminal DNS Name Redirection, RFC 2672' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.1.43 NAME 'dSRecord' + DESC 'Delegation Signer, RFC 3658' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.1.44 NAME 'sSHFPRecord' + DESC 'SSH Key Fingerprint, draft-ietf-secsh-dns-05.txt' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.1.46 NAME 'rRSIGRecord' + DESC 'RRSIG, RFC 3755' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.1.47 NAME 'nSECRecord' + DESC 'NSEC, RFC 3755' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +objectclass ( 1.3.6.1.4.1.2428.20.3 NAME 'dNSZone' + SUP top STRUCTURAL + MUST ( zoneName $ relativeDomainName ) + MAY ( DNSTTL $ DNSClass $ + ARecord $ MDRecord $ MXRecord $ NSRecord $ + SOARecord $ CNAMERecord $ PTRRecord $ HINFORecord $ + MINFORecord $ TXTRecord $ AFSDBRecord $ SIGRecord $ + KEYRecord $ AAAARecord $ LOCRecord $ NXTRecord $ + SRVRecord $ NAPTRRecord $ KXRecord $ CERTRecord $ + A6Record $ DNAMERecord $ DSRecord $ SSHFPRecord $ + RRSIGRecord $ NSECRecord ) ) \ No newline at end of file diff --git a/image/service/slapd/assets/schema/mmc/mail.schema b/image/service/slapd/assets/schema/mmc/mail.schema new file mode 100644 index 00000000..04bd8589 --- /dev/null +++ b/image/service/slapd/assets/schema/mmc/mail.schema @@ -0,0 +1,128 @@ +## +## Needed attributes for MMC Mail Plugin +## +## Cédric Delfosse (cdelfosse@mandriva.com) +## Matthieu Vogelweith (mvogelweith@mandriva.com) +## Jean-Philippe Braun (jpbraun@mandriva.com) + +# Attributes +attributetype ( 1.3.6.1.4.1.21103.1.1.13.1 + NAME 'maildrop' + DESC 'Mail addresses where mails are forwarded -- ie forwards' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512}) + +attributetype ( 1.3.6.1.4.1.21103.1.1.13.2 + NAME 'mailalias' + DESC 'Mail addresses accepted by this account -- ie aliases' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512}) + +attributetype ( 1.3.6.1.4.1.21103.1.1.13.3 + NAME 'mailenable' + DESC 'Mail Account / Virtual alias validity' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{8}) + +attributetype ( 1.3.6.1.4.1.21103.1.1.13.4 + NAME 'mailbox' + DESC 'Mailbox path where mails are delivered' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512}) + +attributetype ( 1.3.6.1.4.1.21103.1.1.13.5 + NAME 'virtualdomain' + DESC 'A mail domain name' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512}) + +attributetype ( 1.3.6.1.4.1.21103.1.1.13.6 + NAME 'virtualdomaindescription' + DESC 'Virtual domain description' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512}) + +attributetype ( 1.3.6.1.4.1.21103.1.1.13.7 + NAME 'mailuserquota' + DESC 'Mailbox quota for a user in kilo-bytes' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.21103.1.1.13.8 + NAME 'mailhost' + DESC 'The mail server IP address or FQDN for a user' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.21103.1.1.13.9 + NAME 'mailaliasmember' + DESC 'Member of a virtual alias' + SUP distinguishedName ) + +attributetype ( 1.3.6.1.4.1.21103.1.1.13.10 + NAME 'mailproxy' + DESC 'Mail proxy' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.21103.1.1.13.11 + NAME 'mailhidden' + DESC 'Mail Account hidden in address book' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{8}) + +# Mail Account Objectclass +objectclass ( 1.3.6.1.4.1.21103.1.2.13.1 + NAME 'mailAccount' + DESC 'Mail Account' + SUP top + AUXILIARY + MUST ( + mail + ) + MAY ( + mailalias $ maildrop $ mailenable $ mailbox $ mailuserquota $ + mailhost $ mailproxy $ mailhidden + ) + ) + +# Mail Domain Objectclass +objectclass ( 1.3.6.1.4.1.21103.1.2.13.2 + NAME 'mailDomain' + DESC 'Domain mail entry' + SUP top + STRUCTURAL + MUST ( + virtualdomain + ) + MAY ( + virtualdomaindescription $ mailuserquota + ) + ) + +# Mail Group Objectclass +objectclass ( 1.3.6.1.4.1.21103.1.2.13.3 + NAME 'mailGroup' SUP top AUXILIARY + DESC 'Mail Group' + MUST ( mail ) + MAY ( mailhidden ) + ) + +# Virtual Alias Objectclass +objectclass ( 1.3.6.1.4.1.21103.1.2.13.4 + NAME 'mailAlias' + DESC 'Mail Alias' + SUP top + STRUCTURAL + MUST ( mailalias ) + MAY ( mail $ mailaliasmember $ mailenable ) + ) \ No newline at end of file diff --git a/image/service/slapd/assets/schema/mmc/mmc.schema b/image/service/slapd/assets/schema/mmc/mmc.schema new file mode 100644 index 00000000..9ff5836f --- /dev/null +++ b/image/service/slapd/assets/schema/mmc/mmc.schema @@ -0,0 +1,31 @@ +## +## Needed attributes for MMC (Mandriva Management Console) +## +## Version 01 +## +## J�r�me Wax (jerome.wax@linbox.com) +## + +# Attributes +attributetype ( 1.3.6.1.4.1.40098.1.1.12.1 NAME 'lmcACL' + DESC 'LMC acl entry' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.40098.1.1.12.2 NAME 'lmcPrefMode' + DESC 'LMC user preferences' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.40098.1.1.12.3 NAME 'lmcPrinterAllowed' + DESC 'LMC a printer where the user has the rights to print' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26) + +# Objectclass +objectclass ( 1.3.6.1.4.1.40098.1.2.1.19.1 NAME 'lmcUserObject' AUXILIARY + DESC 'Objectclass for LMC user settings ' + MAY ( lmcACL $ lmcPrefMode $ lmcPrinterAllowed )) \ No newline at end of file diff --git a/image/service/slapd/assets/schema/mmc/openssh-lpk.schema b/image/service/slapd/assets/schema/mmc/openssh-lpk.schema new file mode 100644 index 00000000..c6fbf6c5 --- /dev/null +++ b/image/service/slapd/assets/schema/mmc/openssh-lpk.schema @@ -0,0 +1,19 @@ +# +# LDAP Public Key Patch schema for use with openssh-ldappubkey +# Author: Eric AUGE +# +# Based on the proposal of : Mark Ruijter +# + + +# octetString SYNTAX +attributetype ( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey' + DESC 'MANDATORY: OpenSSH Public key' + EQUALITY octetStringMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) + +# printableString SYNTAX yes|no +objectclass ( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' SUP top AUXILIARY + DESC 'MANDATORY: OpenSSH LPK objectclass' + MAY ( sshPublicKey $ uid ) + ) \ No newline at end of file diff --git a/image/service/slapd/assets/schema/mmc/quota.schema b/image/service/slapd/assets/schema/mmc/quota.schema new file mode 100644 index 00000000..84737a3b --- /dev/null +++ b/image/service/slapd/assets/schema/mmc/quota.schema @@ -0,0 +1,29 @@ +## +## schema file for Unix Quotas +## Schema for storing Unix Quotas in LDAP +## OIDs are owned by Cogent Innovators, LLC +## +## 1.3.6.1.4.1.19937.1.1.x - attributetypes +## 1.3.6.1.4.1.19937.1.2.x - objectclasses +## + +attributetype ( 1.3.6.1.4.1.19937.1.1.1 NAME 'quota' + DESC 'Quotas (FileSystem:BlocksSoft,BlocksHard,InodesSoft,InodesHard)' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} ) + +attributetype ( 1.3.6.1.4.1.19937.1.1.2 NAME 'networkquota' + DESC 'Network Quotas (network,protocol,bytes)' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} ) + +objectclass ( 1.3.6.1.4.1.19937.1.2.1 NAME 'systemQuotas' SUP posixAccount AUXILIARY + DESC 'System Quotas' + MUST ( uid ) + MAY ( quota $ networkquota )) + +objectclass ( 1.3.6.1.4.1.19937.1.2.2 NAME 'defaultQuotas' + DESC 'Quota defaults to apply to members of a group' + SUP top AUXILIARY + MUST ( cn ) + MAY ( quota $ networkquota )) diff --git a/image/service/slapd/assets/schema/mmc/radius.schema b/image/service/slapd/assets/schema/mmc/radius.schema new file mode 100644 index 00000000..cdbdba72 --- /dev/null +++ b/image/service/slapd/assets/schema/mmc/radius.schema @@ -0,0 +1,589 @@ +# This is a LDAPv3 schema for RADIUS attributes. +# Tested on OpenLDAP 2.0.7 +# Posted by Javier Fernandez-Sanguino Pena +# LDAP v3 version by Jochen Friedrich +# Updates by Adrian Pavlykevych +############## +# This version is customized +# so that the radiusCallingStationId attribute +# is multi evaluated + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.1 + NAME 'radiusArapFeatures' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.2 + NAME 'radiusArapSecurity' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.3 + NAME 'radiusArapZoneAccess' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.44 + NAME 'radiusAuthType' + DESC 'checkItem: Auth-Type' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.4 + NAME 'radiusCallbackId' + DESC 'replyItem: Callback-Id' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.5 + NAME 'radiusCallbackNumber' + DESC 'replyItem: Callback-Number' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.6 + NAME 'radiusCalledStationId' + DESC 'checkItem: Called-Station-Id' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.7 + NAME 'radiusCallingStationId' + DESC 'checkItem: Calling-Station-Id' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.8 + NAME 'radiusClass' + DESC 'replyItem: Class' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.45 + NAME 'radiusClientIPAddress' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.9 + NAME 'radiusFilterId' + DESC 'replyItem: Filter-Id' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.10 + NAME 'radiusFramedAppleTalkLink' + DESC 'replyItem: Framed-AppleTalk-Link' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.11 + NAME 'radiusFramedAppleTalkNetwork' + DESC 'replyItem: Framed-AppleTalk-Network' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.12 + NAME 'radiusFramedAppleTalkZone' + DESC 'replyItem: Framed-AppleTalk-Zone' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.13 + NAME 'radiusFramedCompression' + DESC 'replyItem: Framed-Compression' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.14 + NAME 'radiusFramedIPAddress' + DESC 'replyItem: Framed-IP-Address' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.15 + NAME 'radiusFramedIPNetmask' + DESC 'replyItem: Framed-IP-Netmask' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.16 + NAME 'radiusFramedIPXNetwork' + DESC 'replyItem: Framed-IPX-Network' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.17 + NAME 'radiusFramedMTU' + DESC 'replyItem: Framed-MTU' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.18 + NAME 'radiusFramedProtocol' + DESC 'replyItem: Framed-Protocol' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.19 + NAME 'radiusFramedRoute' + DESC 'replyItem: Framed-Route' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.20 + NAME 'radiusFramedRouting' + DESC 'replyItem: Framed-Routing' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.46 + NAME 'radiusGroupName' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.47 + NAME 'radiusHint' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.48 + NAME 'radiusHuntgroupName' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.21 + NAME 'radiusIdleTimeout' + DESC 'replyItem: Idle-Timeout' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.22 + NAME 'radiusLoginIPHost' + DESC 'replyItem: Login-IP-Host' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.23 + NAME 'radiusLoginLATGroup' + DESC 'replyItem: Login-LAT-Group' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.24 + NAME 'radiusLoginLATNode' + DESC 'replyItem: Login-LAT-Node' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.25 + NAME 'radiusLoginLATPort' + DESC 'replyItem: Login-LAT-Port' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.26 + NAME 'radiusLoginLATService' + DESC 'replyItem: Login-LAT-Service' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.27 + NAME 'radiusLoginService' + DESC 'replyItem: Login-Service' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.28 + NAME 'radiusLoginTCPPort' + DESC 'replyItem: Login-TCP-Port' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.29 + NAME 'radiusPasswordRetry' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.30 + NAME 'radiusPortLimit' + DESC 'replyItem: Port-Limit' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.49 + NAME 'radiusProfileDn' + DESC '' + EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.31 + NAME 'radiusPrompt' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.50 + NAME 'radiusProxyToRealm' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.51 + NAME 'radiusReplicateToRealm' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.52 + NAME 'radiusRealm' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.32 + NAME 'radiusServiceType' + DESC 'replyItem: Service-Type' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.33 + NAME 'radiusSessionTimeout' + DESC 'replyItem: Session-Timeout' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.34 + NAME 'radiusTerminationAction' + DESC 'replyItem: Termination-Action' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.35 + NAME 'radiusTunnelAssignmentId' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.36 + NAME 'radiusTunnelMediumType' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.37 + NAME 'radiusTunnelPassword' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.38 + NAME 'radiusTunnelPreference' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.39 + NAME 'radiusTunnelPrivateGroupId' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.40 + NAME 'radiusTunnelServerEndpoint' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.41 + NAME 'radiusTunnelType' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.42 + NAME 'radiusVSA' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.43 + NAME 'radiusTunnelClientEndpoint' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) + + +#need to change asn1.id +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.53 + NAME 'radiusSimultaneousUse' + DESC 'checkItem: Simultaneous-Use' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.54 + NAME 'radiusLoginTime' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.55 + NAME 'radiusUserCategory' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.56 + NAME 'radiusStripUserName' + DESC '' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.57 + NAME 'dialupAccess' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.58 + NAME 'radiusExpiration' + DESC 'checkItem: Expiration' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.59 + NAME 'radiusCheckItem' + DESC 'checkItem: $GENERIC$' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.60 + NAME 'radiusReplyItem' + DESC 'replyItem: $GENERIC$' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.61 + NAME 'radiusNASIpAddress' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.62 + NAME 'radiusReplyMessage' + DESC 'replyItem: Reply-Message' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) + + +objectclass + ( 1.3.6.1.4.1.3317.4.3.2.1 + NAME 'radiusprofile' + SUP top AUXILIARY + DESC '' + MUST cn + MAY ( radiusArapFeatures $ radiusArapSecurity $ radiusArapZoneAccess $ + radiusAuthType $ radiusCallbackId $ radiusCallbackNumber $ + radiusCalledStationId $ radiusCallingStationId $ radiusClass $ + radiusClientIPAddress $ radiusFilterId $ radiusFramedAppleTalkLink $ + radiusFramedAppleTalkNetwork $ radiusFramedAppleTalkZone $ + radiusFramedCompression $ radiusFramedIPAddress $ + radiusFramedIPNetmask $ radiusFramedIPXNetwork $ + radiusFramedMTU $ radiusFramedProtocol $ + radiusCheckItem $ radiusReplyItem $ + radiusFramedRoute $ radiusFramedRouting $ radiusIdleTimeout $ + radiusGroupName $ radiusHint $ radiusHuntgroupName $ + radiusLoginIPHost $ radiusLoginLATGroup $ radiusLoginLATNode $ + radiusLoginLATPort $ radiusLoginLATService $ radiusLoginService $ + radiusLoginTCPPort $ radiusLoginTime $ radiusPasswordRetry $ + radiusPortLimit $ radiusPrompt $ radiusProxyToRealm $ + radiusRealm $ radiusReplicateToRealm $ radiusServiceType $ + radiusSessionTimeout $ radiusStripUserName $ + radiusTerminationAction $ radiusTunnelClientEndpoint $ radiusProfileDn $ + radiusSimultaneousUse $ radiusTunnelAssignmentId $ + radiusTunnelMediumType $ radiusTunnelPassword $ radiusTunnelPreference $ + radiusTunnelPrivateGroupId $ radiusTunnelServerEndpoint $ + radiusTunnelType $ radiusUserCategory $ radiusVSA $ + radiusExpiration $ dialupAccess $ radiusNASIpAddress $ + radiusReplyMessage ) + ) + +objectclass + ( 1.3.6.1.4.1.3317.4.3.2.2 + NAME 'radiusObjectProfile' + SUP top STRUCTURAL + DESC 'A Container Objectclass to be used for creating radius profile object' + MUST cn + MAY ( uid $ userPassword $ description ) + ) \ No newline at end of file diff --git a/image/service/slapd/assets/schema/mmc/samba.schema b/image/service/slapd/assets/schema/mmc/samba.schema new file mode 100644 index 00000000..92d5efce --- /dev/null +++ b/image/service/slapd/assets/schema/mmc/samba.schema @@ -0,0 +1,554 @@ +## +## schema file for OpenLDAP 2.x +## Schema for storing Samba user accounts and group maps in LDAP +## OIDs are owned by the Samba Team +## +## Prerequisite schemas - uid (cosine.schema) +## - displayName (inetorgperson.schema) +## - gidNumber (nis.schema) +## +## 1.3.6.1.4.1.7165.2.1.x - attributetypes +## 1.3.6.1.4.1.7165.2.2.x - objectclasses +## +## Printer support +## 1.3.6.1.4.1.7165.2.3.1.x - attributetypes +## 1.3.6.1.4.1.7165.2.3.2.x - objectclasses +## +## Samba4 +## 1.3.6.1.4.1.7165.4.1.x - attributetypes +## 1.3.6.1.4.1.7165.4.2.x - objectclasses +## 1.3.6.1.4.1.7165.4.3.x - LDB/LDAP Controls +## 1.3.6.1.4.1.7165.4.4.x - LDB/LDAP Extended Operations +## 1.3.6.1.4.1.7165.4.255.x - mapped OIDs due to conflicts between AD and standards-track +## +## ----- READ THIS WHEN ADDING A NEW ATTRIBUTE OR OBJECT CLASS ------ +## +## Run the 'get_next_oid' bash script in this directory to find the +## next available OID for attribute type and object classes. +## +## $ ./get_next_oid +## attributetype ( 1.3.6.1.4.1.7165.2.1.XX NAME .... +## objectclass ( 1.3.6.1.4.1.7165.2.2.XX NAME .... +## +## Also ensure that new entries adhere to the declaration style +## used throughout this file +## +## ( 1.3.6.1.4.1.7165.2.XX.XX NAME .... +## ^ ^ ^ +## +## The spaces are required for the get_next_oid script (and for +## readability). +## +## ------------------------------------------------------------------ + +# objectIdentifier SambaRoot 1.3.6.1.4.1.7165 +# objectIdentifier Samba3 SambaRoot:2 +# objectIdentifier Samba3Attrib Samba3:1 +# objectIdentifier Samba3ObjectClass Samba3:2 +# objectIdentifier Samba4 SambaRoot:4 + +######################################################################## +## HISTORICAL ## +######################################################################## + +## +## Password hashes +## +#attributetype ( 1.3.6.1.4.1.7165.2.1.1 NAME 'lmPassword' +# DESC 'LanManager Passwd' +# EQUALITY caseIgnoreIA5Match +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE ) + +#attributetype ( 1.3.6.1.4.1.7165.2.1.2 NAME 'ntPassword' +# DESC 'NT Passwd' +# EQUALITY caseIgnoreIA5Match +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE ) + +## +## Account flags in string format ([UWDX ]) +## +#attributetype ( 1.3.6.1.4.1.7165.2.1.4 NAME 'acctFlags' +# DESC 'Account Flags' +# EQUALITY caseIgnoreIA5Match +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE ) + +## +## Password timestamps & policies +## +#attributetype ( 1.3.6.1.4.1.7165.2.1.3 NAME 'pwdLastSet' +# DESC 'NT pwdLastSet' +# EQUALITY integerMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +#attributetype ( 1.3.6.1.4.1.7165.2.1.5 NAME 'logonTime' +# DESC 'NT logonTime' +# EQUALITY integerMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +#attributetype ( 1.3.6.1.4.1.7165.2.1.6 NAME 'logoffTime' +# DESC 'NT logoffTime' +# EQUALITY integerMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +#attributetype ( 1.3.6.1.4.1.7165.2.1.7 NAME 'kickoffTime' +# DESC 'NT kickoffTime' +# EQUALITY integerMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +#attributetype ( 1.3.6.1.4.1.7165.2.1.8 NAME 'pwdCanChange' +# DESC 'NT pwdCanChange' +# EQUALITY integerMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +#attributetype ( 1.3.6.1.4.1.7165.2.1.9 NAME 'pwdMustChange' +# DESC 'NT pwdMustChange' +# EQUALITY integerMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +## +## string settings +## +#attributetype ( 1.3.6.1.4.1.7165.2.1.10 NAME 'homeDrive' +# DESC 'NT homeDrive' +# EQUALITY caseIgnoreIA5Match +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE ) + +#attributetype ( 1.3.6.1.4.1.7165.2.1.11 NAME 'scriptPath' +# DESC 'NT scriptPath' +# EQUALITY caseIgnoreIA5Match +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE ) + +#attributetype ( 1.3.6.1.4.1.7165.2.1.12 NAME 'profilePath' +# DESC 'NT profilePath' +# EQUALITY caseIgnoreIA5Match +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE ) + +#attributetype ( 1.3.6.1.4.1.7165.2.1.13 NAME 'userWorkstations' +# DESC 'userWorkstations' +# EQUALITY caseIgnoreIA5Match +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE ) + +#attributetype ( 1.3.6.1.4.1.7165.2.1.17 NAME 'smbHome' +# DESC 'smbHome' +# EQUALITY caseIgnoreIA5Match +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) + +#attributetype ( 1.3.6.1.4.1.7165.2.1.18 NAME 'domain' +# DESC 'Windows NT domain to which the user belongs' +# EQUALITY caseIgnoreIA5Match +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) + +## +## user and group RID +## +#attributetype ( 1.3.6.1.4.1.7165.2.1.14 NAME 'rid' +# DESC 'NT rid' +# EQUALITY integerMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +#attributetype ( 1.3.6.1.4.1.7165.2.1.15 NAME 'primaryGroupID' +# DESC 'NT Group RID' +# EQUALITY integerMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +## +## The smbPasswordEntry objectclass has been depreciated in favor of the +## sambaAccount objectclass +## +#objectclass ( 1.3.6.1.4.1.7165.2.2.1 NAME 'smbPasswordEntry' SUP top AUXILIARY +# DESC 'Samba smbpasswd entry' +# MUST ( uid $ uidNumber ) +# MAY ( lmPassword $ ntPassword $ pwdLastSet $ acctFlags )) + +#objectclass ( 1.3.6.1.4.1.7165.2.2.2 NAME 'sambaAccount' SUP top STRUCTURAL +# DESC 'Samba Account' +# MUST ( uid $ rid ) +# MAY ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $ +# logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $ +# displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $ +# description $ userWorkstations $ primaryGroupID $ domain )) + +#objectclass ( 1.3.6.1.4.1.7165.2.2.3 NAME 'sambaAccount' SUP top AUXILIARY +# DESC 'Samba Auxiliary Account' +# MUST ( uid $ rid ) +# MAY ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $ +# logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $ +# displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $ +# description $ userWorkstations $ primaryGroupID $ domain )) + +######################################################################## +## END OF HISTORICAL ## +######################################################################## + +####################################################################### +## Attributes used by Samba 3.0 schema ## +####################################################################### + +## +## Password hashes +## +attributetype ( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword' + DESC 'LanManager Password' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword' + DESC 'MD4 hash of the unicode password' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE ) + +## +## Account flags in string format ([UWDX ]) +## +attributetype ( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags' + DESC 'Account Flags' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE ) + +## +## Password timestamps & policies +## +attributetype ( 1.3.6.1.4.1.7165.2.1.27 NAME 'sambaPwdLastSet' + DESC 'Timestamp of the last password update' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.28 NAME 'sambaPwdCanChange' + DESC 'Timestamp of when the user is allowed to update the password' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange' + DESC 'Timestamp of when the password will expire' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.30 NAME 'sambaLogonTime' + DESC 'Timestamp of last logon' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.31 NAME 'sambaLogoffTime' + DESC 'Timestamp of last logoff' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.32 NAME 'sambaKickoffTime' + DESC 'Timestamp of when the user will be logged off automatically' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.48 NAME 'sambaBadPasswordCount' + DESC 'Bad password attempt count' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.49 NAME 'sambaBadPasswordTime' + DESC 'Time of the last bad password attempt' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.55 NAME 'sambaLogonHours' + DESC 'Logon Hours' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{42} SINGLE-VALUE ) + +## +## string settings +## +attributetype ( 1.3.6.1.4.1.7165.2.1.33 NAME 'sambaHomeDrive' + DESC 'Driver letter of home directory mapping' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.34 NAME 'sambaLogonScript' + DESC 'Logon script path' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.35 NAME 'sambaProfilePath' + DESC 'Roaming profile path' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.36 NAME 'sambaUserWorkstations' + DESC 'List of user workstations the user is allowed to logon to' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.37 NAME 'sambaHomePath' + DESC 'Home directory UNC path' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.38 NAME 'sambaDomainName' + DESC 'Windows NT domain to which the user belongs' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial' + DESC 'Base64 encoded user parameter string' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.54 NAME 'sambaPasswordHistory' + DESC 'Concatenated MD5 hashes of the salted NT passwords used on this account' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} ) + +## +## SID, of any type +## + +attributetype ( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID' + DESC 'Security ID' + EQUALITY caseIgnoreIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE ) + +## +## Primary group SID, compatible with ntSid +## + +attributetype ( 1.3.6.1.4.1.7165.2.1.23 NAME 'sambaPrimaryGroupSID' + DESC 'Primary Group Security ID' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.51 NAME 'sambaSIDList' + DESC 'Security ID List' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} ) + +## +## group mapping attributes +## +attributetype ( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType' + DESC 'NT Group Type' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +## +## Store info on the domain +## + +attributetype ( 1.3.6.1.4.1.7165.2.1.21 NAME 'sambaNextUserRid' + DESC 'Next NT rid to give our for users' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.22 NAME 'sambaNextGroupRid' + DESC 'Next NT rid to give out for groups' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.39 NAME 'sambaNextRid' + DESC 'Next NT rid to give out for anything' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.40 NAME 'sambaAlgorithmicRidBase' + DESC 'Base at which the samba RID generation algorithm should operate' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.41 NAME 'sambaShareName' + DESC 'Share Name' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.42 NAME 'sambaOptionName' + DESC 'Option Name' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.43 NAME 'sambaBoolOption' + DESC 'A boolean option' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.44 NAME 'sambaIntegerOption' + DESC 'An integer option' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.45 NAME 'sambaStringOption' + DESC 'A string option' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.46 NAME 'sambaStringListOption' + DESC 'A string list option' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + + +##attributetype ( 1.3.6.1.4.1.7165.2.1.50 NAME 'sambaPrivName' +## SUP name ) + +##attributetype ( 1.3.6.1.4.1.7165.2.1.52 NAME 'sambaPrivilegeList' +## DESC 'Privileges List' +## EQUALITY caseIgnoreIA5Match +## SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.53 NAME 'sambaTrustFlags' + DESC 'Trust Password Flags' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +# "min password length" +attributetype ( 1.3.6.1.4.1.7165.2.1.58 NAME 'sambaMinPwdLength' + DESC 'Minimal password length (default: 5)' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +# "password history" +attributetype ( 1.3.6.1.4.1.7165.2.1.59 NAME 'sambaPwdHistoryLength' + DESC 'Length of Password History Entries (default: 0 => off)' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +# "user must logon to change password" +attributetype ( 1.3.6.1.4.1.7165.2.1.60 NAME 'sambaLogonToChgPwd' + DESC 'Force Users to logon for password change (default: 0 => off, 2 => on)' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +# "maximum password age" +attributetype ( 1.3.6.1.4.1.7165.2.1.61 NAME 'sambaMaxPwdAge' + DESC 'Maximum password age, in seconds (default: -1 => never expire passwords)' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +# "minimum password age" +attributetype ( 1.3.6.1.4.1.7165.2.1.62 NAME 'sambaMinPwdAge' + DESC 'Minimum password age, in seconds (default: 0 => allow immediate password change)' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +# "lockout duration" +attributetype ( 1.3.6.1.4.1.7165.2.1.63 NAME 'sambaLockoutDuration' + DESC 'Lockout duration in minutes (default: 30, -1 => forever)' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +# "reset count minutes" +attributetype ( 1.3.6.1.4.1.7165.2.1.64 NAME 'sambaLockoutObservationWindow' + DESC 'Reset time after lockout in minutes (default: 30)' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +# "bad lockout attempt" +attributetype ( 1.3.6.1.4.1.7165.2.1.65 NAME 'sambaLockoutThreshold' + DESC 'Lockout users after bad logon attempts (default: 0 => off)' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +# "disconnect time" +attributetype ( 1.3.6.1.4.1.7165.2.1.66 NAME 'sambaForceLogoff' + DESC 'Disconnect Users outside logon hours (default: -1 => off, 0 => on)' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +# "refuse machine password change" +attributetype ( 1.3.6.1.4.1.7165.2.1.67 NAME 'sambaRefuseMachinePwdChange' + DESC 'Allow Machine Password changes (default: 0 => off)' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + + + + +####################################################################### +## objectClasses used by Samba 3.0 schema ## +####################################################################### + +## The X.500 data model (and therefore LDAPv3) says that each entry can +## only have one structural objectclass. OpenLDAP 2.0 does not enforce +## this currently but will in v2.1 + +## +## added new objectclass (and OID) for 3.0 to help us deal with backwards +## compatibility with 2.2 installations (e.g. ldapsam_compat) --jerry +## +objectclass ( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' SUP top AUXILIARY + DESC 'Samba 3.0 Auxilary SAM Account' + MUST ( uid $ sambaSID ) + MAY ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $ + sambaLogonTime $ sambaLogoffTime $ sambaKickoffTime $ + sambaPwdCanChange $ sambaPwdMustChange $ sambaAcctFlags $ + displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScript $ + sambaProfilePath $ description $ sambaUserWorkstations $ + sambaPrimaryGroupSID $ sambaDomainName $ sambaMungedDial $ + sambaBadPasswordCount $ sambaBadPasswordTime $ + sambaPasswordHistory $ sambaLogonHours)) + +## +## Group mapping info +## +objectclass ( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' SUP top AUXILIARY + DESC 'Samba Group Mapping' + MUST ( gidNumber $ sambaSID $ sambaGroupType ) + MAY ( displayName $ description $ sambaSIDList )) + +## +## Trust password for trust relationships (any kind) +## +objectclass ( 1.3.6.1.4.1.7165.2.2.14 NAME 'sambaTrustPassword' SUP top STRUCTURAL + DESC 'Samba Trust Password' + MUST ( sambaDomainName $ sambaNTPassword $ sambaTrustFlags ) + MAY ( sambaSID $ sambaPwdLastSet )) + +## +## Whole-of-domain info +## +objectclass ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' SUP top STRUCTURAL + DESC 'Samba Domain Information' + MUST ( sambaDomainName $ + sambaSID ) + MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $ + sambaAlgorithmicRidBase $ + sambaMinPwdLength $ sambaPwdHistoryLength $ sambaLogonToChgPwd $ + sambaMaxPwdAge $ sambaMinPwdAge $ + sambaLockoutDuration $ sambaLockoutObservationWindow $ sambaLockoutThreshold $ + sambaForceLogoff $ sambaRefuseMachinePwdChange )) + +## +## used for idmap_ldap module +## +objectclass ( 1.3.6.1.4.1.7165.2.2.7 NAME 'sambaUnixIdPool' SUP top AUXILIARY + DESC 'Pool for allocating UNIX uids/gids' + MUST ( uidNumber $ gidNumber ) ) + + +objectclass ( 1.3.6.1.4.1.7165.2.2.8 NAME 'sambaIdmapEntry' SUP top AUXILIARY + DESC 'Mapping from a SID to an ID' + MUST ( sambaSID ) + MAY ( uidNumber $ gidNumber ) ) + +objectclass ( 1.3.6.1.4.1.7165.2.2.9 NAME 'sambaSidEntry' SUP top STRUCTURAL + DESC 'Structural Class for a SID' + MUST ( sambaSID ) ) + +objectclass ( 1.3.6.1.4.1.7165.2.2.10 NAME 'sambaConfig' SUP top AUXILIARY + DESC 'Samba Configuration Section' + MAY ( description ) ) + +objectclass ( 1.3.6.1.4.1.7165.2.2.11 NAME 'sambaShare' SUP top STRUCTURAL + DESC 'Samba Share Section' + MUST ( sambaShareName ) + MAY ( description ) ) + +objectclass ( 1.3.6.1.4.1.7165.2.2.12 NAME 'sambaConfigOption' SUP top STRUCTURAL + DESC 'Samba Configuration Option' + MUST ( sambaOptionName ) + MAY ( sambaBoolOption $ sambaIntegerOption $ sambaStringOption $ + sambaStringListoption $ description ) ) + + +## retired during privilege rewrite +##objectclass ( 1.3.6.1.4.1.7165.2.2.13 NAME 'sambaPrivilege' SUP top AUXILIARY +## DESC 'Samba Privilege' +## MUST ( sambaSID ) +## MAY ( sambaPrivilegeList ) ) \ No newline at end of file diff --git a/image/service/slapd/assets/schema/mmc/zarafa.schema b/image/service/slapd/assets/schema/mmc/zarafa.schema new file mode 100644 index 00000000..68b43863 --- /dev/null +++ b/image/service/slapd/assets/schema/mmc/zarafa.schema @@ -0,0 +1,300 @@ +attributetype ( 1.3.6.1.4.1.26278.1.1.1.1 + NAME 'zarafaQuotaOverride' + DESC 'ZARAFA: Override child quota' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.26278.1.1.1.2 + NAME 'zarafaQuotaWarn' + DESC 'ZARAFA: Warning quota size in MB' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.26278.1.1.1.3 + NAME 'zarafaQuotaSoft' + DESC 'ZARAFA: Soft quota size in MB' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.26278.1.1.1.4 + NAME 'zarafaQuotaHard' + DESC 'ZARAFA: Hard quota size in MB' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.26278.1.1.1.5 + NAME 'zarafaUserDefaultQuotaOverride' + DESC 'ZARAFA: Override User default quota for children' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.26278.1.1.1.6 + NAME 'zarafaUserDefaultQuotaWarn' + DESC 'ZARAFA: User default warning quota size in MB' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.26278.1.1.1.7 + NAME 'zarafaUserDefaultQuotaSoft' + DESC 'ZARAFA: User default soft quota size in MB' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.26278.1.1.1.8 + NAME 'zarafaUserDefaultQuotaHard' + DESC 'ZARAFA: User default hard quota size in MB' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.26278.1.1.2.1 + NAME 'zarafaAdmin' + DESC 'ZARAFA: Administrator of zarafa' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.26278.1.1.2.2 + NAME 'zarafaSharedStoreOnly' + DESC 'ZARAFA: is store a shared store' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.26278.1.1.2.3 + NAME 'zarafaAccount' + DESC 'ZARAFA: entry is a part of zarafa' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.26278.1.1.2.4 + NAME 'zarafaSendAsPrivilege' + DESC 'ZARAFA: Users may directly send email as this user' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.26278.1.1.2.5 + NAME 'zarafaMrAccept' + DESC 'ZARAFA: user should auto-accept meeting requests' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.26278.1.1.2.6 + NAME 'zarafaMrDeclineConflict' + DESC 'ZARAFA: user should automatically decline conflicting meeting requests' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.26278.1.1.2.7 + NAME 'zarafaMrDeclineRecurring' + DESC 'ZARAFA: user should automatically decline recurring meeting requests' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.26278.1.1.2.8 + NAME 'zarafaId' + DESC 'ZARAFA: Generic unique ID' + EQUALITY octetStringMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.26278.1.1.2.9 + NAME 'zarafaResourceType' + DESC 'ZARAFA: for shared stores, resource is type Room or Equipment' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.26278.1.1.2.10 + NAME 'zarafaResourceCapacity' + DESC 'ZARAFA: number of rooms or equipment available' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.26278.1.1.2.11 + NAME 'zarafaHidden' + DESC 'ZARAFA: This object should be hidden from address book' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.26278.1.1.3.1 + NAME 'zarafaAliases' + DESC 'ZARAFA: All other email addresses for this user' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.26278.1.1.4.1 + NAME 'zarafaUserServer' + DESC 'ZARAFA: Home server for the user' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) + +objectclass ( 1.3.6.1.4.1.26278.1.1.0.0 + NAME 'zarafa-user' + DESC 'Zarafa: an user of Zarafa' + SUP top AUXILIARY + MUST ( cn ) + MAY ( + zarafaQuotaOverride $ zarafaQuotaWarn $ zarafaQuotaSoft $ zarafaSendAsPrivilege $ + zarafaQuotaHard $ zarafaAdmin $ zarafaSharedStoreOnly $ zarafaResourceType $ + zarafaResourceCapacity $ zarafaAccount $ zarafaHidden $ zarafaAliases $ + zarafaUserServer + ) + ) + +objectclass ( 1.3.6.1.4.1.26278.1.6.0.0 + NAME 'zarafa-contact' + DESC 'Zarafa: a contact of Zarafa' + SUP top AUXILIARY + MUST ( cn $ uidNumber ) + MAY ( + zarafaSendAsPrivilege $ zarafaHidden $ zarafaAliases + ) + ) + + +attributetype ( 1.3.6.1.4.1.26278.1.2.2.1 + NAME 'zarafaSecurityGroup' + DESC 'ZARAFA: group has security possibilities' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +objectclass ( 1.3.6.1.4.1.26278.1.2.0.0 + NAME 'zarafa-group' + DESC 'Zarafa: a group of Zarafa' + SUP top AUXILIARY + MUST ( cn ) + MAY ( + zarafaAccount $ zarafaHidden $ mail $ zarafaAliases $ zarafaSecurityGroup + ) + ) + +attributetype ( 1.3.6.1.4.1.26278.1.3.2.4 + NAME 'zarafaViewPrivilege' + DESC 'ZARAFA: Companies with view privileges over selected company' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + ) + +attributetype ( 1.3.6.1.4.1.26278.1.3.2.5 + NAME 'zarafaAdminPrivilege' + DESC 'ZARAFA: Users from different companies which are administrator over selected company' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + ) + +attributetype ( 1.3.6.1.4.1.26278.1.3.2.6 + NAME 'zarafaSystemAdmin' + DESC 'ZARAFA: The user who is the system administrator for this company' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE + ) + +attributetype (1.3.6.1.4.1.26278.1.3.1.5 + NAME 'zarafaQuotaUserWarningRecipients' + DESC 'ZARAFA: Users who will recieve a notification email when a user exceeds his quota' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + ) + +attributetype (1.3.6.1.4.1.26278.1.3.1.6 + NAME 'zarafaQuotaCompanyWarningRecipients' + DESC 'ZARAFA: Users who will recieve a notification email when a company exceeds its quota' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + ) + +attributetype ( 1.3.6.1.4.1.26278.1.3.4.1 + NAME 'zarafaCompanyServer' + DESC 'ZARAFA: Home server for the user' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) + +objectclass ( 1.3.6.1.4.1.26278.1.3.0.0 + NAME 'zarafa-company' + DESC 'ZARAFA: a company of Zarafa' + SUP top AUXILIARY + MUST ( cn ) + MAY ( + zarafaAccount $ zarafaHidden $ + zarafaViewPrivilege $ zarafaAdminPrivilege $ zarafaSystemAdmin $ + zarafaQuotaOverride $ zarafaQuotaWarn $ + zarafaUserDefaultQuotaOverride $ zarafaUserDefaultQuotaWarn $ zarafaUserDefaultQuotaSoft $ zarafaUserDefaultQuotaHard $ + zarafaQuotaUserWarningRecipients $ zarafaQuotaCompanyWarningRecipients $ + zarafaCompanyServer + ) + ) + +attributetype (1.3.6.1.4.1.26278.1.4.4.1 + NAME 'zarafaHttpPort' + DESC 'ZARAFA: Port for the http connection' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype (1.3.6.1.4.1.26278.1.4.4.2 + NAME 'zarafaSslPort' + DESC 'ZARAFA: Port for the ssl connection' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype (1.3.6.1.4.1.26278.1.4.4.3 + NAME 'zarafaFilePath' + DESC 'ZARAFA: The unix socket or named pipe to the server' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) + +attributetype (1.3.6.1.4.1.26278.1.4.4.4 + NAME 'zarafaContainsPublic' + DESC 'ZARAFA: This server contains the public store' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +objectclass ( 1.3.6.1.4.1.26278.1.4.0.0 + NAME 'zarafa-server' + DESC 'ZARAFA: a Zarafa server' + SUP top AUXILIARY + MUST ( cn ) + MAY ( + zarafaAccount $ zarafaHidden $ zarafaHttpPort $ zarafaSslPort $ zarafaFilePath $ zarafaContainsPublic + ) + ) + +attributetype (1.3.6.1.4.1.26278.1.5.5.1 + NAME 'zarafaFilter' + DESC 'ZARAFA: LDAP Filter to apply' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) + +attributetype (1.3.6.1.4.1.26278.1.5.5.2 + NAME 'zarafaBase' + DESC 'ZARAFA: LDAP Search base to apply' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) + +objectclass ( 1.3.6.1.4.1.26278.1.5.0.0 + NAME 'zarafa-addresslist' + DESC 'ZARAFA: a Zarafa Addresslist' + SUP top STRUCTURAL + MUST ( cn ) + MAY ( + zarafaAccount $ zarafaHidden $ zarafaFilter $ zarafaBase + ) + ) + +objectclass ( 1.3.6.1.4.1.26278.1.7.0.0 + NAME 'zarafa-dynamicgroup' + DESC 'ZARAFA: a Zarafa dynamic group' + SUP top STRUCTURAL + MUST ( cn ) + MAY ( + zarafaAccount $ zarafaHidden $ mail $ zarafaAliases $ zarafaFilter $ zarafaBase + ) + ) \ No newline at end of file diff --git a/image/service/slapd/container-start.sh b/image/service/slapd/container-start.sh index ad8c7c7e..a4992df1 100755 --- a/image/service/slapd/container-start.sh +++ b/image/service/slapd/container-start.sh @@ -35,6 +35,9 @@ EOF # start OpenLDAP slapd -h "ldapi:///" -u openldap -g openldap + # add ppolicy schema + ldapadd -Y EXTERNAL -Q -H ldapi:/// -f /etc/ldap/schema/ppolicy.ldif + # TLS config if [ "${USE_TLS,,}" == "true" ]; then @@ -50,7 +53,7 @@ EOF sed -i "s,/osixia/slapd/ssl/ldap.key,/osixia/slapd/ssl/${SSL_KEY_FILENAME},g" /osixia/slapd/tls.ldif # set tls config - ldapmodify -Y EXTERNAL -H ldapi:/// -f /osixia/slapd/tls.ldif -Q + ldapmodify -Y EXTERNAL -Q -H ldapi:/// -f /osixia/slapd/tls.ldif # add localhost route to certificate cn (need docker 1.5.0) cn=$(openssl x509 -in /osixia/slapd/ssl/$SSL_CRT_FILENAME -subject -noout | sed -n 's/.*CN=\(.*\)\/*\(.*\)/\1/p') @@ -60,10 +63,22 @@ EOF sed -i "s,TLS_CACERT.*,TLS_CACERT /osixia/slapd/ssl/${SSL_CA_CRT_FILENAME},g" /etc/ldap/ldap.conf fi + # convert schemas to ldif + SCHEMAS="" + for f in $(find /osixia/slapd/schema -name \*.schema -type f); do + SCHEMAS="$SCHEMAS ${f}" + done + /osixia/slapd/schema-to-ldif.sh "$SCHEMAS" + + for f in $(find /osixia/slapd/schema -name \*.ldif -type f); do + echo "Processing file ${f}" + ldapadd -Y EXTERNAL -Q -H ldapi:/// -f $f + done + # OpenLDAP config for f in $(find /osixia/slapd/config -name \*.ldif -type f); do - status "Processing file ${f}" - ldapmodify -r -Y EXTERNAL -H ldapi:/// -f $f -Q + echo "Processing file ${f}" + ldapmodify -Y EXTERNAL -Q -H ldapi:/// -f $f done # stop OpenLDAP diff --git a/image/service/slapd/daemon.sh b/image/service/slapd/daemon.sh index bb08237c..527c625f 100755 --- a/image/service/slapd/daemon.sh +++ b/image/service/slapd/daemon.sh @@ -1,2 +1,2 @@ #!/bin/bash -e -exec /usr/sbin/slapd -h "ldap:///" -u openldap -g openldap -d -1 \ No newline at end of file +exec /usr/sbin/slapd -h "ldap:/// ldapi:///" -u openldap -g openldap -d -1 \ No newline at end of file From 074ee58ba01038dcdf4ebb976d0f5937a6c6ae80 Mon Sep 17 00:00:00 2001 From: ofreax Date: Wed, 18 Mar 2015 20:30:46 +0100 Subject: [PATCH 11/19] clean --- Dockerfile | 47 ---------------- image/Dockerfile | 2 +- image/env.yml | 2 +- service/slapd/config/auto/tls.ldif | 17 ------ service/slapd/config/logging.ldif | 4 -- service/slapd/slapd.sh | 89 ------------------------------ test-repository.sh | 15 ----- test.sh | 16 ------ 8 files changed, 2 insertions(+), 190 deletions(-) delete mode 100644 Dockerfile delete mode 100644 service/slapd/config/auto/tls.ldif delete mode 100644 service/slapd/config/logging.ldif delete mode 100755 service/slapd/slapd.sh delete mode 100755 test-repository.sh delete mode 100755 test.sh diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index e02136d4..00000000 --- a/Dockerfile +++ /dev/null @@ -1,47 +0,0 @@ -FROM osixia/baseimage:0.6.0 -MAINTAINER Bertrand Gouny - -# From Nick Stenning's work -# https://github.com/nickstenning/docker-slapd - -# Default configuration: can be overridden at the docker command line -ENV LDAP_ADMIN_PWD toor -ENV LDAP_ORGANISATION Example Inc. -ENV LDAP_DOMAIN example.com - -# /!\ To store the data outside the container, -# mount /var/lib/ldap and /etc/ldap/slapd.d as a data volume add -# -v /some/host/directory:/var/lib/ldap and -v /some/other/host/directory:/etc/ldap/slapd.d -# to the run command - -# Disable SSH -# RUN rm -rf /etc/service/sshd /etc/my_init.d/00_regen_ssh_host_keys.sh - -# Enable dnsmasq -RUN /sbin/enable-service dnsmasq - -# Use baseimage-docker's init system. -CMD ["/sbin/my_init"] - -# Resynchronize the package index files from their sources -RUN apt-get -y update - -# Install openldap (slapd) and ldap-utils -RUN LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends slapd ldap-utils openssl - -# Expose ldap default port -EXPOSE 389 - -# Create TLS certificats directory -RUN mkdir /etc/ldap/ssl - -# Add config directory -RUN mkdir /etc/ldap/config -ADD service/slapd/config /etc/ldap/config - -# Add slapd deamon -RUN mkdir /etc/service/slapd -ADD service/slapd/slapd.sh /etc/service/slapd/run - -# Clear out the local repository of retrieved package files -RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* diff --git a/image/Dockerfile b/image/Dockerfile index 70a13dd3..ecc20b55 100644 --- a/image/Dockerfile +++ b/image/Dockerfile @@ -1,4 +1,4 @@ -FROM osixia/baseimage:0.10.3 +FROM osixia/baseimage:0.10.4 MAINTAINER Bertrand Gouny # Use baseimage-docker's init system. diff --git a/image/env.yml b/image/env.yml index 40b0b934..ef0e574b 100644 --- a/image/env.yml +++ b/image/env.yml @@ -4,7 +4,7 @@ LDAP_ADMIN_PASSWORD: admin SERVER_NAME: ldap.example.org -USE_TLS: false +USE_TLS: true SSL_CRT_FILENAME: ldap.crt SSL_KEY_FILENAME: ldap.key SSL_CA_CRT_FILENAME: ca.crt \ No newline at end of file diff --git a/service/slapd/config/auto/tls.ldif b/service/slapd/config/auto/tls.ldif deleted file mode 100644 index 55fb4efc..00000000 --- a/service/slapd/config/auto/tls.ldif +++ /dev/null @@ -1,17 +0,0 @@ -dn: cn=config -changetype: modify -replace: olcTLSCACertificateFile -olcTLSCACertificateFile: /etc/ldap/ssl/ca.crt -- -replace: olcTLSCertificateFile -olcTLSCertificateFile: /etc/ldap/ssl/ldap.crt -- -replace: olcTLSCertificateKeyFile -olcTLSCertificateKeyFile: /etc/ldap/ssl/ldap.key -- -replace: olcTLSDHParamFile -olcTLSDHParamFile: /etc/ldap/ssl/dhparam.pem -- -replace: olcTLSVerifyClient -olcTLSVerifyClient: never - diff --git a/service/slapd/config/logging.ldif b/service/slapd/config/logging.ldif deleted file mode 100644 index 5494c101..00000000 --- a/service/slapd/config/logging.ldif +++ /dev/null @@ -1,4 +0,0 @@ -dn: cn=config -changetype: modify -replace: olcLogLevel -olcLogLevel: stats diff --git a/service/slapd/slapd.sh b/service/slapd/slapd.sh deleted file mode 100755 index 1e8a3093..00000000 --- a/service/slapd/slapd.sh +++ /dev/null @@ -1,89 +0,0 @@ -#!/bin/sh - -set -eu - -status () { - echo "---> ${@}" >&2 -} - - -set -x -: LDAP_ADMIN_PWD=${LDAP_ADMIN_PWD} -: LDAP_DOMAIN=${LDAP_DOMAIN} -: LDAP_ORGANISATION=${LDAP_ORGANISATION} - - -############ Base config ############ -if [ ! -e /var/lib/ldap/docker_bootstrapped ]; then - status "configuring slapd database" - - cat <> /etc/dhosts - - fi - - # Replication - # todo :) - - # Other config files - for f in $(find /etc/ldap/config -maxdepth 1 -name \*.ldif -type f); do - status "Processing file ${f}" - ldapmodify -Y EXTERNAL -H ldapi:/// -f $f -Q - done - - kill -INT `cat /run/slapd/slapd.pid` - - touch /etc/ldap/config/docker_bootstrapped - -else - status "found already-configured slapd" -fi - -status "starting slapd on default port 389" -set -x - -exec /usr/sbin/slapd -h "ldap:///" -u openldap -g openldap -d -1 diff --git a/test-repository.sh b/test-repository.sh deleted file mode 100755 index 5d311161..00000000 --- a/test-repository.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/sh - -# Usage -# sudo ./test.sh -# add -v for verbose mode (or type whatever you like !) :p - -. test/config-repository -. test/tools/run.sh - -run_test simple.sh "dn: dc=example,dc=com" -run_test tls.sh "dn: dc=example,dc=com" -run_test db.sh "dn: dc=otherdomain,dc=com" - -. test/tools/end.sh - diff --git a/test.sh b/test.sh deleted file mode 100755 index 4daa2d33..00000000 --- a/test.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/sh - -# Usage -# sudo ./test.sh -# add -v for verbose mode (or type whatever you like !) :p - -. test/config -. test/tools/run.sh - -run_test tools/build-container.sh "Successfully built" -run_test simple.sh "dn: dc=example,dc=com" -run_test tls.sh "dn: dc=example,dc=com" -run_test db.sh "dn: dc=otherdomain,dc=com" - -. test/tools/end.sh - From d1c6325f6102159a658fddd9f675150c752b645d Mon Sep 17 00:00:00 2001 From: Bertrand Gouny Date: Thu, 19 Mar 2015 17:16:49 +0100 Subject: [PATCH 12/19] changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index e5380ec6..78fc6a61 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,7 @@ ## 0.10.1 (release date: 2015-03-18) - Add ldapi - Add custom ldap schema + - Auto convert .schema to .ldif ## 0.10.0 (release date: 2015-03-03) - New version initial release \ No newline at end of file From 9124d373bc5795272a47ffa848426b76b912e400 Mon Sep 17 00:00:00 2001 From: Bertrand Gouny Date: Tue, 5 May 2015 13:21:18 +0200 Subject: [PATCH 13/19] Fixes #2 --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ce235c63..62c2d575 100644 --- a/README.md +++ b/README.md @@ -65,7 +65,7 @@ By default the admin has the password **admin**. All those default settings can The directories `/var/lib/ldap` (LDAP database files) and `/etc/ldap/slapd.d` (LDAP config files) has been declared as volumes, so your ldap files are saved outside the container in data volumes. -This mean that you can stop, and restart the container and get back your ldap without losing any data. But if you remove the container, data volumes will me removed too, except if you have linked this data volume to an other container. +Be careful, if you remove the container, data volumes will me removed too, except if you have linked this data volume to an other container. For more information about docker data volume, please refer to : From 314e6a7e5526788d6c3ff4a061305c4f3b14d86b Mon Sep 17 00:00:00 2001 From: Bertrand Gouny Date: Tue, 5 May 2015 14:51:49 +0200 Subject: [PATCH 14/19] fixes #3 --- CHANGELOG.md | 1 + image/service/slapd/assets/tls.ldif | 2 +- image/service/slapd/container-start.sh | 27 +- test/config/cn=config.ldif | 6 +- .../cn=config/cn=schema/cn={10}mmc.ldif | 25 ++ .../cn=config/cn=schema/cn={11}radius.ldif | 213 ++++++++++++ .../cn=config/cn=schema/cn={12}samba.ldif | 184 ++++++++++ .../cn=config/cn=schema/cn={13}dnszone.ldif | 92 +++++ .../cn=config/cn=schema/cn={4}ppolicy.ldif | 53 +++ .../cn=config/cn=schema/cn={5}quota.ldif | 23 ++ .../cn=config/cn=schema/cn={6}zarafa.ldif | 151 ++++++++ .../cn=config/cn=schema/cn={7}mail.ldif | 56 +++ .../cn=schema/cn={8}openssh-lpk.ldif | 18 + .../cn=config/cn=schema/cn={9}dhcp.ldif | 327 ++++++++++++++++++ test/database/__db.001 | Bin 548863 -> 548863 bytes test/database/__db.002 | Bin 147455 -> 147455 bytes test/database/__db.003 | Bin 114687 -> 114687 bytes test/database/alock | Bin 4096 -> 4096 bytes test/database/log.0000000001 | Bin 10485759 -> 10485759 bytes 19 files changed, 1171 insertions(+), 7 deletions(-) create mode 100644 test/config/cn=config/cn=schema/cn={10}mmc.ldif create mode 100644 test/config/cn=config/cn=schema/cn={11}radius.ldif create mode 100644 test/config/cn=config/cn=schema/cn={12}samba.ldif create mode 100644 test/config/cn=config/cn=schema/cn={13}dnszone.ldif create mode 100644 test/config/cn=config/cn=schema/cn={4}ppolicy.ldif create mode 100644 test/config/cn=config/cn=schema/cn={5}quota.ldif create mode 100644 test/config/cn=config/cn=schema/cn={6}zarafa.ldif create mode 100644 test/config/cn=config/cn=schema/cn={7}mail.ldif create mode 100644 test/config/cn=config/cn=schema/cn={8}openssh-lpk.ldif create mode 100644 test/config/cn=config/cn=schema/cn={9}dhcp.ldif diff --git a/CHANGELOG.md b/CHANGELOG.md index 78fc6a61..301557f3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,7 @@ - Add ldapi - Add custom ldap schema - Auto convert .schema to .ldif + - Fixes issues #2 #3 ## 0.10.0 (release date: 2015-03-03) - New version initial release \ No newline at end of file diff --git a/image/service/slapd/assets/tls.ldif b/image/service/slapd/assets/tls.ldif index 1da352d4..d6fef275 100644 --- a/image/service/slapd/assets/tls.ldif +++ b/image/service/slapd/assets/tls.ldif @@ -1,6 +1,6 @@ dn: cn=config changetype: modify -add: olcTLSCipherSuite +replace: olcTLSCipherSuite olcTLSCipherSuite: SECURE256:-VERS-SSL3.0 - replace: olcTLSCACertificateFile diff --git a/image/service/slapd/container-start.sh b/image/service/slapd/container-start.sh index a4992df1..9bb385d3 100755 --- a/image/service/slapd/container-start.sh +++ b/image/service/slapd/container-start.sh @@ -32,11 +32,23 @@ EOF fi +function is_new_schema(){ + local COUNT=$(ldapsearch -Q -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config cn | grep -c $1) + if [ "$COUNT" -eq 0 ]; then + echo 1 + else + echo 0 + fi + } + # start OpenLDAP slapd -h "ldapi:///" -u openldap -g openldap - # add ppolicy schema - ldapadd -Y EXTERNAL -Q -H ldapi:/// -f /etc/ldap/schema/ppolicy.ldif + # add ppolicy schema if not already exists + ADD_PPOLICY=$(is_new_schema ppolicy) + if [ "$ADD_PPOLICY" -eq 1 ]; then + ldapadd -c -Y EXTERNAL -Q -H ldapi:/// -f /etc/ldap/schema/ppolicy.ldif + fi # TLS config if [ "${USE_TLS,,}" == "true" ]; then @@ -72,7 +84,16 @@ EOF for f in $(find /osixia/slapd/schema -name \*.ldif -type f); do echo "Processing file ${f}" - ldapadd -Y EXTERNAL -Q -H ldapi:/// -f $f + # add schema if not already exists + SCHEMA=$(basename "${f}" .ldif) + ADD_SCHEMA=$(is_new_schema $SCHEMA) + if [ "$ADD_SCHEMA" -eq 1 ]; then + echo "add schema ${SCHEMA}" + ldapadd -c -Y EXTERNAL -Q -H ldapi:/// -f $f + else + echo "schema ${f} already exists" + fi + done # OpenLDAP config diff --git a/test/config/cn=config.ldif b/test/config/cn=config.ldif index 2991f66f..163b2705 100644 --- a/test/config/cn=config.ldif +++ b/test/config/cn=config.ldif @@ -1,5 +1,5 @@ # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. -# CRC32 e072c71d +# CRC32 eb45b050 dn: cn=config objectClass: olcGlobal cn: config @@ -11,6 +11,6 @@ entryUUID: db089696-51e1-1034-95ec-9d03bc6be361 creatorsName: cn=config createTimestamp: 20150226090154Z olcLogLevel: stats -entryCSN: 20150303142212.168245Z#000000#000#000000 +entryCSN: 20150505124437.961383Z#000000#000#000000 modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth -modifyTimestamp: 20150303142212Z +modifyTimestamp: 20150505124437Z diff --git a/test/config/cn=config/cn=schema/cn={10}mmc.ldif b/test/config/cn=config/cn=schema/cn={10}mmc.ldif new file mode 100644 index 00000000..5fd46dab --- /dev/null +++ b/test/config/cn=config/cn=schema/cn={10}mmc.ldif @@ -0,0 +1,25 @@ +# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. +# CRC32 e905fbe4 +dn: cn={10}mmc +objectClass: olcSchemaConfig +cn: {10}mmc +olcAttributeTypes: {0}( 1.3.6.1.4.1.40098.1.1.12.1 NAME 'lmcACL' DESC 'LMC acl + entry' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +olcAttributeTypes: {1}( 1.3.6.1.4.1.40098.1.1.12.2 NAME 'lmcPrefMode' DESC 'LM + C user preferences' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +olcAttributeTypes: {2}( 1.3.6.1.4.1.40098.1.1.12.3 NAME 'lmcPrinterAllowed' DE + SC 'LMC a printer where the user has the rights to print' EQUALITY caseIgnore + IA5Match SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.2 + 6 ) +olcObjectClasses: {0}( 1.3.6.1.4.1.40098.1.2.1.19.1 NAME 'lmcUserObject' DESC + 'Objectclass for LMC user settings ' AUXILIARY MAY ( lmcACL $ lmcPrefMode $ l + mcPrinterAllowed ) ) +structuralObjectClass: olcSchemaConfig +entryUUID: e31d1240-8764-1034-83b5-933592c3cd29 +creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth +createTimestamp: 20150505112324Z +entryCSN: 20150505112324.076667Z#000000#000#000000 +modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth +modifyTimestamp: 20150505112324Z diff --git a/test/config/cn=config/cn=schema/cn={11}radius.ldif b/test/config/cn=config/cn=schema/cn={11}radius.ldif new file mode 100644 index 00000000..ed9de283 --- /dev/null +++ b/test/config/cn=config/cn=schema/cn={11}radius.ldif @@ -0,0 +1,213 @@ +# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. +# CRC32 a6bd672f +dn: cn={11}radius +objectClass: olcSchemaConfig +cn: {11}radius +olcAttributeTypes: {0}( 1.3.6.1.4.1.3317.4.3.1.1 NAME 'radiusArapFeatures' DES + C '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE- + VALUE ) +olcAttributeTypes: {1}( 1.3.6.1.4.1.3317.4.3.1.2 NAME 'radiusArapSecurity' DES + C '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE- + VALUE ) +olcAttributeTypes: {2}( 1.3.6.1.4.1.3317.4.3.1.3 NAME 'radiusArapZoneAccess' D + ESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGL + E-VALUE ) +olcAttributeTypes: {3}( 1.3.6.1.4.1.3317.4.3.1.44 NAME 'radiusAuthType' DESC ' + checkItem: Auth-Type' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {4}( 1.3.6.1.4.1.3317.4.3.1.4 NAME 'radiusCallbackId' DESC + 'replyItem: Callback-Id' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {5}( 1.3.6.1.4.1.3317.4.3.1.5 NAME 'radiusCallbackNumber' D + ESC 'replyItem: Callback-Number' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4 + .1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {6}( 1.3.6.1.4.1.3317.4.3.1.6 NAME 'radiusCalledStationId' + DESC 'checkItem: Called-Station-Id' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6. + 1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {7}( 1.3.6.1.4.1.3317.4.3.1.7 NAME 'radiusCallingStationId' + DESC 'checkItem: Calling-Station-Id' EQUALITY caseIgnoreIA5Match SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {8}( 1.3.6.1.4.1.3317.4.3.1.8 NAME 'radiusClass' DESC 'repl + yItem: Class' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.2 + 6 ) +olcAttributeTypes: {9}( 1.3.6.1.4.1.3317.4.3.1.45 NAME 'radiusClientIPAddress' + DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SIN + GLE-VALUE ) +olcAttributeTypes: {10}( 1.3.6.1.4.1.3317.4.3.1.9 NAME 'radiusFilterId' DESC ' + replyItem: Filter-Id' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.26 ) +olcAttributeTypes: {11}( 1.3.6.1.4.1.3317.4.3.1.10 NAME 'radiusFramedAppleTalk + Link' DESC 'replyItem: Framed-AppleTalk-Link' EQUALITY caseIgnoreIA5Match SYN + TAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {12}( 1.3.6.1.4.1.3317.4.3.1.11 NAME 'radiusFramedAppleTalk + Network' DESC 'replyItem: Framed-AppleTalk-Network' EQUALITY caseIgnoreIA5Mat + ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {13}( 1.3.6.1.4.1.3317.4.3.1.12 NAME 'radiusFramedAppleTalk + Zone' DESC 'replyItem: Framed-AppleTalk-Zone' EQUALITY caseIgnoreIA5Match SYN + TAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {14}( 1.3.6.1.4.1.3317.4.3.1.13 NAME 'radiusFramedCompressi + on' DESC 'replyItem: Framed-Compression' EQUALITY caseIgnoreIA5Match SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {15}( 1.3.6.1.4.1.3317.4.3.1.14 NAME 'radiusFramedIPAddress + ' DESC 'replyItem: Framed-IP-Address' EQUALITY caseIgnoreIA5Match SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {16}( 1.3.6.1.4.1.3317.4.3.1.15 NAME 'radiusFramedIPNetmask + ' DESC 'replyItem: Framed-IP-Netmask' EQUALITY caseIgnoreIA5Match SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {17}( 1.3.6.1.4.1.3317.4.3.1.16 NAME 'radiusFramedIPXNetwor + k' DESC 'replyItem: Framed-IPX-Network' EQUALITY caseIgnoreIA5Match SYNTAX 1. + 3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {18}( 1.3.6.1.4.1.3317.4.3.1.17 NAME 'radiusFramedMTU' DESC + 'replyItem: Framed-MTU' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {19}( 1.3.6.1.4.1.3317.4.3.1.18 NAME 'radiusFramedProtocol' + DESC 'replyItem: Framed-Protocol' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {20}( 1.3.6.1.4.1.3317.4.3.1.19 NAME 'radiusFramedRoute' DE + SC 'replyItem: Framed-Route' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.26 ) +olcAttributeTypes: {21}( 1.3.6.1.4.1.3317.4.3.1.20 NAME 'radiusFramedRouting' + DESC 'replyItem: Framed-Routing' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4 + .1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {22}( 1.3.6.1.4.1.3317.4.3.1.46 NAME 'radiusGroupName' DESC + '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {23}( 1.3.6.1.4.1.3317.4.3.1.47 NAME 'radiusHint' DESC '' E + QUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE + ) +olcAttributeTypes: {24}( 1.3.6.1.4.1.3317.4.3.1.48 NAME 'radiusHuntgroupName' + DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {25}( 1.3.6.1.4.1.3317.4.3.1.21 NAME 'radiusIdleTimeout' DE + SC 'replyItem: Idle-Timeout' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {26}( 1.3.6.1.4.1.3317.4.3.1.22 NAME 'radiusLoginIPHost' DE + SC 'replyItem: Login-IP-Host' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.26 ) +olcAttributeTypes: {27}( 1.3.6.1.4.1.3317.4.3.1.23 NAME 'radiusLoginLATGroup' + DESC 'replyItem: Login-LAT-Group' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {28}( 1.3.6.1.4.1.3317.4.3.1.24 NAME 'radiusLoginLATNode' D + ESC 'replyItem: Login-LAT-Node' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {29}( 1.3.6.1.4.1.3317.4.3.1.25 NAME 'radiusLoginLATPort' D + ESC 'replyItem: Login-LAT-Port' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {30}( 1.3.6.1.4.1.3317.4.3.1.26 NAME 'radiusLoginLATService + ' DESC 'replyItem: Login-LAT-Service' EQUALITY caseIgnoreIA5Match SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {31}( 1.3.6.1.4.1.3317.4.3.1.27 NAME 'radiusLoginService' D + ESC 'replyItem: Login-Service' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {32}( 1.3.6.1.4.1.3317.4.3.1.28 NAME 'radiusLoginTCPPort' D + ESC 'replyItem: Login-TCP-Port' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {33}( 1.3.6.1.4.1.3317.4.3.1.29 NAME 'radiusPasswordRetry' + DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SING + LE-VALUE ) +olcAttributeTypes: {34}( 1.3.6.1.4.1.3317.4.3.1.30 NAME 'radiusPortLimit' DESC + 'replyItem: Port-Limit' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {35}( 1.3.6.1.4.1.3317.4.3.1.49 NAME 'radiusProfileDn' DESC + '' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SING + LE-VALUE ) +olcAttributeTypes: {36}( 1.3.6.1.4.1.3317.4.3.1.31 NAME 'radiusPrompt' DESC '' + EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALU + E ) +olcAttributeTypes: {37}( 1.3.6.1.4.1.3317.4.3.1.50 NAME 'radiusProxyToRealm' D + ESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGL + E-VALUE ) +olcAttributeTypes: {38}( 1.3.6.1.4.1.3317.4.3.1.51 NAME 'radiusReplicateToReal + m' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 S + INGLE-VALUE ) +olcAttributeTypes: {39}( 1.3.6.1.4.1.3317.4.3.1.52 NAME 'radiusRealm' DESC '' + EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE + ) +olcAttributeTypes: {40}( 1.3.6.1.4.1.3317.4.3.1.32 NAME 'radiusServiceType' DE + SC 'replyItem: Service-Type' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {41}( 1.3.6.1.4.1.3317.4.3.1.33 NAME 'radiusSessionTimeout' + DESC 'replyItem: Session-Timeout' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1 + .4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {42}( 1.3.6.1.4.1.3317.4.3.1.34 NAME 'radiusTerminationActi + on' DESC 'replyItem: Termination-Action' EQUALITY caseIgnoreIA5Match SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {43}( 1.3.6.1.4.1.3317.4.3.1.35 NAME 'radiusTunnelAssignmen + tId' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) +olcAttributeTypes: {44}( 1.3.6.1.4.1.3317.4.3.1.36 NAME 'radiusTunnelMediumTyp + e' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {45}( 1.3.6.1.4.1.3317.4.3.1.37 NAME 'radiusTunnelPassword' + DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SIN + GLE-VALUE ) +olcAttributeTypes: {46}( 1.3.6.1.4.1.3317.4.3.1.38 NAME 'radiusTunnelPreferenc + e' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {47}( 1.3.6.1.4.1.3317.4.3.1.39 NAME 'radiusTunnelPrivateGr + oupId' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 26 ) +olcAttributeTypes: {48}( 1.3.6.1.4.1.3317.4.3.1.40 NAME 'radiusTunnelServerEnd + point' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 26 ) +olcAttributeTypes: {49}( 1.3.6.1.4.1.3317.4.3.1.41 NAME 'radiusTunnelType' DES + C '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {50}( 1.3.6.1.4.1.3317.4.3.1.42 NAME 'radiusVSA' DESC '' EQ + UALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {51}( 1.3.6.1.4.1.3317.4.3.1.43 NAME 'radiusTunnelClientEnd + point' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 26 ) +olcAttributeTypes: {52}( 1.3.6.1.4.1.3317.4.3.1.53 NAME 'radiusSimultaneousUse + ' DESC 'checkItem: Simultaneous-Use' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SIN + GLE-VALUE ) +olcAttributeTypes: {53}( 1.3.6.1.4.1.3317.4.3.1.54 NAME 'radiusLoginTime' DESC + '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-V + ALUE ) +olcAttributeTypes: {54}( 1.3.6.1.4.1.3317.4.3.1.55 NAME 'radiusUserCategory' D + ESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGL + E-VALUE ) +olcAttributeTypes: {55}( 1.3.6.1.4.1.3317.4.3.1.56 NAME 'radiusStripUserName' + DESC '' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +olcAttributeTypes: {56}( 1.3.6.1.4.1.3317.4.3.1.57 NAME 'dialupAccess' DESC '' + EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALU + E ) +olcAttributeTypes: {57}( 1.3.6.1.4.1.3317.4.3.1.58 NAME 'radiusExpiration' DES + C 'checkItem: Expiration' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {58}( 1.3.6.1.4.1.3317.4.3.1.59 NAME 'radiusCheckItem' DESC + 'checkItem: $GENERIC$' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.26 ) +olcAttributeTypes: {59}( 1.3.6.1.4.1.3317.4.3.1.60 NAME 'radiusReplyItem' DESC + 'replyItem: $GENERIC$' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.26 ) +olcAttributeTypes: {60}( 1.3.6.1.4.1.3317.4.3.1.61 NAME 'radiusNASIpAddress' D + ESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGL + E-VALUE ) +olcAttributeTypes: {61}( 1.3.6.1.4.1.3317.4.3.1.62 NAME 'radiusReplyMessage' D + ESC 'replyItem: Reply-Message' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.26 ) +olcObjectClasses: {0}( 1.3.6.1.4.1.3317.4.3.2.1 NAME 'radiusprofile' DESC '' S + UP top AUXILIARY MUST cn MAY ( radiusArapFeatures $ radiusArapSecurity $ radi + usArapZoneAccess $ radiusAuthType $ radiusCallbackId $ radiusCallbackNumber $ + radiusCalledStationId $ radiusCallingStationId $ radiusClass $ radiusClientI + PAddress $ radiusFilterId $ radiusFramedAppleTalkLink $ radiusFramedAppleTalk + Network $ radiusFramedAppleTalkZone $ radiusFramedCompression $ radiusFramedI + PAddress $ radiusFramedIPNetmask $ radiusFramedIPXNetwork $ radiusFramedMTU $ + radiusFramedProtocol $ radiusCheckItem $ radiusReplyItem $ radiusFramedRoute + $ radiusFramedRouting $ radiusIdleTimeout $ radiusGroupName $ radiusHint $ r + adiusHuntgroupName $ radiusLoginIPHost $ radiusLoginLATGroup $ radiusLoginLAT + Node $ radiusLoginLATPort $ radiusLoginLATService $ radiusLoginService $ radi + usLoginTCPPort $ radiusLoginTime $ radiusPasswordRetry $ radiusPortLimit $ ra + diusPrompt $ radiusProxyToRealm $ radiusRealm $ radiusReplicateToRealm $ radi + usServiceType $ radiusSessionTimeout $ radiusStripUserName $ radiusTerminatio + nAction $ radiusTunnelClientEndpoint $ radiusProfileDn $ radiusSimultaneousUs + e $ radiusTunnelAssignmentId $ radiusTunnelMediumType $ radiusTunnelPassword + $ radiusTunnelPreference $ radiusTunnelPrivateGroupId $ radiusTunnelServerEnd + point $ radiusTunnelType $ radiusUserCategory $ radiusVSA $ radiusExpiration + $ dialupAccess $ radiusNASIpAddress $ radiusReplyMessage ) ) +olcObjectClasses: {1}( 1.3.6.1.4.1.3317.4.3.2.2 NAME 'radiusObjectProfile' DES + C 'A Container Objectclass to be used for creating radius profile object' SUP + top STRUCTURAL MUST cn MAY ( uid $ userPassword $ description ) ) +structuralObjectClass: olcSchemaConfig +entryUUID: e31ded6e-8764-1034-83b6-933592c3cd29 +creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth +createTimestamp: 20150505112324Z +entryCSN: 20150505112324.082276Z#000000#000#000000 +modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth +modifyTimestamp: 20150505112324Z diff --git a/test/config/cn=config/cn=schema/cn={12}samba.ldif b/test/config/cn=config/cn=schema/cn={12}samba.ldif new file mode 100644 index 00000000..410513b7 --- /dev/null +++ b/test/config/cn=config/cn=schema/cn={12}samba.ldif @@ -0,0 +1,184 @@ +# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. +# CRC32 1b61c020 +dn: cn={12}samba +objectClass: olcSchemaConfig +cn: {12}samba +olcAttributeTypes: {0}( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword' DESC 'L + anManager Password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.26{32} SINGLE-VALUE ) +olcAttributeTypes: {1}( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword' DESC 'M + D4 hash of the unicode password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4 + .1.1466.115.121.1.26{32} SINGLE-VALUE ) +olcAttributeTypes: {2}( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags' DESC 'Ac + count Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + {16} SINGLE-VALUE ) +olcAttributeTypes: {3}( 1.3.6.1.4.1.7165.2.1.27 NAME 'sambaPwdLastSet' DESC 'T + imestamp of the last password update' EQUALITY integerMatch SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {4}( 1.3.6.1.4.1.7165.2.1.28 NAME 'sambaPwdCanChange' DESC + 'Timestamp of when the user is allowed to update the password' EQUALITY integ + erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {5}( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange' DESC + 'Timestamp of when the password will expire' EQUALITY integerMatch SYNTAX 1. + 3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {6}( 1.3.6.1.4.1.7165.2.1.30 NAME 'sambaLogonTime' DESC 'Ti + mestamp of last logon' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.27 SINGLE-VALUE ) +olcAttributeTypes: {7}( 1.3.6.1.4.1.7165.2.1.31 NAME 'sambaLogoffTime' DESC 'T + imestamp of last logoff' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.27 SINGLE-VALUE ) +olcAttributeTypes: {8}( 1.3.6.1.4.1.7165.2.1.32 NAME 'sambaKickoffTime' DESC ' + Timestamp of when the user will be logged off automatically' EQUALITY integer + Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {9}( 1.3.6.1.4.1.7165.2.1.48 NAME 'sambaBadPasswordCount' D + ESC 'Bad password attempt count' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {10}( 1.3.6.1.4.1.7165.2.1.49 NAME 'sambaBadPasswordTime' D + ESC 'Time of the last bad password attempt' EQUALITY integerMatch SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {11}( 1.3.6.1.4.1.7165.2.1.55 NAME 'sambaLogonHours' DESC ' + Logon Hours' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + {42} SINGLE-VALUE ) +olcAttributeTypes: {12}( 1.3.6.1.4.1.7165.2.1.33 NAME 'sambaHomeDrive' DESC 'D + river letter of home directory mapping' EQUALITY caseIgnoreIA5Match SYNTAX 1. + 3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE ) +olcAttributeTypes: {13}( 1.3.6.1.4.1.7165.2.1.34 NAME 'sambaLogonScript' DESC + 'Logon script path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.15{255} SINGLE-VALUE ) +olcAttributeTypes: {14}( 1.3.6.1.4.1.7165.2.1.35 NAME 'sambaProfilePath' DESC + 'Roaming profile path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.15{255} SINGLE-VALUE ) +olcAttributeTypes: {15}( 1.3.6.1.4.1.7165.2.1.36 NAME 'sambaUserWorkstations' + DESC 'List of user workstations the user is allowed to logon to' EQUALITY cas + eIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE ) +olcAttributeTypes: {16}( 1.3.6.1.4.1.7165.2.1.37 NAME 'sambaHomePath' DESC 'Ho + me directory UNC path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.15{128} ) +olcAttributeTypes: {17}( 1.3.6.1.4.1.7165.2.1.38 NAME 'sambaDomainName' DESC ' + Windows NT domain to which the user belongs' EQUALITY caseIgnoreMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15{128} ) +olcAttributeTypes: {18}( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial' DESC ' + Base64 encoded user parameter string' EQUALITY caseExactMatch SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.15{1050} ) +olcAttributeTypes: {19}( 1.3.6.1.4.1.7165.2.1.54 NAME 'sambaPasswordHistory' D + ESC 'Concatenated MD5 hashes of the salted NT passwords used on this account' + EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} ) +olcAttributeTypes: {20}( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID' DESC 'Securit + y ID' EQUALITY caseIgnoreIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE ) +olcAttributeTypes: {21}( 1.3.6.1.4.1.7165.2.1.23 NAME 'sambaPrimaryGroupSID' D + ESC 'Primary Group Security ID' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.26{64} SINGLE-VALUE ) +olcAttributeTypes: {22}( 1.3.6.1.4.1.7165.2.1.51 NAME 'sambaSIDList' DESC 'Sec + urity ID List' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 26{64} ) +olcAttributeTypes: {23}( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType' DESC 'N + T Group Type' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SING + LE-VALUE ) +olcAttributeTypes: {24}( 1.3.6.1.4.1.7165.2.1.21 NAME 'sambaNextUserRid' DESC + 'Next NT rid to give our for users' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {25}( 1.3.6.1.4.1.7165.2.1.22 NAME 'sambaNextGroupRid' DESC + 'Next NT rid to give out for groups' EQUALITY integerMatch SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {26}( 1.3.6.1.4.1.7165.2.1.39 NAME 'sambaNextRid' DESC 'Nex + t NT rid to give out for anything' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {27}( 1.3.6.1.4.1.7165.2.1.40 NAME 'sambaAlgorithmicRidBase + ' DESC 'Base at which the samba RID generation algorithm should operate' EQUA + LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {28}( 1.3.6.1.4.1.7165.2.1.41 NAME 'sambaShareName' DESC 'S + hare Name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SING + LE-VALUE ) +olcAttributeTypes: {29}( 1.3.6.1.4.1.7165.2.1.42 NAME 'sambaOptionName' DESC ' + Option Name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.15{256} ) +olcAttributeTypes: {30}( 1.3.6.1.4.1.7165.2.1.43 NAME 'sambaBoolOption' DESC ' + A boolean option' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 S + INGLE-VALUE ) +olcAttributeTypes: {31}( 1.3.6.1.4.1.7165.2.1.44 NAME 'sambaIntegerOption' DES + C 'An integer option' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .27 SINGLE-VALUE ) +olcAttributeTypes: {32}( 1.3.6.1.4.1.7165.2.1.45 NAME 'sambaStringOption' DESC + 'A string option' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.26 SINGLE-VALUE ) +olcAttributeTypes: {33}( 1.3.6.1.4.1.7165.2.1.46 NAME 'sambaStringListOption' + DESC 'A string list option' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.15 ) +olcAttributeTypes: {34}( 1.3.6.1.4.1.7165.2.1.53 NAME 'sambaTrustFlags' DESC ' + Trust Password Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.26 ) +olcAttributeTypes: {35}( 1.3.6.1.4.1.7165.2.1.58 NAME 'sambaMinPwdLength' DESC + 'Minimal password length (default: 5)' EQUALITY integerMatch SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {36}( 1.3.6.1.4.1.7165.2.1.59 NAME 'sambaPwdHistoryLength' + DESC 'Length of Password History Entries (default: 0 => off)' EQUALITY intege + rMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {37}( 1.3.6.1.4.1.7165.2.1.60 NAME 'sambaLogonToChgPwd' DES + C 'Force Users to logon for password change (default: 0 => off, 2 => on)' EQU + ALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {38}( 1.3.6.1.4.1.7165.2.1.61 NAME 'sambaMaxPwdAge' DESC 'M + aximum password age, in seconds (default: -1 => never expire passwords)' EQUA + LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {39}( 1.3.6.1.4.1.7165.2.1.62 NAME 'sambaMinPwdAge' DESC 'M + inimum password age, in seconds (default: 0 => allow immediate password chang + e)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {40}( 1.3.6.1.4.1.7165.2.1.63 NAME 'sambaLockoutDuration' D + ESC 'Lockout duration in minutes (default: 30, -1 => forever)' EQUALITY integ + erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {41}( 1.3.6.1.4.1.7165.2.1.64 NAME 'sambaLockoutObservation + Window' DESC 'Reset time after lockout in minutes (default: 30)' EQUALITY int + egerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {42}( 1.3.6.1.4.1.7165.2.1.65 NAME 'sambaLockoutThreshold' + DESC 'Lockout users after bad logon attempts (default: 0 => off)' EQUALITY in + tegerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {43}( 1.3.6.1.4.1.7165.2.1.66 NAME 'sambaForceLogoff' DESC + 'Disconnect Users outside logon hours (default: -1 => off, 0 => on)' EQUALITY + integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {44}( 1.3.6.1.4.1.7165.2.1.67 NAME 'sambaRefuseMachinePwdCh + ange' DESC 'Allow Machine Password changes (default: 0 => off)' EQUALITY inte + gerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcObjectClasses: {0}( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' DESC 'Sam + ba 3.0 Auxilary SAM Account' SUP top AUXILIARY MUST ( uid $ sambaSID ) MAY ( + cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $ sambaLogonTime $ s + ambaLogoffTime $ sambaKickoffTime $ sambaPwdCanChange $ sambaPwdMustChange $ + sambaAcctFlags $ displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScr + ipt $ sambaProfilePath $ description $ sambaUserWorkstations $ sambaPrimaryGr + oupSID $ sambaDomainName $ sambaMungedDial $ sambaBadPasswordCount $ sambaBad + PasswordTime $ sambaPasswordHistory $ sambaLogonHours ) ) +olcObjectClasses: {1}( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' DESC 'S + amba Group Mapping' SUP top AUXILIARY MUST ( gidNumber $ sambaSID $ sambaGrou + pType ) MAY ( displayName $ description $ sambaSIDList ) ) +olcObjectClasses: {2}( 1.3.6.1.4.1.7165.2.2.14 NAME 'sambaTrustPassword' DESC + 'Samba Trust Password' SUP top STRUCTURAL MUST ( sambaDomainName $ sambaNTPas + sword $ sambaTrustFlags ) MAY ( sambaSID $ sambaPwdLastSet ) ) +olcObjectClasses: {3}( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' DESC 'Samba D + omain Information' SUP top STRUCTURAL MUST ( sambaDomainName $ sambaSID ) MAY + ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $ sambaAlgorithmicRidB + ase $ sambaMinPwdLength $ sambaPwdHistoryLength $ sambaLogonToChgPwd $ sambaM + axPwdAge $ sambaMinPwdAge $ sambaLockoutDuration $ sambaLockoutObservationWin + dow $ sambaLockoutThreshold $ sambaForceLogoff $ sambaRefuseMachinePwdChange + ) ) +olcObjectClasses: {4}( 1.3.6.1.4.1.7165.2.2.7 NAME 'sambaUnixIdPool' DESC 'Poo + l for allocating UNIX uids/gids' SUP top AUXILIARY MUST ( uidNumber $ gidNumb + er ) ) +olcObjectClasses: {5}( 1.3.6.1.4.1.7165.2.2.8 NAME 'sambaIdmapEntry' DESC 'Map + ping from a SID to an ID' SUP top AUXILIARY MUST sambaSID MAY ( uidNumber $ g + idNumber ) ) +olcObjectClasses: {6}( 1.3.6.1.4.1.7165.2.2.9 NAME 'sambaSidEntry' DESC 'Struc + tural Class for a SID' SUP top STRUCTURAL MUST sambaSID ) +olcObjectClasses: {7}( 1.3.6.1.4.1.7165.2.2.10 NAME 'sambaConfig' DESC 'Samba + Configuration Section' SUP top AUXILIARY MAY description ) +olcObjectClasses: {8}( 1.3.6.1.4.1.7165.2.2.11 NAME 'sambaShare' DESC 'Samba S + hare Section' SUP top STRUCTURAL MUST sambaShareName MAY description ) +olcObjectClasses: {9}( 1.3.6.1.4.1.7165.2.2.12 NAME 'sambaConfigOption' DESC ' + Samba Configuration Option' SUP top STRUCTURAL MUST sambaOptionName MAY ( sam + baBoolOption $ sambaIntegerOption $ sambaStringOption $ sambaStringListoption + $ description ) ) +structuralObjectClass: olcSchemaConfig +entryUUID: e31efc90-8764-1034-83b7-933592c3cd29 +creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth +createTimestamp: 20150505112324Z +entryCSN: 20150505112324.089216Z#000000#000#000000 +modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth +modifyTimestamp: 20150505112324Z diff --git a/test/config/cn=config/cn=schema/cn={13}dnszone.ldif b/test/config/cn=config/cn=schema/cn={13}dnszone.ldif new file mode 100644 index 00000000..0dfeacf4 --- /dev/null +++ b/test/config/cn=config/cn=schema/cn={13}dnszone.ldif @@ -0,0 +1,92 @@ +# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. +# CRC32 fd206ea9 +dn: cn={13}dnszone +objectClass: olcSchemaConfig +cn: {13}dnszone +olcAttributeTypes: {0}( 1.3.6.1.4.1.2428.20.0.0 NAME 'dNSTTL' DESC 'An integer + denoting time to live' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.27 ) +olcAttributeTypes: {1}( 1.3.6.1.4.1.2428.20.0.1 NAME 'dNSClass' DESC 'The clas + s of a resource record' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.26 ) +olcAttributeTypes: {2}( 1.3.6.1.4.1.2428.20.0.2 NAME 'zoneName' DESC 'The name + of a zone, i.e. the name of the highest node in the zone' EQUALITY caseIgnor + eIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.26 ) +olcAttributeTypes: {3}( 1.3.6.1.4.1.2428.20.0.3 NAME 'relativeDomainName' DESC + 'The starting labels of a domain name' EQUALITY caseIgnoreIA5Match SUBSTR ca + seIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {4}( 1.3.6.1.4.1.2428.20.1.12 NAME 'pTRRecord' DESC 'domain + name pointer, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Subs + tringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {5}( 1.3.6.1.4.1.2428.20.1.13 NAME 'hInfoRecord' DESC 'host + information, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Subst + ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {6}( 1.3.6.1.4.1.2428.20.1.14 NAME 'mInfoRecord' DESC 'mail + box or mail list information, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR ca + seIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {7}( 1.3.6.1.4.1.2428.20.1.16 NAME 'tXTRecord' DESC 'text s + tring, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMa + tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {8}( 1.3.6.1.4.1.2428.20.1.18 NAME 'aFSDBRecord' DESC 'for + AFS Data Base location, RFC 1183' EQUALITY caseIgnoreIA5Match SUBSTR caseIgno + reIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {9}( 1.3.6.1.4.1.2428.20.1.24 NAME 'SigRecord' DESC 'Signat + ure, RFC 2535' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatc + h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {10}( 1.3.6.1.4.1.2428.20.1.25 NAME 'KeyRecord' DESC 'Key, + RFC 2535' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYN + TAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {11}( 1.3.6.1.4.1.2428.20.1.28 NAME 'aAAARecord' DESC 'IPv6 + address, RFC 1886' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substring + sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {12}( 1.3.6.1.4.1.2428.20.1.29 NAME 'LocRecord' DESC 'Locat + ion, RFC 1876' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatc + h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {13}( 1.3.6.1.4.1.2428.20.1.30 NAME 'nXTRecord' DESC 'non-e + xistant, RFC 2535' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substrings + Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {14}( 1.3.6.1.4.1.2428.20.1.33 NAME 'sRVRecord' DESC 'servi + ce location, RFC 2782' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substr + ingsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {15}( 1.3.6.1.4.1.2428.20.1.35 NAME 'nAPTRRecord' DESC 'Nam + ing Authority Pointer, RFC 2915' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnor + eIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {16}( 1.3.6.1.4.1.2428.20.1.36 NAME 'kXRecord' DESC 'Key Ex + change Delegation, RFC 2230' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5 + SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {17}( 1.3.6.1.4.1.2428.20.1.37 NAME 'certRecord' DESC 'cert + ificate, RFC 2538' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substrings + Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {18}( 1.3.6.1.4.1.2428.20.1.38 NAME 'a6Record' DESC 'A6 Rec + ord Type, RFC 2874' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substring + sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {19}( 1.3.6.1.4.1.2428.20.1.39 NAME 'dNameRecord' DESC 'Non + -Terminal DNS Name Redirection, RFC 2672' EQUALITY caseIgnoreIA5Match SUBSTR + caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {20}( 1.3.6.1.4.1.2428.20.1.43 NAME 'dSRecord' DESC 'Delega + tion Signer, RFC 3658' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substr + ingsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {21}( 1.3.6.1.4.1.2428.20.1.44 NAME 'sSHFPRecord' DESC 'SSH + Key Fingerprint, draft-ietf-secsh-dns-05.txt' EQUALITY caseIgnoreIA5Match SU + BSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {22}( 1.3.6.1.4.1.2428.20.1.46 NAME 'rRSIGRecord' DESC 'RRS + IG, RFC 3755' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {23}( 1.3.6.1.4.1.2428.20.1.47 NAME 'nSECRecord' DESC 'NSEC + , RFC 3755' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch S + YNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcObjectClasses: {0}( 1.3.6.1.4.1.2428.20.3 NAME 'dNSZone' SUP top STRUCTURAL + MUST ( zoneName $ relativeDomainName ) MAY ( DNSTTL $ DNSClass $ ARecord $ M + DRecord $ MXRecord $ NSRecord $ SOARecord $ CNAMERecord $ PTRRecord $ HINFORe + cord $ MINFORecord $ TXTRecord $ AFSDBRecord $ SIGRecord $ KEYRecord $ AAAARe + cord $ LOCRecord $ NXTRecord $ SRVRecord $ NAPTRRecord $ KXRecord $ CERTRecor + d $ A6Record $ DNAMERecord $ DSRecord $ SSHFPRecord $ RRSIGRecord $ NSECRecor + d ) ) +structuralObjectClass: olcSchemaConfig +entryUUID: e31fb806-8764-1034-83b8-933592c3cd29 +creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth +createTimestamp: 20150505112324Z +entryCSN: 20150505112324.094017Z#000000#000#000000 +modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth +modifyTimestamp: 20150505112324Z diff --git a/test/config/cn=config/cn=schema/cn={4}ppolicy.ldif b/test/config/cn=config/cn=schema/cn={4}ppolicy.ldif new file mode 100644 index 00000000..6e64e47e --- /dev/null +++ b/test/config/cn=config/cn=schema/cn={4}ppolicy.ldif @@ -0,0 +1,53 @@ +# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. +# CRC32 7da434b7 +dn: cn={4}ppolicy +objectClass: olcSchemaConfig +cn: {4}ppolicy +olcAttributeTypes: {0}( 1.3.6.1.4.1.42.2.27.8.1.1 NAME 'pwdAttribute' EQUALITY + objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) +olcAttributeTypes: {1}( 1.3.6.1.4.1.42.2.27.8.1.2 NAME 'pwdMinAge' EQUALITY in + tegerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {2}( 1.3.6.1.4.1.42.2.27.8.1.3 NAME 'pwdMaxAge' EQUALITY in + tegerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {3}( 1.3.6.1.4.1.42.2.27.8.1.4 NAME 'pwdInHistory' EQUALITY + integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {4}( 1.3.6.1.4.1.42.2.27.8.1.5 NAME 'pwdCheckQuality' EQUAL + ITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {5}( 1.3.6.1.4.1.42.2.27.8.1.6 NAME 'pwdMinLength' EQUALITY + integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {6}( 1.3.6.1.4.1.42.2.27.8.1.7 NAME 'pwdExpireWarning' EQUA + LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {7}( 1.3.6.1.4.1.42.2.27.8.1.8 NAME 'pwdGraceAuthNLimit' EQ + UALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {8}( 1.3.6.1.4.1.42.2.27.8.1.9 NAME 'pwdLockout' EQUALITY b + ooleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +olcAttributeTypes: {9}( 1.3.6.1.4.1.42.2.27.8.1.10 NAME 'pwdLockoutDuration' E + QUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {10}( 1.3.6.1.4.1.42.2.27.8.1.11 NAME 'pwdMaxFailure' EQUAL + ITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {11}( 1.3.6.1.4.1.42.2.27.8.1.12 NAME 'pwdFailureCountInter + val' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE + ) +olcAttributeTypes: {12}( 1.3.6.1.4.1.42.2.27.8.1.13 NAME 'pwdMustChange' EQUAL + ITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +olcAttributeTypes: {13}( 1.3.6.1.4.1.42.2.27.8.1.14 NAME 'pwdAllowUserChange' + EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +olcAttributeTypes: {14}( 1.3.6.1.4.1.42.2.27.8.1.15 NAME 'pwdSafeModify' EQUAL + ITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +olcAttributeTypes: {15}( 1.3.6.1.4.1.4754.1.99.1 NAME 'pwdCheckModule' DESC 'L + oadable module that instantiates "check_password() function' EQUALITY caseExa + ctIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcObjectClasses: {0}( 1.3.6.1.4.1.4754.2.99.1 NAME 'pwdPolicyChecker' SUP top + AUXILIARY MAY pwdCheckModule ) +olcObjectClasses: {1}( 1.3.6.1.4.1.42.2.27.8.2.1 NAME 'pwdPolicy' SUP top AUXI + LIARY MUST pwdAttribute MAY ( pwdMinAge $ pwdMaxAge $ pwdInHistory $ pwdCheck + Quality $ pwdMinLength $ pwdExpireWarning $ pwdGraceAuthNLimit $ pwdLockout $ + pwdLockoutDuration $ pwdMaxFailure $ pwdFailureCountInterval $ pwdMustChange + $ pwdAllowUserChange $ pwdSafeModify ) ) +structuralObjectClass: olcSchemaConfig +entryUUID: e2ef4888-8764-1034-83af-933592c3cd29 +creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth +createTimestamp: 20150505112323Z +entryCSN: 20150505112323.776591Z#000000#000#000000 +modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth +modifyTimestamp: 20150505112323Z diff --git a/test/config/cn=config/cn=schema/cn={5}quota.ldif b/test/config/cn=config/cn=schema/cn={5}quota.ldif new file mode 100644 index 00000000..191dd969 --- /dev/null +++ b/test/config/cn=config/cn=schema/cn={5}quota.ldif @@ -0,0 +1,23 @@ +# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. +# CRC32 f8ac78b6 +dn: cn={5}quota +objectClass: olcSchemaConfig +cn: {5}quota +olcAttributeTypes: {0}( 1.3.6.1.4.1.19937.1.1.1 NAME 'quota' DESC 'Quotas (Fil + eSystem:BlocksSoft,BlocksHard,InodesSoft,InodesHard)' EQUALITY caseIgnoreIA5M + atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} ) +olcAttributeTypes: {1}( 1.3.6.1.4.1.19937.1.1.2 NAME 'networkquota' DESC 'Netw + ork Quotas (network,protocol,bytes)' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6 + .1.4.1.1466.115.121.1.26{255} ) +olcObjectClasses: {0}( 1.3.6.1.4.1.19937.1.2.1 NAME 'systemQuotas' DESC 'Syste + m Quotas' SUP posixAccount AUXILIARY MUST uid MAY ( quota $ networkquota ) ) +olcObjectClasses: {1}( 1.3.6.1.4.1.19937.1.2.2 NAME 'defaultQuotas' DESC 'Quot + a defaults to apply to members of a group' SUP top AUXILIARY MUST cn MAY ( qu + ota $ networkquota ) ) +structuralObjectClass: olcSchemaConfig +entryUUID: e319e9c6-8764-1034-83b0-933592c3cd29 +creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth +createTimestamp: 20150505112324Z +entryCSN: 20150505112324.055970Z#000000#000#000000 +modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth +modifyTimestamp: 20150505112324Z diff --git a/test/config/cn=config/cn=schema/cn={6}zarafa.ldif b/test/config/cn=config/cn=schema/cn={6}zarafa.ldif new file mode 100644 index 00000000..09a09e4a --- /dev/null +++ b/test/config/cn=config/cn=schema/cn={6}zarafa.ldif @@ -0,0 +1,151 @@ +# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. +# CRC32 57609f92 +dn: cn={6}zarafa +objectClass: olcSchemaConfig +cn: {6}zarafa +olcAttributeTypes: {0}( 1.3.6.1.4.1.26278.1.1.1.1 NAME 'zarafaQuotaOverride' D + ESC 'ZARAFA: Override child quota' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {1}( 1.3.6.1.4.1.26278.1.1.1.2 NAME 'zarafaQuotaWarn' DESC + 'ZARAFA: Warning quota size in MB' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {2}( 1.3.6.1.4.1.26278.1.1.1.3 NAME 'zarafaQuotaSoft' DESC + 'ZARAFA: Soft quota size in MB' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {3}( 1.3.6.1.4.1.26278.1.1.1.4 NAME 'zarafaQuotaHard' DESC + 'ZARAFA: Hard quota size in MB' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {4}( 1.3.6.1.4.1.26278.1.1.1.5 NAME 'zarafaUserDefaultQuota + Override' DESC 'ZARAFA: Override User default quota for children' EQUALITY in + tegerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {5}( 1.3.6.1.4.1.26278.1.1.1.6 NAME 'zarafaUserDefaultQuota + Warn' DESC 'ZARAFA: User default warning quota size in MB' EQUALITY integerMa + tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {6}( 1.3.6.1.4.1.26278.1.1.1.7 NAME 'zarafaUserDefaultQuota + Soft' DESC 'ZARAFA: User default soft quota size in MB' EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {7}( 1.3.6.1.4.1.26278.1.1.1.8 NAME 'zarafaUserDefaultQuota + Hard' DESC 'ZARAFA: User default hard quota size in MB' EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {8}( 1.3.6.1.4.1.26278.1.1.2.1 NAME 'zarafaAdmin' DESC 'ZAR + AFA: Administrator of zarafa' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {9}( 1.3.6.1.4.1.26278.1.1.2.2 NAME 'zarafaSharedStoreOnly' + DESC 'ZARAFA: is store a shared store' EQUALITY integerMatch SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {10}( 1.3.6.1.4.1.26278.1.1.2.3 NAME 'zarafaAccount' DESC ' + ZARAFA: entry is a part of zarafa' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {11}( 1.3.6.1.4.1.26278.1.1.2.4 NAME 'zarafaSendAsPrivilege + ' DESC 'ZARAFA: Users may directly send email as this user' EQUALITY caseIgno + reMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + ) +olcAttributeTypes: {12}( 1.3.6.1.4.1.26278.1.1.2.5 NAME 'zarafaMrAccept' DESC + 'ZARAFA: user should auto-accept meeting requests' EQUALITY integerMatch SYNT + AX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {13}( 1.3.6.1.4.1.26278.1.1.2.6 NAME 'zarafaMrDeclineConfli + ct' DESC 'ZARAFA: user should automatically decline conflicting meeting reque + sts' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE + ) +olcAttributeTypes: {14}( 1.3.6.1.4.1.26278.1.1.2.7 NAME 'zarafaMrDeclineRecurr + ing' DESC 'ZARAFA: user should automatically decline recurring meeting reques + ts' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {15}( 1.3.6.1.4.1.26278.1.1.2.8 NAME 'zarafaId' DESC 'ZARAF + A: Generic unique ID' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.40 SINGLE-VALUE ) +olcAttributeTypes: {16}( 1.3.6.1.4.1.26278.1.1.2.9 NAME 'zarafaResourceType' D + ESC 'ZARAFA: for shared stores, resource is type Room or Equipment' EQUALITY + caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.15 SINGLE-VALUE ) +olcAttributeTypes: {17}( 1.3.6.1.4.1.26278.1.1.2.10 NAME 'zarafaResourceCapaci + ty' DESC 'ZARAFA: number of rooms or equipment available' EQUALITY integerMat + ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {18}( 1.3.6.1.4.1.26278.1.1.2.11 NAME 'zarafaHidden' DESC ' + ZARAFA: This object should be hidden from address book' EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {19}( 1.3.6.1.4.1.26278.1.1.3.1 NAME 'zarafaAliases' DESC ' + ZARAFA: All other email addresses for this user' EQUALITY caseIgnoreMatch SUB + STR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +olcAttributeTypes: {20}( 1.3.6.1.4.1.26278.1.1.4.1 NAME 'zarafaUserServer' DES + C 'ZARAFA: Home server for the user' EQUALITY caseIgnoreMatch SUBSTR caseIgno + reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +olcAttributeTypes: {21}( 1.3.6.1.4.1.26278.1.2.2.1 NAME 'zarafaSecurityGroup' + DESC 'ZARAFA: group has security possibilities' EQUALITY integerMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {22}( 1.3.6.1.4.1.26278.1.3.2.4 NAME 'zarafaViewPrivilege' + DESC 'ZARAFA: Companies with view privileges over selected company' EQUALITY + caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.15 ) +olcAttributeTypes: {23}( 1.3.6.1.4.1.26278.1.3.2.5 NAME 'zarafaAdminPrivilege' + DESC 'ZARAFA: Users from different companies which are administrator over se + lected company' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYN + TAX 1.3.6.1.4.1.1466.115.121.1.15 ) +olcAttributeTypes: {24}( 1.3.6.1.4.1.26278.1.3.2.6 NAME 'zarafaSystemAdmin' DE + SC 'ZARAFA: The user who is the system administrator for this company' EQUALI + TY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.15 SINGLE-VALUE ) +olcAttributeTypes: {25}( 1.3.6.1.4.1.26278.1.3.1.5 NAME 'zarafaQuotaUserWarnin + gRecipients' DESC 'ZARAFA: Users who will recieve a notification email when a + user exceeds his quota' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrings + Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +olcAttributeTypes: {26}( 1.3.6.1.4.1.26278.1.3.1.6 NAME 'zarafaQuotaCompanyWar + ningRecipients' DESC 'ZARAFA: Users who will recieve a notification email whe + n a company exceeds its quota' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubs + tringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +olcAttributeTypes: {27}( 1.3.6.1.4.1.26278.1.3.4.1 NAME 'zarafaCompanyServer' + DESC 'ZARAFA: Home server for the user' EQUALITY caseIgnoreMatch SUBSTR caseI + gnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +olcAttributeTypes: {28}( 1.3.6.1.4.1.26278.1.4.4.1 NAME 'zarafaHttpPort' DESC + 'ZARAFA: Port for the http connection' EQUALITY integerMatch SYNTAX 1.3.6.1.4 + .1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {29}( 1.3.6.1.4.1.26278.1.4.4.2 NAME 'zarafaSslPort' DESC ' + ZARAFA: Port for the ssl connection' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {30}( 1.3.6.1.4.1.26278.1.4.4.3 NAME 'zarafaFilePath' DESC + 'ZARAFA: The unix socket or named pipe to the server' EQUALITY caseIgnoreMatc + h SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL + E-VALUE ) +olcAttributeTypes: {31}( 1.3.6.1.4.1.26278.1.4.4.4 NAME 'zarafaContainsPublic' + DESC 'ZARAFA: This server contains the public store' EQUALITY integerMatch S + YNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {32}( 1.3.6.1.4.1.26278.1.5.5.1 NAME 'zarafaFilter' DESC 'Z + ARAFA: LDAP Filter to apply' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstr + ingsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +olcAttributeTypes: {33}( 1.3.6.1.4.1.26278.1.5.5.2 NAME 'zarafaBase' DESC 'ZAR + AFA: LDAP Search base to apply' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSub + stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +olcObjectClasses: {0}( 1.3.6.1.4.1.26278.1.1.0.0 NAME 'zarafa-user' DESC 'Zara + fa: an user of Zarafa' SUP top AUXILIARY MUST cn MAY ( zarafaQuotaOverride $ + zarafaQuotaWarn $ zarafaQuotaSoft $ zarafaSendAsPrivilege $ zarafaQuotaHard $ + zarafaAdmin $ zarafaSharedStoreOnly $ zarafaResourceType $ zarafaResourceCap + acity $ zarafaAccount $ zarafaHidden $ zarafaAliases $ zarafaUserServer ) ) +olcObjectClasses: {1}( 1.3.6.1.4.1.26278.1.6.0.0 NAME 'zarafa-contact' DESC 'Z + arafa: a contact of Zarafa' SUP top AUXILIARY MUST ( cn $ uidNumber ) MAY ( z + arafaSendAsPrivilege $ zarafaHidden $ zarafaAliases ) ) +olcObjectClasses: {2}( 1.3.6.1.4.1.26278.1.2.0.0 NAME 'zarafa-group' DESC 'Zar + afa: a group of Zarafa' SUP top AUXILIARY MUST cn MAY ( zarafaAccount $ zaraf + aHidden $ mail $ zarafaAliases $ zarafaSecurityGroup ) ) +olcObjectClasses: {3}( 1.3.6.1.4.1.26278.1.3.0.0 NAME 'zarafa-company' DESC 'Z + ARAFA: a company of Zarafa' SUP top AUXILIARY MUST cn MAY ( zarafaAccount $ z + arafaHidden $ zarafaViewPrivilege $ zarafaAdminPrivilege $ zarafaSystemAdmin + $ zarafaQuotaOverride $ zarafaQuotaWarn $ zarafaUserDefaultQuotaOverride $ za + rafaUserDefaultQuotaWarn $ zarafaUserDefaultQuotaSoft $ zarafaUserDefaultQuot + aHard $ zarafaQuotaUserWarningRecipients $ zarafaQuotaCompanyWarningRecipient + s $ zarafaCompanyServer ) ) +olcObjectClasses: {4}( 1.3.6.1.4.1.26278.1.4.0.0 NAME 'zarafa-server' DESC 'ZA + RAFA: a Zarafa server' SUP top AUXILIARY MUST cn MAY ( zarafaAccount $ zarafa + Hidden $ zarafaHttpPort $ zarafaSslPort $ zarafaFilePath $ zarafaContainsPubl + ic ) ) +olcObjectClasses: {5}( 1.3.6.1.4.1.26278.1.5.0.0 NAME 'zarafa-addresslist' DES + C 'ZARAFA: a Zarafa Addresslist' SUP top STRUCTURAL MUST cn MAY ( zarafaAccou + nt $ zarafaHidden $ zarafaFilter $ zarafaBase ) ) +olcObjectClasses: {6}( 1.3.6.1.4.1.26278.1.7.0.0 NAME 'zarafa-dynamicgroup' DE + SC 'ZARAFA: a Zarafa dynamic group' SUP top STRUCTURAL MUST cn MAY ( zarafaAc + count $ zarafaHidden $ mail $ zarafaAliases $ zarafaFilter $ zarafaBase ) ) +structuralObjectClass: olcSchemaConfig +entryUUID: e31a7bde-8764-1034-83b1-933592c3cd29 +creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth +createTimestamp: 20150505112324Z +entryCSN: 20150505112324.059710Z#000000#000#000000 +modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth +modifyTimestamp: 20150505112324Z diff --git a/test/config/cn=config/cn=schema/cn={7}mail.ldif b/test/config/cn=config/cn=schema/cn={7}mail.ldif new file mode 100644 index 00000000..3d10bfb0 --- /dev/null +++ b/test/config/cn=config/cn=schema/cn={7}mail.ldif @@ -0,0 +1,56 @@ +# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. +# CRC32 b10b1513 +dn: cn={7}mail +objectClass: olcSchemaConfig +cn: {7}mail +olcAttributeTypes: {0}( 1.3.6.1.4.1.21103.1.1.13.1 NAME 'maildrop' DESC 'Mail + addresses where mails are forwarded -- ie forwards' EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512} ) +olcAttributeTypes: {1}( 1.3.6.1.4.1.21103.1.1.13.2 NAME 'mailalias' DESC 'Mail + addresses accepted by this account -- ie aliases' EQUALITY caseIgnoreMatch S + UBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512} ) +olcAttributeTypes: {2}( 1.3.6.1.4.1.21103.1.1.13.3 NAME 'mailenable' DESC 'Mai + l Account / Virtual alias validity' EQUALITY caseIgnoreMatch SUBSTR caseIgnor + eSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{8} ) +olcAttributeTypes: {3}( 1.3.6.1.4.1.21103.1.1.13.4 NAME 'mailbox' DESC 'Mailbo + x path where mails are delivered' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreS + ubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512} ) +olcAttributeTypes: {4}( 1.3.6.1.4.1.21103.1.1.13.5 NAME 'virtualdomain' DESC ' + A mail domain name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512} ) +olcAttributeTypes: {5}( 1.3.6.1.4.1.21103.1.1.13.6 NAME 'virtualdomaindescript + ion' DESC 'Virtual domain description' EQUALITY caseIgnoreMatch SUBSTR caseIg + noreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512} ) +olcAttributeTypes: {6}( 1.3.6.1.4.1.21103.1.1.13.7 NAME 'mailuserquota' DESC ' + Mailbox quota for a user in kilo-bytes' EQUALITY integerMatch SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {7}( 1.3.6.1.4.1.21103.1.1.13.8 NAME 'mailhost' DESC 'The m + ail server IP address or FQDN for a user' EQUALITY caseIgnoreIA5Match SUBSTR + caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE + -VALUE ) +olcAttributeTypes: {8}( 1.3.6.1.4.1.21103.1.1.13.9 NAME 'mailaliasmember' DESC + 'Member of a virtual alias' SUP distinguishedName ) +olcAttributeTypes: {9}( 1.3.6.1.4.1.21103.1.1.13.10 NAME 'mailproxy' DESC 'Mai + l proxy' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNT + AX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE ) +olcAttributeTypes: {10}( 1.3.6.1.4.1.21103.1.1.13.11 NAME 'mailhidden' DESC 'M + ail Account hidden in address book' EQUALITY caseIgnoreMatch SUBSTR caseIgnor + eSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{8} ) +olcObjectClasses: {0}( 1.3.6.1.4.1.21103.1.2.13.1 NAME 'mailAccount' DESC 'Mai + l Account' SUP top AUXILIARY MUST mail MAY ( mailalias $ maildrop $ mailenabl + e $ mailbox $ mailuserquota $ mailhost $ mailproxy $ mailhidden ) ) +olcObjectClasses: {1}( 1.3.6.1.4.1.21103.1.2.13.2 NAME 'mailDomain' DESC 'Doma + in mail entry' SUP top STRUCTURAL MUST virtualdomain MAY ( virtualdomaindescr + iption $ mailuserquota ) ) +olcObjectClasses: {2}( 1.3.6.1.4.1.21103.1.2.13.3 NAME 'mailGroup' DESC 'Mail + Group' SUP top AUXILIARY MUST mail MAY mailhidden ) +olcObjectClasses: {3}( 1.3.6.1.4.1.21103.1.2.13.4 NAME 'mailAlias' DESC 'Mail + Alias' SUP top STRUCTURAL MUST mailalias MAY ( mail $ mailaliasmember $ maile + nable ) ) +structuralObjectClass: olcSchemaConfig +entryUUID: e31b1256-8764-1034-83b2-933592c3cd29 +creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth +createTimestamp: 20150505112324Z +entryCSN: 20150505112324.063563Z#000000#000#000000 +modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth +modifyTimestamp: 20150505112324Z diff --git a/test/config/cn=config/cn=schema/cn={8}openssh-lpk.ldif b/test/config/cn=config/cn=schema/cn={8}openssh-lpk.ldif new file mode 100644 index 00000000..04dcaca4 --- /dev/null +++ b/test/config/cn=config/cn=schema/cn={8}openssh-lpk.ldif @@ -0,0 +1,18 @@ +# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. +# CRC32 8554d7c7 +dn: cn={8}openssh-lpk +objectClass: olcSchemaConfig +cn: {8}openssh-lpk +olcAttributeTypes: {0}( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey' DES + C 'MANDATORY: OpenSSH Public key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.40 ) +olcObjectClasses: {0}( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' DESC + 'MANDATORY: OpenSSH LPK objectclass' SUP top AUXILIARY MAY ( sshPublicKey $ + uid ) ) +structuralObjectClass: olcSchemaConfig +entryUUID: e31baafe-8764-1034-83b3-933592c3cd29 +creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth +createTimestamp: 20150505112324Z +entryCSN: 20150505112324.067470Z#000000#000#000000 +modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth +modifyTimestamp: 20150505112324Z diff --git a/test/config/cn=config/cn=schema/cn={9}dhcp.ldif b/test/config/cn=config/cn=schema/cn={9}dhcp.ldif new file mode 100644 index 00000000..83de25a6 --- /dev/null +++ b/test/config/cn=config/cn=schema/cn={9}dhcp.ldif @@ -0,0 +1,327 @@ +# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. +# CRC32 d5bd8e4d +dn: cn={9}dhcp +objectClass: olcSchemaConfig +cn: {9}dhcp +olcAttributeTypes: {0}( 2.16.840.1.113719.1.203.4.1 NAME 'dhcpPrimaryDN' DESC + 'The DN of the dhcpServer which is the primary server for the configuration.' + EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE- + VALUE ) +olcAttributeTypes: {1}( 2.16.840.1.113719.1.203.4.2 NAME 'dhcpSecondaryDN' DES + C 'The DN of dhcpServer(s) which provide backup service for the configuration + .' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +olcAttributeTypes: {2}( 2.16.840.1.113719.1.203.4.3 NAME 'dhcpStatements' DESC + 'Flexible storage for specific data depending on what object this exists in. + Like conditional statements, server parameters, etc. This allows the standar + d to evolve without needing to adjust the schema.' EQUALITY caseIgnoreIA5Matc + h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {3}( 2.16.840.1.113719.1.203.4.4 NAME 'dhcpRange' DESC 'The + starting & ending IP Addresses in the range (inclusive), separated by a hyph + en; if the range only contains one address, then just the address can be spec + ified with no hyphen. Each range is defined as a separate value.' EQUALITY c + aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {4}( 2.16.840.1.113719.1.203.4.5 NAME 'dhcpPermitList' DESC + 'This attribute contains the permit lists associated with a pool. Each permi + t list is defined as a separate value.' EQUALITY caseIgnoreIA5Match SYNTAX 1. + 3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {5}( 2.16.840.1.113719.1.203.4.6 NAME 'dhcpNetMask' DESC 'T + he subnet mask length for the subnet. The mask can be easily computed from t + his length.' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGL + E-VALUE ) +olcAttributeTypes: {6}( 2.16.840.1.113719.1.203.4.7 NAME 'dhcpOption' DESC 'En + coded option values to be sent to clients. Each value represents a single op + tion and contains (OptionTag, Length, OptionValue) encoded in the format used + by DHCP.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {7}( 2.16.840.1.113719.1.203.4.8 NAME 'dhcpClassData' DESC + 'Encoded text string or list of bytes expressed in hexadecimal, separated by + colons. Clients match subclasses based on matching the class data with the r + esults of match or spawn with statements in the class name declarations.' EQU + ALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {8}( 2.16.840.1.113719.1.203.4.9 NAME 'dhcpOptionsDN' DESC + 'The distinguished name(s) of the dhcpOption objects containing the configura + tion options provided by the server.' EQUALITY distinguishedNameMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.12 ) +olcAttributeTypes: {9}( 2.16.840.1.113719.1.203.4.10 NAME 'dhcpHostDN' DESC 't + he distinguished name(s) of the dhcpHost objects.' EQUALITY distinguishedName + Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +olcAttributeTypes: {10}( 2.16.840.1.113719.1.203.4.11 NAME 'dhcpPoolDN' DESC ' + The distinguished name(s) of pools.' EQUALITY distinguishedNameMatch SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.12 ) +olcAttributeTypes: {11}( 2.16.840.1.113719.1.203.4.12 NAME 'dhcpGroupDN' DESC + 'The distinguished name(s) of the groups.' EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +olcAttributeTypes: {12}( 2.16.840.1.113719.1.203.4.13 NAME 'dhcpSubnetDN' DESC + 'The distinguished name(s) of the subnets.' EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +olcAttributeTypes: {13}( 2.16.840.1.113719.1.203.4.14 NAME 'dhcpLeaseDN' DESC + 'The distinguished name of a client address.' EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) +olcAttributeTypes: {14}( 2.16.840.1.113719.1.203.4.15 NAME 'dhcpLeasesDN' DESC + 'The distinguished name(s) client addresses.' EQUALITY distinguishedNameMatc + h SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +olcAttributeTypes: {15}( 2.16.840.1.113719.1.203.4.16 NAME 'dhcpClassesDN' DES + C 'The distinguished name(s) of a class(es) in a subclass.' EQUALITY distingu + ishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +olcAttributeTypes: {16}( 2.16.840.1.113719.1.203.4.17 NAME 'dhcpSubclassesDN' + DESC 'The distinguished name(s) of subclass(es).' EQUALITY distinguishedNameM + atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +olcAttributeTypes: {17}( 2.16.840.1.113719.1.203.4.18 NAME 'dhcpSharedNetworkD + N' DESC 'The distinguished name(s) of sharedNetworks.' EQUALITY distinguished + NameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +olcAttributeTypes: {18}( 2.16.840.1.113719.1.203.4.19 NAME 'dhcpServiceDN' DES + C 'The DN of dhcpService object(s)which contain the configuration information + . Each dhcpServer object has this attribute identifying the DHCP configuratio + n(s) that the server is associated with.' EQUALITY distinguishedNameMatch SYN + TAX 1.3.6.1.4.1.1466.115.121.1.12 ) +olcAttributeTypes: {19}( 2.16.840.1.113719.1.203.4.20 NAME 'dhcpVersion' DESC + 'The version attribute of this object.' EQUALITY caseIgnoreIA5Match SYNTAX 1. + 3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {20}( 2.16.840.1.113719.1.203.4.21 NAME 'dhcpImplementation + ' DESC 'Description of the DHCP Server implementation e.g. DHCP Servers vendo + r.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-V + ALUE ) +olcAttributeTypes: {21}( 2.16.840.1.113719.1.203.4.22 NAME 'dhcpAddressState' + DESC 'This stores information about the current binding-status of an address. + For dynamic addresses managed by DHCP, the values should be restricted to t + he following: "FREE", "ACTIVE", "EXPIRED", "RELEASED", "RESET", "ABANDONED", + "BACKUP". For other addresses, it SHOULD be one of the following: "UNKNOWN", + "RESERVED" (an address that is managed by DHCP that is reserved for a specif + ic client), "RESERVED-ACTIVE" (same as reserved, but address is currently in + use), "ASSIGNED" (assigned manually or by some other mechanism), "UNASSIGNED" + , "NOTASSIGNABLE".' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.26 SINGLE-VALUE ) +olcAttributeTypes: {22}( 2.16.840.1.113719.1.203.4.23 NAME 'dhcpExpirationTime + ' DESC 'This is the time the current lease for an address expires.' EQUALITY + generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) +olcAttributeTypes: {23}( 2.16.840.1.113719.1.203.4.24 NAME 'dhcpStartTimeOfSta + te' DESC 'This is the time of the last state change for a leased address.' EQ + UALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE + ) +olcAttributeTypes: {24}( 2.16.840.1.113719.1.203.4.25 NAME 'dhcpLastTransactio + nTime' DESC 'This is the last time a valid DHCP packet was received from the + client.' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 S + INGLE-VALUE ) +olcAttributeTypes: {25}( 2.16.840.1.113719.1.203.4.26 NAME 'dhcpBootpFlag' DES + C 'This indicates whether the address was assigned via BOOTP.' EQUALITY boole + anMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) +olcAttributeTypes: {26}( 2.16.840.1.113719.1.203.4.27 NAME 'dhcpDomainName' DE + SC 'This is the name of the domain sent to the client by the server. It is e + ssentially the same as the value for DHCP option 15 sent to the client, and r + epresents only the domain - not the full FQDN. To obtain the full FQDN assig + ned to the client you must prepend the "dhcpAssignedHostName" to this value w + ith a ".".' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE ) +olcAttributeTypes: {27}( 2.16.840.1.113719.1.203.4.28 NAME 'dhcpDnsStatus' DES + C 'This indicates the status of updating DNS resource records on behalf of th + e client by the DHCP server for this address. The value is a 16-bit bitmask. + ' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {28}( 2.16.840.1.113719.1.203.4.29 NAME 'dhcpRequestedHostN + ame' DESC 'This is the hostname that was requested by the client.' EQUALITY c + aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {29}( 2.16.840.1.113719.1.203.4.30 NAME 'dhcpAssignedHostNa + me' DESC 'This is the actual hostname that was assigned to a client. It may n + ot be the name that was requested by the client. The fully qualified domain + name can be determined by appending the value of "dhcpDomainName" (with a dot + separator) to this name.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {30}( 2.16.840.1.113719.1.203.4.31 NAME 'dhcpReservedForCli + ent' DESC 'The distinguished name of a "dhcpClient" that an address is reserv + ed for. This may not be the same as the "dhcpAssignedToClient" attribute if + the address is being reassigned but the current lease has not yet expired.' E + QUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VA + LUE ) +olcAttributeTypes: {31}( 2.16.840.1.113719.1.203.4.32 NAME 'dhcpAssignedToClie + nt' DESC 'This is the distinguished name of a "dhcpClient" that an address is + currently assigned to. This attribute is only present in the class when the + address is leased.' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.12 SINGLE-VALUE ) +olcAttributeTypes: {32}( 2.16.840.1.113719.1.203.4.33 NAME 'dhcpRelayAgentInfo + ' DESC 'If the client request was received via a relay agent, this contains i + nformation about the relay agent that was available from the DHCP request. T + his is a hex-encoded option value.' EQUALITY octetStringMatch SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.40 SINGLE-VALUE ) +olcAttributeTypes: {33}( 2.16.840.1.113719.1.203.4.34 NAME 'dhcpHWAddress' DES + C 'The clients hardware address that requested this IP address.' EQUALITY cas + eIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {34}( 2.16.840.1.113719.1.203.4.35 NAME 'dhcpHashBucketAssi + gnment' DESC 'HashBucketAssignment bit map for the DHCP Server, as defined in + DHC Load Balancing Algorithm [RFC 3074].' EQUALITY octetStringMatch SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) +olcAttributeTypes: {35}( 2.16.840.1.113719.1.203.4.36 NAME 'dhcpDelayedService + Parameter' DESC 'Delay in seconds corresponding to Delayed Service Parameter + configuration, as defined in DHC Load Balancing Algorithm [RFC 3074]. ' EQUA + LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {36}( 2.16.840.1.113719.1.203.4.37 NAME 'dhcpMaxClientLeadT + ime' DESC 'Maximum Client Lead Time configuration in seconds, as defined in D + HCP Failover Protocol [FAILOVR]' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.27 SINGLE-VALUE ) +olcAttributeTypes: {37}( 2.16.840.1.113719.1.203.4.38 NAME 'dhcpFailOverEndpoi + ntState' DESC 'Server (Failover Endpoint) state, as defined in DHCP Failover + Protocol [FAILOVR]' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.26 SINGLE-VALUE ) +olcAttributeTypes: {38}( 2.16.840.1.113719.1.203.4.39 NAME 'dhcpErrorLog' DESC + 'Generic error log attribute that allows logging error conditions within a d + hcpService or a dhcpSubnet, like no IP addresses available for lease.' EQUALI + TY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {39}( 2.16.840.1.113719.1.203.4.40 NAME 'dhcpLocatorDN' DES + C 'The DN of dhcpLocator object which contain the DNs of all DHCP configurati + on objects. There will be a single dhcpLocator object in the tree with links + to all the DHCP objects in the tree' EQUALITY distinguishedNameMatch SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.12 ) +olcAttributeTypes: {40}( 2.16.840.1.113719.1.203.4.41 NAME 'dhcpKeyAlgorithm' + DESC 'Algorithm to generate TSIG Key' EQUALITY caseIgnoreIA5Match SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {41}( 2.16.840.1.113719.1.203.4.42 NAME 'dhcpKeySecret' DES + C 'Secret to generate TSIG Key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1. + 1466.115.121.1.40 SINGLE-VALUE ) +olcAttributeTypes: {42}( 2.16.840.1.113719.1.203.4.43 NAME 'dhcpDnsZoneServer' + DESC 'Master server of the DNS Zone' EQUALITY caseIgnoreIA5Match SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcAttributeTypes: {43}( 2.16.840.1.113719.1.203.4.44 NAME 'dhcpKeyDN' DESC 'T + he DNs of TSIG Key to use in secure dynamic updates. In case of locator objec + t, this will be list of TSIG keys. In case of DHCP Service, Shared Network, + Subnet and DNS Zone, it will be a single key.' EQUALITY distinguishedNameMatc + h SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +olcAttributeTypes: {44}( 2.16.840.1.113719.1.203.4.45 NAME 'dhcpZoneDN' DESC ' + The DNs of DNS Zone. In case of locator object, this will be list of DNS Zone + s in the tree. In case of DHCP Service, Shared Network and Subnet, it will be + a single DNS Zone.' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.12 ) +olcAttributeTypes: {45}( 2.16.840.1.113719.1.203.4.46 NAME 'dhcpFailOverRole' + DESC 'Role of the DHCP Server. Either primary or secondary' EQUALITY caseIgno + reIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {46}( 2.16.840.1.113719.1.203.4.47 NAME 'dhcpFailOverReceiv + eAddress' DESC 'IP address or DNS name on which the server should listen f + or connections from its fail over peer' EQUALITY caseIgnoreIA5Match SYNTAX 1. + 3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: {47}( 2.16.840.1.113719.1.203.4.48 NAME 'dhcpFailOverPeerAd + dress' DESC 'IP address or DNS name to which the server should connec + t to reach its fail over peer' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.26 ) +olcAttributeTypes: {48}( 2.16.840.1.113719.1.203.4.49 NAME 'dhcpFailOverPeerPo + rt' DESC 'Port to which server should connect to reach its fail over peer' EQ + UALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) +olcAttributeTypes: {49}( 2.16.840.1.113719.1.203.4.50 NAME 'dhcpFailOverReceiv + ePort' DESC 'Port on which server should listen for connections from its fail + over peer' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) +olcAttributeTypes: {50}( 2.16.840.1.113719.1.203.4.51 NAME 'dhcpFailOverRespon + seDelay' DESC 'Maximum response time in seconds, before Server assumes that c + onnection to fail over peer has failed' EQUALITY integerMatch SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.27 ) +olcAttributeTypes: {51}( 2.16.840.1.113719.1.203.4.52 NAME 'dhcpFailOverUnpack + edUpdates' DESC 'Number of BNDUPD messages that server can send before it rec + eives BNDACK from its fail over peer' EQUALITY integerMatch SYNTAX 1.3.6.1.4. + 1.1466.115.121.1.27 ) +olcAttributeTypes: {52}( 2.16.840.1.113719.1.203.4.53 NAME 'dhcpFailOverSplit' + DESC 'Split between the primary and secondary servers for fail over purpose' + EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) +olcAttributeTypes: {53}( 2.16.840.1.113719.1.203.4.54 NAME 'dhcpFailOverLoadBa + lanceTime' DESC 'Cutoff time in seconds, after which load balance is disabled + ' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) +olcAttributeTypes: {54}( 2.16.840.1.113719.1.203.4.55 NAME 'dhcpFailOverPeerDN + ' DESC 'The DNs of Fail over peers. In case of locator object, this will be l + ist of fail over peers in the tree. In case of Subnet and pool, it will be a + single Fail Over Peer' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.12 ) +olcAttributeTypes: {55}( 2.16.840.1.113719.1.203.4.56 NAME 'dhcpServerDN' DESC + 'List of all DHCP Servers in the tree. Used by dhcpLocatorObject' EQUALITY + distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +olcAttributeTypes: {56}( 2.16.840.1.113719.1.203.4.57 NAME 'dhcpComments' DESC + 'Generic attribute that allows coments within any DHCP object' EQUALITY cas + eIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +olcObjectClasses: {0}( 2.16.840.1.113719.1.203.6.1 NAME 'dhcpService' DESC 'Se + rvice object that represents the actual DHCP Service configuration. This is a + container object.' SUP top STRUCTURAL MUST cn MAY ( dhcpPrimaryDN $ dhcpSeco + ndaryDN $ dhcpServerDN $ dhcpSharedNetworkDN $ dhcpSubnetDN $ dhcpGroupDN $ d + hcpHostDN $ dhcpClassesDN $ dhcpOptionsDN $ dhcpZoneDN $ dhcpKeyDN $ dhcpFail + OverPeerDN $ dhcpStatements $ dhcpComments $ dhcpOption ) ) +olcObjectClasses: {1}( 2.16.840.1.113719.1.203.6.2 NAME 'dhcpSharedNetwork' DE + SC 'This stores configuration information for a shared network.' SUP top STRU + CTURAL MUST cn MAY ( dhcpSubnetDN $ dhcpPoolDN $ dhcpOptionsDN $ dhcpZoneDN $ + dhcpStatements $ dhcpComments $ dhcpOption ) X-NDS_CONTAINMENT 'dhcpService' + ) +olcObjectClasses: {2}( 2.16.840.1.113719.1.203.6.3 NAME 'dhcpSubnet' DESC 'Thi + s class defines a subnet. This is a container object.' SUP top STRUCTURAL MUS + T ( cn $ dhcpNetMask ) MAY ( dhcpRange $ dhcpPoolDN $ dhcpGroupDN $ dhcpHostD + N $ dhcpClassesDN $ dhcpLeasesDN $ dhcpOptionsDN $ dhcpZoneDN $ dhcpKeyDN $ d + hcpFailOverPeerDN $ dhcpStatements $ dhcpComments $ dhcpOption ) X-NDS_CONTAI + NMENT ( 'dhcpService' 'dhcpSharedNetwork' ) ) +olcObjectClasses: {3}( 2.16.840.1.113719.1.203.6.4 NAME 'dhcpPool' DESC 'This + stores configuration information about a pool.' SUP top STRUCTURAL MUST ( cn + $ dhcpRange ) MAY ( dhcpClassesDN $ dhcpPermitList $ dhcpLeasesDN $ dhcpOptio + nsDN $ dhcpZoneDN $ dhcpKeyDN $ dhcpStatements $ dhcpComments $ dhcpOption ) + X-NDS_CONTAINMENT ( 'dhcpSubnet' 'dhcpSharedNetwork' ) ) +olcObjectClasses: {4}( 2.16.840.1.113719.1.203.6.5 NAME 'dhcpGroup' DESC 'Grou + p object that lists host DNs and parameters. This is a container object.' SUP + top STRUCTURAL MUST cn MAY ( dhcpHostDN $ dhcpOptionsDN $ dhcpStatements $ d + hcpComments $ dhcpOption ) X-NDS_CONTAINMENT ( 'dhcpSubnet' 'dhcpService' ) ) +olcObjectClasses: {5}( 2.16.840.1.113719.1.203.6.6 NAME 'dhcpHost' DESC 'This + represents information about a particular client' SUP top STRUCTURAL MUST cn + MAY ( dhcpLeaseDN $ dhcpHWAddress $ dhcpOptionsDN $ dhcpStatements $ dhcpComm + ents $ dhcpOption ) X-NDS_CONTAINMENT ( 'dhcpService' 'dhcpSubnet' 'dhcpGroup + ' ) ) +olcObjectClasses: {6}( 2.16.840.1.113719.1.203.6.7 NAME 'dhcpClass' DESC 'Repr + esents information about a collection of related clients.' SUP top STRUCTURAL + MUST cn MAY ( dhcpSubClassesDN $ dhcpOptionsDN $ dhcpStatements $ dhcpCommen + ts $ dhcpOption ) X-NDS_CONTAINMENT ( 'dhcpService' 'dhcpSubnet' ) ) +olcObjectClasses: {7}( 2.16.840.1.113719.1.203.6.8 NAME 'dhcpSubClass' DESC 'R + epresents information about a collection of related classes.' SUP top STRUCTU + RAL MUST cn MAY ( dhcpClassData $ dhcpOptionsDN $ dhcpStatements $ dhcpCommen + ts $ dhcpOption ) X-NDS_CONTAINMENT 'dhcpClass' ) +olcObjectClasses: {8}( 2.16.840.1.113719.1.203.6.9 NAME 'dhcpOptions' DESC 'Re + presents information about a collection of options defined.' SUP top AUXILIAR + Y MUST cn MAY ( dhcpOption $ dhcpComments ) X-NDS_CONTAINMENT ( 'dhcpService' + 'dhcpSharedNetwork' 'dhcpSubnet' 'dhcpPool' 'dhcpGroup' 'dhcpHost' 'dhcpClas + s' ) ) +olcObjectClasses: {9}( 2.16.840.1.113719.1.203.6.10 NAME 'dhcpLeases' DESC 'Th + is class represents an IP Address, which may or may not have been leased.' SU + P top STRUCTURAL MUST ( cn $ dhcpAddressState ) MAY ( dhcpExpirationTime $ dh + cpStartTimeOfState $ dhcpLastTransactionTime $ dhcpBootpFlag $ dhcpDomainName + $ dhcpDnsStatus $ dhcpRequestedHostName $ dhcpAssignedHostName $ dhcpReserve + dForClient $ dhcpAssignedToClient $ dhcpRelayAgentInfo $ dhcpHWAddress $ dhcp + Option ) X-NDS_CONTAINMENT ( 'dhcpService' 'dhcpSubnet' 'dhcpPool' ) ) +olcObjectClasses: {10}( 2.16.840.1.113719.1.203.6.11 NAME 'dhcpLog' DESC 'This + is the object that holds past information about the IP address. The cn is th + e time/date stamp when the address was assigned or released, the address stat + e at the time, if the address was assigned or released.' SUP top STRUCTURAL M + UST cn MAY ( dhcpAddressState $ dhcpExpirationTime $ dhcpStartTimeOfState $ d + hcpLastTransactionTime $ dhcpBootpFlag $ dhcpDomainName $ dhcpDnsStatus $ dhc + pRequestedHostName $ dhcpAssignedHostName $ dhcpReservedForClient $ dhcpAssig + nedToClient $ dhcpRelayAgentInfo $ dhcpHWAddress $ dhcpErrorLog ) X-NDS_CONTA + INMENT ( 'dhcpLeases' 'dhcpPool' 'dhcpSubnet' 'dhcpSharedNetwork' 'dhcpServic + e' ) ) +olcObjectClasses: {11}( 2.16.840.1.113719.1.203.6.12 NAME 'dhcpServer' DESC 'D + HCP Server Object' SUP top STRUCTURAL MUST cn MAY ( dhcpServiceDN $ dhcpLocat + orDN $ dhcpVersion $ dhcpImplementation $ dhcpHashBucketAssignment $ dhcpDela + yedServiceParameter $ dhcpMaxClientLeadTime $ dhcpFailOverEndpointState $ dhc + pStatements $ dhcpComments $ dhcpOption ) X-NDS_CONTAINMENT ( 'organization' + 'organizationalunit' 'domain' ) ) +olcObjectClasses: {12}( 2.16.840.1.113719.1.203.6.13 NAME 'dhcpTSigKey' DESC ' + TSIG key for secure dynamic updates' SUP top STRUCTURAL MUST ( cn $ dhcpKeyAl + gorithm $ dhcpKeySecret ) MAY dhcpComments X-NDS_CONTAINMENT ( 'dhcpService' + 'dhcpSharedNetwork' 'dhcpSubnet' ) ) +olcObjectClasses: {13}( 2.16.840.1.113719.1.203.6.14 NAME 'dhcpDnsZone' DESC ' + DNS Zone for updating leases' SUP top STRUCTURAL MUST ( cn $ dhcpDnsZoneServe + r ) MAY ( dhcpKeyDN $ dhcpComments ) X-NDS_CONTAINMENT ( 'dhcpService' 'dhcpS + haredNetwork' 'dhcpSubnet' ) ) +olcObjectClasses: {14}( 2.16.840.1.113719.1.203.6.15 NAME 'dhcpFailOverPeer' D + ESC 'This class defines the Fail over peer' SUP top STRUCTURAL MUST ( cn $ dh + cpFailOverRole $ dhcpFailOverReceiveAddress $ dhcpFailOverPeerAddress $ dhcpF + ailoverReceivePort $ dhcpFailOverPeerPort ) MAY ( dhcpFailOverResponseDelay $ + dhcpFailOverUnpackedUpdates $ dhcpMaxClientLeadTime $ dhcpFailOverSplit $ dh + cpHashBucketAssignment $ dhcpFailOverLoadBalanceTime $ dhcpComments $ dhcpOpt + ion ) X-NDS_CONTAINMENT ( 'dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet' ) ) +olcObjectClasses: {15}( 2.16.840.1.113719.1.203.6.16 NAME 'dhcpLocator' DESC ' + Locator object for DHCP configuration in the tree. There will be a single dhc + pLocator object in the tree with links to all the DHCP objects in the tree' S + UP top STRUCTURAL MUST cn MAY ( dhcpServiceDN $ dhcpServerDN $ dhcpSharedNetw + orkDN $ dhcpSubnetDN $ dhcpPoolDN $ dhcpGroupDN $ dhcpHostDN $ dhcpClassesDN + $ dhcpKeyDN $ dhcpZoneDN $ dhcpFailOverPeerDN $ dhcpOption $ dhcpComments ) X + -NDS_CONTAINMENT ( 'organization' 'organizationalunit' 'domain' ) ) +structuralObjectClass: olcSchemaConfig +entryUUID: e31c533c-8764-1034-83b4-933592c3cd29 +creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth +createTimestamp: 20150505112324Z +entryCSN: 20150505112324.071776Z#000000#000#000000 +modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth +modifyTimestamp: 20150505112324Z diff --git a/test/database/__db.001 b/test/database/__db.001 index 93430ef864ad0302290fa6685e0569150211a3c7..cea80232bed561340cf49c720f3e3207b28b2fc1 100644 GIT binary patch delta 1099 zcmZWnT}V_x6u#%~%ME#_x~a%Mg#VHc8WKi=6)ptreW-4$sQqAwkxNEN z1bMrzQ(z#}g9O5g(IjT(Q$;}!ff)I)(MvCZQkkJ!Ay|85>K$FT}c@#v!#ml#^nlp@kK1jwzL zl=*C9d3kPjP01p;4WdNW>%|h;XP|{2)7-3k2>@{iL?QF`jPu%=V-Hj&? zCsyP9v~D@Y)JfURPwS=wFD*|;%5a2nnmGKwjE`@2MyU;&e(y(*O=K z(}7w@T^q_E@i0mT2mKmG4*)PvKLXkGQ#<;|L&m#=`Pa*2IgGrtxf6x#JJo!2st2`* z;G>Sq$m0P!&AZKGJ7IEJbWlSP*dd#(4V)uYIx1x)&+5E}*^6tK^%9G2^)eGhpKD3H z9l2=iJ*pQmzq{FhYaWdhLkSrN?3Mg%X!*x!%3iVrSaPSDkHlw>n~#700g~H>a;Ylf z7&r?Vy2w`K%!Px8`ZOh-)F8Y+Gr}j2S%A+2vjxKmOGLrAoOB^9kyi-&o%!q_G2iXq zG)%g(W^70h<7!f4!)as;;{Ys@4;arn3lh?wS#eG3!iJI6`rGhdHi+GZpRlYs8}4%! zvwjnclDiUii3@Awk%T)EI0dvx#<#%9o?1i-Jig zHO{WrqR8l>h>8uPo0Mtv5P?M?MA6GaKSB_!MNs5V-`$;EMD4=mn>pV(=brnsI#aMZ zQxIuEXvox2i83N2#xDBcl}($xjpk6Ux*!M$;KDCf6AH&F3|%uPY^ta(7*P;YQ^C_E`{o&^jTOzY(EkmeF|A zO+x6&9QvO9T5S=M1W`Ln2@-Zt!Ievw3w zONEXXX0WGqZnV$PvuPD3<#ZNe>;bIwAXbugnE6d!6p7M5>ga#os}Fgd8xs zFdZkP7J2ChLS|g?JYUT!wqoZ`Dhw}DZ#X}Xqueg{14lPFfjlC diff --git a/test/database/__db.002 b/test/database/__db.002 index 855891920c84f05e65fec71a551cd5a1b11de7f3..7f5e3d5a3645d11b7bf432b3d544ee346c80f56b 100644 GIT binary patch delta 1600 zcmezWpX2|3jtvQnOe_qWlNiGomF_S=Ktp=5n^!%Q1EfTuOhM*}@1!PA(DT8mk{zmY zH6u{v#0xBw8<;&5(T$a4gs5VJD(0RnI6YkuU6sUS#_9T#3z#tVL$xu8KpD=H8(GsO z(e=Yr2~J+PG9SYYa9Jork+2!~Z5V#CLpaRTH$Sl9;GO)TRfCat@cH%P3ar4H7*V*BI0von@?!sU;g3dUCH@K817j6d! z7e=o0hL$Z#lP6BMpPaDC03*r*Co}FW#}M@ain;^S20}e7VEiXv+**#)y?jt*T9X<1 z>L>5mT!3M+*W`&C^(Q~D@tC|}3phDW)5q$rAeak)N$ud)cH(V>2QN4lCZ}#+3`+E^ z<&ztBaBzx4-6uMEBE()a)qi(X!(9xE>*&b~H-TL|X_o>gEd6o=^O5r81G{~iXYATO JV;5t3D*!x8L>B-6 delta 1675 zcmeH{&r1S96vubg{8hTNQDi@$v0r#t`i3% zkg!MVQX*3BrYNx~sySc()Ss$7Bf^}QI3O*oLZL4}JZ!Dsxe3(k16hc{M>3!plPTg; z4F~NY+d?A6%V~5-FRZmlzgk*A%+*?OE7t=gD>ZDCRzyb|UhX!eTD7k9Qk?0^*j4_7 zuU&%7&5qxIxbCytpHG1cHxIL^<2b2eMwV#h49v$8rzyUQ)$``jS94OCChdc!&mVGxg2C(8+j!L3ZIp@J66EKC$7C@Z1b6kuQ3 zv9NQHRvMqFfGWCx2)ppeVpShT4QAl{PJ&2B2nt30>K#ciuUK_0sIhd#>P!4|pQ>9O zOGHy18xNQI1&@RL=pr6?En2Iytj3CeE5&14(X&;R9+s%vf%=_lBMrgib$BmVddQVX GH2DdtJ~5L3 diff --git a/test/database/__db.003 b/test/database/__db.003 index d31f3ac88534f203b2550cd28ff4a0340b61868b..de0bf784b5566e91c7554c97566d60bc7ab54bed 100644 GIT binary patch delta 90 zcmV-g0Hy!`{|5j62C$$30a=rw0h0l;lYxULlTem4laK;PlfV@Sv)}?SJ^?nf5kYSO wljsr3^Lgt^fc4 delta 86 zcmV-c0IC1~{|5j62C$$30Wg!H0h0k>lYxULlTem4laK;P0Wh=K0yjPZ9J3KYZvg=# svw=b-kx5kWVz;Da~;lPC%hvnYjl5CJc5SAMbN~PV diff --git a/test/database/alock b/test/database/alock index 91f42817a38789423bdaae58d88da27078540b0b..78418d3e7b8bad41fde5eb9fbc4cabb06467444f 100644 GIT binary patch delta 22 ccmZorXi(T7z`|*^+ar_#2<~i_WO>dF07kb4IsgCw delta 22 ccmZorXi(T7z`{A@@YfIqAW+yW$?}{V08i`&kN^Mx diff --git a/test/database/log.0000000001 b/test/database/log.0000000001 index c11ea014904448df6b971530af628120f5218a4a..863bb4654103dcc159a647f1f6a559827120c7c1 100644 GIT binary patch delta 4818 zcmeH{TS!z<7=_Q+h19{O8Wl&KyrF56=|h@^R#GvMVS$#WX;O(sqE1DLNJ1Kk5!Gpm zGK;JSgS5mbOfY@OB!vU`{(}wQA{4 zserN_^o&m!o&>>L4j9}RW95V?bKYJMyg326GhvJqO5Ek_p=3Aj&q^iBZrL`NqAjH5 zY9ja@S$aYa{HPDY>p-BoSfqFDf&R2Rlr9V!a`bB|luCKib zSU3W}u-PP7HBydq3C`Nq4l5saE}tmHxl}){dI~EaZiO5ak&yURsZ*g@KLdh+oy!4A zLC{=YHVlG+6OcO-Iyj-sl?jd05|tL55rmS)6rq{zhdh`N0)QY8EeO?8j@>?%J+r9e z&xHCZMIFm{yAE~yc^%}SJTz~SA^z7KFJ0lkO^&~6omWx>bpP)LgDoyKN1XY(#}Jp-M_2l=1fg`;bC;9ps>_ zYI6t;P=-3!yp9(_D2xfYPAi0gcNrQ8g>eFMXF?8TAPno6Pz^01RCGxY`amIsY%VLW zFd+m0K|rh%|3leb*?gAGmT)Fyp%g-8n&Mli6VB@(2PH-j>Y)sE_G{iAhEN0(`ppSZ zGx@O~L~sIfXTsK>3gH(Gd>WRew1iOIIYH<-g%FDCd>9EKJpzCru!h%ZiPqd$+pfqDLgSrp*jiGNvKXjbrPzR@c&Q33x59q@5&@h delta 3216 zcmezW|3AxrAl@MGe6uOzT>H%qjFU!*(J&ZI2cy|wv?v%Y2}eu9(UNeqBpfXXM@z!d Ll92W#;S+5DzJhjX From cf768e48317bca074c850cec950a62139e7a1035 Mon Sep 17 00:00:00 2001 From: Johnathan Phan Date: Tue, 5 May 2015 18:00:49 +0000 Subject: [PATCH 15/19] want to add controls to allow schema and configuration changes from inside the container --- image/service/slapd/daemon.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/image/service/slapd/daemon.sh b/image/service/slapd/daemon.sh index bb08237c..45615839 100755 --- a/image/service/slapd/daemon.sh +++ b/image/service/slapd/daemon.sh @@ -1,2 +1,2 @@ #!/bin/bash -e -exec /usr/sbin/slapd -h "ldap:///" -u openldap -g openldap -d -1 \ No newline at end of file +exec /usr/sbin/slapd -h "ldap:/// ldapi:///" -u openldap -g openldap -d -1 From 36d7303e1ed473e7df50795e25fb289bf7a4b6b7 Mon Sep 17 00:00:00 2001 From: Bertrand Gouny Date: Mon, 11 May 2015 18:00:51 +0200 Subject: [PATCH 16/19] security stuff --- image/service/slapd/assets/security.ldif | 13 +++++ image/service/slapd/assets/ssl/dhparam.pem | 8 +++ image/service/slapd/container-start.sh | 44 +++++++++++---- test/config/cn=config.ldif | 6 +- test/config/cn=config/olcDatabase={1}hdb.ldif | 18 +++--- test/database/__db.001 | Bin 548863 -> 548863 bytes test/database/__db.002 | Bin 147455 -> 147455 bytes test/database/__db.003 | Bin 114687 -> 114687 bytes test/database/alock | Bin 4096 -> 4096 bytes test/database/log.0000000001 | Bin 10485759 -> 10485759 bytes test/ssl/dhparam.pem | 12 ++-- test/ssl/test-ca.crt | 22 +------- test/ssl/test-ldap.crt | 41 ++++++++------ test/ssl/test-ldap.key | 52 +++++++++++++----- test/test.bats | 6 +- 15 files changed, 138 insertions(+), 84 deletions(-) create mode 100644 image/service/slapd/assets/security.ldif create mode 100644 image/service/slapd/assets/ssl/dhparam.pem mode change 100644 => 120000 test/ssl/test-ca.crt diff --git a/image/service/slapd/assets/security.ldif b/image/service/slapd/assets/security.ldif new file mode 100644 index 00000000..a66cf0c2 --- /dev/null +++ b/image/service/slapd/assets/security.ldif @@ -0,0 +1,13 @@ +dn: olcDatabase={1}hdb,cn=config +changetype: modify +delete: olcAccess +- +add: olcAccess +olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymous auth by dn="cn=admin,dc=example,dc=org" write by * none +- +add: olcAccess +olcAccess: {1}to dn.base="" by * read +- +add: olcAccess +olcAccess: {2}to * by self write by dn="cn=admin,dc=example,dc=org" write by * none +- \ No newline at end of file diff --git a/image/service/slapd/assets/ssl/dhparam.pem b/image/service/slapd/assets/ssl/dhparam.pem new file mode 100644 index 00000000..73b8c1e6 --- /dev/null +++ b/image/service/slapd/assets/ssl/dhparam.pem @@ -0,0 +1,8 @@ +-----BEGIN DH PARAMETERS----- +MIIBCAKCAQEA7adhygsX/CvbcQBlSEKBmm0D0+hVfIttcftyFTuDPNok4yDJUBUF +zzc7X/i3PUMzANhShBrngBaXbOhVk3QcjMC623TPhFmILx0r236+aQEUGnlwN73M +RUFM6EblYgH4+E4nv+JLwzHdO72+qMAd92rtzVMiaDlCWghH6wdAFoasTsT6Posc +F5T8WCkzFAZeVhNGRKPP6k3l2BjvRJzkwYMMJrxaIYznMEK6H5CYIqZcpeAB3d2B +NaZXLxFCemLrSS16UHrH1modEe8yjrOaE5+ZesGAA9onsNRZkAJp0x/pRaO/+rHn +Q5QVCQCzxY16UsLzH0q/P80xPMU7BMoocwIBAg== +-----END DH PARAMETERS----- diff --git a/image/service/slapd/container-start.sh b/image/service/slapd/container-start.sh index 9bb385d3..fc7a05d3 100755 --- a/image/service/slapd/container-start.sh +++ b/image/service/slapd/container-start.sh @@ -9,6 +9,26 @@ chown -R openldap:openldap /etc/ldap # container first start if [ ! -e "$FIRST_START_DONE" ]; then + function get_base_dn(){ + BASE_DN="" + IFS='.' read -ra BASE_DN_TABLE <<< "$LDAP_DOMAIN" + for i in "${BASE_DN_TABLE[@]}"; do + EXT="dc=$i," + BASE_DN=$BASE_DN$EXT + done + + BASE_DN=${BASE_DN::-1} + } + + function is_new_schema(){ + local COUNT=$(ldapsearch -Q -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config cn | grep -c $1) + if [ "$COUNT" -eq 0 ]; then + echo 1 + else + echo 0 + fi + } + # database is uninitialized if [ -z "$(ls -A /var/lib/ldap)" ]; then @@ -29,20 +49,21 @@ slapd slapd/dump_database select when needed EOF dpkg-reconfigure -f noninteractive slapd - fi + # start OpenLDAP + slapd -h "ldapi:///" -u openldap -g openldap -function is_new_schema(){ - local COUNT=$(ldapsearch -Q -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config cn | grep -c $1) - if [ "$COUNT" -eq 0 ]; then - echo 1 - else - echo 0 - fi - } + get_base_dn + sed -i "s|dc=example,dc=org|$BASE_DN|g" /osixia/slapd/security.ldif + + ldapmodify -Y EXTERNAL -Q -H ldapi:/// -f /osixia/slapd/security.ldif + + else - # start OpenLDAP - slapd -h "ldapi:///" -u openldap -g openldap + # start OpenLDAP + slapd -h "ldapi:///" -u openldap -g openldap + + fi # add ppolicy schema if not already exists ADD_PPOLICY=$(is_new_schema ppolicy) @@ -64,7 +85,6 @@ function is_new_schema(){ sed -i "s,/osixia/slapd/ssl/ldap.crt,/osixia/slapd/ssl/${SSL_CRT_FILENAME},g" /osixia/slapd/tls.ldif sed -i "s,/osixia/slapd/ssl/ldap.key,/osixia/slapd/ssl/${SSL_KEY_FILENAME},g" /osixia/slapd/tls.ldif - # set tls config ldapmodify -Y EXTERNAL -Q -H ldapi:/// -f /osixia/slapd/tls.ldif # add localhost route to certificate cn (need docker 1.5.0) diff --git a/test/config/cn=config.ldif b/test/config/cn=config.ldif index 163b2705..b9493863 100644 --- a/test/config/cn=config.ldif +++ b/test/config/cn=config.ldif @@ -1,5 +1,5 @@ # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. -# CRC32 eb45b050 +# CRC32 46c15dd8 dn: cn=config objectClass: olcGlobal cn: config @@ -11,6 +11,6 @@ entryUUID: db089696-51e1-1034-95ec-9d03bc6be361 creatorsName: cn=config createTimestamp: 20150226090154Z olcLogLevel: stats -entryCSN: 20150505124437.961383Z#000000#000#000000 +entryCSN: 20150511154546.689799Z#000000#000#000000 modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth -modifyTimestamp: 20150505124437Z +modifyTimestamp: 20150511154546Z diff --git a/test/config/cn=config/olcDatabase={1}hdb.ldif b/test/config/cn=config/olcDatabase={1}hdb.ldif index bd2fa7ba..32b648ca 100644 --- a/test/config/cn=config/olcDatabase={1}hdb.ldif +++ b/test/config/cn=config/olcDatabase={1}hdb.ldif @@ -1,16 +1,11 @@ # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. -# CRC32 8b1aead3 +# CRC32 4f6c59f2 dn: olcDatabase={1}hdb objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {1}hdb olcDbDirectory: /var/lib/ldap olcSuffix: dc=test,dc=osixia,dc=net -olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymou - s auth by dn="cn=admin,dc=test,dc=osixia,dc=net" write by * none -olcAccess: {1}to dn.base="" by * read -olcAccess: {2}to * by self write by dn="cn=admin,dc=test,dc=osixia,dc=net" wri - te by * read olcLastMod: TRUE olcRootDN: cn=admin,dc=test,dc=osixia,dc=net olcRootPW:: e1NTSEF9bU9FWlh4OUpPNmlhK1dkeFV4S0FKam43R3dmNVJrby8= @@ -24,6 +19,11 @@ structuralObjectClass: olcHdbConfig entryUUID: db09539c-51e1-1034-95f6-9d03bc6be361 creatorsName: cn=config createTimestamp: 20150226090154Z -entryCSN: 20150226090154.826706Z#000000#000#000000 -modifiersName: cn=config -modifyTimestamp: 20150226090154Z +olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymou + s auth by dn="cn=admin,dc=example,dc=org" write by * none +olcAccess: {1}to dn.base="" by * read +olcAccess: {2}to * by self write by dn="cn=admin,dc=example,dc=org" write by * + none +entryCSN: 20150511151550.910171Z#000000#000#000000 +modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth +modifyTimestamp: 20150511151550Z diff --git a/test/database/__db.001 b/test/database/__db.001 index cea80232bed561340cf49c720f3e3207b28b2fc1..74c8c6ef5a42214e68d73893765d6ac6fbee8c53 100644 GIT binary patch delta 920 zcmZWnQAiX~6x}=X-ni@T$}FR6tHQdqNwi9RNQ_|+rXbjdP>O+-13_ZSu6=0qvx5dj z6zw!yub__%DiQjSq^BXM^kITT5*S8^MNmJIN(8~0-M71jwHNN(H|N}U-g$RsYbvxg z6-pEqslDUTiSGw4I53{fHn)h{&MctXXl)o^(l#LCnh_|5!A9p~?fEdwL!ikI4nXX5 zp?GFOV7g^!_Cr~fn*1!(N`h9*&0X>;Xr2Lwb$ihrYFH;b(h%(iAu!zY=J_z z9g~UV+q8_5^lB+(FOm`8UOed(?!B|;{<4HMVq3KFh&aCz-{L)atN8+TILvKdqK>?2 zZV{KnrQ-$mwqpHotT!waDs8{gQ1dyfP;w;|7YeABRuK6A3VKmSVeseBS&11*(Cnwm zA@4bag*CHxqcaO{DmC7h2?^k{o9f5SxRL-iEz(x zEE|^x%>ix>K%>v4WcwA%C}rghl9Q$CrAl6&gnbn*ElX38`Gg`<5g zPqxRiv!}3+Uz?S~68ljvmGRee^7JFNcAm6>#y)kEU|^bMb_tgvJH!w%ylkP91i9Wr zOt50R*jgLupk5?3w%SEXS#y-=OpTIqJ{%>Nf}rrwEpkEvB~9~$MbtX*@S%4IQsKsWAEx7mErJ z++o&k4<#B!5cnVkx3E&_p`wSBKw1(q=(QjFu^tTj?#u}0esJfzbIv{Io;!1w#>W203={6uWYrYW>r9SV_qGp12w z&kkg)8FD|c9d|g4!poznXEOFpmPw;K#l8`Iy8s<`G=WM|aygIabz{*MaW0%nuW{`m z?8jjCjBu#33O!Brzg>r#Kk;qCp~`g-_-coJzZ{2!!l9!wGtv;W?s@8R&mkPmne6!Col%OsU;VI6tV?{EA>=K;sy|d;(#`y~(J;%@T{rsh54^Q?$ zG@y!{qBPSeW~EKCmn}BR5nh^x$_h2)a8hWQY(b}*@2c`wstP*! zwHHdc%o@`W<}Y6<6SviO8nu^FHhqMISS(JwTc-vcwa71qE^un1ilW1gh13aw98Ps{oqWf|ECH7M|S08iUPZL8xw7qIBamdKgKf zhw z;48qP4Z|=-d7!p_fyoWb9>65TG5N=|1~A<)9YjNuD(?)esgn!p20vK(LJwMQr~>}U zhBFZo&RfDH@qFhCZKP}nQ_BN$2-xJ! za~FPL$E8$a^TvhtY#?LN9St*VCyHT{Yd4@c)0+|EJ|(C#*(M84H=i7^(STO~D$)SX z<-HrL1yMwR&i0u+aicphq71+xJ!2Chq&KT>W(NBe<|r?yHOx>$1tu4=$WKlX@<5N@ zEtu8>p;&WbD;{ei(5zv@Va?m^)ru%d2q_X^;=+?JZb?TAg}*ymIG}MB4Rn=0$OoDz fNf?VkY*0V5PoBu9JlSD|PxFjj+h^=zOm77MblaNA delta 1467 zcmezWpX2|3jtx7Ql9l*Ek1P*`H) Xo;;CHd9uR_pXM36w$IqbnBEEi0~aU& diff --git a/test/database/__db.003 b/test/database/__db.003 index de0bf784b5566e91c7554c97566d60bc7ab54bed..31466f35c879637c242ca28205c512e0d62fd407 100644 GIT binary patch delta 90 zcmV-g0Hy!`{|5j62C$$30Y#Ic0h0lWlYxULlTem4laK;PlVA}Dv)}?SJ^?DT5kYSO wleiENvyeg-(&5kWVz;Da~;0YkGHg@+K6C=n5}v6Xi~lh_XsvpCkr=}YY*`Tzg` delta 90 zcmV-g0Hy!`{|5j62C$$30a=rw0h0l;lYxULlTem4laK;PlfV@Sv)}?SJ^?nf5kYSO wljsr3^Lgt^fc4 diff --git a/test/database/alock b/test/database/alock index 78418d3e7b8bad41fde5eb9fbc4cabb06467444f..54c86183ec94ee6e0495074d2d507b6851c7dcaf 100644 GIT binary patch delta 43 qcmZorXi(T7z{0ueTtFxT5D09RWO>d!iA8{O*>Q*nKUicD4+{VT9Sbo4 delta 32 mcmZorXi(T7z`|*^+ar_#2<~i_WO>fKQQ!mfL;-a^ z4;&7Mn}fc8Fn9Vzc4{|LIqC`&G1casX7dvICe)8Uh+GV`^M})z!N8Upd&?@P(m8+$c8t~ zw~#QF-H{rRP!W)si-fTv0lGRt_YY6_ZYV=Zp>YmbZtP+xr8EL%#TS-O7zzYLpn9{BgkF)57RXSdyE#gIIYY712$Y>mmUsf?JqUG{ZHKc)I+g3TIF(dJSuu9Q$H^bUrSfQ(}y~3I{3=G<6`UNo5 z=RB2l?Iv$4&475)b*7v_KtKjcS1Bso6vipB-eUma0SL*@#f2>*C(dsHns|sN(2-&| z-?xaRqya)3*C+?sjMCS_yD#0n171(zg|7Ct2=6R=rEIxl)CRh8jPAu8V;RlBs11%^ z4UBLI2tn-$iW299an|5Kn>_uRUT(TNUUHC#$LV&xTPK=mMHA=cq5A@+=f>tywKI& z^TNC0KF4@QGoC43HpiIi&M}$;o-GGP7zBi%wz9+?(qW8lN{~n2GfB5-Mu`v7XIfFh zUzC6je~AJhegFsfOLtO^yVY$YAWVW-l3u!kXR4|SxXN@MvrEvgI=RiGm!v##$$G18M`Sgzia zD;^jn6V33B+&M+V#1humi82O~b_@pdbwmmi(_R)+I<8B-+ zMv38~1a$c8F7)l8moywsr+4Sh0>%i25j~J6obH}eiG&d%0lGTDN*WT9+c-uQ&1jRJ z%Q0MiI7ZQcmrV=<0zy#xf}+Y?(qU};GGD&bYLaA{fidlvP*RH488R=A<#8hx>E8x5qP%EHptT5KbNZNuG< zC*0Y8d?6AdL;`em!aUND@Zc$j*+?^B@;>D-Hktu5Z@j*j!9YL=%Eu_GNdDZo`Rz@+ zP-PT@DIgUvC-N@4qRJ>y1v*lc3Fk>emB{t!XOIxdV4jJD#l>}HNQe{((A5c32l0fC zb`GQa)lIl|G{NcO@&ga1SF>oFQ&Xdr25;{*p=Sk>137sdQ^CbLV JPr~Gse*q&+hDZPa delta 3216 zcmezW|3AxrAl{JhZL=xkT>H%qjFU!*(J&ZI2cy|wv?v%Y2}eu9(UNeqBpfXXM@z!d Ll92W#;S?DFWGHrN diff --git a/test/ssl/dhparam.pem b/test/ssl/dhparam.pem index a3e1a7e0..1cf397d7 100644 --- a/test/ssl/dhparam.pem +++ b/test/ssl/dhparam.pem @@ -1,8 +1,8 @@ -----BEGIN DH PARAMETERS----- -MIIBCAKCAQEAwC8hQ6nZ2kNNmZAGGYN8++rUvNlDjKqdwWubUnqY08ng6FfGcouL -VSvgsF3LeERW/h4hrkgN983QjwrbBOrNp+7B59lhCs6Acvi87dXf3iaGNy4Gca43 -ERVkAJ7IWdXydyb9COANRtmBb1JvvYMAeVeMdofk8EcOW/kUV2adAQKluAcVhgRQ -Pesp5i6Lv1kN5zVHDGkrJz5h0Mzi35aYia0gSnVCqEzmU7Omnz/gXY3Jdx91ym5Y -2dTZuUZgIhco2bfPbhDl/1g0a1PWz7rxw24KJloNZC3nEt3JqIto83GsgaUtYxFT -EWINSpghTjl4Z0CGCamJ6HXsNJGaVUXuGwIBAg== +MIIBCAKCAQEAsLJldsilC/DLZqlBYtj1/6zC+hgrMhdpCubycH15KXTaQ+bfJ5is +ob+3vk5G4VvMOLt9GoLbCKOHQKfWiYWPpYfQQxr3gLnl6H46MGPQ9afa93AsnUrZ +39xLt3zBNZKS7j2cDLZlZLrYgTj9TQzFVhfoZO29sy5xVYoeOtBBrnkvy3Y95oMS +Rhw+HY03I6vm2UUhVf4m/2Cx4b8QziCl2j6FjBpVqbSv8LseFvw0Z5ju+jJDOv9r +ePId0k2jSpW7b7AzsgEbxSfC2neuNx0rkuf1oH06ojOQWaFSBHZJJldL4DjSNZHh +DsTGLJJzsuzgAMKR/F+1osU+v5CQUP/3KwIBAg== -----END DH PARAMETERS----- diff --git a/test/ssl/test-ca.crt b/test/ssl/test-ca.crt deleted file mode 100644 index 0953710f..00000000 --- a/test/ssl/test-ca.crt +++ /dev/null @@ -1,21 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDZzCCAh+gAwIBAgIEU2ehnzANBgkqhkiG9w0BAQsFADAjMSEwHwYDVQQDExhU -ZXN0IENBIENvbXBhbnkgLSBPc2l4aWEwHhcNMTQwNTA1MTQzNTExWhcNMTUwNTA1 -MTQzNTExWjAjMSEwHwYDVQQDExhUZXN0IENBIENvbXBhbnkgLSBPc2l4aWEwggFS -MA0GCSqGSIb3DQEBAQUAA4IBPwAwggE6AoIBMQDdf+DVT4rPGxNB1SwL6git8Lw1 -AsEvd+rHAMKyCSRxbJywvtN/OKxVz4qWCkoRvcffG0uyoWRE+1w6DnT8ON+8uvuI -2wbrLydFxuZdouZZJiX0QbXWra9lQpDWO2EAiPFchbN/K9+fXwV4SpsI3B7bGwM/ -sVtn6khbxvtzn+9yUmjIpA7q8i9NLVoX8UwagANtFIVE/Dc/MwaX7ayu6yYiNLXx -GHzWXzQcTS6vWcVaf+pkq6/zZdXn0jVNfqnwAu3ooTWO3BeuQvGaQeRpRVlM0lPh -oM7YFhR8b13Y5EmkZtSjoM+7ZOKF5mqBvluj65gIcQxnx4l4YCZ4MUVAlZBYc87h -2JSYrAlq6eBhJzkNDi21jqtqSr1i08XICZrz4Vk8lrexWbRGzyz537La1LYNAgMB -AAGjQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4E -FgQUnod7FQfSDLyWVeBSTTdCriQoEHYwDQYJKoZIhvcNAQELBQADggExAGtv/8Ot -3Acs+KlR+0OBtnWe6sfzfQ2fRJvol7szp0Nto+zTZLbtCEvNGIVkd8eLrm9a9soa -pY/pC6dAPPZHho/G46quSjtSARU/tlbabkRsCfHiWIvtjqKIyzqk+YjOc767pd0G -iWKxF98sI4fKdlZ+Aqw+9vO2KwQMYEtrIiCbPUYMff/BzxkrwUBnYcTjISPwEd3Z -JylfG78qsB8N6UOf89jRX2O7HCy6CGJvcuxbkwaCd5iqgLhBXj9bU7xgy/A2udav -JV/uV+vWDcy8cI22Xz1jfPpimAZjv+Qb3NjDX5nxjTciAEsNges0QdxZ71dfEqo+ -DGSImtM8ORivPw7oXADztCC+11KcV4THa6wmu+Sblsxe46ldAwb6MLvMN04zALUN -mW4ojToqYgz9Jgc= ------END CERTIFICATE----- diff --git a/test/ssl/test-ca.crt b/test/ssl/test-ca.crt new file mode 120000 index 00000000..6833d14a --- /dev/null +++ b/test/ssl/test-ca.crt @@ -0,0 +1 @@ +/etc/ssl/certs/docker_baseimage_gnutls_cacert.pem \ No newline at end of file diff --git a/test/ssl/test-ldap.crt b/test/ssl/test-ldap.crt index 377feb39..6a916d3a 100644 --- a/test/ssl/test-ldap.crt +++ b/test/ssl/test-ldap.crt @@ -1,19 +1,26 @@ -----BEGIN CERTIFICATE----- -MIIDAzCCAbugAwIBAgIEU2eiHTANBgkqhkiG9w0BAQsFADAjMSEwHwYDVQQDExhU -ZXN0IENBIENvbXBhbnkgLSBPc2l4aWEwHhcNMTQwNTA1MTQzNzE3WhcNMjQwNTAy -MTQzNzE3WjBAMR4wHAYDVQQKExVUZXN0IENvbXBhbnkgLSBPc2l4aWExHjAcBgNV -BAMTFWxkYXAtdGVzdC5leGFtcGxlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw -gYkCgYEA0/9/VYQARBLg7TrEiO4DAjcBAt3u3IQNNo8YdsL9iGwmRTPOspxOBVuQ -2AVEIuT+4KLnm01q1NA+tEvXdfXI9eIN5zjCVTdt6VqwrF9E3zWxYEkuSJ4FWOhN -dc0837hWBg+mBl/d6fSTkmeRc9fpwwr1jK7t10/BIzMr/pCzf10CAwEAAaN2MHQw -DAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMD -B6AAMB0GA1UdDgQWBBThLwuObrBzlp4qsKs0NHFMrCgn8jAfBgNVHSMEGDAWgBSe -h3sVB9IMvJZV4FJNN0KuJCgQdjANBgkqhkiG9w0BAQsFAAOCATEAiAl9RGibKsfQ -5Vbz2ZjsykzYj9Dhkxp7fc7RdrK0SEHGXn8Qeg5jf+j9DtfhTrZPVF7Jn4WOvuqh -okQPrwRaDox6rtFPjsIR9JIO3/N2OvA3ozQyWqzB1ksU7CHJ5jGRskHBftSH2xwF -kdGvSMIAmr9VpZ/sp4ykmADWC/bfz8BXYJDOsCBzJMtss/12hBqiJQhSsuBAsOT7 -40hG0t2S7mjGHWDF9PoARmNQ7X3Xc8j7V+dXLpNfZfc+htgI27WcOv7al4kxd//p -22a77U/q+9B1CV8T2q1UTRnQqPHxtgoRLd+5qzEtzBW37ecAs2eAs9Z7D3O/fScu -v0RxHSpnZDtL/JZcf3KO96l4sqCp6Ue5Ldg3tOvD4O46hjrlvUYnHcDdJjNYZ7rD -f5kGXs20Mg== +MIIEazCCAyOgAwIBAgIEVVDQPDANBgkqhkiG9w0BAQsFADB/MQswCQYDVQQGEwJG +UjEWMBQGA1UEChMNRXhhbXBsZSBDb3JwLjEVMBMGA1UECxMMQ0EgQXV0aG9yaXR5 +MQ8wDQYDVQQHEwZOYW50ZXMxGTAXBgNVBAgTEFBheXMgZGUgbGEgTG9pcmUxFTAT +BgNVBAMTDENBIEF1dGhvcml0eTAeFw0xNTA1MTExNTUyMjhaFw0yNTA1MDgxNTUy +MjhaMDIxFTATBgNVBAoTDEExQSBDYXIgV2FzaDEZMBcGA1UEAxMQbGRhcC5leGFt +cGxlLm9yZzCCAbgwDQYJKoZIhvcNAQEBBQADggGlADCCAaACggGXANy/lgIvYihV +NzXXVf51f7/en3OGh43e+dRZkJlKpp2wjW0HrXVqsBs7WmP1U1W5/YDG5d5TQtHV +d2qzFLyndWpNghIwmE2bClotCsfCSsxJq499limy2H1Cl9s0jIQfKbboc3KcDPDA +KD1jbDZm781uOGn8iCVTxP1x/3ftqxJ6LBGYWc76ASCLsrcVyCts0i1bIo7G5SO6 +MhSnRwvcjQC65LIEofYihfMkV/XBOU6kL6p1P6DZT3FFaYzEZpVbjBNhH6Z1C972 +/vwaJ8VX2SJ0Y8EUCoaxAF5nGNdmPAQ3MzpSggzxnKHiSVZPE421T2HEo1fl7cXt +HroaCcCQIMQMQJoghnEd0rolmVX6zAu/ozm17nrHnEk4noFeWl7UK+OJswSw/W99 +cFpyFaWWLjCONhlcbFO/HlJvb6PLUP325gT/Sv8GNocxOOUuVLAZi4L92qMQ71sY +Soeq9KE/Vqwit6kwd72ywVN9/wRZgQeBNKAhkxSIYXUJWZmw7N5i1yzpGqFHoxCP +YYNza56z4CEBMhD7QA8CAwEAAaN2MHQwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAK +BggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBSO5FchjIXn2/6R +W7947uaTjKuBlzAfBgNVHSMEGDAWgBTQwGKkbnpsVjrKyk7MyOGZGgdGzzANBgkq +hkiG9w0BAQsFAAOCATEAeHGbplCe0SDkmaC+vj22MC1ZLtE0pMOKY2AYOr0Xf6AG +mHFwUj1eqDPoK+xsmaeOMQpryr6sUO8kMoKGYuYa1VCsxNe8lGvu2KS90SN5xl9X +2rp78XDNlwk3xBVUowLtud72uiJgObPpUKWvflTQiEw9l7JyHisGiVVxlrmGLXg5 +FvxG9pkxrm9q7do6/piN4f8D7M4mL4miQdyU1qgoesfRUhcyXEENKmy1NuBNqzXK +nin5xm61FCUaeVjQtugf6rJxSKhI5IW3y4RCKaAmQhl/+8Llcyyq1DLwDKnoZIPx +KKD4L+OX+5QTHGh/19+NuSSr2YHWhU/h1ucWPXdda7zF1o/i+s2l8PX7YOmJCZ/p +WbikcnXkCv5D+wlnRpq/Mxy3taq17QAbIrmJjvmQRw== -----END CERTIFICATE----- diff --git a/test/ssl/test-ldap.key b/test/ssl/test-ldap.key index 2db7c389..e1092ea0 100644 --- a/test/ssl/test-ldap.key +++ b/test/ssl/test-ldap.key @@ -1,15 +1,41 @@ -----BEGIN RSA PRIVATE KEY----- -MIICWwIBAAKBgQDT/39VhABEEuDtOsSI7gMCNwEC3e7chA02jxh2wv2IbCZFM86y -nE4FW5DYBUQi5P7gouebTWrU0D60S9d19cj14g3nOMJVN23pWrCsX0TfNbFgSS5I -ngVY6E11zTzfuFYGD6YGX93p9JOSZ5Fz1+nDCvWMru3XT8EjMyv+kLN/XQIDAQAB -AoGAHY7OgKxWYydkr/7VHyhcSAdGP1GVN667ruM1rH1UXxyBG331MEcFw853+/6D -+P+Hn+dmtmsNXZ2pWHcIk/xQZ+MEsAdm+OZ1qpBJjHA0izJ6sqZaNxSToKCR4SHM -/ACPAKqM9r2g1jqXzLKzgHBVc25Fonb1vUilTpC3YfaN+sECQQDmQGEcEK9Lvyi9 -RV1fONDP3Z9cPRaSzpjUjlQAWNbhvcoUYV4AOy+tVClDErRIs/Oo+wCOL+bHlMom -zghcmxThAkEA67SPV0pNFR32gXvRZT4uKvCJcAjmNY4LMpet5DJ41Spq6+lbqXwY -1e87zEei1UvdmEXOjVsa1wXcg8Ks+/59/QJAHh+CFOfh5ykFLW3rv09xkiBOfwTG -9UHuILDWMI1u322zCGOMpr8Xh7ehBlNmHrTcRdlAw1lk+etvXxBJa8QmQQJABbNT -OCg63wTfflgxQ0KSuUUh/cypTKhHywxyDy/NTlJ9TYFSTzIKI7pqdtFQtdnk3Rbr -HO4UIxkoMSOXLW0FPQJARScXqZd7Lmwlw+ovAubfdOZdxjWGFZLRRZifiYZqtnQ1 -aw8PjdkaIPxLjCwSOelV9SsMue6a7nvkxKEn6QbT0w== +MIIHRgIBAAKCAZcA3L+WAi9iKFU3NddV/nV/v96fc4aHjd751FmQmUqmnbCNbQet +dWqwGztaY/VTVbn9gMbl3lNC0dV3arMUvKd1ak2CEjCYTZsKWi0Kx8JKzEmrj32W +KbLYfUKX2zSMhB8ptuhzcpwM8MAoPWNsNmbvzW44afyIJVPE/XH/d+2rEnosEZhZ +zvoBIIuytxXIK2zSLVsijsblI7oyFKdHC9yNALrksgSh9iKF8yRX9cE5TqQvqnU/ +oNlPcUVpjMRmlVuME2EfpnUL3vb+/BonxVfZInRjwRQKhrEAXmcY12Y8BDczOlKC +DPGcoeJJVk8TjbVPYcSjV+Xtxe0euhoJwJAgxAxAmiCGcR3SuiWZVfrMC7+jObXu +esecSTiegV5aXtQr44mzBLD9b31wWnIVpZYuMI42GVxsU78eUm9vo8tQ/fbmBP9K +/wY2hzE45S5UsBmLgv3aoxDvWxhKh6r0oT9WrCK3qTB3vbLBU33/BFmBB4E0oCGT +FIhhdQlZmbDs3mLXLOkaoUejEI9hg3NrnrPgIQEyEPtADwIDAQABAoIBligwyYME +VX66ZR7sYb++bM/mHGnQKIXv/tRmqij+qm8zYcxkBXTHQ+DxYXephs6o2jrD+74K +srO5hdBrYm8mnf4ItpHRPymB/NSGNtw/x5aCIzYwy1I0Oa40nalPW/YCJnoiwEIx +nzmGAs2KeH0/KJHia2sAi1kgc1EhnD2di/QFQljBwDgq1GG0jYk/8f3WBj4zxYrx +M27Zy5xvCERkl1d2r4Spy0Mg7fpit5EK6QAkbHlAd6E1b31UAe+bIoI29L3ihPyt +esfReIM1eSStNSjA1b4jMtdBIcrCgKxjm3nQUCdzDCmQglaPnC7Ab25uxtbF689u +0Y4CP/LLtdeh+7JMXFTIpO5smwFr5TVWOqzuKyLqO8U8p49+W/Au27ctxiUyUlvy +ce9QUBmIa2ACMueNXLC8x6Vf0HC6xSUYlG9iMnbr4WUnHDDbxNHtYWFcObPVkeXg +sqvO3oLRWxd+qfl+hqdKtw7UTrmWfuXB6SuD1hzS37XYzEkwU9fFaxcl2h3oTXIP +MQRaYBxUZJUNoHAB8GoNC2ECgcwA30wUXFNrfTM2H8Q340TfBVR8ODZx8ym9hIF7 +nFmqQ2a2Yt7/FznkOexySDlP8NDTTq0gxSiCgIJyAyyo89CmJ3vPf4tUSJMmUtvF +2U7s3L5UCYo1zoJs7qUbgQxs9WtOdeoi/otab0mzb+PrxFMfrLS8x/8jjwmBa/zu +LnK+l920VdSHOAhMqInrimLKfu6Tz4O14Kv2U4OkDWhRcjP0KWz89lIwL+gH5AyR +StO1WNijZNNErbD8cUEiDq2f79R39jwfaFgfTZE63ZMCgcwA/RPyLUwz7bMBrs4P +MJVG84ZBS9yfMJ9RM4MfPVHf6dJ9hjndJ3k3oovrxeKx/dRt78iEp88zRghMjkW1 ++ijFPtlSsJXbLPipNdmyylrjPaGCuQ7FukIfF/+0xQnZe37KRCdKneLQplOIibxN +bxjnG2qvlfR4gMCnqJOMHeD08/r8SNx7LMX4u2voBYcTIXefpKAH7XVOdVt/681e +nYWNQbf0oyLi9nV7raR9Q7qLw3oNjkvOPKCEfY6PwiNbI0WrtmfEfrN2WfyAgRUC +gcss7x5Zxd+nfhqyIcYtUbqfU/T7Stl7WTbt5zB8sf51OcIR+1XR0rB+h3on1oCj +sSIUfvpNMm2wdo+C3AXTqnUFFQEYZW08fYAExHz30c4QTayTjuBtAgnxq//w5BM4 +/7L2P3tzRY+ZPXeCWJclFqUVF/m1NT5uljcZB/jWF/kKjm6vpuje+ayTbc2cN20Q +ReowpAyBfZlADQmCOS/Kj3HetDPjTX6s5UBRP8YtDJU9n7qhm3ICkc7662RzF7VL +ibHqNwcK9FC4RzVVSQKBzACEj6YSxA+POmxvO9AJCqgXdwNM0UsxFMJb0RrT68b1 +myPU4wpMWtohclkVViEVa+gJ6WZS391jmYVAIJOpbSGkQgFmLZiYfcdkRZu5EtJk +vezTMkGvxmKzF2WAsCAS597axBn5iYzxEmA6hT+qKckkO0WtrlhQWJl5W4/RNrwX +8CelopeCZFBdG7B09MO4jAg7GvgMEZ3/KuZehTxCFmpfOhQSP3vSzMbztW1HxLbg +tVXUazCj4RCFE9+JOSvL1fqTmNb75tTfXbuR4QKBy1hxUnL7So6/EDnbpPoCXxsi +B0wR7YgqPgzpUhZ0FdoeR7IzDun+4Ks2STABsc+7yw46+ukVlUw2NBKyv35CrILq +XI2R/9bAESEY88uuOzEnx8mjkynRkrc4BNXTKAYBmYNavbFI5vs7meyJbxGI5JEB +qB8GXyzI3HZrIVuWqElai5d0fMqpRxrcBUseA7qiCIlTy+92TOM4dXckTfbtTwlp +MryK+MzgiBnDZZrNXChGJuZ6zvg0n4JcyotpSwQQ64ABqGldY/EiE/28 -----END RSA PRIVATE KEY----- diff --git a/test/test.bats b/test/test.bats index de5689e3..f855a359 100644 --- a/test/test.bats +++ b/test/test.bats @@ -12,7 +12,7 @@ load test_helper run_image -e USE_TLS=false wait_service slapd - run docker exec $CONTAINER_ID ldapsearch -x -h 127.0.0.1 -b dc=example,dc=org + run docker exec $CONTAINER_ID ldapsearch -x -h 127.0.0.1 -b dc=example,dc=org -D "cn=admin,dc=example,dc=org" -w admin clear_container [ "$status" -eq 0 ] @@ -23,7 +23,7 @@ load test_helper run_image wait_service slapd - run docker exec $CONTAINER_ID ldapsearch -x -h ldap.example.org -b dc=example,dc=org -ZZ + run docker exec $CONTAINER_ID ldapsearch -x -h ldap.example.org -b dc=example,dc=org -ZZ -D "cn=admin,dc=example,dc=org" -w admin clear_container [ "$status" -eq 0 ] @@ -34,7 +34,7 @@ load test_helper run_image -v $BATS_TEST_DIRNAME/ssl:/osixia/slapd/ssl -e SSL_CRT_FILENAME=test-ldap.crt -e SSL_KEY_FILENAME=test-ldap.key -e SSL_CA_CRT_FILENAME=test-ca.crt wait_service slapd - run docker exec $CONTAINER_ID ldapsearch -x -h ldap-test.example.com -b dc=example,dc=org -ZZ + run docker exec $CONTAINER_ID ldapsearch -x -h ldap-test.example.com -b dc=example,dc=org -ZZ clear_container chown -R $UNAME:$UNAME $BATS_TEST_DIRNAME || true From 4b3e252ed213a03457e520f0d88765f895b955ca Mon Sep 17 00:00:00 2001 From: ofreax Date: Mon, 11 May 2015 20:09:50 +0200 Subject: [PATCH 17/19] tests --- test/config/cn=config.ldif | 10 ++--- test/config/cn=config/cn=module{0}.ldif | 10 ++--- test/config/cn=config/cn=schema.ldif | 10 ++--- .../cn=config/cn=schema/cn={0}core.ldif | 10 ++--- ...{cn={11}radius.ldif => cn={10}radius.ldif} | 14 +++--- .../{cn={5}quota.ldif => cn={11}quota.ldif} | 14 +++--- ...n={13}dnszone.ldif => cn={12}dnszone.ldif} | 14 +++--- .../{cn={10}mmc.ldif => cn={13}mmc.ldif} | 14 +++--- .../cn=config/cn=schema/cn={1}cosine.ldif | 10 ++--- .../config/cn=config/cn=schema/cn={2}nis.ldif | 10 ++--- .../cn=schema/cn={3}inetorgperson.ldif | 10 ++--- .../cn=config/cn=schema/cn={4}ppolicy.ldif | 10 ++--- .../{cn={9}dhcp.ldif => cn={5}dhcp.ldif} | 14 +++--- .../cn=config/cn=schema/cn={6}zarafa.ldif | 10 ++--- .../{cn={12}samba.ldif => cn={7}samba.ldif} | 14 +++--- .../{cn={7}mail.ldif => cn={8}mail.ldif} | 14 +++--- ...penssh-lpk.ldif => cn={9}openssh-lpk.ldif} | 14 +++--- test/config/cn=config/olcBackend={0}hdb.ldif | 10 ++--- .../cn=config/olcDatabase={-1}frontend.ldif | 10 ++--- .../cn=config/olcDatabase={0}config.ldif | 10 ++--- test/config/cn=config/olcDatabase={1}hdb.ldif | 22 +++++----- test/database/__db.001 | Bin 548863 -> 548863 bytes test/database/__db.002 | Bin 147455 -> 147455 bytes test/database/__db.003 | Bin 114687 -> 114687 bytes test/database/alock | Bin 4096 -> 4096 bytes test/database/dn2id.bdb | Bin 8192 -> 8192 bytes test/database/id2entry.bdb | Bin 32768 -> 32768 bytes test/database/log.0000000001 | Bin 10485759 -> 10485759 bytes test/database/objectClass.bdb | Bin 8192 -> 8192 bytes test/ssl/ca-test.crt | 25 +++++++++++ test/ssl/dhparam.pem | 12 ++--- test/ssl/ldap-test.crt | 26 +++++++++++ test/ssl/ldap-test.key | 41 ++++++++++++++++++ test/ssl/test-ca.crt | 1 - test/ssl/test-ldap.crt | 26 ----------- test/ssl/test-ldap.key | 41 ------------------ test/test.bats | 6 +-- 37 files changed, 228 insertions(+), 204 deletions(-) rename test/config/cn=config/cn=schema/{cn={11}radius.ldif => cn={10}radius.ldif} (98%) rename test/config/cn=config/cn=schema/{cn={5}quota.ldif => cn={11}quota.ldif} (82%) rename test/config/cn=config/cn=schema/{cn={13}dnszone.ldif => cn={12}dnszone.ldif} (96%) rename test/config/cn=config/cn=schema/{cn={10}mmc.ldif => cn={13}mmc.ldif} (83%) rename test/config/cn=config/cn=schema/{cn={9}dhcp.ldif => cn={5}dhcp.ldif} (99%) rename test/config/cn=config/cn=schema/{cn={12}samba.ldif => cn={7}samba.ldif} (98%) rename test/config/cn=config/cn=schema/{cn={7}mail.ldif => cn={8}mail.ldif} (94%) rename test/config/cn=config/cn=schema/{cn={8}openssh-lpk.ldif => cn={9}openssh-lpk.ldif} (73%) create mode 100644 test/ssl/ca-test.crt create mode 100644 test/ssl/ldap-test.crt create mode 100644 test/ssl/ldap-test.key delete mode 120000 test/ssl/test-ca.crt delete mode 100644 test/ssl/test-ldap.crt delete mode 100644 test/ssl/test-ldap.key diff --git a/test/config/cn=config.ldif b/test/config/cn=config.ldif index b9493863..750b4fc9 100644 --- a/test/config/cn=config.ldif +++ b/test/config/cn=config.ldif @@ -1,5 +1,5 @@ # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. -# CRC32 46c15dd8 +# CRC32 70d65a48 dn: cn=config objectClass: olcGlobal cn: config @@ -7,10 +7,10 @@ olcArgsFile: /var/run/slapd/slapd.args olcPidFile: /var/run/slapd/slapd.pid olcToolThreads: 1 structuralObjectClass: olcGlobal -entryUUID: db089696-51e1-1034-95ec-9d03bc6be361 +entryUUID: 1dcfba2a-8c54-1034-90f5-f5ce8ee3f703 creatorsName: cn=config -createTimestamp: 20150226090154Z +createTimestamp: 20150511180556Z olcLogLevel: stats -entryCSN: 20150511154546.689799Z#000000#000#000000 +entryCSN: 20150511180733.754309Z#000000#000#000000 modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth -modifyTimestamp: 20150511154546Z +modifyTimestamp: 20150511180733Z diff --git a/test/config/cn=config/cn=module{0}.ldif b/test/config/cn=config/cn=module{0}.ldif index febc9a05..22e71b02 100644 --- a/test/config/cn=config/cn=module{0}.ldif +++ b/test/config/cn=config/cn=module{0}.ldif @@ -1,14 +1,14 @@ # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. -# CRC32 d5bd456a +# CRC32 293774ce dn: cn=module{0} objectClass: olcModuleList cn: module{0} olcModulePath: /usr/lib/ldap olcModuleLoad: {0}back_hdb structuralObjectClass: olcModuleList -entryUUID: db093e98-51e1-1034-95f4-9d03bc6be361 +entryUUID: 1dd019de-8c54-1034-90fd-f5ce8ee3f703 creatorsName: cn=config -createTimestamp: 20150226090154Z -entryCSN: 20150226090154.826169Z#000000#000#000000 +createTimestamp: 20150511180556Z +entryCSN: 20150511180556.927297Z#000000#000#000000 modifiersName: cn=config -modifyTimestamp: 20150226090154Z +modifyTimestamp: 20150511180556Z diff --git a/test/config/cn=config/cn=schema.ldif b/test/config/cn=config/cn=schema.ldif index e82c3bd5..f43345b1 100644 --- a/test/config/cn=config/cn=schema.ldif +++ b/test/config/cn=config/cn=schema.ldif @@ -1,12 +1,12 @@ # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. -# CRC32 deed6c98 +# CRC32 c62fefae dn: cn=schema objectClass: olcSchemaConfig cn: schema structuralObjectClass: olcSchemaConfig -entryUUID: db08b2b6-51e1-1034-95ef-9d03bc6be361 +entryUUID: 1dcfc8b2-8c54-1034-90f8-f5ce8ee3f703 creatorsName: cn=config -createTimestamp: 20150226090154Z -entryCSN: 20150226090154.822586Z#000000#000#000000 +createTimestamp: 20150511180556Z +entryCSN: 20150511180556.925219Z#000000#000#000000 modifiersName: cn=config -modifyTimestamp: 20150226090154Z +modifyTimestamp: 20150511180556Z diff --git a/test/config/cn=config/cn=schema/cn={0}core.ldif b/test/config/cn=config/cn=schema/cn={0}core.ldif index cc52c0f6..a71b7a88 100644 --- a/test/config/cn=config/cn=schema/cn={0}core.ldif +++ b/test/config/cn=config/cn=schema/cn={0}core.ldif @@ -1,5 +1,5 @@ # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. -# CRC32 f54534bb +# CRC32 5b59ad61 dn: cn={0}core objectClass: olcSchemaConfig cn: {0}core @@ -235,9 +235,9 @@ olcObjectClasses: {25}( 1.3.6.1.4.1.1466.344 NAME 'dcObject' DESC 'RFC2247: do olcObjectClasses: {26}( 1.3.6.1.1.3.1 NAME 'uidObject' DESC 'RFC2377: uid obje ct' SUP top AUXILIARY MUST uid ) structuralObjectClass: olcSchemaConfig -entryUUID: db08c7ba-51e1-1034-95f0-9d03bc6be361 +entryUUID: 1dcfd1cc-8c54-1034-90f9-f5ce8ee3f703 creatorsName: cn=config -createTimestamp: 20150226090154Z -entryCSN: 20150226090154.823123Z#000000#000#000000 +createTimestamp: 20150511180556Z +entryCSN: 20150511180556.925451Z#000000#000#000000 modifiersName: cn=config -modifyTimestamp: 20150226090154Z +modifyTimestamp: 20150511180556Z diff --git a/test/config/cn=config/cn=schema/cn={11}radius.ldif b/test/config/cn=config/cn=schema/cn={10}radius.ldif similarity index 98% rename from test/config/cn=config/cn=schema/cn={11}radius.ldif rename to test/config/cn=config/cn=schema/cn={10}radius.ldif index ed9de283..b37cf218 100644 --- a/test/config/cn=config/cn=schema/cn={11}radius.ldif +++ b/test/config/cn=config/cn=schema/cn={10}radius.ldif @@ -1,8 +1,8 @@ # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. -# CRC32 a6bd672f -dn: cn={11}radius +# CRC32 64b035b5 +dn: cn={10}radius objectClass: olcSchemaConfig -cn: {11}radius +cn: {10}radius olcAttributeTypes: {0}( 1.3.6.1.4.1.3317.4.3.1.1 NAME 'radiusArapFeatures' DES C '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE- VALUE ) @@ -205,9 +205,9 @@ olcObjectClasses: {1}( 1.3.6.1.4.1.3317.4.3.2.2 NAME 'radiusObjectProfile' DES C 'A Container Objectclass to be used for creating radius profile object' SUP top STRUCTURAL MUST cn MAY ( uid $ userPassword $ description ) ) structuralObjectClass: olcSchemaConfig -entryUUID: e31ded6e-8764-1034-83b6-933592c3cd29 +entryUUID: 1e48c0be-8c54-1034-9815-2f3e74c83a84 creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth -createTimestamp: 20150505112324Z -entryCSN: 20150505112324.082276Z#000000#000#000000 +createTimestamp: 20150511180557Z +entryCSN: 20150511180557.717999Z#000000#000#000000 modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth -modifyTimestamp: 20150505112324Z +modifyTimestamp: 20150511180557Z diff --git a/test/config/cn=config/cn=schema/cn={5}quota.ldif b/test/config/cn=config/cn=schema/cn={11}quota.ldif similarity index 82% rename from test/config/cn=config/cn=schema/cn={5}quota.ldif rename to test/config/cn=config/cn=schema/cn={11}quota.ldif index 191dd969..5c22c5c6 100644 --- a/test/config/cn=config/cn=schema/cn={5}quota.ldif +++ b/test/config/cn=config/cn=schema/cn={11}quota.ldif @@ -1,8 +1,8 @@ # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. -# CRC32 f8ac78b6 -dn: cn={5}quota +# CRC32 75183a81 +dn: cn={11}quota objectClass: olcSchemaConfig -cn: {5}quota +cn: {11}quota olcAttributeTypes: {0}( 1.3.6.1.4.1.19937.1.1.1 NAME 'quota' DESC 'Quotas (Fil eSystem:BlocksSoft,BlocksHard,InodesSoft,InodesHard)' EQUALITY caseIgnoreIA5M atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} ) @@ -15,9 +15,9 @@ olcObjectClasses: {1}( 1.3.6.1.4.1.19937.1.2.2 NAME 'defaultQuotas' DESC 'Quot a defaults to apply to members of a group' SUP top AUXILIARY MUST cn MAY ( qu ota $ networkquota ) ) structuralObjectClass: olcSchemaConfig -entryUUID: e319e9c6-8764-1034-83b0-933592c3cd29 +entryUUID: 1e4a04d8-8c54-1034-9816-2f3e74c83a84 creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth -createTimestamp: 20150505112324Z -entryCSN: 20150505112324.055970Z#000000#000#000000 +createTimestamp: 20150511180557Z +entryCSN: 20150511180557.726296Z#000000#000#000000 modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth -modifyTimestamp: 20150505112324Z +modifyTimestamp: 20150511180557Z diff --git a/test/config/cn=config/cn=schema/cn={13}dnszone.ldif b/test/config/cn=config/cn=schema/cn={12}dnszone.ldif similarity index 96% rename from test/config/cn=config/cn=schema/cn={13}dnszone.ldif rename to test/config/cn=config/cn=schema/cn={12}dnszone.ldif index 0dfeacf4..689d75c1 100644 --- a/test/config/cn=config/cn=schema/cn={13}dnszone.ldif +++ b/test/config/cn=config/cn=schema/cn={12}dnszone.ldif @@ -1,8 +1,8 @@ # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. -# CRC32 fd206ea9 -dn: cn={13}dnszone +# CRC32 094bad5a +dn: cn={12}dnszone objectClass: olcSchemaConfig -cn: {13}dnszone +cn: {12}dnszone olcAttributeTypes: {0}( 1.3.6.1.4.1.2428.20.0.0 NAME 'dNSTTL' DESC 'An integer denoting time to live' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121 .1.27 ) @@ -84,9 +84,9 @@ olcObjectClasses: {0}( 1.3.6.1.4.1.2428.20.3 NAME 'dNSZone' SUP top STRUCTURAL d $ A6Record $ DNAMERecord $ DSRecord $ SSHFPRecord $ RRSIGRecord $ NSECRecor d ) ) structuralObjectClass: olcSchemaConfig -entryUUID: e31fb806-8764-1034-83b8-933592c3cd29 +entryUUID: 1e4b395c-8c54-1034-9817-2f3e74c83a84 creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth -createTimestamp: 20150505112324Z -entryCSN: 20150505112324.094017Z#000000#000#000000 +createTimestamp: 20150511180557Z +entryCSN: 20150511180557.734194Z#000000#000#000000 modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth -modifyTimestamp: 20150505112324Z +modifyTimestamp: 20150511180557Z diff --git a/test/config/cn=config/cn=schema/cn={10}mmc.ldif b/test/config/cn=config/cn=schema/cn={13}mmc.ldif similarity index 83% rename from test/config/cn=config/cn=schema/cn={10}mmc.ldif rename to test/config/cn=config/cn=schema/cn={13}mmc.ldif index 5fd46dab..90d7d211 100644 --- a/test/config/cn=config/cn=schema/cn={10}mmc.ldif +++ b/test/config/cn=config/cn=schema/cn={13}mmc.ldif @@ -1,8 +1,8 @@ # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. -# CRC32 e905fbe4 -dn: cn={10}mmc +# CRC32 ab1eec7a +dn: cn={13}mmc objectClass: olcSchemaConfig -cn: {10}mmc +cn: {13}mmc olcAttributeTypes: {0}( 1.3.6.1.4.1.40098.1.1.12.1 NAME 'lmcACL' DESC 'LMC acl entry' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3. 6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) @@ -17,9 +17,9 @@ olcObjectClasses: {0}( 1.3.6.1.4.1.40098.1.2.1.19.1 NAME 'lmcUserObject' DESC 'Objectclass for LMC user settings ' AUXILIARY MAY ( lmcACL $ lmcPrefMode $ l mcPrinterAllowed ) ) structuralObjectClass: olcSchemaConfig -entryUUID: e31d1240-8764-1034-83b5-933592c3cd29 +entryUUID: 1e4cd546-8c54-1034-9818-2f3e74c83a84 creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth -createTimestamp: 20150505112324Z -entryCSN: 20150505112324.076667Z#000000#000#000000 +createTimestamp: 20150511180557Z +entryCSN: 20150511180557.744737Z#000000#000#000000 modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth -modifyTimestamp: 20150505112324Z +modifyTimestamp: 20150511180557Z diff --git a/test/config/cn=config/cn=schema/cn={1}cosine.ldif b/test/config/cn=config/cn=schema/cn={1}cosine.ldif index b32305e9..bef4b5b1 100644 --- a/test/config/cn=config/cn=schema/cn={1}cosine.ldif +++ b/test/config/cn=config/cn=schema/cn={1}cosine.ldif @@ -1,5 +1,5 @@ # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. -# CRC32 798d0f53 +# CRC32 d740867f dn: cn={1}cosine objectClass: olcSchemaConfig cn: {1}cosine @@ -169,9 +169,9 @@ olcObjectClasses: {12}( 0.9.2342.19200300.100.4.22 NAME 'qualityLabelledData' SUP top AUXILIARY MUST dsaQuality MAY ( subtreeMinimumQuality $ subtreeMaximu mQuality ) ) structuralObjectClass: olcSchemaConfig -entryUUID: db090c34-51e1-1034-95f1-9d03bc6be361 +entryUUID: 1dcfeff4-8c54-1034-90fa-f5ce8ee3f703 creatorsName: cn=config -createTimestamp: 20150226090154Z -entryCSN: 20150226090154.824875Z#000000#000#000000 +createTimestamp: 20150511180556Z +entryCSN: 20150511180556.926224Z#000000#000#000000 modifiersName: cn=config -modifyTimestamp: 20150226090154Z +modifyTimestamp: 20150511180556Z diff --git a/test/config/cn=config/cn=schema/cn={2}nis.ldif b/test/config/cn=config/cn=schema/cn={2}nis.ldif index 9bf36b8d..bb6405d6 100644 --- a/test/config/cn=config/cn=schema/cn={2}nis.ldif +++ b/test/config/cn=config/cn=schema/cn={2}nis.ldif @@ -1,5 +1,5 @@ # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. -# CRC32 b5000483 +# CRC32 28a1d01d dn: cn={2}nis objectClass: olcSchemaConfig cn: {2}nis @@ -98,9 +98,9 @@ olcObjectClasses: {11}( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' DESC 'A device w olcObjectClasses: {12}( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' DESC 'A device with boot parameters' SUP top AUXILIARY MAY ( bootFile $ bootParameter ) ) structuralObjectClass: olcSchemaConfig -entryUUID: db09273c-51e1-1034-95f2-9d03bc6be361 +entryUUID: 1dd0050c-8c54-1034-90fb-f5ce8ee3f703 creatorsName: cn=config -createTimestamp: 20150226090154Z -entryCSN: 20150226090154.825570Z#000000#000#000000 +createTimestamp: 20150511180556Z +entryCSN: 20150511180556.926764Z#000000#000#000000 modifiersName: cn=config -modifyTimestamp: 20150226090154Z +modifyTimestamp: 20150511180556Z diff --git a/test/config/cn=config/cn=schema/cn={3}inetorgperson.ldif b/test/config/cn=config/cn=schema/cn={3}inetorgperson.ldif index f8e49040..8531ca78 100644 --- a/test/config/cn=config/cn=schema/cn={3}inetorgperson.ldif +++ b/test/config/cn=config/cn=schema/cn={3}inetorgperson.ldif @@ -1,5 +1,5 @@ # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. -# CRC32 bf5eae1c +# CRC32 5354e786 dn: cn={3}inetorgperson objectClass: olcSchemaConfig cn: {3}inetorgperson @@ -40,9 +40,9 @@ olcObjectClasses: {0}( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson' DESC 'RFC2 $ roomNumber $ secretary $ uid $ userCertificate $ x500uniqueIdentifier $ pre ferredLanguage $ userSMIMECertificate $ userPKCS12 ) ) structuralObjectClass: olcSchemaConfig -entryUUID: db093722-51e1-1034-95f3-9d03bc6be361 +entryUUID: 1dd01362-8c54-1034-90fc-f5ce8ee3f703 creatorsName: cn=config -createTimestamp: 20150226090154Z -entryCSN: 20150226090154.825977Z#000000#000#000000 +createTimestamp: 20150511180556Z +entryCSN: 20150511180556.927130Z#000000#000#000000 modifiersName: cn=config -modifyTimestamp: 20150226090154Z +modifyTimestamp: 20150511180556Z diff --git a/test/config/cn=config/cn=schema/cn={4}ppolicy.ldif b/test/config/cn=config/cn=schema/cn={4}ppolicy.ldif index 6e64e47e..78a3469b 100644 --- a/test/config/cn=config/cn=schema/cn={4}ppolicy.ldif +++ b/test/config/cn=config/cn=schema/cn={4}ppolicy.ldif @@ -1,5 +1,5 @@ # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. -# CRC32 7da434b7 +# CRC32 77e3a190 dn: cn={4}ppolicy objectClass: olcSchemaConfig cn: {4}ppolicy @@ -45,9 +45,9 @@ olcObjectClasses: {1}( 1.3.6.1.4.1.42.2.27.8.2.1 NAME 'pwdPolicy' SUP top AUXI pwdLockoutDuration $ pwdMaxFailure $ pwdFailureCountInterval $ pwdMustChange $ pwdAllowUserChange $ pwdSafeModify ) ) structuralObjectClass: olcSchemaConfig -entryUUID: e2ef4888-8764-1034-83af-933592c3cd29 +entryUUID: 1e281846-8c54-1034-980f-2f3e74c83a84 creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth -createTimestamp: 20150505112323Z -entryCSN: 20150505112323.776591Z#000000#000#000000 +createTimestamp: 20150511180557Z +entryCSN: 20150511180557.503971Z#000000#000#000000 modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth -modifyTimestamp: 20150505112323Z +modifyTimestamp: 20150511180557Z diff --git a/test/config/cn=config/cn=schema/cn={9}dhcp.ldif b/test/config/cn=config/cn=schema/cn={5}dhcp.ldif similarity index 99% rename from test/config/cn=config/cn=schema/cn={9}dhcp.ldif rename to test/config/cn=config/cn=schema/cn={5}dhcp.ldif index 83de25a6..a90ea7ca 100644 --- a/test/config/cn=config/cn=schema/cn={9}dhcp.ldif +++ b/test/config/cn=config/cn=schema/cn={5}dhcp.ldif @@ -1,8 +1,8 @@ # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. -# CRC32 d5bd8e4d -dn: cn={9}dhcp +# CRC32 7e6e0285 +dn: cn={5}dhcp objectClass: olcSchemaConfig -cn: {9}dhcp +cn: {5}dhcp olcAttributeTypes: {0}( 2.16.840.1.113719.1.203.4.1 NAME 'dhcpPrimaryDN' DESC 'The DN of the dhcpServer which is the primary server for the configuration.' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE- @@ -319,9 +319,9 @@ olcObjectClasses: {15}( 2.16.840.1.113719.1.203.6.16 NAME 'dhcpLocator' DESC ' $ dhcpKeyDN $ dhcpZoneDN $ dhcpFailOverPeerDN $ dhcpOption $ dhcpComments ) X -NDS_CONTAINMENT ( 'organization' 'organizationalunit' 'domain' ) ) structuralObjectClass: olcSchemaConfig -entryUUID: e31c533c-8764-1034-83b4-933592c3cd29 +entryUUID: 1e41c53e-8c54-1034-9810-2f3e74c83a84 creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth -createTimestamp: 20150505112324Z -entryCSN: 20150505112324.071776Z#000000#000#000000 +createTimestamp: 20150511180557Z +entryCSN: 20150511180557.672238Z#000000#000#000000 modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth -modifyTimestamp: 20150505112324Z +modifyTimestamp: 20150511180557Z diff --git a/test/config/cn=config/cn=schema/cn={6}zarafa.ldif b/test/config/cn=config/cn=schema/cn={6}zarafa.ldif index 09a09e4a..d47487e9 100644 --- a/test/config/cn=config/cn=schema/cn={6}zarafa.ldif +++ b/test/config/cn=config/cn=schema/cn={6}zarafa.ldif @@ -1,5 +1,5 @@ # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. -# CRC32 57609f92 +# CRC32 12b63e24 dn: cn={6}zarafa objectClass: olcSchemaConfig cn: {6}zarafa @@ -143,9 +143,9 @@ olcObjectClasses: {6}( 1.3.6.1.4.1.26278.1.7.0.0 NAME 'zarafa-dynamicgroup' DE SC 'ZARAFA: a Zarafa dynamic group' SUP top STRUCTURAL MUST cn MAY ( zarafaAc count $ zarafaHidden $ mail $ zarafaAliases $ zarafaFilter $ zarafaBase ) ) structuralObjectClass: olcSchemaConfig -entryUUID: e31a7bde-8764-1034-83b1-933592c3cd29 +entryUUID: 1e435106-8c54-1034-9811-2f3e74c83a84 creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth -createTimestamp: 20150505112324Z -entryCSN: 20150505112324.059710Z#000000#000#000000 +createTimestamp: 20150511180557Z +entryCSN: 20150511180557.682369Z#000000#000#000000 modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth -modifyTimestamp: 20150505112324Z +modifyTimestamp: 20150511180557Z diff --git a/test/config/cn=config/cn=schema/cn={12}samba.ldif b/test/config/cn=config/cn=schema/cn={7}samba.ldif similarity index 98% rename from test/config/cn=config/cn=schema/cn={12}samba.ldif rename to test/config/cn=config/cn=schema/cn={7}samba.ldif index 410513b7..f06a78cb 100644 --- a/test/config/cn=config/cn=schema/cn={12}samba.ldif +++ b/test/config/cn=config/cn=schema/cn={7}samba.ldif @@ -1,8 +1,8 @@ # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. -# CRC32 1b61c020 -dn: cn={12}samba +# CRC32 2dd801cc +dn: cn={7}samba objectClass: olcSchemaConfig -cn: {12}samba +cn: {7}samba olcAttributeTypes: {0}( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword' DESC 'L anManager Password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.1 21.1.26{32} SINGLE-VALUE ) @@ -176,9 +176,9 @@ olcObjectClasses: {9}( 1.3.6.1.4.1.7165.2.2.12 NAME 'sambaConfigOption' DESC ' baBoolOption $ sambaIntegerOption $ sambaStringOption $ sambaStringListoption $ description ) ) structuralObjectClass: olcSchemaConfig -entryUUID: e31efc90-8764-1034-83b7-933592c3cd29 +entryUUID: 1e45010e-8c54-1034-9812-2f3e74c83a84 creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth -createTimestamp: 20150505112324Z -entryCSN: 20150505112324.089216Z#000000#000#000000 +createTimestamp: 20150511180557Z +entryCSN: 20150511180557.693431Z#000000#000#000000 modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth -modifyTimestamp: 20150505112324Z +modifyTimestamp: 20150511180557Z diff --git a/test/config/cn=config/cn=schema/cn={7}mail.ldif b/test/config/cn=config/cn=schema/cn={8}mail.ldif similarity index 94% rename from test/config/cn=config/cn=schema/cn={7}mail.ldif rename to test/config/cn=config/cn=schema/cn={8}mail.ldif index 3d10bfb0..790eabe7 100644 --- a/test/config/cn=config/cn=schema/cn={7}mail.ldif +++ b/test/config/cn=config/cn=schema/cn={8}mail.ldif @@ -1,8 +1,8 @@ # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. -# CRC32 b10b1513 -dn: cn={7}mail +# CRC32 2acb9a1d +dn: cn={8}mail objectClass: olcSchemaConfig -cn: {7}mail +cn: {8}mail olcAttributeTypes: {0}( 1.3.6.1.4.1.21103.1.1.13.1 NAME 'maildrop' DESC 'Mail addresses where mails are forwarded -- ie forwards' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512} ) @@ -48,9 +48,9 @@ olcObjectClasses: {3}( 1.3.6.1.4.1.21103.1.2.13.4 NAME 'mailAlias' DESC 'Mail Alias' SUP top STRUCTURAL MUST mailalias MAY ( mail $ mailaliasmember $ maile nable ) ) structuralObjectClass: olcSchemaConfig -entryUUID: e31b1256-8764-1034-83b2-933592c3cd29 +entryUUID: 1e464bcc-8c54-1034-9813-2f3e74c83a84 creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth -createTimestamp: 20150505112324Z -entryCSN: 20150505112324.063563Z#000000#000#000000 +createTimestamp: 20150511180557Z +entryCSN: 20150511180557.701898Z#000000#000#000000 modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth -modifyTimestamp: 20150505112324Z +modifyTimestamp: 20150511180557Z diff --git a/test/config/cn=config/cn=schema/cn={8}openssh-lpk.ldif b/test/config/cn=config/cn=schema/cn={9}openssh-lpk.ldif similarity index 73% rename from test/config/cn=config/cn=schema/cn={8}openssh-lpk.ldif rename to test/config/cn=config/cn=schema/cn={9}openssh-lpk.ldif index 04dcaca4..ca356654 100644 --- a/test/config/cn=config/cn=schema/cn={8}openssh-lpk.ldif +++ b/test/config/cn=config/cn=schema/cn={9}openssh-lpk.ldif @@ -1,8 +1,8 @@ # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. -# CRC32 8554d7c7 -dn: cn={8}openssh-lpk +# CRC32 7163b5da +dn: cn={9}openssh-lpk objectClass: olcSchemaConfig -cn: {8}openssh-lpk +cn: {9}openssh-lpk olcAttributeTypes: {0}( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey' DES C 'MANDATORY: OpenSSH Public key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4. 1.1466.115.121.1.40 ) @@ -10,9 +10,9 @@ olcObjectClasses: {0}( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' DESC 'MANDATORY: OpenSSH LPK objectclass' SUP top AUXILIARY MAY ( sshPublicKey $ uid ) ) structuralObjectClass: olcSchemaConfig -entryUUID: e31baafe-8764-1034-83b3-933592c3cd29 +entryUUID: 1e47842e-8c54-1034-9814-2f3e74c83a84 creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth -createTimestamp: 20150505112324Z -entryCSN: 20150505112324.067470Z#000000#000#000000 +createTimestamp: 20150511180557Z +entryCSN: 20150511180557.709895Z#000000#000#000000 modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth -modifyTimestamp: 20150505112324Z +modifyTimestamp: 20150511180557Z diff --git a/test/config/cn=config/olcBackend={0}hdb.ldif b/test/config/cn=config/olcBackend={0}hdb.ldif index 6b49af83..b533c08f 100644 --- a/test/config/cn=config/olcBackend={0}hdb.ldif +++ b/test/config/cn=config/olcBackend={0}hdb.ldif @@ -1,12 +1,12 @@ # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. -# CRC32 40b20094 +# CRC32 ce66638c dn: olcBackend={0}hdb objectClass: olcBackendConfig olcBackend: {0}hdb structuralObjectClass: olcBackendConfig -entryUUID: db094f96-51e1-1034-95f5-9d03bc6be361 +entryUUID: 1dd028ac-8c54-1034-90fe-f5ce8ee3f703 creatorsName: cn=config -createTimestamp: 20150226090154Z -entryCSN: 20150226090154.826604Z#000000#000#000000 +createTimestamp: 20150511180556Z +entryCSN: 20150511180556.927675Z#000000#000#000000 modifiersName: cn=config -modifyTimestamp: 20150226090154Z +modifyTimestamp: 20150511180556Z diff --git a/test/config/cn=config/olcDatabase={-1}frontend.ldif b/test/config/cn=config/olcDatabase={-1}frontend.ldif index 673109ea..a1a42cf6 100644 --- a/test/config/cn=config/olcDatabase={-1}frontend.ldif +++ b/test/config/cn=config/olcDatabase={-1}frontend.ldif @@ -1,5 +1,5 @@ # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. -# CRC32 1f64c20c +# CRC32 0b63a07b dn: olcDatabase={-1}frontend objectClass: olcDatabaseConfig objectClass: olcFrontendConfig @@ -10,9 +10,9 @@ olcAccess: {1}to dn.exact="" by * read olcAccess: {2}to dn.base="cn=Subschema" by * read olcSizeLimit: 500 structuralObjectClass: olcDatabaseConfig -entryUUID: db089fec-51e1-1034-95ed-9d03bc6be361 +entryUUID: 1dcfbf0c-8c54-1034-90f6-f5ce8ee3f703 creatorsName: cn=config -createTimestamp: 20150226090154Z -entryCSN: 20150226090154.822104Z#000000#000#000000 +createTimestamp: 20150511180556Z +entryCSN: 20150511180556.924972Z#000000#000#000000 modifiersName: cn=config -modifyTimestamp: 20150226090154Z +modifyTimestamp: 20150511180556Z diff --git a/test/config/cn=config/olcDatabase={0}config.ldif b/test/config/cn=config/olcDatabase={0}config.ldif index 7c2b9ca2..8e646662 100644 --- a/test/config/cn=config/olcDatabase={0}config.ldif +++ b/test/config/cn=config/olcDatabase={0}config.ldif @@ -1,14 +1,14 @@ # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. -# CRC32 dcde46c0 +# CRC32 4291b3d7 dn: olcDatabase={0}config objectClass: olcDatabaseConfig olcDatabase: {0}config olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external ,cn=auth manage by * break structuralObjectClass: olcDatabaseConfig -entryUUID: db08ac08-51e1-1034-95ee-9d03bc6be361 +entryUUID: 1dcfc560-8c54-1034-90f7-f5ce8ee3f703 creatorsName: cn=config -createTimestamp: 20150226090154Z -entryCSN: 20150226090154.822414Z#000000#000#000000 +createTimestamp: 20150511180556Z +entryCSN: 20150511180556.925134Z#000000#000#000000 modifiersName: cn=config -modifyTimestamp: 20150226090154Z +modifyTimestamp: 20150511180556Z diff --git a/test/config/cn=config/olcDatabase={1}hdb.ldif b/test/config/cn=config/olcDatabase={1}hdb.ldif index 32b648ca..6df721f1 100644 --- a/test/config/cn=config/olcDatabase={1}hdb.ldif +++ b/test/config/cn=config/olcDatabase={1}hdb.ldif @@ -1,14 +1,14 @@ # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. -# CRC32 4f6c59f2 +# CRC32 2b412e6d dn: olcDatabase={1}hdb objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {1}hdb olcDbDirectory: /var/lib/ldap -olcSuffix: dc=test,dc=osixia,dc=net +olcSuffix: dc=osixia,dc=net olcLastMod: TRUE -olcRootDN: cn=admin,dc=test,dc=osixia,dc=net -olcRootPW:: e1NTSEF9bU9FWlh4OUpPNmlhK1dkeFV4S0FKam43R3dmNVJrby8= +olcRootDN: cn=admin,dc=osixia,dc=net +olcRootPW:: e1NTSEF9R0llSUVKRW82eFJXOG5ybENtQXkyZjF3WXlxU0ZFL2M= olcDbCheckpoint: 512 30 olcDbConfig: {0}set_cachesize 0 2097152 0 olcDbConfig: {1}set_lk_max_objects 1500 @@ -16,14 +16,14 @@ olcDbConfig: {2}set_lk_max_locks 1500 olcDbConfig: {3}set_lk_max_lockers 1500 olcDbIndex: objectClass eq structuralObjectClass: olcHdbConfig -entryUUID: db09539c-51e1-1034-95f6-9d03bc6be361 +entryUUID: 1dd02bcc-8c54-1034-90ff-f5ce8ee3f703 creatorsName: cn=config -createTimestamp: 20150226090154Z +createTimestamp: 20150511180556Z olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymou - s auth by dn="cn=admin,dc=example,dc=org" write by * none + s auth by dn="cn=admin,dc=osixia,dc=net" write by * none olcAccess: {1}to dn.base="" by * read -olcAccess: {2}to * by self write by dn="cn=admin,dc=example,dc=org" write by * - none -entryCSN: 20150511151550.910171Z#000000#000#000000 +olcAccess: {2}to * by self write by dn="cn=admin,dc=osixia,dc=net" write by * + none +entryCSN: 20150511180557.496167Z#000000#000#000000 modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth -modifyTimestamp: 20150511151550Z +modifyTimestamp: 20150511180557Z diff --git a/test/database/__db.001 b/test/database/__db.001 index 74c8c6ef5a42214e68d73893765d6ac6fbee8c53..83475bb1dcef7df6408c570202efcb3b6a4de8b5 100644 GIT binary patch delta 2280 zcma)7eQXp(6yMo>bG_{sEk}FD^&)rJC{m&=squ(46s-v{M6iU~7L*>Trt~TlHChPK zqb8Pr3|+VOHNlXo1PE%<1Jg|#Ob;SyNebFvOEHnu7)&KKTn#1#59-X$ZhKcCasJph z_vU^4-tWDcn;i(u4g}hlXo)z9+T?%j=*dGSTU=A z{QdCE$J|HMD0b#g=}#-mo=bt#JPWn5aQ(t8YsW>Fw#j`z%NXh)F8#P;amoKl6K1Zw z=*Zhe7cJMjj=cM;&N|BsgUs;jJ$KG$=pn@wTv@t&-grJZw^?AgZ8M&!1t-2+1@qoZ-ZKskD#Ju;^cl?;l!VMS zcyL%L<8oqHnc`4=IC)Vi!&?=y&nUm7Y>ijC}(;)9Pl;rG*MHu@!tq zya6IaYxZEg8Y1Wng9l?Vs5V-{P)F49bk=#cWc;lOmU$yb%wHz)oZvb>RcvjchW9PV zm(?xIoaNC3mzl38{(=O2N4snZ!av9nbvoQ943ONMZudu4tET}4`Cs#H8nO)WTPUxOTAmd0aLs_hY z>UqN~WUjKHRaq2E8o*6tT-OcmfXFgCTUVcIZSxSt=&P{I=;~(KX_VQ>_*WwoV0$B! z1yb&^@Rt-zCfW9U$-w%`J+nO)u9hdnrg})o@i#?y-m2tw zoiffI1-DF3F+B)`Gsjrg^8HYl_du9<;B{74!*Pgt=lW-{SJwc}lJzg7X0qw)W39Gp z@G7N`roQM}$c=snZOP`dkP3l^THJF_#ERS%GIkHs z(`auAH??8$arUTUnAmo1rErbYX>{X#Tv&y6IcbjElfaWsy6ffoU8{H2Ke?lRhZQKo zg_R_+Mwom{?{9W-zL(=f24zo`%0AU9Ek=JP_27g`8*qY>a-7Iy jZz87}d(!EO?1k?6m`JDJ8P_Pe@rl74CLj9c;eP!OZ*Qzo delta 2468 zcmbtWeP|R%6u;ShbJ>k|>BY%x3CR<6{qO1AZtP}9|h699L&|{=V{e}zK zh~f1*;yu$%hDhm(BH|!Swzh!J*5I;`7W3*yWskI?2rC<*LQBlS{yGBr%|hv=QfuSZ zN9AJT)?(Fq5In%K@j4}&^@I#k{-hT3nY-H)`b{{UU&Ub7FvA1$KfNchwMN%yz`e6* zz(Ev7Tp<_N>Aky)U*>db*?DqH&L6p4&*4bfH2He^YIHRZnQa|?Ot+D(ck0^$+-I#` zZhD@ z7ylQSR%XhBPPP3N7p9ZW!kJOKzh;Udrg-nxCuisAG1(j963&F@?a7##$Q=A^|064^ z+Y?sld0q@wf?HuDP04^cHxNCwdpjA^$9JzM)o0f1S#|00VN-$X6#krAtPG>|M8Vp6 zQmgue*vE^E19c>Xeu*yRrqQZdPF1fk@Y;S1=BN4N$EvpcBPQo=R=QM|uyNUE+@|1t zqvMJ^L{Paal^cmcc|yWKJt@bIAvtUcF+C*zuDxB3_rI6JY&9ZR<&_c_bYC+Ceb?m( zswF^8|85-p3@VaMhb%OnIQ|Rqj$y;aR@vH`^N4LGWIa>X=xPxgv81#7wPgA05PwG= znFjb&GpNQ$98!dGNH;!x9NwtPxBvptW@D-`SvlsnLoq6wpai4GAy7D*5y4&Spu*U` z30lZ>=wAG3GgSEc(eiAEZc}wjhHncLNvfL>;sq2)(QOdImUe*5PQ_PFLABAp4Mx;y z1RtK?0Tt44sc~lqERl%MaJR!8FQ!g_LY!E+4~pm6d5g5qPUA2!-rUD&9A*T0KMES1 z8Vfkm4gq(@UBg|2P~Ep5JdfivOYBd!W%{=(e1y5RbILWkoT4!-b%$Ny&{CVJwVr!7 z)1RF-+h10Nr_j?3iqWt05_26<;tcZQJ+kSTY79k0Jbb_|@oYw-#LExDQ592-urX(m zMO2FgaN;c}H@c28Y%NiOJ!@eX_8wNKL)DV>4xVf9I7FU@Jm9A6)*cH@duDo7$H>2w_ln?R&^Xc{w9}Ux{j1+ z2^Vh|KgJ~*T-LgE$;Q^_HneVV)cx{K(&32k{%51#;x|1<#T#g!GZo{8L|-F$)oklw zztjigL+g@StO&zEUnot9s~r>$hnWf=BN(IfMN9xyZ~*ASyecM~X`jDPKr1^RT02}r z=`sxG&;snHG)O#no6`B&x9_f0h5;viFK@vNw-=l=Ja>4~^44U%I8*m0F*k?yE#?gD zU^(M1$?AW$ogNwehNC%jRUXT4Y9@K?Qm987eu$?Px^;%m0=)LB1Y|jCDoaF%N}&-8{>R)p8szNnruFswKl2yie*wlA B(KG-6 diff --git a/test/database/__db.002 b/test/database/__db.002 index 1ad2a165b4ab451373db5ff15ef2fa8b0c23ce34..694491f49c66e390654cfcbd6da799a88e87b086 100644 GIT binary patch delta 1932 zcmeHHK}#D!7G%2&5YX((i|oYt2!Pk3&`X<}zOunpIi3dvFDH`n)NB9eTJ}i81hCI9tyo3rwSWSx4M-H?Z0IiA@}gL zQk49wa(55#)eXLi>BFj+r(yW5##m?_bL4?YeM@4;l=blq&12ORJ=yHmQT2yn_tLCo z1wjvMw{3dpNMOy>a>P-E&hlvarI^RK~PV_R~`0+buJ zOB{PJxVl~-#x7i1S;2w7XAbJ8F-Q+2+iZPihv6W`WQYUU(h@B?OZ^k42ERR*4UWW8 zX-VY!zgi!GFWTs{QVJVk7SlF=_Ty*gs|(5wdOuLTInf3BVAcL~wCyNH58t4Etf24* UDjg5wFnyf*et30pcty;@A24`rMgRZ+ delta 1840 zcmezWpX2|3jtvQnOe_qWlNiGol>`_dprQQdnYel=2S|xRnZnEy-$_lLpyz{AB|B8* zL`I;>i5FNVH!yn$q8lqYS#X9vNJa=+Hz zz2;aESe$2bq6~ZHJe(gs>DQ9u%H@ zV3r6-5u?E5kJH-WN@3ZL8LEe6vfxH_yqSUvs?raXm~lo8H&hk>D5GKXXG!WsDl4RPFTxN18q zC{8vXn8m@Qh|@HvEfR3`z_2eMX#7sRg@f|s!tKJ7bC_c=V$K^H$x4$Kt`wfUW@8LS z85lU3ac4P(s1H!o9q1baxC|_G{3l=BT8`7bd{AXtlNtHyC-2yd=`$~=i(qL=U~(ag z{Nw;*52SRw1)TP$=}%7Bgm3^XF$Te$22896x3&}S6pX-$fH?&mI5jLHSe?PcZJ4a}zyx1uKH$$xiL3!4WUiM9J4!OlO0d&JHXElqU!5@oAp1 LYx|5{jOncaMjna8 diff --git a/test/database/__db.003 b/test/database/__db.003 index 31466f35c879637c242ca28205c512e0d62fd407..4c0598c6527f4888e61ddd0dd63f0949e2748066 100644 GIT binary patch delta 884 zcmezWpY8vDwhapy83iUUWSl&COKZ&J2}~Y9-c6?SlOegn zpZuUXf%hxaw21SMXaAV&+j1JHLbA0QRebZp*8lvB{F4_>^|mcL&%nS4bv%e-VK`vT z$oj=zz>dZ4fHjf?l!@-3dTU1e$+;I7DY$#4db)bK=9^UngqHAfImZoc&VwRYkm}p^XYLd*rC?NZ^ z-mE7?z+~$Gxml-HO!Z;lNiIrFEXgk__Djr7Wnh#{&a+KS$<550+;~-(6Ty3aNlVw% z(9qDrz|_<{ih+S6HLs+o(mB|VflBsn?eiVV=FDXD1|1_r1;O~vr(y&nu< zpZ=qrPmN5>jm!!8loRgL$v3VBOy0pFFxldojjh#L)a1d%pu-PL9{f-EzwmG2U%_7i z#1Z^H{5t#$435AMLP>wXboQEWa?Mj8Rvlo#2~1XeCNlZsQ)LjZ0mc*E9Q17MO#l=s B3<&@L delta 1089 zcmezWpY8vDwhapy8C@qYWSq>>#lXNYInhCWa=L+hxR+}u~2oz?vn7o47fRStRLT2;L4J;9iTpd;rRWGbSsy1`59kAl4IQkz9fFd%J z8(26d?_ic;)S4{lIGw*v>;wZN2Lr=04#s_PK#Tob6er(sTrqivfWYJlPC2|N@|!uG z!yPy_G$5H4z{oi{%Ry}N0cKW4aiEFjlOHrE@YX|3-D)6u_upjSmeY*RlOTjU)kOqC3plnlXOz%8QE> za{XPSA}TDs{LL~GwZl^?LMyx-y|VJm-OJNVgR=AWCud)>sZU8VH8V&wPSrIvOf}Rs zG%z;NwMa=$)HO@9Oiea1GDuEMOl4pcxE;o27x+-Xr1w<*ydw(d)-muT7o{ea?Q7L=Y=4wFJAG$?R9vb&ZV73@i-{O--X1 z7&ub%N{T9-gZ&s7HH?5_25?C|V%4uk*z delta 58 tcmZorXi(T7z{0ueTtFxT5D09RWO>d!iA8{O*>Q*nKU`$*lXoEqH2~FV58D6$ diff --git a/test/database/dn2id.bdb b/test/database/dn2id.bdb index cea7bb98753f1a8014304ed64be0152c82f54767..aa9e21b869ff161838c067532323ecced692be49 100644 GIT binary patch delta 126 zcmZp0XmFTd!uyrefPs^Pfg$4j3^0kw See!A`r42+Wm6-fUUJd}91~no8 diff --git a/test/database/id2entry.bdb b/test/database/id2entry.bdb index 9f68f093c00bbe636bd67b9aca8e6b79bb6b5550..89ccb9d86dc75a63ce17b86a6fd8dda09a378296 100644 GIT binary patch delta 615 zcmZo@U}|V!nqb2Fh0}n6lY@bQhkeS4h>ebi?Pbf(GcYhRAOH))0c%FqFZKd?|H>#4V9w4dBsy-3mBGu6}8%QfGuA}HJ?wa&(>K z{t*R<)DjS^skxQu}j$^eFfDKG?5QqwF93{XQL6(a=h{a^rxz(0D0 VfRTy0kvVB0Ac+zJhyY+@0008^u>k-8 delta 619 zcmZo@U}|V!nqb0PCw78?k%NI@83*IOxQ&j7?PWKeXJBAtKmZno7HdY7(e-7^&-Vwf7hsp3QI44v&=;8@RW+s3U5cRtUPn~@-)++?0kKO$<=j| zljqhbMWiH|ni(V-r|Oy-rW)!R8W@}CTBIZ=>YAllrY4&h86>ABrZO-J+z#Wi3w$VG z(t9d@-Vud!>lk>Fi&7Iy@{5Z75_5qH6qEC86H{_C^K?>@ZA(&%OC~R@7Z$`6m8sX# zH8L_Yurx3!NsAK(1q81XI9JFa?Hyahh>zQZi}?SYm{Lz1<#g2%Mx_2pC!z S7?_%o8Um6iA%F+~Mg{=hmbS_O diff --git a/test/database/log.0000000001 b/test/database/log.0000000001 index ca1ab0ec6db736fb8bc1145e38ec23bc71ad6df6..3928409f23effb8afd56f027642a4b7fd42da651 100644 GIT binary patch delta 6618 zcmeHJYfw{16y9i5&>)CdL>rZ$sDwun2nkwVA_|IB#Db_5Lvm9<9_3LA9W4)S^@kmV ztxTGAVe_jW8D@)Dif<~tjhv;5_+|mFWAcl_Oy4-rab{KBB>zoC7~TKUp$20 zyq_LU<@ub@*!+1`BW9%^=C9C6IwJagki*Xck9yTKii3;D+F z?R&8C4O`FS&%s1&3kV5-r25v*z8wjgt!7-OwQI`6kswd0NPQA4_E=H z>{Po&5*X-pmn(GU=|u}A@PZAa^K3L~-_(qR>;#o7Jf$$1ggTbbrSF`MSf6s55DZ)u z@=C;V7^ku`pnVEVfwN$r0-eiA#^n^+U|bb+JPPp{eGLsS7rDo28L3ts=MAWmmrqr7LZ=aIR&XHDaM?5J2w4VW za%VU#t#fd~_blk!!4~YZzjYFf)7UMd9U_5mPO=@?$Kymi@?t}2K7$xM%+f)pKuiS_ z7upeLN(Fc%gJ4??W7x@ogWN-{qOm%$gR_p15b$13yY9pFI@2!hQXzUPpoairx9{0wTto%+s249l?-S_AQJnYobS~nFj%L?83(@UYZzQq17w*P| z_|c2?Vj+49ScELt<31NrKqohN$Q!`B2y|M%u`7k^MLXs$HXN|uX5YK%TMgT6rW&h( z@Yn~cZ;&TRH5x_>hwi3S%e~yB5>GETAGwxs^U-*#)GC$INA9I2JR9N7r{v&f8?VF9 zk0myoIUGg=>U2hxnVOyvu1aPI&q1BytI{MVq+qR$thyIIn%n5&CYMU3N{L*q*a}C? zq-3V&1Vx4u-ZGg)Dwhm9-6b+Fg-k&&TwAi_pK(i?TylrQfg87un%FiNQz-hUvtmpk zQ>~*NG29fAH4&l&o4R{avjRp-NI@734Y8(iDh_Xj zTq^l@#Su2TI8dl8=&m5lgIm^ju{ca8jdnZ>ZgD)mX1v$quU$=`mpbg|vDUegmtEq( zK^$8NiGuM+&wK3dV~^cpG?*H9 zovv+0E?xD83fj~*4wq5`5ZpG2j%>wkLpPKw+DC7@25h+cB0*>fjc6Zd^~!#huJQGC z4ARYD>Cir!&cEGAxBvEpV(bD4ijnvJgkoF*2#Rs1!gmXbAwmOAg`4M!G4DDdi^1;Y zNasJBC)fn9Nd0Zr@{=_1*?8Jy0R*+_u20>Gn*r85WJWuVci`)*Xn)2{cqA=gLv2EK z%VgBQYdmfKV(Fr9Y5zbvs6+!D+DFqxbQtOS`zF+84?qlwvU@^p+5m#ugvCt_H6{ue za4OV-yL#77BiH2^`6lWyG@ck5fS?%V9WIM-^>E=ER*!b1?Bj@01GXrz#U>T{P`97Q z6QiG{OVc}6A{~5R8tBkIn$G`6Hc@_?P>fvwF(gX*gkoF*2#WDV+F&h;VTT5s3O9d` yU45mLSL$CGz$-TYm^Coxfw>IKSAqE^G~a~go6vj{nr}k$O=!Le|NEQpq|e{^v;y4# delta 17934 zcmeI2c~n*9`o}kjiUEQMC@3g{GUH)541$W9NamQcB8UtL3J8wfG7pNDW5T{#nVO24 zm03C9Om=esR8*YJ0f)*-$*E;6S!%>@U@9X*TPywOP{557Onz0!70+MSpJileOik0!d0Cr`If^ zeB|IlMZl=S7O(a!=N3kqwaLEkBkwD0-}@EQIVh5)%YLJBsPwIclH^Cai^r-I;Ap^c zKu0?R4moJ;Df9P8nE&rS0*5O|Od49&9jXB*1_>)is9 zLPJs`BEpjp_;OIXt!IN$JS2ZiKIt?ib+GCtpD407H-zX%NXJKLj{*$%i zY#yCjma#z@J^R&Y4BMZhL(dgS(m3+6-X&+z2)^`&-h%#4NJt(N5U$a`!d|8?cRl3n z{z`9FG$iyw+P;S*$&1bzBNOD@LyqqFdnp}pq`f(@D$A74jd_XCDU$lL&#)u?ulhuL z^otkJ6jKZ)LwZi%SWE^(U(nIcFd67q$*Dw=UZ->1*2!0uqk2&8QsV0vLsw(z>a{l} zjZ5Qutbi~48a_li>iwfDg)Yk=99ZFda-{s`` zDO)&{%2DMm?Z@mtoq)8_ES?T@w$~wqinZEzFyiv zTSZr+h}yiXB|Vf^p<^oJg_HhQ(52UNxo6o(OEatq$wYsWvyMB;hs#>eNFEcM8k{mF z$zL0o66hbO2@dfOPfm*P4^53oNeT(lB&8&#NG3Kvcj>%mz*U=&g{4_5_qQ$IBv~fq zq$Ezt%9+?VF@qYoCS`U?OwLHl^fRnNI%iExo0gUcB{PML|Ei7bc*4^^C@54Dp$XJ# zN6;Kd$()q)PWOR*B@?e8(ljqG1_aVf)rQI$C)#QMs;j@XleeGn>HV@h@&Y1Y3o2uC zu7Av_Aj~<#?f@Nalyffgh$MxR)*)ulVmbXtYj5lV6d=(~rfUY!WZeDEA$Vt83^0kj>kQYr^Q|e=zF(k-eA1iE|(XYpd zVbdad^$Sf)^c|W!ZSb@=yY@=Y4C^^HRr}VstPXPK@hDmx+E7hmaLTKTBk@m*W5{cr z^^2qIf44Y-gCasg!vCKa2QY4?!;kQ7m^`Z+7KdScp&Kub0TpcC7C$+zk^L+DG=I0_ zQ-9KQ3K~M^gMq6Obad}{)V{Ag;iPw>n(p^e5J;`BT74a)=+MC)I?iT_+d9Wn ztmx2~2`4cxEo93xu5oHA??I7p37`2o93%_w0^Qi>IJ zhF`Dyz>rKjy1yM5QjW@PRr6g=k*NIX@w{MEZp$l&4yOo(%R|zJkmk0pI3F&}Rr7T{ z$6Q7|_v{as=G+CkvCCA_;Bq8VfNvoM0YJ|^0(_rRP&fsBr(1hp&({qK^3n5DRQ}d^ zN%A25J%2gww3FpL`V(&B^Qt?^Gf#WRso5zuQ4mNEDBHgu49G_ZFX%Y$y>VyIoFz*v z=~t=o1;!wE&hWi*<1_75Z4$v01cL)rZ(oH04Uygey0O7rZV(h90C^h)q3i+00+20! zW{?*>Kd^`Gzfh15pel<_CLP_^$}euq6V9sJf0t7bir((_ejbXZJ2HLI&|y-np!$$B z%q*L2Mf)*-8>*kb7nw_gGPl)mp^uDu7gy4aU8a(zpTAuM&=yh!u(C0 z`JWMNe}IB~fO5a0^0zLr?vGYm1)y?s)%(LdiUi*aIkk6CxjC;KI-EXwP&aF@lZMJ? z-n!%tmnPslO3nM5^=0O=%65$fTnzUc(2ZSENP|mlP}h5=cte*@71{=>amlAhKz=ap zggJ}MJ87@#CgL}W1nD+MHdL`mj4Y5D$SN5`Ut!rjixL?9X%vLSmhToA{c;LIP7D5# z{fv!16y$^)lsS1;vhKG(cD#&nu~0qw2^5LZPkvP18RKHO?|^PRE;~rWxI8HA=nEH1 z)vN0UMZ(4Y=z$Y(vE*|My0J^gtIQ?WRDf?P1%dC(*#dm`P!Ra;kvp*)M{g)5q2LFLw}`SzhmRDNjC^b4rmnpX}TPXGMr;mh}g^`wDs=5LAf;9{eC zbyaYe0>4QaaG`Gtb?6OMQpOhw@&V6fig|yIcR$$g^`@Bj4ysp|&2NnF&Iwt^QMm)3_t4?wyCHV4;f^bf zH1O@%>Be2Sv{1demT;GQv8hRLX~A8f8@v3@U9v4iS67Rh406sW(bbhfks#fAa+_If zbs-C62C_;92dO0(Ot%mi{TiN_(*l9fAM|gQ(;I6(D`cY&1vw!HKgGCwLpm0(dtCow zjEke{(f@@avA53sVfG=6iz6Qw=x|cHbgp8R>rA>nfs2#s_pWq`gp0|iUN_+4#9g2p zyX@mG?=}(Ody9eqzFC}uXSDv4xwC4%Cn*w@ z=iDl`LFLZ8a_DeM+*r4|{BAM64&BBM1z#7{e1}maTq;Wv{o&%mU7#DgY~n8V)&hJl zP!Irg{!oCg<~HN&QZjNM;|m4(fTyzZxum1}rfK6hq4Kt>`Tj_esJx@D_DfXWmRAlP zPKS5a@pZbx_%;YQ5Dynu)w@>=MZ#rk@|uHiapf-1ja`;=mqwvMzkWVVKQ8X7M}H|rVqBgkd~b(wap&U#9Zn;6)s6liq@nWpZf>aEt5r2~ zncitoAY44S3v^?bY|`LTW-GvV1qA`XJ4*!k-lrhEW6hSEw_<#uARq9IQ&isj9_zk( zL!SQLpuK9oc@zo0!(SBX_wDw)a_DfLBT$%M72+?!Vp9ZsPNzK2Oe#v&cXo>{i@EacwM&~@A*a}_L7Y!d5=x|cHEFuk~|3UERpE3G@ zs#n)8?y{;yzcjc6au?{vE;j#RE?+we@QtFN;neZDl>&SVCUxhf@GYJCK}Wb~RrB4zUE-S* zCWEh*yFfQ~so^d?S_<&>dCvHje2${+JvP@r z6>0W@xjkMb@Ki)gLD=h}8u(ghF4jF2QT0G?DR)^H+o&2YO}GnmW0zapW$3ll>i?mlr77e4JXL^i zCIx}--c}*g7+)yJ2Ru6~DnG=#A8Oz7GWe>0?odmS;Crdu>=7!r;FUv%Q?$ZmSOdn_ zE;>^1xkDaB!ewvOm$q=RkVZIdnKJQt%CF%=lin`9bi%Dn?TzTz(z@Y&l$-a~J5wE=AnM z>V^Q{YZL?kjgkcThMP0K(W9m}WPG6@AMlhFmFJU=?pyz>M^o@s|IL0WMWXVHp9JZj z7d!CEp~Ip5WVpyFfQ~S<7A8R0;4sPC)<= zk|Dsi{cDWxCk6lfp7Di(e86*7G9y0J?Eck#X{z_*x!0ANIx0AD*x#y2m$?@Y!Q z3i1KZ5emK;q@(*kmL%#wy{rH3d>uui@}P5D^H8}nuN*p@O3UizZw+bKfA_CR6a4Pn z$BMb^e?DCQUn?%$1-h||jx@ML-Vxxtk%9mqHcf!9X;a2`R^z9Yj4u@A1D<7y%14rp z?k~>E*o6H-{deawMS^et?b)w`Z(CkDbT}zpZjpw{AC~Wrhl~EZb5;98OKaxxuk*Hv zaB<}>(2ZR(NrTJjTLOHSQ4j#UKTd$}T?)ee!^2KTQW#$-$Ok-+Dfqr&!@9pWZTcNl z?xFhgaV|xIZ`#}z-BG#Wdt>Nu@;O{Le=m@R$`cB1?}bY{)t`?WHDfMUzu1ugmv)>l zbYqt|(%|yjJpsNSQV{r#pDe)lG6jKeT!dW>;|m4(fTypb@-SQ0{rs+TSE6!H)qJxk z5`1@$KW>W34c{9>hm+E!gfvv{H7E7}T)b5CeZXB(^GcV%#f$TWZtT*lIdiGLE5LUO z1%YqDQ~|z6C Date: Tue, 12 May 2015 16:46:14 +0200 Subject: [PATCH 18/19] readme --- README.md | 2 +- image/service/slapd/container-start.sh | 11 ++++++----- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 62c2d575..ce48819c 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,7 @@ make sure to replace `CONTAINER_ID` by your container id : You should now be in the container terminal, and we can search on the ldap server : - ldapsearch -x -h 127.0.0.1 -b dc=example,dc=org + ldapsearch -x -h 127.0.0.1 -b dc=example,dc=org -D "cn=admin,dc=example,dc=org" -w admin This should output : diff --git a/image/service/slapd/container-start.sh b/image/service/slapd/container-start.sh index fc7a05d3..28988762 100755 --- a/image/service/slapd/container-start.sh +++ b/image/service/slapd/container-start.sh @@ -65,11 +65,6 @@ EOF fi - # add ppolicy schema if not already exists - ADD_PPOLICY=$(is_new_schema ppolicy) - if [ "$ADD_PPOLICY" -eq 1 ]; then - ldapadd -c -Y EXTERNAL -Q -H ldapi:/// -f /etc/ldap/schema/ppolicy.ldif - fi # TLS config if [ "${USE_TLS,,}" == "true" ]; then @@ -95,6 +90,12 @@ EOF sed -i "s,TLS_CACERT.*,TLS_CACERT /osixia/slapd/ssl/${SSL_CA_CRT_FILENAME},g" /etc/ldap/ldap.conf fi + # add ppolicy schema if not already exists + ADD_PPOLICY=$(is_new_schema ppolicy) + if [ "$ADD_PPOLICY" -eq 1 ]; then + ldapadd -c -Y EXTERNAL -Q -H ldapi:/// -f /etc/ldap/schema/ppolicy.ldif + fi + # convert schemas to ldif SCHEMAS="" for f in $(find /osixia/slapd/schema -name \*.schema -type f); do From 1403dbde90d9248ff56010598976ed688d1f5bbc Mon Sep 17 00:00:00 2001 From: ofreax Date: Sun, 17 May 2015 11:16:20 +0200 Subject: [PATCH 19/19] date --- CHANGELOG.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 301557f3..f6e676f5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,8 +1,8 @@ -## 0.10.1 (release date: 2015-03-18) +## 0.10.1 (release date: 2015-05-17) - Add ldapi - - Add custom ldap schema + - Add custom ldap schema - Auto convert .schema to .ldif - Fixes issues #2 #3 ## 0.10.0 (release date: 2015-03-03) - - New version initial release \ No newline at end of file + - New version initial release