Rev 4 | Blame | Compare with Previous | Last modification | View Log | RSS feed
# $OpenLDAP$## This work is part of OpenLDAP Software <http://www.openldap.org/>.#### Copyright 1998-2014 The OpenLDAP Foundation.## All rights reserved.#### Redistribution and use in source and binary forms, with or without## modification, are permitted only as authorized by the OpenLDAP## Public License.#### A copy of this license is available in the file LICENSE in the## top-level directory of the distribution or, alternatively, at## <http://www.OpenLDAP.org/license.html>.# DUA schema from draft-joslin-config-schema (a work in progress)# Contents of this file are subject to change (including deletion)# without notice.## Not recommended for production use!# Use with extreme caution!## Notes:## - The matching rule for attributes followReferrals and dereferenceAliases## has been changed to booleanMatch since their syntax is boolean## - There was a typo in the name of the dereferenceAliases attributeType## in the DUAConfigProfile objectClass definition## - Credit goes to the original Authors## Application Working Group M. Ansari# INTERNET-DRAFT Sun Microsystems, Inc.# Expires Febuary 2003 L. Howard# PADL Software Pty. Ltd.# B. Joslin [ed.]# Hewlett-Packard Company## September 15th, 2003# Intended Category: Informational### A Configuration Schema for LDAP Based# Directory User Agents# <draft-joslin-config-schema-07.txt>##Status of this Memo## This memo provides information for the Internet community. This# memo does not specify an Internet standard of any kind. Distribu-# tion of this memo is unlimited.## This document is an Internet-Draft and is in full conformance with# all provisions of Section 10 of RFC2026.## This document is an Internet-Draft. Internet-Drafts are working# documents of the Internet Engineering Task Force (IETF), its areas,# and its working groups. Note that other groups may also distribute# working documents as Internet-Drafts.## Internet-Drafts are draft documents valid for a maximum of six# months. Internet-Drafts may be updated, replaced, or made obsolete# by other documents at any time. It is not appropriate to use# Internet-Drafts as reference material or to cite them other than as# a "working draft" or "work in progress".## To learn the current status of any Internet-Draft, please check the# 1id-abstracts.txt listing contained in the Internet-Drafts Shadow# Directories on ds.internic.net (US East Coast), nic.nordu.net# (Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific# Rim).## Distribution of this document is unlimited.### Abstract## This document describes a mechanism for global configuration of# similar directory user agents. This document defines a schema for# configuration of these DUAs that may be discovered using the Light-# weight Directory Access Protocol in RFC 2251[17]. A set of attri-# bute types and an objectclass are proposed, along with specific# guidelines for interpreting them. A significant feature of the# global configuration policy for DUAs is a mechanism that allows# DUAs to re-configure their schema to that of the end user's# environment. This configuration is achieved through attribute and# objectclass mapping. This document is intended to be a skeleton# for future documents that describe configuration of specific DUA# services.### [trimmed]### 2. General Issues## The schema defined by this document is defined under the "DUA Con-# figuration Schema." This schema is derived from the OID: iso (1)# org (3) dod (6) internet (1) private (4) enterprises (1) Hewlett-# Packard Company (11) directory (1) LDAP-UX Integration Project (3)# DUA Configuration Schema (1). This OID is represented in this# document by the keystring "DUAConfSchemaOID"# (1.3.6.1.4.1.11.1.3.1).objectidentifier DUAConfSchemaOID 1.3.6.1.4.1.11.1.3.1## 2.2 Attributes## The attributes and classes defined in this document are summarized# below.## The following attributes are defined in this document:## preferredServerList# defaultServerList# defaultSearchBase# defaultSearchScope# authenticationMethod# credentialLevel# serviceSearchDescriptor#### Joslin [Page 3]# Internet-Draft DUA Configuration Schema October 2002### serviceCredentialLevel# serviceAuthenticationMethod# attributeMap# objectclassMap# searchTimeLimit# bindTimeLimit# followReferrals# dereferenceAliases# profileTTL## 2.3 Object Classes## The following object class is defined in this document:## DUAConfigProfile##attributeType ( DUAConfSchemaOID:1.0 NAME 'defaultServerList'DESC 'Default LDAP server host address used by a DUA'EQUALITY caseIgnoreMatchSYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUE )attributeType ( DUAConfSchemaOID:1.1 NAME 'defaultSearchBase'DESC 'Default LDAP base DN used by a DUA'EQUALITY distinguishedNameMatchSYNTAX 1.3.6.1.4.1.1466.115.121.1.12SINGLE-VALUE )attributeType ( DUAConfSchemaOID:1.2 NAME 'preferredServerList'DESC 'Preferred LDAP server host addresses to be used by aDUA'EQUALITY caseIgnoreMatchSYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUE )attributeType ( DUAConfSchemaOID:1.3 NAME 'searchTimeLimit'DESC 'Maximum time in seconds a DUA should allow for asearch to complete'EQUALITY integerMatchSYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUE )attributeType ( DUAConfSchemaOID:1.4 NAME 'bindTimeLimit'DESC 'Maximum time in seconds a DUA should allow for thebind operation to complete'EQUALITY integerMatchSYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUE )attributeType ( DUAConfSchemaOID:1.5 NAME 'followReferrals'DESC 'Tells DUA if it should follow referralsreturned by a DSA search result'EQUALITY booleanMatchSYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUE )attributeType ( DUAConfSchemaOID:1.16 NAME 'dereferenceAliases'DESC 'Tells DUA if it should dereference aliases'EQUALITY booleanMatchSYNTAX 1.3.6.1.4.1.1466.115.121.1.7SINGLE-VALUE )attributeType ( DUAConfSchemaOID:1.6 NAME 'authenticationMethod'DESC 'A keystring which identifies the type ofauthentication method used to contact the DSA'EQUALITY caseIgnoreMatchSYNTAX 1.3.6.1.4.1.1466.115.121.1.15SINGLE-VALUE )attributeType ( DUAConfSchemaOID:1.7 NAME 'profileTTL'DESC 'Time to live, in seconds, before a client DUAshould re-read this configuration profile'EQUALITY integerMatchSYNTAX 1.3.6.1.4.1.1466.115.121.1.27SINGLE-VALUE )attributeType ( DUAConfSchemaOID:1.14 NAME 'serviceSearchDescriptor'DESC 'LDAP search descriptor list used by a DUA'EQUALITY caseExactMatchSYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )attributeType ( DUAConfSchemaOID:1.9 NAME 'attributeMap'DESC 'Attribute mappings used by a DUA'EQUALITY caseIgnoreIA5MatchSYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )attributeType ( DUAConfSchemaOID:1.10 NAME 'credentialLevel'DESC 'Identifies type of credentials a DUA shoulduse when binding to the LDAP server'EQUALITY caseIgnoreIA5MatchSYNTAX 1.3.6.1.4.1.1466.115.121.1.26SINGLE-VALUE )attributeType ( DUAConfSchemaOID:1.11 NAME 'objectclassMap'DESC 'Objectclass mappings used by a DUA'EQUALITY caseIgnoreIA5MatchSYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )attributeType ( DUAConfSchemaOID:1.12 NAME 'defaultSearchScope'DESC 'Default search scope used by a DUA'EQUALITY caseIgnoreIA5MatchSYNTAX 1.3.6.1.4.1.1466.115.121.1.26SINGLE-VALUE )attributeType ( DUAConfSchemaOID:1.13 NAME 'serviceCredentialLevel'DESC 'Identifies type of credentials a DUAshould use when binding to the LDAP server for aspecific service'EQUALITY caseIgnoreIA5MatchSYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )attributeType ( DUAConfSchemaOID:1.15 NAME 'serviceAuthenticationMethod'DESC 'Authentication method used by a service of the DUA'EQUALITY caseIgnoreMatchSYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )## 4. Class Definition## The objectclass below is constructed from the attributes defined in# 3, with the exception of the cn attribute, which is defined in RFC# 2256 [8]. cn is used to represent the name of the DUA configura-# tion profile.#objectClass ( DUAConfSchemaOID:2.5 NAME 'DUAConfigProfile'SUP top STRUCTURALDESC 'Abstraction of a base configuration for a DUA'MUST ( cn )MAY ( defaultServerList $ preferredServerList $defaultSearchBase $ defaultSearchScope $searchTimeLimit $ bindTimeLimit $credentialLevel $ authenticationMethod $followReferrals $ dereferenceAliases $serviceSearchDescriptor $ serviceCredentialLevel $serviceAuthenticationMethod $ objectclassMap $attributeMap $ profileTTL ) )