a275d04aab
The content of this branch was automatically imported from Fedora ELN with the following as its source: https://src.fedoraproject.org/rpms/autofs#1cda5aaae19a25dd9afa10a9ed1763ac59640019
886 lines
28 KiB
Diff
886 lines
28 KiB
Diff
autofs-5.1.6 - update ldap READMEs and schema definitions
|
|
|
|
From: Ian Kent <raven@themaw.net>
|
|
|
|
The autofs schema in samples/autofs.schema should not be used for
|
|
autofs map information, it's very old and may be inaccurate or may
|
|
conflict with other schema definitions included in LDAP server
|
|
distributions.
|
|
|
|
The README.autofs-schema has been updated to alert people to this
|
|
but the schema file has not yet been removed.
|
|
|
|
A new README.ldap-schema has been added which recommends using either
|
|
of rfc2307 or rfc2307bis schema for autofs Sun format map information
|
|
stored in LDAP and at least one of these schema should be included in
|
|
LDAP server distributions. Additionally the README notes the schema
|
|
that needs to be used for autofs amd format maps is present in the
|
|
file samples/am-utils-ldap.schema.
|
|
|
|
Ian
|
|
|
|
Signed-off-by: Ian Kent <raven@themaw.net>
|
|
---
|
|
CHANGELOG | 1
|
|
README.autofs-schema | 8 -
|
|
README.ldap-schema | 14 ++
|
|
autofs.spec | 3
|
|
samples/am-utils-ldap-id.txt | 360 ++++++++++++++++++++++++++++++++++++++++++
|
|
samples/am-utils-ldap.schema | 52 ++++++
|
|
samples/rfc2307.schema | 37 ++++
|
|
samples/rfc2307bis.schema | 310 ++++++++++++++++++++++++++++++++++++
|
|
8 files changed, 780 insertions(+), 5 deletions(-)
|
|
create mode 100644 README.ldap-schema
|
|
create mode 100644 samples/am-utils-ldap-id.txt
|
|
create mode 100644 samples/am-utils-ldap.schema
|
|
create mode 100644 samples/rfc2307.schema
|
|
create mode 100644 samples/rfc2307bis.schema
|
|
|
|
diff --git a/CHANGELOG b/CHANGELOG
|
|
index f5a1a0e3..981a0333 100644
|
|
--- a/CHANGELOG
|
|
+++ b/CHANGELOG
|
|
@@ -1,5 +1,6 @@
|
|
xx/xx/2020 autofs-5.1.7
|
|
- make bind mounts propagation slave by default.
|
|
+- update ldap READMEs and schema definitions.
|
|
|
|
07/10/2019 autofs-5.1.6
|
|
- support strictexpire mount option.
|
|
diff --git a/README.autofs-schema b/README.autofs-schema
|
|
index c121e1c3..b8c6d6a5 100644
|
|
--- a/README.autofs-schema
|
|
+++ b/README.autofs-schema
|
|
@@ -9,10 +9,10 @@ not clear what schema to use for Linux autofs information.
|
|
|
|
The schema was corrected somewhere along the line but the autofs
|
|
distribution copy was never updated. The schema has now been
|
|
-updated but it is not recommended for use as the schema for autofs
|
|
-map information.
|
|
+updated but may not be accurate and may conflict with other LDAP
|
|
+schemas so it is not recommended for use for autofs map information.
|
|
|
|
-The rfc2307 or, preferably the, rfc2307bis schema is the recommened
|
|
-schema to use.
|
|
+The rfc2307 or the rfc2307bis schema is the recommened schema to
|
|
+use, based on requirements.
|
|
|
|
Ian
|
|
diff --git a/README.ldap-schema b/README.ldap-schema
|
|
new file mode 100644
|
|
index 00000000..6cb0ba1c
|
|
--- /dev/null
|
|
+++ b/README.ldap-schema
|
|
@@ -0,0 +1,14 @@
|
|
+LDAP Schema
|
|
+===========
|
|
+
|
|
+LDAP Schema definitions may be found in the samples sub-directory.
|
|
+
|
|
+The ldap schema rfc2307.schema and rfc2307bis.schema may be used by
|
|
+autofs for Sun format automount maps, the choice of which is used is
|
|
+dependent on user needs. They are included for reference only as at
|
|
+least one of these should be included in LDAP server distributions.
|
|
+
|
|
+The ldap schema am-utils-ldap.schema and am-utils-ldap-id.txt describe
|
|
+the schema used by autofs for amd format maps.
|
|
+
|
|
+Ian
|
|
diff --git a/autofs.spec b/autofs.spec
|
|
index 18e93a8d..22e7adf4 100644
|
|
--- a/autofs.spec
|
|
+++ b/autofs.spec
|
|
@@ -194,7 +194,8 @@ fi
|
|
|
|
%files
|
|
%defattr(-,root,root)
|
|
-%doc CREDITS CHANGELOG INSTALL COPY* README* samples/ldap* samples/autofs.schema samples/autofs_ldap_auth.conf
|
|
+%doc CREDITS CHANGELOG INSTALL COPY* README* samples/ldap* samples/*.schema
|
|
+%doc samples/am-utils-ldap-id.txt samples/autofs_ldap_auth.conf
|
|
%config %{init_file_name}
|
|
%config(noreplace) /etc/auto.master
|
|
%config(noreplace) /etc/autofs.conf
|
|
diff --git a/samples/am-utils-ldap-id.txt b/samples/am-utils-ldap-id.txt
|
|
new file mode 100644
|
|
index 00000000..33a9187b
|
|
--- /dev/null
|
|
+++ b/samples/am-utils-ldap-id.txt
|
|
@@ -0,0 +1,360 @@
|
|
+
|
|
+
|
|
+
|
|
+
|
|
+
|
|
+
|
|
+INTERNET-DRAFT Leif Johansson
|
|
+Intented Category: Experimental Stockholm University
|
|
+
|
|
+
|
|
+
|
|
+ A directory (X.500 and LDAPv3) schema for Berkely automounter
|
|
+
|
|
+
|
|
+1. Status of this Memo
|
|
+
|
|
+ This memo describes a directory (LDAP or X.500) schema for storing amd (Berkely-
|
|
+ style automounter) mount info maps. The schema is currently beeing supported by
|
|
+ the (beta version of the) am-utils version 6 package [AMUTILS].
|
|
+
|
|
+2. Overview and Rationale
|
|
+
|
|
+ Directory services such as X.500 [X500] or LDAP [RFC2251] are a natural choice of
|
|
+ repository for amd mount map databases. All Object Identifiers in this document
|
|
+ are prefixed by amdSchema-id to be assigned later. The relation between this
|
|
+ schema and the automount schema elements in [HOWARD] are mostly superficial. The
|
|
+ model for the elements in [HOWARD] was the SUN automounter which has quite a
|
|
+ different syntax for mount maps. Furthermore the intended usage of this schema
|
|
+ differs from that of [HOWARD] in many respects.
|
|
+
|
|
+3. DSA requirements
|
|
+
|
|
+ Directory servers implementing this schema SHOULD maintain the modifyTimestamp
|
|
+ operational attribute. If not the amdMapCacheTtl attribute SHOULD be set to 0
|
|
+ indicating to clients that caching of map entries SHOULD be turned off. Clients
|
|
+ wishing to use the amdMap schema MAY use the modifyTimestamp information to set
|
|
+ the ttl for internal caching schemes. A value of 0 for the amdMapCacheTtl must
|
|
+ result in clients turning off any local caching.
|
|
+
|
|
+4. Syntax definitions
|
|
+
|
|
+ The following attribute syntax is defined in this document:
|
|
+
|
|
+ amdlocationlist
|
|
+
|
|
+ This syntax represents a amd map value. This is the syntax expressed in BNF using
|
|
+ definitions from [RFC2252]:
|
|
+
|
|
+ amdlocationlist = amdlocationselection |
|
|
+ amdlocationlist whsp "||" whsp amdlocationselection
|
|
+
|
|
+ amdlocationselection = amdlocation |
|
|
+ amdlocationselection whsp amdlocation
|
|
+
|
|
+
|
|
+
|
|
+
|
|
+Johansson [Page 1]
|
|
+
|
|
+
|
|
+
|
|
+
|
|
+
|
|
+Internet draft Berkeley AMD LDAP Schema 30 March 1998
|
|
+
|
|
+
|
|
+ amdlocation = amdlocationinfo |
|
|
+ "-" amdlocationinfo |
|
|
+ "-"
|
|
+
|
|
+ amdlocationinfo = seloropt |
|
|
+ amdlocationinfo ";" seloropt |
|
|
+ ";"
|
|
+
|
|
+ seloropt = seletion |
|
|
+ optass
|
|
+
|
|
+ selection = keystring "==" printablestring
|
|
+ keystring "!=" printablestring
|
|
+
|
|
+ optass = keystring
|
|
+
|
|
+ X.500 servers or LDAPv3 servers (supporting the binary attribute option) may use
|
|
+ the following syntax definition:
|
|
+
|
|
+ AmdLocationList ::= SEQUENCE OF {
|
|
+ SEQUENCE OF {
|
|
+ location AmdLocation
|
|
+ }
|
|
+ }
|
|
+
|
|
+ AmdLocation ::= SET OF {
|
|
+ CHOICE {
|
|
+ location [0] AmdLocationInfo
|
|
+ notlocation [1] AmdLocationInfo
|
|
+ not [2] NULL
|
|
+ }
|
|
+ }
|
|
+
|
|
+ AmdLocationInfo ::= SET OF {
|
|
+ CHOICE {
|
|
+ selection [0] AmdSelection
|
|
+ option [1] AmdOption
|
|
+ }
|
|
+ }
|
|
+
|
|
+ AmdSelection ::= CHOICE {
|
|
+ eq [0] AttributeAndValue
|
|
+ ne [1] AttributeAndValue
|
|
+ }
|
|
+
|
|
+ AmdOption ::= AttributeAndValue
|
|
+ AttributeAndValue ::= SEQUENCE {
|
|
+ attribute IA5String
|
|
+
|
|
+
|
|
+
|
|
+Johansson [Page 2]
|
|
+
|
|
+
|
|
+
|
|
+
|
|
+
|
|
+Internet draft Berkeley AMD LDAP Schema 30 March 1998
|
|
+
|
|
+
|
|
+ value IA5String
|
|
+ }
|
|
+
|
|
+5. Attribute types
|
|
+
|
|
+ The following attribute types are defined in this document:
|
|
+
|
|
+ amdMapName
|
|
+ amdMapCacheTtl
|
|
+ amdMapEntry
|
|
+ amdMapEntryKey
|
|
+ amdMapEntryValue
|
|
+
|
|
+ amdSchema-a OBJECT IDENTIFIER ::= { amdSchema-id 1 }
|
|
+
|
|
+ amdMapName ATTRIBUTE ::= {
|
|
+ WITH SYNTAX IA5String
|
|
+ EQUALITY MATCHING RULE caseIgoreExactMatch
|
|
+ --ID { amdSchema-a 1 }
|
|
+ DESCRIPTION
|
|
+ "This attribute is the symbolic and in the naming
|
|
+ context unique name of an amd map. This corresponds
|
|
+ in the case of a flat file database to the name of
|
|
+ the file or the mount-point of the map."
|
|
+ }
|
|
+
|
|
+
|
|
+ amdMapCacheTtl
|
|
+ ATTRIBUTE ::= {
|
|
+ WITH SYNTAX Integer
|
|
+ EQUALITY MATCHING RULE integerExactMatch
|
|
+ --ID { amdSchema-a 2 }
|
|
+ SINGLE VALUED
|
|
+ DESCRIPTION
|
|
+ "The maximum time-to-live for the entries in this
|
|
+ map. After this many milliseconds the map has to
|
|
+ be cleared from local caches and reloaded. A value
|
|
+ of 0 disables caching."
|
|
+ }
|
|
+
|
|
+ amdMapEntry
|
|
+ ATTRIBUTE ::= {
|
|
+ WITH SYNTAX DistinguishedName
|
|
+ EQUALITY MATHCING RULE dNCaseIgnoreExactMatch
|
|
+ --ID { amdSchema-a 3 }
|
|
+ DESCRIPTION
|
|
+ "A multivalued attribute listing the distinguished
|
|
+ names of the amdMapEntries making up this amdMap
|
|
+
|
|
+
|
|
+
|
|
+Johansson [Page 3]
|
|
+
|
|
+
|
|
+
|
|
+
|
|
+
|
|
+Internet draft Berkeley AMD LDAP Schema 30 March 1998
|
|
+
|
|
+
|
|
+ object."
|
|
+ }
|
|
+
|
|
+ amdMapEntryKey ::= {
|
|
+ ATTRIBUTE ::= {
|
|
+ WITH SYNTAX IA5String
|
|
+ EQUALITY MATCHING RULE stringExactMatch
|
|
+ --ID { amdSchema-a 4 }
|
|
+ SINGLE VALUED
|
|
+ DESCRIPTION
|
|
+ "The value of this attribute is usually the name of
|
|
+ a mountpoint for this amdMapEntry."
|
|
+ }
|
|
+
|
|
+ amdMapEntryValue ::= {
|
|
+ ATTRIBUTE ::= {
|
|
+ WITH SYNTAX AmdLocationList
|
|
+ --ID { amdSchema-a 5 }
|
|
+ DESCRIPTION
|
|
+ "This is the actual mount information for the amdMapEntry
|
|
+ using the syntax described above."
|
|
+ }
|
|
+
|
|
+ amdMapEntryKey ::= {
|
|
+ ATTRIBUTE ::= {
|
|
+ WITH SYNTAX IA5String
|
|
+ EQUALITY MATCHING RULE stringExactMatch
|
|
+ --ID { amdSchema-a 4 }
|
|
+ SINGLE VALUED
|
|
+ DESCRIPTION
|
|
+ "The value of this attribute is usually the name of
|
|
+ a mountpoint for this amdMapEntry."
|
|
+ }
|
|
+
|
|
+ amdMapEntryValue ::= {
|
|
+ ATTRIBUTE ::= {
|
|
+ WITH SYNTAX AmdLocationList
|
|
+ --ID { amdSchema-a 5 }
|
|
+ DESCRIPTION
|
|
+ "This is the actual mount information for the amdMapEntry
|
|
+ using the syntax described above."
|
|
+ }
|
|
+
|
|
+6. Object classes
|
|
+
|
|
+ The following object classes are defined in this document:
|
|
+
|
|
+ amdMap
|
|
+
|
|
+
|
|
+
|
|
+Johansson [Page 4]
|
|
+
|
|
+
|
|
+
|
|
+
|
|
+
|
|
+Internet draft Berkeley AMD LDAP Schema 30 March 1998
|
|
+
|
|
+
|
|
+ amdMapEntry
|
|
+
|
|
+ defined as follows:
|
|
+
|
|
+ amdSchema-oc ::= { amdSchema-id 2 }
|
|
+
|
|
+ amdMap OBJECT-CLASS ::= {
|
|
+ SUBCLASS OF { top }
|
|
+ KIND auxiliary
|
|
+ --ID { amdSchema-oc 1 }
|
|
+ MAY CONTAIN { amdMapCacheTtl , cn }
|
|
+ MUST CONTAIN { amdMapName , amdMapEntry }
|
|
+ }
|
|
+
|
|
+ amdMapEntry OBJECT-CLASS ::= {
|
|
+ SUBCLASS OF { top }
|
|
+ KIND structural
|
|
+ --ID { amdSchema-oc 2 }
|
|
+ MUST CONTAIN {
|
|
+ amdMapName ,
|
|
+ amdEntryKey ,
|
|
+ amdEntryValue ,
|
|
+ } MAY CONTAIN
|
|
+ { cn } DESCRIPTION "An entry of this
|
|
+ object class describes mount information relative to a
|
|
+ certain amdMap entry"
|
|
+ }
|
|
+
|
|
+7. Examples
|
|
+
|
|
+
|
|
+
|
|
+8. Security Considerations
|
|
+
|
|
+ Due to the security problems posed by NFS care should be taken not to advertise
|
|
+ exported filesystems. Therefore it is often desirable to limit access to entries
|
|
+ carrying amd mount map information to those systems to which the corresponding
|
|
+ filesystems have been exported.
|
|
+
|
|
+9. References
|
|
+
|
|
+ [AMUTILS]
|
|
+ am-utils homepage: http://shekel.cs.columbia.edu/~erez/am-utils.html
|
|
+
|
|
+ [RFC2251]
|
|
+ M. Wahl, T. Howes, S. Kille, "Lightweight Directory Access
|
|
+ Protocol (v3)", RFC 2251, December 1997.
|
|
+
|
|
+
|
|
+
|
|
+
|
|
+Johansson [Page 5]
|
|
+
|
|
+
|
|
+
|
|
+
|
|
+
|
|
+Internet draft Berkeley AMD LDAP Schema 30 March 1998
|
|
+
|
|
+
|
|
+ [RFC2252]
|
|
+ M. Wahl, A. Coulbeck, T. Howes, S. Kille, "Lightweight Directory
|
|
+ Access Protocol (v3): Attribute Syntax Definitions", RFC 2252,
|
|
+ December 1997.
|
|
+
|
|
+ [RFC2253]
|
|
+ M. Wahl, S. Kille, T. Howes, "Lightweight Directory Access
|
|
+ Protocol (v3): UTF-8 String Representation of Distinguished
|
|
+ Names", RFC 2253, December 1997.
|
|
+
|
|
+ [HOWARD]
|
|
+ Luke Howard, "An Approach for Using LDAP as a Network
|
|
+ Information Service", draft-howard-nis-schema-??.txt, Internet
|
|
+ draft.
|
|
+
|
|
+ [X500]
|
|
+ ITU something or other.
|
|
+
|
|
+
|
|
+
|
|
+Author's Address
|
|
+
|
|
+
|
|
+ Leif Johansson
|
|
+ Department of Mathematics
|
|
+ Stockholm University
|
|
+ S-106 91 Stockholm
|
|
+ SWEDEN
|
|
+
|
|
+ Email: leifj AT matematik.su.se
|
|
+
|
|
+
|
|
+
|
|
+
|
|
+
|
|
+
|
|
+
|
|
+
|
|
+
|
|
+
|
|
+
|
|
+
|
|
+
|
|
+
|
|
+
|
|
+
|
|
+
|
|
+
|
|
+
|
|
+
|
|
+
|
|
+Johansson [Page 6]
|
|
+
|
|
+
|
|
diff --git a/samples/am-utils-ldap.schema b/samples/am-utils-ldap.schema
|
|
new file mode 100644
|
|
index 00000000..9594d2fe
|
|
--- /dev/null
|
|
+++ b/samples/am-utils-ldap.schema
|
|
@@ -0,0 +1,52 @@
|
|
+# A schema for the Berkeley automounter (AMD)
|
|
+# Authored by Erez Zadok and/or source maintainers
|
|
+# Definition by Tim Colles <timc at dai.ed.ac.uk>
|
|
+# Revised by Adam Morley <adam at gmi.com>
|
|
+
|
|
+# OID Base is 1.3.6.1.4.1.10180
|
|
+#
|
|
+# Syntaxes are under 1.3.6.1.4.1.10180.3.175-199
|
|
+# Attribute types are under 1.3.6.1.4.1.10180.2.175-199
|
|
+# Object classes are under 1.3.6.1.4.1.10180.1.175-199
|
|
+
|
|
+# Attribute Type Definitions
|
|
+
|
|
+attributetype ( 1.3.6.1.4.1.10180.2.175
|
|
+ NAME 'amdmapTimestamp'
|
|
+ DESC 'Probably the time the map was last modified'
|
|
+ EQUALITY integerMatch
|
|
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
|
+ SINGLE-VALUE )
|
|
+
|
|
+attributetype ( 1.3.6.1.4.1.10180.2.176
|
|
+ NAME 'amdmapName'
|
|
+ DESC 'The symbolic name of the map, ie. map_name'
|
|
+ EQUALITY caseIgnoreMatch
|
|
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
|
|
+ SINGLE-VALUE )
|
|
+
|
|
+attributetype ( 1.3.6.1.4.1.10180.2.177
|
|
+ NAME 'amdmapKey'
|
|
+ DESC 'The key value for this entry'
|
|
+ EQUALITY caseIgnoreMatch
|
|
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
|
|
+ SINGLE-VALUE )
|
|
+
|
|
+attributetype ( 1.3.6.1.4.1.10180.2.178
|
|
+ NAME 'amdmapValue'
|
|
+ DESC 'The mount information for this entry'
|
|
+ EQUALITY caseIgnoreMatch
|
|
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
|
|
+ SINGLE-VALUE )
|
|
+
|
|
+# Object Class Definitions
|
|
+
|
|
+objectclass ( 1.3.6.1.4.1.10180.1.175 NAME 'amdmapTimestamp'
|
|
+ SUP top STRUCTURAL
|
|
+ DESC 'Timestamp for an AMD map'
|
|
+ MUST ( cn $ amdmapName $ amdmapTimestamp ) )
|
|
+
|
|
+objectclass ( 1.3.6.1.4.1.10180.1.176 NAME 'amdmap'
|
|
+ SUP top STRUCTURAL
|
|
+ DESC 'Defines an AMD map entry'
|
|
+ MUST ( cn $ amdmapName $ amdmapKey $ amdmapValue ) )
|
|
diff --git a/samples/rfc2307.schema b/samples/rfc2307.schema
|
|
new file mode 100644
|
|
index 00000000..e8b15edf
|
|
--- /dev/null
|
|
+++ b/samples/rfc2307.schema
|
|
@@ -0,0 +1,37 @@
|
|
+attributeType ( 1.3.6.1.1.1.1.31
|
|
+ NAME 'automountMapName'
|
|
+ DESC 'automount Map Name'
|
|
+ EQUALITY caseExactIA5Match
|
|
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE
|
|
+ X-ORIGIN 'user defined' )
|
|
+
|
|
+attributeType ( 1.3.6.1.1.1.1.32
|
|
+ NAME 'automountKey'
|
|
+ DESC 'Automount Key value'
|
|
+ EQUALITY caseExactIA5Match
|
|
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE
|
|
+ X-ORIGIN 'user defined' )
|
|
+
|
|
+attributeType ( 1.3.6.1.1.1.1.33
|
|
+ NAME 'automountInformation'
|
|
+ DESC 'Automount information'
|
|
+ EQUALITY caseExactIA5Match
|
|
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE
|
|
+ X-ORIGIN 'user defined' )
|
|
+
|
|
+objectClass ( 1.3.6.1.1.1.2.16
|
|
+ NAME 'automountMap'
|
|
+ DESC 'Automount Map information'
|
|
+ SUP top STRUCTURAL
|
|
+ MUST automountMapName
|
|
+ MAY description
|
|
+ X-ORIGIN 'user defined' )
|
|
+
|
|
+objectClass ( 1.3.6.1.1.1.2.17
|
|
+ NAME 'automount'
|
|
+ DESC 'Automount information'
|
|
+ SUP top STRUCTURAL
|
|
+ MUST ( automountKey $ automountInformation )
|
|
+ MAY description
|
|
+ X-ORIGIN 'user defined' )
|
|
+
|
|
diff --git a/samples/rfc2307bis.schema b/samples/rfc2307bis.schema
|
|
new file mode 100644
|
|
index 00000000..a626b3fe
|
|
--- /dev/null
|
|
+++ b/samples/rfc2307bis.schema
|
|
@@ -0,0 +1,310 @@
|
|
+###
|
|
+# Extracted from: http://tools.ietf.org/html/draft-howard-rfc2307bis-02
|
|
+###
|
|
+
|
|
+# Builtin
|
|
+#attributeType ( 1.3.6.1.1.1.1.0 NAME 'uidNumber'
|
|
+# DESC 'An integer uniquely identifying a user in an
|
|
+# administrative domain'
|
|
+# EQUALITY integerMatch
|
|
+# ORDERING integerOrderingMatch
|
|
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
|
+# SINGLE-VALUE )
|
|
+
|
|
+# Builtin
|
|
+#attributeType ( 1.3.6.1.1.1.1.1 NAME 'gidNumber'
|
|
+# DESC 'An integer uniquely identifying a group in an
|
|
+# administrative domain'
|
|
+# EQUALITY integerMatch
|
|
+# ORDERING integerOrderingMatch
|
|
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
|
+# SINGLE-VALUE )
|
|
+
|
|
+attributeType ( 1.3.6.1.1.1.1.2 NAME 'gecos'
|
|
+ DESC 'The GECOS field; the common name'
|
|
+ EQUALITY caseIgnoreMatch
|
|
+ SUBSTR caseIgnoreSubstringsMatch
|
|
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
|
|
+ SINGLE-VALUE )
|
|
+
|
|
+attributeType ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory'
|
|
+ DESC 'The absolute path to the home directory'
|
|
+ EQUALITY caseExactIA5Match
|
|
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
|
|
+ SINGLE-VALUE )
|
|
+
|
|
+attributeType ( 1.3.6.1.1.1.1.4 NAME 'loginShell'
|
|
+ DESC 'The path to the login shell'
|
|
+ EQUALITY caseExactIA5Match
|
|
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
|
|
+ SINGLE-VALUE )
|
|
+
|
|
+attributeType ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange'
|
|
+ EQUALITY integerMatch
|
|
+ ORDERING integerOrderingMatch
|
|
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
|
+ SINGLE-VALUE )
|
|
+
|
|
+attributeType ( 1.3.6.1.1.1.1.6 NAME 'shadowMin'
|
|
+ EQUALITY integerMatch
|
|
+ ORDERING integerOrderingMatch
|
|
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
|
+ SINGLE-VALUE )
|
|
+
|
|
+attributeType ( 1.3.6.1.1.1.1.7 NAME 'shadowMax'
|
|
+ EQUALITY integerMatch
|
|
+ ORDERING integerOrderingMatch
|
|
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
|
+ SINGLE-VALUE )
|
|
+
|
|
+attributeType ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning'
|
|
+ EQUALITY integerMatch
|
|
+ ORDERING integerOrderingMatch
|
|
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
|
+ SINGLE-VALUE )
|
|
+
|
|
+attributeType ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive'
|
|
+ EQUALITY integerMatch
|
|
+ ORDERING integerOrderingMatch
|
|
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
|
+ SINGLE-VALUE )
|
|
+
|
|
+attributeType ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire'
|
|
+ EQUALITY integerMatch
|
|
+ ORDERING integerOrderingMatch
|
|
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
|
+ SINGLE-VALUE )
|
|
+
|
|
+attributeType ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag'
|
|
+ EQUALITY integerMatch
|
|
+ ORDERING integerOrderingMatch
|
|
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
|
+ SINGLE-VALUE )
|
|
+
|
|
+attributeType ( 1.3.6.1.1.1.1.12 NAME 'memberUid'
|
|
+ EQUALITY caseExactMatch
|
|
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
|
|
+
|
|
+attributeType ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup'
|
|
+ EQUALITY caseExactMatch
|
|
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
|
|
+
|
|
+attributeType ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple'
|
|
+ DESC 'Netgroup triple'
|
|
+ EQUALITY caseIgnoreMatch
|
|
+ SUBSTR caseIgnoreSubstringsMatch
|
|
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
|
|
+
|
|
+attributeType ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort'
|
|
+ DESC 'Service port number'
|
|
+ EQUALITY integerMatch
|
|
+ ORDERING integerOrderingMatch
|
|
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
|
+ SINGLE-VALUE )
|
|
+
|
|
+attributeType ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol'
|
|
+ DESC 'Service protocol name'
|
|
+ EQUALITY caseIgnoreMatch
|
|
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
|
|
+
|
|
+attributeType ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber'
|
|
+ DESC 'IP protocol number'
|
|
+ EQUALITY integerMatch
|
|
+ ORDERING integerOrderingMatch
|
|
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
|
+ SINGLE-VALUE )
|
|
+
|
|
+attributeType ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber'
|
|
+ DESC 'ONC RPC number'
|
|
+ EQUALITY integerMatch
|
|
+ ORDERING integerOrderingMatch
|
|
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
|
+ SINGLE-VALUE )
|
|
+
|
|
+attributeType ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber'
|
|
+ DESC 'IPv4 addresses as a dotted decimal omitting leading
|
|
+ zeros or IPv6 addresses as defined in RFC2373'
|
|
+ EQUALITY caseIgnoreIA5Match
|
|
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
|
+
|
|
+attributeType ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber'
|
|
+ DESC 'IP network omitting leading zeros, eg. 192.168'
|
|
+ EQUALITY caseIgnoreIA5Match
|
|
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
|
|
+ SINGLE-VALUE )
|
|
+
|
|
+attributeType ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber'
|
|
+ DESC 'IP netmask omitting leading zeros, eg. 255.255.255.0'
|
|
+ EQUALITY caseIgnoreIA5Match
|
|
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
|
|
+ SINGLE-VALUE )
|
|
+
|
|
+attributeType ( 1.3.6.1.1.1.1.22 NAME 'macAddress'
|
|
+ DESC 'MAC address in maximal, colon separated hex
|
|
+ notation, eg. 00:00:92:90:ee:e2'
|
|
+ EQUALITY caseIgnoreIA5Match
|
|
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
|
+
|
|
+attributeType ( 1.3.6.1.1.1.1.23 NAME 'bootParameter'
|
|
+ DESC 'rpc.bootparamd parameter'
|
|
+ EQUALITY caseExactIA5Match
|
|
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
|
+
|
|
+attributeType ( 1.3.6.1.1.1.1.24 NAME 'bootFile'
|
|
+ DESC 'Boot image name'
|
|
+ EQUALITY caseExactIA5Match
|
|
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
|
+
|
|
+attributeType ( 1.3.6.1.1.1.1.26 NAME 'nisMapName'
|
|
+ DESC 'Name of a generic NIS map'
|
|
+ EQUALITY caseIgnoreMatch
|
|
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} )
|
|
+
|
|
+attributeType ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry'
|
|
+ DESC 'A generic NIS entry'
|
|
+ EQUALITY caseExactMatch
|
|
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024}
|
|
+ SINGLE-VALUE )
|
|
+
|
|
+attributeType ( 1.3.6.1.1.1.1.28 NAME 'nisPublicKey'
|
|
+ DESC 'NIS public key'
|
|
+ EQUALITY octetStringMatch
|
|
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
|
|
+ SINGLE-VALUE )
|
|
+
|
|
+attributeType ( 1.3.6.1.1.1.1.29 NAME 'nisSecretKey'
|
|
+ DESC 'NIS secret key'
|
|
+ EQUALITY octetStringMatch
|
|
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
|
|
+ SINGLE-VALUE )
|
|
+
|
|
+attributeType ( 1.3.6.1.1.1.1.30 NAME 'nisDomain'
|
|
+ DESC 'NIS domain'
|
|
+ EQUALITY caseIgnoreIA5Match
|
|
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
|
|
+
|
|
+attributeType ( 1.3.6.1.1.1.1.31 NAME 'automountMapName'
|
|
+ DESC 'automount Map Name'
|
|
+ EQUALITY caseExactMatch
|
|
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
|
|
+ SINGLE-VALUE )
|
|
+
|
|
+attributeType ( 1.3.6.1.1.1.1.32 NAME 'automountKey'
|
|
+ DESC 'Automount Key value'
|
|
+ EQUALITY caseExactMatch
|
|
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
|
|
+ SINGLE-VALUE )
|
|
+
|
|
+attributeType ( 1.3.6.1.1.1.1.33 NAME 'automountInformation'
|
|
+ DESC 'Automount information'
|
|
+ EQUALITY caseExactMatch
|
|
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
|
|
+ SINGLE-VALUE )
|
|
+
|
|
+objectClass ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' SUP top AUXILIARY
|
|
+ DESC 'Abstraction of an account with POSIX attributes'
|
|
+ MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory )
|
|
+ MAY ( userPassword $ loginShell $ gecos $
|
|
+ description ) )
|
|
+
|
|
+objectClass ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' SUP top AUXILIARY
|
|
+ DESC 'Additional attributes for shadow passwords'
|
|
+ MUST uid
|
|
+ MAY ( userPassword $ description $
|
|
+ shadowLastChange $ shadowMin $ shadowMax $
|
|
+ shadowWarning $ shadowInactive $
|
|
+ shadowExpire $ shadowFlag ) )
|
|
+
|
|
+objectClass ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' SUP top AUXILIARY
|
|
+ DESC 'Abstraction of a group of accounts'
|
|
+ MUST gidNumber
|
|
+ MAY ( userPassword $ memberUid $
|
|
+ description ) )
|
|
+
|
|
+objectClass ( 1.3.6.1.1.1.2.3 NAME 'ipService' SUP top STRUCTURAL
|
|
+ DESC 'Abstraction an Internet Protocol service.
|
|
+ Maps an IP port and protocol (such as tcp or udp)
|
|
+ to one or more names; the distinguished value of
|
|
+ the cn attribute denotes the services canonical
|
|
+ name'
|
|
+ MUST ( cn $ ipServicePort $ ipServiceProtocol )
|
|
+ MAY description )
|
|
+
|
|
+objectClass ( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' SUP top STRUCTURAL
|
|
+ DESC 'Abstraction of an IP protocol. Maps a protocol number
|
|
+ to one or more names. The distinguished value of the cn
|
|
+ attribute denotes the protocol canonical name'
|
|
+ MUST ( cn $ ipProtocolNumber )
|
|
+ MAY description )
|
|
+
|
|
+objectClass ( 1.3.6.1.1.1.2.5 NAME 'oncRpc' SUP top STRUCTURAL
|
|
+ DESC 'Abstraction of an Open Network Computing (ONC)
|
|
+ [RFC1057] Remote Procedure Call (RPC) binding.
|
|
+ This class maps an ONC RPC number to a name.
|
|
+ The distinguished value of the cn attribute denotes
|
|
+ the RPC service canonical name'
|
|
+ MUST ( cn $ oncRpcNumber )
|
|
+ MAY description )
|
|
+
|
|
+objectClass ( 1.3.6.1.1.1.2.6 NAME 'ipHost' SUP top AUXILIARY
|
|
+ DESC 'Abstraction of a host, an IP device. The distinguished
|
|
+ value of the cn attribute denotes the hosts canonical
|
|
+ name. Device SHOULD be used as a structural class'
|
|
+ MUST ( cn $ ipHostNumber )
|
|
+ MAY ( userPassword $ l $ description $
|
|
+ manager ) )
|
|
+
|
|
+objectClass ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' SUP top STRUCTURAL
|
|
+ DESC 'Abstraction of a network. The distinguished value of
|
|
+ the cn attribute denotes the network canonical name'
|
|
+ MUST ipNetworkNumber
|
|
+ MAY ( cn $ ipNetmaskNumber $ l $ description $ manager ) )
|
|
+
|
|
+objectClass ( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' SUP top STRUCTURAL
|
|
+ DESC 'Abstraction of a netgroup. May refer to other
|
|
+ netgroups'
|
|
+ MUST cn
|
|
+ MAY ( nisNetgroupTriple $ memberNisNetgroup $ description ) )
|
|
+
|
|
+objectClass ( 1.3.6.1.1.1.2.9 NAME 'nisMap' SUP top STRUCTURAL
|
|
+ DESC 'A generic abstraction of a NIS map'
|
|
+ MUST nisMapName
|
|
+ MAY description )
|
|
+
|
|
+objectClass ( 1.3.6.1.1.1.2.10 NAME 'nisObject' SUP top STRUCTURAL
|
|
+ DESC 'An entry in a NIS map'
|
|
+ MUST ( cn $ nisMapEntry $ nisMapName ) )
|
|
+
|
|
+objectClass ( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' SUP top AUXILIARY
|
|
+ DESC 'A device with a MAC address; device SHOULD be
|
|
+ used as a structural class'
|
|
+ MAY macAddress )
|
|
+
|
|
+objectClass ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' SUP top AUXILIARY
|
|
+ DESC 'A device with boot parameters; device SHOULD be
|
|
+ used as a structural class'
|
|
+ MAY ( bootFile $ bootParameter ) )
|
|
+
|
|
+objectClass ( 1.3.6.1.1.1.2.14 NAME 'nisKeyObject' SUP top AUXILIARY
|
|
+ DESC 'An object with a public and secret key'
|
|
+ MUST ( cn $ nisPublicKey $ nisSecretKey )
|
|
+ MAY ( uidNumber $ description ) )
|
|
+
|
|
+objectClass ( 1.3.6.1.1.1.2.15 NAME 'nisDomainObject' SUP top AUXILIARY
|
|
+ DESC 'Associates a NIS domain with a naming context'
|
|
+ MUST nisDomain )
|
|
+
|
|
+objectClass ( 1.3.6.1.1.1.2.16 NAME 'automountMap' SUP top STRUCTURAL
|
|
+ MUST ( automountMapName )
|
|
+ MAY description )
|
|
+
|
|
+objectClass ( 1.3.6.1.1.1.2.17 NAME 'automount' SUP top STRUCTURAL
|
|
+ DESC 'Automount information'
|
|
+ MUST ( automountKey $ automountInformation )
|
|
+ MAY description )
|
|
+
|
|
+objectClass ( 1.3.6.1.1.1.2.18 NAME 'groupOfMembers' SUP top STRUCTURAL
|
|
+ DESC 'A group with members (DNs)'
|
|
+ MUST cn
|
|
+ MAY ( businessCategory $ seeAlso $ owner $ ou $ o $
|
|
+ description $ member ) )
|