Updated LDAP

djthorpe · djthorpe · commit f6e91522f4dd · 2024-01-24T08:39:15.000+01:00
diff --git a/openldap/ldif/tree.ldif b/openldap/ldif/tree.ldif
@@ -0,0 +1,51 @@
+# TODO
+# Root
+dn: ${LDAP_ROOT}
+objectClass: dcObject
+objectClass: organization
+dc: ${ DC }
+o: ${ O }
+description:  Organization
+
+# Groups
+dn: ou=groups,${LDAP_ROOT}
+ou: groups
+objectClass: top
+objectClass: organizationalUnit
+description: User groups
+
+# Users
+dn: ou=users,${LDAP_ROOT}
+ou: users
+objectClass: top
+objectClass: organizationalUnit
+description: Users
+
+# Create a test user in the people unit
+#dn: uid=test,ou=users,${LDAP_ROOT}
+#objectClass: top
+#objectClass: person
+#objectClass: posixAccount
+#uid: test
+#cn: Test User
+#sn: Test
+#uidNumber: 10001
+#gidNumber: 100
+#homeDirectory: /home/test
+#loginShell: /bin/bash
+
+# Group example
+#dn: cn=staff,ou=groups,${LDAP_ROOT}
+#objectClass: top
+#objectClass: posixGroup
+#objectClass: groupOfMembers
+#cn: staff
+#gidNumber: 10001
+#description: Staff Group
+
+# Add person into group
+#dn: cn=staff,ou=groups,${LDAP_ROOT}
+#changetype: modify
+#add: member
+#member: uid=test,ou=users,${LDAP_ROOT}
+LDIF
diff --git a/openldap/schema/rfc2307bis.schema b/openldap/schema/rfc2307bis.schema
@@ -0,0 +1,310 @@
+###
+# Extracted from: http://tools.ietf.org/html/draft-howard-rfc2307bis-02
+###
+
+# Builtin
+#attributeType ( 1.3.6.1.1.1.1.0 NAME 'uidNumber'
+#    DESC 'An integer uniquely identifying a user in an
+#          administrative domain'
+#    EQUALITY integerMatch
+#    ORDERING integerOrderingMatch
+#    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+#    SINGLE-VALUE )
+
+# Builtin
+#attributeType ( 1.3.6.1.1.1.1.1 NAME 'gidNumber'
+#    DESC 'An integer uniquely identifying a group in an
+#          administrative domain'
+#    EQUALITY integerMatch
+#    ORDERING integerOrderingMatch
+#    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+#    SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.2 NAME 'gecos'
+    DESC 'The GECOS field; the common name'
+    EQUALITY caseIgnoreMatch
+    SUBSTR caseIgnoreSubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory'
+    DESC 'The absolute path to the home directory'
+    EQUALITY caseExactIA5Match
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+    SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.4 NAME 'loginShell'
+    DESC 'The path to the login shell'
+    EQUALITY caseExactIA5Match
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+    SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange'
+    EQUALITY integerMatch
+    ORDERING integerOrderingMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.6 NAME 'shadowMin'
+    EQUALITY integerMatch
+    ORDERING integerOrderingMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.7 NAME 'shadowMax'
+    EQUALITY integerMatch
+    ORDERING integerOrderingMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning'
+    EQUALITY integerMatch
+    ORDERING integerOrderingMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive'
+    EQUALITY integerMatch
+    ORDERING integerOrderingMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire'
+    EQUALITY integerMatch
+    ORDERING integerOrderingMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag'
+    EQUALITY integerMatch
+    ORDERING integerOrderingMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.12 NAME 'memberUid'
+    EQUALITY caseExactMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributeType ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup'
+    EQUALITY caseExactMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributeType ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple'
+    DESC 'Netgroup triple'
+    EQUALITY caseIgnoreMatch
+    SUBSTR caseIgnoreSubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributeType ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort'
+    DESC 'Service port number'
+    EQUALITY integerMatch
+    ORDERING integerOrderingMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol'
+    DESC 'Service protocol name'
+    EQUALITY caseIgnoreMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributeType ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber'
+    DESC 'IP protocol number'
+    EQUALITY integerMatch
+    ORDERING integerOrderingMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber'
+    DESC 'ONC RPC number'
+    EQUALITY integerMatch
+    ORDERING integerOrderingMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber'
+    DESC 'IPv4 addresses as a dotted decimal omitting leading
+          zeros or IPv6 addresses as defined in RFC2373'
+    EQUALITY caseIgnoreIA5Match
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributeType ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber'
+    DESC 'IP network omitting leading zeros, eg. 192.168'
+    EQUALITY caseIgnoreIA5Match
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+    SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber'
+    DESC 'IP netmask omitting leading zeros, eg. 255.255.255.0'
+    EQUALITY caseIgnoreIA5Match
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+    SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.22 NAME 'macAddress'
+    DESC 'MAC address in maximal, colon separated hex
+          notation, eg. 00:00:92:90:ee:e2'
+    EQUALITY caseIgnoreIA5Match
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributeType ( 1.3.6.1.1.1.1.23 NAME 'bootParameter'
+    DESC 'rpc.bootparamd parameter'
+    EQUALITY caseExactIA5Match
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributeType ( 1.3.6.1.1.1.1.24 NAME 'bootFile'
+    DESC 'Boot image name'
+    EQUALITY caseExactIA5Match
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributeType ( 1.3.6.1.1.1.1.26 NAME 'nisMapName'
+    DESC 'Name of a generic NIS map'
+    EQUALITY caseIgnoreMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} )
+
+attributeType ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry'
+    DESC 'A generic NIS entry'
+    EQUALITY caseExactMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024}
+    SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.28 NAME 'nisPublicKey'
+    DESC 'NIS public key'
+    EQUALITY octetStringMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+    SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.29 NAME 'nisSecretKey'
+    DESC 'NIS secret key'
+    EQUALITY octetStringMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+    SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.30 NAME 'nisDomain'
+    DESC 'NIS domain'
+    EQUALITY caseIgnoreIA5Match
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+attributeType ( 1.3.6.1.1.1.1.31 NAME 'automountMapName'
+    DESC 'automount Map Name'
+    EQUALITY caseExactMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.32 NAME 'automountKey'
+    DESC 'Automount Key value'
+    EQUALITY caseExactMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.1.1.1.33 NAME 'automountInformation'
+    DESC 'Automount information'
+    EQUALITY caseExactMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    SINGLE-VALUE )
+
+objectClass ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' SUP top AUXILIARY
+    DESC 'Abstraction of an account with POSIX attributes'
+    MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory )
+    MAY ( userPassword $ loginShell $ gecos $
+          description ) )
+
+objectClass ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' SUP top AUXILIARY
+    DESC 'Additional attributes for shadow passwords'
+    MUST uid
+    MAY ( userPassword $ description $
+          shadowLastChange $ shadowMin $ shadowMax $
+          shadowWarning $ shadowInactive $
+          shadowExpire $ shadowFlag ) )
+
+objectClass ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' SUP top AUXILIARY
+    DESC 'Abstraction of a group of accounts'
+    MUST gidNumber
+    MAY ( userPassword $ memberUid $
+          description ) )
+
+objectClass ( 1.3.6.1.1.1.2.3 NAME 'ipService' SUP top STRUCTURAL
+    DESC 'Abstraction an Internet Protocol service.
+          Maps an IP port and protocol (such as tcp or udp)
+          to one or more names; the distinguished value of
+          the cn attribute denotes the services canonical
+          name'
+    MUST ( cn $ ipServicePort $ ipServiceProtocol )
+    MAY description )
+
+objectClass ( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' SUP top STRUCTURAL
+    DESC 'Abstraction of an IP protocol. Maps a protocol number
+          to one or more names. The distinguished value of the cn
+          attribute denotes the protocol canonical name'
+    MUST ( cn $ ipProtocolNumber )
+    MAY description )
+
+objectClass ( 1.3.6.1.1.1.2.5 NAME 'oncRpc' SUP top STRUCTURAL
+    DESC 'Abstraction of an Open Network Computing (ONC)
+         [RFC1057] Remote Procedure Call (RPC) binding.
+         This class maps an ONC RPC number to a name.
+         The distinguished value of the cn attribute denotes
+         the RPC service canonical name'
+    MUST ( cn $ oncRpcNumber )
+    MAY description )
+
+objectClass ( 1.3.6.1.1.1.2.6 NAME 'ipHost' SUP top AUXILIARY
+    DESC 'Abstraction of a host, an IP device. The distinguished
+          value of the cn attribute denotes the hosts canonical
+       name. Device SHOULD be used as a structural class'
+    MUST ( cn $ ipHostNumber )
+    MAY ( userPassword $ l $ description $
+          manager ) )
+
+objectClass ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' SUP top STRUCTURAL
+    DESC 'Abstraction of a network. The distinguished value of
+          the cn attribute denotes the network canonical name'
+    MUST ipNetworkNumber
+    MAY ( cn $ ipNetmaskNumber $ l $ description $ manager ) )
+
+objectClass ( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' SUP top STRUCTURAL
+    DESC 'Abstraction of a netgroup. May refer to other
+          netgroups'
+    MUST cn
+    MAY ( nisNetgroupTriple $ memberNisNetgroup $ description ) )
+
+objectClass ( 1.3.6.1.1.1.2.9 NAME 'nisMap' SUP top STRUCTURAL
+    DESC 'A generic abstraction of a NIS map'
+    MUST nisMapName
+    MAY description )
+
+objectClass ( 1.3.6.1.1.1.2.10 NAME 'nisObject' SUP top STRUCTURAL
+    DESC 'An entry in a NIS map'
+    MUST ( cn $ nisMapEntry $ nisMapName ) )
+
+objectClass ( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' SUP top AUXILIARY
+    DESC 'A device with a MAC address; device SHOULD be
+          used as a structural class'
+    MAY macAddress )
+
+objectClass ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' SUP top AUXILIARY
+    DESC 'A device with boot parameters; device SHOULD be
+          used as a structural class'
+    MAY ( bootFile $ bootParameter ) )
+
+objectClass ( 1.3.6.1.1.1.2.14 NAME 'nisKeyObject' SUP top AUXILIARY
+    DESC 'An object with a public and secret key'
+    MUST ( cn $ nisPublicKey $ nisSecretKey )
+    MAY ( uidNumber $ description ) )
+
+objectClass ( 1.3.6.1.1.1.2.15 NAME 'nisDomainObject' SUP top AUXILIARY
+    DESC 'Associates a NIS domain with a naming context'
+    MUST nisDomain )
+
+objectClass ( 1.3.6.1.1.1.2.16 NAME 'automountMap' SUP top STRUCTURAL
+    MUST ( automountMapName )
+    MAY description )
+
+objectClass ( 1.3.6.1.1.1.2.17 NAME 'automount' SUP top STRUCTURAL
+    DESC 'Automount information'
+    MUST ( automountKey $ automountInformation )
+    MAY description )
+
+objectClass ( 1.3.6.1.1.1.2.18 NAME 'groupOfMembers' SUP top STRUCTURAL
+    DESC 'A group with members (DNs)'
+    MUST cn
+    MAY ( businessCategory $ seeAlso $ owner $ ou $ o $
+          description $ member ) )
