1# OpenLDAP Core schema
2# $OpenLDAP$
3## This work is part of OpenLDAP Software <http://www.openldap.org/>.
4##
5## Copyright 1998-2021 The OpenLDAP Foundation.
6## All rights reserved.
7##
8## Redistribution and use in source and binary forms, with or without
9## modification, are permitted only as authorized by the OpenLDAP
10## Public License.
11##
12## A copy of this license is available in the file LICENSE in the
13## top-level directory of the distribution or, alternatively, at
14## <http://www.OpenLDAP.org/license.html>.
15#
16## Portions Copyright (C) The Internet Society (1997-2006).
17## All Rights Reserved.
18##
19## This document and translations of it may be copied and furnished to
20## others, and derivative works that comment on or otherwise explain it
21## or assist in its implementation may be prepared, copied, published
22## and distributed, in whole or in part, without restriction of any
23## kind, provided that the above copyright notice and this paragraph are
24## included on all such copies and derivative works.  However, this
25## document itself may not be modified in any way, such as by removing
26## the copyright notice or references to the Internet Society or other
27## Internet organizations, except as needed for the purpose of
28## developing Internet standards in which case the procedures for
29## copyrights defined in the Internet Standards process must be
30## followed, or as required to translate it into languages other than
31## English.
32##
33## The limited permissions granted above are perpetual and will not be
34## revoked by the Internet Society or its successors or assigns.
35##
36## This document and the information contained herein is provided on an
37## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
38## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
39## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
40## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
41## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
42
43#
44#
45# Includes LDAPv3 schema items from:
46#	RFC 2252/2256 (LDAPv3)
47#
48# Select standard track schema items:
49#	RFC 1274 (uid/dc)
50#	RFC 2079 (URI)
51#	RFC 2247 (dc/dcObject)
52#	RFC 2587 (PKI)
53#	RFC 2589 (Dynamic Directory Services)
54#	RFC 4524 (associatedDomain)
55#
56# Select informational schema items:
57#	RFC 2377 (uidObject)
58
59#
60# Standard attribute types from RFC 2256
61#
62
63# system schema
64#attributetype ( 2.5.4.0 NAME 'objectClass'
65#	DESC 'RFC2256: object classes of the entity'
66#	EQUALITY objectIdentifierMatch
67#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
68
69# system schema
70#attributetype ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' )
71#	DESC 'RFC2256: name of aliased object'
72#	EQUALITY distinguishedNameMatch
73#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
74
75attributetype ( 2.5.4.2 NAME 'knowledgeInformation'
76	DESC 'RFC2256: knowledge information'
77	EQUALITY caseIgnoreMatch
78	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
79
80# system schema
81#attributetype ( 2.5.4.3 NAME ( 'cn' 'commonName' )
82#	DESC 'RFC2256: common name(s) for which the entity is known by'
83#	SUP name )
84
85attributetype ( 2.5.4.4 NAME ( 'sn' 'surname' )
86	DESC 'RFC2256: last (family) name(s) for which the entity is known by'
87	SUP name )
88
89attributetype ( 2.5.4.5 NAME 'serialNumber'
90	DESC 'RFC2256: serial number of the entity'
91	EQUALITY caseIgnoreMatch
92	SUBSTR caseIgnoreSubstringsMatch
93	SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} )
94
95# RFC 4519 definition ('countryName' in X.500 and RFC2256)
96attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' )
97	DESC 'RFC4519: two-letter ISO-3166 country code'
98	SUP name
99	SYNTAX 1.3.6.1.4.1.1466.115.121.1.11
100	SINGLE-VALUE )
101
102#attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' )
103#	DESC 'RFC2256: ISO-3166 country 2-letter code'
104#	SUP name SINGLE-VALUE )
105
106attributetype ( 2.5.4.7 NAME ( 'l' 'localityName' )
107	DESC 'RFC2256: locality which this object resides in'
108	SUP name )
109
110attributetype ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' )
111	DESC 'RFC2256: state or province which this object resides in'
112	SUP name )
113
114attributetype ( 2.5.4.9 NAME ( 'street' 'streetAddress' )
115	DESC 'RFC2256: street address of this object'
116	EQUALITY caseIgnoreMatch
117	SUBSTR caseIgnoreSubstringsMatch
118	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
119
120attributetype ( 2.5.4.10 NAME ( 'o' 'organizationName' )
121	DESC 'RFC2256: organization this object belongs to'
122	SUP name )
123
124attributetype ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' )
125	DESC 'RFC2256: organizational unit this object belongs to'
126	SUP name )
127
128attributetype ( 2.5.4.12 NAME 'title'
129	DESC 'RFC2256: title associated with the entity'
130	SUP name )
131
132# system schema
133#attributetype ( 2.5.4.13 NAME 'description'
134#	DESC 'RFC2256: descriptive information'
135#	EQUALITY caseIgnoreMatch
136#	SUBSTR caseIgnoreSubstringsMatch
137#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
138
139# Deprecated by enhancedSearchGuide
140attributetype ( 2.5.4.14 NAME 'searchGuide'
141	DESC 'RFC2256: search guide, deprecated by enhancedSearchGuide'
142	SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 )
143
144attributetype ( 2.5.4.15 NAME 'businessCategory'
145	DESC 'RFC2256: business category'
146	EQUALITY caseIgnoreMatch
147	SUBSTR caseIgnoreSubstringsMatch
148	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
149
150attributetype ( 2.5.4.16 NAME 'postalAddress'
151	DESC 'RFC2256: postal address'
152	EQUALITY caseIgnoreListMatch
153	SUBSTR caseIgnoreListSubstringsMatch
154	SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
155
156attributetype ( 2.5.4.17 NAME 'postalCode'
157	DESC 'RFC2256: postal code'
158	EQUALITY caseIgnoreMatch
159	SUBSTR caseIgnoreSubstringsMatch
160	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
161
162attributetype ( 2.5.4.18 NAME 'postOfficeBox'
163	DESC 'RFC2256: Post Office Box'
164	EQUALITY caseIgnoreMatch
165	SUBSTR caseIgnoreSubstringsMatch
166	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
167
168attributetype ( 2.5.4.19 NAME 'physicalDeliveryOfficeName'
169	DESC 'RFC2256: Physical Delivery Office Name'
170	EQUALITY caseIgnoreMatch
171	SUBSTR caseIgnoreSubstringsMatch
172	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
173
174attributetype ( 2.5.4.20 NAME 'telephoneNumber'
175	DESC 'RFC2256: Telephone Number'
176	EQUALITY telephoneNumberMatch
177	SUBSTR telephoneNumberSubstringsMatch
178	SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} )
179
180attributetype ( 2.5.4.21 NAME 'telexNumber'
181	DESC 'RFC2256: Telex Number'
182	SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 )
183
184attributetype ( 2.5.4.22 NAME 'teletexTerminalIdentifier'
185	DESC 'RFC2256: Teletex Terminal Identifier'
186	SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 )
187
188attributetype ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' )
189	DESC 'RFC2256: Facsimile (Fax) Telephone Number'
190	SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 )
191
192attributetype ( 2.5.4.24 NAME 'x121Address'
193	DESC 'RFC2256: X.121 Address'
194	EQUALITY numericStringMatch
195	SUBSTR numericStringSubstringsMatch
196	SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} )
197
198attributetype ( 2.5.4.25 NAME 'internationalISDNNumber'
199	DESC 'RFC2256: international ISDN number'
200	EQUALITY numericStringMatch
201	SUBSTR numericStringSubstringsMatch
202	SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} )
203
204attributetype ( 2.5.4.26 NAME 'registeredAddress'
205	DESC 'RFC2256: registered postal address'
206	SUP postalAddress
207	SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
208
209attributetype ( 2.5.4.27 NAME 'destinationIndicator'
210	DESC 'RFC2256: destination indicator'
211	EQUALITY caseIgnoreMatch
212	SUBSTR caseIgnoreSubstringsMatch
213	SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} )
214
215attributetype ( 2.5.4.28 NAME 'preferredDeliveryMethod'
216	DESC 'RFC2256: preferred delivery method'
217	SYNTAX 1.3.6.1.4.1.1466.115.121.1.14
218	SINGLE-VALUE )
219
220attributetype ( 2.5.4.29 NAME 'presentationAddress'
221	DESC 'RFC2256: presentation address'
222	EQUALITY presentationAddressMatch
223	SYNTAX 1.3.6.1.4.1.1466.115.121.1.43
224	SINGLE-VALUE )
225
226attributetype ( 2.5.4.30 NAME 'supportedApplicationContext'
227	DESC 'RFC2256: supported application context'
228	EQUALITY objectIdentifierMatch
229	SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
230
231attributetype ( 2.5.4.31 NAME 'member'
232	DESC 'RFC2256: member of a group'
233	SUP distinguishedName )
234
235attributetype ( 2.5.4.32 NAME 'owner'
236	DESC 'RFC2256: owner (of the object)'
237	SUP distinguishedName )
238
239attributetype ( 2.5.4.33 NAME 'roleOccupant'
240	DESC 'RFC2256: occupant of role'
241	SUP distinguishedName )
242
243# system schema
244#attributetype ( 2.5.4.34 NAME 'seeAlso'
245#	DESC 'RFC2256: DN of related object'
246#	SUP distinguishedName )
247
248# system schema
249#attributetype ( 2.5.4.35 NAME 'userPassword'
250#	DESC 'RFC2256/2307: password of user'
251#	EQUALITY octetStringMatch
252#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
253
254# Must be transferred using ;binary
255# with certificateExactMatch rule (per X.509)
256attributetype ( 2.5.4.36 NAME 'userCertificate'
257	DESC 'RFC2256: X.509 user certificate, use ;binary'
258	EQUALITY certificateExactMatch
259	SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
260
261# Must be transferred using ;binary
262# with certificateExactMatch rule (per X.509)
263attributetype ( 2.5.4.37 NAME 'cACertificate'
264	DESC 'RFC2256: X.509 CA certificate, use ;binary'
265	EQUALITY certificateExactMatch
266	SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
267
268# Must be transferred using ;binary
269attributetype ( 2.5.4.38 NAME 'authorityRevocationList'
270	DESC 'RFC2256: X.509 authority revocation list, use ;binary'
271	SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
272
273# Must be transferred using ;binary
274attributetype ( 2.5.4.39 NAME 'certificateRevocationList'
275	DESC 'RFC2256: X.509 certificate revocation list, use ;binary'
276	SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
277
278# Must be stored and requested in the binary form
279attributetype ( 2.5.4.40 NAME 'crossCertificatePair'
280	DESC 'RFC2256: X.509 cross certificate pair, use ;binary'
281	SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 )
282
283# system schema
284#attributetype ( 2.5.4.41 NAME 'name'
285#	EQUALITY caseIgnoreMatch
286#	SUBSTR caseIgnoreSubstringsMatch
287#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
288
289attributetype ( 2.5.4.42 NAME ( 'givenName' 'gn' )
290	DESC 'RFC2256: first name(s) for which the entity is known by'
291	SUP name )
292
293attributetype ( 2.5.4.43 NAME 'initials'
294	DESC 'RFC2256: initials of some or all of names, but not the surname(s).'
295	SUP name )
296
297attributetype ( 2.5.4.44 NAME 'generationQualifier'
298	DESC 'RFC2256: name qualifier indicating a generation'
299	SUP name )
300
301attributetype ( 2.5.4.45 NAME 'x500UniqueIdentifier'
302	DESC 'RFC2256: X.500 unique identifier'
303	EQUALITY bitStringMatch
304	SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )
305
306attributetype ( 2.5.4.46 NAME 'dnQualifier'
307	DESC 'RFC2256: DN qualifier'
308	EQUALITY caseIgnoreMatch
309	ORDERING caseIgnoreOrderingMatch
310	SUBSTR caseIgnoreSubstringsMatch
311	SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
312
313attributetype ( 2.5.4.47 NAME 'enhancedSearchGuide'
314	DESC 'RFC2256: enhanced search guide'
315	SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 )
316
317attributetype ( 2.5.4.48 NAME 'protocolInformation'
318	DESC 'RFC2256: protocol information'
319	EQUALITY protocolInformationMatch
320	SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 )
321
322# system schema
323#attributetype ( 2.5.4.49 NAME 'distinguishedName'
324#	EQUALITY distinguishedNameMatch
325#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
326
327attributetype ( 2.5.4.50 NAME 'uniqueMember'
328	DESC 'RFC2256: unique member of a group'
329	EQUALITY uniqueMemberMatch
330	SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 )
331
332attributetype ( 2.5.4.51 NAME 'houseIdentifier'
333	DESC 'RFC2256: house identifier'
334	EQUALITY caseIgnoreMatch
335	SUBSTR caseIgnoreSubstringsMatch
336	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
337
338# Must be transferred using ;binary
339attributetype ( 2.5.4.52 NAME 'supportedAlgorithms'
340	DESC 'RFC2256: supported algorithms'
341	SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 )
342
343# Must be transferred using ;binary
344attributetype ( 2.5.4.53 NAME 'deltaRevocationList'
345	DESC 'RFC2256: delta revocation list; use ;binary'
346	SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
347
348attributetype ( 2.5.4.54 NAME 'dmdName'
349	DESC 'RFC2256: name of DMD'
350	SUP name )
351
352attributetype ( 2.5.4.65 NAME 'pseudonym'
353	DESC 'X.520(4th): pseudonym for the object'
354	SUP name )
355
356# Standard object classes from RFC2256
357
358# system schema
359#objectclass ( 2.5.6.0 NAME 'top'
360#	DESC 'RFC2256: top of the superclass chain'
361#	ABSTRACT
362#	MUST objectClass )
363
364# system schema
365#objectclass ( 2.5.6.1 NAME 'alias'
366#	DESC 'RFC2256: an alias'
367#	SUP top STRUCTURAL
368#	MUST aliasedObjectName )
369
370objectclass ( 2.5.6.2 NAME 'country'
371	DESC 'RFC2256: a country'
372	SUP top STRUCTURAL
373	MUST c
374	MAY ( searchGuide $ description ) )
375
376objectclass ( 2.5.6.3 NAME 'locality'
377	DESC 'RFC2256: a locality'
378	SUP top STRUCTURAL
379	MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) )
380
381objectclass ( 2.5.6.4 NAME 'organization'
382	DESC 'RFC2256: an organization'
383	SUP top STRUCTURAL
384	MUST o
385	MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
386		x121Address $ registeredAddress $ destinationIndicator $
387		preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
388		telephoneNumber $ internationalISDNNumber $
389		facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
390		postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
391
392objectclass ( 2.5.6.5 NAME 'organizationalUnit'
393	DESC 'RFC2256: an organizational unit'
394	SUP top STRUCTURAL
395	MUST ou
396	MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
397		x121Address $ registeredAddress $ destinationIndicator $
398		preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
399		telephoneNumber $ internationalISDNNumber $
400		facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
401		postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
402
403objectclass ( 2.5.6.6 NAME 'person'
404	DESC 'RFC2256: a person'
405	SUP top STRUCTURAL
406	MUST ( sn $ cn )
407	MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) )
408
409objectclass ( 2.5.6.7 NAME 'organizationalPerson'
410	DESC 'RFC2256: an organizational person'
411	SUP person STRUCTURAL
412	MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $
413		preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
414		telephoneNumber $ internationalISDNNumber $
415		facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
416		postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) )
417
418objectclass ( 2.5.6.8 NAME 'organizationalRole'
419	DESC 'RFC2256: an organizational role'
420	SUP top STRUCTURAL
421	MUST cn
422	MAY ( x121Address $ registeredAddress $ destinationIndicator $
423		preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
424		telephoneNumber $ internationalISDNNumber $ facsimileTelephoneNumber $
425		seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $
426		postOfficeBox $ postalCode $ postalAddress $
427		physicalDeliveryOfficeName $ ou $ st $ l $ description ) )
428
429objectclass ( 2.5.6.9 NAME 'groupOfNames'
430	DESC 'RFC2256: a group of names (DNs)'
431	SUP top STRUCTURAL
432	MUST ( member $ cn )
433	MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
434
435objectclass ( 2.5.6.10 NAME 'residentialPerson'
436	DESC 'RFC2256: an residential person'
437	SUP person STRUCTURAL
438	MUST l
439	MAY ( businessCategory $ x121Address $ registeredAddress $
440		destinationIndicator $ preferredDeliveryMethod $ telexNumber $
441		teletexTerminalIdentifier $ telephoneNumber $ internationalISDNNumber $
442		facsimileTelephoneNumber $ preferredDeliveryMethod $ street $
443		postOfficeBox $ postalCode $ postalAddress $
444		physicalDeliveryOfficeName $ st $ l ) )
445
446objectclass ( 2.5.6.11 NAME 'applicationProcess'
447	DESC 'RFC2256: an application process'
448	SUP top STRUCTURAL
449	MUST cn
450	MAY ( seeAlso $ ou $ l $ description ) )
451
452objectclass ( 2.5.6.12 NAME 'applicationEntity'
453	DESC 'RFC2256: an application entity'
454	SUP top STRUCTURAL
455	MUST ( presentationAddress $ cn )
456	MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $
457	description ) )
458
459objectclass ( 2.5.6.13 NAME 'dSA'
460	DESC 'RFC2256: a directory system agent (a server)'
461	SUP applicationEntity STRUCTURAL
462	MAY knowledgeInformation )
463
464objectclass ( 2.5.6.14 NAME 'device'
465	DESC 'RFC2256: a device'
466	SUP top STRUCTURAL
467	MUST cn
468	MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) )
469
470objectclass ( 2.5.6.15 NAME 'strongAuthenticationUser'
471	DESC 'RFC2256: a strong authentication user'
472	SUP top AUXILIARY
473	MUST userCertificate )
474
475objectclass ( 2.5.6.16 NAME 'certificationAuthority'
476	DESC 'RFC2256: a certificate authority'
477	SUP top AUXILIARY
478	MUST ( authorityRevocationList $ certificateRevocationList $
479		cACertificate ) MAY crossCertificatePair )
480
481objectclass ( 2.5.6.17 NAME 'groupOfUniqueNames'
482	DESC 'RFC2256: a group of unique names (DN and Unique Identifier)'
483	SUP top STRUCTURAL
484	MUST ( uniqueMember $ cn )
485	MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
486
487objectclass ( 2.5.6.18 NAME 'userSecurityInformation'
488	DESC 'RFC2256: a user security information'
489	SUP top AUXILIARY
490	MAY ( supportedAlgorithms ) )
491
492objectclass ( 2.5.6.16.2 NAME 'certificationAuthority-V2'
493	SUP certificationAuthority
494	AUXILIARY MAY ( deltaRevocationList ) )
495
496objectclass ( 2.5.6.19 NAME 'cRLDistributionPoint'
497	SUP top STRUCTURAL
498	MUST ( cn )
499	MAY ( certificateRevocationList $ authorityRevocationList $
500		deltaRevocationList ) )
501
502objectclass ( 2.5.6.20 NAME 'dmd'
503	SUP top STRUCTURAL
504	MUST ( dmdName )
505	MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
506		x121Address $ registeredAddress $ destinationIndicator $
507		preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
508		telephoneNumber $ internationalISDNNumber $ facsimileTelephoneNumber $
509		street $ postOfficeBox $ postalCode $ postalAddress $
510		physicalDeliveryOfficeName $ st $ l $ description ) )
511
512#
513# Object Classes from RFC 2587
514#
515objectclass ( 2.5.6.21 NAME 'pkiUser'
516	DESC 'RFC2587: a PKI user'
517	SUP top AUXILIARY
518	MAY userCertificate )
519
520objectclass ( 2.5.6.22 NAME 'pkiCA'
521	DESC 'RFC2587: PKI certificate authority'
522	SUP top AUXILIARY
523	MAY ( authorityRevocationList $ certificateRevocationList $
524		cACertificate $ crossCertificatePair ) )
525
526objectclass ( 2.5.6.23 NAME 'deltaCRL'
527	DESC 'RFC4523: X.509 delta CRL'
528	SUP top AUXILIARY
529	MAY deltaRevocationList )
530
531#
532# Standard Track URI label schema from RFC 2079
533# system schema
534#attributetype ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI'
535#	DESC 'RFC2079: Uniform Resource Identifier with optional label'
536#	EQUALITY caseExactMatch
537#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
538
539objectclass ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject'
540	DESC 'RFC2079: object that contains the URI attribute type'
541	SUP top AUXILIARY
542	MAY ( labeledURI ) )
543
544#
545# Derived from RFC 1274, but with new "short names"
546#
547#attributetype ( 0.9.2342.19200300.100.1.1
548#	NAME ( 'uid' 'userid' )
549#	DESC 'RFC1274: user identifier'
550#	EQUALITY caseIgnoreMatch
551#	SUBSTR caseIgnoreSubstringsMatch
552#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
553
554attributetype ( 0.9.2342.19200300.100.1.3
555	NAME ( 'mail' 'rfc822Mailbox' )
556	DESC 'RFC1274: RFC822 Mailbox'
557    EQUALITY caseIgnoreIA5Match
558    SUBSTR caseIgnoreIA5SubstringsMatch
559    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
560
561objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
562	DESC 'RFC1274: simple security object'
563	SUP top AUXILIARY
564	MUST userPassword )
565
566# RFC 1274 + RFC 2247
567attributetype ( 0.9.2342.19200300.100.1.25
568	NAME ( 'dc' 'domainComponent' )
569	DESC 'RFC1274/2247: domain component'
570	EQUALITY caseIgnoreIA5Match
571	SUBSTR caseIgnoreIA5SubstringsMatch
572	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
573
574# RFC 2247
575objectclass ( 1.3.6.1.4.1.1466.344 NAME 'dcObject'
576	DESC 'RFC2247: domain component object'
577	SUP top AUXILIARY MUST dc )
578
579# RFC 2377
580objectclass ( 1.3.6.1.1.3.1 NAME 'uidObject'
581	DESC 'RFC2377: uid object'
582	SUP top AUXILIARY MUST uid )
583
584# RFC 4524
585#   The 'associatedDomain' attribute specifies DNS [RFC1034][RFC2181]
586#   host names [RFC1123] that are associated with an object.   That is,
587#   values of this attribute should conform to the following ABNF:
588#
589#    domain = root / label *( DOT label )
590#    root   = SPACE
591#    label  = LETDIG [ *61( LETDIG / HYPHEN ) LETDIG ]
592#    LETDIG = %x30-39 / %x41-5A / %x61-7A ; "0" - "9" / "A"-"Z" / "a"-"z"
593#    SPACE  = %x20                        ; space (" ")
594#    HYPHEN = %x2D                        ; hyphen ("-")
595#    DOT    = %x2E                        ; period (".")
596attributetype ( 0.9.2342.19200300.100.1.37
597	NAME 'associatedDomain'
598	DESC 'RFC1274: domain associated with object'
599	EQUALITY caseIgnoreIA5Match
600	SUBSTR caseIgnoreIA5SubstringsMatch
601	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
602
603# RFC 2459 -- deprecated in favor of 'mail' (in cosine.schema)
604attributetype ( 1.2.840.113549.1.9.1
605	NAME ( 'email' 'emailAddress' 'pkcs9email' )
606	DESC 'RFC3280: legacy attribute for email addresses in DNs'
607	EQUALITY caseIgnoreIA5Match
608	SUBSTR caseIgnoreIA5SubstringsMatch
609	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
610
611