autofs/autofs-5.1.6-update-ldap-READMEs-and-schema-definitions.patch
Petr Šabata a275d04aab RHEL 9.0.0 Alpha bootstrap
The content of this branch was automatically imported from Fedora ELN
with the following as its source:
https://src.fedoraproject.org/rpms/autofs#1cda5aaae19a25dd9afa10a9ed1763ac59640019
2020-10-14 22:07:18 +02:00

886 lines
28 KiB
Diff

autofs-5.1.6 - update ldap READMEs and schema definitions
From: Ian Kent <raven@themaw.net>
The autofs schema in samples/autofs.schema should not be used for
autofs map information, it's very old and may be inaccurate or may
conflict with other schema definitions included in LDAP server
distributions.
The README.autofs-schema has been updated to alert people to this
but the schema file has not yet been removed.
A new README.ldap-schema has been added which recommends using either
of rfc2307 or rfc2307bis schema for autofs Sun format map information
stored in LDAP and at least one of these schema should be included in
LDAP server distributions. Additionally the README notes the schema
that needs to be used for autofs amd format maps is present in the
file samples/am-utils-ldap.schema.
Ian
Signed-off-by: Ian Kent <raven@themaw.net>
---
CHANGELOG | 1
README.autofs-schema | 8 -
README.ldap-schema | 14 ++
autofs.spec | 3
samples/am-utils-ldap-id.txt | 360 ++++++++++++++++++++++++++++++++++++++++++
samples/am-utils-ldap.schema | 52 ++++++
samples/rfc2307.schema | 37 ++++
samples/rfc2307bis.schema | 310 ++++++++++++++++++++++++++++++++++++
8 files changed, 780 insertions(+), 5 deletions(-)
create mode 100644 README.ldap-schema
create mode 100644 samples/am-utils-ldap-id.txt
create mode 100644 samples/am-utils-ldap.schema
create mode 100644 samples/rfc2307.schema
create mode 100644 samples/rfc2307bis.schema
diff --git a/CHANGELOG b/CHANGELOG
index f5a1a0e3..981a0333 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,6 @@
xx/xx/2020 autofs-5.1.7
- make bind mounts propagation slave by default.
+- update ldap READMEs and schema definitions.
07/10/2019 autofs-5.1.6
- support strictexpire mount option.
diff --git a/README.autofs-schema b/README.autofs-schema
index c121e1c3..b8c6d6a5 100644
--- a/README.autofs-schema
+++ b/README.autofs-schema
@@ -9,10 +9,10 @@ not clear what schema to use for Linux autofs information.
The schema was corrected somewhere along the line but the autofs
distribution copy was never updated. The schema has now been
-updated but it is not recommended for use as the schema for autofs
-map information.
+updated but may not be accurate and may conflict with other LDAP
+schemas so it is not recommended for use for autofs map information.
-The rfc2307 or, preferably the, rfc2307bis schema is the recommened
-schema to use.
+The rfc2307 or the rfc2307bis schema is the recommened schema to
+use, based on requirements.
Ian
diff --git a/README.ldap-schema b/README.ldap-schema
new file mode 100644
index 00000000..6cb0ba1c
--- /dev/null
+++ b/README.ldap-schema
@@ -0,0 +1,14 @@
+LDAP Schema
+===========
+
+LDAP Schema definitions may be found in the samples sub-directory.
+
+The ldap schema rfc2307.schema and rfc2307bis.schema may be used by
+autofs for Sun format automount maps, the choice of which is used is
+dependent on user needs. They are included for reference only as at
+least one of these should be included in LDAP server distributions.
+
+The ldap schema am-utils-ldap.schema and am-utils-ldap-id.txt describe
+the schema used by autofs for amd format maps.
+
+Ian
diff --git a/autofs.spec b/autofs.spec
index 18e93a8d..22e7adf4 100644
--- a/autofs.spec
+++ b/autofs.spec
@@ -194,7 +194,8 @@ fi
%files
%defattr(-,root,root)
-%doc CREDITS CHANGELOG INSTALL COPY* README* samples/ldap* samples/autofs.schema samples/autofs_ldap_auth.conf
+%doc CREDITS CHANGELOG INSTALL COPY* README* samples/ldap* samples/*.schema
+%doc samples/am-utils-ldap-id.txt samples/autofs_ldap_auth.conf
%config %{init_file_name}
%config(noreplace) /etc/auto.master
%config(noreplace) /etc/autofs.conf
diff --git a/samples/am-utils-ldap-id.txt b/samples/am-utils-ldap-id.txt
new file mode 100644
index 00000000..33a9187b
--- /dev/null
+++ b/samples/am-utils-ldap-id.txt
@@ -0,0 +1,360 @@
+
+
+
+
+
+
+INTERNET-DRAFT Leif Johansson
+Intented Category: Experimental Stockholm University
+
+
+
+ A directory (X.500 and LDAPv3) schema for Berkely automounter
+
+
+1. Status of this Memo
+
+ This memo describes a directory (LDAP or X.500) schema for storing amd (Berkely-
+ style automounter) mount info maps. The schema is currently beeing supported by
+ the (beta version of the) am-utils version 6 package [AMUTILS].
+
+2. Overview and Rationale
+
+ Directory services such as X.500 [X500] or LDAP [RFC2251] are a natural choice of
+ repository for amd mount map databases. All Object Identifiers in this document
+ are prefixed by amdSchema-id to be assigned later. The relation between this
+ schema and the automount schema elements in [HOWARD] are mostly superficial. The
+ model for the elements in [HOWARD] was the SUN automounter which has quite a
+ different syntax for mount maps. Furthermore the intended usage of this schema
+ differs from that of [HOWARD] in many respects.
+
+3. DSA requirements
+
+ Directory servers implementing this schema SHOULD maintain the modifyTimestamp
+ operational attribute. If not the amdMapCacheTtl attribute SHOULD be set to 0
+ indicating to clients that caching of map entries SHOULD be turned off. Clients
+ wishing to use the amdMap schema MAY use the modifyTimestamp information to set
+ the ttl for internal caching schemes. A value of 0 for the amdMapCacheTtl must
+ result in clients turning off any local caching.
+
+4. Syntax definitions
+
+ The following attribute syntax is defined in this document:
+
+ amdlocationlist
+
+ This syntax represents a amd map value. This is the syntax expressed in BNF using
+ definitions from [RFC2252]:
+
+ amdlocationlist = amdlocationselection |
+ amdlocationlist whsp "||" whsp amdlocationselection
+
+ amdlocationselection = amdlocation |
+ amdlocationselection whsp amdlocation
+
+
+
+
+Johansson [Page 1]
+
+
+
+
+
+Internet draft Berkeley AMD LDAP Schema 30 March 1998
+
+
+ amdlocation = amdlocationinfo |
+ "-" amdlocationinfo |
+ "-"
+
+ amdlocationinfo = seloropt |
+ amdlocationinfo ";" seloropt |
+ ";"
+
+ seloropt = seletion |
+ optass
+
+ selection = keystring "==" printablestring
+ keystring "!=" printablestring
+
+ optass = keystring
+
+ X.500 servers or LDAPv3 servers (supporting the binary attribute option) may use
+ the following syntax definition:
+
+ AmdLocationList ::= SEQUENCE OF {
+ SEQUENCE OF {
+ location AmdLocation
+ }
+ }
+
+ AmdLocation ::= SET OF {
+ CHOICE {
+ location [0] AmdLocationInfo
+ notlocation [1] AmdLocationInfo
+ not [2] NULL
+ }
+ }
+
+ AmdLocationInfo ::= SET OF {
+ CHOICE {
+ selection [0] AmdSelection
+ option [1] AmdOption
+ }
+ }
+
+ AmdSelection ::= CHOICE {
+ eq [0] AttributeAndValue
+ ne [1] AttributeAndValue
+ }
+
+ AmdOption ::= AttributeAndValue
+ AttributeAndValue ::= SEQUENCE {
+ attribute IA5String
+
+
+
+Johansson [Page 2]
+
+
+
+
+
+Internet draft Berkeley AMD LDAP Schema 30 March 1998
+
+
+ value IA5String
+ }
+
+5. Attribute types
+
+ The following attribute types are defined in this document:
+
+ amdMapName
+ amdMapCacheTtl
+ amdMapEntry
+ amdMapEntryKey
+ amdMapEntryValue
+
+ amdSchema-a OBJECT IDENTIFIER ::= { amdSchema-id 1 }
+
+ amdMapName ATTRIBUTE ::= {
+ WITH SYNTAX IA5String
+ EQUALITY MATCHING RULE caseIgoreExactMatch
+ --ID { amdSchema-a 1 }
+ DESCRIPTION
+ "This attribute is the symbolic and in the naming
+ context unique name of an amd map. This corresponds
+ in the case of a flat file database to the name of
+ the file or the mount-point of the map."
+ }
+
+
+ amdMapCacheTtl
+ ATTRIBUTE ::= {
+ WITH SYNTAX Integer
+ EQUALITY MATCHING RULE integerExactMatch
+ --ID { amdSchema-a 2 }
+ SINGLE VALUED
+ DESCRIPTION
+ "The maximum time-to-live for the entries in this
+ map. After this many milliseconds the map has to
+ be cleared from local caches and reloaded. A value
+ of 0 disables caching."
+ }
+
+ amdMapEntry
+ ATTRIBUTE ::= {
+ WITH SYNTAX DistinguishedName
+ EQUALITY MATHCING RULE dNCaseIgnoreExactMatch
+ --ID { amdSchema-a 3 }
+ DESCRIPTION
+ "A multivalued attribute listing the distinguished
+ names of the amdMapEntries making up this amdMap
+
+
+
+Johansson [Page 3]
+
+
+
+
+
+Internet draft Berkeley AMD LDAP Schema 30 March 1998
+
+
+ object."
+ }
+
+ amdMapEntryKey ::= {
+ ATTRIBUTE ::= {
+ WITH SYNTAX IA5String
+ EQUALITY MATCHING RULE stringExactMatch
+ --ID { amdSchema-a 4 }
+ SINGLE VALUED
+ DESCRIPTION
+ "The value of this attribute is usually the name of
+ a mountpoint for this amdMapEntry."
+ }
+
+ amdMapEntryValue ::= {
+ ATTRIBUTE ::= {
+ WITH SYNTAX AmdLocationList
+ --ID { amdSchema-a 5 }
+ DESCRIPTION
+ "This is the actual mount information for the amdMapEntry
+ using the syntax described above."
+ }
+
+ amdMapEntryKey ::= {
+ ATTRIBUTE ::= {
+ WITH SYNTAX IA5String
+ EQUALITY MATCHING RULE stringExactMatch
+ --ID { amdSchema-a 4 }
+ SINGLE VALUED
+ DESCRIPTION
+ "The value of this attribute is usually the name of
+ a mountpoint for this amdMapEntry."
+ }
+
+ amdMapEntryValue ::= {
+ ATTRIBUTE ::= {
+ WITH SYNTAX AmdLocationList
+ --ID { amdSchema-a 5 }
+ DESCRIPTION
+ "This is the actual mount information for the amdMapEntry
+ using the syntax described above."
+ }
+
+6. Object classes
+
+ The following object classes are defined in this document:
+
+ amdMap
+
+
+
+Johansson [Page 4]
+
+
+
+
+
+Internet draft Berkeley AMD LDAP Schema 30 March 1998
+
+
+ amdMapEntry
+
+ defined as follows:
+
+ amdSchema-oc ::= { amdSchema-id 2 }
+
+ amdMap OBJECT-CLASS ::= {
+ SUBCLASS OF { top }
+ KIND auxiliary
+ --ID { amdSchema-oc 1 }
+ MAY CONTAIN { amdMapCacheTtl , cn }
+ MUST CONTAIN { amdMapName , amdMapEntry }
+ }
+
+ amdMapEntry OBJECT-CLASS ::= {
+ SUBCLASS OF { top }
+ KIND structural
+ --ID { amdSchema-oc 2 }
+ MUST CONTAIN {
+ amdMapName ,
+ amdEntryKey ,
+ amdEntryValue ,
+ } MAY CONTAIN
+ { cn } DESCRIPTION "An entry of this
+ object class describes mount information relative to a
+ certain amdMap entry"
+ }
+
+7. Examples
+
+
+
+8. Security Considerations
+
+ Due to the security problems posed by NFS care should be taken not to advertise
+ exported filesystems. Therefore it is often desirable to limit access to entries
+ carrying amd mount map information to those systems to which the corresponding
+ filesystems have been exported.
+
+9. References
+
+ [AMUTILS]
+ am-utils homepage: http://shekel.cs.columbia.edu/~erez/am-utils.html
+
+ [RFC2251]
+ M. Wahl, T. Howes, S. Kille, "Lightweight Directory Access
+ Protocol (v3)", RFC 2251, December 1997.
+
+
+
+
+Johansson [Page 5]
+
+
+
+
+
+Internet draft Berkeley AMD LDAP Schema 30 March 1998
+
+
+ [RFC2252]
+ M. Wahl, A. Coulbeck, T. Howes, S. Kille, "Lightweight Directory
+ Access Protocol (v3): Attribute Syntax Definitions", RFC 2252,
+ December 1997.
+
+ [RFC2253]
+ M. Wahl, S. Kille, T. Howes, "Lightweight Directory Access
+ Protocol (v3): UTF-8 String Representation of Distinguished
+ Names", RFC 2253, December 1997.
+
+ [HOWARD]
+ Luke Howard, "An Approach for Using LDAP as a Network
+ Information Service", draft-howard-nis-schema-??.txt, Internet
+ draft.
+
+ [X500]
+ ITU something or other.
+
+
+
+Author's Address
+
+
+ Leif Johansson
+ Department of Mathematics
+ Stockholm University
+ S-106 91 Stockholm
+ SWEDEN
+
+ Email: leifj AT matematik.su.se
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Johansson [Page 6]
+
+
diff --git a/samples/am-utils-ldap.schema b/samples/am-utils-ldap.schema
new file mode 100644
index 00000000..9594d2fe
--- /dev/null
+++ b/samples/am-utils-ldap.schema
@@ -0,0 +1,52 @@
+# A schema for the Berkeley automounter (AMD)
+# Authored by Erez Zadok and/or source maintainers
+# Definition by Tim Colles <timc at dai.ed.ac.uk>
+# Revised by Adam Morley <adam at gmi.com>
+
+# OID Base is 1.3.6.1.4.1.10180
+#
+# Syntaxes are under 1.3.6.1.4.1.10180.3.175-199
+# Attribute types are under 1.3.6.1.4.1.10180.2.175-199
+# Object classes are under 1.3.6.1.4.1.10180.1.175-199
+
+# Attribute Type Definitions
+
+attributetype ( 1.3.6.1.4.1.10180.2.175
+ NAME 'amdmapTimestamp'
+ DESC 'Probably the time the map was last modified'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10180.2.176
+ NAME 'amdmapName'
+ DESC 'The symbolic name of the map, ie. map_name'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10180.2.177
+ NAME 'amdmapKey'
+ DESC 'The key value for this entry'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10180.2.178
+ NAME 'amdmapValue'
+ DESC 'The mount information for this entry'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+# Object Class Definitions
+
+objectclass ( 1.3.6.1.4.1.10180.1.175 NAME 'amdmapTimestamp'
+ SUP top STRUCTURAL
+ DESC 'Timestamp for an AMD map'
+ MUST ( cn $ amdmapName $ amdmapTimestamp ) )
+
+objectclass ( 1.3.6.1.4.1.10180.1.176 NAME 'amdmap'
+ SUP top STRUCTURAL
+ DESC 'Defines an AMD map entry'
+ MUST ( cn $ amdmapName $ amdmapKey $ amdmapValue ) )
diff --git a/samples/rfc2307.schema b/samples/rfc2307.schema
new file mode 100644
index 00000000..e8b15edf
--- /dev/null
+++ b/samples/rfc2307.schema
@@ -0,0 +1,37 @@
+attributeType ( 1.3.6.1.1.1.1.31
+ NAME 'automountMapName'
+ DESC 'automount Map Name'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE
+ X-ORIGIN 'user defined' )
+
+attributeType ( 1.3.6.1.1.1.1.32
+ NAME 'automountKey'
+ DESC 'Automount Key value'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE
+ X-ORIGIN 'user defined' )
+
+attributeType ( 1.3.6.1.1.1.1.33
+ NAME 'automountInformation'
+ DESC 'Automount information'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE
+ X-ORIGIN 'user defined' )
+
+objectClass ( 1.3.6.1.1.1.2.16
+ NAME 'automountMap'
+ DESC 'Automount Map information'
+ SUP top STRUCTURAL
+ MUST automountMapName
+ MAY description
+ X-ORIGIN 'user defined' )
+
+objectClass ( 1.3.6.1.1.1.2.17
+ NAME 'automount'
+ DESC 'Automount information'
+ SUP top STRUCTURAL
+ MUST ( automountKey $ automountInformation )
+ MAY description
+ X-ORIGIN 'user defined' )
+
diff --git a/samples/rfc2307bis.schema b/samples/rfc2307bis.schema
new file mode 100644
index 00000000..a626b3fe
--- /dev/null
+++ b/samples/rfc2307bis.schema
@@ -0,0 +1,310 @@
+###
+# Extracted from: http://tools.ietf.org/html/draft-howard-rfc2307bis-02
+###
+
+# Builtin
+#attributeType ( 1.3.6.1.1.1.1.0 NAME 'uidNumber'
+# DESC 'An integer uniquely identifying a user in an
+# administrative domain'
+# EQUALITY integerMatch
+# ORDERING integerOrderingMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+# SINGLE-VALUE )
+
+# Builtin
+#attributeType ( 1.3.6.1.1.1.1.1 NAME 'gidNumber'
+# DESC 'An integer uniquely identifying a group in an
+# administrative domain'
+# EQUALITY integerMatch
+# ORDERING integerOrderingMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+# SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.2 NAME 'gecos'
+ DESC 'The GECOS field; the common name'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory'
+ DESC 'The absolute path to the home directory'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.4 NAME 'loginShell'
+ DESC 'The path to the login shell'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange'
+ EQUALITY integerMatch
+ ORDERING integerOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.6 NAME 'shadowMin'
+ EQUALITY integerMatch
+ ORDERING integerOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.7 NAME 'shadowMax'
+ EQUALITY integerMatch
+ ORDERING integerOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning'
+ EQUALITY integerMatch
+ ORDERING integerOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive'
+ EQUALITY integerMatch
+ ORDERING integerOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire'
+ EQUALITY integerMatch
+ ORDERING integerOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag'
+ EQUALITY integerMatch
+ ORDERING integerOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.12 NAME 'memberUid'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributeType ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributeType ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple'
+ DESC 'Netgroup triple'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributeType ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort'
+ DESC 'Service port number'
+ EQUALITY integerMatch
+ ORDERING integerOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol'
+ DESC 'Service protocol name'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributeType ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber'
+ DESC 'IP protocol number'
+ EQUALITY integerMatch
+ ORDERING integerOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber'
+ DESC 'ONC RPC number'
+ EQUALITY integerMatch
+ ORDERING integerOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber'
+ DESC 'IPv4 addresses as a dotted decimal omitting leading
+ zeros or IPv6 addresses as defined in RFC2373'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributeType ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber'
+ DESC 'IP network omitting leading zeros, eg. 192.168'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber'
+ DESC 'IP netmask omitting leading zeros, eg. 255.255.255.0'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.22 NAME 'macAddress'
+ DESC 'MAC address in maximal, colon separated hex
+ notation, eg. 00:00:92:90:ee:e2'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributeType ( 1.3.6.1.1.1.1.23 NAME 'bootParameter'
+ DESC 'rpc.bootparamd parameter'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributeType ( 1.3.6.1.1.1.1.24 NAME 'bootFile'
+ DESC 'Boot image name'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributeType ( 1.3.6.1.1.1.1.26 NAME 'nisMapName'
+ DESC 'Name of a generic NIS map'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} )
+
+attributeType ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry'
+ DESC 'A generic NIS entry'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024}
+ SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.28 NAME 'nisPublicKey'
+ DESC 'NIS public key'
+ EQUALITY octetStringMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+ SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.29 NAME 'nisSecretKey'
+ DESC 'NIS secret key'
+ EQUALITY octetStringMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+ SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.30 NAME 'nisDomain'
+ DESC 'NIS domain'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+attributeType ( 1.3.6.1.1.1.1.31 NAME 'automountMapName'
+ DESC 'automount Map Name'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.32 NAME 'automountKey'
+ DESC 'Automount Key value'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.33 NAME 'automountInformation'
+ DESC 'Automount information'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+objectClass ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' SUP top AUXILIARY
+ DESC 'Abstraction of an account with POSIX attributes'
+ MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory )
+ MAY ( userPassword $ loginShell $ gecos $
+ description ) )
+
+objectClass ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' SUP top AUXILIARY
+ DESC 'Additional attributes for shadow passwords'
+ MUST uid
+ MAY ( userPassword $ description $
+ shadowLastChange $ shadowMin $ shadowMax $
+ shadowWarning $ shadowInactive $
+ shadowExpire $ shadowFlag ) )
+
+objectClass ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' SUP top AUXILIARY
+ DESC 'Abstraction of a group of accounts'
+ MUST gidNumber
+ MAY ( userPassword $ memberUid $
+ description ) )
+
+objectClass ( 1.3.6.1.1.1.2.3 NAME 'ipService' SUP top STRUCTURAL
+ DESC 'Abstraction an Internet Protocol service.
+ Maps an IP port and protocol (such as tcp or udp)
+ to one or more names; the distinguished value of
+ the cn attribute denotes the services canonical
+ name'
+ MUST ( cn $ ipServicePort $ ipServiceProtocol )
+ MAY description )
+
+objectClass ( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' SUP top STRUCTURAL
+ DESC 'Abstraction of an IP protocol. Maps a protocol number
+ to one or more names. The distinguished value of the cn
+ attribute denotes the protocol canonical name'
+ MUST ( cn $ ipProtocolNumber )
+ MAY description )
+
+objectClass ( 1.3.6.1.1.1.2.5 NAME 'oncRpc' SUP top STRUCTURAL
+ DESC 'Abstraction of an Open Network Computing (ONC)
+ [RFC1057] Remote Procedure Call (RPC) binding.
+ This class maps an ONC RPC number to a name.
+ The distinguished value of the cn attribute denotes
+ the RPC service canonical name'
+ MUST ( cn $ oncRpcNumber )
+ MAY description )
+
+objectClass ( 1.3.6.1.1.1.2.6 NAME 'ipHost' SUP top AUXILIARY
+ DESC 'Abstraction of a host, an IP device. The distinguished
+ value of the cn attribute denotes the hosts canonical
+ name. Device SHOULD be used as a structural class'
+ MUST ( cn $ ipHostNumber )
+ MAY ( userPassword $ l $ description $
+ manager ) )
+
+objectClass ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' SUP top STRUCTURAL
+ DESC 'Abstraction of a network. The distinguished value of
+ the cn attribute denotes the network canonical name'
+ MUST ipNetworkNumber
+ MAY ( cn $ ipNetmaskNumber $ l $ description $ manager ) )
+
+objectClass ( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' SUP top STRUCTURAL
+ DESC 'Abstraction of a netgroup. May refer to other
+ netgroups'
+ MUST cn
+ MAY ( nisNetgroupTriple $ memberNisNetgroup $ description ) )
+
+objectClass ( 1.3.6.1.1.1.2.9 NAME 'nisMap' SUP top STRUCTURAL
+ DESC 'A generic abstraction of a NIS map'
+ MUST nisMapName
+ MAY description )
+
+objectClass ( 1.3.6.1.1.1.2.10 NAME 'nisObject' SUP top STRUCTURAL
+ DESC 'An entry in a NIS map'
+ MUST ( cn $ nisMapEntry $ nisMapName ) )
+
+objectClass ( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' SUP top AUXILIARY
+ DESC 'A device with a MAC address; device SHOULD be
+ used as a structural class'
+ MAY macAddress )
+
+objectClass ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' SUP top AUXILIARY
+ DESC 'A device with boot parameters; device SHOULD be
+ used as a structural class'
+ MAY ( bootFile $ bootParameter ) )
+
+objectClass ( 1.3.6.1.1.1.2.14 NAME 'nisKeyObject' SUP top AUXILIARY
+ DESC 'An object with a public and secret key'
+ MUST ( cn $ nisPublicKey $ nisSecretKey )
+ MAY ( uidNumber $ description ) )
+
+objectClass ( 1.3.6.1.1.1.2.15 NAME 'nisDomainObject' SUP top AUXILIARY
+ DESC 'Associates a NIS domain with a naming context'
+ MUST nisDomain )
+
+objectClass ( 1.3.6.1.1.1.2.16 NAME 'automountMap' SUP top STRUCTURAL
+ MUST ( automountMapName )
+ MAY description )
+
+objectClass ( 1.3.6.1.1.1.2.17 NAME 'automount' SUP top STRUCTURAL
+ DESC 'Automount information'
+ MUST ( automountKey $ automountInformation )
+ MAY description )
+
+objectClass ( 1.3.6.1.1.1.2.18 NAME 'groupOfMembers' SUP top STRUCTURAL
+ DESC 'A group with members (DNs)'
+ MUST cn
+ MAY ( businessCategory $ seeAlso $ owner $ ou $ o $
+ description $ member ) )