1# $OpenLDAP$ 2## This work is part of OpenLDAP Software <http://www.openldap.org/>. 3## 4## Copyright 1998-2021 The OpenLDAP Foundation. 5## All rights reserved. 6## 7## Redistribution and use in source and binary forms, with or without 8## modification, are permitted only as authorized by the OpenLDAP 9## Public License. 10## 11## A copy of this license is available in the file LICENSE in the 12## top-level directory of the distribution or, alternatively, at 13## <http://www.OpenLDAP.org/license.html>. 14 15# DUA schema from draft-joslin-config-schema (a work in progress) 16 17# Contents of this file are subject to change (including deletion) 18# without notice. 19# 20# Not recommended for production use! 21# Use with extreme caution! 22 23## Notes: 24## - The matching rule for attributes followReferrals and dereferenceAliases 25## has been changed to booleanMatch since their syntax is boolean 26## - There was a typo in the name of the dereferenceAliases attributeType 27## in the DUAConfigProfile objectClass definition 28## - Credit goes to the original Authors 29 30# 31# Application Working Group M. Ansari 32# INTERNET-DRAFT Sun Microsystems, Inc. 33# Expires February 2003 L. Howard 34# PADL Software Pty. Ltd. 35# B. Joslin [ed.] 36# Hewlett-Packard Company 37# 38# September 15th, 2003 39# Intended Category: Informational 40# 41# 42# A Configuration Schema for LDAP Based 43# Directory User Agents 44# <draft-joslin-config-schema-07.txt> 45# 46#Status of this Memo 47# 48# This memo provides information for the Internet community. This 49# memo does not specify an Internet standard of any kind. Distribu- 50# tion of this memo is unlimited. 51# 52# This document is an Internet-Draft and is in full conformance with 53# all provisions of Section 10 of RFC2026. 54# 55# This document is an Internet-Draft. Internet-Drafts are working 56# documents of the Internet Engineering Task Force (IETF), its areas, 57# and its working groups. Note that other groups may also distribute 58# working documents as Internet-Drafts. 59# 60# Internet-Drafts are draft documents valid for a maximum of six 61# months. Internet-Drafts may be updated, replaced, or made obsolete 62# by other documents at any time. It is not appropriate to use 63# Internet-Drafts as reference material or to cite them other than as 64# a "working draft" or "work in progress". 65# 66# To learn the current status of any Internet-Draft, please check the 67# 1id-abstracts.txt listing contained in the Internet-Drafts Shadow 68# Directories on ds.internic.net (US East Coast), nic.nordu.net 69# (Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific 70# Rim). 71# 72# Distribution of this document is unlimited. 73# 74# 75# Abstract 76# 77# This document describes a mechanism for global configuration of 78# similar directory user agents. This document defines a schema for 79# configuration of these DUAs that may be discovered using the Light- 80# weight Directory Access Protocol in RFC 2251[17]. A set of attri- 81# bute types and an objectclass are proposed, along with specific 82# guidelines for interpreting them. A significant feature of the 83# global configuration policy for DUAs is a mechanism that allows 84# DUAs to re-configure their schema to that of the end user's 85# environment. This configuration is achieved through attribute and 86# objectclass mapping. This document is intended to be a skeleton 87# for future documents that describe configuration of specific DUA 88# services. 89# 90# 91# [trimmed] 92# 93# 94# 2. General Issues 95# 96# The schema defined by this document is defined under the "DUA Con- 97# figuration Schema." This schema is derived from the OID: iso (1) 98# org (3) dod (6) internet (1) private (4) enterprises (1) Hewlett- 99# Packard Company (11) directory (1) LDAP-UX Integration Project (3) 100# DUA Configuration Schema (1). This OID is represented in this 101# document by the keystring "DUAConfSchemaOID" 102# (1.3.6.1.4.1.11.1.3.1). 103objectidentifier DUAConfSchemaOID 1.3.6.1.4.1.11.1.3.1 104# 105# 2.2 Attributes 106# 107# The attributes and classes defined in this document are summarized 108# below. 109# 110# The following attributes are defined in this document: 111# 112# preferredServerList 113# defaultServerList 114# defaultSearchBase 115# defaultSearchScope 116# authenticationMethod 117# credentialLevel 118# serviceSearchDescriptor 119# 120# 121# 122# Joslin [Page 3] 123# Internet-Draft DUA Configuration Schema October 2002 124# 125# 126# serviceCredentialLevel 127# serviceAuthenticationMethod 128# attributeMap 129# objectclassMap 130# searchTimeLimit 131# bindTimeLimit 132# followReferrals 133# dereferenceAliases 134# profileTTL 135# 136# 2.3 Object Classes 137# 138# The following object class is defined in this document: 139# 140# DUAConfigProfile 141# 142# 143attributeType ( DUAConfSchemaOID:1.0 NAME 'defaultServerList' 144 DESC 'Default LDAP server host address used by a DUA' 145 EQUALITY caseIgnoreMatch 146 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 147 SINGLE-VALUE ) 148 149attributeType ( DUAConfSchemaOID:1.1 NAME 'defaultSearchBase' 150 DESC 'Default LDAP base DN used by a DUA' 151 EQUALITY distinguishedNameMatch 152 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 153 SINGLE-VALUE ) 154 155attributeType ( DUAConfSchemaOID:1.2 NAME 'preferredServerList' 156 DESC 'Preferred LDAP server host addresses to be used by a 157 DUA' 158 EQUALITY caseIgnoreMatch 159 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 160 SINGLE-VALUE ) 161 162attributeType ( DUAConfSchemaOID:1.3 NAME 'searchTimeLimit' 163 DESC 'Maximum time in seconds a DUA should allow for a 164 search to complete' 165 EQUALITY integerMatch 166 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 167 SINGLE-VALUE ) 168 169attributeType ( DUAConfSchemaOID:1.4 NAME 'bindTimeLimit' 170 DESC 'Maximum time in seconds a DUA should allow for the 171 bind operation to complete' 172 EQUALITY integerMatch 173 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 174 SINGLE-VALUE ) 175 176attributeType ( DUAConfSchemaOID:1.5 NAME 'followReferrals' 177 DESC 'Tells DUA if it should follow referrals 178 returned by a DSA search result' 179 EQUALITY booleanMatch 180 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 181 SINGLE-VALUE ) 182 183attributeType ( DUAConfSchemaOID:1.16 NAME 'dereferenceAliases' 184 DESC 'Tells DUA if it should dereference aliases' 185 EQUALITY booleanMatch 186 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 187 SINGLE-VALUE ) 188 189attributeType ( DUAConfSchemaOID:1.6 NAME 'authenticationMethod' 190 DESC 'A keystring which identifies the type of 191 authentication method used to contact the DSA' 192 EQUALITY caseIgnoreMatch 193 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 194 SINGLE-VALUE ) 195 196attributeType ( DUAConfSchemaOID:1.7 NAME 'profileTTL' 197 DESC 'Time to live, in seconds, before a client DUA 198 should re-read this configuration profile' 199 EQUALITY integerMatch 200 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 201 SINGLE-VALUE ) 202 203attributeType ( DUAConfSchemaOID:1.14 NAME 'serviceSearchDescriptor' 204 DESC 'LDAP search descriptor list used by a DUA' 205 EQUALITY caseExactMatch 206 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 207 208attributeType ( DUAConfSchemaOID:1.9 NAME 'attributeMap' 209 DESC 'Attribute mappings used by a DUA' 210 EQUALITY caseIgnoreIA5Match 211 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 212 213attributeType ( DUAConfSchemaOID:1.10 NAME 'credentialLevel' 214 DESC 'Identifies type of credentials a DUA should 215 use when binding to the LDAP server' 216 EQUALITY caseIgnoreIA5Match 217 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 218 SINGLE-VALUE ) 219 220attributeType ( DUAConfSchemaOID:1.11 NAME 'objectclassMap' 221 DESC 'Objectclass mappings used by a DUA' 222 EQUALITY caseIgnoreIA5Match 223 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 224 225attributeType ( DUAConfSchemaOID:1.12 NAME 'defaultSearchScope' 226 DESC 'Default search scope used by a DUA' 227 EQUALITY caseIgnoreIA5Match 228 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 229 SINGLE-VALUE ) 230 231attributeType ( DUAConfSchemaOID:1.13 NAME 'serviceCredentialLevel' 232 DESC 'Identifies type of credentials a DUA 233 should use when binding to the LDAP server for a 234 specific service' 235 EQUALITY caseIgnoreIA5Match 236 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 237 238attributeType ( DUAConfSchemaOID:1.15 NAME 'serviceAuthenticationMethod' 239 DESC 'Authentication method used by a service of the DUA' 240 EQUALITY caseIgnoreMatch 241 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 242# 243# 4. Class Definition 244# 245# The objectclass below is constructed from the attributes defined in 246# 3, with the exception of the cn attribute, which is defined in RFC 247# 2256 [8]. cn is used to represent the name of the DUA configura- 248# tion profile. 249# 250objectClass ( DUAConfSchemaOID:2.5 NAME 'DUAConfigProfile' 251 SUP top STRUCTURAL 252 DESC 'Abstraction of a base configuration for a DUA' 253 MUST ( cn ) 254 MAY ( defaultServerList $ preferredServerList $ 255 defaultSearchBase $ defaultSearchScope $ 256 searchTimeLimit $ bindTimeLimit $ 257 credentialLevel $ authenticationMethod $ 258 followReferrals $ dereferenceAliases $ 259 serviceSearchDescriptor $ serviceCredentialLevel $ 260 serviceAuthenticationMethod $ objectclassMap $ 261 attributeMap $ profileTTL ) ) 262