diff --git a/doc/conf/LSattribute/check-data.docbook b/doc/conf/LSattribute/check-data.docbook index be9842a3..f349acf3 100644 --- a/doc/conf/LSattribute/check-data.docbook +++ b/doc/conf/LSattribute/check-data.docbook @@ -54,6 +54,7 @@ règles. &conf-LSattribute-check-data-imagesize; &conf-LSattribute-check-data-inarray; &conf-LSattribute-check-data-integer; +&conf-LSattribute-check-data-ldapSearchURI; &conf-LSattribute-check-data-lettersonly; &conf-LSattribute-check-data-maxlength; &conf-LSattribute-check-data-minlength; diff --git a/doc/conf/LSattribute/check_data/LSattribute-check_data.entities.xml b/doc/conf/LSattribute/check_data/LSattribute-check_data.entities.xml index afae6232..17ebbb7c 100644 --- a/doc/conf/LSattribute/check_data/LSattribute-check_data.entities.xml +++ b/doc/conf/LSattribute/check_data/LSattribute-check_data.entities.xml @@ -9,6 +9,7 @@ + diff --git a/doc/conf/LSattribute/check_data/ldapSearchURI.docbook b/doc/conf/LSattribute/check_data/ldapSearchURI.docbook new file mode 100644 index 00000000..10370c4a --- /dev/null +++ b/doc/conf/LSattribute/check_data/ldapSearchURI.docbook @@ -0,0 +1,92 @@ + + ldapSearchURI + Cette règle vérifie que la valeur est une URI de recherche LDAP valide, c'est + à dire, par exemple, + ldaps://ldap.example.com:636/o=example?attr1,attr2?one?(gidNumber=100) + + Cette vérification commence par découper la valeur à l'aide du sépérateur + ? et elle s'assure ensuite : + + + Que la première partie est bien une URI LDAP valide. Si l'hôte + LDAP est spécifié, elle s'assure qu'il soit une adresse IP ou un nom de domaine valide. + Si le port LDAP est spécifié, elle s'assure également qu'il soit correct et que l'hôte + est également bien spécifié. + + Si la base de recherche est spécifiée, elle s'assure qu'elle soit + compatible avec la racine de l'annuaire connecté. + + Si un ou plusieurs attributs sont spécifiés, elle les vérifie un à un + afin de vérifier qu'il s'agit de nom d'attribut valide. + + Que le scope de recherche soit bien spécifié et valide. + + + Si le filtre de recherche est spécifié, elle vérifie qu'il soit valide. + + + + + + + Paramêtres de configuration + + + check_resolving_ldap_host + + Si l'hôte du serveur LDAP est spécifié et qu'il s'agit d'un nom de domaine valide, + un tentative de résolution DNS sera également faite (optionnel, par défaut : + Vrai). + + + + + host_required + + Booléen détermintant si une erreur est relevée en cas d'absence de l'hôte + LDAP. (optionnel, par défaut : Faux) + + + + + basedn_required + + Booléen détermintant si une erreur est relevée en cas d'absence de base de + recherche. (optionnel, par défaut : Faux) + + + + + scope_required + + Booléen détermintant si une erreur est relevée en cas d'absence de portée de + recherche. (optionnel, par défaut : Vrai) + + + + + attr_required + + Booléen détermintant si une erreur est relevée en cas d'absence d'attribut + recherché. (optionnel, par défaut : Faux) + + + + + max_attrs_count + + Nombre maximum d'attribut recherchés. (optionnel, par défaut : pas de limite) + + + + + + filter_required + + Booléen détermintant si une erreur est relevée en cas d'absence de filtre de + recherche. (optionnel, par défaut : Faux) + + + + + diff --git a/lsexample/lsexample.ldif b/lsexample/lsexample.ldif deleted file mode 100644 index c8a0be34..00000000 --- a/lsexample/lsexample.ldif +++ /dev/null @@ -1,713 +0,0 @@ -dn: o=ls -objectClass: top -objectClass: organization -o: ls -structuralObjectClass: organization - -dn: sambaDomainName=LS,o=ls -objectClass: sambaDomain -objectClass: sambaUnixIdPool -objectClass: sambaSidEntry -objectClass: top -structuralObjectClass: sambaSidEntry -sambaDomainName: LS -sambaSID: S-1-5-21-4207250186-2406131440-3849861866 -uidNumber: 800000 -gidNumber: 800002 - -dn: ou=sysaccounts,o=ls -objectClass: top -objectClass: organizationalUnit -ou: sysaccounts -structuralObjectClass: organizationalUnit - -dn: uid=mail,ou=sysaccounts,o=ls -objectClass: top -objectClass: lssysaccount -uid: mail -userPassword: toto -pwdPolicySubentry: cn=sysaccounts,ou=ppolicies,o=ls -structuralObjectClass: lssysaccount - -dn: uid=samba,ou=sysaccounts,o=ls -objectClass: top -objectClass: lssysaccount -uid: samba -userPassword: toto -pwdPolicySubentry: cn=sysaccounts,ou=ppolicies,o=ls -structuralObjectClass: lssysaccount - -dn: uid=ldapsaisie,ou=sysaccounts,o=ls -objectClass: top -objectClass: lssysaccount -uid: ldapsaisie -userPassword: toto -pwdPolicySubentry: cn=sysaccounts,ou=ppolicies,o=ls -structuralObjectClass: lssysaccount - -dn: ou=groups,o=ls -objectClass: top -objectClass: organizationalUnit -ou: groups -structuralObjectClass: organizationalUnit - -dn: cn=adminldap,ou=groups,o=ls -objectClass: top -objectClass: lsgroup -objectClass: posixGroup -objectClass: sambaGroupMapping -cn: adminldap -gidNumber: 70000 -sambaSID: S-1-5-21-2421470416-3566881284-3047381809-70000 -sambaGroupType: 2 -structuralObjectClass: posixGroup -uniqueMember: uid=admin,ou=people,o=ls - -dn: cn=invite,ou=groups,o=ls -objectClass: top -objectClass: lsgroup -objectClass: posixGroup -objectClass: sambaGroupMapping -cn: invite -gidNumber: 101009 -sambaSID: S-1-5-21-2421470416-3566881284-3047381809-203019 -sambaGroupType: 2 -structuralObjectClass: posixGroup - -dn: cn=ls,ou=groups,o=ls -objectClass: top -objectClass: lsgroup -objectClass: posixGroup -objectClass: sambaGroupMapping -cn: ls -gidNumber: 102001 -sambaSID: S-1-5-21-2421470416-3566881284-3047381809-205003 -sambaGroupType: 2 -structuralObjectClass: posixGroup -uniqueMember: uid=invite,ou=people,o=ls - -dn: cn=informatique,ou=groups,o=ls -objectClass: top -objectClass: lsgroup -objectClass: posixGroup -objectClass: sambaGroupMapping -gidNumber: 102009 -sambaSID: S-1-5-21-2421470416-3566881284-3047381809-205019 -sambaGroupType: 2 -cn: informatique -structuralObjectClass: posixGroup -uniqueMember: uid=eeggs,ou=people,o=ls -uniqueMember: uid=admin,ou=people,o=ls - -dn: cn=direction,ou=groups,o=ls -objectClass: top -objectClass: lsgroup -objectClass: posixGroup -objectClass: sambaGroupMapping -cn: direction -gidNumber: 102007 -sambaSID: S-1-5-21-2421470416-3566881284-3047381809-205015 -sambaGroupType: 2 -structuralObjectClass: posixGroup -uniqueMember: uid=hmartin,ou=people,o=ls -uniqueMember: uid=eeggs,ou=people,o=ls - -dn: cn=administratif,ou=groups,o=ls -objectClass: top -objectClass: lsgroup -objectClass: posixGroup -objectClass: sambaGroupMapping -cn: administratif -gidNumber: 102005 -sambaSID: S-1-5-21-2421470416-3566881284-3047381809-205011 -sambaGroupType: 2 -structuralObjectClass: posixGroup - -dn: cn=communication,ou=groups,o=ls -objectClass: top -objectClass: lsgroup -objectClass: posixGroup -objectClass: sambaGroupMapping -cn: communication -gidNumber: 102003 -sambaSID: S-1-5-21-2421470416-3566881284-3047381809-205007 -sambaGroupType: 2 -structuralObjectClass: posixGroup - -dn: ou=people,o=ls -objectClass: top -objectClass: organizationalUnit -ou: people -structuralObjectClass: organizationalUnit - -dn: uid=hmartin,ou=people,o=ls -objectClass: top -objectClass: lspeople -objectClass: posixAccount -objectClass: shadowAccount -objectClass: sambaSamAccount -uid: hmartin -homeDirectory: /home/com -loginShell: /bin/false -uidNumber: 101022 -sambaAcctFlags: [U ] -sambaSID: S-1-5-21-2421470416-3566881284-3047381809-203044 -givenName: Henri -sn: MARTIN -gidNumber: 102001 -lsAllowedServices: MAIL -lsAllowedServices: SAMBA -lsAllowedServices: FTP -cn: Henri MARTIN -sambaPrimaryGroupSID: S-1-5-21-2421470416-3566881284-3047381809-205003 -personalTitle: M. -lsGodfatherDn: uid=eeggs,ou=people,o=ls -userPassword: toto -sambaLMPassword: 0182BD0BD4444BF836077A718CCDF409 -sambaNTPassword: 259745CB123A52AA2E693AAACCA2DB52 -structuralObjectClass: lspeople -mail: henri.martin@ls.com - -dn: uid=s.ldapsaisie,ou=people,o=ls -objectClass: top -objectClass: lspeople -objectClass: posixAccount -objectClass: shadowAccount -objectClass: sambaSamAccount -loginShell: /bin/false -uidNumber: 101036 -userPassword: toto -sambaAcctFlags: [U ] -sambaSID: S-1-5-21-2421470416-3566881284-3047381809-203072 -sambaNTPassword: 8DB716B655D71DF6BD056A41B22B9EA9 -sambaLMPassword: 6CE56DC112C920EF0F5E44C88BF9DC39 -givenName: Secretariat -mail: secretariat@ldapsaisie.biz -lsAllowedServices: MAIL -lsAllowedServices: SAMBA -lsAllowedServices: FTP -sambaPrimaryGroupSID: S-1-5-21-2421470416-3566881284-3047381809-513 -structuralObjectClass: lspeople -personalTitle: M. -sn: LdapSaisie -cn: Secretariat LdapSaisie -gidNumber: 70000 -uid: s.ldapsaisie -homeDirectory: /home/s.ldapsaisie - -dn: uid=ls,ou=people,o=ls -objectClass: top -objectClass: lspeople -objectClass: posixAccount -objectClass: shadowAccount -objectClass: sambaSamAccount -uid: ls -homeDirectory: /home/ls -loginShell: /bin/false -uidNumber: 101068 -userPassword: toto -sambaAcctFlags: [U ] -sambaLMPassword: 6E72264E11F708C0AAD3B435B51404EE -sambaNTPassword: 8D9B9B87EE8C0423691F4F0E00C5BDE1 -sambaSID: S-1-5-21-2421470416-3566881284-3047381809-203136 -gidNumber: 102001 -lsAllowedServices: MAIL -lsAllowedServices: SAMBA -lsAllowedServices: FTP -sambaPrimaryGroupSID: S-1-5-21-2421470416-3566881284-3047381809-205003 -structuralObjectClass: lspeople -personalTitle: M. -givenName: Ldap -sn: Saisie -cn: LdapSaisie -mail: ldap.saisie@ls.com -description: toto - -dn: uid=erwpa,ou=people,o=ls -uid: erwpa -objectClass: top -objectClass: lspeople -objectClass: posixAccount -objectClass: shadowAccount -objectClass: sambaSamAccount -uidNumber: 101082 -sambaAcctFlags: [U ] -homeDirectory: /home/erwpa -loginShell: /bin/false -sambaSID: S-1-5-21-2421470416-3566881284-3047381809-203164 -sn: PAGEARD -gidNumber: 102009 -mail: erwan.page@ldapsaisie.biz -lsAllowedServices: MAIL -lsAllowedServices: SAMBA -lsAllowedServices: FTP -cn: Erwan PAGE -sambaPrimaryGroupSID: S-1-5-21-2421470416-3566881284-3047381809-205019 -personalTitle: M. -givenName: Erwan -lsGodfatherDn: uid=eeggs,ou=people,o=ls -userPassword: toto -sambaLMPassword: B3298C30FB103112C187B8085FE1D9DF -sambaNTPassword: 59D2D06177D147726BBA6AECBCB080BC -structuralObjectClass: lspeople - -dn: uid=eeggs2,ou=people,o=ls -objectClass: top -objectClass: lspeople -objectClass: posixAccount -objectClass: shadowAccount -uid: eeggs2 -uidNumber: 1000000 -gidNumber: 102009 -facsimileTelephoneNumber: 030000000 -lsAllowedServices: MAIL -lsAllowedServices: FTP -description: Utilisateur test Easter-eggs 2 -cn: Easter Eggs 2 -personalTitle: M. -homeDirectory: /home/eeggs -loginShell: /bin/false -sn: Eggs -givenName: Easter -mail: bn8@zionetrix.net -userPassword: toto -structuralObjectClass: lspeople - -dn: uid=eeggs3,ou=people,o=ls -objectClass: top -objectClass: lspeople -objectClass: posixAccount -objectClass: shadowAccount -uid: eeggs3 -uidNumber: 10000000 -gidNumber: 102009 -facsimileTelephoneNumber: 030000000 -lsAllowedServices: MAIL -lsAllowedServices: FTP -description: Utilisateur test Easter-eggs 2 -cn: Easter Eggs 2 -personalTitle: M. -homeDirectory: /home/eeggs -loginShell: /bin/false -sn: Eggs -givenName: Easter -mail: bn8@zionetrix.net -userPassword: toto -structuralObjectClass: lspeople - -dn: ou=companies,o=ls -objectClass: organizationalUnit -objectClass: top -ou: companies -structuralObjectClass: organizationalUnit - -dn: ou=company2,ou=companies,o=ls -objectClass: top -objectClass: lscompany -ou: company2 -description:: dGVzdCAyIA== -structuralObjectClass: lscompany - -dn: ou=people,ou=company2,ou=companies,o=ls -objectClass: top -objectClass: organizationalUnit -ou: people -structuralObjectClass: organizationalUnit - -dn: ou=groups,ou=company2,ou=companies,o=ls -objectClass: top -objectClass: organizationalUnit -ou: groups -structuralObjectClass: organizationalUnit - -dn: ou=company1,ou=companies,o=ls -objectClass: top -objectClass: lscompany -ou: company1 -description: Test company 1 -structuralObjectClass: lscompany - -dn: ou=people,ou=company1,ou=companies,o=ls -objectClass: top -objectClass: organizationalUnit -ou: people -structuralObjectClass: organizationalUnit - -dn: ou=groups,ou=company1,ou=companies,o=ls -objectClass: top -objectClass: organizationalUnit -ou: groups -structuralObjectClass: organizationalUnit - -dn: ou=company3,ou=companies,o=ls -objectClass: top -objectClass: lscompany -ou: company3 -description: test 3 -structuralObjectClass: lscompany - -dn: ou=people,ou=company3,ou=companies,o=ls -objectClass: top -objectClass: organizationalUnit -ou: people -structuralObjectClass: organizationalUnit - -dn: ou=groups,ou=company3,ou=companies,o=ls -objectClass: top -objectClass: organizationalUnit -ou: groups -structuralObjectClass: organizationalUnit - -dn: cn=test,ou=groups,ou=company2,ou=companies,o=ls -objectClass: lsgroup -objectClass: posixGroup -cn: test -gidNumber: 102010 -structuralObjectClass: posixGroup - -dn: cn=group1,ou=groups,ou=company1,ou=companies,o=ls -objectClass: lsgroup -objectClass: posixGroup -cn: group1 -gidNumber: 102011 -uniqueMember: uid=user1,ou=people,ou=company1,ou=companies,o=ls -structuralObjectClass: posixGroup - -dn: uid=user1,ou=people,ou=company1,ou=companies,o=ls -objectClass: top -objectClass: lspeople -objectClass: posixAccount -objectClass: shadowAccount -objectClass: sambaSamAccount -givenName: prenom1 -loginShell: /bin/false -personalTitle: M. -uid: user1 -uidNumber: 10000001 -sn: nom1 -cn: prenom1 nom1 -gidNumber: 101009 -sambaSID: S-1-5-21-2421470416-3566881284-3047381809-20001002 -homeDirectory: /home/user1 -mail: user1@ls.com -description: user1 -userPassword: toto -sambaLMPassword: FC26CDB2863917C1AAD3B435B51404EE -sambaNTPassword: 00B2C85DDFBD8CC81602D6FC7340EB0B -structuralObjectClass: lspeople - -dn: uid=user2,ou=people,ou=company1,ou=companies,o=ls -objectClass: top -objectClass: lspeople -objectClass: posixAccount -objectClass: shadowAccount -objectClass: sambaSamAccount -givenName: prenom2 -loginShell: /bin/false -personalTitle: M. -uid: user2 -uidNumber: 10000002 -sn: nom2 -cn: prenom2 nom2 -gidNumber: 102001 -sambaSID: S-1-5-21-2421470416-3566881284-3047381809-20001004 -homeDirectory: /home/user2 -mail: user2@ls.com -userPassword: toto -sambaLMPassword: C53D7C8685D27214AAD3B435B51404EE -sambaNTPassword: C549EE84021E5E8372E10CEDEAFD02A8 -structuralObjectClass: lspeople - -dn: ou=company4,ou=companies,o=ls -objectClass: top -objectClass: lscompany -ou: company4 -description: test -structuralObjectClass: lscompany - -dn: ou=people,ou=company4,ou=companies,o=ls -objectClass: top -objectClass: organizationalUnit -ou: people -structuralObjectClass: organizationalUnit - -dn: ou=groups,ou=company4,ou=companies,o=ls -objectClass: top -objectClass: organizationalUnit -ou: groups -structuralObjectClass: organizationalUnit - -dn: cn=testpasdn,ou=groups,o=ls -objectClass: lsgroup -objectClass: posixGroup -cn: testpasdn -gidNumber: 102012 -structuralObjectClass: posixGroup -uniqueMember: uid=erwpa,ou=people,o=ls -uniqueMember: uid=eeggs,ou=people,o=ls -uniqueMember: uid=ls,ou=people,o=ls - -dn: uid=eeggs,ou=people,o=ls -objectClass: top -objectClass: lspeople -objectClass: posixAccount -objectClass: shadowAccount -objectClass: sambaSamAccount -loginShell: /bin/bash -personalTitle: M. -uidNumber: 10000008 -sn: Eggs -gidNumber: 102009 -sambaSID: S-1-5-21-2421470416-3566881284-3047381809-20001016 -userPassword: toto -sambaLMPassword: A466CD4F80A06085E68AA26A841A86FA -sambaNTPassword: 1F2029FF8619E2FEE2189C5A9653BDD5 -structuralObjectClass: lspeople -uid: eeggs -givenName: Easter -cn: Easter Eggs -homeDirectory: /home/eeggs -mail: easter.eggs@ls.com - -dn: cn=secretariat,ou=groups,o=ls -objectClass: lsgroup -objectClass: posixGroup -cn: secretariat -gidNumber: 102013 -uniqueMember: uid=hmartin,ou=people,o=ls -structuralObjectClass: posixGroup - -dn: uid=invite,ou=people,o=ls -objectClass: top -objectClass: lspeople -objectClass: posixAccount -objectClass: shadowAccount -objectClass: sambaSamAccount -givenName: Utilisateur -loginShell: /bin/false -personalTitle: M. -uid: invite -uidNumber: 10000012 -sn: de passage -cn: Utilisateur de passage -gidNumber: 101009 -sambaSID: S-1-5-21-2421470416-3566881284-3047381809-20001024 -homeDirectory: /home/invite -mail: invite@ldapsaisie.biz -userPassword: toto -sambaLMPassword: 0182BD0BD4444BF836077A718CCDF409 -sambaNTPassword: 259745CB123A52AA2E693AAACCA2DB52 -structuralObjectClass: lspeople - -dn: uid=demo,ou=people,o=ls -objectClass: top -objectClass: lspeople -objectClass: posixAccount -objectClass: shadowAccount -objectClass: sambaSamAccount -givenName: Demonstration -loginShell: /bin/false -personalTitle: M. -uid: demo -uidNumber: 10000014 -sn: LdapSaisie -cn: Demonstration LdapSaisie -gidNumber: 70000 -sambaSID: S-1-5-21-2421470416-3566881284-3047381809-20001028 -homeDirectory: /home/demo -mail: demo@ls.com -description:: VXRpbGlzYXRldXIgZGUgZMOpbW9uc3RyYXRpb24= -userPassword: demo -sambaLMPassword: 193DB29CB51FD313AAD3B435B51404EE -sambaNTPassword: 527C9C819B286EFB8EC4EBB5B5AE71CF -structuralObjectClass: lspeople - -dn: uid=admin,ou=people,o=ls -objectClass: top -objectClass: lspeople -objectClass: posixAccount -objectClass: shadowAccount -objectClass: sambaSamAccount -givenName: Administration -loginShell: /bin/false -personalTitle: M. -uid: admin -uidNumber: 10000015 -sn: LdapSaisie -cn: Administration LdapSaisie -gidNumber: 70000 -sambaSID: S-1-5-21-2421470416-3566881284-3047381809-20001030 -homeDirectory: /home/admin -userPassword: admin -sambaLMPassword: F0D412BD764FFE81AAD3B435B51404EE -sambaNTPassword: 209C6174DA490CAEB422F3FA5A7AE634 -structuralObjectClass: lspeople -description:: VXRpbGlzYXRldXIgZGUgZMOpbW9uc3RyYXRpb24gOiBBZG1pbmlzdHJhdGV1cg== -jpegPhoto:: iVBORw0KGgoAAAANSUhEUgAAAOkAAAAyCAYAAAC5zvwPAAAABHNCSVQICAgIfAhkiA - AAAAlwSFlzAAAevgAAHr4BkbqOfgAAABl0RVh0U29mdHdhcmUAd3d3Lmlua3NjYXBlLm9yZ5vuPBo - AABdiSURBVHic7Z15nBTVtce/p2YBZACRYBTBDdwRoqio8SkGmRmQxJgo6sP4YjafRg3ODBqNUXFJ - EIYBNfm45OWjvqhPQ4wmGpgeQFHEqHFBg8aoKCAQWUREFGbpOu+PWz1dVV3VXT1dM4Omf5/P/XTX7 - btVV517zz3bFVXliwwRORhodGXdoKq/7a7xdAfkgpfK6Ld+AK3l/Sm1d7C1Zb3eOfGz7h5XEKSuaT - yqt7dn2NZknT1uaZf1X9N4NiLT2zMsmagzK5d3Vf9BKI2zMRG5CDjRlTVHVZ+Ls48O4GhgH9f1e90 - 1kK6EXJY4EovzEU6gguEkS0qxkmADFWVIbWIbsB5YDvoEaj/J7AnLVenuWbs37udlJXt2ae+WVKCu - /pUeXdp/AGIlUuB84CjX9U0xt98RjPJdv9Ito+giSM3jeyHld2ExASALyVU4aSjIaUgJ1CQ2ylTO1 - 5lVf+ma0RYRBbERqYiUAoe7snYA/4ir/QJwpOv7e6r6UbeNpJMhUxtHIGWLQL/UwSYGorJXrIMqom - DEuZIeCh7W4O+q2hZj+3lDRCzgCFfWy901ls6G1CR2Q2QB4CNQXYpav0F4m6S1hl7Nn7CjdD8sHQo - MQzgOlfHEz1V1DML7KA+1X1vW+q7tX95FNd2/sLlL+w9AnA/mSN/1zkAQB2BYuhR2hjF1DkSvA9nd - lbMNtSdqw/inAkp/hOu/kKlNu6NMxtbvIp090OzQmZXPA2d3Y/9PAE90V/9BiJNIj/Bd7wx7v51x4 - ogdMm1xKchkb6ZM0lmBBJoBnVm5AZgNzJZpi7tWUFNETlgxtrUzEoRfaLQzjCl+fNz6FWA3V85Kra - +c35Gm9NoxO+IZVBFxIZaVVEQE+Iorqw34exxtB/S1K3A6MBHYH+gHrAT+Btyhqm4Vi3viWKuqGyK - 0LxgJ9Vin/cHAXkAfYDVGhfMWcLeqfpDHuA8GjnVlPaqqW5zfBgPnACc5/fUGlgPLgL+o6otZG7d0 - sEeKK7wQdVwdhdTM7YX0Gwt6AjDESYOBJLAZ5Z9YPI3NH7WhKvK+Turm7YNaJ7dn2JLQ2VX/yllva - tNwbJ2Esi/Cvs54tgMbnfQ+ymLa7Cf11vFbQ9u5fMEBJJNfbc9oLntMfzX2w8jjv2L+YJIlE0DHor - I36B4IzSjrgRdB59FQ/UQ+qi6Jw5hBRA4E/unK+ruqjii4YW8f5cBlwFVA35BiNsZY4TqH2D7CEDH - AY6r6jSztHwVMASqBgRGGtB24E7g+isRYRBqc8YNRjPQFSoB64HuEczVtwM+BmzXkYUld47dQeTid - oY9pfXXovRYCmZo4FVsuAk4G7RWhyjZE5tCnfJpeOyanIFHqms5AdW46R0/RWdWLQssbffA04FSIt - KNuQ/m1NlRNCe4/8QOU36Qz5Citr3wp57gvS+yJxfUYNWRJjuIvIHqx1lf/LcJ4Y2N3/axurPtREd - kNWARMJ5xAwdzPtSIyh/Qqm0IuVvdHwGSiEShALwxR/y5iefd/9A4wCLNa/oDsz6EU+CW4Xhw/2nj - dc63WkXLp/M5RwttMAp0QkUABKlC9mq3NTXHvd2VK40FYPInhqqKKvEqxdP9Yx1HXNAqLVzDPMheB - AhyDytNSm/h2lPY7i0hj2/uJSAXwFHCCK3sVZnU5DsOKfhW4HEixMZc6KZ8xpdj1HcAjwHWYWXGs8 - 9t44MeA34LqVBHx9+W/B8ErWNsMLMSwhy3AA8A3gOEYi61LgHd9zXxPRPzCOYN1n7wDNKczdC/KrN - kybVqcMgc/kiDzEK5H9Qco47CtI7CYiPk//KvfyWxtboirc5na1JsSeRTvpP03p++vYcnhiH0YalW - Z8el0UP9/Wvg4ahMjUV0MfNmV/QFwE+h3sORYRCpBpgLPusr0BB6U2qbjc/YRE7u7ADjFlXWSqj5d - cMOm7YeASa6su4Apqro9oOxQYAGwX0BTQ1R1TUgfFvAn4I/AH1X14xxjOhf4X9Kz9zJVDSYgU34Y8 - HbAT28CZ6vqqwF1+gIPAdWu7ISqVvvLAkht4l7gPF/26yi/wGpt0vqJm0JvKA9IXdMNqLZQat+tN4 - 8P/D/by9YkTkF4ADd3YpccqrNPCTVyicruOja+89LFdLY2VNdkHY8gXJY4AfRAbagOtN/Oh92VHy+ - uoGfzS8CB6XFwC232NUH7Xpk2zeKTY+tQbgTKnOxVtNoH6a3jm/3lU4hLBeNeSRUj8CgYInIJXgK9 - XVUvCiuvqitE5HJgru+nDWEE6tSzga9HHZeq3iciJwI/dLIOFZFyVW0JqeLnNMAIn05Q1UChhKpuF - ZELnXKpB1opIj1UNfOBlrdNoaW0EtjDlXsYwv1omUpt03LQZ1B9CewXtGFChwR7Wl/588hlG6oWSl - 3TZFQbSXFtVtuFZHI5+cPWo10M7g4+HXhFzvEoClVLgCUF9w/Qs+UnuAlUuENnBe91AfTaa21ghtQ - m+gI/c7L3oUzOAe4Jq1cwOyQi++AV/69Q1VDpWR7t9gducGUtw7CBWaGqfyCTVewM1YtbB1mO+2Fl - wr/K7gBODSPQFFR1JfCwK0vwOguky/7y1I8QPRMj6fZDQA8HLkTkf5CS16Q2sVpqE7dJTeIUueCls - oA6sUDrKxcg6rIFlrGxNGxxmOtqpd45qjWWdiPC7PnV9T7qu4jURaq8rfUXwPuu1r6frXgcexb/Cx - gXQdTgFfxMUdVkxLp+dqoziPRT37Wdpax/Ja1X1Xci9uN3kwokUgCtr36Gba2HITITIxXOhiHAxQg - LqNj4ptTMPynieDoAcQsSD5YfL64ILRoVipszGio1j3etzXG5jMGzD5V7dGal/50IhOMm6J58R8sF - j+8SVj4Odjd2ya4jLPqJK2upqkaynnGw0nedN5GKyECMYKcfRjjhn9BO911n05m6/6PtGLVLVKzyX - e+ZrbDzAlwuFy+6mZ7JamAiqlVA//Basj8iT0pt021sG1CX76okV/y5D21lw7CkH0mrD5ZPwmnTz8 - WaWvRo3gMj4e44lOWuNsuQ8vlSm/iJzqp6sqB2I/dvneRxMVI7XxnMG67vZexSOhL4a1DBnZJIMUK - oPq7rO/Ks7xfH5yRSEemJkbCegzE62CN7DQ8+UNVAhb2IDMFr9D43l2DKB/8+N5IXj6OAvx+4XybN - LWFIxQhUjkRkNMgEUP/KI6CX0nvjRuDGXO07xgPfB06DHvsCgg2IZrrH+Z+GpVkmjKjY+iD0vQoYZ - q71cOAJqU28BZoAFtJctjQfQ4T8oL733jpEahuDBJbBEOsA3EJbsUI9l+Ig0s5gdye4vtvAY3nWH+ - D6vsVnhZQBETkLs7oNzrOfFDKksy74J7FH82z7y77rvL1C9PdnJjGT5yvAb42Uc8EoSF6ByBmewiJ - Xy2ULHw6TwMoFL5VRsakBuIgOb5esqDrWUGjDmdulrvF8VP6EVyZyIMiBwCX0aFOpTbwM8hjC41GM - EvKAd6IRbo+uqgX8WhUJn7gKIlIR+TJGKZ/CWlXdWEibDsa5vi/Pc+UB4zaXQuikISIlwK+A/w74+ - U1gDWmzsi2k14i+pK2HsvZBJpE+G1gqHIf4rtflWT8DRso57kXgTKlr+iaqD5MmuB5YbT8DzvXXE0 - Go2fR74Ju+n1qAFzATyEeIfITarvAsMhyIpLjP6z7qq5+RKYsOpTQ5B9UzyHyfBRgFOgrlOqlNLME - uuSCbCigyhH6xxrDQcCOIQlfS2I0YHMX/EFfW62FlQ+rvijEKiDKmGXgJ9H0M0T6sqiuy9DGB6ETq - 5jTWq2q+K+F/uL6/l02V1BFofeWjUtN4CyKu+7GCTTprGieDuAl0HaJ1lJbO0+mnhE6kUtv0PdDYi - RRA54xdD5wjly2+EGmegDAR+BqZHAjAf2All0lt47k6q9qvpsuzY9yOCDuAKwtqz7KfD/upUCLtDP - e0AXhNq/JVwvttOAMJSES+gjHrS+FN4BRVXRuhj7N811FX0rzuxVFvuVUNiXzqR4Zl3Y+qi0j1IJk - 0t8Rhk13ZcrHrn92CUqmzqqNMosNiGmkodPaYLRjLrQcApCZxGKJjUalGqCb9TpSD3Ck1jz+rDROj - POswuJ9lT0qSD+qMCZEdLvJBoSqYzjAH9NvORrGFdMOvcwobk99m9ptRCNQRMLlXky2qweZmIrI7x - mwxhXzdwL6Ld8LpnNhD9sdv+HLKGdTfI1iSyxbvinCMK2ueNlRF5HI0mw65U6ANVa/rrOpbtaFqAp - aMQDwGNv2xyoO2OHlAVnouk6VHBZcrHHETaRwrqX+1CdUL+iEio4ExrqxtBJvjgXffu1ZV/xlSzo+ - z8dqLZrtn//8zJLBUABw11AWurDeAeSHFC8RumWqdHp95pcgl2wfhnjA02oTs2A8HWVx1GXRm5XLs - Ui+7rTo8pHg0CF5Vj+pxBbWXBR0mUmfv5xY5f6iqqwsdkCN4+sSVdXDE8VjAbXhXnmWOyZ+/rN9yJ - xKBish+wBxfdj5Co90d4ouCn+PViU4Lupd40Has51L4UG/+xifeIuJlfa2IoS63jj6PYFvqLoU2jH - 0Xr9Bt74IabCtZiFs9JlwiUxYW1mYICllJOzNcipt9HCoip0WoU4+JsetGIAE5fplu6xC/BDUDIlI - G/B9eK6jQPhwErSA/DMjz91UF1LqyniPTHjldvq5plNQmrpCpTb1ztZ1R9+JFAzAeP2moZEZ1MJ42 - LnZdj80o42+7Zm4vVG7IVa4r4Fj0pLdSogUFJXAEVve6svpgJfPV50dCIUTameFSFvqup4tIoHGBi - JSIyC/xSlujjMk9qewpIqF7FBEZgbEGGZ1nH0GeMVc6AqGwvk4Dfk96L74RODPM4RsA1b7AdGxdKT - WJm6SuKRr3UTf/UHq2PYZwgK+9uzK6MEKktOpC5etSkwidPM2q0vdJpMO656yQ2sR8qWmcKpfOj+b - /W1F2DWlHBbCl8KDtkrwJo5pzrhkvNY1zpbYp0rZGrlgwyHleP81WrhDprv8FnCQiHbH//K2q+h2a - p2OcsFNWRwcDL4tIDbBEVdc6juCVmBUntWl/FnD752UjoCaMr2gKtzouZb/BhEgZiJmITgYuxjzgz - RgzvdS9b8N4qWTA2Q64nYuXYvxeBwKvOt46izBcwy7AMU4/33LVaQPOykPt8iWEq1C9SmoSr2HJM6 - g+j9qrsNiIWmUgQ1B7b5CJiOWWeqZwjzZUBXuJqNyC6D3pm2Su1DbdjiTvpIUVlG6zkIqRYB1LKVe - j7UYli/D+1zFAD0SkmjK5UeoSj2LTSIm+R2vpu/Rfav6vT4/enbbSo0EvRBjvqvw+dukjBY+gfsIq - qWs8G5W/kJpURc4AHS+1Tbei+jy2vkn/nitY10fosWFXyqzhiIxG9VTgeAQL1RnZ+vEQqWOvegLGv - vStMKmlA/9Kuq+T8kWGHauqbhKRGXi9YPbEsJuISAvG88SNOgxRpIg0V3Du2cB/AiOd6zIMwddijB - b8L++HGGGTm8V5Ncs+0T+J3QJswNj89sOEXgGzr/HfCxh2/CxV7ZgtqjACE8LmIsRymeopSJhljMx - l24AfhTWpDZX3Sm2TE5kBgDLQS1HrUsqwoa+SellT/anehcViNCbvl0yUo0xCmIQtUJKErce2YrjE - EiSDAdmKJk/VOVWxxPPV+uqE1DSdjujvSG+FeoNeiQAlAlubbSqarXbGNU8fbgtARHqLyCPAvzDhQ - P4AvCUijztqBA9EZBfgoA7elx+BplqqeiPGEybIR9P9Uq8CxqnqLPCoCF7LFpxbVVsxktqgvYn/Lf - 4zMAKjS3VbM2UzMwvaDpwH+Pd7QQT6HHC8qkZTudg9XkGYgtGjdiTa3zqE83RW5aScxvXS8l8g9wX - 8YogijVbgp8yuLlDVETqQ5ZigZ0EoI1B1p02oNbajvrRh0IbKxyixjsaYfAZRYNi2cgfwOGpnldoL - htX6K8Yf0h+DphXjrTBaVdulfQ7hhjpf54E2hxjDBygyCmMVdATGkqgEM5ksAx7ERN37zCl7Jeko+ - q+qak6WxjkeYwpG93kIxg70Y4z10ULgD6q61Ck7EBNCJYV5qhoYmU9E7ses1Djt9VdVdUwRv40JPj - YSYxmjGJO6pzACokey7kGz3U/N3F5In5NBxmE4i72ctDvmZUma8eg/EOtVsP/M6k8WZhgu5Oqnrul - E4EJUDzG2stoLY+CwGotHsaz7dMa4tyFljG+nbYTFvlvrJ/i9e5x25x+KStrR37Lu1ZmVgbbXcun8 - vpSVnIjaX0OsIxHdA2UPzIrWAroGldWgbyF6h84an1O4aQKbuQLW2XJnlGiF7fWnNo7A5lsgJ5N+n - 0qAbQhrsXUtYr2H0Mj28kb99ZhtOdvE7INmYAJrBWEHMFNVr4k60M6CQ1B256kiIDTyQf7tvEFaav - yUqo4JKVcOJPPwlS3i3wwWhqXM5pXQEzPrdztUta0zCdTpIw4C7Y13OxAqwFLVliKBFpENFoYNyoW - sjsZFZGAk3n3IFzNyfhFdglLgM0zE9GwoHj2QH3bGIzd2OjgCyF19qRyzDcuWyPF7M0Zdthkjld/c - AXfHnQalmNCUF0OomVcr3ngsReSGm0g/I6LZ4ecRjiBsTyfthpfg+ue4DpJsd9Y42zBRLT7ERby+7 - +7PlZ11lq2IHK+qkf2KBWPDuAwjEQsSFbcBh6lqoNK+iEyIyDLS+tfntBONrzsTItKHtHQ4LO1BPA - HtbNLBzW2MxDv1qXnm9cS4PBYa8GwdJhCcO72hqpECjoVBROYDL6jqtVHKl6rqahEZgwkqXYERIgl - mBS3DrLZn4TUsKCIEItKDiJEhuhOOLfK+GF/P/cgkvsF440xFwaeY1WqLk/L5vrWjaqcwOJLzAXmm - lMoETNSRQRjLthRURFbiJdzXgTfzEDquBa5xgrl/P1e9UgBVfc052etsDKvWF3gSE5j668D1IlK2M - 6hhPgfYB28kuMXdNI7US7o/hhDd6QDMOKP66rZgVpW1Tlrj+p5K6+KQjMcJJ1j5v5wUCY6HVMqkc7 - iTDnM+h2AWsP2c5A6onhSRt0kT7mvA0yGxlVMGI5OBvUXk9GwxmLMeM+HoJe8jHYlgDnC5Y61TxE4 - Axwl9KJmEOAyzlcnFim7H2CqvIZj41gCb4l7lPo8QkX6kCTb1OZxwDUnqNIdFTlqiqp+KyHN4nTXe - ASaoaqDvc86zYBzBwN3Ad5ysl4FzVbXwYE5FRIIjBQ0iwmEYtjRXmLptwArMy+BPa4sEWBgcSzQ/4 - Y4kc0/cCjyPCRnrd27ZDJwedIZSpAObHIfqaZhgSyUYlcwVwG3FBxwPHCHNUAwr6ifEQVmqprCFTA - JcAbyTz2HHRcQDZ89/DCYo2ljMCYC5pNktmD2qxzY6r1PVROQ4jMomFVjqVUwg5YeLxJobjs3zUMx - +Z6grDSM4up0fmwheDd/Jda5MEd0LEemFIdgHyH7GLpiDsNvlP3kffeiYvNVj4u+k2Kw3gJuAh/6d - Tdyc2XMf0kToJsb9iaYS+IBwQvzcKuSLABG5GXOObhQswUSvbOnw+aQiMhwTh+cM0sKJDzBeHA8Bz - 34RV1fn3FA34bm/701uiWkS42GzwpXa2dNCdXBF7HxwJMYNeEPIRsES4PSCDxEWkUOAqzESYPcL+j - 7mUN6nMQcuxeJk29lw/tC9yCTA1PcB4bXb8Rkm4sKKgLSqKB3/94KIHIQ5OiWXuaNguK2DMeF9BHg - nlpO+nYEMwuhVz8JIr/xYgQkh8iJGrL/OSR90xUvrSKkHYMKX7O58ulOKTd2PTL/aIGwgTXgegiwK - aoqIE7ERqadRkX0xxDoOow/KthdTTLCtda601vnchJlNSlypNMd1HzIJcCDGkiSPE3VoA1bjXQXbi - VFVczrrFlFEHOgUIvV0YFawwzGxh453vg/CrGr5EE2cSGImgA2kD2Ty7xNXZwu/UkQRXYVOJ9LQjo - 3JWsp7YlBA2hNzrqeNISr/Z1CejbEf3UiaAN2EmPq++Yso1Crii4n/B0b5UBwNl0uxAAAAAElFTkS - uQmCC -mail: admin@ls.com - -dn: cn=test34,ou=groups,o=ls -objectClass: lsgroup -objectClass: posixGroup -cn: test34 -gidNumber: 800001 -uniqueMember: uid=eeggs,ou=people,o=ls -description: test -lsGodfatherDn: uid=eeggs,ou=people,o=ls -structuralObjectClass: posixGroup - -dn: ou=ppolicies,o=ls -objectclass: organizationalUnit -ou: ppolicies - -dn: cn=default,ou=ppolicies,o=ls -cn: default -objectclass: top -objectclass: device -objectclass: pwdPolicy -objectclass: pwdPolicyChecker -pwdAttribute: userPassword -pwdMinAge: 0 -pwdMaxAge: 0 -pwdInHistory: 3 -pwdCheckQuality: 1 -pwdMinLength: 8 -pwdExpireWarning: 0 -pwdGraceAuthnLimit: 0 -pwdLockout: FALSE -pwdLockoutDuration: 0 -pwdMaxFailure: 0 -pwdMaxRecordedFailure: 0 -pwdFailureCountInterval: 0 -pwdMustChange: FALSE -pwdAllowUserChange: FALSE -pwdSafeModify: FALSE - -dn: cn=sysaccounts,ou=ppolicies,o=ls -cn: sysaccounts -objectclass: top -objectclass: device -objectclass: pwdPolicy -objectclass: pwdPolicyChecker -pwdAttribute: userPassword -pwdMinAge: 0 -pwdMaxAge: 0 -pwdInHistory: 0 -pwdCheckQuality: 1 -pwdMinLength: 10 -pwdExpireWarning: 0 -pwdGraceAuthnLimit: 0 -pwdLockout: FALSE -pwdLockoutDuration: 0 -pwdMaxFailure: 0 -pwdMaxRecordedFailure: 0 -pwdFailureCountInterval: 0 -pwdMustChange: FALSE -pwdAllowUserChange: FALSE -pwdSafeModify: FALSE diff --git a/lsexample/restore_lsexample b/lsexample/restore_lsexample index 56f51057..c700d2d8 100755 --- a/lsexample/restore_lsexample +++ b/lsexample/restore_lsexample @@ -13,30 +13,59 @@ SLAPD_CONF_DIR=/etc/ldap/slapd.d SLAPD_DB_DIR=/var/lib/ldap SLAPD_USER=openldap SLAPD_GROUP=openldap +SYS_SCHEMA_DIR=/etc/ldap/schema # Deducted configuration -LDIF="$SRC_DIR/lsexample/lsexample.ldif" -SCHEMA_LDIF="$SRC_DIR/lsexample/schema/cn={10}ls.ldif" -SCHEMA_DEST="$SLAPD_CONF_DIR/cn=config/cn=schema/" +SLAPD_CONF_LDIF="$SRC_DIR/lsexample/slapd-config.ldif" +LS_SCHEMA_LDIF="$SRC_DIR/lsexample/schema/ls.ldif" +SAMBA_SCHEMA_LDIF="$SRC_DIR/lsexample/schema/samba.ldif" +SLAPD_DB_LDIF="$SRC_DIR/lsexample/db.ldif" # # Start restoration # # Stop slapd -/usr/sbin/service slapd stop > /dev/null +/usr/sbin/service slapd stop # Purge old DB data -rm -fr $SLAPD_DB_DIR/* +rm -fr $SLAPD_DB_DIR $SLAPD_CONF_DIR +mkdir -p $SLAPD_DB_DIR $SLAPD_CONF_DIR -# Restore schema file -cp -f "$SCHEMA_LDIF" "$SCHEMA_DEST" +# Install slapd.d configuration +slapadd -n0 -F $SLAPD_CONF_DIR -l $SLAPD_CONF_LDIF -# Restore DB data from LDIF file -/usr/sbin/slapadd -l $LDIF -q +# Install schemas +slapadd -n0 -F/etc/ldap/slapd.d -l$SYS_SCHEMA_DIR/core.ldif +slapadd -n0 -F/etc/ldap/slapd.d -l$SYS_SCHEMA_DIR/cosine.ldif +slapadd -n0 -F/etc/ldap/slapd.d -l$SYS_SCHEMA_DIR/nis.ldif +slapadd -n0 -F/etc/ldap/slapd.d -l$SYS_SCHEMA_DIR/inetorgperson.ldif +slapadd -n0 -F/etc/ldap/slapd.d -l$SYS_SCHEMA_DIR/ppolicy.ldif +slapadd -n0 -F/etc/ldap/slapd.d -l$SYS_SCHEMA_DIR/dyngroup.ldif +slapadd -n0 -F/etc/ldap/slapd.d -l$SAMBA_SCHEMA_LDIF +slapadd -n0 -F/etc/ldap/slapd.d -l$LS_SCHEMA_LDIF # Fix rights on restored data -chown $SLAPD_USER:$SLAPD_GROUP -R $SLAPD_DB_DIR $SCHEMA_DEST +chown $SLAPD_USER:$SLAPD_GROUP -R $SLAPD_DB_DIR $SLAPD_CONF_DIR # Start slapd -/usr/sbin/service slapd start > /dev/null +/usr/sbin/service slapd start + +cat << EOF > /etc/ldapvi.conf +profile default +unpaged-help: yes +ldap-conf: yes + +profile config +host: ldapi:// +sasl-mech: EXTERNAL +base: cn=config + +profile ls +host: ldapi:// +sasl-mech: EXTERNAL +base: o=ls +EOF + +# Add database +ldapvi -p config --verbose --ldapmodify --ldapvi --add $SLAPD_DB_LDIF diff --git a/lsexample/schema/cn={10}ls.ldif b/lsexample/schema/cn={10}ls.ldif deleted file mode 100644 index 0054e1f6..00000000 --- a/lsexample/schema/cn={10}ls.ldif +++ /dev/null @@ -1,40 +0,0 @@ -# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. -# CRC32 7e667c54 -dn: cn={10}ls -objectClass: olcSchemaConfig -objectClass: top -cn: {10}ls -olcObjectIdentifier: {0}EeRoot 1.3.6.1.4.1.10650 -olcObjectIdentifier: {1}LeRoot EeRoot:4 -olcObjectIdentifier: {2}LsRoot LeRoot:10000 -olcObjectIdentifier: {3}LsLDAP LsRoot:2 -olcObjectIdentifier: {4}LsLDAPAttribute LsLDAP:1 -olcObjectIdentifier: {5}LsLDAPObjectClass LsLDAP:2 -olcAttributeTypes: {0}( LsLDAPAttribute:1 NAME 'lsAllowedServices' DESC 'Lis - tof allowed services' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsM - atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) -olcAttributeTypes: {1}( LsLDAPAttribute:2 NAME 'lsRecoveryHash' DESC 'Passwo - rdRecover Hash' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. - 15) -olcAttributeTypes: {2}( LsLDAPAttribute:3 NAME 'lsGodfatherDn' DESC 'Godfath - erdn of this entry' SUP distinguishedName ) -structuralObjectClass: olcSchemaConfig -entryUUID: 6408206a-b8c2-1038-8c14-9d79696c60b6 -creatorsName: cn=admin,cn=config -createTimestamp: 20190130100601Z -olcObjectClasses: {0}( LsLDAPObjectClass:1 NAME 'lspeople' DESC 'LS people O - bjectclass' STRUCTURAL MUST ( uid $ cn ) MAY ( jpegPhoto $ sn $ givenName $ - postalAddress $ postalCode $ l $ st $ c $ telephoneNumber $ mobile $ fax $ - mail$ personalTitle $ description $ userPassword $ lsallowedservices $ lsR - ecoveryHash $ lsGodfatherDn ) ) -olcObjectClasses: {1}( LsLDAPObjectClass:3 NAME 'lsgroup' DESC 'LS group Obj - ectclass' AUXILIARY MUST cn MAY ( uniquemember $ description $ lsGodfatherD - n )) -olcObjectClasses: {2}( LsLDAPObjectClass:4 NAME 'lssysaccount' DESC 'LS syst - emaccount Objectclass' STRUCTURAL MUST uid MAY ( userpassword $ description - )) -olcObjectClasses: {3}( LsLDAPObjectClass:5 NAME 'lscompany' SUP organization - alUnit STRUCTURAL MUST ou MAY ( description $ lsGodfatherDn ) ) -entryCSN: 20190130103114.350601Z#000000#000#000000 -modifiersName: cn=admin,cn=config -modifyTimestamp: 20190130103114Z diff --git a/lsexample/schema/ls.ldif b/lsexample/schema/ls.ldif new file mode 100644 index 00000000..76b749cc --- /dev/null +++ b/lsexample/schema/ls.ldif @@ -0,0 +1,43 @@ +dn: cn=ls,cn=schema,cn=config +cn: ls +objectclass: olcSchemaConfig +objectclass: top +olcattributetypes: {0}( LsLDAPAttribute:1 NAME 'lsAllowedServices' DESC 'Lis + tof allowed services' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsM + atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) +olcattributetypes: {1}( LsLDAPAttribute:2 NAME 'lsRecoveryHash' DESC 'Passwo + rdRecover Hash' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 15) +olcattributetypes: {2}( LsLDAPAttribute:3 NAME 'lsGodfatherDn' DESC 'Godfath + erdn of this entry' SUP distinguishedName ) +olcattributetypes: {3}( LsLDAPAttribute:4 NAME 'lsDynGroupMemberDnURI' DESC + 'Dynamic group members DN URI' SUP labeledURI ) +olcattributetypes: {4}( LsLDAPAttribute:5 NAME 'lsDynGroupMemberUidURI' DESC + 'Dynamic group members UID URI' SUP labeledURI ) +olcattributetypes: {5}( LsLDAPAttribute:6 NAME 'lsDynGroupMemberDn' DESC 'Dy + namic group members DN' SUP uniqueMember ) +olcattributetypes: {6}( LsLDAPAttribute:7 NAME 'lsDynGroupMemberUid' DESC 'D + ynamic group members UID' SUP memberUid ) +olcobjectclasses: {0}( LsLDAPObjectClass:1 NAME 'lspeople' DESC 'LS people O + bjectclass' STRUCTURAL MUST ( uid $ cn ) MAY ( jpegPhoto $ sn $ givenName $ + postalAddress $ postalCode $ l $ st $ c $ telephoneNumber $ mobile $ fax $ + mail$ personalTitle $ description $ userPassword $ lsallowedservices $ lsR + ecoveryHash $ lsGodfatherDn ) ) +olcobjectclasses: {1}( LsLDAPObjectClass:3 NAME 'lsgroup' DESC 'LS group Obj + ectclass' AUXILIARY MUST cn MAY ( uniquemember $ description $ lsGodfatherD + n )) +olcobjectclasses: {2}( LsLDAPObjectClass:4 NAME 'lssysaccount' DESC 'LS syst + emaccount Objectclass' STRUCTURAL MUST uid MAY ( userpassword $ description + )) +olcobjectclasses: {3}( LsLDAPObjectClass:5 NAME 'lscompany' SUP organization + alUnit STRUCTURAL MUST ou MAY ( description $ lsGodfatherDn ) ) +olcobjectclasses: {4}( LsLDAPObjectClass:6 NAME 'lsdyngroup' DESC 'Dynamic g + roups objectclass' SUP top AUXILIARY MUST cn MAY ( description $ uniqueMemb + er $ memberUid $ lsGodfatherDn $ lsDynGroupMemberDnURI $ lsDynGroupMemberDn + $ lsDynGroupMemberUidURI $ lsDynGroupMemberUid $ dgIdentity $ dgAuthz )) +olcobjectidentifier: {0}EeRoot 1.3.6.1.4.1.10650 +olcobjectidentifier: {1}LeRoot EeRoot:4 +olcobjectidentifier: {2}LsRoot LeRoot:10000 +olcobjectidentifier: {3}LsLDAP LsRoot:2 +olcobjectidentifier: {4}LsLDAPAttribute LsLDAP:1 +olcobjectidentifier: {5}LsLDAPObjectClass LsLDAP:2 diff --git a/lsexample/schema/lsexample.schema b/lsexample/schema/lsexample.schema deleted file mode 100644 index cb07f0eb..00000000 --- a/lsexample/schema/lsexample.schema +++ /dev/null @@ -1,59 +0,0 @@ -# LdapSaisie - LDAP Schema - Example -# Web Site : https://ldapsaisie.org -objectIdentifier EeRoot 1.3.6.1.4.1.10650 -objectIdentifier LeRoot EeRoot:4 -objectIdentifier LsRoot LeRoot:10000 -objectIdentifier LsLDAP LsRoot:2 -objectIdentifier LsLDAPAttribute LsLDAP:1 -objectIdentifier LsLDAPObjectClass LsLDAP:2 - -# -attributetype (LsLDAPAttribute:1 - NAME 'lsAllowedServices' - DESC 'List of allowed services' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) - -attributetype ( LsLDAPAttribute:2 NAME 'lsRecoveryHash' - DESC 'Password Recover Hash' - EQUALITY caseIgnoreMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) - -attributetype ( LsLDAPAttribute:3 NAME 'lsGodfatherDn' - SUP distinguishedName - DESC 'Godfather dn of this entry' ) -# - -# -objectclass (LsLDAPObjectClass:1 - NAME 'lspeople' - DESC 'LS people Objectclass' - STRUCTURAL - MUST ( uid $ cn ) - MAY ( jpegPhoto $ sn $ givenName $ postalAddress $ postalCode $ l $ st $ c $ - telephoneNumber $ mobile $ fax $ mail $ personalTitle $ description $ - userPassword $ lsallowedservices $ lsRecoveryHash $ lsGodfatherDn )) - -objectclass (LsLDAPObjectClass:3 - NAME 'lsgroup' - DESC 'LS group Objectclass' - AUXILIARY - MUST ( cn ) - MAY ( uniquemember $ description $ lsGodfatherDn )) - -objectclass (LsLDAPObjectClass:4 - NAME 'lssysaccount' - DESC 'LS system account Objectclass' - STRUCTURAL - MUST ( uid ) - MAY (userpassword $ description)) - -objectclass ( LsLDAPObjectClass:5 - NAME 'lscompany' - SUP organizationalUnit - STRUCTURAL - MUST ( ou ) - MAY ( description $ lsGodfatherDn )) - -# diff --git a/lsexample/schema/samba.ldif b/lsexample/schema/samba.ldif new file mode 100644 index 00000000..b52a8bd9 --- /dev/null +++ b/lsexample/schema/samba.ldif @@ -0,0 +1,176 @@ +dn: cn=samba,cn=schema,cn=config +cn: samba +objectclass: olcSchemaConfig +olcattributetypes: {0}( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword' DESC + 'LanManager Password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.26{32} SINGLE-VALUE ) +olcattributetypes: {1}( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword' DESC + 'MD4 hash of the unicode password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6 + .1.4.1.1466.115.121.1.26{32} SINGLE-VALUE ) +olcattributetypes: {2}( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags' DESC ' + Account Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.26{16} SINGLE-VALUE ) +olcattributetypes: {3}( 1.3.6.1.4.1.7165.2.1.27 NAME 'sambaPwdLastSet' DESC + 'Timestamp of the last password update' EQUALITY integerMatch SYNTAX 1.3.6. + 1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcattributetypes: {4}( 1.3.6.1.4.1.7165.2.1.28 NAME 'sambaPwdCanChange' DES + C 'Timestamp of when the user is allowed to update the password' EQUALITY i + ntegerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcattributetypes: {5}( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange' DE + SC 'Timestamp of when the password will expire' EQUALITY integerMatch SYNTA + X 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcattributetypes: {6}( 1.3.6.1.4.1.7165.2.1.30 NAME 'sambaLogonTime' DESC ' + Timestamp of last logon' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.27 SINGLE-VALUE ) +olcattributetypes: {7}( 1.3.6.1.4.1.7165.2.1.31 NAME 'sambaLogoffTime' DESC + 'Timestamp of last logoff' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.11 + 5.121.1.27 SINGLE-VALUE ) +olcattributetypes: {8}( 1.3.6.1.4.1.7165.2.1.32 NAME 'sambaKickoffTime' DESC + 'Timestamp of when the user will be logged off automatically' EQUALITY int + egerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcattributetypes: {9}( 1.3.6.1.4.1.7165.2.1.48 NAME 'sambaBadPasswordCount' + DESC 'Bad password attempt count' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.27 SINGLE-VALUE ) +olcattributetypes: {10}( 1.3.6.1.4.1.7165.2.1.49 NAME 'sambaBadPasswordTime' + DESC 'Time of the last bad password attempt' EQUALITY integerMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcattributetypes: {11}( 1.3.6.1.4.1.7165.2.1.55 NAME 'sambaLogonHours' DESC + 'Logon Hours' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.26{42} SINGLE-VALUE ) +olcattributetypes: {12}( 1.3.6.1.4.1.7165.2.1.33 NAME 'sambaHomeDrive' DESC + 'Driver letter of home directory mapping' EQUALITY caseIgnoreIA5Match SYNTA + X 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE ) +olcattributetypes: {13}( 1.3.6.1.4.1.7165.2.1.34 NAME 'sambaLogonScript' DES + C 'Logon script path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115. + 121.1.15{255} SINGLE-VALUE ) +olcattributetypes: {14}( 1.3.6.1.4.1.7165.2.1.35 NAME 'sambaProfilePath' DES + C 'Roaming profile path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.15{255} SINGLE-VALUE ) +olcattributetypes: {15}( 1.3.6.1.4.1.7165.2.1.36 NAME 'sambaUserWorkstations + ' DESC 'List of user workstations the user is allowed to logon to' EQUALITY + caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE ) +olcattributetypes: {16}( 1.3.6.1.4.1.7165.2.1.37 NAME 'sambaHomePath' DESC ' + Home directory UNC path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.15{128} ) +olcattributetypes: {17}( 1.3.6.1.4.1.7165.2.1.38 NAME 'sambaDomainName' DESC + 'Windows NT domain to which the user belongs' EQUALITY caseIgnoreMatch SYN + TAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) +olcattributetypes: {18}( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial' DESC + 'Base64 encoded user parameter string' EQUALITY caseExactMatch SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.15{1050} ) +olcattributetypes: {19}( 1.3.6.1.4.1.7165.2.1.54 NAME 'sambaPasswordHistory' + DESC 'Concatenated MD4 hashes of the unicode passwords used on this accoun + t' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} ) +olcattributetypes: {20}( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID' DESC 'Secur + ity ID' EQUALITY caseIgnoreIA5Match SUBSTR caseExactIA5SubstringsMatch SYNT + AX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE ) +olcattributetypes: {21}( 1.3.6.1.4.1.7165.2.1.23 NAME 'sambaPrimaryGroupSID' + DESC 'Primary Group Security ID' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6. + 1.4.1.1466.115.121.1.26{64} SINGLE-VALUE ) +olcattributetypes: {22}( 1.3.6.1.4.1.7165.2.1.51 NAME 'sambaSIDList' DESC 'S + ecurity ID List' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.26{64} ) +olcattributetypes: {23}( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType' DESC + 'NT Group Type' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) +olcattributetypes: {24}( 1.3.6.1.4.1.7165.2.1.21 NAME 'sambaNextUserRid' DES + C 'Next NT rid to give our for users' EQUALITY integerMatch SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcattributetypes: {25}( 1.3.6.1.4.1.7165.2.1.22 NAME 'sambaNextGroupRid' DE + SC 'Next NT rid to give out for groups' EQUALITY integerMatch SYNTAX 1.3.6. + 1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcattributetypes: {26}( 1.3.6.1.4.1.7165.2.1.39 NAME 'sambaNextRid' DESC 'N + ext NT rid to give out for anything' EQUALITY integerMatch SYNTAX 1.3.6.1.4 + .1.1466.115.121.1.27 SINGLE-VALUE ) +olcattributetypes: {27}( 1.3.6.1.4.1.7165.2.1.40 NAME 'sambaAlgorithmicRidBa + se' DESC 'Base at which the samba RID generation algorithm should operate' + EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcattributetypes: {28}( 1.3.6.1.4.1.7165.2.1.41 NAME 'sambaShareName' DESC + 'Share Name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) +olcattributetypes: {29}( 1.3.6.1.4.1.7165.2.1.42 NAME 'sambaOptionName' DESC + 'Option Name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SY + NTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) +olcattributetypes: {30}( 1.3.6.1.4.1.7165.2.1.43 NAME 'sambaBoolOption' DESC + 'A boolean option' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 + .7 SINGLE-VALUE ) +olcattributetypes: {31}( 1.3.6.1.4.1.7165.2.1.44 NAME 'sambaIntegerOption' D + ESC 'An integer option' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.27 SINGLE-VALUE ) +olcattributetypes: {32}( 1.3.6.1.4.1.7165.2.1.45 NAME 'sambaStringOption' DE + SC 'A string option' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.26 SINGLE-VALUE ) +olcattributetypes: {33}( 1.3.6.1.4.1.7165.2.1.46 NAME 'sambaStringListOption + ' DESC 'A string list option' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1 + 466.115.121.1.15 ) +olcattributetypes: {34}( 1.3.6.1.4.1.7165.2.1.53 NAME 'sambaTrustFlags' DESC + 'Trust Password Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.26 ) +olcattributetypes: {35}( 1.3.6.1.4.1.7165.2.1.58 NAME 'sambaMinPwdLength' DE + SC 'Minimal password length (default: 5)' EQUALITY integerMatch SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcattributetypes: {36}( 1.3.6.1.4.1.7165.2.1.59 NAME 'sambaPwdHistoryLength + ' DESC 'Length of Password History Entries (default: 0 => off)' EQUALITY in + tegerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcattributetypes: {37}( 1.3.6.1.4.1.7165.2.1.60 NAME 'sambaLogonToChgPwd' D + ESC 'Force Users to logon for password change (default: 0 => off, 2 => on)' + EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcattributetypes: {38}( 1.3.6.1.4.1.7165.2.1.61 NAME 'sambaMaxPwdAge' DESC + 'Maximum password age, in seconds (default: -1 => never expire passwords)' + EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcattributetypes: {39}( 1.3.6.1.4.1.7165.2.1.62 NAME 'sambaMinPwdAge' DESC + 'Minimum password age, in seconds (default: 0 => allow immediate password c + hange)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-V + ALUE ) +olcattributetypes: {40}( 1.3.6.1.4.1.7165.2.1.63 NAME 'sambaLockoutDuration' + DESC 'Lockout duration in minutes (default: 30, -1 => forever)' EQUALITY i + ntegerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcattributetypes: {41}( 1.3.6.1.4.1.7165.2.1.64 NAME 'sambaLockoutObservati + onWindow' DESC 'Reset time after lockout in minutes (default: 30)' EQUALITY + integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcattributetypes: {42}( 1.3.6.1.4.1.7165.2.1.65 NAME 'sambaLockoutThreshold + ' DESC 'Lockout users after bad logon attempts (default: 0 => off)' EQUALIT + Y integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcattributetypes: {43}( 1.3.6.1.4.1.7165.2.1.66 NAME 'sambaForceLogoff' DES + C 'Disconnect Users outside logon hours (default: -1 => off, 0 => on)' EQUA + LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcattributetypes: {44}( 1.3.6.1.4.1.7165.2.1.67 NAME 'sambaRefuseMachinePwd + Change' DESC 'Allow Machine Password changes (default: 0 => off)' EQUALITY + integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +olcobjectclasses: {0}( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' DESC 'S + amba 3.0 Auxilary SAM Account' SUP top AUXILIARY MUST ( uid $ sambaSID ) MA + Y ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $ sambaLogonTi + me $ sambaLogoffTime $ sambaKickoffTime $ sambaPwdCanChange $ sambaPwdMustC + hange $ sambaAcctFlags $ displayName $ sambaHomePath $ sambaHomeDrive $ sam + baLogonScript $ sambaProfilePath $ description $ sambaUserWorkstations $ sa + mbaPrimaryGroupSID $ sambaDomainName $ sambaMungedDial $ sambaBadPasswordCo + unt $ sambaBadPasswordTime $ sambaPasswordHistory $ sambaLogonHours ) ) +olcobjectclasses: {1}( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' DESC + 'Samba Group Mapping' SUP top AUXILIARY MUST ( gidNumber $ sambaSID $ samba + GroupType ) MAY ( displayName $ description $ sambaSIDList ) ) +olcobjectclasses: {2}( 1.3.6.1.4.1.7165.2.2.14 NAME 'sambaTrustPassword' DES + C 'Samba Trust Password' SUP top STRUCTURAL MUST ( sambaDomainName $ sambaN + TPassword $ sambaTrustFlags ) MAY ( sambaSID $ sambaPwdLastSet ) ) +olcobjectclasses: {3}( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' DESC 'Samba + Domain Information' SUP top STRUCTURAL MUST ( sambaDomainName $ sambaSID ) + MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $ sambaAlgorithm + icRidBase $ sambaMinPwdLength $ sambaPwdHistoryLength $ sambaLogonToChgPwd + $ sambaMaxPwdAge $ sambaMinPwdAge $ sambaLockoutDuration $ sambaLockoutObse + rvationWindow $ sambaLockoutThreshold $ sambaForceLogoff $ sambaRefuseMachi + nePwdChange ) ) +olcobjectclasses: {4}( 1.3.6.1.4.1.7165.2.2.7 NAME 'sambaUnixIdPool' DESC 'P + ool for allocating UNIX uids/gids' SUP top AUXILIARY MUST ( uidNumber $ gid + Number ) ) +olcobjectclasses: {5}( 1.3.6.1.4.1.7165.2.2.8 NAME 'sambaIdmapEntry' DESC 'M + apping from a SID to an ID' SUP top AUXILIARY MUST sambaSID MAY ( uidNumber + $ gidNumber ) ) +olcobjectclasses: {6}( 1.3.6.1.4.1.7165.2.2.9 NAME 'sambaSidEntry' DESC 'Str + uctural Class for a SID' SUP top STRUCTURAL MUST sambaSID ) +olcobjectclasses: {7}( 1.3.6.1.4.1.7165.2.2.10 NAME 'sambaConfig' DESC 'Samb + a Configuration Section' SUP top AUXILIARY MAY description ) +olcobjectclasses: {8}( 1.3.6.1.4.1.7165.2.2.11 NAME 'sambaShare' DESC 'Samba + Share Section' SUP top STRUCTURAL MUST sambaShareName MAY description ) +olcobjectclasses: {9}( 1.3.6.1.4.1.7165.2.2.12 NAME 'sambaConfigOption' DESC + 'Samba Configuration Option' SUP top STRUCTURAL MUST sambaOptionName MAY ( + sambaBoolOption $ sambaIntegerOption $ sambaStringOption $ sambaStringList + option $ description ) ) diff --git a/lsexample/slapd-config.ldif b/lsexample/slapd-config.ldif new file mode 100644 index 00000000..4529a405 --- /dev/null +++ b/lsexample/slapd-config.ldif @@ -0,0 +1,44 @@ +dn: cn=config +objectClass: olcGlobal +cn: config +olcArgsFile: /var/run/slapd/slapd.args +olcPidFile: /var/run/slapd/slapd.pid +olcToolThreads: 1 +olcLogLevel: stats +olcServerId: 1 +olcAttributeOptions: lang- x- + +dn: cn=module{0},cn=config +objectClass: olcModuleList +cn: module{0} +olcModulePath: /usr/lib/ldap +olcModuleLoad: {0}back_mdb +olcModuleLoad: {1}ppolicy +olcModuleLoad: {2}dynlist +olcModuleLoad: {3}pw-sha2 + +dn: cn=schema,cn=config +objectClass: olcSchemaConfig +cn: schema + +dn: olcDatabase={-1}frontend,cn=config +objectClass: olcDatabaseConfig +objectClass: olcFrontendConfig +olcDatabase: {-1}frontend +olcAccess: {0}to * + by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage + by * break +olcAccess: {1}to dn.exact="" by * read +olcAccess: {2}to dn.base="cn=Subschema" by * read +olcSizeLimit: 500 +olcLimits: {0}* size.pr=1000 size.prtotal=unlimited +olcPasswordHash: {SSHA512} + +dn: olcDatabase={0}config,cn=config +objectClass: olcDatabaseConfig +olcDatabase: {0}config +olcAccess: {0}to * + by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage + by * break +olcRootDN: cn=admin,cn=config + diff --git a/lsexample/slapd/permissions-ls.conf b/lsexample/slapd/permissions-ls.conf deleted file mode 100644 index b2cf8723..00000000 --- a/lsexample/slapd/permissions-ls.conf +++ /dev/null @@ -1,94 +0,0 @@ -## Racine -access to dn.regex="^o=ls$" attrs="entry,children,objectclass" - by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write - by dn="uid=ldapsaisie,ou=sysaccounts,o=ls" write - by users read - by * read - -## Groups -### Ajout d'entrees par les admins -access to dn.regex="^ou=groups,o=ls$" attrs="children,objectclass" - by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write - by dn="uid=ldapsaisie,ou=sysaccounts,o=ls" write - by users read - by * none - -access to dn.regex="^cn=[^,]+,ou=groups,o=ls$" attrs="entry,objectclass" - by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write - by dn="uid=ldapsaisie,ou=sysaccounts,o=ls" write - by users read - by * none - -### Les admins peuvent tout modifier, les authentifies peuvent tout voir -access to dn.regex="^cn=[^,]+,ou=groups,o=ls$" - by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write - by dn="uid=ldapsaisie,ou=sysaccounts,o=ls" write - by users read - by * none - - -## Peoples -### Ajout d'entrees par les admins -access to dn.regex="^ou=people,o=ls$" attrs="children,objectclass" - by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write - by dn="uid=ldapsaisie,ou=sysaccounts,o=ls" write - by users read - by * read - -access to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs="entry,objectclass" - by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write - by dn="uid=ldapsaisie,ou=sysaccounts,o=ls" write - by users read - by * read - - -### Les admins peuvent modifier le mot de passe, samba le mettre à jour, les autres peuvent s'en servir pour l'authentification -access to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs="userPassword" - by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write - by dn="uid=samba,ou=sysaccounts,o=ls" write - by dn="uid=ldapsaisie,ou=sysaccounts,o=ls" write - by self write - by anonymous auth - by * none - -access to dn.regex="^uid=[^,]+,ou=sysaccounts,o=ls$" attrs="userPassword" - by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write - by dn="uid=ldapsaisie,ou=sysaccounts,o=ls" write - by anonymous auth - by * none - -### Les admins peuvent modifier ces attributs, les authentifies peuvent les voir -access to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs="uid,lsallowedservices,uidNumber,gidNumber,homeDirectory,loginShell,sambaSID,sambaAcctFlags,sambaPrimaryGroupSID" - by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write - by dn="uid=ldapsaisie,ou=sysaccounts,o=ls" write - by users read - by * none - -### Les admins peuvent modifier ces attributs, le proprio aussi, samba aussi -access to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs="sambaLMPassword,sambaNTPassword" - by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write - by dn="uid=ldapsaisie,ou=sysaccounts,o=ls" write - by dn="uid=samba,ou=sysaccounts,o=ls" write - by self write - by * none - -### Les admins peuvent modifier ces attributs, le proprio aussi, les authentifies peuvent les voir -access to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs="c,cn,jpegPhoto,personalTitle,sn,givenName,postalAddress,postalCode,l,st,telephoneNumber,mobile,fax,mail,description" - by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write - by dn="uid=ldapsaisie,ou=sysaccounts,o=ls" write - by self write - by users read - by * read - -## Les authentifies peuvent voir les noeuds et les admins peuvent en ajouter -access to * attrs="entry" - by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write - by dn="uid=ldapsaisie,ou=sysaccounts,o=ls" write - by users read - by * none - -## Le reste -access to * - by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write - by dn="uid=ldapsaisie,ou=sysaccounts,o=ls" write - by * none diff --git a/lsexample/slapd/slapd.conf b/lsexample/slapd/slapd.conf deleted file mode 100644 index ac92259e..00000000 --- a/lsexample/slapd/slapd.conf +++ /dev/null @@ -1,45 +0,0 @@ -# LSexample - Config - -# Loading schema -include /etc/ldap/schema/core.schema -include /etc/ldap/schema/cosine.schema -include /etc/ldap/schema/nis.schema -include /etc/ldap/schema/inetorgperson.schema -include /etc/ldap/schema/samba.schema -include /etc/ldap/schema/lsexample.schema - -# Slapd core configuration -pidfile /var/run/slapd/slapd.pid -argsfile /var/run/slapd/slapd.args -loglevel stats -modulepath /usr/lib/ldap -moduleload back_hdb -sizelimit 500 -tool-threads 1 - -# LSexample database configuration -backend hdb -database hdb -suffix "o=ls" - -# The database directory MUST exist prior to running slapd AND -# should only be accessible by the slapd and slap tools. -# Mode 700 recommended. -directory /var/lib/ldap - -# Indices to maintain -index objectClass eq -index uidNumber eq -index gidNumber eq -index lsallowedservices,lsGodfatherDn eq -index sambasid eq -index sambaDomainName eq -index memberUid,uniqueMember eq -index givenname,cn,sn,mail,uid sub,eq,approx - -# Save the time that the entry gets modified, for database #1 -lastmod on -checkpoint 512 30 - -# Loading LSexample permission file -include permissions-ls.conf diff --git a/lsexample/slapd/slapd.d/cn=config.ldif b/lsexample/slapd/slapd.d/cn=config.ldif deleted file mode 100644 index 970f360c..00000000 --- a/lsexample/slapd/slapd.d/cn=config.ldif +++ /dev/null @@ -1,16 +0,0 @@ -# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. -# CRC32 1a375831 -dn: cn=config -objectClass: olcGlobal -cn: config -olcArgsFile: /var/run/slapd/slapd.args -olcLogLevel: none -olcPidFile: /var/run/slapd/slapd.pid -olcToolThreads: 1 -structuralObjectClass: olcGlobal -entryUUID: 6db4a4c4-6a91-1032-8cb6-d5eaa14a6b52 -creatorsName: cn=config -createTimestamp: 20130616052915Z -entryCSN: 20130616052915.388815Z#000000#000#000000 -modifiersName: cn=config -modifyTimestamp: 20130616052915Z diff --git a/lsexample/slapd/slapd.d/cn=config/cn=module{0}.ldif b/lsexample/slapd/slapd.d/cn=config/cn=module{0}.ldif deleted file mode 100644 index d3c0187d..00000000 --- a/lsexample/slapd/slapd.d/cn=config/cn=module{0}.ldif +++ /dev/null @@ -1,14 +0,0 @@ -# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. -# CRC32 418bf3c9 -dn: cn=module{0} -objectClass: olcModuleList -cn: module{0} -olcModulePath: /usr/lib/ldap -olcModuleLoad: {0}back_hdb -structuralObjectClass: olcModuleList -entryUUID: 5605629c-6a95-1032-9775-cf219862f309 -creatorsName: cn=config -createTimestamp: 20130616055713Z -entryCSN: 20130616055713.639138Z#000000#000#000000 -modifiersName: cn=config -modifyTimestamp: 20130616055713Z diff --git a/lsexample/slapd/slapd.d/cn=config/cn=schema.ldif b/lsexample/slapd/slapd.d/cn=config/cn=schema.ldif deleted file mode 100644 index f644d1d5..00000000 --- a/lsexample/slapd/slapd.d/cn=config/cn=schema.ldif +++ /dev/null @@ -1,615 +0,0 @@ -# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. -# CRC32 6d62e916 -dn: cn=schema -objectClass: olcSchemaConfig -cn: schema -olcObjectIdentifier: OLcfg 1.3.6.1.4.1.4203.1.12.2 -olcObjectIdentifier: OLcfgAt OLcfg:3 -olcObjectIdentifier: OLcfgGlAt OLcfgAt:0 -olcObjectIdentifier: OLcfgBkAt OLcfgAt:1 -olcObjectIdentifier: OLcfgDbAt OLcfgAt:2 -olcObjectIdentifier: OLcfgOvAt OLcfgAt:3 -olcObjectIdentifier: OLcfgCtAt OLcfgAt:4 -olcObjectIdentifier: OLcfgOc OLcfg:4 -olcObjectIdentifier: OLcfgGlOc OLcfgOc:0 -olcObjectIdentifier: OLcfgBkOc OLcfgOc:1 -olcObjectIdentifier: OLcfgDbOc OLcfgOc:2 -olcObjectIdentifier: OLcfgOvOc OLcfgOc:3 -olcObjectIdentifier: OLcfgCtOc OLcfgOc:4 -olcObjectIdentifier: OMsyn 1.3.6.1.4.1.1466.115.121.1 -olcObjectIdentifier: OMsBoolean OMsyn:7 -olcObjectIdentifier: OMsDN OMsyn:12 -olcObjectIdentifier: OMsDirectoryString OMsyn:15 -olcObjectIdentifier: OMsIA5String OMsyn:26 -olcObjectIdentifier: OMsInteger OMsyn:27 -olcObjectIdentifier: OMsOID OMsyn:38 -olcObjectIdentifier: OMsOctetString OMsyn:40 -olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.1 DESC 'ACI Item' X-BINARY-TRANS - FER-REQUIRED 'TRUE' X-NOT-HUMAN-READABLE 'TRUE' ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.2 DESC 'Access Point' X-NOT-HUMA - N-READABLE 'TRUE' ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.3 DESC 'Attribute Type Descripti - on' ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.4 DESC 'Audio' X-NOT-HUMAN-READA - BLE 'TRUE' ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.5 DESC 'Binary' X-NOT-HUMAN-READ - ABLE 'TRUE' ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.6 DESC 'Bit String' ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.7 DESC 'Boolean' ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.8 DESC 'Certificate' X-BINARY-TR - ANSFER-REQUIRED 'TRUE' X-NOT-HUMAN-READABLE 'TRUE' ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.9 DESC 'Certificate List' X-BINA - RY-TRANSFER-REQUIRED 'TRUE' X-NOT-HUMAN-READABLE 'TRUE' ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.10 DESC 'Certificate Pair' X-BIN - ARY-TRANSFER-REQUIRED 'TRUE' X-NOT-HUMAN-READABLE 'TRUE' ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.4203.666.11.10.2.1 DESC 'X.509 AttributeCertifi - cate' X-BINARY-TRANSFER-REQUIRED 'TRUE' X-NOT-HUMAN-READABLE 'TRUE' ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.12 DESC 'Distinguished Name' ) -olcLdapSyntaxes: ( 1.2.36.79672281.1.5.0 DESC 'RDN' ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.13 DESC 'Data Quality' ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.14 DESC 'Delivery Method' ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.15 DESC 'Directory String' ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.16 DESC 'DIT Content Rule Descri - ption' ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.17 DESC 'DIT Structure Rule Desc - ription' ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.19 DESC 'DSA Quality' ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.20 DESC 'DSE Type' ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.21 DESC 'Enhanced Guide' ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.22 DESC 'Facsimile Telephone Num - ber' ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.23 DESC 'Fax' X-NOT-HUMAN-READAB - LE 'TRUE' ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.24 DESC 'Generalized Time' ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.25 DESC 'Guide' ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.26 DESC 'IA5 String' ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.27 DESC 'Integer' ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.28 DESC 'JPEG' X-NOT-HUMAN-READA - BLE 'TRUE' ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.29 DESC 'Master And Shadow Acces - s Points' ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.30 DESC 'Matching Rule Descripti - on' ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.31 DESC 'Matching Rule Use Descr - iption' ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.32 DESC 'Mail Preference' ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.33 DESC 'MHS OR Address' ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.34 DESC 'Name And Optional UID' - ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.35 DESC 'Name Form Description' - ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.36 DESC 'Numeric String' ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.37 DESC 'Object Class Descriptio - n' ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.38 DESC 'OID' ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.39 DESC 'Other Mailbox' ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.40 DESC 'Octet String' ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.41 DESC 'Postal Address' ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.42 DESC 'Protocol Information' ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.43 DESC 'Presentation Address' ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.44 DESC 'Printable String' ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.11 DESC 'Country String' ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.45 DESC 'SubtreeSpecification' ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.49 DESC 'Supported Algorithm' X- - BINARY-TRANSFER-REQUIRED 'TRUE' X-NOT-HUMAN-READABLE 'TRUE' ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.50 DESC 'Telephone Number' ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.51 DESC 'Teletex Terminal Identi - fier' ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.52 DESC 'Telex Number' ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.54 DESC 'LDAP Syntax Description - ' ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.55 DESC 'Modify Rights' ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.56 DESC 'LDAP Schema Definition' - ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.57 DESC 'LDAP Schema Description - ' ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.58 DESC 'Substring Assertion' ) -olcLdapSyntaxes: ( 1.3.6.1.1.1.0.0 DESC 'RFC2307 NIS Netgroup Triple' ) -olcLdapSyntaxes: ( 1.3.6.1.1.1.0.1 DESC 'RFC2307 Boot Parameter' ) -olcLdapSyntaxes: ( 1.3.6.1.1.15.1 DESC 'Certificate Exact Assertion' ) -olcLdapSyntaxes: ( 1.3.6.1.1.15.2 DESC 'Certificate Assertion' ) -olcLdapSyntaxes: ( 1.3.6.1.1.15.3 DESC 'Certificate Pair Exact Assertion' ) -olcLdapSyntaxes: ( 1.3.6.1.1.15.4 DESC 'Certificate Pair Assertion' ) -olcLdapSyntaxes: ( 1.3.6.1.1.15.5 DESC 'Certificate List Exact Assertion' ) -olcLdapSyntaxes: ( 1.3.6.1.1.15.6 DESC 'Certificate List Assertion' ) -olcLdapSyntaxes: ( 1.3.6.1.1.15.7 DESC 'Algorithm Identifier' ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.4203.666.11.10.2.2 DESC 'AttributeCertificate E - xact Assertion' ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.4203.666.11.10.2.3 DESC 'AttributeCertificate A - ssertion' ) -olcLdapSyntaxes: ( 1.3.6.1.1.16.1 DESC 'UUID' ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.4203.666.11.2.1 DESC 'CSN' ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.4203.666.11.2.4 DESC 'CSN SID' ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.4203.1.1.1 DESC 'OpenLDAP void' ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.4203.666.2.7 DESC 'OpenLDAP authz' ) -olcLdapSyntaxes: ( 1.3.6.1.4.1.4203.666.2.1 DESC 'OpenLDAP Experimental ACI' ) -olcAttributeTypes: ( 2.5.4.0 NAME 'objectClass' DESC 'RFC4512: object classes - of the entity' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121 - .1.38 ) -olcAttributeTypes: ( 2.5.21.9 NAME 'structuralObjectClass' DESC 'RFC4512: stru - ctural object class of entry' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4 - .1.1466.115.121.1.38 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperati - on ) -olcAttributeTypes: ( 2.5.18.1 NAME 'createTimestamp' DESC 'RFC4512: time which - object was created' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOr - deringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODIFIC - ATION USAGE directoryOperation ) -olcAttributeTypes: ( 2.5.18.2 NAME 'modifyTimestamp' DESC 'RFC4512: time which - object was last modified' EQUALITY generalizedTimeMatch ORDERING generalized - TimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-M - ODIFICATION USAGE directoryOperation ) -olcAttributeTypes: ( 2.5.18.3 NAME 'creatorsName' DESC 'RFC4512: name of creat - or' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SING - LE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ) -olcAttributeTypes: ( 2.5.18.4 NAME 'modifiersName' DESC 'RFC4512: name of last - modifier' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. - 12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ) -olcAttributeTypes: ( 2.5.18.9 NAME 'hasSubordinates' DESC 'X.501: entry has ch - ildren' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALU - E NO-USER-MODIFICATION USAGE directoryOperation ) -olcAttributeTypes: ( 2.5.18.10 NAME 'subschemaSubentry' DESC 'RFC4512: name of - controlling subschema entry' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1. - 4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperat - ion ) -olcAttributeTypes: ( 1.3.6.1.1.20 NAME 'entryDN' DESC 'DN of the entry' EQUALI - TY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE N - O-USER-MODIFICATION USAGE directoryOperation ) -olcAttributeTypes: ( 1.3.6.1.1.16.4 NAME 'entryUUID' DESC 'UUID of the entry' - EQUALITY UUIDMatch ORDERING UUIDOrderingMatch SYNTAX 1.3.6.1.1.16.1 SINGLE-VA - LUE NO-USER-MODIFICATION USAGE directoryOperation ) -olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.7 NAME 'entryCSN' DESC 'change seq - uence number of the entry content' EQUALITY CSNMatch ORDERING CSNOrderingMatc - h SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} SINGLE-VALUE NO-USER-MODIFICATION US - AGE directoryOperation ) -olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.13 NAME 'namingCSN' DESC 'change s - equence number of the entry naming (RDN)' EQUALITY CSNMatch ORDERING CSNOrder - ingMatch SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} SINGLE-VALUE NO-USER-MODIFICA - TION USAGE directoryOperation ) -olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.23 NAME 'syncreplCookie' DESC 'syn - crepl Cookie for shadow copy' EQUALITY octetStringMatch ORDERING octetStringO - rderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE NO-USER-MODIFI - CATION USAGE dSAOperation ) -olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.25 NAME 'contextCSN' DESC 'the lar - gest committed CSN of a context' EQUALITY CSNMatch ORDERING CSNOrderingMatch - SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} NO-USER-MODIFICATION USAGE dSAOperatio - n ) -olcAttributeTypes: ( 1.3.6.1.4.1.1466.101.120.6 NAME 'altServer' DESC 'RFC4512 - : alternative servers' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE dSAOperatio - n ) -olcAttributeTypes: ( 1.3.6.1.4.1.1466.101.120.5 NAME 'namingContexts' DESC 'RF - C4512: naming contexts' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 USAGE dSAOperati - on ) -olcAttributeTypes: ( 1.3.6.1.4.1.1466.101.120.13 NAME 'supportedControl' DESC - 'RFC4512: supported controls' SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAO - peration ) -olcAttributeTypes: ( 1.3.6.1.4.1.1466.101.120.7 NAME 'supportedExtension' DESC - 'RFC4512: supported extended operations' SYNTAX 1.3.6.1.4.1.1466.115.121.1.3 - 8 USAGE dSAOperation ) -olcAttributeTypes: ( 1.3.6.1.4.1.1466.101.120.15 NAME 'supportedLDAPVersion' D - ESC 'RFC4512: supported LDAP versions' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 U - SAGE dSAOperation ) -olcAttributeTypes: ( 1.3.6.1.4.1.1466.101.120.14 NAME 'supportedSASLMechanisms - ' DESC 'RFC4512: supported SASL mechanisms' SYNTAX 1.3.6.1.4.1.1466.115.121.1 - .15 USAGE dSAOperation ) -olcAttributeTypes: ( 1.3.6.1.4.1.4203.1.3.5 NAME 'supportedFeatures' DESC 'RFC - 4512: features supported by the server' EQUALITY objectIdentifierMatch SYNTAX - 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation ) -olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.10 NAME 'monitorContext' DESC 'mon - itor context' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121 - .1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation ) -olcAttributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.1 NAME 'configContext' DESC 'conf - ig context' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 - .12 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation ) -olcAttributeTypes: ( 1.3.6.1.1.4 NAME 'vendorName' DESC 'RFC3045: name of impl - ementation vendor' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. - 15 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation ) -olcAttributeTypes: ( 1.3.6.1.1.5 NAME 'vendorVersion' DESC 'RFC3045: version o - f implementation' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 - 5 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation ) -olcAttributeTypes: ( 2.5.18.5 NAME 'administrativeRole' DESC 'RFC3672: adminis - trative role' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121. - 1.38 USAGE directoryOperation ) -olcAttributeTypes: ( 2.5.18.6 NAME 'subtreeSpecification' DESC 'RFC3672: subtr - ee specification' SYNTAX 1.3.6.1.4.1.1466.115.121.1.45 SINGLE-VALUE USAGE dir - ectoryOperation ) -olcAttributeTypes: ( 2.5.21.1 NAME 'dITStructureRules' DESC 'RFC4512: DIT stru - cture rules' EQUALITY integerFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115. - 121.1.17 USAGE directoryOperation ) -olcAttributeTypes: ( 2.5.21.2 NAME 'dITContentRules' DESC 'RFC4512: DIT conten - t rules' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466 - .115.121.1.16 USAGE directoryOperation ) -olcAttributeTypes: ( 2.5.21.4 NAME 'matchingRules' DESC 'RFC4512: matching rul - es' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115. - 121.1.30 USAGE directoryOperation ) -olcAttributeTypes: ( 2.5.21.5 NAME 'attributeTypes' DESC 'RFC4512: attribute t - ypes' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.11 - 5.121.1.3 USAGE directoryOperation ) -olcAttributeTypes: ( 2.5.21.6 NAME 'objectClasses' DESC 'RFC4512: object class - es' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115. - 121.1.37 USAGE directoryOperation ) -olcAttributeTypes: ( 2.5.21.7 NAME 'nameForms' DESC 'RFC4512: name forms ' EQU - ALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.3 - 5 USAGE directoryOperation ) -olcAttributeTypes: ( 2.5.21.8 NAME 'matchingRuleUse' DESC 'RFC4512: matching r - ule uses' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.146 - 6.115.121.1.31 USAGE directoryOperation ) -olcAttributeTypes: ( 1.3.6.1.4.1.1466.101.120.16 NAME 'ldapSyntaxes' DESC 'RFC - 4512: LDAP syntaxes' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3. - 6.1.4.1.1466.115.121.1.54 USAGE directoryOperation ) -olcAttributeTypes: ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' ) D - ESC 'RFC4512: name of aliased object' EQUALITY distinguishedNameMatch SYNTAX - 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) -olcAttributeTypes: ( 2.16.840.1.113730.3.1.34 NAME 'ref' DESC 'RFC3296: subord - inate referral URL' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 - .15 USAGE distributedOperation ) -olcAttributeTypes: ( 1.3.6.1.4.1.4203.1.3.1 NAME 'entry' DESC 'OpenLDAP ACL en - try pseudo-attribute' SYNTAX 1.3.6.1.4.1.4203.1.1.1 SINGLE-VALUE NO-USER-MODI - FICATION USAGE dSAOperation ) -olcAttributeTypes: ( 1.3.6.1.4.1.4203.1.3.2 NAME 'children' DESC 'OpenLDAP ACL - children pseudo-attribute' SYNTAX 1.3.6.1.4.1.4203.1.1.1 SINGLE-VALUE NO-USE - R-MODIFICATION USAGE dSAOperation ) -olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.8 NAME ( 'authzTo' 'saslAuthzTo' ) - DESC 'proxy authorization targets' EQUALITY authzMatch SYNTAX 1.3.6.1.4.1.42 - 03.666.2.7 USAGE distributedOperation X-ORDERED 'VALUES' ) -olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.9 NAME ( 'authzFrom' 'saslAuthzFro - m' ) DESC 'proxy authorization sources' EQUALITY authzMatch SYNTAX 1.3.6.1.4. - 1.4203.666.2.7 USAGE distributedOperation X-ORDERED 'VALUES' ) -olcAttributeTypes: ( 1.3.6.1.4.1.1466.101.119.3 NAME 'entryTtl' DESC 'RFC2589: - entry time-to-live' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE NO-USE - R-MODIFICATION USAGE dSAOperation ) -olcAttributeTypes: ( 1.3.6.1.4.1.1466.101.119.4 NAME 'dynamicSubtrees' DESC 'R - FC2589: dynamic subtrees' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFI - CATION USAGE dSAOperation ) -olcAttributeTypes: ( 2.5.4.49 NAME 'distinguishedName' DESC 'RFC4519: common s - upertype of DN attributes' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1 - .1466.115.121.1.12 ) -olcAttributeTypes: ( 2.5.4.41 NAME 'name' DESC 'RFC4519: common supertype of n - ame attributes' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYN - TAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) -olcAttributeTypes: ( 2.5.4.3 NAME ( 'cn' 'commonName' ) DESC 'RFC4519: common - name(s) for which the entity is known by' SUP name ) -olcAttributeTypes: ( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' ) DESC 'R - FC4519: user identifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrings - Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) -olcAttributeTypes: ( 1.3.6.1.1.1.1.0 NAME 'uidNumber' DESC 'RFC2307: An intege - r uniquely identifying a user in an administrative domain' EQUALITY integerMa - tch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE - -VALUE ) -olcAttributeTypes: ( 1.3.6.1.1.1.1.1 NAME 'gidNumber' DESC 'RFC2307: An intege - r uniquely identifying a group in an administrative domain' EQUALITY integerM - atch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGL - E-VALUE ) -olcAttributeTypes: ( 2.5.4.35 NAME 'userPassword' DESC 'RFC4519/2307: password - of user' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} - ) -olcAttributeTypes: ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI' DESC 'RFC2079: Uni - form Resource Identifier with optional label' EQUALITY caseExactMatch SYNTAX - 1.3.6.1.4.1.1466.115.121.1.15 ) -olcAttributeTypes: ( 2.5.4.13 NAME 'description' DESC 'RFC4519: descriptive in - formation' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1 - .3.6.1.4.1.1466.115.121.1.15{1024} ) -olcAttributeTypes: ( 2.5.4.34 NAME 'seeAlso' DESC 'RFC4519: DN of related obje - ct' SUP distinguishedName ) -olcAttributeTypes: ( OLcfgGlAt:78 NAME 'olcConfigFile' DESC 'File for slapd co - nfiguration directives' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString SI - NGLE-VALUE ) -olcAttributeTypes: ( OLcfgGlAt:79 NAME 'olcConfigDir' DESC 'Directory for slap - d configuration backend' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString S - INGLE-VALUE ) -olcAttributeTypes: ( OLcfgGlAt:1 NAME 'olcAccess' DESC 'Access Control List' E - QUALITY caseIgnoreMatch SYNTAX OMsDirectoryString X-ORDERED 'VALUES' ) -olcAttributeTypes: ( OLcfgGlAt:86 NAME 'olcAddContentAcl' DESC 'Check ACLs aga - inst content of Add ops' SYNTAX OMsBoolean SINGLE-VALUE ) -olcAttributeTypes: ( OLcfgGlAt:2 NAME 'olcAllows' DESC 'Allowed set of depreca - ted features' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString ) -olcAttributeTypes: ( OLcfgGlAt:3 NAME 'olcArgsFile' DESC 'File for slapd comma - nd line options' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString SINGLE-VA - LUE ) -olcAttributeTypes: ( OLcfgGlAt:5 NAME 'olcAttributeOptions' EQUALITY caseIgnor - eMatch SYNTAX OMsDirectoryString ) -olcAttributeTypes: ( OLcfgGlAt:4 NAME 'olcAttributeTypes' DESC 'OpenLDAP attri - buteTypes' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX O - MsDirectoryString X-ORDERED 'VALUES' ) -olcAttributeTypes: ( OLcfgGlAt:6 NAME 'olcAuthIDRewrite' EQUALITY caseIgnoreMa - tch SYNTAX OMsDirectoryString X-ORDERED 'VALUES' ) -olcAttributeTypes: ( OLcfgGlAt:7 NAME 'olcAuthzPolicy' EQUALITY caseIgnoreMatc - h SYNTAX OMsDirectoryString SINGLE-VALUE ) -olcAttributeTypes: ( OLcfgGlAt:8 NAME 'olcAuthzRegexp' EQUALITY caseIgnoreMatc - h SYNTAX OMsDirectoryString X-ORDERED 'VALUES' ) -olcAttributeTypes: ( OLcfgGlAt:9 NAME 'olcBackend' DESC 'A type of backend' EQ - UALITY caseIgnoreMatch SYNTAX OMsDirectoryString SINGLE-VALUE X-ORDERED 'SIBL - INGS' ) -olcAttributeTypes: ( OLcfgGlAt:10 NAME 'olcConcurrency' SYNTAX OMsInteger SING - LE-VALUE ) -olcAttributeTypes: ( OLcfgGlAt:11 NAME 'olcConnMaxPending' SYNTAX OMsInteger S - INGLE-VALUE ) -olcAttributeTypes: ( OLcfgGlAt:12 NAME 'olcConnMaxPendingAuth' SYNTAX OMsInteg - er SINGLE-VALUE ) -olcAttributeTypes: ( OLcfgGlAt:13 NAME 'olcDatabase' DESC 'The backend type fo - r a database instance' SUP olcBackend SINGLE-VALUE X-ORDERED 'SIBLINGS' ) -olcAttributeTypes: ( OLcfgGlAt:14 NAME 'olcDefaultSearchBase' SYNTAX OMsDN SIN - GLE-VALUE ) -olcAttributeTypes: ( OLcfgGlAt:15 NAME 'olcDisallows' EQUALITY caseIgnoreMatch - SYNTAX OMsDirectoryString ) -olcAttributeTypes: ( OLcfgGlAt:16 NAME 'olcDitContentRules' DESC 'OpenLDAP DIT - content rules' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYN - TAX OMsDirectoryString X-ORDERED 'VALUES' ) -olcAttributeTypes: ( OLcfgDbAt:0.20 NAME 'olcExtraAttrs' EQUALITY caseIgnoreMa - tch SYNTAX OMsDirectoryString ) -olcAttributeTypes: ( OLcfgGlAt:17 NAME 'olcGentleHUP' SYNTAX OMsBoolean SINGLE - -VALUE ) -olcAttributeTypes: ( OLcfgDbAt:0.17 NAME 'olcHidden' SYNTAX OMsBoolean SINGLE- - VALUE ) -olcAttributeTypes: ( OLcfgGlAt:18 NAME 'olcIdleTimeout' SYNTAX OMsInteger SING - LE-VALUE ) -olcAttributeTypes: ( OLcfgGlAt:19 NAME 'olcInclude' SUP labeledURI ) -olcAttributeTypes: ( OLcfgGlAt:20 NAME 'olcIndexSubstrIfMinLen' SYNTAX OMsInte - ger SINGLE-VALUE ) -olcAttributeTypes: ( OLcfgGlAt:21 NAME 'olcIndexSubstrIfMaxLen' SYNTAX OMsInte - ger SINGLE-VALUE ) -olcAttributeTypes: ( OLcfgGlAt:22 NAME 'olcIndexSubstrAnyLen' SYNTAX OMsIntege - r SINGLE-VALUE ) -olcAttributeTypes: ( OLcfgGlAt:23 NAME 'olcIndexSubstrAnyStep' SYNTAX OMsInteg - er SINGLE-VALUE ) -olcAttributeTypes: ( OLcfgGlAt:84 NAME 'olcIndexIntLen' SYNTAX OMsInteger SING - LE-VALUE ) -olcAttributeTypes: ( OLcfgDbAt:0.4 NAME 'olcLastMod' SYNTAX OMsBoolean SINGLE- - VALUE ) -olcAttributeTypes: ( OLcfgGlAt:85 NAME 'olcLdapSyntaxes' DESC 'OpenLDAP ldapSy - ntax' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX OMsDir - ectoryString X-ORDERED 'VALUES' ) -olcAttributeTypes: ( OLcfgDbAt:0.5 NAME 'olcLimits' EQUALITY caseIgnoreMatch S - YNTAX OMsDirectoryString X-ORDERED 'VALUES' ) -olcAttributeTypes: ( OLcfgGlAt:93 NAME 'olcListenerThreads' SYNTAX OMsInteger - SINGLE-VALUE ) -olcAttributeTypes: ( OLcfgGlAt:26 NAME 'olcLocalSSF' SYNTAX OMsInteger SINGLE- - VALUE ) -olcAttributeTypes: ( OLcfgGlAt:27 NAME 'olcLogFile' SYNTAX OMsDirectoryString - SINGLE-VALUE ) -olcAttributeTypes: ( OLcfgGlAt:28 NAME 'olcLogLevel' EQUALITY caseIgnoreMatch - SYNTAX OMsDirectoryString ) -olcAttributeTypes: ( OLcfgDbAt:0.6 NAME 'olcMaxDerefDepth' SYNTAX OMsInteger S - INGLE-VALUE ) -olcAttributeTypes: ( OLcfgDbAt:0.16 NAME 'olcMirrorMode' SYNTAX OMsBoolean SIN - GLE-VALUE ) -olcAttributeTypes: ( OLcfgGlAt:30 NAME 'olcModuleLoad' EQUALITY caseIgnoreMatc - h SYNTAX OMsDirectoryString X-ORDERED 'VALUES' ) -olcAttributeTypes: ( OLcfgGlAt:31 NAME 'olcModulePath' SYNTAX OMsDirectoryStri - ng SINGLE-VALUE ) -olcAttributeTypes: ( OLcfgDbAt:0.18 NAME 'olcMonitoring' SYNTAX OMsBoolean SIN - GLE-VALUE ) -olcAttributeTypes: ( OLcfgGlAt:32 NAME 'olcObjectClasses' DESC 'OpenLDAP objec - t classes' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX O - MsDirectoryString X-ORDERED 'VALUES' ) -olcAttributeTypes: ( OLcfgGlAt:33 NAME 'olcObjectIdentifier' EQUALITY caseIgno - reMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX OMsDirectoryString X-ORDERED - 'VALUES' ) -olcAttributeTypes: ( OLcfgGlAt:34 NAME 'olcOverlay' SUP olcDatabase SINGLE-VAL - UE X-ORDERED 'SIBLINGS' ) -olcAttributeTypes: ( OLcfgGlAt:35 NAME 'olcPasswordCryptSaltFormat' SYNTAX OMs - DirectoryString SINGLE-VALUE ) -olcAttributeTypes: ( OLcfgGlAt:36 NAME 'olcPasswordHash' EQUALITY caseIgnoreMa - tch SYNTAX OMsDirectoryString ) -olcAttributeTypes: ( OLcfgGlAt:37 NAME 'olcPidFile' SYNTAX OMsDirectoryString - SINGLE-VALUE ) -olcAttributeTypes: ( OLcfgGlAt:38 NAME 'olcPlugin' EQUALITY caseIgnoreMatch SY - NTAX OMsDirectoryString ) -olcAttributeTypes: ( OLcfgGlAt:39 NAME 'olcPluginLogFile' SYNTAX OMsDirectoryS - tring SINGLE-VALUE ) -olcAttributeTypes: ( OLcfgGlAt:40 NAME 'olcReadOnly' SYNTAX OMsBoolean SINGLE- - VALUE ) -olcAttributeTypes: ( OLcfgGlAt:41 NAME 'olcReferral' SUP labeledURI SINGLE-VAL - UE ) -olcAttributeTypes: ( OLcfgDbAt:0.7 NAME 'olcReplica' SUP labeledURI EQUALITY c - aseIgnoreMatch X-ORDERED 'VALUES' ) -olcAttributeTypes: ( OLcfgGlAt:43 NAME 'olcReplicaArgsFile' SYNTAX OMsDirector - yString SINGLE-VALUE ) -olcAttributeTypes: ( OLcfgGlAt:44 NAME 'olcReplicaPidFile' SYNTAX OMsDirectory - String SINGLE-VALUE ) -olcAttributeTypes: ( OLcfgGlAt:45 NAME 'olcReplicationInterval' SYNTAX OMsInte - ger SINGLE-VALUE ) -olcAttributeTypes: ( OLcfgGlAt:46 NAME 'olcReplogFile' SYNTAX OMsDirectoryStri - ng SINGLE-VALUE ) -olcAttributeTypes: ( OLcfgGlAt:47 NAME 'olcRequires' EQUALITY caseIgnoreMatch - SYNTAX OMsDirectoryString ) -olcAttributeTypes: ( OLcfgGlAt:48 NAME 'olcRestrict' EQUALITY caseIgnoreMatch - SYNTAX OMsDirectoryString ) -olcAttributeTypes: ( OLcfgGlAt:49 NAME 'olcReverseLookup' SYNTAX OMsBoolean SI - NGLE-VALUE ) -olcAttributeTypes: ( OLcfgDbAt:0.8 NAME 'olcRootDN' EQUALITY distinguishedName - Match SYNTAX OMsDN SINGLE-VALUE ) -olcAttributeTypes: ( OLcfgGlAt:51 NAME 'olcRootDSE' EQUALITY caseIgnoreMatch S - YNTAX OMsDirectoryString ) -olcAttributeTypes: ( OLcfgDbAt:0.9 NAME 'olcRootPW' SYNTAX OMsDirectoryString - SINGLE-VALUE ) -olcAttributeTypes: ( OLcfgGlAt:89 NAME 'olcSaslAuxprops' SYNTAX OMsDirectorySt - ring SINGLE-VALUE ) -olcAttributeTypes: ( OLcfgGlAt:53 NAME 'olcSaslHost' SYNTAX OMsDirectoryString - SINGLE-VALUE ) -olcAttributeTypes: ( OLcfgGlAt:54 NAME 'olcSaslRealm' SYNTAX OMsDirectoryStrin - g SINGLE-VALUE ) -olcAttributeTypes: ( OLcfgGlAt:56 NAME 'olcSaslSecProps' SYNTAX OMsDirectorySt - ring SINGLE-VALUE ) -olcAttributeTypes: ( OLcfgGlAt:58 NAME 'olcSchemaDN' EQUALITY distinguishedNam - eMatch SYNTAX OMsDN SINGLE-VALUE ) -olcAttributeTypes: ( OLcfgGlAt:59 NAME 'olcSecurity' EQUALITY caseIgnoreMatch - SYNTAX OMsDirectoryString ) -olcAttributeTypes: ( OLcfgGlAt:81 NAME 'olcServerID' EQUALITY caseIgnoreMatch - SYNTAX OMsDirectoryString ) -olcAttributeTypes: ( OLcfgGlAt:60 NAME 'olcSizeLimit' SYNTAX OMsDirectoryStrin - g SINGLE-VALUE ) -olcAttributeTypes: ( OLcfgGlAt:61 NAME 'olcSockbufMaxIncoming' SYNTAX OMsInteg - er SINGLE-VALUE ) -olcAttributeTypes: ( OLcfgGlAt:62 NAME 'olcSockbufMaxIncomingAuth' SYNTAX OMsI - nteger SINGLE-VALUE ) -olcAttributeTypes: ( OLcfgGlAt:83 NAME 'olcSortVals' DESC 'Attributes whose va - lues will always be sorted' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryStrin - g ) -olcAttributeTypes: ( OLcfgDbAt:0.15 NAME 'olcSubordinate' SYNTAX OMsDirectoryS - tring SINGLE-VALUE ) -olcAttributeTypes: ( OLcfgDbAt:0.10 NAME 'olcSuffix' EQUALITY distinguishedNam - eMatch SYNTAX OMsDN ) -olcAttributeTypes: ( OLcfgDbAt:0.19 NAME 'olcSyncUseSubentry' DESC 'Store sync - context in a subentry' SYNTAX OMsBoolean SINGLE-VALUE ) -olcAttributeTypes: ( OLcfgDbAt:0.11 NAME 'olcSyncrepl' EQUALITY caseIgnoreMatc - h SYNTAX OMsDirectoryString X-ORDERED 'VALUES' ) -olcAttributeTypes: ( OLcfgGlAt:90 NAME 'olcTCPBuffer' DESC 'Custom TCP buffer - size' SYNTAX OMsDirectoryString ) -olcAttributeTypes: ( OLcfgGlAt:66 NAME 'olcThreads' SYNTAX OMsInteger SINGLE-V - ALUE ) -olcAttributeTypes: ( OLcfgGlAt:67 NAME 'olcTimeLimit' SYNTAX OMsDirectoryStrin - g ) -olcAttributeTypes: ( OLcfgGlAt:68 NAME 'olcTLSCACertificateFile' SYNTAX OMsDir - ectoryString SINGLE-VALUE ) -olcAttributeTypes: ( OLcfgGlAt:69 NAME 'olcTLSCACertificatePath' SYNTAX OMsDir - ectoryString SINGLE-VALUE ) -olcAttributeTypes: ( OLcfgGlAt:70 NAME 'olcTLSCertificateFile' SYNTAX OMsDirec - toryString SINGLE-VALUE ) -olcAttributeTypes: ( OLcfgGlAt:71 NAME 'olcTLSCertificateKeyFile' SYNTAX OMsDi - rectoryString SINGLE-VALUE ) -olcAttributeTypes: ( OLcfgGlAt:72 NAME 'olcTLSCipherSuite' SYNTAX OMsDirectory - String SINGLE-VALUE ) -olcAttributeTypes: ( OLcfgGlAt:73 NAME 'olcTLSCRLCheck' SYNTAX OMsDirectoryStr - ing SINGLE-VALUE ) -olcAttributeTypes: ( OLcfgGlAt:82 NAME 'olcTLSCRLFile' SYNTAX OMsDirectoryStri - ng SINGLE-VALUE ) -olcAttributeTypes: ( OLcfgGlAt:74 NAME 'olcTLSRandFile' SYNTAX OMsDirectoryStr - ing SINGLE-VALUE ) -olcAttributeTypes: ( OLcfgGlAt:75 NAME 'olcTLSVerifyClient' SYNTAX OMsDirector - yString SINGLE-VALUE ) -olcAttributeTypes: ( OLcfgGlAt:77 NAME 'olcTLSDHParamFile' SYNTAX OMsDirectory - String SINGLE-VALUE ) -olcAttributeTypes: ( OLcfgGlAt:87 NAME 'olcTLSProtocolMin' SYNTAX OMsDirectory - String SINGLE-VALUE ) -olcAttributeTypes: ( OLcfgGlAt:80 NAME 'olcToolThreads' SYNTAX OMsInteger SING - LE-VALUE ) -olcAttributeTypes: ( OLcfgDbAt:0.12 NAME 'olcUpdateDN' SYNTAX OMsDN SINGLE-VAL - UE ) -olcAttributeTypes: ( OLcfgDbAt:0.13 NAME 'olcUpdateRef' SUP labeledURI EQUALIT - Y caseIgnoreMatch ) -olcAttributeTypes: ( OLcfgGlAt:88 NAME 'olcWriteTimeout' SYNTAX OMsInteger SIN - GLE-VALUE ) -olcAttributeTypes: ( OLcfgDbAt:0.1 NAME 'olcDbDirectory' DESC 'Directory for d - atabase content' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString SINGLE-VA - LUE ) -olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.5 NAME 'OpenLDAPaci' DESC 'OpenLDA - P access control information (experimental)' EQUALITY OpenLDAPaciMatch SYNTAX - 1.3.6.1.4.1.4203.666.2.1 USAGE directoryOperation ) -olcAttributeTypes: ( OLcfgDbAt:1.11 NAME 'olcDbCacheFree' DESC 'Number of extr - a entries to free when max is reached' SYNTAX OMsInteger SINGLE-VALUE ) -olcAttributeTypes: ( OLcfgDbAt:1.1 NAME 'olcDbCacheSize' DESC 'Entry cache siz - e in entries' SYNTAX OMsInteger SINGLE-VALUE ) -olcAttributeTypes: ( OLcfgDbAt:1.2 NAME 'olcDbCheckpoint' DESC 'Database check - point interval in kbytes and minutes' SYNTAX OMsDirectoryString SINGLE-VALUE - ) -olcAttributeTypes: ( OLcfgDbAt:1.16 NAME 'olcDbChecksum' DESC 'Enable database - checksum validation' SYNTAX OMsBoolean SINGLE-VALUE ) -olcAttributeTypes: ( OLcfgDbAt:1.13 NAME 'olcDbCryptFile' DESC 'Pathname of fi - le containing the DB encryption key' SYNTAX OMsDirectoryString SINGLE-VALUE ) -olcAttributeTypes: ( OLcfgDbAt:1.14 NAME 'olcDbCryptKey' DESC 'DB encryption k - ey' SYNTAX OMsOctetString SINGLE-VALUE ) -olcAttributeTypes: ( OLcfgDbAt:1.3 NAME 'olcDbConfig' DESC 'BerkeleyDB DB_CONF - IG configuration directives' SYNTAX OMsIA5String X-ORDERED 'VALUES' ) -olcAttributeTypes: ( OLcfgDbAt:1.4 NAME 'olcDbNoSync' DESC 'Disable synchronou - s database writes' SYNTAX OMsBoolean SINGLE-VALUE ) -olcAttributeTypes: ( OLcfgDbAt:1.15 NAME 'olcDbPageSize' DESC 'Page size of sp - ecified DB, in Kbytes' EQUALITY caseExactMatch SYNTAX OMsDirectoryString ) -olcAttributeTypes: ( OLcfgDbAt:1.5 NAME 'olcDbDirtyRead' DESC 'Allow reads of - uncommitted data' SYNTAX OMsBoolean SINGLE-VALUE ) -olcAttributeTypes: ( OLcfgDbAt:1.12 NAME 'olcDbDNcacheSize' DESC 'DN cache siz - e' SYNTAX OMsInteger SINGLE-VALUE ) -olcAttributeTypes: ( OLcfgDbAt:1.6 NAME 'olcDbIDLcacheSize' DESC 'IDL cache si - ze in IDLs' SYNTAX OMsInteger SINGLE-VALUE ) -olcAttributeTypes: ( OLcfgDbAt:0.2 NAME 'olcDbIndex' DESC 'Attribute index par - ameters' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString ) -olcAttributeTypes: ( OLcfgDbAt:1.7 NAME 'olcDbLinearIndex' DESC 'Index attribu - tes one at a time' SYNTAX OMsBoolean SINGLE-VALUE ) -olcAttributeTypes: ( OLcfgDbAt:1.8 NAME 'olcDbLockDetect' DESC 'Deadlock detec - tion algorithm' SYNTAX OMsDirectoryString SINGLE-VALUE ) -olcAttributeTypes: ( OLcfgDbAt:0.3 NAME 'olcDbMode' DESC 'Unix permissions of - database files' SYNTAX OMsDirectoryString SINGLE-VALUE ) -olcAttributeTypes: ( OLcfgDbAt:1.9 NAME 'olcDbSearchStack' DESC 'Depth of sear - ch stack in IDLs' SYNTAX OMsInteger SINGLE-VALUE ) -olcAttributeTypes: ( OLcfgDbAt:1.10 NAME 'olcDbShmKey' DESC 'Key for shared me - mory region' SYNTAX OMsInteger SINGLE-VALUE ) -olcObjectClasses: ( 2.5.6.0 NAME 'top' DESC 'top of the superclass chain' ABST - RACT MUST objectClass ) -olcObjectClasses: ( 1.3.6.1.4.1.1466.101.120.111 NAME 'extensibleObject' DESC - 'RFC4512: extensible object' SUP top AUXILIARY ) -olcObjectClasses: ( 2.5.6.1 NAME 'alias' DESC 'RFC4512: an alias' SUP top STRU - CTURAL MUST aliasedObjectName ) -olcObjectClasses: ( 2.16.840.1.113730.3.2.6 NAME 'referral' DESC 'namedref: na - med subordinate referral' SUP top STRUCTURAL MUST ref ) -olcObjectClasses: ( 1.3.6.1.4.1.4203.1.4.1 NAME ( 'OpenLDAProotDSE' 'LDAProotD - SE' ) DESC 'OpenLDAP Root DSE object' SUP top STRUCTURAL MAY cn ) -olcObjectClasses: ( 2.5.17.0 NAME 'subentry' DESC 'RFC3672: subentry' SUP top - STRUCTURAL MUST ( cn $ subtreeSpecification ) ) -olcObjectClasses: ( 2.5.20.1 NAME 'subschema' DESC 'RFC4512: controlling subsc - hema (sub)entry' AUXILIARY MAY ( dITStructureRules $ nameForms $ dITContentRu - les $ objectClasses $ attributeTypes $ matchingRules $ matchingRuleUse ) ) -olcObjectClasses: ( 1.3.6.1.4.1.1466.101.119.2 NAME 'dynamicObject' DESC 'RFC2 - 589: Dynamic Object' SUP top AUXILIARY ) -olcObjectClasses: ( 1.3.6.1.4.1.4203.666.3.4 NAME 'glue' DESC 'Glue Entry' SUP - top STRUCTURAL ) -olcObjectClasses: ( 1.3.6.1.4.1.4203.666.3.5 NAME 'syncConsumerSubentry' DESC - 'Persistent Info for SyncRepl Consumer' AUXILIARY MAY syncreplCookie ) -olcObjectClasses: ( 1.3.6.1.4.1.4203.666.3.6 NAME 'syncProviderSubentry' DESC - 'Persistent Info for SyncRepl Producer' AUXILIARY MAY contextCSN ) -olcObjectClasses: ( OLcfgGlOc:0 NAME 'olcConfig' DESC 'OpenLDAP configuration - object' SUP top ABSTRACT ) -olcObjectClasses: ( OLcfgGlOc:1 NAME 'olcGlobal' DESC 'OpenLDAP Global configu - ration options' SUP olcConfig STRUCTURAL MAY ( cn $ olcConfigFile $ olcConfig - Dir $ olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAuthIDRewrite $ olcA - uthzPolicy $ olcAuthzRegexp $ olcConcurrency $ olcConnMaxPending $ olcConnMax - PendingAuth $ olcDisallows $ olcGentleHUP $ olcIdleTimeout $ olcIndexSubstrIf - MaxLen $ olcIndexSubstrIfMinLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnySte - p $ olcIndexIntLen $ olcLocalSSF $ olcLogFile $ olcLogLevel $ olcPasswordCryp - tSaltFormat $ olcPasswordHash $ olcPidFile $ olcPluginLogFile $ olcReadOnly $ - olcReferral $ olcReplogFile $ olcRequires $ olcRestrict $ olcReverseLookup $ - olcRootDSE $ olcSaslAuxprops $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps - $ olcSecurity $ olcServerID $ olcSizeLimit $ olcSockbufMaxIncoming $ olcSockb - ufMaxIncomingAuth $ olcTCPBuffer $ olcThreads $ olcTimeLimit $ olcTLSCACertif - icateFile $ olcTLSCACertificatePath $ olcTLSCertificateFile $ olcTLSCertifica - teKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ olcTLSRandFile $ olcTLSVerif - yClient $ olcTLSDHParamFile $ olcTLSCRLFile $ olcToolThreads $ olcWriteTimeou - t $ olcObjectIdentifier $ olcAttributeTypes $ olcObjectClasses $ olcDitConten - tRules $ olcLdapSyntaxes ) ) -olcObjectClasses: ( OLcfgGlOc:2 NAME 'olcSchemaConfig' DESC 'OpenLDAP schema o - bject' SUP olcConfig STRUCTURAL MAY ( cn $ olcObjectIdentifier $ olcLdapSynta - xes $ olcAttributeTypes $ olcObjectClasses $ olcDitContentRules ) ) -olcObjectClasses: ( OLcfgGlOc:3 NAME 'olcBackendConfig' DESC 'OpenLDAP Backend - -specific options' SUP olcConfig STRUCTURAL MUST olcBackend ) -olcObjectClasses: ( OLcfgGlOc:4 NAME 'olcDatabaseConfig' DESC 'OpenLDAP Databa - se-specific options' SUP olcConfig STRUCTURAL MUST olcDatabase MAY ( olcHidde - n $ olcSuffix $ olcSubordinate $ olcAccess $ olcAddContentAcl $ olcLastMod $ - olcLimits $ olcMaxDerefDepth $ olcPlugin $ olcReadOnly $ olcReplica $ olcRepl - icaArgsFile $ olcReplicaPidFile $ olcReplicationInterval $ olcReplogFile $ ol - cRequires $ olcRestrict $ olcRootDN $ olcRootPW $ olcSchemaDN $ olcSecurity $ - olcSizeLimit $ olcSyncUseSubentry $ olcSyncrepl $ olcTimeLimit $ olcUpdateDN - $ olcUpdateRef $ olcMirrorMode $ olcMonitoring $ olcExtraAttrs ) ) -olcObjectClasses: ( OLcfgGlOc:5 NAME 'olcOverlayConfig' DESC 'OpenLDAP Overlay - -specific options' SUP olcConfig STRUCTURAL MUST olcOverlay ) -olcObjectClasses: ( OLcfgGlOc:6 NAME 'olcIncludeFile' DESC 'OpenLDAP configura - tion include file' SUP olcConfig STRUCTURAL MUST olcInclude MAY ( cn $ olcRoo - tDSE ) ) -olcObjectClasses: ( OLcfgGlOc:7 NAME 'olcFrontendConfig' DESC 'OpenLDAP fronte - nd configuration' AUXILIARY MAY ( olcDefaultSearchBase $ olcPasswordHash $ ol - cSortVals ) ) -olcObjectClasses: ( OLcfgGlOc:8 NAME 'olcModuleList' DESC 'OpenLDAP dynamic mo - dule info' SUP olcConfig STRUCTURAL MAY ( cn $ olcModulePath $ olcModuleLoad - ) ) -olcObjectClasses: ( OLcfgDbOc:2.1 NAME 'olcLdifConfig' DESC 'LDIF backend conf - iguration' SUP olcDatabaseConfig STRUCTURAL MUST olcDbDirectory ) -olcObjectClasses: ( OLcfgDbOc:1.2 NAME 'olcHdbConfig' DESC 'HDB backend config - uration' SUP olcDatabaseConfig STRUCTURAL MUST olcDbDirectory MAY ( olcDbCach - eSize $ olcDbCheckpoint $ olcDbConfig $ olcDbCryptFile $ olcDbCryptKey $ olcD - bNoSync $ olcDbDirtyRead $ olcDbIDLcacheSize $ olcDbIndex $ olcDbLinearIndex - $ olcDbLockDetect $ olcDbMode $ olcDbSearchStack $ olcDbShmKey $ olcDbCacheFr - ee $ olcDbDNcacheSize $ olcDbPageSize ) ) -structuralObjectClass: olcSchemaConfig -entryUUID: 5605c11a-6a95-1032-9776-cf219862f309 -creatorsName: cn=config -createTimestamp: 20130616055713Z -entryCSN: 20130616055713.639138Z#000000#000#000000 -modifiersName: cn=config -modifyTimestamp: 20130616055713Z diff --git a/lsexample/slapd/slapd.d/cn=config/cn=schema/cn={0}core.ldif b/lsexample/slapd/slapd.d/cn=config/cn=schema/cn={0}core.ldif deleted file mode 100644 index 0eecfbd7..00000000 --- a/lsexample/slapd/slapd.d/cn=config/cn=schema/cn={0}core.ldif +++ /dev/null @@ -1,243 +0,0 @@ -# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. -# CRC32 b1b9e123 -dn: cn={0}core -objectClass: olcSchemaConfig -cn: {0}core -olcAttributeTypes: {0}( 2.5.4.2 NAME 'knowledgeInformation' DESC 'RFC2256: kno - wledge information' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121. - 1.15{32768} ) -olcAttributeTypes: {1}( 2.5.4.4 NAME ( 'sn' 'surname' ) DESC 'RFC2256: last (f - amily) name(s) for which the entity is known by' SUP name ) -olcAttributeTypes: {2}( 2.5.4.5 NAME 'serialNumber' DESC 'RFC2256: serial numb - er of the entity' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch S - YNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} ) -olcAttributeTypes: {3}( 2.5.4.6 NAME ( 'c' 'countryName' ) DESC 'RFC2256: ISO- - 3166 country 2-letter code' SUP name SINGLE-VALUE ) -olcAttributeTypes: {4}( 2.5.4.7 NAME ( 'l' 'localityName' ) DESC 'RFC2256: loc - ality which this object resides in' SUP name ) -olcAttributeTypes: {5}( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' ) DESC 'RFC2 - 256: state or province which this object resides in' SUP name ) -olcAttributeTypes: {6}( 2.5.4.9 NAME ( 'street' 'streetAddress' ) DESC 'RFC225 - 6: street address of this object' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreS - ubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) -olcAttributeTypes: {7}( 2.5.4.10 NAME ( 'o' 'organizationName' ) DESC 'RFC2256 - : organization this object belongs to' SUP name ) -olcAttributeTypes: {8}( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' ) DESC ' - RFC2256: organizational unit this object belongs to' SUP name ) -olcAttributeTypes: {9}( 2.5.4.12 NAME 'title' DESC 'RFC2256: title associated - with the entity' SUP name ) -olcAttributeTypes: {10}( 2.5.4.14 NAME 'searchGuide' DESC 'RFC2256: search gui - de, deprecated by enhancedSearchGuide' SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 ) -olcAttributeTypes: {11}( 2.5.4.15 NAME 'businessCategory' DESC 'RFC2256: busin - ess category' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTA - X 1.3.6.1.4.1.1466.115.121.1.15{128} ) -olcAttributeTypes: {12}( 2.5.4.16 NAME 'postalAddress' DESC 'RFC2256: postal a - ddress' EQUALITY caseIgnoreListMatch SUBSTR caseIgnoreListSubstringsMatch SYN - TAX 1.3.6.1.4.1.1466.115.121.1.41 ) -olcAttributeTypes: {13}( 2.5.4.17 NAME 'postalCode' DESC 'RFC2256: postal code - ' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4. - 1.1466.115.121.1.15{40} ) -olcAttributeTypes: {14}( 2.5.4.18 NAME 'postOfficeBox' DESC 'RFC2256: Post Off - ice Box' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3 - .6.1.4.1.1466.115.121.1.15{40} ) -olcAttributeTypes: {15}( 2.5.4.19 NAME 'physicalDeliveryOfficeName' DESC 'RFC2 - 256: Physical Delivery Office Name' EQUALITY caseIgnoreMatch SUBSTR caseIgnor - eSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) -olcAttributeTypes: {16}( 2.5.4.20 NAME 'telephoneNumber' DESC 'RFC2256: Teleph - one Number' EQUALITY telephoneNumberMatch SUBSTR telephoneNumberSubstringsMat - ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} ) -olcAttributeTypes: {17}( 2.5.4.21 NAME 'telexNumber' DESC 'RFC2256: Telex Numb - er' SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 ) -olcAttributeTypes: {18}( 2.5.4.22 NAME 'teletexTerminalIdentifier' DESC 'RFC22 - 56: Teletex Terminal Identifier' SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 ) -olcAttributeTypes: {19}( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' ) DE - SC 'RFC2256: Facsimile (Fax) Telephone Number' SYNTAX 1.3.6.1.4.1.1466.115.12 - 1.1.22 ) -olcAttributeTypes: {20}( 2.5.4.24 NAME 'x121Address' DESC 'RFC2256: X.121 Addr - ess' EQUALITY numericStringMatch SUBSTR numericStringSubstringsMatch SYNTAX 1 - .3.6.1.4.1.1466.115.121.1.36{15} ) -olcAttributeTypes: {21}( 2.5.4.25 NAME 'internationaliSDNNumber' DESC 'RFC2256 - : international ISDN number' EQUALITY numericStringMatch SUBSTR numericString - SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} ) -olcAttributeTypes: {22}( 2.5.4.26 NAME 'registeredAddress' DESC 'RFC2256: regi - stered postal address' SUP postalAddress SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 - ) -olcAttributeTypes: {23}( 2.5.4.27 NAME 'destinationIndicator' DESC 'RFC2256: d - estination indicator' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMat - ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} ) -olcAttributeTypes: {24}( 2.5.4.28 NAME 'preferredDeliveryMethod' DESC 'RFC2256 - : preferred delivery method' SYNTAX 1.3.6.1.4.1.1466.115.121.1.14 SINGLE-VALU - E ) -olcAttributeTypes: {25}( 2.5.4.29 NAME 'presentationAddress' DESC 'RFC2256: pr - esentation address' EQUALITY presentationAddressMatch SYNTAX 1.3.6.1.4.1.1466 - .115.121.1.43 SINGLE-VALUE ) -olcAttributeTypes: {26}( 2.5.4.30 NAME 'supportedApplicationContext' DESC 'RFC - 2256: supported application context' EQUALITY objectIdentifierMatch SYNTAX 1. - 3.6.1.4.1.1466.115.121.1.38 ) -olcAttributeTypes: {27}( 2.5.4.31 NAME 'member' DESC 'RFC2256: member of a gro - up' SUP distinguishedName ) -olcAttributeTypes: {28}( 2.5.4.32 NAME 'owner' DESC 'RFC2256: owner (of the ob - ject)' SUP distinguishedName ) -olcAttributeTypes: {29}( 2.5.4.33 NAME 'roleOccupant' DESC 'RFC2256: occupant - of role' SUP distinguishedName ) -olcAttributeTypes: {30}( 2.5.4.36 NAME 'userCertificate' DESC 'RFC2256: X.509 - user certificate, use ;binary' EQUALITY certificateExactMatch SYNTAX 1.3.6.1. - 4.1.1466.115.121.1.8 ) -olcAttributeTypes: {31}( 2.5.4.37 NAME 'cACertificate' DESC 'RFC2256: X.509 CA - certificate, use ;binary' EQUALITY certificateExactMatch SYNTAX 1.3.6.1.4.1. - 1466.115.121.1.8 ) -olcAttributeTypes: {32}( 2.5.4.38 NAME 'authorityRevocationList' DESC 'RFC2256 - : X.509 authority revocation list, use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.1 - 21.1.9 ) -olcAttributeTypes: {33}( 2.5.4.39 NAME 'certificateRevocationList' DESC 'RFC22 - 56: X.509 certificate revocation list, use ;binary' SYNTAX 1.3.6.1.4.1.1466.1 - 15.121.1.9 ) -olcAttributeTypes: {34}( 2.5.4.40 NAME 'crossCertificatePair' DESC 'RFC2256: X - .509 cross certificate pair, use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1 - 0 ) -olcAttributeTypes: {35}( 2.5.4.42 NAME ( 'givenName' 'gn' ) DESC 'RFC2256: fir - st name(s) for which the entity is known by' SUP name ) -olcAttributeTypes: {36}( 2.5.4.43 NAME 'initials' DESC 'RFC2256: initials of s - ome or all of names, but not the surname(s).' SUP name ) -olcAttributeTypes: {37}( 2.5.4.44 NAME 'generationQualifier' DESC 'RFC2256: na - me qualifier indicating a generation' SUP name ) -olcAttributeTypes: {38}( 2.5.4.45 NAME 'x500UniqueIdentifier' DESC 'RFC2256: X - .500 unique identifier' EQUALITY bitStringMatch SYNTAX 1.3.6.1.4.1.1466.115.1 - 21.1.6 ) -olcAttributeTypes: {39}( 2.5.4.46 NAME 'dnQualifier' DESC 'RFC2256: DN qualifi - er' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgno - reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 ) -olcAttributeTypes: {40}( 2.5.4.47 NAME 'enhancedSearchGuide' DESC 'RFC2256: en - hanced search guide' SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 ) -olcAttributeTypes: {41}( 2.5.4.48 NAME 'protocolInformation' DESC 'RFC2256: pr - otocol information' EQUALITY protocolInformationMatch SYNTAX 1.3.6.1.4.1.1466 - .115.121.1.42 ) -olcAttributeTypes: {42}( 2.5.4.50 NAME 'uniqueMember' DESC 'RFC2256: unique me - mber of a group' EQUALITY uniqueMemberMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 - .34 ) -olcAttributeTypes: {43}( 2.5.4.51 NAME 'houseIdentifier' DESC 'RFC2256: house - identifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX - 1.3.6.1.4.1.1466.115.121.1.15{32768} ) -olcAttributeTypes: {44}( 2.5.4.52 NAME 'supportedAlgorithms' DESC 'RFC2256: su - pported algorithms' SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 ) -olcAttributeTypes: {45}( 2.5.4.53 NAME 'deltaRevocationList' DESC 'RFC2256: de - lta revocation list; use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) -olcAttributeTypes: {46}( 2.5.4.54 NAME 'dmdName' DESC 'RFC2256: name of DMD' S - UP name ) -olcAttributeTypes: {47}( 2.5.4.65 NAME 'pseudonym' DESC 'X.520(4th): pseudonym - for the object' SUP name ) -olcAttributeTypes: {48}( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822Mailbo - x' ) DESC 'RFC1274: RFC822 Mailbox' EQUALITY caseIgnoreIA5Match SUBSTR caseIg - noreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) -olcAttributeTypes: {49}( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domainCompone - nt' ) DESC 'RFC1274/2247: domain component' EQUALITY caseIgnoreIA5Match SUBST - R caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VA - LUE ) -olcAttributeTypes: {50}( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain' DE - SC 'RFC1274: domain associated with object' EQUALITY caseIgnoreIA5Match SUBST - R caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) -olcAttributeTypes: {51}( 1.2.840.113549.1.9.1 NAME ( 'email' 'emailAddress' 'p - kcs9email' ) DESC 'RFC3280: legacy attribute for email addresses in DNs' EQUA - LITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4. - 1.1466.115.121.1.26{128} ) -olcObjectClasses: {0}( 2.5.6.2 NAME 'country' DESC 'RFC2256: a country' SUP to - p STRUCTURAL MUST c MAY ( searchGuide $ description ) ) -olcObjectClasses: {1}( 2.5.6.3 NAME 'locality' DESC 'RFC2256: a locality' SUP - top STRUCTURAL MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) - ) -olcObjectClasses: {2}( 2.5.6.4 NAME 'organization' DESC 'RFC2256: an organizat - ion' SUP top STRUCTURAL MUST o MAY ( userPassword $ searchGuide $ seeAlso $ b - usinessCategory $ x121Address $ registeredAddress $ destinationIndicator $ pr - eferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNu - mber $ internationaliSDNNumber $ facsimileTelephoneNumber $ street $ postOffi - ceBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l $ de - scription ) ) -olcObjectClasses: {3}( 2.5.6.5 NAME 'organizationalUnit' DESC 'RFC2256: an org - anizational unit' SUP top STRUCTURAL MUST ou MAY ( userPassword $ searchGuide - $ seeAlso $ businessCategory $ x121Address $ registeredAddress $ destination - Indicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier - $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ str - eet $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName - $ st $ l $ description ) ) -olcObjectClasses: {4}( 2.5.6.6 NAME 'person' DESC 'RFC2256: a person' SUP top - STRUCTURAL MUST ( sn $ cn ) MAY ( userPassword $ telephoneNumber $ seeAlso $ - description ) ) -olcObjectClasses: {5}( 2.5.6.7 NAME 'organizationalPerson' DESC 'RFC2256: an o - rganizational person' SUP person STRUCTURAL MAY ( title $ x121Address $ regis - teredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ - teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facs - imileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ - physicalDeliveryOfficeName $ ou $ st $ l ) ) -olcObjectClasses: {6}( 2.5.6.8 NAME 'organizationalRole' DESC 'RFC2256: an org - anizational role' SUP top STRUCTURAL MUST cn MAY ( x121Address $ registeredAd - dress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ telete - xTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTe - lephoneNumber $ seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $ p - ostOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ ou $ - st $ l $ description ) ) -olcObjectClasses: {7}( 2.5.6.9 NAME 'groupOfNames' DESC 'RFC2256: a group of n - ames (DNs)' SUP top STRUCTURAL MUST ( member $ cn ) MAY ( businessCategory $ - seeAlso $ owner $ ou $ o $ description ) ) -olcObjectClasses: {8}( 2.5.6.10 NAME 'residentialPerson' DESC 'RFC2256: an res - idential person' SUP person STRUCTURAL MUST l MAY ( businessCategory $ x121Ad - dress $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ - telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDN - Number $ facsimileTelephoneNumber $ preferredDeliveryMethod $ street $ postOf - ficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l ) - ) -olcObjectClasses: {9}( 2.5.6.11 NAME 'applicationProcess' DESC 'RFC2256: an ap - plication process' SUP top STRUCTURAL MUST cn MAY ( seeAlso $ ou $ l $ descri - ption ) ) -olcObjectClasses: {10}( 2.5.6.12 NAME 'applicationEntity' DESC 'RFC2256: an ap - plication entity' SUP top STRUCTURAL MUST ( presentationAddress $ cn ) MAY ( - supportedApplicationContext $ seeAlso $ ou $ o $ l $ description ) ) -olcObjectClasses: {11}( 2.5.6.13 NAME 'dSA' DESC 'RFC2256: a directory system - agent (a server)' SUP applicationEntity STRUCTURAL MAY knowledgeInformation ) -olcObjectClasses: {12}( 2.5.6.14 NAME 'device' DESC 'RFC2256: a device' SUP to - p STRUCTURAL MUST cn MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ desc - ription ) ) -olcObjectClasses: {13}( 2.5.6.15 NAME 'strongAuthenticationUser' DESC 'RFC2256 - : a strong authentication user' SUP top AUXILIARY MUST userCertificate ) -olcObjectClasses: {14}( 2.5.6.16 NAME 'certificationAuthority' DESC 'RFC2256: - a certificate authority' SUP top AUXILIARY MUST ( authorityRevocationList $ c - ertificateRevocationList $ cACertificate ) MAY crossCertificatePair ) -olcObjectClasses: {15}( 2.5.6.17 NAME 'groupOfUniqueNames' DESC 'RFC2256: a gr - oup of unique names (DN and Unique Identifier)' SUP top STRUCTURAL MUST ( uni - queMember $ cn ) MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ descript - ion ) ) -olcObjectClasses: {16}( 2.5.6.18 NAME 'userSecurityInformation' DESC 'RFC2256: - a user security information' SUP top AUXILIARY MAY supportedAlgorithms ) -olcObjectClasses: {17}( 2.5.6.16.2 NAME 'certificationAuthority-V2' SUP certif - icationAuthority AUXILIARY MAY deltaRevocationList ) -olcObjectClasses: {18}( 2.5.6.19 NAME 'cRLDistributionPoint' SUP top STRUCTURA - L MUST cn MAY ( certificateRevocationList $ authorityRevocationList $ deltaRe - vocationList ) ) -olcObjectClasses: {19}( 2.5.6.20 NAME 'dmd' SUP top STRUCTURAL MUST dmdName MA - Y ( userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Address $ r - egisteredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumb - er $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ - facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddres - s $ physicalDeliveryOfficeName $ st $ l $ description ) ) -olcObjectClasses: {20}( 2.5.6.21 NAME 'pkiUser' DESC 'RFC2587: a PKI user' SUP - top AUXILIARY MAY userCertificate ) -olcObjectClasses: {21}( 2.5.6.22 NAME 'pkiCA' DESC 'RFC2587: PKI certificate a - uthority' SUP top AUXILIARY MAY ( authorityRevocationList $ certificateRevoca - tionList $ cACertificate $ crossCertificatePair ) ) -olcObjectClasses: {22}( 2.5.6.23 NAME 'deltaCRL' DESC 'RFC2587: PKI user' SUP - top AUXILIARY MAY deltaRevocationList ) -olcObjectClasses: {23}( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject' DESC 'RFC - 2079: object that contains the URI attribute type' SUP top AUXILIARY MAY labe - ledURI ) -olcObjectClasses: {24}( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject' - DESC 'RFC1274: simple security object' SUP top AUXILIARY MUST userPassword ) -olcObjectClasses: {25}( 1.3.6.1.4.1.1466.344 NAME 'dcObject' DESC 'RFC2247: do - main component object' SUP top AUXILIARY MUST dc ) -olcObjectClasses: {26}( 1.3.6.1.1.3.1 NAME 'uidObject' DESC 'RFC2377: uid obje - ct' SUP top AUXILIARY MUST uid ) -structuralObjectClass: olcSchemaConfig -entryUUID: 56061354-6a95-1032-9777-cf219862f309 -creatorsName: cn=config -createTimestamp: 20130616055713Z -entryCSN: 20130616055713.639138Z#000000#000#000000 -modifiersName: cn=config -modifyTimestamp: 20130616055713Z diff --git a/lsexample/slapd/slapd.d/cn=config/cn=schema/cn={1}cosine.ldif b/lsexample/slapd/slapd.d/cn=config/cn=schema/cn={1}cosine.ldif deleted file mode 100644 index 643d70cd..00000000 --- a/lsexample/slapd/slapd.d/cn=config/cn=schema/cn={1}cosine.ldif +++ /dev/null @@ -1,177 +0,0 @@ -# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. -# CRC32 75de0966 -dn: cn={1}cosine -objectClass: olcSchemaConfig -cn: {1}cosine -olcAttributeTypes: {0}( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress' - EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1. - 1466.115.121.1.15{256} ) -olcAttributeTypes: {1}( 0.9.2342.19200300.100.1.4 NAME 'info' DESC 'RFC1274: g - eneral information' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} ) -olcAttributeTypes: {2}( 0.9.2342.19200300.100.1.5 NAME ( 'drink' 'favouriteDri - nk' ) DESC 'RFC1274: favorite drink' EQUALITY caseIgnoreMatch SUBSTR caseIgno - reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) -olcAttributeTypes: {3}( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' DESC 'RFC1 - 274: room number' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch S - YNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) -olcAttributeTypes: {4}( 0.9.2342.19200300.100.1.7 NAME 'photo' DESC 'RFC1274: - photo (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000} ) -olcAttributeTypes: {5}( 0.9.2342.19200300.100.1.8 NAME 'userClass' DESC 'RFC12 - 74: category of user' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMat - ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) -olcAttributeTypes: {6}( 0.9.2342.19200300.100.1.9 NAME 'host' DESC 'RFC1274: h - ost computer' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTA - X 1.3.6.1.4.1.1466.115.121.1.15{256} ) -olcAttributeTypes: {7}( 0.9.2342.19200300.100.1.10 NAME 'manager' DESC 'RFC127 - 4: DN of manager' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115 - .121.1.12 ) -olcAttributeTypes: {8}( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier' D - ESC 'RFC1274: unique identifier of document' EQUALITY caseIgnoreMatch SUBSTR - caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) -olcAttributeTypes: {9}( 0.9.2342.19200300.100.1.12 NAME 'documentTitle' DESC ' - RFC1274: title of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstri - ngsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) -olcAttributeTypes: {10}( 0.9.2342.19200300.100.1.13 NAME 'documentVersion' DES - C 'RFC1274: version of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSu - bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) -olcAttributeTypes: {11}( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor' DESC - 'RFC1274: DN of author of document' EQUALITY distinguishedNameMatch SYNTAX 1 - .3.6.1.4.1.1466.115.121.1.12 ) -olcAttributeTypes: {12}( 0.9.2342.19200300.100.1.15 NAME 'documentLocation' DE - SC 'RFC1274: location of document original' EQUALITY caseIgnoreMatch SUBSTR c - aseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) -olcAttributeTypes: {13}( 0.9.2342.19200300.100.1.20 NAME ( 'homePhone' 'homeTe - lephoneNumber' ) DESC 'RFC1274: home telephone number' EQUALITY telephoneNumb - erMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121 - .1.50 ) -olcAttributeTypes: {14}( 0.9.2342.19200300.100.1.21 NAME 'secretary' DESC 'RFC - 1274: DN of secretary' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.146 - 6.115.121.1.12 ) -olcAttributeTypes: {15}( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox' SYNTAX - 1.3.6.1.4.1.1466.115.121.1.39 ) -olcAttributeTypes: {16}( 0.9.2342.19200300.100.1.26 NAME 'aRecord' EQUALITY ca - seIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) -olcAttributeTypes: {17}( 0.9.2342.19200300.100.1.27 NAME 'mDRecord' EQUALITY c - aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) -olcAttributeTypes: {18}( 0.9.2342.19200300.100.1.28 NAME 'mXRecord' EQUALITY c - aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) -olcAttributeTypes: {19}( 0.9.2342.19200300.100.1.29 NAME 'nSRecord' EQUALITY c - aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) -olcAttributeTypes: {20}( 0.9.2342.19200300.100.1.30 NAME 'sOARecord' EQUALITY - caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) -olcAttributeTypes: {21}( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord' EQUALIT - Y caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) -olcAttributeTypes: {22}( 0.9.2342.19200300.100.1.38 NAME 'associatedName' DESC - 'RFC1274: DN of entry associated with domain' EQUALITY distinguishedNameMatc - h SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) -olcAttributeTypes: {23}( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress' D - ESC 'RFC1274: home postal address' EQUALITY caseIgnoreListMatch SUBSTR caseIg - noreListSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) -olcAttributeTypes: {24}( 0.9.2342.19200300.100.1.40 NAME 'personalTitle' DESC - 'RFC1274: personal title' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring - sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) -olcAttributeTypes: {25}( 0.9.2342.19200300.100.1.41 NAME ( 'mobile' 'mobileTel - ephoneNumber' ) DESC 'RFC1274: mobile telephone number' EQUALITY telephoneNum - berMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 - 1.1.50 ) -olcAttributeTypes: {26}( 0.9.2342.19200300.100.1.42 NAME ( 'pager' 'pagerTelep - honeNumber' ) DESC 'RFC1274: pager telephone number' EQUALITY telephoneNumber - Match SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 - .50 ) -olcAttributeTypes: {27}( 0.9.2342.19200300.100.1.43 NAME ( 'co' 'friendlyCount - ryName' ) DESC 'RFC1274: friendly country name' EQUALITY caseIgnoreMatch SUBS - TR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) -olcAttributeTypes: {28}( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier' DE - SC 'RFC1274: unique identifer' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.14 - 66.115.121.1.15{256} ) -olcAttributeTypes: {29}( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus - ' DESC 'RFC1274: organizational status' EQUALITY caseIgnoreMatch SUBSTR caseI - gnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) -olcAttributeTypes: {30}( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox' DESC ' - RFC1274: Janet mailbox' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Subst - ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) -olcAttributeTypes: {31}( 0.9.2342.19200300.100.1.47 NAME 'mailPreferenceOption - ' DESC 'RFC1274: mail preference option' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 - ) -olcAttributeTypes: {32}( 0.9.2342.19200300.100.1.48 NAME 'buildingName' DESC ' - RFC1274: name of building' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrin - gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) -olcAttributeTypes: {33}( 0.9.2342.19200300.100.1.49 NAME 'dSAQuality' DESC 'RF - C1274: DSA Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.19 SINGLE-VALUE ) -olcAttributeTypes: {34}( 0.9.2342.19200300.100.1.50 NAME 'singleLevelQuality' - DESC 'RFC1274: Single Level Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SIN - GLE-VALUE ) -olcAttributeTypes: {35}( 0.9.2342.19200300.100.1.51 NAME 'subtreeMinimumQualit - y' DESC 'RFC1274: Subtree Mininum Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1. - 13 SINGLE-VALUE ) -olcAttributeTypes: {36}( 0.9.2342.19200300.100.1.52 NAME 'subtreeMaximumQualit - y' DESC 'RFC1274: Subtree Maximun Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1. - 13 SINGLE-VALUE ) -olcAttributeTypes: {37}( 0.9.2342.19200300.100.1.53 NAME 'personalSignature' D - ESC 'RFC1274: Personal Signature (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1. - 23 ) -olcAttributeTypes: {38}( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect' DESC 'R - FC1274: DIT Redirect' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466 - .115.121.1.12 ) -olcAttributeTypes: {39}( 0.9.2342.19200300.100.1.55 NAME 'audio' DESC 'RFC1274 - : audio (u-law)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.4{25000} ) -olcAttributeTypes: {40}( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher' D - ESC 'RFC1274: publisher of document' EQUALITY caseIgnoreMatch SUBSTR caseIgno - reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) -olcObjectClasses: {0}( 0.9.2342.19200300.100.4.4 NAME ( 'pilotPerson' 'newPilo - tPerson' ) SUP person STRUCTURAL MAY ( userid $ textEncodedORAddress $ rfc822 - Mailbox $ favouriteDrink $ roomNumber $ userClass $ homeTelephoneNumber $ hom - ePostalAddress $ secretary $ personalTitle $ preferredDeliveryMethod $ busine - ssCategory $ janetMailbox $ otherMailbox $ mobileTelephoneNumber $ pagerTelep - honeNumber $ organizationalStatus $ mailPreferenceOption $ personalSignature - ) ) -olcObjectClasses: {1}( 0.9.2342.19200300.100.4.5 NAME 'account' SUP top STRUCT - URAL MUST userid MAY ( description $ seeAlso $ localityName $ organizationNam - e $ organizationalUnitName $ host ) ) -olcObjectClasses: {2}( 0.9.2342.19200300.100.4.6 NAME 'document' SUP top STRUC - TURAL MUST documentIdentifier MAY ( commonName $ description $ seeAlso $ loca - lityName $ organizationName $ organizationalUnitName $ documentTitle $ docume - ntVersion $ documentAuthor $ documentLocation $ documentPublisher ) ) -olcObjectClasses: {3}( 0.9.2342.19200300.100.4.7 NAME 'room' SUP top STRUCTURA - L MUST commonName MAY ( roomNumber $ description $ seeAlso $ telephoneNumber - ) ) -olcObjectClasses: {4}( 0.9.2342.19200300.100.4.9 NAME 'documentSeries' SUP top - STRUCTURAL MUST commonName MAY ( description $ seeAlso $ telephonenumber $ l - ocalityName $ organizationName $ organizationalUnitName ) ) -olcObjectClasses: {5}( 0.9.2342.19200300.100.4.13 NAME 'domain' SUP top STRUCT - URAL MUST domainComponent MAY ( associatedName $ organizationName $ descripti - on $ businessCategory $ seeAlso $ searchGuide $ userPassword $ localityName $ - stateOrProvinceName $ streetAddress $ physicalDeliveryOfficeName $ postalAdd - ress $ postalCode $ postOfficeBox $ streetAddress $ facsimileTelephoneNumber - $ internationalISDNNumber $ telephoneNumber $ teletexTerminalIdentifier $ tel - exNumber $ preferredDeliveryMethod $ destinationIndicator $ registeredAddress - $ x121Address ) ) -olcObjectClasses: {6}( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart' SUP d - omain STRUCTURAL MAY ( commonName $ surname $ description $ seeAlso $ telepho - neNumber $ physicalDeliveryOfficeName $ postalAddress $ postalCode $ postOffi - ceBox $ streetAddress $ facsimileTelephoneNumber $ internationalISDNNumber $ - telephoneNumber $ teletexTerminalIdentifier $ telexNumber $ preferredDelivery - Method $ destinationIndicator $ registeredAddress $ x121Address ) ) -olcObjectClasses: {7}( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain' SUP domain - STRUCTURAL MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $ SOARecord $ CNAME - Record ) ) -olcObjectClasses: {8}( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject' D - ESC 'RFC1274: an object related to an domain' SUP top AUXILIARY MUST associat - edDomain ) -olcObjectClasses: {9}( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry' SUP c - ountry STRUCTURAL MUST friendlyCountryName ) -olcObjectClasses: {10}( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization' SU - P ( organization $ organizationalUnit ) STRUCTURAL MAY buildingName ) -olcObjectClasses: {11}( 0.9.2342.19200300.100.4.21 NAME 'pilotDSA' SUP dsa STR - UCTURAL MAY dSAQuality ) -olcObjectClasses: {12}( 0.9.2342.19200300.100.4.22 NAME 'qualityLabelledData' - SUP top AUXILIARY MUST dsaQuality MAY ( subtreeMinimumQuality $ subtreeMaximu - mQuality ) ) -structuralObjectClass: olcSchemaConfig -entryUUID: 560647de-6a95-1032-9778-cf219862f309 -creatorsName: cn=config -createTimestamp: 20130616055713Z -entryCSN: 20130616055713.639138Z#000000#000#000000 -modifiersName: cn=config -modifyTimestamp: 20130616055713Z diff --git a/lsexample/slapd/slapd.d/cn=config/cn=schema/cn={2}nis.ldif b/lsexample/slapd/slapd.d/cn=config/cn=schema/cn={2}nis.ldif deleted file mode 100644 index cd89a727..00000000 --- a/lsexample/slapd/slapd.d/cn=config/cn=schema/cn={2}nis.ldif +++ /dev/null @@ -1,106 +0,0 @@ -# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. -# CRC32 e02f73e2 -dn: cn={2}nis -objectClass: olcSchemaConfig -cn: {2}nis -olcAttributeTypes: {0}( 1.3.6.1.1.1.1.2 NAME 'gecos' DESC 'The GECOS field; th - e common name' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatc - h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) -olcAttributeTypes: {1}( 1.3.6.1.1.1.1.3 NAME 'homeDirectory' DESC 'The absolut - e path to the home directory' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1 - 466.115.121.1.26 SINGLE-VALUE ) -olcAttributeTypes: {2}( 1.3.6.1.1.1.1.4 NAME 'loginShell' DESC 'The path to th - e login shell' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.2 - 6 SINGLE-VALUE ) -olcAttributeTypes: {3}( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' EQUALITY integ - erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) -olcAttributeTypes: {4}( 1.3.6.1.1.1.1.6 NAME 'shadowMin' EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) -olcAttributeTypes: {5}( 1.3.6.1.1.1.1.7 NAME 'shadowMax' EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) -olcAttributeTypes: {6}( 1.3.6.1.1.1.1.8 NAME 'shadowWarning' EQUALITY integerM - atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) -olcAttributeTypes: {7}( 1.3.6.1.1.1.1.9 NAME 'shadowInactive' EQUALITY integer - Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) -olcAttributeTypes: {8}( 1.3.6.1.1.1.1.10 NAME 'shadowExpire' EQUALITY integerM - atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) -olcAttributeTypes: {9}( 1.3.6.1.1.1.1.11 NAME 'shadowFlag' EQUALITY integerMat - ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) -olcAttributeTypes: {10}( 1.3.6.1.1.1.1.12 NAME 'memberUid' EQUALITY caseExactI - A5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. - 26 ) -olcAttributeTypes: {11}( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup' EQUALITY ca - seExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.11 - 5.121.1.26 ) -olcAttributeTypes: {12}( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' DESC 'Netgr - oup triple' SYNTAX 1.3.6.1.1.1.0.0 ) -olcAttributeTypes: {13}( 1.3.6.1.1.1.1.15 NAME 'ipServicePort' EQUALITY intege - rMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) -olcAttributeTypes: {14}( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol' SUP name ) -olcAttributeTypes: {15}( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber' EQUALITY int - egerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) -olcAttributeTypes: {16}( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber' EQUALITY integer - Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) -olcAttributeTypes: {17}( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber' DESC 'IP address - ' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) -olcAttributeTypes: {18}( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber' DESC 'IP netw - ork' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SI - NGLE-VALUE ) -olcAttributeTypes: {19}( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber' DESC 'IP netm - ask' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SI - NGLE-VALUE ) -olcAttributeTypes: {20}( 1.3.6.1.1.1.1.22 NAME 'macAddress' DESC 'MAC address' - EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) -olcAttributeTypes: {21}( 1.3.6.1.1.1.1.23 NAME 'bootParameter' DESC 'rpc.bootp - aramd parameter' SYNTAX 1.3.6.1.1.1.0.1 ) -olcAttributeTypes: {22}( 1.3.6.1.1.1.1.24 NAME 'bootFile' DESC 'Boot image nam - e' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) -olcAttributeTypes: {23}( 1.3.6.1.1.1.1.26 NAME 'nisMapName' SUP name ) -olcAttributeTypes: {24}( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry' EQUALITY caseExac - tIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121. - 1.26{1024} SINGLE-VALUE ) -olcObjectClasses: {0}( 1.3.6.1.1.1.2.0 NAME 'posixAccount' DESC 'Abstraction o - f an account with POSIX attributes' SUP top AUXILIARY MUST ( cn $ uid $ uidNu - mber $ gidNumber $ homeDirectory ) MAY ( userPassword $ loginShell $ gecos $ - description ) ) -olcObjectClasses: {1}( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' DESC 'Additional a - ttributes for shadow passwords' SUP top AUXILIARY MUST uid MAY ( userPassword - $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive - $ shadowExpire $ shadowFlag $ description ) ) -olcObjectClasses: {2}( 1.3.6.1.1.1.2.2 NAME 'posixGroup' DESC 'Abstraction of - a group of accounts' SUP top STRUCTURAL MUST ( cn $ gidNumber ) MAY ( userPas - sword $ memberUid $ description ) ) -olcObjectClasses: {3}( 1.3.6.1.1.1.2.3 NAME 'ipService' DESC 'Abstraction an I - nternet Protocol service' SUP top STRUCTURAL MUST ( cn $ ipServicePort $ ipSe - rviceProtocol ) MAY description ) -olcObjectClasses: {4}( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' DESC 'Abstraction of - an IP protocol' SUP top STRUCTURAL MUST ( cn $ ipProtocolNumber $ description - ) MAY description ) -olcObjectClasses: {5}( 1.3.6.1.1.1.2.5 NAME 'oncRpc' DESC 'Abstraction of an O - NC/RPC binding' SUP top STRUCTURAL MUST ( cn $ oncRpcNumber $ description ) M - AY description ) -olcObjectClasses: {6}( 1.3.6.1.1.1.2.6 NAME 'ipHost' DESC 'Abstraction of a ho - st, an IP device' SUP top AUXILIARY MUST ( cn $ ipHostNumber ) MAY ( l $ desc - ription $ manager ) ) -olcObjectClasses: {7}( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' DESC 'Abstraction of a - n IP network' SUP top STRUCTURAL MUST ( cn $ ipNetworkNumber ) MAY ( ipNetmas - kNumber $ l $ description $ manager ) ) -olcObjectClasses: {8}( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' DESC 'Abstraction of - a netgroup' SUP top STRUCTURAL MUST cn MAY ( nisNetgroupTriple $ memberNisNe - tgroup $ description ) ) -olcObjectClasses: {9}( 1.3.6.1.1.1.2.9 NAME 'nisMap' DESC 'A generic abstracti - on of a NIS map' SUP top STRUCTURAL MUST nisMapName MAY description ) -olcObjectClasses: {10}( 1.3.6.1.1.1.2.10 NAME 'nisObject' DESC 'An entry in a - NIS map' SUP top STRUCTURAL MUST ( cn $ nisMapEntry $ nisMapName ) MAY descri - ption ) -olcObjectClasses: {11}( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' DESC 'A device w - ith a MAC address' SUP top AUXILIARY MAY macAddress ) -olcObjectClasses: {12}( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' DESC 'A device - with boot parameters' SUP top AUXILIARY MAY ( bootFile $ bootParameter ) ) -structuralObjectClass: olcSchemaConfig -entryUUID: 56066b88-6a95-1032-9779-cf219862f309 -creatorsName: cn=config -createTimestamp: 20130616055713Z -entryCSN: 20130616055713.639138Z#000000#000#000000 -modifiersName: cn=config -modifyTimestamp: 20130616055713Z diff --git a/lsexample/slapd/slapd.d/cn=config/cn=schema/cn={3}inetorgperson.ldif b/lsexample/slapd/slapd.d/cn=config/cn=schema/cn={3}inetorgperson.ldif deleted file mode 100644 index 0f181a74..00000000 --- a/lsexample/slapd/slapd.d/cn=config/cn=schema/cn={3}inetorgperson.ldif +++ /dev/null @@ -1,48 +0,0 @@ -# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. -# CRC32 314118ac -dn: cn={3}inetorgperson -objectClass: olcSchemaConfig -cn: {3}inetorgperson -olcAttributeTypes: {0}( 2.16.840.1.113730.3.1.1 NAME 'carLicense' DESC 'RFC279 - 8: vehicle license or registration plate' EQUALITY caseIgnoreMatch SUBSTR cas - eIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) -olcAttributeTypes: {1}( 2.16.840.1.113730.3.1.2 NAME 'departmentNumber' DESC ' - RFC2798: identifies a department within an organization' EQUALITY caseIgnoreM - atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) -olcAttributeTypes: {2}( 2.16.840.1.113730.3.1.241 NAME 'displayName' DESC 'RFC - 2798: preferred name to be used when displaying entries' EQUALITY caseIgnoreM - atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI - NGLE-VALUE ) -olcAttributeTypes: {3}( 2.16.840.1.113730.3.1.3 NAME 'employeeNumber' DESC 'RF - C2798: numerically identifies an employee within an organization' EQUALITY ca - seIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12 - 1.1.15 SINGLE-VALUE ) -olcAttributeTypes: {4}( 2.16.840.1.113730.3.1.4 NAME 'employeeType' DESC 'RFC2 - 798: type of employment for a person' EQUALITY caseIgnoreMatch SUBSTR caseIgn - oreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) -olcAttributeTypes: {5}( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' DESC 'RFC2 - 798: a JPEG image' SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 ) -olcAttributeTypes: {6}( 2.16.840.1.113730.3.1.39 NAME 'preferredLanguage' DESC - 'RFC2798: preferred written or spoken language for a person' EQUALITY caseIg - noreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1. - 15 SINGLE-VALUE ) -olcAttributeTypes: {7}( 2.16.840.1.113730.3.1.40 NAME 'userSMIMECertificate' D - ESC 'RFC2798: PKCS#7 SignedData used to support S/MIME' SYNTAX 1.3.6.1.4.1.14 - 66.115.121.1.5 ) -olcAttributeTypes: {8}( 2.16.840.1.113730.3.1.216 NAME 'userPKCS12' DESC 'RFC2 - 798: personal identity information, a PKCS #12 PFX' SYNTAX 1.3.6.1.4.1.1466.1 - 15.121.1.5 ) -olcObjectClasses: {0}( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson' DESC 'RFC2 - 798: Internet Organizational Person' SUP organizationalPerson STRUCTURAL MAY - ( audio $ businessCategory $ carLicense $ departmentNumber $ displayName $ em - ployeeNumber $ employeeType $ givenName $ homePhone $ homePostalAddress $ ini - tials $ jpegPhoto $ labeledURI $ mail $ manager $ mobile $ o $ pager $ photo - $ roomNumber $ secretary $ uid $ userCertificate $ x500uniqueIdentifier $ pre - ferredLanguage $ userSMIMECertificate $ userPKCS12 ) ) -structuralObjectClass: olcSchemaConfig -entryUUID: 56068406-6a95-1032-977a-cf219862f309 -creatorsName: cn=config -createTimestamp: 20130616055713Z -entryCSN: 20130616055713.639138Z#000000#000#000000 -modifiersName: cn=config -modifyTimestamp: 20130616055713Z diff --git a/lsexample/slapd/slapd.d/cn=config/cn=schema/cn={4}samba.ldif b/lsexample/slapd/slapd.d/cn=config/cn=schema/cn={4}samba.ldif deleted file mode 100644 index e830fb7b..00000000 --- a/lsexample/slapd/slapd.d/cn=config/cn=schema/cn={4}samba.ldif +++ /dev/null @@ -1,157 +0,0 @@ -# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. -# CRC32 e8bb6371 -dn: cn={4}samba -objectClass: olcSchemaConfig -cn: {4}samba -olcAttributeTypes: {0}( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword' DESC 'L - anManager Password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.1 - 21.1.26{32} SINGLE-VALUE ) -olcAttributeTypes: {1}( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword' DESC 'M - D4 hash of the unicode password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4 - .1.1466.115.121.1.26{32} SINGLE-VALUE ) -olcAttributeTypes: {2}( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags' DESC 'Ac - count Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - {16} SINGLE-VALUE ) -olcAttributeTypes: {3}( 1.3.6.1.4.1.7165.2.1.27 NAME 'sambaPwdLastSet' DESC 'T - imestamp of the last password update' EQUALITY integerMatch SYNTAX 1.3.6.1.4. - 1.1466.115.121.1.27 SINGLE-VALUE ) -olcAttributeTypes: {4}( 1.3.6.1.4.1.7165.2.1.28 NAME 'sambaPwdCanChange' DESC - 'Timestamp of when the user is allowed to update the password' EQUALITY integ - erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) -olcAttributeTypes: {5}( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange' DESC - 'Timestamp of when the password will expire' EQUALITY integerMatch SYNTAX 1. - 3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) -olcAttributeTypes: {6}( 1.3.6.1.4.1.7165.2.1.30 NAME 'sambaLogonTime' DESC 'Ti - mestamp of last logon' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121. - 1.27 SINGLE-VALUE ) -olcAttributeTypes: {7}( 1.3.6.1.4.1.7165.2.1.31 NAME 'sambaLogoffTime' DESC 'T - imestamp of last logoff' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.12 - 1.1.27 SINGLE-VALUE ) -olcAttributeTypes: {8}( 1.3.6.1.4.1.7165.2.1.32 NAME 'sambaKickoffTime' DESC ' - Timestamp of when the user will be logged off automatically' EQUALITY integer - Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) -olcAttributeTypes: {9}( 1.3.6.1.4.1.7165.2.1.48 NAME 'sambaBadPasswordCount' D - ESC 'Bad password attempt count' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.146 - 6.115.121.1.27 SINGLE-VALUE ) -olcAttributeTypes: {10}( 1.3.6.1.4.1.7165.2.1.49 NAME 'sambaBadPasswordTime' D - ESC 'Time of the last bad password attempt' EQUALITY integerMatch SYNTAX 1.3. - 6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) -olcAttributeTypes: {11}( 1.3.6.1.4.1.7165.2.1.55 NAME 'sambaLogonHours' DESC ' - Logon Hours' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - {42} SINGLE-VALUE ) -olcAttributeTypes: {12}( 1.3.6.1.4.1.7165.2.1.33 NAME 'sambaHomeDrive' DESC 'D - river letter of home directory mapping' EQUALITY caseIgnoreIA5Match SYNTAX 1. - 3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE ) -olcAttributeTypes: {13}( 1.3.6.1.4.1.7165.2.1.34 NAME 'sambaLogonScript' DESC - 'Logon script path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121. - 1.15{255} SINGLE-VALUE ) -olcAttributeTypes: {14}( 1.3.6.1.4.1.7165.2.1.35 NAME 'sambaProfilePath' DESC - 'Roaming profile path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.1 - 21.1.15{255} SINGLE-VALUE ) -olcAttributeTypes: {15}( 1.3.6.1.4.1.7165.2.1.36 NAME 'sambaUserWorkstations' - DESC 'List of user workstations the user is allowed to logon to' EQUALITY cas - eIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE ) -olcAttributeTypes: {16}( 1.3.6.1.4.1.7165.2.1.37 NAME 'sambaHomePath' DESC 'Ho - me directory UNC path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.1 - 21.1.15{128} ) -olcAttributeTypes: {17}( 1.3.6.1.4.1.7165.2.1.38 NAME 'sambaDomainName' DESC ' - Windows NT domain to which the user belongs' EQUALITY caseIgnoreMatch SYNTAX - 1.3.6.1.4.1.1466.115.121.1.15{128} ) -olcAttributeTypes: {18}( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial' DESC ' - ' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} ) -olcAttributeTypes: {19}( 1.3.6.1.4.1.7165.2.1.54 NAME 'sambaPasswordHistory' D - ESC 'Concatenated MD4 hashes of the unicode passwords used on this account' E - QUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} ) -olcAttributeTypes: {20}( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID' DESC 'Securit - y ID' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SI - NGLE-VALUE ) -olcAttributeTypes: {21}( 1.3.6.1.4.1.7165.2.1.23 NAME 'sambaPrimaryGroupSID' D - ESC 'Primary Group Security ID' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4. - 1.1466.115.121.1.26{64} SINGLE-VALUE ) -olcAttributeTypes: {22}( 1.3.6.1.4.1.7165.2.1.51 NAME 'sambaSIDList' DESC 'Sec - urity ID List' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1. - 26{64} ) -olcAttributeTypes: {23}( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType' DESC 'N - T Group Type' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SING - LE-VALUE ) -olcAttributeTypes: {24}( 1.3.6.1.4.1.7165.2.1.21 NAME 'sambaNextUserRid' DESC - 'Next NT rid to give our for users' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1. - 1466.115.121.1.27 SINGLE-VALUE ) -olcAttributeTypes: {25}( 1.3.6.1.4.1.7165.2.1.22 NAME 'sambaNextGroupRid' DESC - 'Next NT rid to give out for groups' EQUALITY integerMatch SYNTAX 1.3.6.1.4. - 1.1466.115.121.1.27 SINGLE-VALUE ) -olcAttributeTypes: {26}( 1.3.6.1.4.1.7165.2.1.39 NAME 'sambaNextRid' DESC 'Nex - t NT rid to give out for anything' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1 - 466.115.121.1.27 SINGLE-VALUE ) -olcAttributeTypes: {27}( 1.3.6.1.4.1.7165.2.1.40 NAME 'sambaAlgorithmicRidBase - ' DESC 'Base at which the samba RID generation algorithm should operate' EQUA - LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) -olcAttributeTypes: {28}( 1.3.6.1.4.1.7165.2.1.41 NAME 'sambaShareName' DESC 'S - hare Name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SING - LE-VALUE ) -olcAttributeTypes: {29}( 1.3.6.1.4.1.7165.2.1.42 NAME 'sambaOptionName' DESC ' - Option Name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX - 1.3.6.1.4.1.1466.115.121.1.15{256} ) -olcAttributeTypes: {30}( 1.3.6.1.4.1.7165.2.1.43 NAME 'sambaBoolOption' DESC ' - A boolean option' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 S - INGLE-VALUE ) -olcAttributeTypes: {31}( 1.3.6.1.4.1.7165.2.1.44 NAME 'sambaIntegerOption' DES - C 'An integer option' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 - .27 SINGLE-VALUE ) -olcAttributeTypes: {32}( 1.3.6.1.4.1.7165.2.1.45 NAME 'sambaStringOption' DESC - 'A string option' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121 - .1.26 SINGLE-VALUE ) -olcAttributeTypes: {33}( 1.3.6.1.4.1.7165.2.1.46 NAME 'sambaStringListOption' - DESC 'A string list option' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466. - 115.121.1.15 ) -olcAttributeTypes: {34}( 1.3.6.1.4.1.7165.2.1.50 NAME 'sambaPrivName' SUP name - ) -olcAttributeTypes: {35}( 1.3.6.1.4.1.7165.2.1.52 NAME 'sambaPrivilegeList' DES - C 'Privileges List' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.1 - 21.1.26{64} ) -olcAttributeTypes: {36}( 1.3.6.1.4.1.7165.2.1.53 NAME 'sambaTrustFlags' DESC ' - Trust Password Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115 - .121.1.26 ) -olcObjectClasses: {0}( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' DESC 'Sam - ba 3.0 Auxilary SAM Account' SUP top AUXILIARY MUST ( uid $ sambaSID ) MAY ( - cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $ sambaLogonTime $ s - ambaLogoffTime $ sambaKickoffTime $ sambaPwdCanChange $ sambaPwdMustChange $ - sambaAcctFlags $ displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScr - ipt $ sambaProfilePath $ description $ sambaUserWorkstations $ sambaPrimaryGr - oupSID $ sambaDomainName $ sambaMungedDial $ sambaBadPasswordCount $ sambaBad - PasswordTime $ sambaPasswordHistory $ sambaLogonHours ) ) -olcObjectClasses: {1}( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' DESC 'S - amba Group Mapping' SUP top AUXILIARY MUST ( gidNumber $ sambaSID $ sambaGrou - pType ) MAY ( displayName $ description $ sambaSIDList ) ) -olcObjectClasses: {2}( 1.3.6.1.4.1.7165.2.2.14 NAME 'sambaTrustPassword' DESC - 'Samba Trust Password' SUP top STRUCTURAL MUST ( sambaDomainName $ sambaNTPas - sword $ sambaTrustFlags ) MAY ( sambaSID $ sambaPwdLastSet ) ) -olcObjectClasses: {3}( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' DESC 'Samba D - omain Information' SUP top AUXILIARY MUST ( sambaDomainName $ sambaSID ) MAY - ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $ sambaAlgorithmicRidBa - se ) ) -olcObjectClasses: {4}( 1.3.6.1.4.1.7165.2.2.7 NAME 'sambaUnixIdPool' DESC 'Poo - l for allocating UNIX uids/gids' SUP top AUXILIARY MUST ( uidNumber $ gidNumb - er ) ) -olcObjectClasses: {5}( 1.3.6.1.4.1.7165.2.2.8 NAME 'sambaIdmapEntry' DESC 'Map - ping from a SID to an ID' SUP top AUXILIARY MUST sambaSID MAY ( uidNumber $ g - idNumber ) ) -olcObjectClasses: {6}( 1.3.6.1.4.1.7165.2.2.9 NAME 'sambaSidEntry' DESC 'Struc - tural Class for a SID' SUP top STRUCTURAL MUST sambaSID ) -olcObjectClasses: {7}( 1.3.6.1.4.1.7165.1.2.2.10 NAME 'sambaConfig' DESC 'Samb - a Configuration Section' SUP top AUXILIARY MAY description ) -olcObjectClasses: {8}( 1.3.6.1.4.1.7165.2.2.11 NAME 'sambaShare' DESC 'Samba S - hare Section' SUP top STRUCTURAL MUST sambaShareName MAY description ) -olcObjectClasses: {9}( 1.3.6.1.4.1.7165.2.2.12 NAME 'sambaConfigOption' DESC ' - Samba Configuration Option' SUP top STRUCTURAL MUST sambaOptionName MAY ( sam - baBoolOption $ sambaIntegerOption $ sambaStringOption $ sambaStringListoption - $ description ) ) -olcObjectClasses: {10}( 1.3.6.1.4.1.7165.2.2.13 NAME 'sambaPrivilege' DESC 'Sa - mba Privilege' SUP top AUXILIARY MUST sambaSID MAY sambaPrivilegeList ) -structuralObjectClass: olcSchemaConfig -entryUUID: 5606a71a-6a95-1032-977b-cf219862f309 -creatorsName: cn=config -createTimestamp: 20130616055713Z -entryCSN: 20130616055713.639138Z#000000#000#000000 -modifiersName: cn=config -modifyTimestamp: 20130616055713Z diff --git a/lsexample/slapd/slapd.d/cn=config/cn=schema/cn={5}lsexample.ldif b/lsexample/slapd/slapd.d/cn=config/cn=schema/cn={5}lsexample.ldif deleted file mode 100644 index 6ffe0b03..00000000 --- a/lsexample/slapd/slapd.d/cn=config/cn=schema/cn={5}lsexample.ldif +++ /dev/null @@ -1,39 +0,0 @@ -# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. -# CRC32 5c6a815f -dn: cn={5}lsexample -objectClass: olcSchemaConfig -cn: {5}lsexample -olcObjectIdentifier: {0}EeRoot 1.3.6.1.4.1.10650 -olcObjectIdentifier: {1}LeRoot EeRoot:4 -olcObjectIdentifier: {2}LsRoot LeRoot:10000 -olcObjectIdentifier: {3}LsLDAP LsRoot:2 -olcObjectIdentifier: {4}LsLDAPAttribute LsLDAP:1 -olcObjectIdentifier: {5}LsLDAPObjectClass LsLDAP:2 -olcAttributeTypes: {0}( LsLDAPAttribute:1 NAME 'lsAllowedServices' DESC 'List - of allowed services' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatc - h SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) -olcAttributeTypes: {1}( LsLDAPAttribute:2 NAME 'lsRecoveryHash' DESC 'Password - Recover Hash' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 - ) -olcAttributeTypes: {2}( LsLDAPAttribute:3 NAME 'lsGodfatherDn' DESC 'Godfather - dn of this entry' SUP distinguishedName ) -olcObjectClasses: {0}( LsLDAPObjectClass:1 NAME 'lspeople' DESC 'LS people Obj - ectclass' STRUCTURAL MUST ( uid $ cn ) MAY ( jpegPhoto $ sn $ givenName $ pos - talAddress $ postalCode $ l $ st $ c $ telephoneNumber $ mobile $ fax $ mail - $ personalTitle $ description $ userPassword $ lsallowedservices $ lsRecovery - Hash $ lsGodfatherDn ) ) -olcObjectClasses: {1}( LsLDAPObjectClass:3 NAME 'lsgroup' DESC 'LS group Objec - tclass' AUXILIARY MUST cn MAY ( uniquemember $ description $ lsGodfatherDn ) - ) -olcObjectClasses: {2}( LsLDAPObjectClass:4 NAME 'lssysaccount' DESC 'LS system - account Objectclass' STRUCTURAL MUST uid MAY ( userpassword $ description ) - ) -olcObjectClasses: {3}( LsLDAPObjectClass:5 NAME 'lscompany' SUP organizational - Unit STRUCTURAL MUST ou MAY ( description $ lsGodfatherDn ) ) -structuralObjectClass: olcSchemaConfig -entryUUID: 076f2732-6a9d-1032-82eb-95e24cffa2a0 -creatorsName: cn=config -createTimestamp: 20130616065217Z -entryCSN: 20130616065217.757414Z#000000#000#000000 -modifiersName: cn=config -modifyTimestamp: 20130616065217Z diff --git a/lsexample/slapd/slapd.d/cn=config/olcDatabase={-1}frontend.ldif b/lsexample/slapd/slapd.d/cn=config/olcDatabase={-1}frontend.ldif deleted file mode 100644 index f684d76f..00000000 --- a/lsexample/slapd/slapd.d/cn=config/olcDatabase={-1}frontend.ldif +++ /dev/null @@ -1,20 +0,0 @@ -# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. -# CRC32 c50de41a -dn: olcDatabase={-1}frontend -objectClass: olcDatabaseConfig -objectClass: olcFrontendConfig -olcDatabase: {-1}frontend -olcAddContentAcl: FALSE -olcLastMod: TRUE -olcMaxDerefDepth: 0 -olcReadOnly: FALSE -olcSchemaDN: cn=Subschema -olcSyncUseSubentry: FALSE -olcMonitoring: FALSE -structuralObjectClass: olcDatabaseConfig -entryUUID: 5606cc0e-6a95-1032-977d-cf219862f309 -creatorsName: cn=config -createTimestamp: 20130616055713Z -entryCSN: 20130616055713.639138Z#000000#000#000000 -modifiersName: cn=config -modifyTimestamp: 20130616055713Z diff --git a/lsexample/slapd/slapd.d/cn=config/olcDatabase={0}config.ldif b/lsexample/slapd/slapd.d/cn=config/olcDatabase={0}config.ldif deleted file mode 100644 index 0b7bb773..00000000 --- a/lsexample/slapd/slapd.d/cn=config/olcDatabase={0}config.ldif +++ /dev/null @@ -1,16 +0,0 @@ -# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. -# CRC32 96dac74f -dn: olcDatabase={0}config -objectClass: olcDatabaseConfig -olcDatabase: {0}config -olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external - ,cn=auth manage by * break -olcRootDN: cn=admin,cn=config -structuralObjectClass: olcDatabaseConfig -entryUUID: 6db4d93a-6a91-1032-8cb8-d5eaa14a6b52 -creatorsName: cn=config -createTimestamp: 20130616052915Z -olcRootPW:: dG90bw== -entryCSN: 20130616061517.456231Z#000000#000#000000 -modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth -modifyTimestamp: 20130616061517Z diff --git a/lsexample/slapd/slapd.d/cn=config/olcDatabase={1}hdb.ldif b/lsexample/slapd/slapd.d/cn=config/olcDatabase={1}hdb.ldif deleted file mode 100644 index 151ed078..00000000 --- a/lsexample/slapd/slapd.d/cn=config/olcDatabase={1}hdb.ldif +++ /dev/null @@ -1,97 +0,0 @@ -# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. -# CRC32 4ba4a558 -dn: olcDatabase={1}hdb -objectClass: olcDatabaseConfig -objectClass: olcHdbConfig -olcDatabase: {1}hdb -olcSuffix: o=ls -olcAccess: {0}to dn.regex="^o=ls$" attrs=entry,children,objectclass by group - /lsgroup/uniqueMember.exact="cn=adminldap,ou=groups,o=ls" write by dn.base=" - uid=ldapsaisie,ou=sysaccounts,o=ls" write by users read by * read -olcAccess: {1}to dn.regex="^ou=groups,o=ls$" attrs=children,objectclass by g - roup/lsgroup/uniqueMember.exact="cn=adminldap,ou=groups,o=ls" write by dn.ba - se="uid=ldapsaisie,ou=sysaccounts,o=ls" write by users read by * none -olcAccess: {2}to dn.regex="^cn=[^,]+,ou=groups,o=ls$" attrs=entry,objectclass - by group/lsgroup/uniqueMember.exact="cn=adminldap,ou=groups,o=ls" write by - dn.base="uid=ldapsaisie,ou=sysaccounts,o=ls" write by users read by * none -olcAccess: {3}to dn.regex="^cn=[^,]+,ou=groups,o=ls$" by group/lsgroup/unique - Member.exact="cn=adminldap,ou=groups,o=ls" write by dn.base="uid=ldapsaisie, - ou=sysaccounts,o=ls" write by users read by * none -olcAccess: {4}to dn.regex="^ou=people,o=ls$" attrs=children,objectclass by g - roup/lsgroup/uniqueMember.exact="cn=adminldap,ou=groups,o=ls" write by dn.ba - se="uid=ldapsaisie,ou=sysaccounts,o=ls" write by users read by * read -olcAccess: {5}to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs=entry,objectclas - s by group/lsgroup/uniqueMember.exact="cn=adminldap,ou=groups,o=ls" write b - y dn.base="uid=ldapsaisie,ou=sysaccounts,o=ls" write by users read by * rea - d -olcAccess: {6}to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs=userPassword by - group/lsgroup/uniqueMember.exact="cn=adminldap,ou=groups,o=ls" write by dn. - base="uid=samba,ou=sysaccounts,o=ls" write by dn.base="uid=ldapsaisie,ou=sys - accounts,o=ls" write by self write by anonymous auth by * none -olcAccess: {7}to dn.regex="^uid=[^,]+,ou=sysaccounts,o=ls$" attrs=userPasswor - d by group/lsgroup/uniqueMember.exact="cn=adminldap,ou=groups,o=ls" write b - y dn.base="uid=ldapsaisie,ou=sysaccounts,o=ls" write by anonymous auth by * - none -olcAccess: {8}to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs=uid,lsallowedser - vices,uidNumber,gidNumber,homeDirectory,loginShell,sambaSID,sambaAcctFlags,sa - mbaPrimaryGroupSID by group/lsgroup/uniqueMember.exact="cn=adminldap,ou=grou - ps,o=ls" write by dn.base="uid=ldapsaisie,ou=sysaccounts,o=ls" write by use - rs read by * none -olcAccess: {9}to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs=sambaLMPassword, - sambaNTPassword by group/lsgroup/uniqueMember.exact="cn=adminldap,ou=groups, - o=ls" write by dn.base="uid=ldapsaisie,ou=sysaccounts,o=ls" write by dn.bas - e="uid=samba,ou=sysaccounts,o=ls" write by self write by * none -olcAccess: {10}to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs=c,cn,jpegPhoto, - personalTitle,sn,givenName,postalAddress,postalCode,l,st,telephoneNumber,mobi - le,fax,mail,description by group/lsgroup/uniqueMember.exact="cn=adminldap,ou - =groups,o=ls" write by dn.base="uid=ldapsaisie,ou=sysaccounts,o=ls" write b - y self write by users read by * read -olcAccess: {11}to attrs=entry by group/lsgroup/uniqueMember.exact="cn=adminld - ap,ou=groups,o=ls" write by dn.base="uid=ldapsaisie,ou=sysaccounts,o=ls" wri - te by users read by * none -olcAccess: {12}to * by group/lsgroup/uniqueMember.exact="cn=adminldap,ou=grou - ps,o=ls" write by dn.base="uid=ldapsaisie,ou=sysaccounts,o=ls" write by * n - one -olcAddContentAcl: FALSE -olcLastMod: TRUE -olcMaxDerefDepth: 15 -olcReadOnly: FALSE -olcSyncUseSubentry: FALSE -olcMonitoring: FALSE -olcDbDirectory: /var/lib/ldap -olcDbCacheSize: 1000 -olcDbCheckpoint: 512 30 -olcDbConfig: {0}set_cachesize 0 2097152 0 -olcDbConfig: {1}set_lk_max_objects 1500 -olcDbConfig: {2}set_lk_max_locks 1500 -olcDbConfig: {3}set_lk_max_lockers 1500 -olcDbNoSync: FALSE -olcDbDirtyRead: FALSE -olcDbIDLcacheSize: 0 -olcDbIndex: objectClass eq -olcDbIndex: cn eq,approx,sub -olcDbIndex: uid eq,approx,sub -olcDbIndex: uidNumber eq -olcDbIndex: gidNumber eq -olcDbIndex: sambaSID eq -olcDbIndex: lsAllowedServices eq -olcDbIndex: lsGodfatherDn eq -olcDbIndex: uniqueMember eq -olcDbIndex: sambaDomainName eq -olcDbIndex: memberUid eq -olcDbIndex: givenName eq,approx,sub -olcDbIndex: sn eq,approx,sub -olcDbIndex: mail eq,approx,sub -olcDbLinearIndex: FALSE -olcDbMode: 0600 -olcDbSearchStack: 16 -olcDbShmKey: 0 -olcDbCacheFree: 1 -olcDbDNcacheSize: 0 -structuralObjectClass: olcHdbConfig -entryUUID: a17059aa-6aa2-1032-8f84-37b4f3699116 -creatorsName: cn=config -createTimestamp: 20130616073223Z -entryCSN: 20130616073223.616056Z#000000#000#000000 -modifiersName: cn=config -modifyTimestamp: 20130616073223Z diff --git a/src/conf/LSaddons/config.LSaddons.dyngroup.php b/src/conf/LSaddons/config.LSaddons.dyngroup.php new file mode 100644 index 00000000..72884d5f --- /dev/null +++ b/src/conf/LSaddons/config.LSaddons.dyngroup.php @@ -0,0 +1,56 @@ + array( + 'LSdyngroup', + 'posixGroup', + ), + 'rdn' => 'cn', + 'container_dn' => 'ou=dyngroups', + 'container_auto_create' => array( + 'objectclass' => array( + 'top', + 'organizationalUnit', + ), + 'attrs' => array( + 'ou' => 'dyngroups', + ), + ), + 'display_name_format' => '%{cn}', + 'label' => 'Dynamic groups', + + 'customActions' => array ( + 'showTechInfo' => array ( + 'function' => 'showTechInfo', + 'label' => 'Show technical information', + 'hideLabel' => True, + 'noConfirmation' => true, + 'disableOnSuccessMsg' => true, + 'icon' => 'tech_info', + 'rights' => array ( + 'admin', + ), + ), + 'updateDynGroupMembersCache' => array ( + 'function' => 'updateDynGroupMembersCache', + 'label' => 'Update members cache', + 'question_format' => 'Are you sure you want to update members cache of this dynamic group ?', + 'onSuccessMsgFormat' => 'Members cache updated.', + 'icon' => 'refresh', + 'rights' => array ( + 'admin', + ), + ), + ), + + 'LSsearch' => array ( + 'attrs' => array ( + 'cn', + 'gidNumber' => array ( + 'searchLSformat' => '(gidNumber=%{pattern})', + 'approxLSformat' => '(gidNumber=%{pattern})', + ), + 'description', + ), + 'params' => array ( + 'sortBy' => 'displayName' + ), + 'customActions' => array ( + 'updateDynGroupsMembersCache' => array ( + 'function' => 'updateDynGroupsMembersCache', + 'label' => 'Update members cache', + 'question_format' => 'Are you sure you want to update members cache of all dynamic groups (could be quite long) ?', + 'onSuccessMsgFormat' => 'Dynamic groups members cache updated.', + 'icon' => 'refresh', + 'rights' => array ( + 'admin', + ), + ), + ), + ), + + 'after_delete' => 'updateGroupMembersAllowedServices', + 'after_create' => 'updateDynGroupMembersCache', + + 'attrs' => array ( + + /* ----------- start -----------*/ + 'cn' => array ( + 'label' => 'Name', + 'ldap_type' => 'ascii', + 'html_type' => 'text', + 'required' => 1, + 'check_data' => array ( + 'alphanumeric' => array( + 'msg' => 'Name must contain alphanumeric values only.', + ), + ), + 'validation' => array ( + array ( + 'filter' => 'cn=%{val}', + 'result' => 0, + ), + ), + 'view' => 1, + 'rights' => array( + 'user' => 'r', + 'admin' => 'w', + 'godfather' => 'r', + ), + 'form' => array ( + 'modify' => 1, + 'create' => 1, + ), + ), + /* ----------- end -----------*/ + + /* ----------- start -----------*/ + 'gidNumber' => array ( + 'label' => 'Identifier', + 'ldap_type' => 'numeric', + 'html_type' => 'text', + 'required' => 1, + 'generate_function' => 'generate_samba_gidNumber', + 'validation' => array ( + array ( + 'filter' => 'gidNumber=%{val}', + 'result' => 0, + ), + ), + 'view' => 1, + 'rights' => array( + 'user' => 'r', + 'admin' => 'w', + ), + 'form' => array ( + 'modify' => 1, + ), + ), + /* ----------- end -----------*/ + + /* ----------- start -----------*/ + 'lsDynGroupMemberDnURI' => array ( + 'label' => 'Member search URI', + 'help_info' => "

LDAP search URI or group members. A LDAP search URI is composed of the following parts separated by semicolons :

Example : ldap:///ou=people,o=ls??one?(&(objectClass=lspeople)(mail=*@ls.com))

", + 'ldap_type' => 'ascii', + 'html_type' => 'textarea', + 'required' => 0, + 'default_value' => 'ldap:///ou=people,o=ls??one?(objectClass=lspeople)', + 'check_data' => array ( + 'ldapSearchURI' => array( + 'msg' => "Invalid LDAP search URI.", + ), + ), + 'view' => 1, + 'rights' => array( + 'admin' => 'w', + ), + 'form' => array ( + 'modify' => 1, + 'create' => 1, + ), + 'dependAttrs' => array( + 'lsDynGroupMemberUidURI' + ), + 'after_modify' => array( + 'updateGroupMembersAllowedServices', + 'updateDynGroupMembersCache', + ), + ), + /* ----------- end -----------*/ + + /* ----------- start -----------*/ + 'lsDynGroupMemberUidURI' => array ( + 'label' => 'Member search URI (UID)', + 'ldap_type' => 'ascii', + 'html_type' => 'textarea', + 'required' => 0, + 'generate_function' => 'generateDyngroupMemberUidURI', + 'rights' => array( + 'admin' => 'w', + ), + ), + /* ----------- end -----------*/ + + /* ----------- start -----------*/ + 'lsDynGroupMemberDn' => array ( + 'label' => 'Members', + 'ldap_type' => 'ascii', + 'html_type' => 'select_object', + 'html_options' => array( + 'selectable_object' => array( + 'object_type' => 'LSpeople', + 'display_name_format' => '%{cn} (%{dn})', + 'value_attribute' => 'dn', + ), + ), + 'required' => 0, + 'multiple' => 1, + 'view' => 1, + 'rights' => array( + 'user' => 'r', + 'admin' => 'w', + 'godfather' => 'w', + ), + ), + /* ----------- end -----------*/ + + /* ----------- start -----------*/ + 'lsDynGroupMemberUid' => array ( + 'label' => 'Members UID', + 'ldap_type' => 'ascii', + 'html_type' => 'select_object', + 'html_options' => array( + 'selectable_object' => array( + 'object_type' => 'LSpeople', + 'display_name_format' => '%{cn} (%{uid})', + 'value_attribute' => 'uid', + ) + ), + 'required' => 0, + 'multiple' => 1, + 'view' => 1, + 'rights' => array( + 'user' => 'r', + 'admin' => 'w', + 'godfather' => 'w', + ), + ), + /* ----------- end -----------*/ + + /* ----------- start -----------*/ + 'uniqueMember' => array ( + 'label' => 'Members (cache)', + 'ldap_type' => 'ascii', + 'html_type' => 'select_object', + 'html_options' => array( + 'selectable_object' => array( + array( + 'object_type' => 'LSpeople', + 'display_name_format' => '%{cn} (%{dn})', + 'value_attribute' => 'dn', + ), + ), + 'ordered' => true, + ), + 'required' => 0, + 'multiple' => 1, + 'validation' => array ( + array ( + 'object_type' => 'LSpeople', + 'basedn' => '%{val}', + 'result' => 1, + ), + ), + 'view' => 1, + 'rights' => array( + 'admin' => 'w', + 'admingroup' => 'w', + 'godfather' => 'w', + ), + ), + /* ----------- end -----------*/ + + /* ----------- start -----------*/ + 'memberUid' => array ( + 'label' => 'Members UID (cache)', + 'ldap_type' => 'ascii', + 'html_type' => 'select_object', + 'html_options' => array( + 'selectable_object' => array( + array( + 'object_type' => 'LSpeople', + 'display_name_format' => '%{cn} (%{uid})', + 'value_attribute' => 'uid', + ), + ), + 'ordered' => true, + ), + 'required' => 0, + 'multiple' => 1, + 'validation' => array ( + array ( + 'object_type' => 'LSpeople', + 'filter' => '(uid=%{val})', + 'result' => 1, + ), + ), + 'view' => 1, + 'rights' => array( + 'admin' => 'w', + 'admingroup' => 'w', + 'godfather' => 'w', + ), + ), + /* ----------- end -----------*/ + + /* ----------- start -----------*/ + 'description' => array ( + 'label' => 'Description', + 'ldap_type' => 'ascii', + 'html_type' => 'textarea', + 'multiple' => 1, + 'rights' => array( + 'user' => 'r', + 'admin' => 'w', + 'godfather' => 'r', + ), + 'view' => 1, + 'form' => array ( + 'modify' => 1, + 'create' => 1, + ), + ), + /* ----------- end -----------*/ + + /* ----------- start -----------*/ + 'lsGodfatherDn' => array ( + 'label' => 'Accountable(s)', + 'ldap_type' => 'ascii', + 'html_type' => 'select_object', + 'html_options' => array ( + 'selectable_object' => array( + 'object_type' => 'LSpeople', + 'value_attribute' => 'dn', + ), + ), + 'validation' => array ( + array ( + 'basedn' => '%{val}', + 'result' => 1, + 'msg' => "One or several of these users don't exist.", + ), + ), + 'multiple' => 0, + 'rights' => array( + 'admin' => 'w', + ), + 'view' => 1, + 'form' => array ( + 'modify' => 1, + 'create' => 1, + ), + ), + /* ----------- end -----------*/ + + ), +); diff --git a/src/conf/LSobjects/config.LSobjects.LSpeople.php b/src/conf/LSobjects/config.LSobjects.LSpeople.php index c6cf891e..f2244681 100644 --- a/src/conf/LSobjects/config.LSobjects.LSpeople.php +++ b/src/conf/LSobjects/config.LSobjects.LSpeople.php @@ -148,6 +148,17 @@ $GLOBALS['LSobjects']['LSpeople'] = array ( 'admingroup' => 'w', ), ), + 'dyngroups' => array( + 'label' => 'Belongs to dynamic groups ...', + 'emptyText' => "Doesn't belong to any dynamic group.", + 'LSobject' => "LSdyngroup", + 'linkAttribute' => "uniqueMember", + 'linkAttributeValue' => "dn", + 'rights' => array( + 'self' => 'r', + 'admin' => 'r', + ), + ), 'godfather' => array( 'label' => 'Godfather of ...', 'emptyText' => "Doesn't sponsor any user.", @@ -160,6 +171,30 @@ $GLOBALS['LSobjects']['LSpeople'] = array ( 'admingroup' => 'w', ), ), + 'group_godfather' => array( + 'label' => 'Godfather of groups ...', + 'emptyText' => "Doesn't sponsor any group.", + 'LSobject' => "LSgroup", + 'linkAttribute' => "lsGodfatherDn", + 'linkAttributeValue' => "dn", + 'rights' => array( + 'self' => 'r', + 'admin' => 'w', + 'admingroup' => 'w', + ), + ), + 'dyngroup_godfather' => array( + 'label' => 'Godfather of dynamic groups ...', + 'emptyText' => "Doesn't sponsor any dynamic group.", + 'LSobject' => "LSdyngroup", + 'linkAttribute' => "lsGodfatherDn", + 'linkAttributeValue' => "dn", + 'rights' => array( + 'self' => 'r', + 'admin' => 'w', + 'admingroup' => 'w', + ), + ), ), // LSform @@ -278,6 +313,10 @@ $GLOBALS['LSobjects']['LSpeople'] = array ( ), ), + 'after_create' => 'triggerUpdateDynGroupsMembersCacheOnUserCreateOrDelete', + 'after_modify' => 'triggerUpdateDynGroupsMembersCacheOnUserModify', + 'after_delete' => 'triggerUpdateDynGroupsMembersCacheOnUserCreateOrDelete', + // Attributes 'attrs' => array_merge($GLOBALS['pwdPolicyAccountAttrs'], array ( diff --git a/src/conf/config.LSaddons.php b/src/conf/config.LSaddons.php index 7eed5627..0f75fd56 100644 --- a/src/conf/config.LSaddons.php +++ b/src/conf/config.LSaddons.php @@ -25,6 +25,7 @@ $GLOBALS['LSaddons']['loads'] = array ( 'posix', 'ftp', 'maildir', + 'dyngroup', 'showTechInfo', 'LSaccessRightsMatrixView', ); diff --git a/src/conf/config.inc.php b/src/conf/config.inc.php index b0e8f70f..0ed2189d 100644 --- a/src/conf/config.inc.php +++ b/src/conf/config.inc.php @@ -96,6 +96,7 @@ $GLOBALS['LSconfig'] = array( 'LSaccess' => array( 'LSpeople', 'LSgroup', + 'LSdyngroup', 'LSsysaccount', 'pwdPolicy', ), diff --git a/src/includes/addons/LSaddons.dyngroup.php b/src/includes/addons/LSaddons.dyngroup.php new file mode 100644 index 00000000..8f5b10d3 --- /dev/null +++ b/src/includes/addons/LSaddons.dyngroup.php @@ -0,0 +1,359 @@ + + * + * @retval boolean true if dyngroup are fully supported, false otherwise + */ +function LSaddon_dyngroup_support() { + $retval = true; + + $MUST_DEFINE_CONST = array( + 'DYNGROUP_OBJECT_TYPE', + ); + + foreach($MUST_DEFINE_CONST as $const) { + if ( !defined($const) || !constant($const) ) { + LSerror :: addErrorCode('DYNGROUP_SUPPORT_01', $const); + $retval = false; + } + } + + if ( + !(constant('DYNGROUP_MEMBER_DN_URI_ATTRIBUTE') && constant('DYNGROUP_MEMBER_DN_ATTRIBUTE') && constant('DYNGROUP_MEMBER_DN_STATIC_ATTRIBUTE')) && + !(constant('DYNGROUP_MEMBER_UID_URI_ATTRIBUTE') && constant('DYNGROUP_MEMBER_UID_ATTRIBUTE') && constant('DYNGROUP_MEMBER_UID_STATIC_ATTRIBUTE')) + ) { + LSerror :: addErrorCode('DYNGROUP_SUPPORT_02'); + $retval = false; + } + + if ($retval && php_sapi_name() == 'cli') { + LScli :: add_command( + 'update_dyngroups_members_cache', + 'cli_updateDynGroupsMembersCache', + 'Update dynamic groups members cache' + ); + } + + return $retval; +} + +/* + * Parse LDAP search URI + * + * @param[in] $uri string The LDAP search URI to parse + * + * @retval array|false Array of parsed LDAP search URI info, or false + */ +function parseLdapSearchURI($uri) { + $uri_parts = explode('?', $uri); + if (count($uri_parts) < 2) { + return false; + } + + return array ( + 'ldap_base_uri' => $uri_parts[0], + 'requested_attributes' => $uri_parts[1], + 'scope' => (isset($uri_parts[2])?$uri_parts[2]:null), + 'filter' => (isset($uri_parts[3])?$uri_parts[3]:null), + ); +} + +/* + * Extract attributes cited in an LDAP filter string + * + * @param[in] $filter string The LDAP filter string + * + * @retval array|false Array of the attributes cited in the LDAP filter string, or false + */ +function extractAttributesFromLdapFilterString($filter) { + if ($filter[0] != '(') + $filter = "($filter)"; + + if (!preg_match_all('#\((?P[a-z0-9]+)(?P[~<>]?=)(?P[^\)]+)\)#i', $filter, $parts)) + return false; + + return $parts['attr']; +} + +/** + * Generate dyngroup memberUid URI attribute value from memberDN URI attribute + * + * @author Benjamin Renard + * + * @param[in] $ldapObject The LSldapObject + * + * @retval array|null array of memberUid URI attribute values or null in case of error + */ +function generateDyngroupMemberUidURI($ldapObject) { + if (!isset($ldapObject -> attrs[ DYNGROUP_MEMBER_DN_URI_ATTRIBUTE ])) { + LSerror :: addErrorCode( + 'DYNGROUP_01', + array('dependency' => DYNGROUP_MEMBER_DN_URI_ATTRIBUTE, 'attr' => DYNGROUP_MEMBER_UID_URI_ATTRIBUTE) + ); + return; + } + + $dn_uri = $ldapObject -> attrs[ DYNGROUP_MEMBER_DN_URI_ATTRIBUTE ] -> getValue(); + if (empty($dn_uri)) + return; + + $uri_parts = explode('?', $dn_uri[0]); + if (count($uri_parts) < 2) { + LSerror :: addErrorCode('DYNGROUP_02', DYNGROUP_MEMBER_DN_URI_ATTRIBUTE); + return; + } + $uri_parts[1] = 'uid'; + return array( + implode('?', $uri_parts) + ); +} + +/** + * Update dyngroup cache members attributes + * + * @author Benjamin Renard + * + * @param[in] $dyngroup The LSldapObject + * + * @retval boolean True on success, False otherwise + */ +function updateDynGroupMembersCache($dyngroup, $reload=true) { + if ($reload && !$dyngroup -> reloadData()) { + LSlog :: get_logger('LSaddon_dyngroup') -> error("Fail to reload $dyngroup data"); + return false; + } + $attrs_map = array( + 'DYNGROUP_MEMBER_DN_ATTRIBUTE' => 'DYNGROUP_MEMBER_DN_STATIC_ATTRIBUTE', + 'DYNGROUP_MEMBER_UID_ATTRIBUTE' => 'DYNGROUP_MEMBER_UID_STATIC_ATTRIBUTE' + ); + $old_attrs = array(); + $attrs = array(); + foreach ($attrs_map as $src_attr => $dst_attr) { + $src_attr = constant($src_attr); + $dst_attr = constant($dst_attr); + if (!$src_attr || !$dst_attr) + continue; + LSlog :: get_logger('LSaddon_dyngroup') -> trace( + "updateDynGroupMembersCache($dyngroup): update attribute '$dst_attr' from '$dst_attr'" + ); + $old_attrs[$dst_attr] = $dyngroup -> getValue($dst_attr, false, array()); + ksort($old_attrs[$dst_attr]); + + $attrs[$dst_attr] = $dyngroup -> getValue($src_attr, false, array()); + ksort($attrs[$dst_attr]); + } + + if ($attrs == $old_attrs) { + LSlog :: get_logger('LSaddon_dyngroup') -> debug( + "updateDynGroupMembersCache($dyngroup): no member change" + ); + return true; + } + LSlog :: get_logger('LSaddon_dyngroup') -> debug( + "updateDynGroupMembersCache($dyngroup): change detected:\n - Current: ".varDump($old_attrs). + "\n\n - New: ".varDump($attrs) + ); + + if (!$old_attrs) { + LSlog :: get_logger('LSaddon_dyngroup') -> error( + "updateDynGroupMembersCache($dyngroup): No member attribute defined !" + ); + return false; + } + + if (!LSldap :: update(DYNGROUP_OBJECT_TYPE, $dyngroup -> getDn(), $attrs)) { + LSlog :: get_logger('LSaddon_dyngroup') -> error("Fail to update $dyngroup cache members attributes"); + return false; + } + LSlog :: get_logger('LSaddon_dyngroup') -> debug( + "updateDynGroupMembersCache($dyngroup): cache members attributes updated" + ); + return true; +} + +function updateDynGroupsMembersCache() { + if (!LSsession :: loadLSobject(DYNGROUP_OBJECT_TYPE)) + LSlog :: get_logger('LSaddon_dyngroup') -> fatal('Fail to load dyngroup object type'); + + // List dyn groups + $dyngroup_class = constant('DYNGROUP_OBJECT_TYPE'); + $dyngroup = new $dyngroup_class(); + $error = false; + foreach($dyngroup -> listObjects(null, null, array('withoutCache' => true)) as $group) { + if (!updateDynGroupMembersCache($group, false)) + $error = true; + } + return !$error; +} + +function triggerUpdateDynGroupsMembersCacheOnUserModify($user) { + $changed_attrs = array(); + foreach($user -> attrs as $attr_name => $attr) { + if ($attr -> isUpdate()) + $changed_attrs[] = strtolower($attr_name); + } + if (!$changed_attrs) { + LSlog :: get_logger('LSaddon_dyngroup') -> debug( + "triggerUpdateDynGroupsMembersCacheOnUserModify($user): no attribute changed" + ); + return true; + } + LSlog :: get_logger('LSaddon_dyngroup') -> debug( + "triggerUpdateDynGroupsMembersCacheOnUserModify($user): changed attributes = ".implode(', ', $changed_attrs) + ); + + return triggerUpdateDynGroupsMembersCacheOnUserChanges($user, $changed_attrs); +} + +function triggerUpdateDynGroupsMembersCacheOnUserCreateOrDelete($user) { + $changed_attrs = array_keys($user -> attrs); + return triggerUpdateDynGroupsMembersCacheOnUserChanges($user, $changed_attrs); +} + +function triggerUpdateDynGroupsMembersCacheOnUserChanges(&$user, &$changed_attrs) { + if (!LSsession :: loadLSobject(DYNGROUP_OBJECT_TYPE)) { + LSlog :: get_logger('LSaddon_dyngroup') -> error('Fail to load dyngroup object type'); + return false; + } + + // List dyn groups + $dyngroup_class = constant('DYNGROUP_OBJECT_TYPE'); + $dyngroup = new $dyngroup_class(); + $error = false; + $impacted_dyngroups = 0; + $updated_dyngroups = 0; + foreach($dyngroup -> listObjects() as $group) { // Leave cache enabled + $uri = null; + foreach(array(DYNGROUP_MEMBER_DN_URI_ATTRIBUTE, DYNGROUP_MEMBER_UID_URI_ATTRIBUTE) as $uri_attr) { + $uri = $group -> getValue($uri_attr, true); + if ($uri) break; + } + + if (!$uri) { + LSlog :: get_logger('LSaddon_dyngroup') -> debug( + "triggerUpdateDynGroupsMembersCacheOnUserChanges($user): $group hasn't member URI attribute." + ); + continue; + } + $parsed_uri = parseLdapSearchURI($uri); + if (!$parsed_uri) { + LSlog :: get_logger('LSaddon_dyngroup') -> warning( + "triggerUpdateDynGroupsMembersCacheOnUserChanges($user): fail to parse member URI attribute of $group." + ); + continue; + } + + if (!$parsed_uri['filter']) { + LSlog :: get_logger('LSaddon_dyngroup') -> warning( + "triggerUpdateDynGroupsMembersCacheOnUserChanges($user): no LDAP filter found in member URI attribute of $group." + ); + continue; + } + + $filter_attrs = extractAttributesFromLdapFilterString($parsed_uri['filter']); + LSlog :: get_logger('LSaddon_dyngroup') -> debug( + "triggerUpdateDynGroupsMembersCacheOnUserChanges($user): attributes of LDAP filter of member URI attribute of $group = ".implode(', ', $filter_attrs) + ); + + if (!$filter_attrs) { + LSlog :: get_logger('LSaddon_dyngroup') -> warning( + "triggerUpdateDynGroupsMembersCacheOnUserChanges($user): fail to extract attribute from LDAP filter '".$parsed_uri['filter']."' from member URI attribute of $group." + ); + continue; + } + + $is_impacted = false; + foreach($filter_attrs as $attr) { + if (in_array(strtolower($attr), $changed_attrs)) { + $is_impacted = true; + break; + } + } + + if (!$is_impacted) { + LSlog :: get_logger('LSaddon_dyngroup') -> debug( + "triggerUpdateDynGroupsMembersCacheOnUserChanges($user): $group is NOT impacted by user's changes." + ); + continue; + } + LSlog :: get_logger('LSaddon_dyngroup') -> debug( + "triggerUpdateDynGroupsMembersCacheOnUserChanges($user): $group is impacted by user's changes ". + "(at least by attribute '$attr')." + ); + $impacted_dyngroups++; + if (updateDynGroupMembersCache($group, false)) + $updated_dyngroups++; + else + $error = true; + } + LSlog :: get_logger('LSaddon_dyngroup') -> debug( + "triggerUpdateDynGroupsMembersCacheOnUserChanges($user): $impacted_dyngroups impacted dyngroups found, ". + "$updated_dyngroups updated." + ); + if ($impacted_dyngroups && $impacted_dyngroups == $updated_dyngroups) { + LSsession :: addInfo( + getFData( + _('Members cache of %{count} dynamic group(s) have been updated because thes were potentially impacted by your changes.'), + $updated_dyngroups) + ); + } + else if ($error) { + LSsession :: addInfo( + getFData( + _('Members cache of %{count} dynamic group(s) have NOT been updated but thes were potentially impacted by your changes. A delay of some minutes could be necessary to handle your changes on this groups.'), + ($impacted_dyngroups-$updated_dyngroups) + ) + ); + } + return !$error; +} + + +if (php_sapi_name() != 'cli') + return true; + +function cli_updateDynGroupsMembersCache($command_args) { + return updateDynGroupsMembersCache(); +} diff --git a/src/includes/class/class.LScli.php b/src/includes/class/class.LScli.php index 50c42a9a..c19cc4ea 100644 --- a/src/includes/class/class.LScli.php +++ b/src/includes/class/class.LScli.php @@ -638,14 +638,25 @@ class LScli extends LSlog_staticLoggerClass { * * @retval array List of available options **/ - public static function autocomplete_int($prefix='') { + public static function autocomplete_int($prefix='', $quote_char='') { $opts = array(); for ($i=0; $i < 10; $i++) { - $opts[] = "$prefix$i"; + $opts[] = self :: quote_word("$prefix$i", $quote_char); } return $opts; } + /** + * Autocomplete boolean option + * + * @param[in] $prefix string Option prefix (optional, default=empty string) + * + * @retval array List of available options + **/ + public static function autocomplete_bool($prefix='', $quote_char='') { + return self :: autocomplete_opts(array('0', '1'), $prefix, false, $quote_char); + } + /** * Autocomplete LSobject type option * diff --git a/src/includes/class/class.LSformRule_ldapSearchURI.php b/src/includes/class/class.LSformRule_ldapSearchURI.php new file mode 100644 index 00000000..7093fca5 --- /dev/null +++ b/src/includes/class/class.LSformRule_ldapSearchURI.php @@ -0,0 +1,179 @@ + + */ +class LSformRule_ldapSearchURI extends LSformRule { + + // CLI parameters autocompleters + protected static $cli_params_autocompleters = array( + 'check_resolving_ldap_host' => array('LScli', 'autocomplete_bool'), + 'host_required' => array('LScli', 'autocomplete_bool'), + 'scope_required' => array('LScli', 'autocomplete_bool'), + 'attr_required' => array('LScli', 'autocomplete_bool'), + 'max_attrs_count' => array('LScli', 'autocomplete_int'), + 'filter_required' => array('LScli', 'autocomplete_bool'), + ); + + /** + * Check an LDAP search URI value + * + * @param mixed $value The value to check + * @param array $options Validation option + * @param object $formElement The LSformElement object + * + * @return boolean true if the value is valid, false otherwise + */ + public static function validate($value, $options=array(), &$formElement) { + self :: log_trace("validate($value): options = ".varDump($options)); + $uri_parts = explode('?', $value); + + self :: log_trace("validate($value): URI parts = ".varDump($uri_parts)); + + /* + * The LDAP URI + */ + if (!preg_match('/^(?Pldaps?)\:\/\/(?P[^\/\:]+)?(:(?P[0-9]+))?\/(?P.*)$/', $uri_parts[0], $m)) { + throw new LSformRuleException(getFData(_('Invalid LDAP server URI (%{uri})'), $uri_parts[0])); + } + self :: log_trace("validate($value): parsed LDAP URI:".varDump($m)); + + // Check LDAP host + if ($m['host']) { + if (filter_var($m['host'], FILTER_VALIDATE_IP)) { + self :: log_trace("validate($value): '".$m['host']."' is a valid IP address"); + } + elseif ( + filter_var($m['host'], FILTER_VALIDATE_DOMAIN) && + (!LSconfig :: get('params.check_resolving_ldap_host', true, 'bool', $options) || @gethostbyname($m['host']) != $m['host']) + ) { + self :: log_trace("validate($value): '".$m['host']."' is a valid domain name"); + } + else { + throw new LSformRuleException(getFData(_('Invalid LDAP host (%{host})'), $m['host'])); + } + + if ($m['port'] && $m['port'] < 1 || $m['port'] > 65535) { + throw new LSformRuleException(getFData(_('Invalid LDAP port (%{port})'), $m['port'])); + } + } + elseif ($m['port']) { + throw new LSformRuleException(getFData(_('A LDAP URI could not contain port without host (%{host}:%{port})'), $m)); + } + else { + self :: log_trace("validate($value): URI doesn't contain LDAP host"); + if (LSconfig :: get('params.host_required', False, 'bool', $options)) + throw new LSformRuleException(_('LDAP host not provided but required')); + } + + // Check base DN + if (isset($m['basedn']) && $m['basedn']) { + if (!isCompatibleDNs($m['basedn'], LSsession :: getRootDn())) + throw new LSformRuleException(getFData(_('Invalid base DN (%{basedn})'), $m['basedn'])); + self :: log_trace("validate($value): base DN '".$m['basedn']."' is valid"); + } + else { + self :: log_trace("validate($value): URI doesn't contain search base DN"); + if (LSconfig :: get('params.basedn_required', False, 'bool', $options)) + throw new LSformRuleException(_('Search base DN not provided but required')); + } + + /* + * Attributes (optionals) + */ + $max_attrs_count = LSconfig :: get('params.max_attrs_count', null, null, $options); + if (isset($uri_parts[1]) && $uri_parts[1]) { + $attrs = explode(',', $uri_parts[1]); + if (!is_empty($max_attrs_count) && count($attrs) > $max_attrs_count) + throw new LSformRuleException( + getFData( + _('Invalid searched attributes count (%{attrCount} > %{maxAttrsCount})'), + array('attrCount' => count($attrs), 'maxAttrsCount' => $max_attrs_count) + ) + ); + foreach($attrs as $attr) { + if (!preg_match('/^[a-z][a-z0-9\-]+$/i', $attr)) { + throw new LSformRuleException(getFData(_('Invalid attribute name (%{attr})'), $attr)); + } + } + } + else { + self :: log_trace("validate($value): no attribute name provided"); + if ( + LSconfig :: get('params.attr_required', False, 'bool', $options) || + (!is_empty($max_attrs_count) && $max_attrs_count > 0) + ) + throw new LSformRuleException(_('Attribute name not provided but required')); + } + + /* + * Scope + */ + if (isset($uri_parts[2]) && $uri_parts[2]) { + if (!in_array($uri_parts[2], array('base', 'one', 'sub'))) { + throw new LSformRuleException( + getFData( + _('Invalid search scope (%{scope}). Must be one of the following value : base, one or sub.'), + $uri_parts[2] + ) + ); + } + } + else { + self :: log_trace("validate($value): no search scope provided"); + if (LSconfig :: get('params.scope_required', true, 'bool', $options)) + throw new LSformRuleException(_('Search scope not provided but required')); + } + + /* + * LDAP Filter (optinal) + */ + if (isset($uri_parts[3]) && $uri_parts[3]) { + /* + Try to parse LDAP filter string to validate it + + Due to a limitation of Net_LDAP2_Filter::parse() that only + support filter enclosed by parentheses, if string does not + start with "(", enclose the filter with parentheses. + */ + $filter = @Net_LDAP2_Filter::parse( + ($uri_parts[3][0]=='('?$uri_parts[3]:"(".$uri_parts[3].")") + ); + if (!$filter instanceof Net_LDAP2_Filter) { + throw new LSformRuleException(getFData(_('Invalid LDAP filter ("%{filter}")'), $uri_parts[3])); + } + self :: log_trace("validate($value): LDAP search filter '".$uri_parts[3]."' is valid."); + } + else { + self :: log_trace("validate($value): no search filter provided"); + if (LSconfig :: get('params.filter_required', false, 'bool', $options)) + throw new LSformRuleException(_('Search filter not provided but required')); + } + + self :: log_trace("validate($value): LDAP search URI is valid."); + return True; + } + +} diff --git a/src/lang/fr_FR.UTF8/LC_MESSAGES/ldapsaisie.mo b/src/lang/fr_FR.UTF8/LC_MESSAGES/ldapsaisie.mo index 6ae7f133..4ef29b40 100644 Binary files a/src/lang/fr_FR.UTF8/LC_MESSAGES/ldapsaisie.mo and b/src/lang/fr_FR.UTF8/LC_MESSAGES/ldapsaisie.mo differ diff --git a/src/lang/fr_FR.UTF8/LC_MESSAGES/ldapsaisie.po b/src/lang/fr_FR.UTF8/LC_MESSAGES/ldapsaisie.po index ee2c336b..61c94ca7 100644 --- a/src/lang/fr_FR.UTF8/LC_MESSAGES/ldapsaisie.po +++ b/src/lang/fr_FR.UTF8/LC_MESSAGES/ldapsaisie.po @@ -8,7 +8,7 @@ msgstr "" "Project-Id-Version: LdapSaisie\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: \n" -"PO-Revision-Date: 2021-07-12 18:59+0200\n" +"PO-Revision-Date: 2021-07-21 19:28+0200\n" "Last-Translator: Benjamin Renard \n" "Language-Team: LdapSaisie \n" @@ -19,6 +19,7 @@ msgstr "" "X-Poedit-SourceCharset: utf-8\n" "X-Poedit-Basepath: /var/www/ldapsaisie/trunk\n" "X-Generator: Poedit 2.4.2\n" +"Plural-Forms: nplurals=2; plural=(n > 1);\n" #: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.samba.php:27 msgid "SAMBA Support: Unable to load smbHash class." @@ -160,6 +161,52 @@ msgstr "MAIL : Erreur durant l'envoie de votre mail" msgid "PhpLdapAdmin Support : The constant %{const} is not defined." msgstr "Support PhpLdapAdmin : La constante %{const} n'est pas définie." +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.dyngroup.php:27 +msgid "Dynamic groups support: The constant %{const} is not defined." +msgstr "" +"Support des groupes dynamiques : La constante %{const} n'est pas définie." + +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.dyngroup.php:30 +msgid "" +"Dynamic groups support: You must at least define all constantes of dynamic " +"groups's by DN or by UID." +msgstr "" +"Support des groupes dynamiques : vous devez au moins définir toutes les " +"constantes des groupes dynamiques par DN ou par UID." + +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.dyngroup.php:34 +msgid "" +"Dynamic groups: The attribute %{dependency} is missing. Unable to forge the " +"attribute %{attr}." +msgstr "" +"Support des groupes dynamiques : L'attribut %{dependency} est manquant. " +"Impossible de générer l'attribut %{attr}." + +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.dyngroup.php:37 +msgid "Dynamic groups: Fail to parse %{attr} value : invalid number of parts." +msgstr "" +"Groupes dynamiques : Impossible d'analyser la valeur de l'attribut %{attr} : " +"nombre de parties invalide." + +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.dyngroup.php:338 +msgid "" +"Members cache of %{count} dynamic group(s) have been updated because thes " +"were potentially impacted by your changes." +msgstr "" +"Le cache des membres de %{count} groupe(s) dynamique(s) as été mis à jours " +"suite à vos modifications qui les impactaient potentiellement." + +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.dyngroup.php:345 +msgid "" +"Members cache of %{count} dynamic group(s) have NOT been updated but thes " +"were potentially impacted by your changes. A delay of some minutes could be " +"necessary to handle your changes on this groups." +msgstr "" +"Le cache des membres de %{count} groupe(s) dynamique(s) n'ont PAS put être " +"mis à jours suite à vos modifications qui les impactaient potentiellement. " +"Un délais de quelques minutes pourra être nécessaire pour que vos " +"modifications soient pris en compte sur ces groupes." + #: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.posix.php:27 msgid "POSIX Support : The constant %{const} is not defined." msgstr "Support POSIX : La constante %{const} n'est pas définie." @@ -456,19 +503,19 @@ msgstr "État" msgid "Sub-state" msgstr "Sous-état" -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule.php:52 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule.php:60 msgid "Invalid syntax checking configuration: unknown rule %{rule}." msgstr "" "Configuration de validation syntaxique invalide : règle %{rule} inconnue." -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule.php:73 -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule.php:100 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule.php:81 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule.php:283 #: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattr_html_date.php:47 #: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattr_html_select_list.php:63 msgid "Invalid value" msgstr "Valeur invalide" -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule.php:111 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule.php:294 msgid "LSformRule_%{type}: Parameter %{param} is not found." msgstr "LSformRule_%{type} : Le paramètre %{param} n'est pas défini." @@ -917,21 +964,21 @@ msgstr "" "LSattr_html_select_objet : l'objet sélectionné %{name} n'a pas de valeur " "dans son attribut %{attr}, vous ne pouvez pas le sélectionner." -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_differentPassword.php:90 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_differentPassword.php:95 msgid "" "LSformRule_differentPassword : Other password attribute is not configured." msgstr "" "LSformRule_differentPassword : L'autre attribut mot de passe n'est pas " "configuré." -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_differentPassword.php:93 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_differentPassword.php:98 msgid "" "LSformRule_differentPassword : Fail to load LSattr_ldap :: password class." msgstr "" "LSformRule_differentPassword : Impossible de charger la classe " "LSattr_ldap :: password." -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_differentPassword.php:96 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_differentPassword.php:101 msgid "" "LSformRule_differentPassword : The other password attribute %{attr} does not " "exist." @@ -939,7 +986,7 @@ msgstr "" "LSformRule_differentPassword : L'autre attribut mot de passe %{attr} " "n'existe pas." -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_differentPassword.php:99 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_differentPassword.php:104 msgid "" "LSformRule_differentPassword : The other password attribute could not be the " "same of the current one." @@ -947,7 +994,7 @@ msgstr "" "LSformRule_differentPassword : L'autre attribut mot de passe ne peut être le " "même que l'attribut courant." -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_differentPassword.php:102 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_differentPassword.php:107 msgid "" "LSformRule_differentPassword : The other password attributes must use " "LSattr_ldap :: password. It's not the case of the attribure %{attr}." @@ -955,11 +1002,7 @@ msgstr "" "LSformRule_differentPassword : Les autres attributs mots de passe doivent " "utiliser LSattr_ldap :: password. Ce n'est pas le cas de l'attribut %{attr}." -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:261 -msgid "The value of field %{label} is invalid." -msgstr "La valeur du champ %{label} est incorrecte." - -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:756 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:755 msgid "" "LSattribute : Attribute %{attr} : LDAP or HTML types unknow (LDAP = %{ldap} " "& HTML = %{html})." @@ -967,7 +1010,7 @@ msgstr "" "LSattribute : Attribut %{attr} : Les types LDAP ou HTML sont inconnus (LDAP " "= %{ldap} & HTML = %{html})." -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:759 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:758 msgid "" "LSattribute : The function %{func} to display the attribute %{attr} is " "unknow." @@ -975,14 +1018,14 @@ msgstr "" "LSattribute : La fonction %{func} pour afficher l'attribut %{attr} est " "inconnue." -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:762 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:761 msgid "" "LSattribute : The rule %{rule} to validate the attribute %{attr} is unknow." msgstr "" "LSattribute : La règle %{rule} de validation de l'attribut %{attr} n'existe " "pas." -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:765 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:764 msgid "" "LSattribute : Configuration data to verify the attribute %{attr} are " "incorrect." @@ -990,22 +1033,22 @@ msgstr "" "LSattribute : Les données de configuration pour vérifier l'attribut %{attr} " "sont incorrecte." -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:768 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:767 msgid "" "LSattribute : The function %{func} to save the attribute %{attr} is unknow." msgstr "" "LSattribute : La fonction %{func} pour sauvegarder l'attribut %{attr} est " "inconnue." -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:771 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:770 msgid "LSattribute : The value of the attribute %{attr} can't be generated." msgstr "LSattribute : La valeur de l'attribut %{attr} ne peut être générée." -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:774 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:773 msgid "LSattribute : Generation of the attribute %{attr} failed." msgstr "LSattribute : La génération de l'attribut %{attr} a échouée." -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:777 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:776 msgid "" "LSattribute : Generation of the attribute %{attr} did not return a correct " "value." @@ -1013,14 +1056,14 @@ msgstr "" "LSattribute : La génération de l'attribut %{attr} n'a pas retournée de " "valeur correcte." -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:780 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:779 msgid "" "LSattribute : The attr_%{type} of the attribute %{name} is not yet defined." msgstr "" "LSattribute : L'objet attr_%{type} de l'attribut %{name} n'est pas encore " "défini." -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_callable.php:66 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_callable.php:71 msgid "LSformRule_callable : The given callable option is not callable" msgstr "LSformRule_callable : Le paramètre fournis n'est pas exécutable" @@ -1260,8 +1303,8 @@ msgstr "" "Context:\n" "%{context}" -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_mimetype.php:47 -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_mimetype.php:51 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_mimetype.php:53 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_mimetype.php:57 msgid "Invalid file type (%{type})." msgstr "Type de fichier invalide (%{type})." @@ -1523,15 +1566,15 @@ msgstr "" "LSrelation : Des paramètres sont manquant dans l'appel des méthodes de " "manipulation des relations standards." -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_password.php:51 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_password.php:60 msgid "Password is too long (maximum: %{maxLength})." msgstr "Le mot de passe est trop long (maximum : %{maxLength})." -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_password.php:56 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_password.php:65 msgid "Password is too short (minimum: %{minLength})." msgstr "Le mot de passe est trop court (minimum : %{minLength})." -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_password.php:81 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_password.php:90 msgid "" "Password match with only %{valid} rule(s) (at least %{minValidRegex} are " "required)." @@ -1539,11 +1582,11 @@ msgstr "" "Le mot de passe ne respecte que %{valid} règle(s) (au moins %{minValidRegex} " "sont requises)." -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_password.php:92 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_password.php:101 msgid "This password is prohibited." msgstr "Ce mot de passe est interdit." -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_password.php:107 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_password.php:116 msgid "" "LSformRule_password : Invalid regex configured : %{regex}. You must use PCRE " "(begining by '/' caracter)." @@ -1583,6 +1626,67 @@ msgstr "LSldap : Erreur pendant la modification du DN de l'objet." msgid "LSldap: LDAP server base DN not configured." msgstr "LSldap : Le base DN du serveur LDAP n'est pas configuré." +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_ldapSearchURI.php:59 +msgid "Invalid LDAP server URI (%{uri})" +msgstr "URI de serveur LDAP invalide (%{uri})" + +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_ldapSearchURI.php:75 +msgid "Invalid LDAP host (%{host})" +msgstr "Hôte LDAP invalide (%{type})." + +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_ldapSearchURI.php:79 +msgid "Invalid LDAP port (%{port})" +msgstr "Port LDAP invalide (%{port})" + +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_ldapSearchURI.php:83 +msgid "A LDAP URI could not contain port without host (%{host}:%{port})" +msgstr "Une URI LDAP ne peut contenir de port sans hôte (%{host}:%{port})" + +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_ldapSearchURI.php:88 +msgid "LDAP host not provided but required" +msgstr "Hôte LDAP non-fourni mais obligatoire" + +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_ldapSearchURI.php:94 +msgid "Invalid base DN (%{basedn})" +msgstr "Base DN invalide (%{basedn})" + +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_ldapSearchURI.php:100 +msgid "Search base DN not provided but required" +msgstr "Base DN de recherche non-fournie mais obligatoire" + +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_ldapSearchURI.php:112 +msgid "Invalid searched attributes count (%{attrCount} > %{maxAttrsCount})" +msgstr "" +"Nombre d'attributs recherchés invalide (%{attrCount} > %{maxAttrsCount})" + +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_ldapSearchURI.php:118 +msgid "Invalid attribute name (%{attr})" +msgstr "Nom d'attribut invalide (%{attr})" + +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_ldapSearchURI.php:128 +msgid "Attribute name not provided but required" +msgstr "Nom d'attribut non-fourni mais obligatoire" + +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_ldapSearchURI.php:138 +msgid "" +"Invalid search scope (%{scope}). Must be one of the following value : base, " +"one or sub." +msgstr "" +"Portée de recherche invalide (%{scope}). Doit être une des valeurs " +"suivantes : base, one ou sub." + +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_ldapSearchURI.php:147 +msgid "Search scope not provided but required" +msgstr "Portéé de recherche non-fournie mais obligatoire" + +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_ldapSearchURI.php:165 +msgid "Invalid LDAP filter (\"%{filter}\")" +msgstr "Filtre LDAP invalide (\"%{filter}\")" + +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_ldapSearchURI.php:172 +msgid "Search filter not provided but required" +msgstr "Filtre de recherche non-fourni mais obligatoire" + #: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSrelation.php:331 msgid "listing related objects" msgstr "énumaration des objets liés" @@ -1803,11 +1907,11 @@ msgstr "Ajouter ce site internet à mes favoris." msgid "Generate the value" msgstr "Générer une valeur" -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_filesize.php:49 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_filesize.php:55 msgid "File is too big." msgstr "Fichier trop gros." -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_filesize.php:53 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_filesize.php:59 msgid "File is too light." msgstr "Fichier trop petit." @@ -1826,6 +1930,30 @@ msgstr "" "des constantes suivantes : LSAUTH_CAS_SERVER_SSL_CACERT ou " "LSAUTH_CAS_SERVER_NO_SSL_VALIDATION" +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_numberOfValues.php:52 +msgid "max (or min)" +msgstr "max (ou min)" + +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_numberOfValues.php:65 +msgid "At least one value is required." +msgid_plural "At least %{min} values are required." +msgstr[0] "Au moins une valeur est obligatoire." +msgstr[1] "Au moins %{min} valeurs sont obligatoires." + +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_numberOfValues.php:77 +msgid "Maximum one value is allowed." +msgid_plural "Maximum %{max} values are allowed." +msgstr[0] "Au maximum une valeur est autorisée." +msgstr[1] "Au maximum %{max} valeurs sont autorisées." + +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_numberOfValues.php:93 +msgid "" +"LSformRule_numberOfValues: Parameter max could not be lower than parameter " +"min." +msgstr "" +"LSformRule_numberOfValues : Le paramètre max ne peut être inférieur au " +"paramètre min." + #: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSform.php:126 msgid "Add a field to add another values." msgstr "Ajouter une autre valeur à ce champ." @@ -1919,7 +2047,7 @@ msgstr "" "Cliquer pour activer la création/modification de la maildir en même temps " "que la création/modification du l'utilisateur." -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_regex.php:62 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_regex.php:67 msgid "LSformRule_regex : Regex has not been configured to validate data." msgstr "" "LSformRule_regex : L'expression régulière de vérification des données n'est " @@ -2001,11 +2129,11 @@ msgstr "Cette requête ne peut être traitée." msgid "This request could not be processed correctly." msgstr "Cette requête ne peut être traitée correctement." -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_rangelength.php:50 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_rangelength.php:55 msgid "Value is too short (minimum: %{limit})." msgstr "La valeur est trop courte (minimum : %{limit})." -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_rangelength.php:54 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_rangelength.php:59 msgid "Value is too long (maximum: %{limit})." msgstr "La valeur est trop longue (maximum: %{limit})." @@ -2360,7 +2488,7 @@ msgstr "" "LSattr_html_select_list : Impossible de récupérer les valeurs possibles de " "l'attribut %{attr} en utilisant la fonction configurée %{callable}." -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_inarray.php:57 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_inarray.php:62 msgid "" "LSformRule_inarray : Possible values has not been configured to validate " "data." @@ -2380,7 +2508,7 @@ msgstr "Valeur invalide pour le composant %{component} : \"%{value}\"." msgid "Godfather" msgstr "Parrain" -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_date.php:66 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_date.php:72 msgid "LSformRule_date : No date format specify." msgstr "LSformRule_date : Aucun format de date spécifié." @@ -2413,11 +2541,11 @@ msgstr "" "Note: Les paramètres/arguments de la commande doivent être placés après " "celle-ci." -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LScli.php:804 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LScli.php:835 msgid "LScli : The CLI command '%{command}' already exists." msgstr "LScli : La commande CLI '%{command}' existe déjà." -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LScli.php:807 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LScli.php:838 msgid "LScli : The CLI command '%{command}' handler is not callable." msgstr "" "LScli : La fonction de prise en charge de la commande CLI '%{command}' n'est " @@ -2967,6 +3095,12 @@ msgstr "non" msgid "yes" msgstr "oui" +#~ msgid "Invalid LDAP URI format" +#~ msgstr "Format d'URI LDAP invalide" + +#~ msgid "The value of field %{label} is invalid." +#~ msgstr "La valeur du champ %{label} est incorrecte." + #~ msgid "LSformRule: Unknown rule type %{type}." #~ msgstr "LSformRule : Type de règle %{type} inconnu." diff --git a/src/lang/fr_FR.UTF8/lang.php b/src/lang/fr_FR.UTF8/lang.php index e057dbdc..ea9f9384 100644 --- a/src/lang/fr_FR.UTF8/lang.php +++ b/src/lang/fr_FR.UTF8/lang.php @@ -2,12 +2,27 @@ $GLOBALS['LSlang'] = array ( +# LSobjects.LSdyngroup.attrs.lsDynGroupMemberDnURI.help_info +"

LDAP search URI or group members. A LDAP search URI is composed of the following parts separated by semicolons :

    +
  • The LDAP URI in format ldap://[host]/[base DN]. For instance, to make a request on the same LDAP server, use ldap:///o=ls
    • +
  • The retreived attributes (separated by coma, optional)
    • +
  • The search scope (base, one or sub)
    • +
  • The LDAP filter (optional, default : (objectClass=*))
    • +

Example : ldap:///ou=people,o=ls??one?(&(objectClass=lspeople)(mail=*@ls.com))

" => + "

L'URI LDAP de recherche des membres du groupe. Une URI de recherche LDAP est composée des parties suivantes séparées par des points virgules :

    +
  • L'URI LDAP au format ldap://[host]/[base DN]. Par exemple, pour effectuer une recherche sur le même serveur LDAP, utiliser ldap:///o=ls
    • +
  • Les attributs récupérés (séparés par une virgule, facultatif)
    • +
  • La profondeur de la recherche (base, one ou sub)
    • +
  • Le filtre LDAP (facultatif, par défaut : (objectClass=*))
    • +

Exemple : ldap:///ou=people,o=ls??one?(&(objectClass=lsPeople)(mail=*@ls.com))

", + # LSobjects.pwdPolicy.attrs.pwdCheckModule.help_info "Used with caution ! The name of the OpenLDAP module to used to check the password quality." => "À utiliser avec vigilance ! Nom du module pour OpenLDAP à utiliser pour vérifier la qualité du mot de passe.", # LSobjects.LSpeople.attrs.lsGodfatherDn.label # LSobjects.LSgroup.attrs.lsGodfatherDn.label +# LSobjects.LSdyngroup.attrs.lsGodfatherDn.label # LSobjects.LScompany.attrs.lsGodfatherDn.label "Accountable(s)" => "Responsable(s)", @@ -44,10 +59,22 @@ $GLOBALS['LSlang'] = array ( "Always (disable account)" => "Toujours (compte désactivé)", +# LSobjects.LSdyngroup.LSsearch.customActions.updateDynGroupsMembersCache.question_format +"Are you sure you want to update members cache of all dynamic groups (could be quite long) ?" => + "Êtes-vous sûre de vouloir mettre à jour le cache des membres de tous les groupes dynamiques (peut être assez long) ?", + +# LSobjects.LSdyngroup.customActions.updateDynGroupMembersCache.question_format +"Are you sure you want to update members cache of this dynamic group ?" => + "Êtes-vous sûre de vouloir mettre à jour le cache de membre de ce groupe dynamique ?", + # LSobjects.LSpeople.attrs.sambaPwdMustChange.html_options.special_values.0 "At first login" => "À la première connexion", +# LSobjects.LSpeople.LSrelation.dyngroups.label +"Belongs to dynamic groups ..." => + "Appartient aux groupes dynamiques ...", + # LSobjects.LSpeople.LSrelation.groups.label # LSobjects.LSsysaccount.LSrelation.groups.label "Belongs to groups ..." => @@ -55,7 +82,7 @@ $GLOBALS['LSlang'] = array ( # LSobjects.pwdPolicy.LSform.layout.bruteforce.label "Brute-force attacks protection" => - "Proctetion anti brute-force", + "Protection anti brute-force", # LSobjects.pwdPolicy.attrs.pwdCheckModule.label "Check OpenLDAP module to used" => @@ -123,6 +150,7 @@ $GLOBALS['LSlang'] = array ( # LSobjects.LSpeople.attrs.description.label # LSobjects.LSgroup.attrs.description.label +# LSobjects.LSdyngroup.attrs.description.label # LSobjects.LSsysaccount.attrs.description.label # LSobjects.LScompany.attrs.description.label "Description" => @@ -136,15 +164,35 @@ $GLOBALS['LSlang'] = array ( "Do you confirm change of this user's password?" => "Confirmez-vous le changement du mot de passe de cet utilisateur ?", +# LSobjects.LSpeople.LSrelation.dyngroups.emptyText +"Doesn't belong to any dynamic group." => + "N'appartient à aucun groupe dynamique.", + # LSobjects.LSpeople.LSrelation.groups.emptyText # LSobjects.LSsysaccount.LSrelation.groups.emptyText "Doesn't belong to any group." => "N'appartient à aucun groupe.", +# LSobjects.LSpeople.LSrelation.dyngroup_godfather.emptyText +"Doesn't sponsor any dynamic group." => + "Ne parraine aucun groupe dynamique.", + +# LSobjects.LSpeople.LSrelation.group_godfather.emptyText +"Doesn't sponsor any group." => + "Ne parraine aucun groupe.", + # LSobjects.LSpeople.LSrelation.godfather.emptyText "Doesn't sponsor any user." => "Ne parraine aucun utilisateur.", +# LSobjects.LSdyngroup.label +"Dynamic groups" => + "Groupes dynamiques", + +# LSobjects.LSdyngroup.LSsearch.customActions.updateDynGroupsMembersCache.onSuccessMsgFormat +"Dynamic groups members cache updated." => + "Le cache des membres des groupes dynamiques a été mis à jour.", + # LSobjects.LSpeople.attrs.mail.label "E-mail address" => "Adresse e-mail", @@ -190,6 +238,14 @@ $GLOBALS['LSlang'] = array ( "Godfather of ..." => "Parrain de ...", +# LSobjects.LSpeople.LSrelation.dyngroup_godfather.label +"Godfather of dynamic groups ..." => + "Parrain des groupes dynamiques ...", + +# LSobjects.LSpeople.LSrelation.group_godfather.label +"Godfather of groups ..." => + "Parrain des groupes ...", + # LSobjects.pwdPolicy.attrs.pwdGraceAuthNLimit.label "Grace delay after password expiration" => "Délai de grâce après l'expiration du mot de passe", @@ -251,6 +307,10 @@ $GLOBALS['LSlang'] = array ( "Indicates the time the account was locked time. Delete this date and set pwdReset attribute to unlock the account." => "Indique la durée de blocage du compte. Supprimez cette date et définissez l'attribut pwdReset pour débloquer le compte.", +# LSobjects.LSdyngroup.attrs.lsDynGroupMemberDnURI.check_data.ldapSearchURI.msg +"Invalid LDAP search URI." => + "URI de recherche LDAP invalide.", + # LSobjects.LSpeople.attrs.gidNumber.html_options.possible_values.1.label "LDAP Groups" => "Groupes LDAP", @@ -326,10 +386,35 @@ $GLOBALS['LSlang'] = array ( "Maximum validity duration of a password" => "Durée maximum de validité du mot de passe", +# LSobjects.LSdyngroup.attrs.lsDynGroupMemberDnURI.label +"Member search URI" => + "URI de recherche des membres", + +# LSobjects.LSdyngroup.attrs.lsDynGroupMemberUidURI.label +"Member search URI (UID)" => + "URI de recherche des membres (UID)", + # LSobjects.LSgroup.attrs.uniqueMember.label +# LSobjects.LSdyngroup.attrs.lsDynGroupMemberDn.label "Members" => "Membres", +# LSobjects.LSdyngroup.attrs.uniqueMember.label +"Members (cache)" => + "Membres (cache)", + +# LSobjects.LSdyngroup.attrs.lsDynGroupMemberUid.label +"Members UID" => + "UID des membres", + +# LSobjects.LSdyngroup.attrs.memberUid.label +"Members UID (cache)" => + "UID des membres (cache)", + +# LSobjects.LSdyngroup.customActions.updateDynGroupMembersCache.onSuccessMsgFormat +"Members cache updated." => + "Le cache des membres a été mis à jour.", + # LSobjects.pwdPolicy.attrs.pwdMinLength.label "Minimum length a password" => "Longueur minimum d'un mot de passe", @@ -364,12 +449,14 @@ $GLOBALS['LSlang'] = array ( "Doit être un entier positif.", # LSobjects.LSgroup.attrs.cn.label +# LSobjects.LSdyngroup.attrs.cn.label # LSobjects.pwdPolicy.attrs.cn.label # LSobjects.LScompany.attrs.ou.label "Name" => "Nom", # LSobjects.LSgroup.attrs.cn.check_data.alphanumeric.msg +# LSobjects.LSdyngroup.attrs.cn.check_data.alphanumeric.msg "Name must contain alphanumeric values only." => "Le nom doit contenir uniquement des valeurs alpha-numériques.", @@ -449,6 +536,7 @@ $GLOBALS['LSlang'] = array ( "Identifiant numérique", # LSobjects.LSgroup.attrs.lsGodfatherDn.validation.0.msg +# LSobjects.LSdyngroup.attrs.lsGodfatherDn.validation.0.msg # LSobjects.LScompany.attrs.lsGodfatherDn.validation.0.msg "One or several of these users don't exist." => "Un ou plusieurs utilisateurs n'existent pas.", @@ -594,6 +682,7 @@ $GLOBALS['LSlang'] = array ( # LSobjects.LSpeople.customActions.showTechInfo.label # LSobjects.LSgroup.customActions.showTechInfo.label +# LSobjects.LSdyngroup.customActions.showTechInfo.label # LSobjects.LSsysaccount.customActions.showTechInfo.label # LSobjects.pwdPolicy.customActions.showTechInfo.label # LSobjects.LScompany.customActions.showTechInfo.label @@ -677,6 +766,11 @@ $GLOBALS['LSlang'] = array ( "Until an administrator manually unlock it (default)" => "Tant qu'un administrateur ne le débloque pas (par défaut)", +# LSobjects.LSdyngroup.customActions.updateDynGroupMembersCache.label +# LSobjects.LSdyngroup.LSsearch.customActions.updateDynGroupsMembersCache.label +"Update members cache" => + "Mettre à jour le cache des membres", + # LSobjects.pwdPolicy.attrs.pwdAllowUserChange.label "User can change its password" => "L'utilisateur peut changer son mot de passe", diff --git a/src/lang/ldapsaisie.pot b/src/lang/ldapsaisie.pot index 7d0c1eba..d1fcf105 100644 --- a/src/lang/ldapsaisie.pot +++ b/src/lang/ldapsaisie.pot @@ -117,6 +117,39 @@ msgstr "" msgid "PhpLdapAdmin Support : The constant %{const} is not defined." msgstr "" +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.dyngroup.php:27 +msgid "Dynamic groups support: The constant %{const} is not defined." +msgstr "" + +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.dyngroup.php:30 +msgid "" +"Dynamic groups support: You must at least define all constantes of dynamic " +"groups's by DN or by UID." +msgstr "" + +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.dyngroup.php:34 +msgid "" +"Dynamic groups: The attribute %{dependency} is missing. Unable to forge the " +"attribute %{attr}." +msgstr "" + +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.dyngroup.php:37 +msgid "Dynamic groups: Fail to parse %{attr} value : invalid number of parts." +msgstr "" + +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.dyngroup.php:338 +msgid "" +"Members cache of %{count} dynamic group(s) have been updated because thes " +"were potentially impacted by your changes." +msgstr "" + +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.dyngroup.php:345 +msgid "" +"Members cache of %{count} dynamic group(s) have NOT been updated but thes " +"were potentially impacted by your changes. A delay of some minutes could be " +"necessary to handle your changes on this groups." +msgstr "" + #: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.posix.php:27 msgid "POSIX Support : The constant %{const} is not defined." msgstr "" @@ -379,18 +412,18 @@ msgstr "" msgid "Sub-state" msgstr "" -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule.php:52 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule.php:60 msgid "Invalid syntax checking configuration: unknown rule %{rule}." msgstr "" -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule.php:73 -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule.php:100 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule.php:81 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule.php:283 #: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattr_html_date.php:47 #: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattr_html_select_list.php:63 msgid "Invalid value" msgstr "" -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule.php:111 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule.php:294 msgid "LSformRule_%{type}: Parameter %{param} is not found." msgstr "" @@ -793,86 +826,82 @@ msgid "" "value, you can't select it." msgstr "" -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_differentPassword.php:90 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_differentPassword.php:95 msgid "" "LSformRule_differentPassword : Other password attribute is not configured." msgstr "" -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_differentPassword.php:93 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_differentPassword.php:98 msgid "" "LSformRule_differentPassword : Fail to load LSattr_ldap :: password class." msgstr "" -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_differentPassword.php:96 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_differentPassword.php:101 msgid "" "LSformRule_differentPassword : The other password attribute %{attr} does not " "exist." msgstr "" -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_differentPassword.php:99 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_differentPassword.php:104 msgid "" "LSformRule_differentPassword : The other password attribute could not be the " "same of the current one." msgstr "" -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_differentPassword.php:102 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_differentPassword.php:107 msgid "" "LSformRule_differentPassword : The other password attributes must use " "LSattr_ldap :: password. It's not the case of the attribure %{attr}." msgstr "" -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:261 -msgid "The value of field %{label} is invalid." -msgstr "" - -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:756 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:755 msgid "" "LSattribute : Attribute %{attr} : LDAP or HTML types unknow (LDAP = %{ldap} " "& HTML = %{html})." msgstr "" -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:759 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:758 msgid "" "LSattribute : The function %{func} to display the attribute %{attr} is " "unknow." msgstr "" -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:762 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:761 msgid "" "LSattribute : The rule %{rule} to validate the attribute %{attr} is unknow." msgstr "" -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:765 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:764 msgid "" "LSattribute : Configuration data to verify the attribute %{attr} are " "incorrect." msgstr "" -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:768 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:767 msgid "" "LSattribute : The function %{func} to save the attribute %{attr} is unknow." msgstr "" -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:771 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:770 msgid "LSattribute : The value of the attribute %{attr} can't be generated." msgstr "" -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:774 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:773 msgid "LSattribute : Generation of the attribute %{attr} failed." msgstr "" -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:777 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:776 msgid "" "LSattribute : Generation of the attribute %{attr} did not return a correct " "value." msgstr "" -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:780 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:779 msgid "" "LSattribute : The attr_%{type} of the attribute %{name} is not yet defined." msgstr "" -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_callable.php:66 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_callable.php:71 msgid "LSformRule_callable : The given callable option is not callable" msgstr "" @@ -1072,8 +1101,8 @@ msgid "" "%{context}" msgstr "" -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_mimetype.php:47 -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_mimetype.php:51 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_mimetype.php:53 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_mimetype.php:57 msgid "Invalid file type (%{type})." msgstr "" @@ -1275,25 +1304,25 @@ msgid "" "standard relations (Method : %{meth})." msgstr "" -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_password.php:51 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_password.php:60 msgid "Password is too long (maximum: %{maxLength})." msgstr "" -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_password.php:56 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_password.php:65 msgid "Password is too short (minimum: %{minLength})." msgstr "" -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_password.php:81 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_password.php:90 msgid "" "Password match with only %{valid} rule(s) (at least %{minValidRegex} are " "required)." msgstr "" -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_password.php:92 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_password.php:101 msgid "This password is prohibited." msgstr "" -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_password.php:107 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_password.php:116 msgid "" "LSformRule_password : Invalid regex configured : %{regex}. You must use PCRE " "(begining by '/' caracter)." @@ -1331,6 +1360,64 @@ msgstr "" msgid "LSldap: LDAP server base DN not configured." msgstr "" +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_ldapSearchURI.php:59 +msgid "Invalid LDAP server URI (%{uri})" +msgstr "" + +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_ldapSearchURI.php:75 +msgid "Invalid LDAP host (%{host})" +msgstr "" + +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_ldapSearchURI.php:79 +msgid "Invalid LDAP port (%{port})" +msgstr "" + +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_ldapSearchURI.php:83 +msgid "A LDAP URI could not contain port without host (%{host}:%{port})" +msgstr "" + +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_ldapSearchURI.php:88 +msgid "LDAP host not provided but required" +msgstr "" + +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_ldapSearchURI.php:94 +msgid "Invalid base DN (%{basedn})" +msgstr "" + +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_ldapSearchURI.php:100 +msgid "Search base DN not provided but required" +msgstr "" + +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_ldapSearchURI.php:112 +msgid "Invalid searched attributes count (%{attrCount} > %{maxAttrsCount})" +msgstr "" + +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_ldapSearchURI.php:118 +msgid "Invalid attribute name (%{attr})" +msgstr "" + +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_ldapSearchURI.php:128 +msgid "Attribute name not provided but required" +msgstr "" + +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_ldapSearchURI.php:138 +msgid "" +"Invalid search scope (%{scope}). Must be one of the following value : base, " +"one or sub." +msgstr "" + +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_ldapSearchURI.php:147 +msgid "Search scope not provided but required" +msgstr "" + +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_ldapSearchURI.php:165 +msgid "Invalid LDAP filter (\"%{filter}\")" +msgstr "" + +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_ldapSearchURI.php:172 +msgid "Search filter not provided but required" +msgstr "" + #: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSrelation.php:331 msgid "listing related objects" msgstr "" @@ -1519,11 +1606,11 @@ msgstr "" msgid "Generate the value" msgstr "" -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_filesize.php:49 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_filesize.php:55 msgid "File is too big." msgstr "" -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_filesize.php:53 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_filesize.php:59 msgid "File is too light." msgstr "" @@ -1538,6 +1625,28 @@ msgid "" "LSAUTH_CAS_SERVER_SSL_CACERT or LSAUTH_CAS_SERVER_NO_SSL_VALIDATION" msgstr "" +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_numberOfValues.php:52 +msgid "max (or min)" +msgstr "" + +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_numberOfValues.php:65 +msgid "At least one value is required." +msgid_plural "At least %{min} values are required." +msgstr[0] "" +msgstr[1] "" + +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_numberOfValues.php:77 +msgid "Maximum one value is allowed." +msgid_plural "Maximum %{max} values are allowed." +msgstr[0] "" +msgstr[1] "" + +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_numberOfValues.php:93 +msgid "" +"LSformRule_numberOfValues: Parameter max could not be lower than parameter " +"min." +msgstr "" + #: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSform.php:126 msgid "Add a field to add another values." msgstr "" @@ -1620,7 +1729,7 @@ msgid "" "Click to enable maildir creation/modification on user creation/modification." msgstr "" -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_regex.php:62 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_regex.php:67 msgid "LSformRule_regex : Regex has not been configured to validate data." msgstr "" @@ -1700,11 +1809,11 @@ msgstr "" msgid "This request could not be processed correctly." msgstr "" -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_rangelength.php:50 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_rangelength.php:55 msgid "Value is too short (minimum: %{limit})." msgstr "" -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_rangelength.php:54 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_rangelength.php:59 msgid "Value is too long (maximum: %{limit})." msgstr "" @@ -2014,7 +2123,7 @@ msgid "" "%{attr} using configured function %{callable}." msgstr "" -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_inarray.php:57 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_inarray.php:62 msgid "" "LSformRule_inarray : Possible values has not been configured to validate " "data." @@ -2032,7 +2141,7 @@ msgstr "" msgid "Godfather" msgstr "" -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_date.php:66 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_date.php:72 msgid "LSformRule_date : No date format specify." msgstr "" @@ -2062,11 +2171,11 @@ msgid "" "Note: Command's parameter/argument must be place after the command." msgstr "" -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LScli.php:804 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LScli.php:835 msgid "LScli : The CLI command '%{command}' already exists." msgstr "" -#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LScli.php:807 +#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LScli.php:838 msgid "LScli : The CLI command '%{command}' handler is not callable." msgstr ""